Re: Off Topic - for those looking for cheap lab routers [7:64323]

[Peter Walker]

Thats a lot better than the $900 USD I paid last year a month before Cisco 
announced that token ring wasnt going to be in the lab any more. Gr :-(

--On 04 March 2003 03:50 + Steve  wrote:

> i got a 3920 for 120 usd. i know its cheap..yes it works
>
> steve
>
>
> ""The Long and Winding Road""  wrote in
> message news:[EMAIL PROTECTED]
>> token ring stuff is going for very reasonable prices over on that auction
>> site we all know and love. might be a good way to add serial ports /
>> complexity to an existing rack. or start building a CCNA / CCNP study
>> rack
>>
>> just a thought
> Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64323&t=64323
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Bizzare Routing/VPN Issue [7:64301]

[Symon Thurlow]

Hi John,

What address is the NZ guy pinging on your spoke routers? The LAN
address that is getting propagated?

If you do a debug icmp trace on the VPN box (assuming you can, I've
never touched one) what is the ICMP message you receive? That will
probably tell you everything.

When you ping from your remote spoke routers to NZ, what interface
address are you using to ping _from_? Can you try pinging from a server
in a spoke site, or set the ping from address to be the LAN interface of
your spoke router?

Infact, that looks to me to be exactly what it is.

You are pinging from a spoke router, and it is using the serial(?)
interface address, which due to your non-contiguous network addressing
(tsk tsk!) is not included in your VPN configuration, so the VPN
concentrator probably sends the ICMP message to NZ but the NZ side is
not configured to encrypt traffic for the network the ping came from so
it never gets back.

Sounds good to me...

Symon


-Original Message-
From: John Brandis [mailto:[EMAIL PROTECTED] 
Sent: 04 March 2003 01:55
To: [EMAIL PROTECTED]
Subject: Bizzare Routing/VPN Issue [7:64301]


Hi All, I am sure one of you will see the problem and be able to offer a
solution.
 
I have 2 organisations here, one in Australia the other in NZ. In
Australia, we have a hub and spoke point to multi-point config from the
hubs perspective. I run OSPF and have all sites in area 0 (yes I know i
should break this up so that each region forms its own area, but why at
this time
??)
 
My problem, which only started this morning at 5am when the tech in NZ
and I decided to up the encryption settings on the VPN, I think is
related to routing, or related to a crypto map error. In Sydney, I use a
cisco 3005 whilst the office initiating the IPSEC connection uses a
little Watchguard box. Until this morning it was simple, I could see his
local lan behind the remote peer, and he could see my local networks,
but not the office's on my WAN (by design). The goal of this morning was
to permit NZ to be able to see all networks in Australia. We dont yet
run a nice continuos IP scheme here (yet), so each network had to be
delcared line by line rather than a nice summary. We implemented this
network by network. I enabled my NZ counterpart access to the Australian
hub site and one of the spokes. Thats when the problem started. We tried
to put the next spoke site network list in the list of availiable
networks, then it all fell to bits. The problem now is that the guy in
NZ can ping my spoke sites routers, however from these spoke sites I
cant ping him. I trace the packet, and watch it hop through my network
with the last hop being the 3005 VPN concentrator that connects NZ to
us. From there it times out...From my desk in the hub site in Australia,
I can ping both the spoke site, and the NZ techs PC. So at this stage I
can confirm that the route that works from sydney to NZ, has been
redistributed via OSPF to my spoke sites, however it just does not
appear to get through the tunnel, however the guy in NZ says he has 100%
ping to my spoke sites.
 
Could any one suggest where a possible problem could be ?
 
I can see IPSEC tunnels for the various networks and I can see traffic
going across them, however I have no idea why I cant access anything
across the VPN from my spoke sites. The NZ guy said all traffic from
Australia has a permit statement. I can only see the problem as
access-list like problem on his end, as we had this working for the
central site here (hub site) and for one of the spoke sites until we
added more.
 
Would appreciate any help.
 
Thanks all
 
Johnny b 


**

visit http://www.solution6.com

UK Customers - http://www.solution6.co.uk

**

The Solution 6 Head Office and NSW Branch has moved premises. Please
make sure you have updated your records with our new details.

Level 14, 383 Kent Street, Sydney NSW 2000.

General Phone: 61 2 9278 0666

General Fax: 61 2 9278 0555

**

This email message (and attachments) may contain information that is
confidential to Solution 6. If you are not the intended recipient you
cannot use, distribute or copy the message or attachments.  In such a
case, please notify the sender by return email immediately and erase all
copies of the message and attachments.  Opinions, conclusions and other
information in this message and attachments that do not relate to the
official business of Solution 6 are neither given nor endorsed by it.

*
=

 This email has been content filtered and
 subject to spam filtering. If you consider
 this email is unsolicited please forward
 the email to [EMAIL PROTECTED] and
 request that the sender's domain be
 blocked from sending any further em

How to stop loggin to the console [7:64325]

[[EMAIL PROTECTED]]

Greetings,
I have a router here that is logging a lot or stuff to my console, as a
result I can't get anything done. How do I stop this without stopping
the syslog messages?

Regards

Pat




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64325&t=64325
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: RE: Networking problem [7:64012]

[Symon Thurlow]

Slightly OT

I had a site once that had an HP LH3 (or something similar) server that
had an absolute crap video card. Whenever I wasn't there, performance
was poor. Whenever I was on site, performance was good.

It turned out to be the 3D screen saver that someone had configured was
killing the server. It affected the process that these people used
(probably a driver problem or something) so I changed the screen saver
to a marquee and everything was fine.

Don't know if this is relevant to you but worth a look.

Symon

-Original Message-
From: Steve [mailto:[EMAIL PROTECTED] 
Sent: 04 March 2003 01:00
To: [EMAIL PROTECTED]
Subject: Re: Networking problem [7:64012]


Do use half duplex also what are you doing when its slow specifically?

is the server slow accessing computers on the network and taking files
or is it slow accessing the internet?




""Orlando, Jr. Palomar""  wrote in message
news:[EMAIL PROTECTED]
> Adeboye Onifade wrote:
> > Server.
> > The
> > server is a Pentium 3, 128MB changed to 256, it's also on full 
> > duplex on the switch/ hubs etc could anyone advise on how to 
> > make the server more efficient!
>
> You can't configure full-duplex when connecting to a hub. Probably
explains
> the problems you're having.
=

 This email has been content filtered and
 subject to spam filtering. If you consider
 this email is unsolicited please forward
 the email to [EMAIL PROTECTED] and
 request that the sender's domain be
 blocked from sending any further emails.

=




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64326&t=64012
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How to stop loggin to the console [7:64325]

[David j]

[EMAIL PROTECTED] wrote:
> 
> Greetings,
> I have a router here that is logging a lot or stuff to my
> console, as a
> result I can't get anything done. How do I stop this without
> stopping
> the syslog messages?
> 
> Regards
> 
> Pat
> 
> 

no logging console ?


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64328&t=64325
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Off Topic - for those looking for cheap lab routers [7:64329]

[Symon Thurlow]

Yep, I have seen 2502's going for #60

I just bought a token ring switch (RJ45) for #15!

The 2502's are well worth it for routing protocol lab testing

Symon

-Original Message-
From: Peter Walker [mailto:[EMAIL PROTECTED] 
Sent: 04 March 2003 07:52
To: [EMAIL PROTECTED]
Subject: Re: Off Topic - for those looking for cheap lab routers [7:64323]


Thats a lot better than the $900 USD I paid last year a month before Cisco 
announced that token ring wasnt going to be in the lab any more. Gr :-(

--On 04 March 2003 03:50 + Steve  wrote:

> i got a 3920 for 120 usd. i know its cheap..yes it works
>
> steve
>
>
> ""The Long and Winding Road""  wrote in
> message news:[EMAIL PROTECTED]
>> token ring stuff is going for very reasonable prices over on that 
>> auction site we all know and love. might be a good way to add serial 
>> ports / complexity to an existing rack. or start building a CCNA / 
>> CCNP study rack
>>
>> just a thought
> Nondisclosure violations to [EMAIL PROTECTED]
=

 This email has been content filtered and
 subject to spam filtering. If you consider
 this email is unsolicited please forward
 the email to [EMAIL PROTECTED] and
 request that the sender's domain be
 blocked from sending any further emails.

=




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64329&t=64329
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How to stop loggin to the console [7:64325]

[julian]

To turn off you may want to use another method to access this device and
turn off logging.

no logging console debugging

This will turn off console logging but will not turn off logging globally.
That means logging will not be disturbed if logging to syslog server etc.

If you do not have a another method of accessing this device (i.e telnet)
you may just have to type or copy this command set in global config mode
from console.

router>en
router#conf t
router(config)#no logging console debugging
router(config)#end

or just copy and paste from privilidge mode (router#)

conf t
no logging console debugging
end

Its really not a good practice to log to console at all because CPU
utilization suffers tremendously if the severity is high and events are
plentifull.


Hope this helps

Julian

- Original Message -
From: 
To: 
Sent: Tuesday, March 04, 2003 3:17 AM
Subject: How to stop loggin to the console [7:64325]


> Greetings,
> I have a router here that is logging a lot or stuff to my console, as a
> result I can't get anything done. How do I stop this without stopping
> the syslog messages?
>
> Regards
>
> Pat




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64330&t=64325
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How to stop loggin to the console [7:64325]

[tu do]

Enter global configuration mode.
Enter line (console 0) mode.
Enter command: logging synchronous.
Exit and save to nvram. You are set.
Regards,
Tu Do.  


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64331&t=64325
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

shutting down VLAN 1 [7:64334]

[Luca Ciasca]

Hi all,

In the effort to avoid any Vlan spread in the entire campus (populated of
more than 100 Cisco switches), I would like to shut down the Vlan 1 in every
switch of my campus and create just small local management Vlans. Is there
anything wrong in this operation? Does the CDP exchange messages on Vlan 1?
and does the CiscoWorks2000 exchange messages on Vlan 1?

Best regards,

Luca Ciasca


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64334&t=64334
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Best Book/DOCs on MPLS [7:64257]

[Dom]

Cisco Press does a book called "MPLS and VPN Architecture" ISBN
1-58705-002-1 which I have found to be useful.

HTH

Dom Stocqueler

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: 03 March 2003 15:34
To: [EMAIL PROTECTED]
Subject: Best Book/DOCs on MPLS [7:64257]


Hi All,

Dose anyone recommend a good book on MPLS or dose anyone know a good
link.

Thanks
Tarry




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64333&t=64257
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Bizzare Routing/VPN Issue [7:64301]

[Steve Wilson]

Beware of assuming that a VPN can route traffic in the same way as a proper
router would. I have had a similar problem due to the network list
associated with tunnels. The "routing Table" built by the VPN 3005 is based
upon the information collated from the network lists, but is not used in the
same way that a router would use it. A router will forward packets based on
which route has the longest match to the IP address. The VPN appears to use
the first route that satisfies the destination. This route will be created
by which ever tunnel comes up first and gives its network list to the 3005
that it is connecting to. the only way that I have managed to solve the
problem is by having completely specific network lists that ensure that
there is no dubiety in where packets can be routed to. if you are using
super-netting be careful.

Steve Wilson
Network Engineer

-Original Message-
From: John Brandis [mailto:[EMAIL PROTECTED] 
Sent: 04 March 2003 01:55
To: [EMAIL PROTECTED]
Subject: Bizzare Routing/VPN Issue [7:64301]

Hi All, I am sure one of you will see the problem and be able to offer a
solution.
 
I have 2 organisations here, one in Australia the other in NZ. In Australia,
we have a hub and spoke point to multi-point config from the hubs
perspective. I run OSPF and have all sites in area 0 (yes I know i should
break this up so that each region forms its own area, but why at this time
??)
 
My problem, which only started this morning at 5am when the tech in NZ and I
decided to up the encryption settings on the VPN, I think is related to
routing, or related to a crypto map error. In Sydney, I use a cisco 3005
whilst the office initiating the IPSEC connection uses a little Watchguard
box. Until this morning it was simple, I could see his local lan behind the
remote peer, and he could see my local networks, but not the office's on my
WAN (by design). The goal of this morning was to permit NZ to be able to see
all networks in Australia. We dont yet run a nice continuos IP scheme here
(yet), so each network had to be delcared line by line rather than a nice
summary. We implemented this network by network. I enabled my NZ counterpart
access to the Australian hub site and one of the spokes. Thats when the
problem started. We tried to put the next spoke site network list in the
list of availiable networks, then it all fell to bits. The problem now is
that the guy in NZ can ping my spoke sites routers, however from these spoke
sites I cant ping him. I trace the packet, and watch it hop through my
network with the last hop being the 3005 VPN concentrator that connects NZ
to us. From there it times out...From my desk in the hub site in Australia,
I can ping both the spoke site, and the NZ techs PC. So at this stage I can
confirm that the route that works from sydney to NZ, has been redistributed
via OSPF to my spoke sites, however it just does not appear to get through
the tunnel, however the guy in NZ says he has 100% ping to my spoke sites.
 
Could any one suggest where a possible problem could be ?
 
I can see IPSEC tunnels for the various networks and I can see traffic going
across them, however I have no idea why I cant access anything across the
VPN from my spoke sites. The NZ guy said all traffic from Australia has a
permit statement. I can only see the problem as access-list like problem on
his end, as we had this working for the central site here (hub site) and for
one of the spoke sites until we added more.
 
Would appreciate any help.
 
Thanks all
 
Johnny b 


**

visit http://www.solution6.com

UK Customers - http://www.solution6.co.uk

**

The Solution 6 Head Office and NSW Branch has moved premises.
Please make sure you have updated your records with our new details.

Level 14, 383 Kent Street, Sydney NSW 2000.

General Phone: 61 2 9278 0666

General Fax: 61 2 9278 0555

**

This email message (and attachments) may contain information that is
confidential to Solution 6. If you are not the intended recipient you cannot
use, distribute or copy the message or attachments.  In such a case, please
notify the sender by return email immediately and erase all copies of the
message and attachments.  Opinions, conclusions and other information in
this message and attachments that do not relate to the official business of
Solution 6 are neither given nor endorsed by it.

*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64335&t=64301
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How to stop loggin to the console [7:64325]

[Marko Milivojevic]

Also,

line con0
logging sync

could help ...

Marko.

> -Original Message-
> From: David j [mailto:[EMAIL PROTECTED]
> Sent: ~ripjudagur, 4. mars 2003. 09:25
> To: [EMAIL PROTECTED]
> Subject: RE: How to stop loggin to the console [7:64325]
>
>
> [EMAIL PROTECTED] wrote:
> >
> > Greetings,
> > I have a router here that is logging a lot or stuff to my
> > console, as a
> > result I can't get anything done. How do I stop this without
> > stopping
> > the syslog messages?
> >
> > Regards
> >
> > Pat
> >
> >
>
> no logging console ?
> Report misconduct
> and Nondisclosure violations to [EMAIL PROTECTED]
>

Tvlvupsstur ~essi er fra Margmiplun hf., Supurlandsbraut 4, Reykjavmk.
Fyrirvara og leipbeiningar til viptakenda tvlvupssts fra Margmiplun hf. er
ap finna a vefsmpunni http://www.mi.is/fyrirvari




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64337&t=64325
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCO Owners request [7:64290]

[Peri Sophos]

There you go!

-Original Message-
From: Joupin [mailto:[EMAIL PROTECTED]
Sent: Monday, March 03, 2003 11:59 PM
To: [EMAIL PROTECTED]
Subject: CCO Owners request [7:64290]


Hi
Ill be appreciated if someone who has a CCO get this page for me
regarding
Modemcap and Modem inistazization strings
http://www.cisco.com/warp/customer/76/4.html


Regards
joupin
www.joupin.com
NOTICE - This message contains privileged and confidential
information intended only for the use of the addressee
named above. Any review, retransmission, dissemination,
copying, disclosure or other use of, or taking of any
action in reliance upon, this information by person or
entities other than the intended recipient is prohibited.
If you have received this message in error, please notify
the sender by return email and delete this message.
This message should not be copied or used for any purpose
other than intended, nor should it be disclosed to any
other person. Any views expressed in this message are those
of the individual sender, except where the sender specifically
 states them to be the view of Investec Group, its
subsidiaries or associates. The Investec Group is not
liable for the security of information sent by e-mail at
your request, nor for the proper and complete transmission
of the information contained in the communication nor for
any delay in its receipt. Please note that the recipient
must scan this e-mail and any attached files for viruses
and the like. The Investec Group accepts no liability of
whatever nature for any loss, liability, damage or expense
resulting directly or indirectly from the access of any files
which are attached to this message.

[GroupStudy removed an attachment of type application/octet-stream which had
a name of 9.pdf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64338&t=64290
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

DNS Proxy [7:64339]

[Lee Messenger]

hi,

I have a 2621 router connected to a DSL line.  I have seen on some small
Cisco routers they have he ability to do DNS proxy, I can't ind any commands
on how to configure this though.  Is this possible to do on a 2621, also if
someone could point me in the direction of sample configs then that would be
great

Thanks

Lee


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64339&t=64339
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ipx [7:64341]

[DeVoe, Charles (PKI)]

I am using the Sybex CCNA Trainer software.  In the IPX section they refer
to commands like sho ipx servers, show ipx route, etc.

When I go to the router (running 12.1) and I do a show ?, no ipx anything is
listed. 

Has the command changed?  
Does ipx need to be enabled to see these commands?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64341&t=64341
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RIP Question [7:64340]

[John Beckmann]

Hi All,

I have a question in regards to RIP propergating a network route, without
using summarization.


   BB1R1===R3Rest of network
   RIPV2--RIPV2RIPV2+OSPFOSPF---
   150.10.1.254___150.10.1.1___170.10.X.X

How do you get R1 to send a singe route to BB1 for the 170.10.X.X network,
without using summarization. R1 is also part of the 170.10.X.X network.

Regards,
John Beckmann


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64340&t=64340
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco 2501 DC Power adaptors ? [7:64300]

[James Gosnold]

Simon, I bought an adaptor from Maplin Electronics in the UK
(www.maplin.co.uk) or you can also try Farnell Electronics
(www.farnell.co.uk), if you call them and explain what you need they are
quite helpful. It's quite good because the adaptors take 2 of the US plugs.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64343&t=64300
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco 2501 DC Power adaptors ? [7:64300]

[Steven Aiello]

I just had this prob.  I got a router for my home lab that had DC power. 
  Actually I just swapped an AC power supply from the same series router 
that I had into the one I wanted to use and it works just fine.  Hope 
that helps, also I'm sure you can find them on e-bay.

Steve




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64344&t=64300
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: shutting down VLAN 1 [7:64334]

[Georgescu, Aurelian]

Luca,

You cannot delete VLAN 1 as far as I know. Just don't allocate any ports to
VLAN 1. If you don't trunk between the switches, no VLANs will propagate
between them. If you have to trunk, just use another VLAN as native and
prune the allowed VLANs. CDP goes over whatever VLAN it has available, same
for CiscoWorks.

Aurelian Georgescu


-Original Message-
From: Luca Ciasca [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, March 04, 2003 5:03 AM
To: [EMAIL PROTECTED]
Subject: shutting down VLAN 1 [7:64334]

Hi all,

In the effort to avoid any Vlan spread in the entire campus (populated of
more than 100 Cisco switches), I would like to shut down the Vlan 1 in every
switch of my campus and create just small local management Vlans. Is there
anything wrong in this operation? Does the CDP exchange messages on Vlan 1?
and does the CiscoWorks2000 exchange messages on Vlan 1?

Best regards,

Luca Ciasca




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64345&t=64334
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Change Telnet port [7:64346]

[[EMAIL PROTECTED]]

Hi,

I was wondering how to change the telnet tcpo port on a router?

Thanks!

Joe




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64346&t=64346
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Pinouts for Terminal Server [7:64347]

[John Golovich]

Can anyone help me for the pinouts for this cables.

>From the back of a Livingston Portmaster 2E I have a gender changer plugging
into a db25 cisco terminal to rj45 adapter.

>From here I want to plug a cat5 cable into the console of my ciscos.

I could use some help with the pinouts if anyone has already done this.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64347&t=64347
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE BOOKS [7:64321]

[Platon Sorin]

Cisco IP Routing: Packet Forwarding & Intra-Domain Routing Protocols
by Alex Zinin

Jeff Doyle 1 and 2
and CCO stuff on MPLS, voice.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64348&t=64321
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CSPFA 3.0 Study Material [7:64214]

[Richard Deal]

John,

Thanks for the kudos. I wrote the book with the PIX exam in the back of my
mind, but my foremost concern was having a reader going away with real
working knowledge on how to set up the PIX. There are two minor objectives
for the exam that I don't cover--multicasting and shunning on the PIX. You
might want to read up on these for your test preparation. I'm hoping that
I'll have time in the next couple of weeks to add this info to my web site.

Cheers!
--

Richard A. Deal

Visit my home page at http://home.cfl.rr.com/dealgroup/

Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access
Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration
Exam Cram

Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco
exams on the market.



""John Faulk""  wrote in message
news:[EMAIL PROTECTED]
> Jason, I haven't taken the test yet but will be at the end of the month.
> The book I am using is Cisco Pix firewall by Richard Deal. Alot of people
> consider it the best one out. Or you can wait till March 31st and get the
> cisco press book.
>
>
> John
>
>
> On Mon, Mar 03, 2003 at 01:33:32AM +, Shearer Jason wrote:
> > Anyone have any study material for this exam?  I have the Cisco press
for
> > the old exam, but need material for grouping, PIX ACL's and new software
> > versions (6+).  Any help would be greatly appreciated.
> >
> > Jason
> --




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64349&t=64214
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Help Pix 501 [7:64278]

[Richard Deal]

Juan,

The PIX does not permit you to telnet into it from the "outside"
interface--this is a security feature. There are two solutions available:
SSH and a VPN. My recommendation is to go the hard route and set up a remote
access VPN connection to the PIX--SSH has been shown recently to have some
vulnerabilities.

Cheers!
--

Richard A. Deal

Visit my home page at http://home.cfl.rr.com/dealgroup/

Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access
Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration
Exam Cram

Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco
exams on the market.



""Juan Blanco""  wrote in message
news:[EMAIL PROTECTED]
> Team,
> I want to be able to telnet to my internal network(terminal server) via
the
> Pix 501, I have a connectivity via my cable provider, I have only one IP
> address. Before using the pix I have a router and I used to telnet to it
> from the Internet then connect to my terminal server, now I can't do it
> because there is no telnet capabilities from the Pix 501, Remember I have
> only one IPAny ideas how to do thisI looked in the Cisco Web
and
> the examples that I was able to find they assume that I have more than 1
IP
> which is no my case.At the present time I have not problem connecting
to
> the Pix from the Internet
>
> I really appreciate your help.
>
> Thanks,
>
> Juan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64350&t=64278
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE BOOKS [7:64321]

[Dennis Laganiere]

This question comes up on a regular basis, so a while back I put together a
document with a list of books and advice for taking the CCIE Written.  If
you want to take a look, you'll find it at www.laganiere.net.

Please let me know if anybody has any extra suggestions, I'd be glad to add
to the document.

Good luck with your studies...

--- Dennis Laganiere

- Original Message -
From: "milind tare" 
To: 
Sent: Monday, March 03, 2003 10:26 PM
Subject: CCIE BOOKS [7:64321]


> HI Cisco Buddy's
>
>
>   I am planning for CCIE Written exam can u ppl
> suggest me the books or any other good stuff so i can
> clear my written exam.
>
> Thanks & Regards,
> Milind Tare
>
> __
> Do you Yahoo!?
> Yahoo! Tax Center - forms, calculators, tips, more
> http://taxes.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64352&t=64321
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Certified Cisco System Instructor (CCSI) [7:64319]

[BJ Rice]

Check the Instructors Resource Website - http://64.139.25.96/.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64353&t=64319
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE C&S written practice exams?? [7:64354]

[Karim Abdelmonem]

Dear all,

Anyone knows any site on the internet selling pratice exams for
CCIE C&S (Wan Switching speciality)???

It will be my pleasure to find any!

Karim





_
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* 
http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64354&t=64354
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Catalyst Port Counters [7:64355]

[Tim Champion]

Does anyone know why the Giant counter below shows "-" as opposed to a
numerical counter? Cisco Works is showing the trunk as suffering from a high
number of oversize errors but the port counters don't back this up. I've
tried a clear counters but this has made no difference.

Sessions_A (enable) sh po 1/1
Port  Name   Status Vlan   Level  Duplex Speed Type
- -- -- -- -- -- - -
---
 1/1  to_cab_AA  connected  trunk  normal   full  1000
1000BaseSX


Port   Trap  IfIndex
-    ---
 1/1   disabled  3

Port Broadcast-Limit Broadcast-Drop
 --- --
 1/1 65.00 %  0

Port   Send FlowControlReceive FlowControl   RxPause TxPause Unsupported
   adminoper   adminoper   opcodes
-        --- --- ---
 1/1   on   on on   on   0   0   0

Port  Align-Err  FCS-ErrXmit-Err   Rcv-ErrUnderSize
- -- -- -- -- -
 1/1   0  0  0  0 0

Port  Single-Col Multi-Coll Late-Coll  Excess-Col Carri-Sen Runts Giants
- -- -- -- -- - - --
---
 1/1   0  0  0  0 0
0 -

Many thanks in advance.

Tim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64355&t=64355
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

VPN Client behind PIX [7:64358]

[Steve Smith]

OK gang here is the scenario. We have a PIX at work running VPN. I have
a 515 at home. Before I put the 515 at home in I could use the VPN
client to connect to work. Now I can not. I remember a year or so back
reading a Cisco article about this and that you had to use a certain IP
range on the remote (my house) network. Does anyone know anything about
this? Any suggestions?

Thanks!

Steve Smith
Enterprise Engineer
901-758-8179 ext. 108
TEKSELL
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64358&t=64358
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE C&S written practice exams?? [7:64354]

[Edwin Gonzalez]

BOSON!!! Dude!!!
1 and 3

Got to www.Boson.com

""Karim Abdelmonem""  wrote in message
news:[EMAIL PROTECTED]
> Dear all,
>
> Anyone knows any site on the internet selling pratice exams for
> CCIE C&S (Wan Switching speciality)???
>
> It will be my pleasure to find any!
>
> Karim
>
>
>
>
>
> _
> STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
> http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64359&t=64354
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RIP Question [7:64340]

[cebuano]

How about telling the interface to "ip rip send version 1"?
Sorry, I haven't had the chance to mock this up.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
John Beckmann
Sent: Tuesday, March 04, 2003 8:24 AM
To: [EMAIL PROTECTED]
Subject: RIP Question [7:64340]

Hi All,

I have a question in regards to RIP propergating a network route,
without
using summarization.


   BB1R1===R3Rest of network
   RIPV2--RIPV2RIPV2+OSPFOSPF---
   150.10.1.254___150.10.1.1___170.10.X.X

How do you get R1 to send a singe route to BB1 for the 170.10.X.X
network,
without using summarization. R1 is also part of the 170.10.X.X network.

Regards,
John Beckmann




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64360&t=64340
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Testing Software Needed for 640-925 Content Networking [7:64361]

[Bolton, Travis D [LTD]]

Team,

Does anybody know where I can find some testing software for this exam?
Boson does not offer it and I'm having problems finding anything relevant to
this exam.  Also, if you have already taken the exam could you please let me
know what resources you used to pass it.  Thanks for your help in advance.

Travis Bolton 
Web Media
CCNP,CCDA




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64361&t=64361
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PPP vs HDLC [7:64362]

[Stuart Pittwood]

It has been mooted to me that we might get better performance from our
1Mb line by using HDLC rather than PPP.



Is this correct?



If so is it just  a case of changing the Encapsulation PPP to
Encapsulation HDLC on both ends of the link?



Are there any implications I should be aware of?



Thanks



_

Stuart Pittwood, MCSE

IT Technician

Amery-Parkes Solicitors




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64362&t=64362
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ipx [7:64341]

[Bob Sinclair]

The IPX commands should be there, even if ipx routing is not enabled.
However, you may have an IP only feature set.  I think you will need at
least "desktop" to get IPX.


-Bob Sinclair
CCIE #10427, MCSE
Senior Network Engineer
Networking For Future, Inc.
www.nffinc.com
- Original Message -
From: "DeVoe, Charles (PKI)" 
To: 
Sent: Tuesday, March 04, 2003 8:26 AM
Subject: ipx [7:64341]


> I am using the Sybex CCNA Trainer software.  In the IPX section they refer
> to commands like sho ipx servers, show ipx route, etc.
>
> When I go to the router (running 12.1) and I do a show ?, no ipx anything
is
> listed.
>
> Has the command changed?
> Does ipx need to be enabled to see these commands?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64363&t=64341
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Help Pix 501 [7:64278]

[Scott Roberts]

I agree with richard the only way you're going to do this with a single ip
address is by setting up a vpn and then telneting as a second step.

scott

""Richard Deal""  wrote in message
news:[EMAIL PROTECTED]
> Juan,
>
> The PIX does not permit you to telnet into it from the "outside"
> interface--this is a security feature. There are two solutions available:
> SSH and a VPN. My recommendation is to go the hard route and set up a
remote
> access VPN connection to the PIX--SSH has been shown recently to have some
> vulnerabilities.
>
> Cheers!
> --
>
> Richard A. Deal
>
> Visit my home page at http://home.cfl.rr.com/dealgroup/
>
> Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access
> Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch
Configuration
> Exam Cram
>
> Cisco Test Prep author for QuizWare, providing the most comprehensive
Cisco
> exams on the market.
>
>
>
> ""Juan Blanco""  wrote in message
> news:[EMAIL PROTECTED]
> > Team,
> > I want to be able to telnet to my internal network(terminal server) via
> the
> > Pix 501, I have a connectivity via my cable provider, I have only one IP
> > address. Before using the pix I have a router and I used to telnet to it
> > from the Internet then connect to my terminal server, now I can't do it
> > because there is no telnet capabilities from the Pix 501, Remember I
have
> > only one IPAny ideas how to do thisI looked in the Cisco Web
> and
> > the examples that I was able to find they assume that I have more than 1
> IP
> > which is no my case.At the present time I have not problem
connecting
> to
> > the Pix from the Internet
> >
> > I really appreciate your help.
> >
> > Thanks,
> >
> > Juan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64364&t=64278
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PPP vs HDLC [7:64362]

[Scott Roberts]

I've never heard efficiency as a reason to use PPP over HDLC. there are more
options with PPP, but otherwise both are based upon SDLC and therefore
nearly identical from a protocol perspective. I suppose HDLC are a couple
bytes smaller, but this would be negligable.

I'd say if your PPP is configured and working fine, why bother to go through
the motions of changing for a 0.1% benefit?

scott

""Stuart Pittwood""  wrote in message
news:[EMAIL PROTECTED]
> It has been mooted to me that we might get better performance from our
> 1Mb line by using HDLC rather than PPP.
>
>
>
> Is this correct?
>
>
>
> If so is it just  a case of changing the Encapsulation PPP to
> Encapsulation HDLC on both ends of the link?
>
>
>
> Are there any implications I should be aware of?
>
>
>
> Thanks
>
>
>
> _
>
> Stuart Pittwood, MCSE
>
> IT Technician
>
> Amery-Parkes Solicitors




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64365&t=64362
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ipx [7:64341]

[Symon Thurlow]

Perhaps you don't have an IOS version that supports IPX?

Check the version on cisco.com

Symon

-Original Message-
From: DeVoe, Charles (PKI) [mailto:[EMAIL PROTECTED] 
Sent: 04 March 2003 13:26
To: [EMAIL PROTECTED]
Subject: ipx [7:64341]


I am using the Sybex CCNA Trainer software.  In the IPX section they
refer to commands like sho ipx servers, show ipx route, etc.

When I go to the router (running 12.1) and I do a show ?, no ipx
anything is listed. 

Has the command changed?  
Does ipx need to be enabled to see these commands?
=

 This email has been content filtered and
 subject to spam filtering. If you consider
 this email is unsolicited please forward
 the email to [EMAIL PROTECTED] and
 request that the sender's domain be
 blocked from sending any further emails.

=




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64366&t=64341
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN Client behind PIX [7:64358]

[Kevin O'Gilvie]

You have to do a IPSEC tunnel from Pix to Pix or Purchase VPN Concentrator.
I have the same issue.







>From: "Steve Smith" 
>Reply-To: "Steve Smith" 
>To: [EMAIL PROTECTED]
>Subject: VPN Client behind PIX [7:64358]
>Date: Tue, 4 Mar 2003 16:15:21 GMT
>
>OK gang here is the scenario. We have a PIX at work running VPN. I have
>a 515 at home. Before I put the 515 at home in I could use the VPN
>client to connect to work. Now I can not. I remember a year or so back
>reading a Cisco article about this and that you had to use a certain IP
>range on the remote (my house) network. Does anyone know anything about
>this? Any suggestions?
>
>Thanks!
>
>Steve Smith
>Enterprise Engineer
>901-758-8179 ext. 108
>TEKSELL
>[EMAIL PROTECTED]
_
Protect your PC - get McAfee.com VirusScan Online  
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64367&t=64358
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT: RE: Networking problem [7:64012]

[Priscilla Oppenheimer]

I had a similar problem once. It was so funny. I was working with a
customer. We were at his desk using a sniffer. We kept seeing huge amounts
of traffic to and from the server. So he would run into the server room,
move the mouse and check a couple things, and come back. While he was gone,
the traffic stopped! But then it started up again in a couple minutes. It
was a screen saver. I can't remember why the screen saver used network
bandwidth, but it did!

Regarding the original poster's question about the slow server: It probably
doesn't have anything to do with the network, actually, but you would have
to use a sniffer and other troubleshooting tools to know for sure. There are
many tools that could help you analyze the server performance, depending on
the OS, including netstat, chkconfig, lsof, Big Brother, etc.

With a sniffer, you can often tell if the problem is the network or the
server. If you're sniffing at a client and you see the server respond at the
transport layer quickly, with a TCP ACK for example, but take a long time to
actually send any data, blame the server and the applications on it. The ACK
arrived with no problem which exonerates the TCP/IP stack and the network.

Someone said to check full/half duplex. One thing you could do to lessen the
demand on the server is to purposely use half duplex. That way the server
isn't expected to send data while receiving. It also throttles the requests
to the server and makes the perceived performance better in some cases.

___

Priscilla Oppenheimer
www.troubleshootingnetworks.com
www.priscilla.com


Symon Thurlow wrote:
> 
> Slightly OT
> 
> I had a site once that had an HP LH3 (or something similar)
> server that
> had an absolute crap video card. Whenever I wasn't there,
> performance
> was poor. Whenever I was on site, performance was good.
> 
> It turned out to be the 3D screen saver that someone had
> configured was
> killing the server. It affected the process that these people
> used
> (probably a driver problem or something) so I changed the
> screen saver
> to a marquee and everything was fine.
> 
> Don't know if this is relevant to you but worth a look.
> 
> Symon
> 
> -Original Message-
> From: Steve [mailto:[EMAIL PROTECTED] 
> Sent: 04 March 2003 01:00
> To: [EMAIL PROTECTED]
> Subject: Re: Networking problem [7:64012]
> 
> 
> Do use half duplex also what are you doing when its slow
> specifically?
> 
> is the server slow accessing computers on the network and
> taking files
> or is it slow accessing the internet?
> 
> 
> 
> 
> ""Orlando, Jr. Palomar""  wrote in message
> news:[EMAIL PROTECTED]
> > Adeboye Onifade wrote:
> > > Server.
> > > The
> > > server is a Pentium 3, 128MB changed to 256, it's also on
> full
> > > duplex on the switch/ hubs etc could anyone advise on
> how to
> > > make the server more efficient!
> >
> > You can't configure full-duplex when connecting to a hub.
> Probably
> explains
> > the problems you're having.
> =
> 
>  This email has been content filtered and
>  subject to spam filtering. If you consider
>  this email is unsolicited please forward
>  the email to [EMAIL PROTECTED] and
>  request that the sender's domain be
>  blocked from sending any further emails.
> 
> =
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64369&t=64012
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

creating console cable for cs11152 [7:64368]

[Sam Sneed]

Has anyone done this before? I have a few CSS but don't have the adapters
for console ports. I'm hoping I can create my own cable using cat5. If
someone could enlighten me on how to do this that'd be great. Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64368&t=64368
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: DNS Proxy [7:64339]

[Priscilla Oppenheimer]

I think that might be an Easy VPN technology for the 1700 routers?? See if
searching on that helps

Priscilla

Lee Messenger wrote:
> 
> hi,
> 
> I have a 2621 router connected to a DSL line.  I have seen on
> some small Cisco routers they have he ability to do DNS proxy,
> I can't ind any commands on how to configure this though.  Is
> this possible to do on a 2621, also if someone could point me
> in the direction of sample configs then that would be great
> 
> Thanks
> 
> Lee




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64370&t=64339
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PPP vs HDLC [7:64362]

[Priscilla Oppenheimer]

Scott Roberts wrote:
> 
> I've never heard efficiency as a reason to use PPP over HDLC.
> there are more
> options with PPP, but otherwise both are based upon SDLC and
> therefore
> nearly identical from a protocol perspective. I suppose HDLC
> are a couple
> bytes smaller, but this would be negligable.
> 
> I'd say if your PPP is configured and working fine, why bother
> to go through
> the motions of changing for a 0.1% benefit?

I agree. A PPP link might take a second or two longer to come up because of
the option negotiation and any PAP or CHAP authentication, but once it's
running, there's no reason it would be significantly less efficient than HDLC.

Cisco's HDLC implementation is the simplest protocol in the world. The
header is very small. It sends keepalives every 10 seconds by default. But
PPP is very simple too and the LCP layer of PPP uses keepalives or something
equivalent too, if I'm not mistaken.

Priscilla

> 
> scott
> 
> ""Stuart Pittwood""  wrote in
> message
> news:[EMAIL PROTECTED]
> > It has been mooted to me that we might get better performance
> from our
> > 1Mb line by using HDLC rather than PPP.
> >
> >
> >
> > Is this correct?
> >
> >
> >
> > If so is it just  a case of changing the Encapsulation PPP to
> > Encapsulation HDLC on both ends of the link?
> >
> >
> >
> > Are there any implications I should be aware of?
> >
> >
> >
> > Thanks
> >
> >
> >
> > _
> >
> > Stuart Pittwood, MCSE
> >
> > IT Technician
> >
> > Amery-Parkes Solicitors
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64371&t=64362
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2950 telnet access is lost after vlans [7:63789]

[Priscilla Oppenheimer]

J. Johnson wrote:
> 
> Grr.  My previous email was cut off.  The upshot is that the
> switch does not
> have a default route (it's a switch, after all, not a router)
> so it cannot
> respond to the icmp request.  Is it possible to set a default
> router for
> the interface (in this case, vlan 7) that has the IP address
> assigned to
> it?

You can give most switches a default gateway (router) and also do static
routing. I think the command is "set ip route" on a set-based switch. I'm
not sure if that would fix your problem, but it might. Also check the 2900
documentation here:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2900/cgcr29k/index.htm

Also feel free to repost questions in a new thread. For folks that do this
over the Web, they aren't likely to click through to a thread this old. Of
course, telling the whole story might be difficult again, so you might want
to ask very specific questions. But then again, people assume you're a
newbie sometimes if you do that, so be careful with the wording.

Well, I'll keep clicking through anyway. I really want you to solve the
problem! It's an interesting one!

Priscilla

> 
> 
> J. Johnson wrote:
> 
> > Priscilla Oppenheimer wrote:
> > 
> >> 
> >> You gotta get it to stop doing that! ;-) Seriously, why
> doesn't the Linux
> >> router-on-a-stick know that the destination is local, on
> VLAN 7?
> >> Shouldn't it know not to send this packet to another router?
> It should
> >> just ARP for the destination and send the packet, perhaps
> tagged for VLAN
> >> 7.
> > 
> > I've tried it both ways, with the address in the linux
> router's table, and
> > with it redirecting to the 3600.  I'll put 10.0.0.6 back in
> the linux
> > router's table and sniff ... Yep, it behaves similarly (but
> with the extra
> > routing hop to the 3600 removed.)  Now, the icmp request goes
> from the box
> > on oreilly.net up vlan5 through the 2950 switch to the linux
> router, back
> > out vlan7 to the switch, and the switch does an arp request
> out vlan 7 for
> > the originating box.  Vlan 7 doesn't include oreilly.net, so
> the arp
> > request goes unanswered.
> > 
> > 
> > 
> >> VLAN 7! ;-) Of course, it is in fact seeing that IP address
> coming in on
> >> VLAN 7, so maybe it assumes that's where the address is
> really located
> >> and ARPs to there. The source IP address has been remaining
> the same
> >> throughout all this, though the MAC addresses have been
> changing. It sees
> >> the source IP address for oreilly come in on VLAN 7. Could
> that be
> >> confusing it? I don't think it should, but it might.
> > 
> >  Thank you - of course the switch is
> > confused.  Think of how ping usually works:
> > 
> > BOX A --- ROUTER B --- ... --- ROUTER Y --- BOX Z
> > 
> > A pings Z, but since it doesn't know Z's MAC address it sends
> the request
> > to
> > a router, which is B.  A knows how to do this because it has
> a routing
> > table, or it knows a default router.  B and all intervening
> routers do the
> > same until the packet gets to Y.  Now Y has to do the same to
> get the
> > response back to A.  ---> However, if Z doesn't know where A
> is, it also
> > has to send the response to a router.
> > 
> > James
> > Nondisclosure violations to [EMAIL PROTECTED]
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64373&t=63789
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PPP vs HDLC [7:64362]

[JSalminen]

Actually, I use PPP so that I can combine two T1 lines into a single virtual
interface (multilink PPP). There wasn't the capability of doing this with
HDLC.


""Stuart Pittwood""  wrote in message
news:[EMAIL PROTECTED]
> It has been mooted to me that we might get better performance from our
> 1Mb line by using HDLC rather than PPP.
>
>
>
> Is this correct?
>
>
>
> If so is it just  a case of changing the Encapsulation PPP to
> Encapsulation HDLC on both ends of the link?
>
>
>
> Are there any implications I should be aware of?
>
>
>
> Thanks
>
>
>
> _
>
> Stuart Pittwood, MCSE
>
> IT Technician
>
> Amery-Parkes Solicitors




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64374&t=64362
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE C&S written practice exams?? [7:64354]

[Kaminski, Shawn G]

Before some people have a premature Boson nervous breakdown, let's look at
what the question is asking. First, the poster is asking for information on
the CCIE C&S (Communications and Services) exam. He says WAN Switching, but
I don't think that's available anymore, so he probably meant Communications
and Services. Assuming this, the Boson 1 and 3 exams that are being
mentioned are for the R&S (Routing and Switching) track, not the C&S track.
I just went to their site and didn't see anything for the C&S track. While
the CCIE C&S exam covers 50% of general topics, the other 50% of the exam is
on a specific C&S technology. So, even if the Boson exams cover 50% of the
exam, why would someone spend $80.00 for materials that only cover half the
exam? 

I don't know of anyone right now who has practice exams for the C&S track.
The poster may be best off studying from CCO, which is free, rather than
purchasing any materials that don't specifically cover this exam. 

Just my opinion,

Shawn K.   

-Original Message-
From: Edwin Gonzalez [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, March 04, 2003 11:24 AM
To: [EMAIL PROTECTED]
Subject: Re: CCIE C&S written practice exams?? [7:64354]

BOSON!!! Dude!!!
1 and 3

Got to www.Boson.com

""Karim Abdelmonem""  wrote in message
news:[EMAIL PROTECTED]
> Dear all,
>
> Anyone knows any site on the internet selling pratice exams for
> CCIE C&S (Wan Switching speciality)???
>
> It will be my pleasure to find any!
>
> Karim
>
>
>
>
>
> _
> STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
> http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64375&t=64354
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN Client behind PIX [7:64358]

[Charles Riley]

You may be able to avoid throwing a VPN concentrator into the mix just yet.

Need more information before this can be answered, but it could be that the
source address of your home system is being NATed, which can interface with
IPsec.  It could be that your Pix is blocking.

Before you tear into your Pix's configuration, take it out of the equation
and ensure that you can establish the VPN as you did before you installed
the Pix.  If successful, then put your Pix back into the mix.  Check a few
things:

1. are you translating the VPN client's source IP address?

2. are you permitting IPsec traffic to pass untranslated?

3.  are IPsec responses permitted to return to your VPN client?

4. Does the Pix at work only accept IPsec from specific addresses?

Obviously, since the work Pix and your VPN client did not change, the
problem lies with the configuration of the PIx you have at home.


HTH,

Charles



""Kevin O'Gilvie""  wrote in message
news:[EMAIL PROTECTED]
> You have to do a IPSEC tunnel from Pix to Pix or Purchase VPN
Concentrator.
> I have the same issue.
>
>
>
>
>
>
>
> >From: "Steve Smith"
> >Reply-To: "Steve Smith"
> >To: [EMAIL PROTECTED]
> >Subject: VPN Client behind PIX [7:64358]
> >Date: Tue, 4 Mar 2003 16:15:21 GMT
> >
> >OK gang here is the scenario. We have a PIX at work running VPN. I have
> >a 515 at home. Before I put the 515 at home in I could use the VPN
> >client to connect to work. Now I can not. I remember a year or so back
> >reading a Cisco article about this and that you had to use a certain IP
> >range on the remote (my house) network. Does anyone know anything about
> >this? Any suggestions?
> >
> >Thanks!
> >
> >Steve Smith
> >Enterprise Engineer
> >901-758-8179 ext. 108
> >TEKSELL
> >[EMAIL PROTECTED]
> _
> Protect your PC - get McAfee.com VirusScan Online
> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64376&t=64358
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PPP vs HDLC [7:64362]

[Lupi, Guy]

I have never heard of a performance boost by going with one or the other,
PPP does support some things like quality monitoring and authentication that
are useful in certain situations.  One thing to be aware of is that some
vendors only support PPP encapsulation, with others supporting both PPP and
Cisco's HDLC.  If one of the devices is not a Cisco, you would have to check
the documentation to verify that they are able to support Cisco HDLC.

-Original Message-
From: Stuart Pittwood [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 04, 2003 11:48 AM
To: [EMAIL PROTECTED]
Subject: PPP vs HDLC [7:64362]


It has been mooted to me that we might get better performance from our
1Mb line by using HDLC rather than PPP.



Is this correct?



If so is it just  a case of changing the Encapsulation PPP to
Encapsulation HDLC on both ends of the link?



Are there any implications I should be aware of?



Thanks



_

Stuart Pittwood, MCSE

IT Technician

Amery-Parkes Solicitors




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64377&t=64362
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Configuring CIR on a cisco 2522 FR switch [7:64187]

[Thomas Crowe]

Remember though, that when a sender exceeds the CIR, the frame switch 
only marks the packet's DE flag.  So if the frame switch is not 
congested, then none of the packets will be discarded.

HTH

John Tafasi wrote:

>Hi group,
>
>I have a cisco 2522 router that is configured as a frame relay switch. I am
>trying to configure CIR on serial 4 so that if the router connected to s4 is
>sending more traffic than the configured CIR, packets will be dropped at fhe
>frame relay switch. I configured the CIR on the switch but it seems that the
>router connected to s4 can still send traffic at rates exceeding the CIR,
>and the FR switch will not drop any packet.
>
>
>Can some one give an advice here?
>
>Below is the configuration of the frame relay switch.
>
>
>
>
>Frame_Relay_Switch#show run
>Building configuration...
>
>Current configuration:
>!
>version 11.2
>no service password-encryption
>no service udp-small-servers
>no service tcp-small-servers
>!
>hostname Frame_Relay_Switch
>!
>enable secret 5 $1$dzof$Eb3uuMoHCj2x4/dCZFZ5T.
>!
>frame-relay switching
>!
>interface Ethernet0
> no ip address
> shutdown
>!
>interface Serial0
> no ip address
> shutdown
>!
>interface Serial1
> no ip address
> shutdown
>!
>interface Serial2
> no ip address
> encapsulation frame-relay
> clockrate 64000
> frame-relay intf-type dce
> frame-relay route 104 interface Serial4 401
> frame-relay route 105 interface Serial5 501
> frame-relay route 106 interface Serial6 601
>!
>interface Serial3
> no ip address
> shutdown
>!
>interface Serial4
> no ip address
> encapsulation frame-relay
> clockrate 64000
> frame-relay class para
> frame-relay intf-type dce
> frame-relay route 401 interface Serial2 104
> frame-relay route 405 interface Serial5 504
> frame-relay route 406 interface Serial6 604
>!
>interface Serial5
> no ip address
> encapsulation frame-relay
> clockrate 64000
> frame-relay intf-type dce
> frame-relay route 501 interface Serial2 105
> frame-relay route 504 interface Serial4 405
> frame-relay route 506 interface Serial6 605
>!
>interface Serial6
> no ip address
> encapsulation frame-relay
> clockrate 64000
> frame-relay intf-type dce
> frame-relay route 601 interface Serial2 106
> frame-relay route 604 interface Serial4 406
> frame-relay route 605 interface Serial5 506
>!
>interface Serial7
> no ip address
> shutdown
>!
>interface Serial8
> no ip address
> shutdown
>!
>interface Serial9
> no ip address
> shutdown
>!
>interface BRI0
> no ip address
> shutdown
>!
>no ip classless
>!
>map-class frame-relay parameters
> frame-relay cir 300
>!
>map-class frame-relay para
> frame-relay traffic-rate 1000
> frame-relay cir 1000
> frame-relay bc 1000
>!
>line con 0
> exec-timeout 3 0
>line aux 0
>line vty 0 4
> login
>!
>end
>
>Frame_Relay_Switch#
-- 
Thomas Crowe
Senior Engineer / Senior Architect
EMC Proven Professional, Master Architect
EMC Proven Professional, Master Operator
CTS Professional Services, Atlanta
Yahoo IM:  thomas_crowe
MS Messenger: [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64378&t=64187
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN Client behind PIX [7:64358]

[Greg Owens]

You just need to open the ports you are using, ie 500, 47 1
> 
> From: "Steve Smith" 
> Date: 2003/03/04 Tue AM 11:15:21 EST
> To: [EMAIL PROTECTED]
> Subject: VPN Client behind PIX [7:64358]
> 
> OK gang here is the scenario. We have a PIX at work running VPN. I have
> a 515 at home. Before I put the 515 at home in I could use the VPN
> client to connect to work. Now I can not. I remember a year or so back
> reading a Cisco article about this and that you had to use a certain IP
> range on the remote (my house) network. Does anyone know anything about
> this? Any suggestions?
> 
> Thanks!
> 
> Steve Smith
> Enterprise Engineer
> 901-758-8179 ext. 108
> TEKSELL
> [EMAIL PROTECTED]
Greg Owens
202-398-2552




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64379&t=64358
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Question on ISIS and IP Mismatches - 2nd attempt [7:64381]

[CiscoNewbie]

Hi all.  I am thinking of adding a few Cisco into my lab which consist of
mainly Juniper routers running ISIS.  A few months back I got caught up in a
nice troubleshooting issue with ISIS on these routers while working on a PTP
in that I had misconfigured an IP address on one side of an interface and a
different network IP on the other side of the PTP.  Being that ISIS does not
care about IP, the adjacencies forms anyways like they should have.  Now I
know that this is the nature of ISIS and not an issue with the router but
recently Juniper modified their JUNOS OS so that it checks for proper match
of IP parameters.  My question is, does Cisco have this built in behavior in
that it will check for this mismatch?  If so, what IOS code/train has it?

Thanks.



-
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, and more




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64381&t=64381
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

How do you change tcp port for telnet on a router? [7:64382]

[[EMAIL PROTECTED]]

How do you change tcp port for telnet on a router?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64382&t=64382
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

3000 Concentrator behind/in front or parallel to PIX? [7:64383]

[Chris Penrose]

Hi All, I am setting up a VPN to connect remote sites to a Head Office, the
head office has a VPN 3000 Concentrator and a PIX 515 Firewall, As I
understand it I can place the PIX in front/behind or in Parallel to the 3000
. I was wondering if anyone that has done this has any recommendations as to
the best place for the PIX or any advantages/disadvantages of placement.   I
am thinking in front but I am unsure what repercussions this will have with
regard to access across the VPN.  I need all IP through the vpn tunnels for
each site, so with the PIX in front I would be setting up a static to the
outside interface of the 3000 and adding the following acl's
Access-list 100 permit ah any vpn3k
Access-list 100 permit esp any vpn3k
Access-list 100 permit udp any vpn3k eq isakmp

Would I still need acl's on the PIX  to allow all other IP from each site?
Or should I place the PIX somewhere else.

any advice appreciated.

thanks

Chris.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64383&t=64383
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

can one someone pls recommend [7:64380]

[Mirza, Timur]

a hands-on lab training course for the ccie lab exam...i want to prepare
myself for my 6th attempt...i believe there was ecp course but i don't have
the details...thx in advance

Timur Mirza
Principal Network Engineer
Enterprise Core Network
Verizon Wireless
15505-B Sand Canyon Avenue
Irvine, California 92618
949.286.6623 (o)
949.697.7964 (c)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64380&t=64380
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Best Book/DOCs on MPLS [7:64257]

[Paul Jin]

Paul Jin wrote:
> 
> What are you trying to accomplish?
> 
> - Paul


What I meant was what is the reason why you want to learn MPLS and what
exactly are you trying to accomplish or your job function, that way I can
maybe point out something specific?  You want to do MPLS in your IP Core, do
MPLS VPN, MPLS TE, etc... or just something in general??

Cisco has MPLS VPN architecture if you want to learn more about MPLS VPN
service.  They also have a separate book for Traffic Engineering.

Many links at Cisco and Juniper on MPLS, but also on other web sites too,
such as MPLSforum.org

- Paul


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64385&t=64257
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PPP vs HDLC [7:64362]

[MADMAN]

Stuart Pittwood wrote:
> It has been mooted to me that we might get better performance from our
> 1Mb line by using HDLC rather than PPP.
> 
> 
> 
> Is this correct?

   HDLC is more efficient so I guess yes.  If I recall correctly, 
(someone will let me know if not;) PPP rides on top of HDLC.

> 
> 
> 
> If so is it just  a case of changing the Encapsulation PPP to
> Encapsulation HDLC on both ends of the link?

   Assuming you have a Cisco on both ends, yes.

> 
> 
> 
> Are there any implications I should be aware of?

   One big advantage of PPP in the ability to authenticate.  Though 1M 
seems odd I assume it's a dedicated link and authentication is not an issue.

   Dave

> 
> 
> 
> Thanks
> 
> 
> 
> _
> 
> Stuart Pittwood, MCSE
> 
> IT Technician
> 
> Amery-Parkes Solicitors
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

"You don't make the poor richer by making the rich poorer." --Winston
Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64386&t=64362
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ip ospf dead-interval [7:64311]

[Scott Roberts]

shoulds like you're trying to answer a trick question on a test? I suppose
"The Long and Winding Road" wanted you to work for your answer, but I'll
come out and tell you.

ospf defaults the dead-interval/hold-time as a multiple of the hello time,
so if you change the hello time the dead interval changes automatically
also.

scott

""nilesh bothra""  wrote in message
news:[EMAIL PROTECTED]
> Q. Change OSPF dead interval to 60 seconds.
> You are not allowed to use the command 'ip ospf dead-interval" for
> accomplishing this task.
>
> Suggestions pls
>
> Nilesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64387&t=64311
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: shutting down VLAN 1 [7:64334]

[Larry Letterman]

Watch out for Vlan mismatch issues if your using 6500 platform
switches. We had this issue in the past on our campus network.

Larry Letterman
Network Engineer
Cisco Systems


  - Original Message -
  From: Luca Ciasca
  To: [EMAIL PROTECTED]
  Sent: Tuesday, March 04, 2003 2:03 AM
  Subject: shutting down VLAN 1 [7:64334]


  Hi all,

  In the effort to avoid any Vlan spread in the entire campus (populated of
  more than 100 Cisco switches), I would like to shut down the Vlan 1 in
every
  switch of my campus and create just small local management Vlans. Is there
  anything wrong in this operation? Does the CDP exchange messages on Vlan 1?
  and does the CiscoWorks2000 exchange messages on Vlan 1?

  Best regards,

  Luca Ciasca




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64372&t=64334
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: My Favorite Topic - RIP route propagation / redistribution [7:64388]

[Scott Roberts]

"In my setup I saw that so long as I had the 200.0.0.4 address on the R4
loopback that the 200.0.0.0/24 refused to propagate. it did not show up in
the R4 table.
"
it has to be in your R4 routing table as a directly connected subnet. I
suppose what you mean is that it doesn't show up as either a ospf or rip
dynamic route. every router should send an update that its in their routing
table, but because of administrative distances, the directly connected one
always wins with a 0 distance. if he's getting something dynamically sent,
I'd say he either didn't put the address/mask correctly on r4 or he changed
administrative distances.

scott

""The Long and Winding Road""  wrote in
message news:[EMAIL PROTECTED]
> Cisco Nuts sent me this one off line.
>
> R3---R4---R5
> OSPF   RIP
>
> R4 redistributes RIP to OSPF and visa versa
>
>
> each router has a loopback with an address of 200.0.0.X / 32, where X is
the
> router number
>
> RIP version 1 on R4 and R5. The loopback on R4 is in the OSPF domain, and
> the loopback on R5 is in the RIP domain.
>
> CN apparently did not see the same phenomenon that I did. In his setup, he
> saw the summary-address of 200.0.0.0/24 propagated onto R4.
>
> In my setup I saw that so long as I had the 200.0.0.4 address on the R4
> loopback that the 200.0.0.0/24 refused to propagate. it did not show up in
> the R4 table.
>
> damn, I forgot to ask his IOS version. I'm running 12.1.5T10
>
> solution? has to do with the various ways one can trick RIP into behaving
as
> VLSM capable.
>
>
> --
> TANSTAAFL
> "there ain't no such thing as a free lunch"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64388&t=64388
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PPP vs HDLC [7:64362]

[Priscilla Oppenheimer]

MADMAN wrote:
> 
> Stuart Pittwood wrote:
> > It has been mooted to me that we might get better performance
> from our
> > 1Mb line by using HDLC rather than PPP.
> > 
> > 
> > 
> > Is this correct?
> 
>HDLC is more efficient so I guess yes. 

In what way is HDLC more efficient than PPP?

> If I recall
> correctly,
> (someone will let me know if not;) PPP rides on top of HDLC.

I would be glad to correct you. :-)

HDLC is really more of an architecture than a specific protocol and there
are many derivatives of it. PPP is just one of them, as is Cisco's HDLC.
Other derivitaves include LAPB, LAPD, and LLC2.

The standard PPP and Cisco HDLC are so similar in frame format you can
barely tell them apart.

Cisco HDLC encapsulation has:

one-byte address field, which is set to 0x0F for most frames 
one-byte control byte that is always set to 0x00
two-byte protocol type field 


Guess what PPP has? Essentially the exact same thing:

one-byte flag field set to 0x7F
one-byte address field, set to 0x11
one-byte control field set to 0xC0
one or two-byte protocol field


Both HDLC and PPP also have a control protocol for keeping the link up. HDLC
has SLARP. It sends keepalives. PPP has the Link Control Protocol. It brings
the link up and send echos and echo replies.

Cisco HDLC can also use SLARP to assign an IP address to the other end.

PPP has the Network Control Protocols in many different varieties. The IP
variety can assign IP addresses.

PPP also supports authentication, which Cisco HDLC doesn't.

___

Priscilla Oppenheimer
www.troubleshootingnetworks.com
www.priscilla.com



> 
> > 
> > 
> > 
> > If so is it just  a case of changing the Encapsulation PPP to
> > Encapsulation HDLC on both ends of the link?
> 
>Assuming you have a Cisco on both ends, yes.
> 
> > 
> > 
> > 
> > Are there any implications I should be aware of?
> 
>One big advantage of PPP in the ability to authenticate. 
> Though 1M
> seems odd I assume it's a dedicated link and authentication is
> not an issue.
> 
>Dave
> 
> > 
> > 
> > 
> > Thanks
> > 
> > 
> > 
> > _
> > 
> > Stuart Pittwood, MCSE
> > 
> > IT Technician
> > 
> > Amery-Parkes Solicitors
> -- 
> David Madland
> CCIE# 2016
> Sr. Network Engineer
> Qwest Communications
> 612-664-3367
> 
> "You don't make the poor richer by making the rich poorer."
> --Winston
> Churchill
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64389&t=64362
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

direway dsl via satelite and the vpn [7:64390]

[DJ W]

I am trying to find anyone who has successfully configured the windows
checkpoint vpn client accessing a citrix site over a direcway satelite dsl. 
When I run the client, it appears as though we lose the connection to the
internet.  Direcway and Checkpoint are baffled and claim to have never heard
about the issue.  Any constructive input is welcome!

Dave


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64390&t=64390
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ATM SVC's on a 7000/RP1` [7:64384]

[Nelson Herron]

Does anyone know whether the 7000/RP1 combination will properly support ATM
SVC's?  I have finally gotten SVC negotiation to work on a Madge ATM switch
to the point that I can set up LANE and ping the switch.  On standard SVC's
I have finally gotten around the error code 96 for missing info elt. 
However, I am now getting an error 88 which appears to originate at the
remote end of the SVC pipe.  I have connected/mapped one ATM sub-if on an
RSP7000 with the "svc " command and set the encaps to aal5mux, and I have
configured the 7000/RP1 to use a map-group that is configured to use aal5mux
(the only option I can find to set the aal other than the aal3/4 setting
under the "atm" subcommand).  Ip addresses are 172.18.1.1 and 172.18.1.2. 
ESI's seem to be correct (0172.1801.0001.00 and 0172.1801.0002.00).  ILMI
registers the endpoints properly on the switch.  The switch shows reciprocal
traffic between the two routers relative to error code 88 in one direction
and error code 31 in the other direction so it appears that the traffic is
transiting the switch properly.  Thanks for any help you can offer.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64384&t=64384
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: shutting down VLAN 1 [7:64334]

[Samson Martinez]

Can you elaborate a bit on the issues encountered?

Thanks!

Samson Martinez
Motive Communications, Inc.


-Original Message-
From: Larry Letterman [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, March 04, 2003 12:14 PM
To: [EMAIL PROTECTED]
Subject: Re: shutting down VLAN 1 [7:64334]

Watch out for Vlan mismatch issues if your using 6500 platform
switches. We had this issue in the past on our campus network.

Larry Letterman
Network Engineer
Cisco Systems


  - Original Message -
  From: Luca Ciasca
  To: [EMAIL PROTECTED]
  Sent: Tuesday, March 04, 2003 2:03 AM
  Subject: shutting down VLAN 1 [7:64334]


  Hi all,

  In the effort to avoid any Vlan spread in the entire campus (populated
of
  more than 100 Cisco switches), I would like to shut down the Vlan 1 in
every
  switch of my campus and create just small local management Vlans. Is
there
  anything wrong in this operation? Does the CDP exchange messages on
Vlan 1?
  and does the CiscoWorks2000 exchange messages on Vlan 1?

  Best regards,

  Luca Ciasca




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64391&t=64334
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: direway dsl via satelite and the vpn [7:64390]

[Sam Sneed]

Try lowering the MTU on your Windows machine. The parameter is in the
registry.

""DJ W""  wrote in message
news:[EMAIL PROTECTED]
> I am trying to find anyone who has successfully configured the windows
> checkpoint vpn client accessing a citrix site over a direcway satelite
dsl.
> When I run the client, it appears as though we lose the connection to the
> internet.  Direcway and Checkpoint are baffled and claim to have never
heard
> about the issue.  Any constructive input is welcome!
>
> Dave




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64392&t=64390
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: creating console cable for cs11152 [7:64368]

[Scott Roberts]

the console port is identical to every other cisco router (eia-232, 9600
baud).
http://www.cisco.com/en/US/products/hw/accessor/ps107/products_tech_note0918
6a0080094ce6.shtml

scott

""Sam Sneed""  wrote in message
news:[EMAIL PROTECTED]
> Has anyone done this before? I have a few CSS but don't have the adapters
> for console ports. I'm hoping I can create my own cable using cat5. If
> someone could enlighten me on how to do this that'd be great. Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64393&t=64368
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: direway dsl via satelite and the vpn [7:64390]

[Walker, James - Is]

Dave,

Satellite is not DSL and DSL is not satellite. I think that was a typo. :)

I have a Direcway Satellite System and the ONLY WAY I got the VPN to work is


1. Not launching the VPN from the computer that is directly connected to the
satellite rcvr/trans box, because it does not work!!!

2. Loaded Windows XP and bridged the USB and the NIC

3. Configured the NIC with an IP address and mask

4. Installed a switch, you can use a hub, and connected up the computer

5. Connected my laptop to the switch

6. Configured the NIC on my laptop to be on the same network as the computer
and
used it as your gateway


Good luck,

Jim




-Original Message-
From: DJ W [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 04, 2003 3:40 PM
To: [EMAIL PROTECTED]
Subject: direway dsl via satelite and the vpn [7:64390]


I am trying to find anyone who has successfully configured the windows
checkpoint vpn client accessing a citrix site over a direcway satelite dsl. 
When I run the client, it appears as though we lose the connection to the
internet.  Direcway and Checkpoint are baffled and claim to have never heard
about the issue.  Any constructive input is welcome!

Dave




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64394&t=64390
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: shutting down VLAN 1 [7:64334]

[John Tudong]

No problem with this.  TAC recommended.  See here:
http://www.cisco.com/en/US/products/hw/switches/ps663/products_tech_note09186a0080094713.shtml#basic_cfg

Luca Ciasca wrote:
> Hi all,
> 
> In the effort to avoid any Vlan spread in the entire campus (populated of
> more than 100 Cisco switches), I would like to shut down the Vlan 1 in
every
> switch of my campus and create just small local management Vlans. Is there
> anything wrong in this operation? Does the CDP exchange messages on Vlan 1?
> and does the CiscoWorks2000 exchange messages on Vlan 1?
> 
> Best regards,
> 
> Luca Ciasca




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64396&t=64334
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN Client behind PIX [7:64358]

[Georgescu, Aurelian]

Steve,

You have to permit the IP protocols 50 and 51 trough the PIX for the IPSEC
tunnel negotiation between your client and the PIX at work.

Aurelian Georgescu


-Original Message-
From: Steve Smith [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, March 04, 2003 11:15 AM
To: [EMAIL PROTECTED]
Subject: VPN Client behind PIX [7:64358]

OK gang here is the scenario. We have a PIX at work running VPN. I have
a 515 at home. Before I put the 515 at home in I could use the VPN
client to connect to work. Now I can not. I remember a year or so back
reading a Cisco article about this and that you had to use a certain IP
range on the remote (my house) network. Does anyone know anything about
this? Any suggestions?

Thanks!

Steve Smith
Enterprise Engineer
901-758-8179 ext. 108
TEKSELL
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64397&t=64358
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

NAT ON PIX QUESTION [7:64398]

[Sam]

Hey Guys.
First of all, there aren't any words to express my appreciation for this
list and all the guys who are always so helpful in here.

These questions are regarding NAT in reference to PIX only.

1)Static NAT works both ways. From outside to inside and vice versa.
However, You need an access-list configured if you are accessing from a
lower-security interface to a higher-security one.

2)Dynamic NAT on the contrary doesn't work both ways. Connections can be
initiated only from one interface to another and the other can only reply
statefully. Am I right?
Eg: If I configure an internal network(10.0.1.0) to translate to
64.4.4.10-64.4.4.30, 30 connections can be initiated towards the internet
and they would work fine. Replies can be sent back to those initiated
connections but no connections can be initiated from the Internet to the
internal network. Hence, I call it stateful.
Am I right about this full statement?

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64398&t=64398
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: creating console cable for cs11152 [7:64368]

[Sam Sneed]

Actually its not. You need a special adapter to console into these switches.
They come with them but I only have 1, I need 4. On Cisco's site they have
the following but it looks like a typo

http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_installation_
guide_chapter09186a00800df9d6.html#xtocid3

 if you look at the table they RXD and DSR both going to to pin 3.


""Scott Roberts""  wrote in message
news:[EMAIL PROTECTED]
> the console port is identical to every other cisco router (eia-232, 9600
> baud).
>
http://www.cisco.com/en/US/products/hw/accessor/ps107/products_tech_note0918
> 6a0080094ce6.shtml
>
> scott
>
> ""Sam Sneed""  wrote in message
> news:[EMAIL PROTECTED]
> > Has anyone done this before? I have a few CSS but don't have the
adapters
> > for console ports. I'm hoping I can create my own cable using cat5. If
> > someone could enlighten me on how to do this that'd be great. Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64399&t=64368
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 3000 Concentrator behind/in front or parallel to PIX? [7:64400]

[Symon Thurlow]

I prefer to put them parallel (generally).

This is so you can control all decrypted traffic, and see what it is.

Symon

-Original Message-
From: Chris Penrose [mailto:[EMAIL PROTECTED] 
Sent: 04 March 2003 19:27
To: [EMAIL PROTECTED]
Subject: 3000 Concentrator behind/in front or parallel to PIX? [7:64383]


Hi All, I am setting up a VPN to connect remote sites to a Head Office,
the head office has a VPN 3000 Concentrator and a PIX 515 Firewall, As I
understand it I can place the PIX in front/behind or in Parallel to the
3000 . I was wondering if anyone that has done this has any
recommendations as to
the best place for the PIX or any advantages/disadvantages of placement.
I
am thinking in front but I am unsure what repercussions this will have
with regard to access across the VPN.  I need all IP through the vpn
tunnels for each site, so with the PIX in front I would be setting up a
static to the outside interface of the 3000 and adding the following
acl's Access-list 100 permit ah any vpn3k Access-list 100 permit esp any
vpn3k Access-list 100 permit udp any vpn3k eq isakmp

Would I still need acl's on the PIX  to allow all other IP from each
site? Or should I place the PIX somewhere else.

any advice appreciated.

thanks

Chris.
=

 This email has been content filtered and
 subject to spam filtering. If you consider
 this email is unsolicited please forward
 the email to [EMAIL PROTECTED] and
 request that the sender's domain be
 blocked from sending any further emails.

=




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64400&t=64400
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Win2k VPN Server [7:64401]

[Curious]

I have a Win2k VPN server that just got Hacked, we have decided to move it
behind the firewall.
Any one knows what ports i needs to open on my firewall so that my PPTP vpn
client connects to it.

thanks,


--
Curious

MCSE, CCNP




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64401&t=64401
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How do you change tcp port for telnet on a router? [7:64402]

[Michael W. Oliver]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

+--- On Tuesday, March 04, 2003 14:13, [EMAIL PROTECTED] proclaimed:
|
| How do you change tcp port for telnet on a router?
|

supposing you wanted to telnet to the router using port 10023...

! ingress interface for telnet session
!
int e0
ip addr 192.168.0.1 255.255.255.0
ip access-group TELNET_PT_ACL in
ip nat outside
!
int loop0
ip addr 1.1.1.1 255.255.255.255
ip nat inside
!
ip nat inside source static 1.1.1.1 23 192.168.0.1 10023 extend
!
ip access-list ex TELNET_PT_ACL
deny tcp any 192.168.0.1 0.0.0.0 eq 23
permit any


- -- 
+---+--+
|Michael W. Oliver, CCNP| "The tree of liberty must be |
|   | refreshed from time to time  |
|[EMAIL PROTECTED] | with the blood of patriots   |
|http://michael.gargantuan.com/ | and tyrants."|
|   ASpath-tree, Looking Glass, etc.| - President Thomas Jefferson |
|   +--+
|   gpg key - http://michael.gargantuan.com/gnupg/pubkey.asc   |
+--+


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+ZSUtsWv7q8X6o8kRAvVlAJ4uKsNBW9N+vsaDZnR1suXT6R7dTACgs2vs
kTkaV8JLc4P+qm6Y00ymLAU=
=VJcF
-END PGP SIGNATURE-




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64402&t=64402
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IS-IS in Lab [7:64403]

[Bruno Fernandes]

Should I expect IS-IS in the security LAB ?

Thanks and Regards,
Bruno Fernandes




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64403&t=64403
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NAT ON PIX QUESTION [7:64398]

[Scott Roberts]

basically yes, I think your statement is correct.

1) I haven't configured a PIX recently, but I don't recall it requiring an
access-list for static address translation, since the port is actually part
of the static (or conduit) command. Now I'm sure you'd want a ACL, but
simply for the same reason you'd put it on any interface, nothing specific
to NAT though.

2) as far as dynamic being one way, thats correct, but the way you worded
the sentence seems to imply that its also a one way from outside to inside.
dynamic is always inside to out and is blocked outside to inside.

scott

 ""Sam""  wrote in message
news:[EMAIL PROTECTED]
> Hey Guys.
> First of all, there aren't any words to express my appreciation for this
> list and all the guys who are always so helpful in here.
>
> These questions are regarding NAT in reference to PIX only.
>
> 1)Static NAT works both ways. From outside to inside and vice versa.
> However, You need an access-list configured if you are accessing from a
> lower-security interface to a higher-security one.
>
> 2)Dynamic NAT on the contrary doesn't work both ways. Connections can be
> initiated only from one interface to another and the other can only reply
> statefully. Am I right?
> Eg: If I configure an internal network(10.0.1.0) to translate to
> 64.4.4.10-64.4.4.30, 30 connections can be initiated towards the internet
> and they would work fine. Replies can be sent back to those initiated
> connections but no connections can be initiated from the Internet to the
> internal network. Hence, I call it stateful.
> Am I right about this full statement?
>
> Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64404&t=64398
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: creating console cable for cs11152 [7:64368]

[Scott Roberts]

hopefully this time priscilla doesn't chastise me for helping out with CCO
material!! ;)

the link you supplied clearly states that its 9600 baud & rs-232 and the
table below it doesn't say anything in regards to pinouts for any console
port. the "rs-232" specification IS the pinout specification.

CSS 11050 Front Panel Connectors and LEDs
All front panels of the CSS 11050 models contain connectors and LEDs that
vary according to their model number. For example, the CSS 11051 in Figure
2-3 has:

  a.. 1 RS-232 Console connector (9600 baud)


  b.. 1 RS-232 Diag connector, reserved for field service use only (115,200
baud)


  c.. 8 10/100-Mbps auto-sensing Fast Ethernet connectors and their
associated Link/Activity status, 10/100 (Mbps), and Duplex (Half or Full)
LEDs


  d.. Power, Status, and Ready LEDs



""Sam Sneed""  wrote in message
news:[EMAIL PROTECTED]
> Actually its not. You need a special adapter to console into these
switches.
> They come with them but I only have 1, I need 4. On Cisco's site they have
> the following but it looks like a typo
>
>
http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_installation_
> guide_chapter09186a00800df9d6.html#xtocid3
>
>  if you look at the table they RXD and DSR both going to to pin 3.
>
>
> ""Scott Roberts""  wrote in message
> news:[EMAIL PROTECTED]
> > the console port is identical to every other cisco router (eia-232, 9600
> > baud).
> >
>
http://www.cisco.com/en/US/products/hw/accessor/ps107/products_tech_note0918
> > 6a0080094ce6.shtml
> >
> > scott
> >
> > ""Sam Sneed""  wrote in message
> > news:[EMAIL PROTECTED]
> > > Has anyone done this before? I have a few CSS but don't have the
> adapters
> > > for console ports. I'm hoping I can create my own cable using cat5. If
> > > someone could enlighten me on how to do this that'd be great. Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64405&t=64368
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Win2k VPN Server [7:64401]

[Chris Headings]

Should only need these 2 lines - 

access-list outside permit gre any host x.x.x.x
access-list outside permit tcp any host x.x.x.x eq 1723

Regards,

Chris


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64406&t=64401
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ip ospf dead-interval [7:64311]

[Priscilla Oppenheimer]

Scott Roberts wrote:
> 
> shoulds like you're trying to answer a trick question on a
> test? I suppose
> "The Long and Winding Road" wanted you to work for your answer,
> but I'll
> come out and tell you.

Why did you come out and tell the original poster the answer? Wouldn't the
poster learn more from working it out? I liked "The L&W Road's" answer much
better. :-)

Wouldn't the poster be a better representative of the relevant certification
having worked it out? For example, if the poster is going for CCNP and
manages to pass because people provided answers instead of methods for
figuring out the answer, is that a good thing for the rest of us who wish
CCNP to be a respected certification?

The poster asked for suggestions, not answers, and that's what we should
have provided.

Hopefully the poster will try this in a lab. There is at least one minor
gotcha that I can think of.

Hey, you had to expect to get slammed for this! ;-) I'm doing this with all
due respect and a recognition of how fun it is to give an answer. I think a
lot of us participate on the list partly to give answers because it's fun
and a nice ego stroke, myself included. But the real goal of Group Study is
to help people learn.

Priscilla


> 
> ospf defaults the dead-interval/hold-time as a multiple of the
> hello time,
> so if you change the hello time the dead interval changes
> automatically
> also.
> 
> scott
> 
> ""nilesh bothra""  wrote in message
> news:[EMAIL PROTECTED]
> > Q. Change OSPF dead interval to 60 seconds.
> > You are not allowed to use the command 'ip ospf
> dead-interval" for
> > accomplishing this task.
> >
> > Suggestions pls
> >
> > Nilesh
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64407&t=64311
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: direway dsl via satelite and the vpn [7:64390]

[Andrew Dorsett]

On Tue, 4 Mar 2003, DJ W wrote:

> I am trying to find anyone who has successfully configured the windows
> checkpoint vpn client accessing a citrix site over a direcway satelite dsl.
> When I run the client, it appears as though we lose the connection to the
> internet.  Direcway and Checkpoint are baffled and claim to have never
heard
> about the issue.  Any constructive input is welcome!

Good luck!  I've done similar things with other satellite providers.  The
VPN performance will be horrible due to the latency and satellite delay.
Remember that the DirecWay service comes with a custom IP stack to cache
and help cushion the delays some of which could be upwards of 500 msec.
You'll have to work really hard to fine tune the settings to see decent
performance.  Satellite is not optimal for real-time applications like
terminal sessions due to the delays.

Now here's the question to investigate.  Does the VPN client take over the
connection and route all the internet bound packets through the corporate
network?  Or does it setup routing so only corporate traffic goes
through the VPN and Internet traffic goes through DirecWay's datacenter?
If it does take over the traffic you could be having problems with timing
out due to the combination of delays and not using DirecWays special TCP
optimizations.

Hope this helps,
Andrew
---

http://www.andrewsworld.net/
ICQ: 2895251
Cisco Certified Network Associate

"Learn from the mistakes of others. You won't live long enough to make all
of them yourself."




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64408&t=64390
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ip ospf dead-interval [7:64311]

[Scott Roberts]

good point, I'm new to the forum and wasn't quite sure of what approaches to
answers people expected. I do like his approach to answering it, because if
you look at the link, the answer is in there (with the use of some deductive
logic).

the only thing that worries me though, is that if people never get a
straight answer, will they then stop asking questions? its nice to see an
open forum about cisco networking thats actually well populated, I'd like to
support it as much as I can.

scott

""Priscilla Oppenheimer""  wrote in message
news:[EMAIL PROTECTED]
> Scott Roberts wrote:
> >
> > shoulds like you're trying to answer a trick question on a
> > test? I suppose
> > "The Long and Winding Road" wanted you to work for your answer,
> > but I'll
> > come out and tell you.
>
> Why did you come out and tell the original poster the answer? Wouldn't the
> poster learn more from working it out? I liked "The L&W Road's" answer
much
> better. :-)
>
> Wouldn't the poster be a better representative of the relevant
certification
> having worked it out? For example, if the poster is going for CCNP and
> manages to pass because people provided answers instead of methods for
> figuring out the answer, is that a good thing for the rest of us who wish
> CCNP to be a respected certification?
>
> The poster asked for suggestions, not answers, and that's what we should
> have provided.
>
> Hopefully the poster will try this in a lab. There is at least one minor
> gotcha that I can think of.
>
> Hey, you had to expect to get slammed for this! ;-) I'm doing this with
all
> due respect and a recognition of how fun it is to give an answer. I think
a
> lot of us participate on the list partly to give answers because it's fun
> and a nice ego stroke, myself included. But the real goal of Group Study
is
> to help people learn.
>
> Priscilla
>
>
> >
> > ospf defaults the dead-interval/hold-time as a multiple of the
> > hello time,
> > so if you change the hello time the dead interval changes
> > automatically
> > also.
> >
> > scott
> >
> > ""nilesh bothra""  wrote in message
> > news:[EMAIL PROTECTED]
> > > Q. Change OSPF dead interval to 60 seconds.
> > > You are not allowed to use the command 'ip ospf
> > dead-interval" for
> > > accomplishing this task.
> > >
> > > Suggestions pls
> > >
> > > Nilesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64409&t=64311
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Off Topic Irrelevant Reply - WAS: IS-IS in Lab [7:64403]

[The Long and Winding Road]

""Bruno Fernandes""  wrote in message
news:[EMAIL PROTECTED]
> Should I expect IS-IS in the security LAB ?

One can learn everything one needs to know about life, the universe, and
Cisco CCIE Lab preparation through the proper study of baseball.

So - if you were a major league hitter stepping into the batter's box in a
key situation, should you expect the high hard one aimed at your head?

Well, you probably should be aware that it could happen. ;->

baseball season coming up! hot dawg



>
> Thanks and Regards,
> Bruno Fernandes




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64410&t=64403
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Packet Loss on switched network [7:64411]

[John Brandis]

Another problem
 
Sys admins here have noticed that when trying to ping some of the switch's,
some of the packets simply die in transit. Other people have said that the
speed of file transfers here is getting poor. 
We have a simple network here, 3 levels, each having 4x 2950's, connect via
Gigabit to the single core 4006 with SupIII.
 
I have tested this and I notice bizzare ping reply times (500ms) when I try
to ping from the core to one of the floor switch's. On the level I work on,
we dont use fibre back to the core, as we are on the same level and use
copper, and I dont see this problem, however I still connect to the Gigabit
module on the Cat4006.
 
I have checked all I can think of such as looking for loops on the network,
checked my syslog messages, but I can find nothing that would suggest thats
a fault in the configs of my switchs. Could any one point me as to where I
could look for problems as I am now at a loss why we experience packet loss
from the core to any switch connected via fibre to a 2950.
 
It could be just due to the amount of traffic on the network, but I doubt
it..
 
Thanks all
 
John
Sydney Australia


**

visit http://www.solution6.com

UK Customers - http://www.solution6.co.uk

**

The Solution 6 Head Office and NSW Branch has moved premises.
Please make sure you have updated your records with our new details.

Level 14, 383 Kent Street, Sydney NSW 2000.

General Phone: 61 2 9278 0666

General Fax: 61 2 9278 0555

**

This email message (and attachments) may contain information that is
confidential to Solution 6. If you are not the intended recipient you cannot
use, distribute or copy the message or attachments.  In such a case, please
notify the sender by return email immediately and erase all copies of the
message and attachments.  Opinions, conclusions and other information in
this message and attachments that do not relate to the official business of
Solution 6 are neither given nor endorsed by it.

*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64411&t=64411
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: creating console cable for cs11152 [7:64368]

[Sam Sneed]

When i plug rollover cable that i use for routers into routers console it
works. When I plug it into CSS11152 console it doesn't work When I use the
CS11152 adapter on rollover it does work. What I'm trying to figure out is
what do I have to do to a cat5 cable to make it work without the CSS11152
adapter.

""Scott Roberts""  wrote in message
news:[EMAIL PROTECTED]
> hopefully this time priscilla doesn't chastise me for helping out with CCO
> material!! ;)
>
> the link you supplied clearly states that its 9600 baud & rs-232 and the
> table below it doesn't say anything in regards to pinouts for any console
> port. the "rs-232" specification IS the pinout specification.
>
> CSS 11050 Front Panel Connectors and LEDs
> All front panels of the CSS 11050 models contain connectors and LEDs that
> vary according to their model number. For example, the CSS 11051 in Figure
> 2-3 has:
>
>   a.. 1 RS-232 Console connector (9600 baud)
>
>
>   b.. 1 RS-232 Diag connector, reserved for field service use only
(115,200
> baud)
>
>
>   c.. 8 10/100-Mbps auto-sensing Fast Ethernet connectors and their
> associated Link/Activity status, 10/100 (Mbps), and Duplex (Half or Full)
> LEDs
>
>
>   d.. Power, Status, and Ready LEDs
>
>
>
> ""Sam Sneed""  wrote in message
> news:[EMAIL PROTECTED]
> > Actually its not. You need a special adapter to console into these
> switches.
> > They come with them but I only have 1, I need 4. On Cisco's site they
have
> > the following but it looks like a typo
> >
> >
>
http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_installation_
> > guide_chapter09186a00800df9d6.html#xtocid3
> >
> >  if you look at the table they RXD and DSR both going to to pin 3.
> >
> >
> > ""Scott Roberts""  wrote in message
> > news:[EMAIL PROTECTED]
> > > the console port is identical to every other cisco router (eia-232,
9600
> > > baud).
> > >
> >
>
http://www.cisco.com/en/US/products/hw/accessor/ps107/products_tech_note0918
> > > 6a0080094ce6.shtml
> > >
> > > scott
> > >
> > > ""Sam Sneed""  wrote in message
> > > news:[EMAIL PROTECTED]
> > > > Has anyone done this before? I have a few CSS but don't have the
> > adapters
> > > > for console ports. I'm hoping I can create my own cable using cat5.
If
> > > > someone could enlighten me on how to do this that'd be great.
Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64412&t=64368
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ip ospf dead-interval [7:64311]

[The Long and Winding Road]

""Scott Roberts""  wrote in message
news:[EMAIL PROTECTED]
> good point, I'm new to the forum and wasn't quite sure of what approaches
to
> answers people expected. I do like his approach to answering it, because
if
> you look at the link, the answer is in there (with the use of some
deductive
> logic).
>
> the only thing that worries me though, is that if people never get a
> straight answer, will they then stop asking questions? its nice to see an
> open forum about cisco networking thats actually well populated, I'd like
to
> support it as much as I can.


There are a couple of ways to look at this.

give someone a fish, or teach them how to fish?

what level of expertise is the person asking the question?

The question itself - how to change one ospf timer without using the
timer-specific command - is a standard trick question for a lot of CCIE
practice labs. It's not generally the kind of thing that comes up in the
CCNA qualification exam.

Making the assumption that someone is prepping for the CCIE Lab, should they
be expecting specific answers to specific questions? Or should they be
spending a bit more time acquiring the expertise that is going to be tested
in the Lab?

Maybe there are CCNP practice labs out there that ask these kinds of
questions as well? Maybe the guy asking the question is a newly minted CCNA
and is starting his road to CCNP? Sure, ask the question.

My own opinion, and my own advice to anyone who dreams of attaining the
CCIE, is to start early and often - get into the habit of looking things up
in the documentation first. Knowing your way around the doc CD or the Cisco
CCO doc pages is a skill that will serve you well in a lot of different
places, including the CCIE Lab itself.


>
> scott
>
> ""Priscilla Oppenheimer""  wrote in message
> news:[EMAIL PROTECTED]
> > Scott Roberts wrote:
> > >
> > > shoulds like you're trying to answer a trick question on a
> > > test? I suppose
> > > "The Long and Winding Road" wanted you to work for your answer,
> > > but I'll
> > > come out and tell you.
> >
> > Why did you come out and tell the original poster the answer? Wouldn't
the
> > poster learn more from working it out? I liked "The L&W Road's" answer
> much
> > better. :-)
> >
> > Wouldn't the poster be a better representative of the relevant
> certification
> > having worked it out? For example, if the poster is going for CCNP and
> > manages to pass because people provided answers instead of methods for
> > figuring out the answer, is that a good thing for the rest of us who
wish
> > CCNP to be a respected certification?
> >
> > The poster asked for suggestions, not answers, and that's what we should
> > have provided.
> >
> > Hopefully the poster will try this in a lab. There is at least one minor
> > gotcha that I can think of.
> >
> > Hey, you had to expect to get slammed for this! ;-) I'm doing this with
> all
> > due respect and a recognition of how fun it is to give an answer. I
think
> a
> > lot of us participate on the list partly to give answers because it's
fun
> > and a nice ego stroke, myself included. But the real goal of Group Study
> is
> > to help people learn.
> >
> > Priscilla
> >
> >
> > >
> > > ospf defaults the dead-interval/hold-time as a multiple of the
> > > hello time,
> > > so if you change the hello time the dead interval changes
> > > automatically
> > > also.
> > >
> > > scott
> > >
> > > ""nilesh bothra""  wrote in message
> > > news:[EMAIL PROTECTED]
> > > > Q. Change OSPF dead interval to 60 seconds.
> > > > You are not allowed to use the command 'ip ospf
> > > dead-interval" for
> > > > accomplishing this task.
> > > >
> > > > Suggestions pls
> > > >
> > > > Nilesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64413&t=64311
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Packet Loss on switched network [7:64411]

[Priscilla Oppenheimer]

Quick answer:

1) Don't test with ping to the switches. Switches and routers de-prioritize
pings. Their job is to forward frames as fast as possible and that's what
they prioritize.
2) Test with applications that your users actually use and that require the
switch to forward frames or
3) Test with pings going through the switch not to the switch.
4) Do show interface (or equivalent if that command isn't available on your
swithces) and check the results for collisions, errors, etc.
5) Check for duplex mismatch problems, which will be evidenced by
collisions, errors.
6) Do a trace-route end to end. Is this really just a Layer 2 switched
network or (dare I say it) is there a "Layer 3" switch in the picture?

Send us some output from the show commands and we'll help you.

___

Priscilla Oppenheimer
www.troubleshootingnetworks.com
www.priscilla.com


John Brandis wrote:
> 
> Another problem
>  
> Sys admins here have noticed that when trying to ping some of
> the switch's,
> some of the packets simply die in transit. Other people have
> said that the
> speed of file transfers here is getting poor. 
> We have a simple network here, 3 levels, each having 4x 2950's,
> connect via
> Gigabit to the single core 4006 with SupIII.
>  
> I have tested this and I notice bizzare ping reply times
> (500ms) when I try
> to ping from the core to one of the floor switch's. On the
> level I work on,
> we dont use fibre back to the core, as we are on the same level
> and use
> copper, and I dont see this problem, however I still connect to
> the Gigabit
> module on the Cat4006.
>  
> I have checked all I can think of such as looking for loops on
> the network,
> checked my syslog messages, but I can find nothing that would
> suggest thats
> a fault in the configs of my switchs. Could any one point me as
> to where I
> could look for problems as I am now at a loss why we experience
> packet loss
> from the core to any switch connected via fibre to a 2950.
>  
> It could be just due to the amount of traffic on the network,
> but I doubt
> it..
>  
> Thanks all
>  
> John
> Sydney Australia
> 
> 
> **
> 
> visit http://www.solution6.com
> 
> UK Customers - http://www.solution6.co.uk
> 
> **
> 
> The Solution 6 Head Office and NSW Branch has moved premises.
> Please make sure you have updated your records with our new
> details.
> 
> Level 14, 383 Kent Street, Sydney NSW 2000.
> 
> General Phone: 61 2 9278 0666
> 
> General Fax: 61 2 9278 0555
> 
> **
> 
> This email message (and attachments) may contain information
> that is confidential to Solution 6. If you are not the intended
> recipient you cannot use, distribute or copy the message or
> attachments.  In such a case, please notify the sender by
> return email immediately and erase all copies of the message
> and attachments.  Opinions, conclusions and other information
> in this message and attachments that do not relate to the
> official business of Solution 6 are neither given nor endorsed
> by it.
> 
> *
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64414&t=64411
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ip ospf dead-interval [7:64311]

[Priscilla Oppenheimer]

Scott Roberts wrote:
> 
> good point, I'm new to the forum and wasn't quite sure of what
> approaches to
> answers people expected. I do like his approach to answering
> it, because if
> you look at the link, the answer is in there (with the use of
> some deductive
> logic).
> 
> the only thing that worries me though, is that if people never
> get a
> straight answer, will they then stop asking questions? 

Welcome to Group Study. Nobody ever gets a straight answer here! ;-) And
usually they shouldn't. With the exception of the ones and zeros that go
across the wire (or air), most other things in this industry are simply not
black-and-white. Just wait till the next time someone asks what a L3 switch
is or what layer ARP runs at! :-)

Priscilla

> its nice
> to see an
> open forum about cisco networking thats actually well
> populated, I'd like to
> support it as much as I can.
> 
> scott
> 
> ""Priscilla Oppenheimer""  wrote in
> message
> news:[EMAIL PROTECTED]
> > Scott Roberts wrote:
> > >
> > > shoulds like you're trying to answer a trick question on a
> > > test? I suppose
> > > "The Long and Winding Road" wanted you to work for your
> answer,
> > > but I'll
> > > come out and tell you.
> >
> > Why did you come out and tell the original poster the answer?
> Wouldn't the
> > poster learn more from working it out? I liked "The L&W
> Road's" answer
> much
> > better. :-)
> >
> > Wouldn't the poster be a better representative of the relevant
> certification
> > having worked it out? For example, if the poster is going for
> CCNP and
> > manages to pass because people provided answers instead of
> methods for
> > figuring out the answer, is that a good thing for the rest of
> us who wish
> > CCNP to be a respected certification?
> >
> > The poster asked for suggestions, not answers, and that's
> what we should
> > have provided.
> >
> > Hopefully the poster will try this in a lab. There is at
> least one minor
> > gotcha that I can think of.
> >
> > Hey, you had to expect to get slammed for this! ;-) I'm doing
> this with
> all
> > due respect and a recognition of how fun it is to give an
> answer. I think
> a
> > lot of us participate on the list partly to give answers
> because it's fun
> > and a nice ego stroke, myself included. But the real goal of
> Group Study
> is
> > to help people learn.
> >
> > Priscilla
> >
> >
> > >
> > > ospf defaults the dead-interval/hold-time as a multiple of
> the
> > > hello time,
> > > so if you change the hello time the dead interval changes
> > > automatically
> > > also.
> > >
> > > scott
> > >
> > > ""nilesh bothra""  wrote in message
> > > news:[EMAIL PROTECTED]
> > > > Q. Change OSPF dead interval to 60 seconds.
> > > > You are not allowed to use the command 'ip ospf
> > > dead-interval" for
> > > > accomplishing this task.
> > > >
> > > > Suggestions pls
> > > >
> > > > Nilesh
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64415&t=64311
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IS-IS in Lab [7:64403]

[Amazing]

my guess is yes...check out the current information on www.cisco.com/ccie


""Bruno Fernandes""  wrote in message
news:[EMAIL PROTECTED]
> Should I expect IS-IS in the security LAB ?
>
> Thanks and Regards,
> Bruno Fernandes




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64417&t=64403
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Packet Loss on switched network [7:64411]

[Amazing]

we had similar symptoms and without having much information from you, your
problem may or may not be the same as mine--what we found was that even
though we had forced the speed and the duplex on the switch, the server
NIC's were still at auto detect.  Once we changed the servers to 100/full
the problems vanished.  these were all intel servers running Win NT, Win2K
and Linux.  Needless to say it is now SOP for the sysadmins to set the speed
and duplex on new servers :-)

do show port on the 4006 and sh interface on the 2950's and look at the type
of errors...


""John Brandis""  wrote in message
news:[EMAIL PROTECTED]
> Another problem
>
> Sys admins here have noticed that when trying to ping some of the
switch's,
> some of the packets simply die in transit. Other people have said that the
> speed of file transfers here is getting poor.
> We have a simple network here, 3 levels, each having 4x 2950's, connect
via
> Gigabit to the single core 4006 with SupIII.
>
> I have tested this and I notice bizzare ping reply times (500ms) when I
try
> to ping from the core to one of the floor switch's. On the level I work
on,
> we dont use fibre back to the core, as we are on the same level and use
> copper, and I dont see this problem, however I still connect to the
Gigabit
> module on the Cat4006.
>
> I have checked all I can think of such as looking for loops on the
network,
> checked my syslog messages, but I can find nothing that would suggest
thats
> a fault in the configs of my switchs. Could any one point me as to where I
> could look for problems as I am now at a loss why we experience packet
loss
> from the core to any switch connected via fibre to a 2950.
>
> It could be just due to the amount of traffic on the network, but I doubt
> it..
>
> Thanks all
>
> John
> Sydney Australia
>
>
> **
>
> visit http://www.solution6.com
>
> UK Customers - http://www.solution6.co.uk
>
> **
>
> The Solution 6 Head Office and NSW Branch has moved premises.
> Please make sure you have updated your records with our new details.
>
> Level 14, 383 Kent Street, Sydney NSW 2000.
>
> General Phone: 61 2 9278 0666
>
> General Fax: 61 2 9278 0555
>
> **
>
> This email message (and attachments) may contain information that is
> confidential to Solution 6. If you are not the intended recipient you
cannot
> use, distribute or copy the message or attachments.  In such a case,
please
> notify the sender by return email immediately and erase all copies of the
> message and attachments.  Opinions, conclusions and other information in
> this message and attachments that do not relate to the official business
of
> Solution 6 are neither given nor endorsed by it.
>
> *




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64416&t=64411
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 3000 Concentrator behind/in front or parallel to PIX? [7:64419]

[Amazing]

i have one parallel and one behind.  both work fine.

""Symon Thurlow""  wrote in message
news:[EMAIL PROTECTED]
> I prefer to put them parallel (generally).
>
> This is so you can control all decrypted traffic, and see what it is.
>
> Symon
>
> -Original Message-
> From: Chris Penrose [mailto:[EMAIL PROTECTED]
> Sent: 04 March 2003 19:27
> To: [EMAIL PROTECTED]
> Subject: 3000 Concentrator behind/in front or parallel to PIX? [7:64383]
>
>
> Hi All, I am setting up a VPN to connect remote sites to a Head Office,
> the head office has a VPN 3000 Concentrator and a PIX 515 Firewall, As I
> understand it I can place the PIX in front/behind or in Parallel to the
> 3000 . I was wondering if anyone that has done this has any
> recommendations as to
> the best place for the PIX or any advantages/disadvantages of placement.
> I
> am thinking in front but I am unsure what repercussions this will have
> with regard to access across the VPN.  I need all IP through the vpn
> tunnels for each site, so with the PIX in front I would be setting up a
> static to the outside interface of the 3000 and adding the following
> acl's Access-list 100 permit ah any vpn3k Access-list 100 permit esp any
> vpn3k Access-list 100 permit udp any vpn3k eq isakmp
>
> Would I still need acl's on the PIX  to allow all other IP from each
> site? Or should I place the PIX somewhere else.
>
> any advice appreciated.
>
> thanks
>
> Chris.
> =
>
>  This email has been content filtered and
>  subject to spam filtering. If you consider
>  this email is unsolicited please forward
>  the email to [EMAIL PROTECTED] and
>  request that the sender's domain be
>  blocked from sending any further emails.
>
> =




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64419&t=64419
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: can one someone pls recommend [7:64380]

[Amazing]

IMHO hands down best is http://www.netmasterclass.net they have two
different classes depending on where you are at and the level of the
instructors and the instructor:student ratio is excellent


""Mirza, Timur""  wrote in message
news:[EMAIL PROTECTED]
> a hands-on lab training course for the ccie lab exam...i want to prepare
> myself for my 6th attempt...i believe there was ecp course but i don't
have
> the details...thx in advance
>
> Timur Mirza
> Principal Network Engineer
> Enterprise Core Network
> Verizon Wireless
> 15505-B Sand Canyon Avenue
> Irvine, California 92618
> 949.286.6623 (o)
> 949.697.7964 (c)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64420&t=64380
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Modem dial problem over voice port on MC3810 [7:64421]

[Wei Zhu]

Try to enable the voice between 2 MC3810 with FXS ports(back to back VOATM),
and works fine. Then try to use modem dial over the voice port, but can not
pass handshake, is this senario supported?

Thanks
Wei--|sendmail
 [EMAIL PROTECTED]

FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

network design [7:64422]

[ferry ferry]

I need a scheme of network.It need seven hundreds points.please give me some
advice on how to design it.It include that how to select network
product,product configuration.They are seted in a building.It have twenty
layers.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64422&t=64422
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Win2k VPN Server [7:64401]

[Amazing]

link-
http://www.winnetmag.com/Articles/Index.cfm?ArticleID=20274


""Curious""  wrote in message
news:[EMAIL PROTECTED]
> I have a Win2k VPN server that just got Hacked, we have decided to move it
> behind the firewall.
> Any one knows what ports i needs to open on my firewall so that my PPTP
vpn
> client connects to it.
>
> thanks,
>
>
> --
> Curious
>
> MCSE, CCNP




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64418&t=64401
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Help: Main Diagnostic Menu on 2501 router??? [7:64336]

[Jean-Marc Simard]

I just bought a 2501 router through Ebay for my CCIP/CCNP study and it's not
supposed to have an IOS on it. When I power it up, instead of getting the
rommon> prompt, I get the Main Diagnostic Menu as shown below. If I execute
the diag tests offered nothing fails, but I just can't get past this menu.

Can someone, please, tell me what is wrong with it or how I can work around
it?

Thanks a lot

JM

--- (output at power up)--
cisco Systems
Diagnostic Monitor

Testing boot state
Exiting boot state
Testing Main Memory from 0h to E000h. data equals address
Testing Main Memory from 0h to E000h. checkerboard
Testing Main Memory from 0h to E000h. inverse checkerboard
Clearing bss
Enabling interrupts
Exiting init

Diagnostic Monitor for CANCUN, Version 1.7.4(4)
Compiled by haidung on Wed 19-Nov-97 14:26

  Main Diagnostic Menu
 a: alter diag flags
 b: basic utilities
 c: do all diags in this menu
 d: do group of diags in this menu
 e: bus error test
 f: image checksum test
 g: timer interrupt test
 h: size memory
 i: main memory test
 j: main memory parity test
 k: shared memory test
 l: shared memory parity test
 m: flash memory test
 n: nvram test
 o: aux port test
 p: serial cookie test
 q: serial interface test
 s: ethernet (Am79C90-LANCE) test
FLAGS: Continuous OFF  Stop on error OFF  Ext. loopback ON  Abbr. test OFF

enter Main Diagnostic Menu item >
---




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64336&t=64336
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

C1700-3-Bad_EEPROM_VERSION - What does this mean? [7:64332]

[H Howard Lewis Bloom]

I'm configuring a Cisco 1750 for sale on eBay.  It has 8F 32D and I
was going to include a VIC 2FXS and a WIC 1DSU T1.   I chose an
earlier release of (C1700-K2O3SV3Y7-M), Version 12.1(3)XT2, EARLY
DEPLOYMENT RELEASE SOFTWARE (fc1) since it fit in memory. 

This also has a DSP card in it.

It gives me voice, FW, IPSEC 56 DES3, the works.

I get this error:

1750  gives this info when I put WIC T1 into it.  00:00:48:
%C1700-3-BAD_EEPROM_VERSION: The eeprom version field has an invalid
entry (

I narrowed the problem down to the T1 card.  I tried changing T1's
thinking maybe something was wrong with the card, but I get the same
error.

Can anyone tell me why I'm getting this error?

Howard Bloom
CCNA 
CCDA CCNP Wannabe

610-745-0115

 --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no


Would you like to terminate autoinstall? [yes]: y

CRYPTO_PKI: can not allocate memory


Press RETURN to get started!


00:00:04: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
00:00:07: %C1700-3-BAD_EEPROM_VERSION: The eeprom version field has an
invalid entry (
)
00:00:07: %C1700-3-BAD_EEPROM_VERSION: The eeprom version field has an
invalid entry (
)
00:00:07: %C1700-3-BAD_EEPROM_VERSION: The eeprom version field has an
invalid entry (
)
00:00:08: SERVICE_MODULE(Serial0): self test finished: Passed
00:00:09: %C1700-3-BAD_EEPROM_VERSION: The eeprom version field has an
invalid entry (
)
00:00:16: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0, changed state to up
00:00:16: %LINK-3-UPDOWN: Interface Serial0, changed state to down
00:00:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0,
changed state to down
00:00:43: %LINK-5-CHANGED: Interface Serial0, changed state to
administratively down
00:00:43: %LINK-5-CHANGED: Interface FastEthernet0, changed state to
administratively down
00:00:44: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0, changed state to down
00:00:47: %LINK-3-UPDOWN: Interface Foreign Exchange Station 2/0,
changed state to up
00:00:47: %LINK-3-UPDOWN: Interface Foreign Exchange Station 2/1,
changed state to up
00:00:49: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software 
IOS (tm) C1700 Software (C1700-K2O3SV3Y7-M), Version 12.1(3)XT2, EARLY
DEPLOYMENT RELEASE SOFTWARE (fc1)
TAC:Home:SW:IOS:Specials for info
Copyright (c) 1986-2001 by cisco Systems, Inc.
Compiled Tue 27-Feb-01 18:37 by detang
00:00:49: %C1700-3-BAD_EEPROM_VERSION: The eeprom version field has an
invalid entry (
)
00:00:49: %SYS-2-MALLOCFAIL: Memory allocation of 144 bytes failed
from 0x80C29F8C, pool Processor, alignment 0
-Process= "Crypto SM", ipl= 0, pid= 68
-Traceback= 8014F7A4 8015149C 80C29F90 80C297F4 80C28DB4 80C25E78
801710CCERROR: ep_init() failed.

00:01:02: %ALIGN-3-SPURIOUS: Spurious memory access made at 0x80C2EC98
reading 0x1E
%% Low on memory; try again later

System Bootstrap, Version 12.0(3r)T1, RELEASE SOFTWARE (fc1)
Copyright (c) 2000 by cisco Systems, Inc.
C1700 platform with 49152 Kbytes of main memory




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64332&t=64332
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco 2501 DC Power adaptors ? [7:64296]

[Troy Leliard]

You need a RPS.  It converts AC to DC and can be used for a number of
chassis (2500,3600, 2950 etc)  Not too cheap / or common (on ebay etc), but
you may want a look!  New DC power for the 2600 is just under £300.

How many DC routers do you have ?

Simon Watson wrote:
> 
> Hi Guys I am based in the UK and have aquired some 2501 DC
> routers,
> I want to use  the routers to set up a home lab but I only have
> AC power
> supply is there some form of AC/DC adaptor I can buy to plug my
> AC supply
> in and be converted to DC for the routers ??? Thanks Simon
> 
> 
> 
> Message your friends in real time - and for free. Get MSN
> Messenger
> today!
> 
> 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64342&t=64296
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Traffic Monitoring [7:64351]

[Igor Vilensky]

Greetings,

I have a 3640 connecting to the Internet on T-1 via PIX-515 in the central
office.
Multiple branch offices have frame relay connections to the central office.
One branch office is complaining about slow connectivity.
Checking 'show frame pvc' for that office indicates that they are
downloading 100x more than any other branch office.
Each branch office has its own subnet.
Can you recommend software  to determine which hosts at the branch office
generate all this traffic and what kind of traffic (ie. protocol) it is?
I am more comfortable with unix tools, and I am the central office. The
branch offices only have windows machines.

Will summarize.

PS. please contact me at [EMAIL PROTECTED], I subscribe to the digest,
and want to get on this ASAP.

Igor Vilensky
REM Inc.
Systems Administrator
952-836-2201




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64351&t=64351
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: can one someone pls recommend [7:64380]

[Scott Roberts]

boy you don't give up do you!!

have you tried the http://www.ccbootcamp.com/index.asp

scott

""Mirza, Timur""  wrote in message
news:[EMAIL PROTECTED]
> a hands-on lab training course for the ccie lab exam...i want to prepare
> myself for my 6th attempt...i believe there was ecp course but i don't
have
> the details...thx in advance
>
> Timur Mirza
> Principal Network Engineer
> Enterprise Core Network
> Verizon Wireless
> 15505-B Sand Canyon Avenue
> Irvine, California 92618
> 949.286.6623 (o)
> 949.697.7964 (c)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64395&t=64380
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IOS upgrae on 4000-M [7:64424]

[Vic Dmon]

Hi, I am trying to upgrade actually load my router with an ios. Earlier when
I used to put in a ios it used to work but as soon as I powered the router
down it would lose the ios and go into boot mode. Now I added 2 8Mb Flash
modules and am trying to load the ios on it but I keep getting a "Verifying
checksum...  invalid (expected 0x4124, computed 0x9E4D)" error. These flash
modules work in other routers so I am pretty sure that they are not bad.
Could someone please help me out with this. I downloaded the image from
cisco's website so I doubt that is corrupt. Any suggestions would be great.
Thanks

P.S: Router has 16Megs of RAM and two 8 Meg flash modules.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64424&t=64424
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Veterans Benefits [7:64425]

[The guy in Sunny Southwest Florida]

Can Veterans receive assistance for CCIE lab training programs?  I hope you
guys have the answer.

Best regards,

Randy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64425&t=64425
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN Client behind PIX [7:64358]

[Kevin O'Gilvie]

I am assuming he is behind a cable modem or dsl.
If so, even cisco says this is not possible.
If someone has this working pleas advise..


>From: "Greg Owens" 
>Reply-To: "Greg Owens" 
>To: [EMAIL PROTECTED]
>Subject: Re: VPN Client behind PIX [7:64358]
>Date: Tue, 4 Mar 2003 19:09:16 GMT
>
>You just need to open the ports you are using, ie 500, 47 1
> >
> > From: "Steve Smith"
> > Date: 2003/03/04 Tue AM 11:15:21 EST
> > To: [EMAIL PROTECTED]
> > Subject: VPN Client behind PIX [7:64358]
> >
> > OK gang here is the scenario. We have a PIX at work running VPN. I have
> > a 515 at home. Before I put the 515 at home in I could use the VPN
> > client to connect to work. Now I can not. I remember a year or so back
> > reading a Cisco article about this and that you had to use a certain IP
> > range on the remote (my house) network. Does anyone know anything about
> > this? Any suggestions?
> >
> > Thanks!
> >
> > Steve Smith
> > Enterprise Engineer
> > 901-758-8179 ext. 108
> > TEKSELL
> > [EMAIL PROTECTED]
>Greg Owens
>202-398-2552
_
Protect your PC - get McAfee.com VirusScan Online  
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64426&t=64358
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]