Forwarding of VTP messages in transparent mode [7:65632]

[ericbrouwers]

Hi there,

I always thought that only VTP v2 transparent mode switches forward VTP
advertisements. This is, for example, suggested in the following link:

http://127.0.0.1:8080/cc/td/doc/product/lan/c3550/1219ea1/3550scg/swvtp.htm#x
tocid3
VTP transparent switches do not participate in VTP. A VTP transparent switch
does not advertise its VLAN configuration and does not synchronize its VLAN
configuration based on received advertisements. However, in VTP version 2,
transparent switches do forward VTP advertisements that they receive from
other switches from their trunk interfaces.

However, also VTP v1 transparent mode switches seem to forward VTP
advertisements:

Version-Dependent Transparent Mode-In VTP version 1, a VTP transparent switch
inspects VTP messages for the domain name and version and forwards a message
only if the version and domain name match. Because VTP version 2 supports
only
one domain, it forwards VTP messages in transparent mode without inspecting
the version and domain name.

So both versions forward VTP adverts in transparent mode, don't they?

Thanks ,

Eric Brouwers
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65632&t=65632
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Looking for equivalent commands on IOS/CatOS switches [7:65635]

[ericbrouwers]

Hi there,

I'm looking for CatOS commands that are equivalent to the IOS based commands
below:

Clear the CDP tableclear cdp table
Display CDP counters show cdp traffic
Reset CDP counters   clear cdp counters

Moreover, is there an IOS command that is similar to "show port capabilities"
on CatOS?

I haven't found these yet. Any help would be appreciated. Thanks,

Eric




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65635&t=65635
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Gratuitous ARP and HSRP [7:65633]

[ericbrouwers]

Hello all,

I've read in the CCNP Switching Exam Cert. Guide that a standby router that
becomes active in an HSRP group, sends a gratuitous ARP to update the ARP
cache of the end stations with the new active MAC address...

This is strange, since the same virtual MAC address is used by active and
standby HSRP routers.

However, maybe Cisco's implementation has once been like this, because I've
seen instances in the field that ARP caches contained the real MAC instead of
the virtual MAC address when using HSRP.

Can someone give comments on this?

Thanks,

Eric Brouwers
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65633&t=65633
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Removing IP address from CatOS switch [7:65634]

[ericbrouwers]

Hi,

Consider this: suppose that you have configured an inband-management
interface
of an IOS-based switch

Switch(config)#interface vlan 1
Switch(config-if)#ip address 172.16.10.2 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#ip default-gateway 172.16.10.254

If you want to remove the IP address you can either do
Switch(config)#clear ip address vlan 1
 or
Switch(config)#interface vlan 1
Switch(config-if)#no ip address

Some people advise to use the first option, since the latter seems to disable
the complete TCP/IP stack...

I'm having two questions with regard to this:

1. What is your advise?

2. Does the same option exist for CatOS switches, for example something like
this

Switch(enable) clear interface sc0 ipaddress

Thanks,

Eric




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65634&t=65634
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX Question [7:65095]

[Richard Deal]

Was this NAT or PAT?

If PAT, and the client kept on trying to open up new connections, the source
port would probably be different for each, thus a new xlate in the
translation table.

Cheers1
--

Richard A. Deal

Visit my home page at http://home.cfl.rr.com/dealgroup/

Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access
Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration
Exam Cram

Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco
exams on the market.




""John Neiberger""  wrote in message
news:[EMAIL PROTECTED]
> I don't understand why the xlate table would grow.  I can understand the
> connections table growing, sure, but did the PIX really re-translate the
> same internal address over 7000 times in just  few minutes?
>
> John
>
> >>> Scott Roberts 3/13/03 11:08:29 AM >>>
> strange that it would create another translation instead of using the old
> one?? I suppose its more an error in the client software thinking it still
> has a valid server connection and tries to open a brand new one then.
>
> the only thing that comes to my mind would be to expire your translations
> faster, but I've never done this, so I don't even know if its possible.
>
> scott
>
> ""Manny""  wrote in message
> news:[EMAIL PROTECTED]
> > I ran into a situation today where we had a machine that was trying to
FTP
> > through the firewall. We allow FTP outbound. The problem that came up
was
> > that the user had no idea that an FTP client was setup on his machine.
The
> > FTP client (spyware) kept trying to connect to a server (ispynow.com)
> using
> > the incorrect user name and password. For every attempt an xlate entry
was
> > created. It created about 7000 entries in a matter of minutes. The
> firewall
> > was paralyzed. I had to console in and look at the xlate table. Even
> through
> > the console I had a hard time viewing the table. Is there any way to
> prevent
> > this from happening again?This is the second time this year an incident
of
> > this nature with the xlate table has occurred. How can I monitor the
xlate
> > table for strange behavior?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65638&t=65095
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Repeated messages, was RE: Problem with EIGRP [7:65314]

[Symon Thurlow]

Whoa.. Deja-vu... Anyone else getting lots of repeated messages?

-Original Message-
From: Symon Thurlow [mailto:[EMAIL PROTECTED] 
Sent: 18 March 2003 05:30
To: [EMAIL PROTECTED]
Subject: RE: Problem with EIGRP [7:65314]


Redistribute static and redistribute connected are two separate
commands.

Both self explanatory.

Symon

-Original Message-
From: tu do [mailto:[EMAIL PROTECTED] 
Sent: 13 March 2003 17:08
To: [EMAIL PROTECTED]
Subject: RE: Problem with EIGRP [7:65314]


Wanting to have this output in routing table of p1r1: 

D EX 172.16.10.0 [170/40537600] via 10.1.1.100, Serial1 
D EX 172.16.11.0 [170/40537600] via 10.1.1.100, Serial1 

You need distribute static (connected) routes 172.16.10.0/24 and
172.16.11.0/24 into EIGRP on router bbr1.
=

 This email has been content filtered and
 subject to spam filtering. If you consider
 this email is unsolicited please forward
 the email to [EMAIL PROTECTED] and
 request that the sender's domain be
 blocked from sending any further emails.

=



=
=

 This email has been content filtered and
 subject to spam filtering. If you consider
 this email is unsolicited please forward
 the email to [EMAIL PROTECTED] and
 request that the sender's domain be
 blocked from sending any further emails.

=



=




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65639&t=65314
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF Virtual link authentication - observations [7:65628]

[Nigel Taylor]

Chuck,
Let's see if I can make any sense in my reply to your comments.
When I think of a "virtual-link" as it relates to opsf, I think of it in
terms of being a tunnel.  Also, short of being able to use a virtual-link, a
tunnel is what's recommended to maintain connectivity for any non-area0
connected areas.

Here's a excerpt from rfc 2328 which describes a virtual link.

12.4.1.3.  Describing virtual links

For virtual links, a link description is added to the
router-LSA only when the virtual neighbor is fully
adjacent. In this case, add a Type 4 link (virtual link)
with Link ID set to the Router ID of the virtual
neighbor, Link Data set to the IP interface address
associated with the virtual link and cost set to the
cost calculated for the virtual link during the routing
table calculation (see Section 15).


And then this excerpt from section 15..

The virtual link is treated as if it were an unnumbered point-to-point
network belonging to the backbone and joining the two area border routers.
An attempt is made to establish an adjacency over the virtual link.  When
this adjacency is established, the virtual link will be included in backbone
router-LSAs, and OSPF packets pertaining to the backbone area will flow over
the adjacency.  Such an adjacency has been referred to in this document as a
"virtual adjacency".

So as you noted it would be safe to say that a virtual-link is governed by
the termination points of it's unnumbered p-2-p links.  So where your
transit-area uses MD5 authentication so must your virtual-link.

Alex Zinin's Cisco IP Routing [pg. 489] clearly states that the virtual-link
always belongs to the backbone.  In saying this, the characteristics of the
transit area to identify the peering ABR and then receive
packets(encrypted/decrypted) would be the only things that associates the
virtual-link to the transit area.

HTH

Nigel :-)




- Original Message -
From: "The Long and Winding Road" 
To: 
Sent: Tuesday, March 18, 2003 12:04 AM
Subject: OSPF Virtual link authentication - observations [7:65628]


> Not sure I have this all sorted out correctly. Perhaps those with a bit
more
> experience might add their wisdom, not to mention their corrections.
>
> The ospf virtual link being what it is, it follows rules similar to any
> other interface.
>
> It does appear, though, that in terms of structure, it looks something
like
> this:
>
> ( commands under the ospf process )
>
> area X authentication
> area X virtual-link y.y.y.y authentication
> area X virtual-link y.y.y.y authentication-key WORD
>
> where X is the non zero area number over which the virtual link transits.
>
> In other words, for purposes of structure, the virtual link is not really
> part of area 0. It is a point-to-point link that is part of the non zero
> transit area.
>
> Am I understanding this correctly? I have a setup working, where the area
0
> authentication is simple and the transit area authentication is MD5, and
no
> adjacency is formed across the virtual link with simple authentication,
but
> comes up just fine with MD5.
>
> Any comments are appreciated.
>
> --
> TANSTAAFL
> "there ain't no such thing as a free lunch"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65637&t=65628
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Console port on 6509 [7:65293]

[MADMAN]

I take that back!!  a couple of hours after sending this response I 
got a call from a customer that couldn't "talk" to his 6509.  He reset 
the switch and could see the output but couldn't talk to it still. 
Worked fine on adjacent switch, sending new sup1!!!

   Dave

MADMAN wrote:
> 
>   I have not seen this problem with a 6509 but I have with routers and I 
> RMAed the box.
> 
>  Dave
> 
> Donohue, Steve wrote:
> 
>> Good Morning,
>>
>> I was hoping someone could help me out.  I have a single SUP module in my
>> 6509 test chassis.  When I power up the chassis with my terminal emulator
>> connected to the console port I can see the image decompressing, and 
>> receive
>> the message that the module is being tested, with successful results.  I
>> then see my MOTD banner and a request for a password.  I also receive
>> message that both the SUP blade and the MSFC blade are on line.
>>
>> Herein lies the problem; the port will not accept any input from my
>> keyboard.  I have moved the console connection to another SUP module in
>> another chassis and it works like it should.  I have altered the baud 
>> rate
>> on my terminal, with no success.  I have switch cables for this 
>> console, as
>> well as changing the console port mode (via the button on the front of 
>> the
>> module) with no success.
>>
>> Has anyone seen this issue before?  Can it be fixed or will I need to 
>> setup
>> an RMA with Cisco?
>>
>> Thanks.
>>
>> Steve
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

I would rather have a German division in front of me than a French one 
behind me."
--- General George S. Patton




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65636&t=65293
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Can DRAM From Cisco 3600 go into a Cisco 1600 [7:65323]

[Symon Thurlow]

I am pretty sure I have had a 4MB from a 1600 working in a 3620 (I could
read it, it was too small to do much with) not sure if a 1600 will
support 16MB though.

Pcheck cisco.com to see what the max size is.

I think the format is ok.

Symon

-Original Message-
From: Simon Watson [mailto:[EMAIL PROTECTED] 
Sent: 13 March 2003 16:53
To: [EMAIL PROTECTED]
Subject: Can DRAM From Cisco 3600 go into a Cisco 1600 [7:65323]


Hi All

I will soon get a 16MB DRAM that was in a Cisco 3600, can I install it
in a Cisco 1603.

Thanks

Simon
=

 This email has been content filtered and
 subject to spam filtering. If you consider
 this email is unsolicited please forward
 the email to [EMAIL PROTECTED] and
 request that the sender's domain be
 blocked from sending any further emails.

=




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65641&t=65323
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: What is a distributed/collapsed backbone? [7:65225]

[ericbrouwers]

Marc,

There are two nice whitepapers about designing switched multi-layer networks
on CCO. Contain lots of networks design examples, including collapsed
backbones.

Search for:

Designing High-Performance Campus Intranets with Multilayer Switching
Author: Geoff Haviland

Gigabit Campus Network Design-Principles and Architecture

Very valuable for anyone preparing for CID or switching.

Eric


- Original Message -
From: "Marc Thach Xuan Ky" 
To: 
Sent: Thursday, March 13, 2003 10:17 PM
Subject: Re: What is a distributed/collapsed backbone? [7:65225]


> Thanks for all the replies, I haven't yet looked at Priscilla's Top Down
> but probably will.  I have found the official guides useful in the past
> since they often come up with some unusual and Cisco-centric ideas,
> which you need to know for the exams.
> rgds
> Marc
>
> aletoledo wrote:
> >
> > she was too modest to mention it, but you're best bet for a design
> education
> > is from Priscillas book.
> >
> > its well worth twice the price (twice the discounted bookpool price that
> > is!! ;)).
> >
> > scott
> >
> > ""Marc Thach Xuan Ky""  wrote in message
> > news:[EMAIL PROTECTED]
> > > Hi all,
> > > I thought I'd do 640-025 CID before it disappears, so I started
reading
> > > the Ciscopress book, CID exam certification guide.  Now in chapter 2,
> > > section "Issues facing campus LAN designers" (I'm using Safari books
> > > online so I don't know the page number) it shows figs 2.4 and 2.5
> > > distributed and collapsed backbones respectively.  The distributed
> > > backbone shows per floor, one router and one switch, the collapsed
> > > backbone shows a single router for the building fanning out to one
> > > switch per floor.  Fair enough I guess, but the scenario 1, Q2 in the
> > > same chapter asks what backbone to use in a particular case and then
> > > answers it with "distributed backbone" and a picture fig 2.8 that
looks
> > > rather like the collapsed backbone shown earlier.  I obviously have to
> > > learn Ciscospeak for the exam so can anybody tell me, which is it?
> > > rgds
> > > Marc




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65642&t=65225
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Off Topic - Life with an ISDN simulator [7:65399]

[Amar KHELIFI]

HI chuck,
I just wanted to say that i find lesson 1 & 2 really funny.


""The Long and Winding Road""  a icrit
dans le message de news: [EMAIL PROTECTED]
> Lesson 1 - if you can't get it to work, call tech support. It will start
> working the instant you are talking to a tech.
>
> Lesson 2 - if it was working on the physical interface, and not working
when
> you moved everything to the dialer interface, just power cycle the
hardware.
> Things start working like a charm.
>
> Lesson 3 - When reading through TAC docs on troubleshooting ISDN, do not
> become discouraged when you read that IOS 12.2 has fixed just about all
the
> problems with that occurred in 12.0 and 12.1 Instead plan your strategy,
> knowing that  ( according to Cisco ) IOS 12.1 is still in the CCIE lab.
>
> Does OSPF demand circuit REALLY work the way it is supposed to?  I see all
> the routes on both sides of the ISDN link as DNA in the OSPF table, and
both
> interfaces show "spoofing" but hellos are still being sent every 10
seconds.
> Depending on the dialer-list, this means either that the link keeps
popping
> back up or the adjacency is lost.
>
> Snapshot routing with RIP works as advertised.
>
> Backup interface is a real pain.
>
> Forget dialer watch.
>
> Enjoying my reading of a number of documents found in the TAC portion of
> CCO.
>
>
> --
> TANSTAAFL
> "there ain't no such thing as a free lunch"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65640&t=65399
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Wireless LAN Support Exam [7:65625]

[Jeffrey Reed]

Duncan, I'm not sure if you're talking about the new exam or the old one
that you could take in the privacy of your office (aka open book test). I
haven't taken the new exam yet, but will in about 30-45 days. I'm sure it's
going to be more difficult than the old test and hopefully updated. The old
test had some questions and none of the answers were correct, which was a
little frustrating.

For the new test, I would highly recommend going to a Cisco training partner
and take the Wireless SE course. The stuff on the old test was nearly
impossible to find in manuals or marketing material found on Cisco's web
site. I suspect the new test will be the same.

Good luck!


Jeffrey Reed
Classic Networking, Inc.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Duncan Wallace
Sent: Monday, March 17, 2003 10:22 PM
To: [EMAIL PROTECTED]
Subject: Wireless LAN Support Exam [7:65625]

I was wondering if anyone out there has attempted the Wireless LAN
Support yet, and if so, what study materials you used (other than the
web site). I have been going over the CWNA for a solid background, but
was looking for something with more of a Cisco flavor.



Thanks in advance,



Duncan Wallace

12835 SW Thunderhead Way

Beaverton, Or. 97008

503-646-5707

[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65648&t=65625
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ATM LS100 PROBLEM! [7:65585]

[Sales]

Ah I see the problem now.  You should delete the many pvc's you have
configured on the ls100 relating to 48 and 49 and then use this one
command.

pvc est 1 2 0 2 48 512 0 155 2 2 49 512 0 155

This assumes that pvc 2/48 is associated with port 0 and 2/49 is
associated with port 2.  Ensure your routers are configured with this
setup as well.  The problem is the config you have currently setups end
to end pvcs as 48 to 49 and 49 to 49 but what you need is 48 to 49 and
49 to 48.


Thanks,

Ian

www.ccie4u.com

Rack Rentals and Lab Scenarios




-Original Message-
From: Xy Hien Le [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, March 18, 2003 12:38 AM
To: [EMAIL PROTECTED]
Subject: Re: ATM LS100 PROBLEM! [7:65585]

Hi,
I have tried but failed to make the connection.
rA connected to port 0 of the ls100
rB connected to port 2 of the ls100

here is the configuration of the ls100:

Show pvc 0:

Bandwidth Available (Forward/Backward/Line Rate): 155.0 / 155.0 / 155.0
Mbps
Existing connections :0 (Uni),2 (Bi),0 (Multipoint),2
(Gateway)
LowLine LowVPI LowVCI  HiLine  HiVPI  HiVCI TrfType CONNECTION
0   0   516   0   2 UBR-BE  Gateway
0   0  1616   0   3 UBR-BE  Gateway
0   2  48 2   2  48 UBR-BE  Bi
0   2  49 2   2  49 UBR-BE  Bi

Show pvc 2:

Bandwidth Available (Forward/Backward/Line Rate): 155.0 / 155.0 / 155.0
Mbps
Existing connections :0 (Uni),2 (Bi),0 (Multipoint),2
(Gateway)
LowLine LowVPI LowVCI  HiLine  HiVPI  HiVCI TrfType CONNECTION
2   0   516   0   2 UBR-BE  Gateway
2   0  1616   0   3 UBR-BE  Gateway
2   2  48 0   2  48 UBR-BE  Bi
2   2  49 0   2  49 UBR-BE  Bi

here is the debug of the atm interface:

00:20:27: ILMI(ATM5/0): Received Interface Up
00:20:27: ILMI(ATM5/0): Sending ilmiColdStart trap
00:20:27: ILMI(ATM5/0): No ILMI VC found
00:20:27: ILMI: Encapsulation error on o/g ILMI Pdu 
(ATM5/0)
00:20:27: ILMI: Unable to Send Pdu out 
00:20:27: ATMSIG: startatmsig_ilmi_timer
00:20:28: %LINK-3-UPDOWN: Interface ATM5/0, changed state to up
00:20:29: ILMI(ATM5/0): Sending ilmiColdStart trap
00:20:29: ILMI(ATM5/0): Querying peer device type.
00:20:29: ILMI:peerDeviceTypeQuery not completed
00:20:29: ILMI:peerPortTypeQuery not completed
00:20:29: ILMI(ATM5/0): From  Restarting To  WaitDevAndPort

00:20:29: ILMI(ATM5/0):Sending out Request 20
00:20:29: ILMI(ATM5/0):Sending out Request 21
00:20:29: ILMI(ATM5/0):Response received for request 20
00:20:29: ILMI(ATM5/0): Errored response  Function Type =
ilmiPeer
DeviceTypeInfo
00:20:29: ILMI(ATM5/0):Response received for request 21
00:20:29: The peer UNI Type on (ATM5/0) is 2
00:20:29: ILMI(ATM5/0): From  WaitDevAndPort To  DeviceAndPortComplete

00:20:29: ILMI(ATM5/0): From  DeviceAndPortComplete To
NodeConfigComplete

00:20:29: ILMI: Assigning default device type (ATM5/0)
00:20:29: ILMI: My Device  type is set to User-side (ATM5/0)
00:20:29: ILMI(ATM5/0): Checking Peer Config and Address Table
00:20:29: ILMI:peerAddressTableCheck not completed
00:20:29: ILMI:peerConfigQuery not completed
00:20:29: ILMI:peerRangeConfigQuery not completed
00:20:29: ILMI(ATM5/0): From  NodeConfigComplete To  AwaitRestartAck

00:20:29: ILMI(ATM5/0):Sending out Request 22
00:20:29: ILMI(ATM5/0):Sending out Request 23
00:20:29: ILMI(ATM5/0):Sending out Request 24
00:20:29: ILMI(ATM5/0):Sending out Request 25
00:20:29: ILMI(ATM5/0):Response received for request 22
00:20:29: ILMI(ATM5/0): Errored response  Function Type =
ilmiAddr
essTableCheck
00:20:29: ILMI(ATM5/0):Response received for request 23
00:20:29: ILMI(ATM5/0): The Maximum # of VPI Bits is 4
00:20:29: ILMI(ATM5/0): The Maximum # of VCI Bits is 8
00:20:29: ILMI(ATM5/0): The UNI version is negotiated as
ilmiUniVersionUnsupport
ed
00:20:29: ILMI(ATM5/0):Response received for request 24
00:20:29: ILMI(ATM5/0): Errored response  Function Type =
ilmiPeer
RangeConfigQuery
00:20:29: ILMI: Bad peer Range Values for peer. Setting
ILMI_NOT_AVAILABLE
00:20:29: ILMI(ATM5/0): From  AwaitRestartAck To  UpAndNormal

00:20:29: ILMI: Auto Port determination enabled
00:20:29: atmsig_ilmi_callback: uni version 2
00:20:29: ATMSIG: sscop open successful
00:20:29: ILMI(ATM5/0): Link determination completed
00:20:29:Peer Device Type:ilmiDeviceTypeUser
00:20:29:Peer Port Type:  ilmiUniTypePrivate
00:20:29:Peer MaxVpiBits: 4
00:20:29:Peer MaxVciBits: 8
00:20:29:Peer MaxVpcs:65536
00:20:29:Peer MaxVccs:65536
00:20:29:Peer MaxSvpcVpi: 65536
00:20:29:Peer MaxSvccVpi: 65536
00:20:29:Peer MinSvccVci: 65536
00:20:29:Peer UNI version:ilmiUniVersion3point0
00:20:29:Neg. UNI Version:ilmiUniVersionUnsupported
00:20:29:Local Device Type:   ilmiDeviceTypeUser
00:20:29:Local Port Type: ilmiPrivateUNIUserSide
00:20:29:Local Syst

ISDN Callback Config [7:65649]

[Stuart Laubstein]

I just got ISDN for my lab and am trying to set up a call back. I am using
an 801 and a 3620. 

Config of Interface on the 3620

interface Dialer 60
 description Connection for home lab
 ip address 10.69.240.237 255.255.255.252
 encapsulation ppp
 dialer pool 1
 dialer remote-name cisco801
 dialer callback-secure
 dialer idle-timeout 55
 dialer callback-secure
 dialer string xx 
 dialer-group 1
 ppp callback accept
 ppp authentication chap
 ppp chap password 0 stortCisco
 ppp multilink


801 Config


interface BRI0
 no ip address
 no ip directed broadcast
 encapsulation ppp
 dialer pool-member 1
 isdn-switch-type basic net3
 ppp callback request
 ppp authentification chap
 


Without the call back it was working fine , now it breaks the connection
right after dialing in. Is this a a chap problem? Am I missing a command
perhaps.

thanks

stuart




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65649&t=65649
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Off Topic - CCIE Certification Junkies [7:65499]

[Thomas Larus]

Yes, but Brian Dennis cannot be far behind.  He already has three CCIEs.

Tom Larus

""Jim Brown""  wrote in message
news:[EMAIL PROTECTED]
> I would imagine the 5 CCIE mark has already been obtained. I met someone
> who was working on their 5th at the end of the summer and I'm sure they
> have passed by now.
>
> Don't forget the article in Packet about Mark Purcell. I'm not sure on
> the spelling of his name, but he already had 4 and was working on his
> 5th.
>
> -Original Message-
> From: The Long and Winding Road
> [mailto:[EMAIL PROTECTED]
> Sent: Saturday, March 15, 2003 10:31 AM
> To: [EMAIL PROTECTED]
> Subject: Off Topic - CCIE Certification Junkies [7:65499]
>
>
> With the announcement of the CCIE Voice certification ( a Good Thing,
> IMHO )
> I wonder a couple of things:
>
> 1) who will be the first quadruple CCIE?
>
> 2) Does Cisco still recognize the Design, WAN, and IBM CCIE's as valid
> certifications, making it possible to have more than four?
>
> 3) When will the CCIE become just another useless cert in the long
> history
> of useless networking certs?
>
> NRF - you out there tonight?
>
>
>
>
> --
> TANSTAAFL
> "there ain't no such thing as a free lunch"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65650&t=65499
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Frame Relay [7:65658]

[DeVoe, Charles (PKI)]

Disregard previous.  After further review, I find the ping failed because I
typed in the wrong ip.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65658&t=65658
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Frame Relay question [7:65659]

[DeVoe, Charles (PKI)]

I am working with the test out simulator.  

LAX  11.0.0.2--frame cloudsfo 11.0.0.1

In the frame relay module there is an exercise to connect 2 routers through
a frame relay cloud.  Initially, the LAX router is using inverse arp to do
the mapping.  A show frame map yields 

Serial 1 (up): ip 11.0.0.1 dlci 100 (0x64,0x1849, dynamic,broadcast,,,status
defined,active
After turning off the frame-relay inverse-arp and clearing the cache, I
enter a static mapping

frame map ip 11.0.0.1 100
now the show frame map yields
Serial 1 (up): ip 11.0.0.1 dlci 100 (0x64,0x1849, static,CISCO, status
defined, active

With the dynamic mapping I can't ping the other routers interface
(11.0.0.1).  The static map successfully pings the other node.  

I understand how to set up it up.  What I don't understand is why the static
mapping works and the dynamic mapping doesn't.  Can someone please explain
this?  Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65659&t=65659
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF Virtual link authentication - observations [7:65628]

[The Long and Winding Road]

a comment or to in line ( like the states )

""Nigel Taylor""  wrote in message
news:[EMAIL PROTECTED]
> Chuck,
> Let's see if I can make any sense in my reply to your
comments.
> When I think of a "virtual-link" as it relates to opsf, I think of it in
> terms of being a tunnel.  Also, short of being able to use a virtual-link,
a
> tunnel is what's recommended to maintain connectivity for any non-area0
> connected areas.


Nigel, you're making me grind my teeth. A virtual link is NOT a tunnel. Who
started the "tunnel" idea? Even Moy backed away from the use of the term
"tunnel" in his second book. :->

>
> Here's a excerpt from rfc 2328 which describes a virtual link.
>
> 12.4.1.3.  Describing virtual links
>
> For virtual links, a link description is added to the
> router-LSA only when the virtual neighbor is fully
> adjacent. In this case, add a Type 4 link (virtual link)
> with Link ID set to the Router ID of the virtual
> neighbor, Link Data set to the IP interface address
> associated with the virtual link and cost set to the
> cost calculated for the virtual link during the routing
> table calculation (see Section 15).
>
>
> And then this excerpt from section 15..
>
> The virtual link is treated as if it were an unnumbered point-to-point
> network belonging to the backbone and joining the two area border routers.
> An attempt is made to establish an adjacency over the virtual link.  When
> this adjacency is established, the virtual link will be included in
backbone
> router-LSAs, and OSPF packets pertaining to the backbone area will flow
over
> the adjacency.  Such an adjacency has been referred to in this document as
a
> "virtual adjacency".


It occurs to me that most of us think / are told that a virtual link is in
area 0. I can't remember all the stuff I've read about this over the years.
This recent observation tells me that the virtual link is an odd animal that
is really part of the transit area. It doesn't quite follow the other OSPF
rules.

I know what the VL is supposed to do. It links the non adjacent area
directly to area 0. It would "seem" reasonable that the link would have to
be area 0. Judging from the workings of authentication, it would appear that
on Cisco routers that the link is treated as part of the transit area.

>
> So as you noted it would be safe to say that a virtual-link is governed by
> the termination points of it's unnumbered p-2-p links.  So where your
> transit-area uses MD5 authentication so must your virtual-link.
>
> Alex Zinin's Cisco IP Routing [pg. 489] clearly states that the
virtual-link
> always belongs to the backbone.  In saying this, the characteristics of
the
> transit area to identify the peering ABR and then receive
> packets(encrypted/decrypted) would be the only things that associates the
> virtual-link to the transit area.


It wouldn't be the first time that someone was incorrect about the way
things really work versus the way it appears they work. Recall my statement
above. The virtual link is NOT a tunnel. It operates solely based on the
presense of the V-bit in the OSPF header. I imagine that the router code is
such that it passes packets based on the presence of the V-bit. The router
code has to base it's operation on SOMETHING in the OSPF header. So when it
comes to authentication, Cisco router code determines the need for
authentication based on the various values of the headers involved.

After all, there's nothing in the RFC that requires that authentication work
in a certain manner.

Someone asked me off line about how the Lab proctors might grade this kind
of task. The answer of course is "who knows?" All you're given is a
percentage of the general section. The key is understanding how to make it
work without spending too much time "trying things"


>
> HTH
>
> Nigel :-)
>
>
>
>
> - Original Message -
> From: "The Long and Winding Road"
> To:
> Sent: Tuesday, March 18, 2003 12:04 AM
> Subject: OSPF Virtual link authentication - observations [7:65628]
>
>
> > Not sure I have this all sorted out correctly. Perhaps those with a bit
> more
> > experience might add their wisdom, not to mention their corrections.
> >
> > The ospf virtual link being what it is, it follows rules similar to any
> > other interface.
> >
> > It does appear, though, that in terms of structure, it looks something
> like
> > this:
> >
> > ( commands under the ospf process )
> >
> > area X authentication
> > area X virtual-link y.y.y.y authentication
> > area X virtual-link y.y.y.y authentication-key WORD
> >
> > where X is the non zero area number over which the virtual link
transits.
> >
> > In other words, for purposes of structure, the virtual link is not
really
> > part of area 0. It is a point-to-point link that is part of the non zero
> > transit area.
> >
> > Am I understanding this correctly? I have a setup working,

Re: Wireless LAN Support Exam [7:65625]

[JJ Angleton]

I passed both cisco wireless exams in the last few month.  I've got some
practical experiance with the equipment, so I read everything I could find
on the CCO and downloaded the bosons, which turned out to be great.
Make sure to take design first, and support second.  
 Duncan Wallace  wrote:I was wondering if anyone out there has attempted the
Wireless LAN
Support yet, and if so, what study materials you used (other than the
web site). I have been going over the CWNA for a solid background, but
was looking for something with more of a Cisco flavor.



Thanks in advance,



Duncan Wallace

12835 SW Thunderhead Way

Beaverton, Or. 97008

503-646-5707

[EMAIL PROTECTED]
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65663&t=65625
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Gratuitous ARP and HSRP [7:65633]

[Daniel Cotts]

On CCO check out under IP Routing Protocols the doc "Hot Standby Router
Protocol Features and Functionality"
www.cisco.com/en/US/tech/tk648/tk365/technologies_tech_note09186a0080094a91.
shtml

> -Original Message-
> From: ericbrouwers [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, March 18, 2003 12:25 AM
> To: [EMAIL PROTECTED]
> Subject: Gratuitous ARP and HSRP [7:65633]
> 
> 
> Hello all,
> 
> I've read in the CCNP Switching Exam Cert. Guide that a 
> standby router that
> becomes active in an HSRP group, sends a gratuitous ARP to 
> update the ARP
> cache of the end stations with the new active MAC address...
> 
> This is strange, since the same virtual MAC address is used 
> by active and
> standby HSRP routers.
> 
> However, maybe Cisco's implementation has once been like 
> this, because I've
> seen instances in the field that ARP caches contained the 
> real MAC instead of
> the virtual MAC address when using HSRP.
> 
> Can someone give comments on this?
> 
> Thanks,
> 
> Eric Brouwers
> [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65664&t=65633
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF Virtual link authentication - observation [7:65628]

[Cisco Nuts]

To add to this:
Here is another one that made me pull my hair out:
Maybe you can help shed some light on this one for me:

MD5 auth. in area 0
Specified #area 0 auth message-digest in the transit area (area 1)
Only specified#area 1 virtual-link x.x.x.x

Ditto config. on the other area 1 router:

This works...but why??

I always thought that you had to specify the md5 authentication in the 
virtual-link cmd. but it appears not so.

Here is what did catch my eye:
When specifying the md5 key, the VL does use key 1
Ex. Message digest authentication enabled
Youngest key id is 1

but when NOT specifying it, it uses the default-key 0 and this still works 
even though area 0 is using key 1 !!!
Ex.   Message digest authentication enabled
  No key configured, using default key id 0

But MOST IMPORTANT: will any points be deducted by the proctor god in the 
Lab if one does not specify the md5 keyword in the VL cmd??










>From: "The Long and Winding Road" 
>Reply-To: "The Long and Winding Road" 
>To: [EMAIL PROTECTED]
>Subject: OSPF Virtual link authentication - observations [7:65628]
>Date: Tue, 18 Mar 2003 05:04:47 GMT
>
>Not sure I have this all sorted out correctly. Perhaps those with a bit 
>more
>experience might add their wisdom, not to mention their corrections.
>
>The ospf virtual link being what it is, it follows rules similar to any
>other interface.
>
>It does appear, though, that in terms of structure, it looks something like
>this:
>
>( commands under the ospf process )
>
>area X authentication
>area X virtual-link y.y.y.y authentication
>area X virtual-link y.y.y.y authentication-key WORD
>
>where X is the non zero area number over which the virtual link transits.
>
>In other words, for purposes of structure, the virtual link is not really
>part of area 0. It is a point-to-point link that is part of the non zero
>transit area.
>
>Am I understanding this correctly? I have a setup working, where the area 0
>authentication is simple and the transit area authentication is MD5, and no
>adjacency is formed across the virtual link with simple authentication, but
>comes up just fine with MD5.
>
>Any comments are appreciated.
>
>--
>TANSTAAFL
>"there ain't no such thing as a free lunch"
_
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65660&t=65628
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Frame Relay Design/Bandwidth Question [7:65401]

[Lo Ching]

Thanks All information.

Can anyone recommend the CIR/EIR/Bc in this enviroment? (2 remote and 1 HQ).
I have subscribed the 3 circuit with 128k but I need to provide CIR/EIR/Bc
information further.

Thanks again

Lo Ching


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65646&t=65401
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

E1 [7:65643]

[Lo Ching]

Dear All,

I subscribed a E1 line to local carrier and they provided me the following
information.
G.703 (unframed E1) have total 2048kbps but
V.35 (framed E1) have only 1984bps

Their services make sense?
Or can framed E1 can fully 100% used (ie, 2048kbps)?
Also, G.703 or V.35 will affect the services provided (ie, unframed/framed)?

TIA.

Lo Ching


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65643&t=65643
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Looking for equivalent commands on IOS/CatOS switches [7:65665]

[Daniel Cotts]

I'll try part "B"
Left5505> (enable) sh ver
WS-C5505 Software, Version McpSW: 5.5(13a) NmpSW: 5.5(13a)
Left5505> (enable) sh port capabilities
ModelWS-X5509  etc. etc.
Cat4006> (enable) sh ver
WS-C4006 Software, Version NmpSW: 5.4(2)
Cat4006> (enable) sh port ?
  cdpShow port CDP information
  capabilities   Show port capabilities
etc.

Older versions of CatOS did not have this command. I don't recall when it
became available.

> -Original Message-
> From: ericbrouwers [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, March 18, 2003 12:25 AM
> To: [EMAIL PROTECTED]
> Subject: Looking for equivalent commands on IOS/CatOS 
> switches [7:65635]
> 
> 
> Hi there,
> 
> I'm looking for CatOS commands that are equivalent to the IOS 
> based commands
> below:
> 
> Clear the CDP tableclear cdp table
> Display CDP counters show cdp traffic
> Reset CDP counters   clear cdp counters
> 
> Moreover, is there an IOS command that is similar to "show 
> port capabilities"
> on CatOS?
> 
> I haven't found these yet. Any help would be appreciated. Thanks,
> 
> Eric




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65665&t=65665
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Can PIX redirect a packet from its outside interf [7:65620]

[[EMAIL PROTECTED]]

Hi,

This must be an easy one for the PIX experts.

I have a topoloy as shown below.
Host1---Router ==IPSEC Tunnel==(outside)PIXFirewall(inside)
|
|

Host2

Host1 is trying to ping Host2.
The packet flow would be 
Host1Router--PIX-Host2.
Is this possible??? Would the PIX forward the packet coming in via the IPSEc
tunnel on the outside interface to the Host2 which is on the LAN attached to
the outside interface.??  Please note that the packet here is not
transitting the PIX.


Cheers
Simon




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65620&t=65620
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Can PIX redirect a packet from its outside in [7:65484]

[Troy Leliard]

I dont think this solution would work.  You outisde address and the host 2
address I presume are on the same subnet?  Why would you want to vpn from a
device that is on your outside network anyway ?

[EMAIL PROTECTED] wrote:
> 
> Hi,
> 
> This must be an easy one for the PIX experts.
> 
> I have a topoloy as shown below.
> Host1---Router ==IPSEC
> Tunnel==(outside)PIXFirewall(inside)
>   |
>   |
>   
> Host2
> 
> Host1 is trying to ping Host2.
> The packet flow would be 
> Host1Router--PIX-Host2.
> Is this possible??? Would the PIX forward the packet coming in
> via the IPSEc
> tunnel on the outside interface to the Host2 which is on the
> LAN attached to
> the outside interface.??  Please note that the packet here is
> not
> transitting the PIX.
> 
> 
> Cheers
> Simon
> 
> 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65653&t=65484
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF Virtual link authentication - observations [7:65628]

[The Long and Winding Road]

a comment or to in line ( like the states )

""Nigel Taylor""  wrote in message
news:[EMAIL PROTECTED]
> Chuck,
> Let's see if I can make any sense in my reply to your
comments.
> When I think of a "virtual-link" as it relates to opsf, I think of it in
> terms of being a tunnel.  Also, short of being able to use a virtual-link,
a
> tunnel is what's recommended to maintain connectivity for any non-area0
> connected areas.


Nigel, you're making me grind my teeth. A virtual link is NOT a tunnel. Who
started the "tunnel" idea? Even Moy backed away from the use of the term
"tunnel" in his second book. :->

>
> Here's a excerpt from rfc 2328 which describes a virtual link.
>
> 12.4.1.3.  Describing virtual links
>
> For virtual links, a link description is added to the
> router-LSA only when the virtual neighbor is fully
> adjacent. In this case, add a Type 4 link (virtual link)
> with Link ID set to the Router ID of the virtual
> neighbor, Link Data set to the IP interface address
> associated with the virtual link and cost set to the
> cost calculated for the virtual link during the routing
> table calculation (see Section 15).
>
>
> And then this excerpt from section 15..
>
> The virtual link is treated as if it were an unnumbered point-to-point
> network belonging to the backbone and joining the two area border routers.
> An attempt is made to establish an adjacency over the virtual link.  When
> this adjacency is established, the virtual link will be included in
backbone
> router-LSAs, and OSPF packets pertaining to the backbone area will flow
over
> the adjacency.  Such an adjacency has been referred to in this document as
a
> "virtual adjacency".


It occurs to me that most of us think / are told that a virtual link is in
area 0. I can't remember all the stuff I've read about this over the years.
This recent observation tells me that the virtual link is an odd animal that
is really part of the transit area. It doesn't quite follow the other OSPF
rules.

I know what the VL is supposed to do. It links the non adjacent area
directly to area 0. It would "seem" reasonable that the link would have to
be area 0. Judging from the workings of authentication, it would appear that
on Cisco routers that the link is treated as part of the transit area.

>
> So as you noted it would be safe to say that a virtual-link is governed by
> the termination points of it's unnumbered p-2-p links.  So where your
> transit-area uses MD5 authentication so must your virtual-link.
>
> Alex Zinin's Cisco IP Routing [pg. 489] clearly states that the
virtual-link
> always belongs to the backbone.  In saying this, the characteristics of
the
> transit area to identify the peering ABR and then receive
> packets(encrypted/decrypted) would be the only things that associates the
> virtual-link to the transit area.


It wouldn't be the first time that someone was incorrect about the way
things really work versus the way it appears they work. Recall my statement
above. The virtual link is NOT a tunnel. It operates solely based on the
presense of the V-bit in the OSPF header. I imagine that the router code is
such that it passes packets based on the presence of the V-bit. The router
code has to base it's operation on SOMETHING in the OSPF header. So when it
comes to authentication, Cisco router code determines the need for
authentication based on the various values of the headers involved.

After all, there's nothing in the RFC that requires that authentication work
in a certain manner.

Someone asked me off line about how the Lab proctors might grade this kind
of task. The answer of course is "who knows?" All you're given is a
percentage of the general section. The key is understanding how to make it
work without spending too much time "trying things"


>
> HTH
>
> Nigel :-)
>
>
>
>
> - Original Message -
> From: "The Long and Winding Road"
> To:
> Sent: Tuesday, March 18, 2003 12:04 AM
> Subject: OSPF Virtual link authentication - observations [7:65628]
>
>
> > Not sure I have this all sorted out correctly. Perhaps those with a bit
> more
> > experience might add their wisdom, not to mention their corrections.
> >
> > The ospf virtual link being what it is, it follows rules similar to any
> > other interface.
> >
> > It does appear, though, that in terms of structure, it looks something
> like
> > this:
> >
> > ( commands under the ospf process )
> >
> > area X authentication
> > area X virtual-link y.y.y.y authentication
> > area X virtual-link y.y.y.y authentication-key WORD
> >
> > where X is the non zero area number over which the virtual link
transits.
> >
> > In other words, for purposes of structure, the virtual link is not
really
> > part of area 0. It is a point-to-point link that is part of the non zero
> > transit area.
> >
> > Am I understanding this correctly? I have a setup working,

Re: Wireless LAN Support Exam [7:65625]

[JJ Angleton]

I passed both cisco wireless exams in the last few month.  I've got some
practical experiance with the equipment, so I read everything I could find
on the CCO and downloaded the bosons, which turned out to be great.
Make sure to take design first, and support second.  
 Duncan Wallace  wrote:I was wondering if anyone out there has attempted the
Wireless LAN
Support yet, and if so, what study materials you used (other than the
web site). I have been going over the CWNA for a solid background, but
was looking for something with more of a Cisco flavor.



Thanks in advance,



Duncan Wallace

12835 SW Thunderhead Way

Beaverton, Or. 97008

503-646-5707

[EMAIL PROTECTED]
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65669&t=65625
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Finding device on network via cisco switch [7:65670]

[David Ristau]

given an IP address and a MAC address, how can I use my cisco switch to
identify which port an unknown device is attached to ?

can I view the switching table cache entries ?

I've got an IP device on the network and nobody seems to know where it is.
heh!

given a catalyst 3500XL running ios v 12.0

thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65670&t=65670
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Linux recommendations [7:65671]

[Robert Edmonds]

I know this is the Cisco forum, but I know many of you folks use Linux on
your networks, so I am asking for your recommendations.

I have a Cisco network with a PIX firewall in place.  I would like, if
possible, to put a Linux server on the network to act as a proxy
server/internet monitoring computer.  My goal is to dump the log files into
something like MS Access and be able to run reports off of it based on
user/computer name.  I would prefer free, but inexpensive is good too.  Does
anyone do anything like this on their network?  If so, I am open to
suggestions.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65671&t=65671
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Gratuitous ARP and HSRP [7:65633]

[garrett allen]

eric,

i can only comment in a limited way and only based on what i have 
read.  the lower end cisco products (like the 2500's i've been 
deploying in remote offices) can only associate one virtual mac address 
to an interface and so can only belong to a single hsrp group.  if you 
have a need to support more than one hsrp group on an interface one way 
around that limitation it is to use the bia of the interface as the 
virtual address and to issue a gratuitous arp whenever the interface 
takes over - the command is "standby use-bia" i recall.  higher end 
products don't have the limitation and some end stations don't really 
respond well to it.

i haven't actually used this before for money, so there is the 
possibility of being wrong and your mileage may vary will use.  but it 
should start the ball rolling to hear from others.

cheers.
garrett

- Original Message -
From: ericbrouwers 
Date: Tuesday, March 18, 2003 1:24 am
Subject: Gratuitous ARP and HSRP [7:65633]

> Hello all,
> 
> I've read in the CCNP Switching Exam Cert. Guide that a standby 
> router that
> becomes active in an HSRP group, sends a gratuitous ARP to update 
> the ARP
> cache of the end stations with the new active MAC address...
> 
> This is strange, since the same virtual MAC address is used by 
> active and
> standby HSRP routers.
> 
> However, maybe Cisco's implementation has once been like this, 
> because I've
> seen instances in the field that ARP caches contained the real MAC 
> instead of
> the virtual MAC address when using HSRP.
> 
> Can someone give comments on this?
> 
> Thanks,
> 
> Eric Brouwers
> [EMAIL PROTECTED]
> Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65673&t=65633
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCSP / Safe Implementation [7:65657]

[Joseph R. Taylor]

Hi Troy,
   Boson has a practice test for this exam.
  JoeT


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65667&t=65657
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Getting out of hand?? [7:65676]

[Maccubbin, Duncan]

How is the industry supposed to keep up with this??
 
"Cisco also announced today highly prestigious certification support across
the entire PIX Family of security appliances. Certifications earned include
the Common Criteria Evaluation Assurance Level 4 (EAL4) certification, and
both ICSA Labs firewall and IPSec certifications. These certifications
provide customers with independent and objective validation that a company's
product meets certain levels of quality and reliability, and are among the
industry's most respected and stringent criteria for certification.
Providing customers broad certification support across the Cisco PIX family
within a common operating system increases operational efficiencies and
lowers support and management costs."
 
 
Duncan Maccubbin
US Network Support, Cable and Wireless
CCNA, CCNP, CSS1, MCSE4
Work (703)287-6975
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65676&t=65676
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Success with Livingston PortMasters? [7:65675]

[Jonathan Manton]

I've outgrown the SIIG 4-port serial board I currently have, and am looking
at getting a Livingston/Lucent Portmaster 2-series as a terminal server for
my lab.

The Portmasters seem to be a pretty good deal vs. a 2511.  30 port models
can be had on eBay in the $150-200 range, and you can get a 30-port
refurbished one with support, warranty and current software from
portmasters.com for about $300 (they even sell NEW 10 port ones for $190).

This is a lot less than 2511s have been going for on eBay recently
($350-$450), but I don't want to buy a Portmaster and *then* find out that
I'm going to have problems getting it to work.

I've also looked into other brands, but have read bad things about trying to
use older Xyplex gear for a Cisco lab, and the used Digi/Adtran/Cyclades
terminal servers are as much or more than a 2511.

Anyone have experiences/opinions to share?

Thanks,
Jonathan


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65675&t=65675
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Graphing usage based on CAR Policies [7:65674]

[Lupi, Guy]

Can you create bandwidth graphs based on CAR policies?  I would like to be
able to create multiple policies matching access lists on an interface, and
graph them separately to find out how much usage each policy is seeing. 


Guy H. Lupi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65674&t=65674
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Upgrading IOS with new flash on my 2500's [7:65472]

[Scott Roberts]

I can honestly say that I've never upgraded my IOS's by console cable. I
didn't even know that the 2500 supported that, I only thought that it was
the 3600 that supported transfer over the console cable? has anyone done a
console cable transfer with a 2500?

william, you can do your upgrade in one of two ways, put the new flash into
the secondary flash bank and tftp copy to the second flash partition or you
can boot to the rom boot-helper with your new flash in the first bank and
then tftp. another possibility i suppose you could do is have enough dram
memory and do a network boot and then do a tftp copy to the flash.

scott

""Clements, William (Bill)""  wrote in message
news:[EMAIL PROTECTED]
> All,
> I recently bought some new flash for my 2500's and would like to know
if
> there is an easier way to upload the newest IOS, other than with the
console
> cable.
>
> Thanks,
>
> Bill Clements MCSE, CCNP
> Network Engineer
> INS




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65677&t=65472
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Aironet 350 Access Point and US Robotics USR22 [7:60848]

[Al Bersbach]

I have had the same problem Dain reports, despite upgrading firmware to
12.02T.  I'm very interested in finding a solution.  We have about 60
Aironet 350 access points.  Clients are mostly (but not by any means all)
Lucent Silver and Gold.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65678&t=60848
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Linux recommendations [7:65671]

[NetEng]

Check out SQUID Proxy (www.squid.org), excellent product and does reporting.
Lots of features too.

""Robert Edmonds""  wrote in message
news:[EMAIL PROTECTED]
> I know this is the Cisco forum, but I know many of you folks use Linux on
> your networks, so I am asking for your recommendations.
>
> I have a Cisco network with a PIX firewall in place.  I would like, if
> possible, to put a Linux server on the network to act as a proxy
> server/internet monitoring computer.  My goal is to dump the log files
into
> something like MS Access and be able to run reports off of it based on
> user/computer name.  I would prefer free, but inexpensive is good too.
Does
> anyone do anything like this on their network?  If so, I am open to
> suggestions.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65680&t=65671
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Finding device on network via cisco switch [7:65670]

[Angel Leiva]

Try using the switch command: show mac

you should get an output similar to this:

switch_named#sh mac
Dynamic Address Count: 215
Secure Address Count:  0
Static Address (User-defined) Count:   0
System Self Address Count: 47
Total MAC addresses:   262
Maximum MAC addresses: 2048
Non-static Address Table:
Destination Address  Address Type  VLAN  Destination Port
---      
00b2.2d6a.dfae   Dynamic  1  FastEthernet0/23
00b2.fd6c.46c1   Dynamic  1  FastEthernet0/24
00b0.c154.edb9   Dynamic  1  FastEthernet0/3
00b0.2757.96ba   Dynamic  1  FastEthernet0/12
00b0.b784.fad2   Dynamic  1  FastEthernet0/2
00b0.b784.fbf4   Dynamic  1  FastEthernet0/6
00b0.b784.fced   Dynamic  1  FastEthernet0/7
00b0.b784.fd34   Dynamic  1  FastEthernet0/8
00b0.b784.fd75   Dynamic  1  FastEthernet0/5
00b0.b784.fd83   Dynamic  1  FastEthernet0/10
00b0.b793.47ef   Dynamic  1  FastEthernet0/1
00b0.b793.a2ef   Dynamic  1  FastEthernet0/11

Hth,

Angel

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
David Ristau
Sent: Tuesday, March 18, 2003 10:52 AM
To: [EMAIL PROTECTED]
Subject: Finding device on network via cisco switch [7:65670]

given an IP address and a MAC address, how can I use my cisco switch to
identify which port an unknown device is attached to ?

can I view the switching table cache entries ?

I've got an IP device on the network and nobody seems to know where it is.
heh!

given a catalyst 3500XL running ios v 12.0

thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65681&t=65670
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Finding device on network via cisco switch [7:65670]

[Robert Edmonds]

Start at your core and work your way out.  For example, if you have a core
switch connected to other switches at the distribution or accesss layers via
trunks, do a show mac-address-table (or show cam dynamic for CatOS switches)
and see which trunk port it is coming from.  Then go to the next switch and
do the same thing.  Eventually you will get to the switch to which it is
directly connected and get the actual port.
Of course, if you are using VLANs or otherwise subnetting your network, you
can narrow down your search quite a bit by only searching switches that
carry that VLAN.

""David Ristau""  wrote in message
news:[EMAIL PROTECTED]
> given an IP address and a MAC address, how can I use my cisco switch to
> identify which port an unknown device is attached to ?
>
> can I view the switching table cache entries ?
>
> I've got an IP device on the network and nobody seems to know where it is.
> heh!
>
> given a catalyst 3500XL running ios v 12.0
>
> thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65679&t=65670
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Getting out of hand?? [7:65676]

[Priscilla Oppenheimer]

Maccubbin, Duncan wrote:
> 
> How is the industry supposed to keep up with this??

What's the issue? Not sure I'm seeing your point. What's wrong with Cisco
announcing that their product received some sort of certificaton?

Now, if you were concerned that Cisco has too many ways for people to get
certified and that the situation is getting out of hand, I might agree.

Priscilla


>  
> "Cisco also announced today highly prestigious certification
> support across
> the entire PIX Family of security appliances. Certifications
> earned include
> the Common Criteria Evaluation Assurance Level 4 (EAL4)
> certification, and
> both ICSA Labs firewall and IPSec certifications. These
> certifications
> provide customers with independent and objective validation
> that a company's
> product meets certain levels of quality and reliability, and
> are among the
> industry's most respected and stringent criteria for
> certification.
> Providing customers broad certification support across the
> Cisco PIX family
> within a common operating system increases operational
> efficiencies and
> lowers support and management costs."
>  
>  
> Duncan Maccubbin
> US Network Support, Cable and Wireless
> CCNA, CCNP, CSS1, MCSE4
> Work (703)287-6975
> [EMAIL PROTECTED]
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65686&t=65676
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Getting out of hand?? [7:65676]

[MADMAN]

Human resource/people hiring IT folks are going to need the *CCCE soon!!!

* Cisco Certified Certification Expert

   Dave

Maccubbin, Duncan wrote:
> How is the industry supposed to keep up with this??
>  
> "Cisco also announced today highly prestigious certification support across
> the entire PIX Family of security appliances. Certifications earned include
> the Common Criteria Evaluation Assurance Level 4 (EAL4) certification, and
> both ICSA Labs firewall and IPSec certifications. These certifications
> provide customers with independent and objective validation that a
company's
> product meets certain levels of quality and reliability, and are among the
> industry's most respected and stringent criteria for certification.
> Providing customers broad certification support across the Cisco PIX family
> within a common operating system increases operational efficiencies and
> lowers support and management costs."
>  
>  
> Duncan Maccubbin
> US Network Support, Cable and Wireless
> CCNA, CCNP, CSS1, MCSE4
> Work (703)287-6975
> [EMAIL PROTECTED]
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

I would rather have a German division in front of me than a French one 
behind me."
--- General George S. Patton




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65687&t=65676
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Attn: Groupstudy Moderater re: newnews command [7:65685]

[news.groupstudy.com]

Can someone at news.groupstudy.com enable the newnews comand on your news
server?

I have a bunch of cisco wannabes (i'm one of them) in my company that want
access to news.groupstudy.com. I am running Exchange 2000 I can't download
the newsgroup.

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65685&t=65685
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: any windows 2000 mailing list? [7:65544]

[Arnold, Jamie]

Sunbelt Software has several very good W2K, AD, .net and X2K lists with very
high participation.

-Original Message-
From: NKP [mailto:[EMAIL PROTECTED] 
Sent: Monday, March 17, 2003 9:18 PM
To: [EMAIL PROTECTED]
Subject: Re: any windows 2000 mailing list? [7:65544]


msnews.microsoft.com

""Carol smith""  wrote in message
news:[EMAIL PROTECTED]
> Hi... Group
>
> Personally I feel this cisco mailing list is very good.  Do u know is
there
> any windows 2000 mailing list to recommend me?
>
> Thanks
>
>
>
>
>
> -
> Do you Yahoo!?
> Yahoo! Web Hosting - establish your business online




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65683&t=65544
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Finding device on network via cisco switch [7:65670]

[Daniel Cotts]

On a 2900XL it is
sh mac-address-table address ... Result should show destination
port. Be aware if other switches are connected to that port.

> -Original Message-
> From: David Ristau [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, March 18, 2003 10:52 AM
> To: [EMAIL PROTECTED]
> Subject: Finding device on network via cisco switch [7:65670]
> 
> 
> given an IP address and a MAC address, how can I use my cisco 
> switch to
> identify which port an unknown device is attached to ?
> 
> can I view the switching table cache entries ?
> 
> I've got an IP device on the network and nobody seems to know 
> where it is.
> heh!
> 
> given a catalyst 3500XL running ios v 12.0
> 
> thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65682&t=65670
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DS3 slow connection problem. [7:65491]

[alaerte Vidali]

I was wondering if an extended ping with a high zero density (0x) could
reveal something (maybe a line encoding issue.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65688&t=65491
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: What is a distributed/collapsed backbone? [7:65225]

[Howard C. Berkowitz]

At 8:43 AM + 3/18/03, ericbrouwers wrote:
>Marc,
>
>There are two nice whitepapers about designing switched multi-layer networks
>on CCO. Contain lots of networks design examples, including collapsed
>backbones.
>
>Search for:
>
>Designing High-Performance Campus Intranets with Multilayer Switching
>Author: Geoff Haviland
>
>Gigabit Campus Network Design-Principles and Architecture
>
>Very valuable for anyone preparing for CID or switching.
>
>Eric


Memories of the distant past...Geoff was the original author of CID, 
both when it was purely internal to Cisco, and then Version 1 (which 
wasn't called that). Priscilla was the prime on Version 2 and Kip 
Peterson on Version 3.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65691&t=65225
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Getting out of hand?? [7:65676]

[MADMAN]

I need to read more carefully as Priscilla pointed out, this is not 
another Cisco cert as my response belows ASSumes :(

   Dave give me another green beer!



MADMAN wrote:
> Human resource/people hiring IT folks are going to need the *CCCE soon!!!
> 
> * Cisco Certified Certification Expert
> 
>Dave
> 
> Maccubbin, Duncan wrote:
> 
>>How is the industry supposed to keep up with this??
>> 
>>"Cisco also announced today highly prestigious certification support across
>>the entire PIX Family of security appliances. Certifications earned include
>>the Common Criteria Evaluation Assurance Level 4 (EAL4) certification, and
>>both ICSA Labs firewall and IPSec certifications. These certifications
>>provide customers with independent and objective validation that a
> 
> company's
> 
>>product meets certain levels of quality and reliability, and are among the
>>industry's most respected and stringent criteria for certification.
>>Providing customers broad certification support across the Cisco PIX family
>>within a common operating system increases operational efficiencies and
>>lowers support and management costs."
>> 
>> 
>>Duncan Maccubbin
>>US Network Support, Cable and Wireless
>>CCNA, CCNP, CSS1, MCSE4
>>Work (703)287-6975
>>[EMAIL PROTECTED]
> 


-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

I would rather have a German division in front of me than a French one 
behind me."
--- General George S. Patton




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65692&t=65676
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cat4006 - Prompt [7:63984]

[Eagles Fan]

to set prompt back to default, the following works:

switch> (enable) set prompt Console>

Thanks for all of the input






>From: "MADMAN" 
>Reply-To: "MADMAN" 
>To: [EMAIL PROTECTED]
>Subject: Re: Cat4006 - Prompt [7:63984]
>Date: Thu, 27 Feb 2003 22:10:54 GMT
>
>FWIW The system name clears but not the prompt.  I'm running 7.2.2:
>
>C4006A (enable) set system name
>System name cleared.
>C4006A (enable) set prompt
>Usage: set prompt
>C4006A (enable)
>
>Dave
>
>ericbrouwers wrote:
> > Hostnames and prompts can be changed by just entering the command with 
>no
> > string; hit enter after command:
> >
> > Switch(enable) set system name
> >or
> > Switch(enable) set prompt
> >
> > Eric
> >
> > - Original Message -
> > From: "Eagles Fan"
> > To:
> > Sent: Thursday, February 27, 2003 3:32 PM
> > Subject: Cat4006 - Prompt [7:63984]
> >
> >
> >
> >>is it possible to clear the prompt after manually setting it?
> >>
> >>_
> >>Protect your PC - get McAfee.com VirusScan Online
> >>http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>--
>David Madland
>CCIE# 2016
>Sr. Network Engineer
>Qwest Communications
>612-664-3367
>
>"You don't make the poor richer by making the rich poorer." --Winston
>Churchill
_
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65693&t=63984
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Upgrading IOS with new flash on my 2500's [7:65472]

[Marc Thach Xuan Ky]

Bill,
I've just done four this evening, I used the technique shown here:
http://www.cisco.com/en/US/products/hw/routers/ps233/products_tech_note09186a00800941aa.shtml
or http://www.cisco.com/warp/public/471/13.pdf
rgds
Marc

Scott Roberts wrote:
> 
> I can honestly say that I've never upgraded my IOS's by console cable. I
> didn't even know that the 2500 supported that, I only thought that it was
> the 3600 that supported transfer over the console cable? has anyone done a
> console cable transfer with a 2500?
> 
> william, you can do your upgrade in one of two ways, put the new flash into
> the secondary flash bank and tftp copy to the second flash partition or you
> can boot to the rom boot-helper with your new flash in the first bank and
> then tftp. another possibility i suppose you could do is have enough dram
> memory and do a network boot and then do a tftp copy to the flash.
> 
> scott
> 
> ""Clements, William (Bill)""  wrote in message
> news:[EMAIL PROTECTED]
> > All,
> > I recently bought some new flash for my 2500's and would like to know
> if
> > there is an easier way to upload the newest IOS, other than with the
> console
> > cable.
> >
> > Thanks,
> >
> > Bill Clements MCSE, CCNP
> > Network Engineer
> > INS




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65690&t=65472
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Graphing usage based on CAR Policies [7:65674]

[Darrell Newcomb]

> Can you create bandwidth graphs based on CAR policies?  I would like to be
> able to create multiple policies matching access lists on an interface,
and
> graph them separately to find out how much usage each policy is seeing.
>

I had this problem 3 years ago and didn't quickly find a MIB which exposed
CAR's byte counts.  Netflow data collection works and you can create the
same groupings of traffic that your CAR policy has though depending upon the
complexity of the policies it is extra lifting.  Netflow combined with a
changing need meant I didn't need to spend time finding the CAR data.  The
router is collecting it as you can see the byte counts in "sh int rate"
output.

Some folks find traffic %'s to fit their needs fairly well.  I don't like it
much but you could take the % of total traffic that is CAR'ed in each class
and use that to make approximate guesses to the volume of any given CAR
class in any sampling period.  Really not a lot of fun and not very
accurate, if you're CAR'ing traffic to keep it under control, you've
probably shifted some of that offered demand into other time periods.  Thus,
the colored glasses you use to look at the data this way over estimates the
usage of a CAR class during overall peak demand periods and underestimates
the amount of CAR'ed class during the overall low demand periods.

I'd be interested in hearing if the CAR byte counts are exposed in any MIB.
Or hearing about what you decide to do to solve your need.  Good Luck and
hope this help a bit,
Darrell
Always looking for the next big project...
darrell (at) hayaitacos  net




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65696&t=65674
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Wireless LAN Support Exam [7:65625]

[eric nguyen]

I took the Wireless LAN Support exam a month ago.  The exam is absolutely a
joke.  The exam concentrates very little on LEAP, EAP-TLS, PEAP and EAP-TTLS.
I was very disappointed the way the exam is written.  I could be wrong on
this one
but if you ask someone who already passed the Wireless support exam how to 
configure PEAP or EAP-TLS using certificates, I am willing to bet that
person
will have no clue on how install, configure and troubleshoot this scenario. 
I have
no idea how to setup PEAP, EAP-TLS, etc... yet I still passed the exam with
a
score of 980.  
By the way, I used bosons to prepare for the exam.
Eric
 Duncan Wallace  wrote:I was wondering if anyone out there has attempted the
Wireless LAN
Support yet, and if so, what study materials you used (other than the
web site). I have been going over the CWNA for a solid background, but
was looking for something with more of a Cisco flavor.



Thanks in advance,



Duncan Wallace

12835 SW Thunderhead Way

Beaverton, Or. 97008

503-646-5707

[EMAIL PROTECTED]
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65697&t=65625
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Finding device on network via cisco switch [7:65670]

[Karyn Williams]

For Catalyst (set) IOS use show cam dynamic. You can add a vlan argument if
you have multiple vlans and know which one your mac addr is on. 


At 07:14 PM 3/18/03 GMT, you wrote:
>On a 2900XL it is
>sh mac-address-table address ... Result should show destination
>port. Be aware if other switches are connected to that port.
>
>> -Original Message-
>> From: David Ristau [mailto:[EMAIL PROTECTED]
>> Sent: Tuesday, March 18, 2003 10:52 AM
>> To: [EMAIL PROTECTED]
>> Subject: Finding device on network via cisco switch [7:65670]
>> 
>> 
>> given an IP address and a MAC address, how can I use my cisco 
>> switch to
>> identify which port an unknown device is attached to ?
>> 
>> can I view the switching table cache entries ?
>> 
>> I've got an IP device on the network and nobody seems to know 
>> where it is.
>> heh!
>> 
>> given a catalyst 3500XL running ios v 12.0
>> 
>> thanks
-- 

Karyn Williams, CNE
Network Services Manager
California Institute of the Arts
[EMAIL PROTECTED]
http://www.calarts.edu/network




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65694&t=65670
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Gratuitous ARP and HSRP [7:65633]

[ericbrouwers]

It is indeed related to the command "use-bia". Here's a section from the doc
"Hot Standby Router Protocol Features and Functionality" that was suggested
by Daniel:

However, the usebbia command has several disadvantages:
- When a router becomes active, the virtual IP address is moved to a
different MAC address. The newly
active router sends a gratuitous ARP response, but not all host
implementations handle the gratuitous
ARP correctly.
- Proxy ARP breaks when usebbia is configured. A atandby router cannot
cover
for the lost proxy ARP
database of a failed router.
- Prior to Cisco IOS release 12.0(3.4)T, only one HSRP group is allowed if
usebbia is configured.

Thanks guys,

Eric

- Original Message -
From: "garrett allen" 
To: 
Sent: Tuesday, March 18, 2003 6:06 PM
Subject: Re: Gratuitous ARP and HSRP [7:65633]


> eric,
>
> i can only comment in a limited way and only based on what i have
> read.  the lower end cisco products (like the 2500's i've been
> deploying in remote offices) can only associate one virtual mac address
> to an interface and so can only belong to a single hsrp group.  if you
> have a need to support more than one hsrp group on an interface one way
> around that limitation it is to use the bia of the interface as the
> virtual address and to issue a gratuitous arp whenever the interface
> takes over - the command is "standby use-bia" i recall.  higher end
> products don't have the limitation and some end stations don't really
> respond well to it.
>
> i haven't actually used this before for money, so there is the
> possibility of being wrong and your mileage may vary will use.  but it
> should start the ball rolling to hear from others.
>
> cheers.
> garrett
>
> - Original Message -
> From: ericbrouwers
> Date: Tuesday, March 18, 2003 1:24 am
> Subject: Gratuitous ARP and HSRP [7:65633]
>
> > Hello all,
> >
> > I've read in the CCNP Switching Exam Cert. Guide that a standby
> > router that
> > becomes active in an HSRP group, sends a gratuitous ARP to update
> > the ARP
> > cache of the end stations with the new active MAC address...
> >
> > This is strange, since the same virtual MAC address is used by
> > active and
> > standby HSRP routers.
> >
> > However, maybe Cisco's implementation has once been like this,
> > because I've
> > seen instances in the field that ARP caches contained the real MAC
> > instead of
> > the virtual MAC address when using HSRP.
> >
> > Can someone give comments on this?
> >
> > Thanks,
> >
> > Eric Brouwers
> > [EMAIL PROTECTED]
> > Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65695&t=65633
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX VPN home access question [7:65666]

[BJ Rice]

The software is available at
http://www.cisco.com/kobayashi/sw-center/sw-vpn.shtml.

Once you have the VPN tunnel established, there should be no need for a dial
in line.

Here is a sample configuration for my VPN tunnel to my home 515 PIX -  I use
DES, I would recommend 3DES.

PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 pix/intf2 security10
nameif ethernet3 pix/intf3 security15
nameif ethernet4 pix/intf4 security20
nameif ethernet5 pix/intf5 security25
enable password XXX encrypted
passwd XXX encrypted
hostname X
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
access-list 80 permit ip 10.0.0.0 255.255.255.0 10.0.0.0 255.255.255.0 
pager lines 24
logging on
logging timestamp
logging trap debugging
logging host inside 10.0.0.111
no logging message 305012
no logging message 305011
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302016
interface ethernet0 10full
interface ethernet1 10full
interface ethernet2 auto shutdown
interface ethernet3 auto shutdown
interface ethernet4 auto shutdown
interface ethernet5 auto shutdown
mtu outside 1500
mtu inside 1500
mtu pix/intf2 1500
mtu pix/intf3 1500
mtu pix/intf4 1500
mtu pix/intf5 1500
ip address outside dhcp setroute
ip address inside 10.0.0.1 255.255.255.0
ip address pix/intf2 127.0.0.1 255.255.255.255
ip address pix/intf3 127.0.0.1 255.255.255.255
ip address pix/intf4 127.0.0.1 255.255.255.255
ip address pix/intf5 127.0.0.1 255.255.255.255
ip audit name IDSATTACK attack action alarm reset
ip audit interface outside IDSATTACK
ip audit info action alarm
ip audit attack action alarm
ip local pool REMOTEIPPOOLS 10.0.0.210-10.0.0.215
no failover
failover timeout 0:00:00
failover poll 15
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
failover ip address pix/intf2 0.0.0.0
failover ip address pix/intf3 0.0.0.0
failover ip address pix/intf4 0.0.0.0
failover ip address pix/intf5 0.0.0.0
pdm location 10.0.0.4 255.255.255.255 inside
pdm location 10.0.0.111 255.255.255.255 inside
pdm location 10.0.0.0 255.0.0.0 inside
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list 80
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+ 
aaa-server RADIUS protocol radius 
aaa-server LOCAL protocol local 
http server enable
http 10.0.0.111 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
crypto dynamic-map outside_dyn_map 10 set transform-set ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup GROUPNAME address-pool REMOTEIPPOOLS
vpngroup GROUPNAME idle-time 1800
vpngroup GROUPNAME password xx
telnet 10.0.0.0 255.255.255.0 inside
telnet timeout 60
ssh timeout 30
dhcpd address 10.0.0.2-10.0.0.200 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
username  password  encrypted privilege 2
terminal width 80
Cryptochecksum:dc24ebe736764b81a98b1e78c3f9f326
: end


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65684&t=65666
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Getting out of hand?? [7:65676]

[Peter van Oene]

At 07:31 PM 3/18/2003 +, Priscilla Oppenheimer wrote:
>Maccubbin, Duncan wrote:
> >
> > How is the industry supposed to keep up with this??
>
>What's the issue? Not sure I'm seeing your point. What's wrong with Cisco
>announcing that their product received some sort of certificaton?

Exactly.. I think the poster mistook the possibly ambiguous announcement as 
yet another CCXX cert.

>Now, if you were concerned that Cisco has too many ways for people to get
>certified and that the situation is getting out of hand, I might agree.

I really am surprised at how many folks pour their heart/money into getting 
one after another.   I'm also amazed at how many folks will try and devote 
a good portion of interview time to showing me their various certificates. 
After the first couple I pretty much grasp that you have enough short term 
memory to get through a multiple choice exam and we should really get back 
to talking about technologies.

Cisco makes big bucks on these certifications.  The recert requirements 
create a beautiful residual revenue stream making this business unit very 
attractive internally to Cisco.  Since they doubled the cost of the CCIE 
recert, purely for profit, I have decided to let my certification lapse vs 
give in to this obvious cash grab.  Kudos to Cisco for making their VAR 
channels one of their more lucrative revenue sources.

>Priscilla
>
>
> >
> > "Cisco also announced today highly prestigious certification
> > support across
> > the entire PIX Family of security appliances. Certifications
> > earned include
> > the Common Criteria Evaluation Assurance Level 4 (EAL4)
> > certification, and
> > both ICSA Labs firewall and IPSec certifications. These
> > certifications
> > provide customers with independent and objective validation
> > that a company's
> > product meets certain levels of quality and reliability, and
> > are among the
> > industry's most respected and stringent criteria for
> > certification.
> > Providing customers broad certification support across the
> > Cisco PIX family
> > within a common operating system increases operational
> > efficiencies and
> > lowers support and management costs."
> >
> >
> > Duncan Maccubbin
> > US Network Support, Cable and Wireless
> > CCNA, CCNP, CSS1, MCSE4
> > Work (703)287-6975
> > [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65689&t=65676
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CS ACS - import Utilities? [7:65698]

[Eagles Fan]

anyone know of process or utility to import users into acs database?


_
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65698&t=65698
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Gratuitous ARP and HSRP [7:65633]

[Karen E Young]

Eric,

The gratuitous ARP is just to let the switch or bridge know that the port
that the virtual MAC is attached to has changed.

If an existing router is converted to HSRP, then the end stations will
continue to track the real MAC address, not the virtual one. You have to
reboot the end stations or otherwise clear their ARP caches to get them to
use the virtual MAC.

Help any?
Karen

*** REPLY SEPARATOR  ***

On 3/18/2003 at 6:24 AM ericbrouwers wrote:

>Hello all,
>
>I've read in the CCNP Switching Exam Cert. Guide that a standby router that
>becomes active in an HSRP group, sends a gratuitous ARP to update the ARP
>cache of the end stations with the new active MAC address...
>
>This is strange, since the same virtual MAC address is used by active and
>standby HSRP routers.
>
>However, maybe Cisco's implementation has once been like this, because I've
>seen instances in the field that ARP caches contained the real MAC instead
>of
>the virtual MAC address when using HSRP.
>
>Can someone give comments on this?
>
>Thanks,
>
>Eric Brouwers
>[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65699&t=65633
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Voice Level Adjustment [7:65701]

[[EMAIL PROTECTED]]

At the URL
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration
_guide_chapter09186a0080080afd.html,

 it states how to deal with clipped speech:

"Clipped speech:
 Reduce the input level at the listener's router. (See the "Voice Level
Adjustment" section.)"

I think it would be at the speaker4s router.  Am I missing something?

(Embedded image moved to file: pic28286.pcx)

[GroupStudy removed an attachment of type application/octet-stream which had
a name of pic28286.pcx]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65701&t=65701
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Convert from Custome Queue to CBWFQ [7:65700]

[HUNG NGUYEN]

Hello,

Just wondering if anyone has ever tried to convert CQ
to CBWFQ.  I have an idea of how to do it, but I can't
find any document on Cisco website to confirm my
method.  

Example: I have the CQ with byte-count defined for 3
different queues: queue 1 = 500 byte-count, queue 2 =
1500, and queue 3 = 1000.  I use the percentage of
queue bytes count to total bytes count (1/6 for Q1,
1/2 for Q2, and 1/3 for Q3) from CQ to define the
bandwidth percentage under CBFWQ.  Since CBFWQ can
only use 75% of the physical link bandwidth by
default, so the total bandwidth percentage define
under CBFWQ would be equal to 75%.  Is this a correct
way to do it?

Thank you,
Pat



__
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65700&t=65700
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Getting out of hand?? [7:65676]

[calista -]

My reading of this announcement is that the products listed meet certain
quality assurance certifications, not that there are new "certifications"
available for these products. I know the Common Criteria certfication is a
security products certification used to identify products that have been
evaluated and meet a designated level of standards. The Common Criteria is
used in government circles; when they want to buy equipment to meet a
certain security level, they look at the Common criteria and find a product
that meets that security spec. So, if a manufacturer can get his product
certified and on the list, good things will come from it.

If you go to this web site, it has a bit of an explanation and a list of
products certified or being evaluated from Austalia's point of view:
http://www.dsd.gov.au/infosec/aisep/EPL.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65702&t=65676
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

'underruns' and 'deferred' [7:65706]

[Md Nazri]

Hi guys,

need help to explain the output from 'sh int' below
1) what is 'underruns' and 'deferred' means..?
2)Is 'underruns' and 'deferred' indicate a router problem or a LAN problem..?

CustomerHQ1>sh int faste0/0
FastEthernet0/0 is up, line protocol is up
  Hardware is i82543 (Livengood), address is 0005.dcff.4800 (bia
0005.dcff.4800)
  Internet address is x.x.x.x/16
  MTU 1500 bytes, BW 1 Kbit, DLY 1000 usec,
 reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Half-duplex, 10Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters 15:42:23
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 47000 bits/sec, 58 packets/sec
  5 minute output rate 1 bits/sec, 21 packets/sec
 1022186 packets input, 106037882 bytes
 Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
 0 watchdog
 0 input packets with dribble condition detected
 427949 packets output, 38329316 bytes, 0 underruns(947/2503/0)
 0 output errors, 3450 collisions, 0 interface resets
 0 babbles, 0 late collision, 19053 deferred
 0 lost carrier, 0 no carrier
 0 output buffer failures, 0 output buffers swapped out

CustomerHQ1>sh int faste0/0
FastEthernet0/0 is up, line protocol is up
  Hardware is i82543 (Livengood), address is 0005.dcff.4800 (bia
0005.dcff.4800)
  Internet address is x.x.x.x/16
  MTU 1500 bytes, BW 1 Kbit, DLY 1000 usec,
 reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Half-duplex, 10Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters 15:42:31
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 45000 bits/sec, 56 packets/sec
  5 minute output rate 9000 bits/sec, 19 packets/sec
 1022608 packets input, 106071585 bytes
 Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
 0 watchdog
 0 input packets with dribble condition detected
 428100 packets output, 38338857 bytes, 0 underruns(948/2504/0)
 0 output errors, 3452 collisions, 0 interface resets
 0 babbles, 0 late collision, 19062 deferred
 0 lost carrier, 0 no carrier
 0 output buffer failures, 0 output buffers swapped out



Thanks,

rgds
nazri




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65706&t=65706
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Removing IP address from CatOS switch [7:65634]

[Amazing]

For IOS devices i have only ever used:
int vlan1
no ip address

i dont think it disables the TCP/IP stack (which on most IOS based switches
is just there for management) but if you were connected to the switch on
that IP address, you will lose your connection for sure.  you will need to
make sure you have console access via a modem or console cable to a PC to
manage the device.

For CatOS I am not 100% -- there is definitely no "clear interface sc0"
command.  you may be able to say set interface sc0 0.0.0.0/0.0.0.0


""ericbrouwers""  wrote in message
news:[EMAIL PROTECTED]
> Hi,
>
> Consider this: suppose that you have configured an inband-management
> interface
> of an IOS-based switch
>
> Switch(config)#interface vlan 1
> Switch(config-if)#ip address 172.16.10.2 255.255.255.0
> Switch(config-if)#no shutdown
> Switch(config-if)#exit
> Switch(config)#ip default-gateway 172.16.10.254
>
> If you want to remove the IP address you can either do
> Switch(config)#clear ip address vlan 1
>  or
> Switch(config)#interface vlan 1
> Switch(config-if)#no ip address
>
> Some people advise to use the first option, since the latter seems to
disable
> the complete TCP/IP stack...
>
> I'm having two questions with regard to this:
>
> 1. What is your advise?
>
> 2. Does the same option exist for CatOS switches, for example something
like
> this
>
> Switch(enable) clear interface sc0 ipaddress
>
> Thanks,
>
> Eric




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65707&t=65634
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Gratuitous ARP and HSRP [7:65633]

[Priscilla Oppenheimer]

ericbrouwers wrote:
> 
> It is indeed related to the command "use-bia". Here's a section
> from the doc

An HSRP router using Gratuitous ARP isn't just related to switches that have
to use a BIA. Unfortunately, most descriptions of HSRP, including ones I
have written myself, assume two routers on a shared old-style Ethernet.
Remember HSRP has been around for a long time!

But consider this typical modern campus network design that GroupStudy
posting software hopefully won't totally munge:

R1   R2
 |   |
 |   |
Sw1--Sw2
 ||
PC1   PC2

Let's say the routers have chosen a virtual HSRP address of 10.0.0.1 for
HSRP Group 1. The virtual MAC address is .0c07.ac01.

PC1 broadcasts an ARP looking for 10.0.0.1 and R1 is the active router. R1
sends back a unicast ARP reply.

Sw1 picks up that .0c07.ac01 is reachable via the port at the top of SW1
in the drawing.

When PC2 broadcast an ARP, the reply will travel from Sw1 to Sw2 to PC2. So
Sw2 picks up that the .0c07.ac01 address is reachable via the port to
the left of Sw2 in the drawing. Sorry, if that's too confusing, but I don't
want to waste time doing a good drawing with port numbers that will just get
munged anyway.

Now R2 stops hearing from R1 and takes over as the active HSRP router. R2
must send a Gratuitous ARP broadcast so that Sw1 and Sw2 change their MAC
address tables. Now the virtual MAC address .0c07.ac01 is reachable on
Sw1 on its port that is shown to the right of Sw1 in the drawing.

On Sw2, the .0c07.ac01 address is reachable from its port at the top of
the drawing.

The Gratuitous ARP fixes the MAC address tables on switches. Isn't that
explained in any Cisco docs? It has to work that way it seems to me.


> "Hot Standby Router Protocol Features and Functionality" that
> was suggested
> by Daniel:
> 
> However, the usebbia command has several disadvantages:
> - When a router becomes active, the virtual IP address is moved
> to a
> different MAC address. The newly
> active router sends a gratuitous ARP response, but not all host
> implementations handle the gratuitous
> ARP correctly.

That may be true, but it's not meant to say that this is the only case where
the Gratuitous ARP is needed. It's needed for the general case too, from
what I understand.

Most host implementations do handle the Gratuitous ARP correctly, by the
way. In fact, this is open to an infamous man-in-the-middle security
vulnerability, sometimes misnamed as "ARP sniffing." An attacker can send a
Gratuitous ARP claiming to be the default gateway. Now all traffic destined
for another network goes to the attacker's machine! The attacker's machine
can use the info, but also better forward the traffic, or it will also be a
denial-of-service attack.

> > - Original Message -
> > From: ericbrouwers
> > Date: Tuesday, March 18, 2003 1:24 am
> > Subject: Gratuitous ARP and HSRP [7:65633]
> >
> > > Hello all,
> > >
> > > I've read in the CCNP Switching Exam Cert. Guide that a
> standby
> > > router that
> > > becomes active in an HSRP group, sends a gratuitous ARP to
> update
> > > the ARP
> > > cache of the end stations with the new active MAC address...
> > >
> > > This is strange, since the same virtual MAC address is used
> by
> > > active and
> > > standby HSRP routers.
> > >
> > > However, maybe Cisco's implementation has once been like
> this,
> > > because I've
> > > seen instances in the field that ARP caches contained the
> real MAC
> > > instead of
> > > the virtual MAC address when using HSRP.

Seeing the real MAC address is probably a different problem. You could see
it if the router was at one point using the virtual address on a real
interface. For example, when you first get HSRP up and running, you may move
Ethernet1's IP address to the virtual address and assign a new real address
to Ethernet1.

The hosts will still have in their ARP cache the previous mapping. You can
clear their cache. Or just wait a couple minutes if it's Windows and the
users aren't doing anything. On Windows entries stay in the ARP cache for
only 2 minutes.


Priscilla Oppenheimer
www.troubleshootingnetworks.com
www.priscilla.com

> > >
> > > Can someone give comments on this?
> > >
> > > Thanks,
> > >
> > > Eric Brouwers
> > > [EMAIL PROTECTED]
> > > Nondisclosure violations to [EMAIL PROTECTED]
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65704&t=65633
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Gratuitous ARP and HSRP [7:65633]

[Priscilla Oppenheimer]

So, it did munge the picture, at least in the Web posting. Please know that
R2 and PC2 are connected to Sw2.

The Web posting software changes multiple spaces to one. But I have noticed
that if you use the Quote button, the "picture" that it puts in the box has
the spaces. So you can do that to see it better. (But don't hit the Post
button unless you really have something to say. That's a mistake I make all
the time. The Quote and Post buttons are too close together for someone with
no hand-eye coordination. ;-)

Perhaps the picture didn't get munged for those of you reading it via mail
or news.

Priscilla

Priscilla Oppenheimer wrote:
> 
> ericbrouwers wrote:
> > 
> > It is indeed related to the command "use-bia". Here's a
> section
> > from the doc
> 
> An HSRP router using Gratuitous ARP isn't just related to
> switches that have to use a BIA. Unfortunately, most
> descriptions of HSRP, including ones I have written myself,
> assume two routers on a shared old-style Ethernet. Remember
> HSRP has been around for a long time!
> 
> But consider this typical modern campus network design that
> GroupStudy posting software hopefully won't totally munge:
> 
> R1   R2
>  |   |
>  |   |
> Sw1--Sw2
>  ||
> PC1   PC2
> 
> Let's say the routers have chosen a virtual HSRP address of
> 10.0.0.1 for HSRP Group 1. The virtual MAC address is
> .0c07.ac01.
> 
> PC1 broadcasts an ARP looking for 10.0.0.1 and R1 is the active
> router. R1 sends back a unicast ARP reply.
> 
> Sw1 picks up that .0c07.ac01 is reachable via the port at
> the top of SW1 in the drawing.
> 
> When PC2 broadcast an ARP, the reply will travel from Sw1 to
> Sw2 to PC2. So Sw2 picks up that the .0c07.ac01 address is
> reachable via the port to the left of Sw2 in the drawing.
> Sorry, if that's too confusing, but I don't want to waste time
> doing a good drawing with port numbers that will just get
> munged anyway.
> 
> Now R2 stops hearing from R1 and takes over as the active HSRP
> router. R2 must send a Gratuitous ARP broadcast so that Sw1 and
> Sw2 change their MAC address tables. Now the virtual MAC
> address .0c07.ac01 is reachable on Sw1 on its port that is
> shown to the right of Sw1 in the drawing.
> 
> On Sw2, the .0c07.ac01 address is reachable from its port
> at the top of the drawing.
> 
> The Gratuitous ARP fixes the MAC address tables on switches.
> Isn't that explained in any Cisco docs? It has to work that way
> it seems to me.
> 
> 
> > "Hot Standby Router Protocol Features and Functionality" that
> > was suggested
> > by Daniel:
> > 
> > However, the usebbia command has several disadvantages:
> > - When a router becomes active, the virtual IP address is
> moved
> > to a
> > different MAC address. The newly
> > active router sends a gratuitous ARP response, but not all
> host
> > implementations handle the gratuitous
> > ARP correctly.
> 
> That may be true, but it's not meant to say that this is the
> only case where the Gratuitous ARP is needed. It's needed for
> the general case too, from what I understand.
> 
> Most host implementations do handle the Gratuitous ARP
> correctly, by the way. In fact, this is open to an infamous
> man-in-the-middle security vulnerability, sometimes misnamed as
> "ARP sniffing." An attacker can send a Gratuitous ARP claiming
> to be the default gateway. Now all traffic destined for another
> network goes to the attacker's machine! The attacker's machine
> can use the info, but also better forward the traffic, or it
> will also be a denial-of-service attack.
> 
> > > - Original Message -
> > > From: ericbrouwers
> > > Date: Tuesday, March 18, 2003 1:24 am
> > > Subject: Gratuitous ARP and HSRP [7:65633]
> > >
> > > > Hello all,
> > > >
> > > > I've read in the CCNP Switching Exam Cert. Guide that a
> > standby
> > > > router that
> > > > becomes active in an HSRP group, sends a gratuitous ARP to
> > update
> > > > the ARP
> > > > cache of the end stations with the new active MAC
> address...
> > > >
> > > > This is strange, since the same virtual MAC address is
> used
> > by
> > > > active and
> > > > standby HSRP routers.
> > > >
> > > > However, maybe Cisco's implementation has once been like
> > this,
> > > > because I've
> > > > seen instances in the field that ARP caches contained the
> > real MAC
> > > > instead of
> > > > the virtual MAC address when using HSRP.
> 
> Seeing the real MAC address is probably a different problem.
> You could see it if the router was at one point using the
> virtual address on a real interface. For example, when you
> first get HSRP up and running, you may move Ethernet1's IP
> address to the virtual address and assign a new real address to
> Ethernet1.
> 
> The hosts will still have in their ARP cache the previous
> mapping. You can clear their cache. Or just wait a couple
> minutes if it's Windows and the users aren't doing anything. On
> Windows entries stay in the ARP cache for only 2 minutes.
> 

RE: 'underruns' and 'deferred' [7:65706]

[Priscilla Oppenheimer]

Deferred means the interface is doing Carrier Sense Multiple
Access/Collition Detection (CSMA/CD) and when it sensed the carrier to
determine if it was already in use, it was. So the interface had to wait
(defer) until the medium wasn't in use anymore. This is only relevant to
half duplex.

Notice that your interfaces seem to be using half duplex and 10 Mbps,
despite being FastEthernet capable. I assume that's what this line means
anyway:

Half-duplex, 10Mb/s, 100BaseTX/FX

If it's a point-to-point link (switch-to-switch or switch-to-workstation or
switch-to-server), you should fix this. It should do full, 100 Mbps.

The underruns are probably related. An underrun means "the number of times
the transmitter ran faster than the interface could handle." (That's what
Cisco says, though admittedly I've never really been able to parse that to
be honest ;-), but I bet the underruns will go away once you fix the problem
with the port doing 10 Mbps instead of 100 Mbps).

Did these ports autonegotiate to half 10 or are they manually set that way?

___

Priscilla Oppenheimer
www.troubleshootingnetworks.com
www.priscilla.com


Md Nazri wrote:
> 
> Hi guys,
> 
> need help to explain the output from 'sh int' below
> 1) what is 'underruns' and 'deferred' means..?
> 2)Is 'underruns' and 'deferred' indicate a router problem or a
> LAN problem..?
> 
> CustomerHQ1>sh int faste0/0
> FastEthernet0/0 is up, line protocol is up
>   Hardware is i82543 (Livengood), address is 0005.dcff.4800 (bia
> 0005.dcff.4800)
>   Internet address is x.x.x.x/16
>   MTU 1500 bytes, BW 1 Kbit, DLY 1000 usec,
>  reliability 255/255, txload 1/255, rxload 1/255
>   Encapsulation ARPA, loopback not set
>   Keepalive set (10 sec)
>   Half-duplex, 10Mb/s, 100BaseTX/FX
>   ARP type: ARPA, ARP Timeout 04:00:00
>   Last input 00:00:00, output 00:00:00, output hang never
>   Last clearing of "show interface" counters 15:42:23
>   Queueing strategy: fifo
>   Output queue 0/40, 0 drops; input queue 0/75, 0 drops
>   5 minute input rate 47000 bits/sec, 58 packets/sec
>   5 minute output rate 1 bits/sec, 21 packets/sec
>  1022186 packets input, 106037882 bytes
>  Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
>  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
>  0 watchdog
>  0 input packets with dribble condition detected
>  427949 packets output, 38329316 bytes, 0
> underruns(947/2503/0)
>  0 output errors, 3450 collisions, 0 interface resets
>  0 babbles, 0 late collision, 19053 deferred
>  0 lost carrier, 0 no carrier
>  0 output buffer failures, 0 output buffers swapped out
> 
> CustomerHQ1>sh int faste0/0
> FastEthernet0/0 is up, line protocol is up
>   Hardware is i82543 (Livengood), address is 0005.dcff.4800 (bia
> 0005.dcff.4800)
>   Internet address is x.x.x.x/16
>   MTU 1500 bytes, BW 1 Kbit, DLY 1000 usec,
>  reliability 255/255, txload 1/255, rxload 1/255
>   Encapsulation ARPA, loopback not set
>   Keepalive set (10 sec)
>   Half-duplex, 10Mb/s, 100BaseTX/FX
>   ARP type: ARPA, ARP Timeout 04:00:00
>   Last input 00:00:00, output 00:00:00, output hang never
>   Last clearing of "show interface" counters 15:42:31
>   Queueing strategy: fifo
>   Output queue 0/40, 0 drops; input queue 0/75, 0 drops
>   5 minute input rate 45000 bits/sec, 56 packets/sec
>   5 minute output rate 9000 bits/sec, 19 packets/sec
>  1022608 packets input, 106071585 bytes
>  Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
>  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
>  0 watchdog
>  0 input packets with dribble condition detected
>  428100 packets output, 38338857 bytes, 0
> underruns(948/2504/0)
>  0 output errors, 3452 collisions, 0 interface resets
>  0 babbles, 0 late collision, 19062 deferred
>  0 lost carrier, 0 no carrier
>  0 output buffer failures, 0 output buffers swapped out
> 
> 
> 
> Thanks,
> 
> rgds
> nazri
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65708&t=65706
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Gratuitous ARP and HSRP [7:65633]

[Priscilla Oppenheimer]

ericbrouwers wrote:
> 
> 
snip

> I've
> seen instances in the field that ARP caches contained the real
> MAC instead of
> the virtual MAC address when using HSRP.

One more comment on seeing the router's real MAC address. 

It might interest you to know that, at least on my routers, the ARP reply
from the router, after a host tries to find its default gateway (the virtual
router), does actually come from the router's real MAC address at the
data-link layer. At the ARP layer, the virtual router puts the virtual MAC
address in the ARP reply, but at the Ethernet layer it puts its real
address. This could cause the real MAC address to end up in the ARP cache,
at least temporarily.

In the following example 00:00:0C:05:3E:80 is the router's real MAC address.
Note that the router uses it as the source address. However, the ARP payload
of the frame shows the virtual MAC address, 00:00:0C:07:AC:00.

10.10.0.3 is the virtual IP. It was PC 00:00:0E:D5:C7:E7 (10.10.0.10) who
sent the ARP looking for the default gateway that resulted in this ARP reply:

Ethernet Header
  Destination:  00:00:0E:D5:C7:E7
  Source:   00:00:0C:05:3E:80
  Protocol Type:0x0806  IP ARP
ARP - Address Resolution Protocol
  Hardware: 1  Ethernet (10Mb)
  Protocol: 0x0800  IP
  Hardware Address Length:6
  Protocol Address Length:4
  Operation:2  ARP Response
  Sender Hardware Address:00:00:0C:07:AC:00
  Sender Internet Address:10.10.0.3
  Target Hardware Address:00:00:0E:D5:C7:E7
  Target Internet Address:10.10.0.10


Isn't that weird? The PC does the right thing though and sends the actual
packet (after the ARP) to 00:00:0C:07:AC:00.

A reply comes back through the router and the router uses the virtual MAC
address 00:00:0C:07:AC:00 in the source Ethernet address of that reply. Good
thing. Otherwise switches wouldn't ever pick up the port to use for
00:00:0C:07:AC:00.

HSRP is much more complicated than the simple descriptions make it sound!

Do some sniffing of it to see how it really works (and how easy it is to
hack, by the way.)
___

Priscilla Oppenheimer
www.troubleshootingnetworks.com
www.priscilla.com





> 
> Can someone give comments on this?
> 
> Thanks,
> 
> Eric Brouwers
> [EMAIL PROTECTED]
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65710&t=65633
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CIT passing score ? [7:65709]

[[EMAIL PROTECTED]]

What is the current passing score of CIT ( Suport ) exam ? What is the
critical topics in that exam?

Thanks and regards,



Bu E-posta mesaj} gizlidir. Ayr}ca hukuken de gizli olabilir.
Mesaj}n gvnderilmek istendipi ki~i siz depilseniz higbir k}sm}n}
kopyalayamaz, ba~kas}na gvnderemez, ba~kas}na ag}klayamaz veya
kullanamazs}n}z. Eper bu mesaj size yanl}~l}kla ula~m}~sa, l|tfen
mesaj} ve t|m kopyalar}n} sisteminizden silin ve gvnderen ki~iyi
E-posta yolu ile bilgilendirin.

]nternet ileti~iminde zaman}nda, g|venli, hatas}z ya da vir|ss|z
gvnderim garanti edilemez.
Gvnderen taraf hata veya unutmalardan sorumluluk kabul etmez.

This E-mail is confidential. It may also be legally privileged. If
you are not the addressee you may not copy, forward, disclose or use
any part of it. If you have received this message in error, please
delete it and all copies from your system and notify the sender
immediately by return E-mail.

Internet communications cannot be guaranteed to be timely, secure,
error or virus-free.
The sender does not accept liability for any errors or omissions.





Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65709&t=65709
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

how to change dial up prompt [7:65712]

[supernet]

We have a 5300 router as dial up server. When users get connected, their
terminals pop up and prompt for "Username:" and "Password:" Is there a
way that I can change it to "Enter Token Password:"? Thanks. Yoshi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65712&t=65712
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Trouble with PA-MC-8TE1+ (ISDN PRI) [7:65540]

[sumitsood]

fixed it, all the unused ports need to be in loopback mode
otherwise the card shows alarm!!!
""sumitsood""  wrote in message
news:[EMAIL PROTECTED]
> It is 7204VXR running 12.2.15B




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65711&t=65540
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Frame Relay question [7:65659]

[g mh]

can your message be detail moreDeVoe, Charles (PKI) wrote:



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65714&t=65659
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Wireless LAN Support Exam [7:65625]

[Duncan Wallace]

Jeffrey - Thanks for the info.  I am going for the new exam, so maybe
the class would be in order.

Thanks,
 
Duncan Wallace
12835 SW Thunderhead Way
Beaverton, Or. 97008
503-646-5707
[EMAIL PROTECTED]
 
 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Jeffrey Reed
Sent: Tuesday, March 18, 2003 3:52 AM
To: [EMAIL PROTECTED]
Subject: RE: Wireless LAN Support Exam [7:65625]

Duncan, I'm not sure if you're talking about the new exam or the old one
that you could take in the privacy of your office (aka open book test).
I
haven't taken the new exam yet, but will in about 30-45 days. I'm sure
it's
going to be more difficult than the old test and hopefully updated. The
old
test had some questions and none of the answers were correct, which was
a
little frustrating.

For the new test, I would highly recommend going to a Cisco training
partner
and take the Wireless SE course. The stuff on the old test was nearly
impossible to find in manuals or marketing material found on Cisco's web
site. I suspect the new test will be the same.

Good luck!


Jeffrey Reed
Classic Networking, Inc.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Duncan Wallace
Sent: Monday, March 17, 2003 10:22 PM
To: [EMAIL PROTECTED]
Subject: Wireless LAN Support Exam [7:65625]

I was wondering if anyone out there has attempted the Wireless LAN
Support yet, and if so, what study materials you used (other than the
web site). I have been going over the CWNA for a solid background, but
was looking for something with more of a Cisco flavor.



Thanks in advance,



Duncan Wallace

12835 SW Thunderhead Way

Beaverton, Or. 97008

503-646-5707

[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65715&t=65625
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Wireless LAN Support Exam [7:65625]

[Duncan Wallace]

Good idea, I'll check out the Bosons.  I also just got Building Cisco
Wireless LANs, a bit old, but should give me some good direction.

 

 

Thanks,

 

Duncan Wallace

12835 SW Thunderhead Way

Beaverton, Or. 97008

503-646-5707

[EMAIL PROTECTED]

 

 

-Original Message-
From: JJ Angleton [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, March 18, 2003 7:28 AM
To: Duncan Wallace; [EMAIL PROTECTED]
Subject: Re: Wireless LAN Support Exam [7:65625]

 

I passed both cisco wireless exams in the last few month.  I've got some
practical experiance with the equipment, so I read everything I could
find on the CCO and downloaded the bosons, which turned out to be great.


Make sure to take design first, and support second.  

 Duncan Wallace  wrote: 

I was wondering if anyone out there has attempted the Wireless LAN
Support yet, and if so, what study materials you used (other than the
web site). I have been going over the CWNA for a solid background, but
was looking for something with more of a Cisco flavor.



Thanks in advance,



Duncan Wallace

12835 SW Thunderhead Way

Beaverton, Or. 97008

503-646-5707

[EMAIL PROTECTED]
  _  

Do you Yahoo!?
Yahoo!
  Platinum - Watch CBS' NCAA March Madness, live
  on your desktop!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65716&t=65625
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DNS, CiscoWorks and HP NNM [7:65308]

[Steve Ringley]

My experience with Tivoli NetView was that if the different interfaces had
different names, then I got multiple router objects, each with some of the
interfaces of the router.  If you use QIP for DNS you can place the
interface IPs in a 'router group'.  Reverse lookups will get the same
(router group) name for each address.  Forward lookups can be whatever you
want.

""Ants""  wrote in message
news:[EMAIL PROTECTED]
Hi,
We're looking to implement NNM6.x soon.. and have a question re. DNS and
cisco ip addresses..
How will DNS be setup to resolve a router with multiple IP adresses? ie. one
netbios name and multiple IP's? will it prioritise?
thanks in advance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65717&t=65308
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IP header [7:65718]

[KW S]

Can someone tell me what is the function of the protocol field in the IP
header.

I get a little confused after reading from some many sources.

Regards
kws





Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65718&t=65718
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP Recommendations [7:65514]

[Tony Alvarez]

I have four years of networking experience. I have gone thru the entry level
jobs and made it. I want to continue to learn more about the networking
field. I not interested in getting paper certs. I want to understand what I
am doing. My goal is to go for the CCIE and a degree in MIS. I apprieciate
your advice and welcome any further advice that you can give me on the
subject.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65719&t=65514
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: how to change dial up prompt [7:65712]

[Brian Dennis]

Look into using the "aaa authentication username-prompt" and "aaa
authentication password-prompt" commands.

Rack4R1(config)#aaa new-model 
Rack4R1(config)#aaa authentication ?
  arap Set authentication lists for arap.
  banner   Message to use when starting login/authentication.
  enable   Set authentication list for enable.
  fail-message Message to use for failed login/authentication.
  loginSet authentication lists for logins.
  nasi Set authentication lists for NASI.
  password-prompt  Text to use when prompting for a password
  ppp  Set authentication lists for ppp.
  username-prompt  Text to use when prompting for a username

Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security) 
[EMAIL PROTECTED] 
http://www.labforge.com


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65721&t=65712
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

NAT and NetMeetting [7:65720]

[Michael]

Hello All

We have a strange problem concerning Microsoft
NetMeeting and NAT. We have some ADSL users which are
doing NAT vi a C7400 to connect t the internet. When
this user are doing netmeeting connection to other
users on the Internet everything works fine. But when
other users are doing Netmeeting to the ADSL users no
connection is establish.

I did some sniffering and some debugging on the C7400
and it seems that their is a problem on connection
establisment. Their is connection negotiation between
both parties (under unsuccesfull connection), but the
connection is never establish. NAT works fine for
other applications.. Of cource i am not really sure if
NAT is the problem. I am just thinking of upgrating
IOS image..

Any help will be appreciated

__
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65720&t=65720
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]