RE: Cisco Instructor - CCNA Class [7:65742]

[Donald Smith]

Robert
   The Cisco Academy program does a very good job of preparing instructors
(and students) for CCNA.  I had 15 years in data comm and networking before
going for CCAI/CCNA, and had to study quite a bit to get the Cisco view of
the world.  Of course IOS commands are key (and becoming more important with
sims) but many of the questions require students to compare/contrast
multiple technologies or concepts.
   If nothing else, look for a local Cisco academy program (at a junior
college probably) and sign up for a class.  Once signed up, you have access
to *ALL* of the material (all four semesters).  The books are excellent
references, but the "e-sims" are limited.  Invest in either routers or a
full RouterSim.   If you plan to teach, you'll need a stack of routers
anyway (bill them to your company).  Build and troubleshoot the "Semester 2
lab" (five routers, plus hubs and switches), and you'll be ready to go.
Good Luck.  I took the CCNA after teaching 3 semesters (out of 4) plus
studied the rest, and got 975 (out of 1000) on the CCNA exam.
   
Good Luck,  Don


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65812&t=65742
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Finding device on network via cisco switch [7:65670]

[Peri Sophos]

Or this command

show mac-address-table address .. (zeros being the mac
address you are looking for.)

Cheers

-Original Message-
From: Angel Leiva [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 18, 2003 8:31 PM
To: [EMAIL PROTECTED]
Subject: RE: Finding device on network via cisco switch [7:65670]


Try using the switch command: show mac

you should get an output similar to this:

switch_named#sh mac
Dynamic Address Count: 215
Secure Address Count:  0
Static Address (User-defined) Count:   0
System Self Address Count: 47
Total MAC addresses:   262
Maximum MAC addresses: 2048
Non-static Address Table:
Destination Address  Address Type  VLAN  Destination Port
---      
00b2.2d6a.dfae   Dynamic  1  FastEthernet0/23
00b2.fd6c.46c1   Dynamic  1  FastEthernet0/24
00b0.c154.edb9   Dynamic  1  FastEthernet0/3
00b0.2757.96ba   Dynamic  1  FastEthernet0/12
00b0.b784.fad2   Dynamic  1  FastEthernet0/2
00b0.b784.fbf4   Dynamic  1  FastEthernet0/6
00b0.b784.fced   Dynamic  1  FastEthernet0/7
00b0.b784.fd34   Dynamic  1  FastEthernet0/8
00b0.b784.fd75   Dynamic  1  FastEthernet0/5
00b0.b784.fd83   Dynamic  1  FastEthernet0/10
00b0.b793.47ef   Dynamic  1  FastEthernet0/1
00b0.b793.a2ef   Dynamic  1  FastEthernet0/11

Hth,

Angel

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
David Ristau
Sent: Tuesday, March 18, 2003 10:52 AM
To: [EMAIL PROTECTED]
Subject: Finding device on network via cisco switch [7:65670]

given an IP address and a MAC address, how can I use my cisco switch to
identify which port an unknown device is attached to ?

can I view the switching table cache entries ?

I've got an IP device on the network and nobody seems to know where it
is.
heh!

given a catalyst 3500XL running ios v 12.0

thanks
NOTICE - This message contains privileged and confidential 
information intended only for the use of the addressee 
named above. Any review, retransmission, dissemination, 
copying, disclosure or other use of, or taking of any 
action in reliance upon, this information by person or 
entities other than the intended recipient is prohibited. 
If you have received this message in error, please notify 
the sender by return email and delete this message. 
This message should not be copied or used for any purpose 
other than intended, nor should it be disclosed to any 
other person. Any views expressed in this message are those 
of the individual sender, except where the sender specifically
 states them to be the view of Investec Group, its 
subsidiaries or associates. The Investec Group is not 
liable for the security of information sent by e-mail at 
your request, nor for the proper and complete transmission 
of the information contained in the communication nor for 
any delay in its receipt. Please note that the recipient 
must scan this e-mail and any attached files for viruses 
and the like. The Investec Group accepts no liability of 
whatever nature for any loss, liability, damage or expense 
resulting directly or indirectly from the access of any files 
which are attached to this message.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65811&t=65670
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DS3 bandwidth issues [7:65790]

[Nate]

thanks guys.  I knew I could count on such bright and light-hearted people.

- Original Message -
From: "Priscilla Oppenheimer" 
To: 
Sent: Wednesday, March 19, 2003 6:19 PM
Subject: Re: DS3 bandwidth issues [7:65790]


> Or he could do the file transfer to a server that is sitting on the edge
of
> a Black Hole! :-)
>
> Darrell Newcomb wrote:
> >
> > Increase the speed of light.
> >   By increasing the speed of light you will increase the
> > speed of your
> > file transfer.  Ask management to fund advanced research into
> > light
> > accelerators, then wait to do your transfers after light has
> > been speed up
> > by a few orders of magnitude.  (This works best for
> > non-technical folks)
> >
> > or  Use the turbo switch on the back of the router labeled - /
> > oor...
> >
> > Pull fiber directly from A to B
> > Help out the economy and network staff.  Buy a backhoe,
> > some explosives,
> > and a fiber splice hit.  Start at location A, use gps to plot a
> > direct path
> > to B(as the crow flys), point the tractor in the precise
> > direction and do
> > not deviate.  Remove any buildings, reroute roads, destroy
> > gardens, but keep
> > driving in a straight line.  Don't bother with regen, just stay
> > the course.
> > (Works good for technical staff who don't yet get it)
> >
> > ..OR..
> >
> > ""Nate""  wrote in message
> > news:[EMAIL PROTECTED]
> > > We've run a bandwidth test on our DS3 with nothing connected
> > to it but a
> > > workstation (and obviously a router/pix).  We went to
> > testmyspeed.com as
> > > well as dslreports.com.  We both got very good bandwidth
> > tests (upward
> > 6m/s)
> > > however in transferring a 200m file to/from a workstation
> > behind the
> > > connection, we got over 30 minutes while our existing T1 got
> > 26 minutes.
> > > Anyone mind explaining this phenomenon?  Just a side note, we
> > have no
> > > encryption between GRE tunnels.  Thanks in advanced.
> > >
> > > -Nate
> > >
> >
> > ..
> > Tune your tcp stack on the send side.
> > http://www.psc.edu/networking/perf_tune.html
> > http://www-iepm.slac.stanford.edu/monitoring/bulk/fast/
> >
> > Or maybe you have a real life problem or capacity shortage
> > somewhere.
> >
> > Good Luck,
> > Darrell
> > Always looking for the next big project...
>
> As in increasing the speed of light? :-)
>
> Priscilla
>
> > darrell (at) hayaitacos  net




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65814&t=65790
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Large number of VLANS [7:65815]

[Skarphedinsson Arni V.]

Hi

One question

If I have the need to use many VLANS, let´s say around 400, can could I use
a 3550 switch that supports 1005 vlans as the core, and then 2950 switches
in the wiring closets, but they dont support more than 250 vlans, i.e. can I
use the 3550 with all the vlans, and the just trunk for example vlans 100-50
to switch 1, 151-200 to switch 2, and so one, and would be possible to
implement that with VTP ?


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65815&t=65815
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN 803 Callbacks [7:65754]

[Carl Granger]

Thanks for that info I have changed my routing configs accordingly to what
you have suggested, however i am still ocasionally revicing an incoming call
on the 803 from the 3620.

3620
interface Dialer3
 description Featurenet link to CRB803
 ip address 192.168.254.9 255.255.255.252
 encapsulation ppp
 dialer pool 1
 dialer remote-name CRB803
 dialer string 'ISDN line number'
 dialer caller 'Featurenet number'
 dialer-group 2
 pulse-time 0
 no cdp enable
 ppp callback request
 ppp authentication chap
 ppp multilink

803
interface Dialer1
 description Featurenet link to 3620
 ip address 192.168.254.10 255.255.255.252
 ip helper-address 4.10.2.237
 no ip proxy-arp
 encapsulation ppp
 no keepalive
 dialer pool 1
 dialer enable-timeout 2
 dialer string 'Featurenet line' class Callback
 dialer-group 2
 ppp callback accept
 ppp authentication chap
 ppp multilink
!
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
map-class dialer callback
 dialer callback-server username

Any more suggestions would be greatly appreciated.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65817&t=65754
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Difference on L3 switching of Cat4500 and Cat6500? [7:65818]

[Kirankumar Patel]

Dear

L3 switching is nothing but switch acting as a router.

MLS -- Multiprotocol Label Switch -- Can enables routers to make forwarding 
decisions based on short labels, thereby avoiding the complex 
packet-by-packet look-ups used in conventional routing.

With MLS, can run faster then ATM switch.

Regards,

Kiran


>From: "Neil Arlante" 
>Reply-To: "Neil Arlante" 
>To: [EMAIL PROTECTED]
>Subject: Difference on L3 switching of Cat4500 and Cat6500? [7:65802]
>Date: Thu, 20 Mar 2003 02:56:26 GMT
>
>Hi group,
>
>What is the difference between L3 switching capabilities of 4500 and 6500?
>Catalyst 4500 docs mentioned it support L3 switching, but not MLS. What is
>the
>main difference between L3 switching of 4500 and MLS of 6500?
>
>TIA
_
Cricket World Cup 2003 http://server1.msn.co.in/msnspecials/worldcup03/ 
News, Views and Match Reports.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65818&t=65818
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

2511 Reverse Telnet [7:65819]

[Tim Champion]

Help please! I have just bought a 2511 and am attempting to use it for
reverse telnet. I have connected each of the octal cable RJ-45 cables into a
console port. I initiate a reverse telnet session and can recieve data, i.e.
when I power on the target router I recieve boot loader etc messages up
until "press return to start". The problem is I can't send anything,
pressing return doesn't work.

I am reseanably confident that I have entered all the right commands. Can
anyone shed any light on this?

Many thanks in advance.

Tim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65819&t=65819
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN 803 Callbacks [7:65754]

[Carl Granger]

Yes that is correct i only want the 803's to be able to connect into
the 3620, and if i want the 3620 to connect to the 803's 
then the 803's call the 3620 back. Therefore the 3620 will not have any out
going calls. Is this achivable?

Thanking you in anticipation


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65821&t=65754
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN 803 Callbacks [7:65754]

[Glenn Goldie]

The map-class names are case sensitive I think, so check the capital letter
mismatch.

I'm not sure what you mean when you say you are still sometimes receiving
calls on the 803 from the 3620 - is your objective to not allow the 3620 to
dial at all?

You can use "dialer callback-secure" on the 800s to make sure that if any
other calls come in that aren't configured for callback, they will be
disconnected.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65820&t=65754
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

eBGP Multi-hop [7:65823]

[Jim Devane]

hello all, 

(Re-post...not sure if original msg made it our not)

playing around again and have a question. eBGP multi-hop cannot come up if
the peer is known through a default route.
Is there a reason why? 
I mean, what is the point of a static route that causes a recursive lookup
or a static route that simply points to the same next hop as a default route?
For that matter, I can't see it being a matter of proximity either. If
convergence time were not an issue, what is really wrong with having a 10
hop or even 50 hop BGP session? (I know it is unlikely and there are
cetainly better ways to handle it (GRE or IPSec tunnel)) but for the sake of
argument...

Just curious, not able to find much on WHY it is like this... 

thanks, 
Jim 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65823&t=65823
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IPSec and nated ISDN router [7:65782]

[alaerte Vidali]

You need to avoid NAT for the internal traffic destinated to the internal
PIX address (IPsec session).  For example, if your internal address is
1.1.1.0 and the PIX inside address is 172.16.1.0:

On your router:

ip nat inside source route-map Deny-nat ...
!
route-map Deny-nat permit 10
 match ip address 101
!
access-list 101 deny 1.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 101 permit 1.1.1.0 0.0.0.255 any

On the PIX you also need to deny the NAT for the ipsec traffic; something
like:

access-list Deny-nat permit ip 172.16.1.0 255.255.255.0 1.1.1.0 255.255.255.0
!
nat (inside) 0 access-list Deny-nat


Regards



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65829&t=65782
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Convert from Custome Queue to CBWFQ [7:65700]

[alaerte Vidali]

Within your CQ

queue 1 = 500/3000= 16%
queue 2 = 1500/3000   = 50%
queue 3 = 1000/3000   = 33%

So, with CBWQ you would use bandwidth 16 for the traffic that was destinated
to queue1 in CQ, and so on.

Does it make sense?


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65825&t=65700
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Voice Level Adjustment [7:65701]

[alaerte Vidali]

Any Thoughts?


==

At the URL 
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration 
_guide_chapter09186a0080080afd.html, 

it states how to deal with clipped speech: 

"Clipped speech: 
Reduce the input level at the listener's router. (See the "Voice Level 
Adjustment" section.)" 

I think it would be at the speaker´s router. Am I missing something? 



phone a ---  router A--  router B  --- phone b
   |
   |
  clipping here


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65824&t=65701
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Large number of VLANS [7:65815]

[alaerte Vidali]

Uau,  good question.

I can´t reproduce that in a lab.

What will happen when the 3550 advertises 251 Vlans. Maybe the 2950 will
implement just the first 250 Vlans.

Hope somebody helps.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65827&t=65815
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 2511 Reverse Telnet [7:65828]

Sounds like a possible config issue.  You can post your config if 
unsure.  Make sure you have transport input telnet and no exec 
under line 1 16.


Thanks,

Ian
http://www.ccie4u.com
Rack Rentals and Lab Scenarios


On 20 Mar 2003 at 10:40, Tim Champion wrote:

> Help please! I have just bought a 2511 and am attempting to use it for
> reverse telnet. I have connected each of the octal cable RJ-45 cables into
a
> console port. I initiate a reverse telnet session and can recieve data,
i.e.
> when I power on the target router I recieve boot loader etc messages up
> until "press return to start". The problem is I can't send anything,
> pressing return doesn't work.
> 
> I am reseanably confident that I have entered all the right commands. Can
> anyone shed any light on this?
> 
> Many thanks in advance.
> 
> Tim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65828&t=65828
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2511 Reverse Telnet [7:65819]

[alaerte Vidali]

No more than that would be needed:

ip host R1 2001 100.6.9.254  
# address of your 2511 terminal server (any valid interface)
!
line 1 16
 no exec
 transport input all


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65826&t=65819
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Why did Cisco do this? Off Topic [7:65834]

[Elijah Savage]

Cisco buys Linksys.

http://www.quicken.com/investments/news/story/?story=NewsStory/BW/20030320/a5141_1048177983.var&p=CSCO


-- 
"BSD is for people who love Unix -
Linux is for people who hate Microsoft"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65834&t=65834
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Difference on L3 switching of Cat4500 and Cat6500? [7:65832]

[Robert Edmonds]

Actually, Multiprotocol Label Switch is MPLS.  MLS is MultiLayer Switching.
This refers to a switch that can do not noly what Kiran said about L3
switching, but can make forwarding decisions based on higher level
protocols, such as tcp, udp, etc.


""Kirankumar Patel""  wrote in message
news:[EMAIL PROTECTED]
> Dear
>
> L3 switching is nothing but switch acting as a router.
>
> MLS -- Multiprotocol Label Switch -- Can enables routers to make
forwarding
> decisions based on short labels, thereby avoiding the complex
> packet-by-packet look-ups used in conventional routing.
>
> With MLS, can run faster then ATM switch.
>
> Regards,
>
> Kiran
>
>
> >From: "Neil Arlante"
> >Reply-To: "Neil Arlante"
> >To: [EMAIL PROTECTED]
> >Subject: Difference on L3 switching of Cat4500 and Cat6500? [7:65802]
> >Date: Thu, 20 Mar 2003 02:56:26 GMT
> >
> >Hi group,
> >
> >What is the difference between L3 switching capabilities of 4500 and
6500?
> >Catalyst 4500 docs mentioned it support L3 switching, but not MLS. What
is
> >the
> >main difference between L3 switching of 4500 and MLS of 6500?
> >
> >TIA
> _
> Cricket World Cup 2003 http://server1.msn.co.in/msnspecials/worldcup03/
> News, Views and Match Reports.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65832&t=65832
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco 2000 problems [7:65837]

[Han Chuan Alex Ang]

hi, I used to be able to see the Hardware Mac address column while doing the
Topology Service on the VTP domain on the Cisco Work 2000, however , I am
unable to see it now ever since I reinstall and migrate Cisco work 2000 to
another pc, hopefully some body has encounterd the same problems before and
is able to shed some light thanks


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65837&t=65837
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Satellite Modem [7:65830]

[Kiran Kumar M]

Hai,

This is out of topic to Cisco. But it is related with Communication, so I
dared to post this in Cisco group. I think knowledgable persons in
Networking won't mind.

If any one having experience in Satellite modems please help me. We have
one Comstream CM701 modem, in that we are unable to configure the
frequency, can any body guide me how to configure frequency in Comstream
CM701.

Thanks & Regards,
Kiran




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65830&t=65830
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Large number of VLANS [7:65815]

[Skarphedinsson Arni V.]

I was testing this in my lab, and could not get VTP to work with this setup,
as soon as I went over 254 vlans the Cat2950 gave me this message

00:17:11: %SW_VLAN-6-VTP_MODE_CHANGE: VLAN manager changing device mode from
CLIENT to TRANSPARENT.
00:17:11: VTP LOG RUNTIME: VTP mode changed to Transparent

so it looks like I cant use VTP with this one, but I gues it will work if I
dont use VTP and just configure the vlans myself on the switches.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65833&t=65815
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: eBGP Multi-hop [7:65823]

[cebuano]

Hi Jim,
I'm not sure how your peering is configured, but BGP uses TCP to
establish sessions and the default TTL of these packets is set to 1. If
your peer is more than 1 hop away, the BGP packet will never reach its
intended peer.

HTH,
Elmer

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 20, 2003 7:35 AM
To: [EMAIL PROTECTED]
Subject: eBGP Multi-hop [7:65823]

hello all, 

(Re-post...not sure if original msg made it our not)

playing around again and have a question. eBGP multi-hop cannot come up
if
the peer is known through a default route.
Is there a reason why? 
I mean, what is the point of a static route that causes a recursive
lookup
or a static route that simply points to the same next hop as a default
route?
For that matter, I can't see it being a matter of proximity either. If
convergence time were not an issue, what is really wrong with having a
10
hop or even 50 hop BGP session? (I know it is unlikely and there are
cetainly better ways to handle it (GRE or IPSec tunnel)) but for the
sake of
argument...

Just curious, not able to find much on WHY it is like this... 

thanks, 
Jim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65836&t=65823
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2511 Reverse Telnet [7:65819]

[ORiordan Brian]

Hi Alaerte,

Could you paste the configuration of your 2511 so that we can have a look at
it.

Brian.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65838&t=65819
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Policy based routing [7:65776]

[alaerte Vidali]

Why you do not use "set ip next hop"?

"set ip default next-hop" do not support fast-switching.

You need enable fast-switching before configuring PBR with the interface
command "ip route-cache policy"


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65831&t=65776
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: eBGP Multi-hop [7:65823]

[Carroll Kong]

I guess I am kind of just going to a quick stab.  Do you have "no 
synchronization" under the BGP configuration?

> hello all, 
> 
> (Re-post...not sure if original msg made it our not)
> 
> playing around again and have a question. eBGP multi-hop cannot come up if
> the peer is known through a default route.
> Is there a reason why? 
> I mean, what is the point of a static route that causes a recursive lookup
> or a static route that simply points to the same next hop as a default
route?
> For that matter, I can't see it being a matter of proximity either. If
> convergence time were not an issue, what is really wrong with having a 10
> hop or even 50 hop BGP session? (I know it is unlikely and there are
> cetainly better ways to handle it (GRE or IPSec tunnel)) but for the sake
of
> argument...
> 
> Just curious, not able to find much on WHY it is like this... 
> 
> thanks, 
> Jim 
-Carroll Kong




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65835&t=65823
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Anyone configured nat under tunnel [7:65843]

[Karim Abdelmonem]

Anyone configured NAT under tunnel interface (GRE tunnel)??

Also anyone knows if i can use standby track tunnel (HSRP track interface 
command)??

Thanks,
Karim.


_
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65843&t=65843
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Open http: traffic on firewall... [7:65755]

[SMAN]

OK...I got to the point of issuing this command (ip route 2.2.2.2
255.255.255.255 ethernet 0) at the configure prompt and got:

Internet(config)#ip route 216.224.32.195 255.255.255.240 ethernet 0
% Incomplete command.

Any recommendations???

Thanks

Ken

""Robert Edmonds""  wrote in message
news:[EMAIL PROTECTED]
> First, you need to define your inside and outside interfaces for NAT.
> Usually, the interface where your webserver is connected will be defined
as
> inside and all others are outside.  This would look something like this,
> assuming your web server is on interface ethernet 0:
>
> interface ethernet 0
>  ip address 2.2.2.1 255.255.255.240
>  ip nat inside
> interface serial 0 (or interface serial 0.1 for frame relay subinterface,
> depending on your setup)
>  ip nat outside
>
> Next, you'll need to define a static translation between your web server
and
> your outside IP addresses assigned by your ISP.  I will use 10.0.0.1 to
> represent your web server address and 2.2.2.2 for your ISP assigned
address.
>
> ip nat inside source static 10.0.0.1 2.2.2.2
>
> Or, if you want to get fancy and do PAT:
>
> ip nat inside source static tcp 10.0.0.1 80 2.2.2.2 80 extendable
>
> Next, tell your router to send all traffic destined for 2.2.2.2 (the
outside
> address of your web server) to the proper interface.
>
> ip route 2.2.2.2 255.255.255.255 ethernet 0
>
> Your setup may demand something a little different, but in general I think
> this should get you started.
>
> Robert
>
>
> ""SMAN""  wrote in message
> news:[EMAIL PROTECTED]
> > I have a cisco 2611 router/firewall that I need to open up for http:
> > traffic.  I need to configure NAT to point to the static IP on the web
> > server.  How do I do this?  What are the specifics?
> >
> > Thanks
> >
> > Ken




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65840&t=65755
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Difference on L3 switching of Cat4500 and Cat6500? [7:65839]

[Neil Arlante]

MLS is multilayer switching, which is available only on Cat5000 and Cat6000
family of switches, by using MSFC on Cat6000. What is the difference on L3
switching performed by Cat4000 series. MLS doesn't use labels, it use cache
of candidate and enable packets, and Xtags of MLS-RP. How about L3 switching
on Cat4000?

Thanks, Kiran, but I don't think you answered correctly.




- Original Message -
From: "Kirankumar Patel" 
To: 
Sent: Thursday, March 20, 2003 6:33 PM
Subject: Re: Difference on L3 switching of Cat4500 and Cat6500? [7:65818]


> Dear
>
> L3 switching is nothing but switch acting as a router.
>
> MLS -- Multiprotocol Label Switch -- Can enables routers to make
forwarding
> decisions based on short labels, thereby avoiding the complex
> packet-by-packet look-ups used in conventional routing.
>
> With MLS, can run faster then ATM switch.
>
> Regards,
>
> Kiran
>
>
> >From: "Neil Arlante"
> >Reply-To: "Neil Arlante"
> >To: [EMAIL PROTECTED]
> >Subject: Difference on L3 switching of Cat4500 and Cat6500? [7:65802]
> >Date: Thu, 20 Mar 2003 02:56:26 GMT
> >
> >Hi group,
> >
> >What is the difference between L3 switching capabilities of 4500 and
6500?
> >Catalyst 4500 docs mentioned it support L3 switching, but not MLS. What
is
> >the
> >main difference between L3 switching of 4500 and MLS of 6500?
> >
> >TIA
> _
> Cricket World Cup 2003 http://server1.msn.co.in/msnspecials/worldcup03/
> News, Views and Match Reports.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65839&t=65839
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Convert from Custome Queue to CBWFQ [7:65700]

[Will Gragido]

Are you asking or responding to a post? I may have missed the first
portion

Will Gragido CISSP CCNP CIPTSS CCDA MCP
9450 W. Bryn Mawr Ave.
Suite 325
Rosemont, Il 60018
www.ins.com
[EMAIL PROTECTED]


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 20, 2003 7:36 AM
To: [EMAIL PROTECTED]
Subject: RE: Convert from Custome Queue to CBWFQ [7:65700]

Within your CQ

queue 1 = 500/3000= 16%
queue 2 = 1500/3000   = 50%
queue 3 = 1000/3000   = 33%

So, with CBWQ you would use bandwidth 16 for the traffic that was destinated
to queue1 in CQ, and so on.

Does it make sense?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65842&t=65700
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: eBGP Multi-hop [7:65823]

[John Neiberger]

>> hello all, 
>> 
>> (Re-post...not sure if original msg made it our not)
>> 
>> playing around again and have a question. eBGP multi-hop cannot come up if
>> the peer is known through a default route.
>> Is there a reason why? 
>> I mean, what is the point of a static route that causes a recursive lookup
>> or a static route that simply points to the same next hop as a default
>route?
>> For that matter, I can't see it being a matter of proximity either. If
>> convergence time were not an issue, what is really wrong with having a 10
>> hop or even 50 hop BGP session? (I know it is unlikely and there are
>> cetainly better ways to handle it (GRE or IPSec tunnel)) but for the sake
>of
>> argument...
>> 
>> Just curious, not able to find much on WHY it is like this... 
>> 
>> thanks, 
>> Jim 

"Note:   To avoid the accidental creation of loops through oscillating
routes, the multihop session will not be established if the only route to
the multihop peer's address is the default route (0.0.0.0). "

Taken from:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt2/1cdbgp.htm#27110
 

HTH,
John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65844&t=65823
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: DS3 bandwidth issues [7:65790]

[[EMAIL PROTECTED]]

Who is the T1 provider?

Who is the DS3 provider?

Is it a full DS3 or frac?  What router do you have?  Could it be
configuration?

Could it be that you bought a DS3 from a provider with either a lousy
network?  Or maybe just bad peering/transit with the place you are
attempting to download from?

A DS3 is not a DS3!  Consider if your provider of the DS3 only has an OC3
network for you to use and has it oversubscribed 4:1?  Would that work well?

What do GRE tunnels have to do with anything?  Describe the network.

Give more details and a better explaination may come.

Tom




> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Darrell Newcomb
> Sent: Wednesday, March 19, 2003 8:31 PM
> To: [EMAIL PROTECTED]
> Subject: Re: DS3 bandwidth issues [7:65790]
>
>
> Increase the speed of light.
>   By increasing the speed of light you will increase the speed of your
> file transfer.  Ask management to fund advanced research into light
> accelerators, then wait to do your transfers after light has been speed up
> by a few orders of magnitude.  (This works best for non-technical folks)
>
> or  Use the turbo switch on the back of the router labeled - / oor...
>
> Pull fiber directly from A to B
> Help out the economy and network staff.  Buy a backhoe, some
> explosives,
> and a fiber splice hit.  Start at location A, use gps to plot a
> direct path
> to B(as the crow flys), point the tractor in the precise direction and do
> not deviate.  Remove any buildings, reroute roads, destroy
> gardens, but keep
> driving in a straight line.  Don't bother with regen, just stay
> the course.
> (Works good for technical staff who don't yet get it)
>
> .OR..
>
> ""Nate""  wrote in message
> news:[EMAIL PROTECTED]
> > We've run a bandwidth test on our DS3 with nothing connected to it but a
> > workstation (and obviously a router/pix).  We went to testmyspeed.com as
> > well as dslreports.com.  We both got very good bandwidth tests (upward
> 6m/s)
> > however in transferring a 200m file to/from a workstation behind the
> > connection, we got over 30 minutes while our existing T1 got 26 minutes.
> > Anyone mind explaining this phenomenon?  Just a side note, we have no
> > encryption between GRE tunnels.  Thanks in advanced.
> >
> > -Nate
> >
>
> .
> Tune your tcp stack on the send side.
> http://www.psc.edu/networking/perf_tune.html
> http://www-iepm.slac.stanford.edu/monitoring/bulk/fast/
>
> Or maybe you have a real life problem or capacity shortage somewhere.
>
> Good Luck,
> Darrell
> Always looking for the next big project...
> darrell (at) hayaitacos  net




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65804&t=65790
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Large number of VLANS [7:65815]

[The Long and Winding Road]

""Skarphedinsson Arni V.""  wrote in message
news:[EMAIL PROTECTED]
> Hi
>
> One question
>
> If I have the need to use many VLANS, let4s say around 400, can could I
use
> a 3550 switch that supports 1005 vlans as the core, and then 2950 switches
> in the wiring closets, but they dont support more than 250 vlans, i.e. can
I
> use the 3550 with all the vlans, and the just trunk for example vlans
100-50
> to switch 1, 151-200 to switch 2, and so one, and would be possible to
> implement that with VTP ?


With careful planning, why not?

OTOH, with such a large number of vlans required, can you justify at least
3550's everywhere?

Good, cheap, fast - you can only have 2.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65841&t=65815
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Workbook homelab ? [7:65161]

[[EMAIL PROTECTED] (John Nemeth)]

On Aug 2,  2:22pm, "Danny Free" wrote:
}
} I have not passed the Lab yet. My date is in June. Below is a home lab
} that I have assembled. It all depends on how much you can afford to spend.
} With this equipment I can do the CCbootcamp, IPexpert, Hello
} and Routopia labs at home. The only thing is that for ATM I will have to

 What are Routopia labs?  I haven't heard of them.

}-- End of excerpt from "Danny Free"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65807&t=65161
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: eBGP Multi-hop [7:65823]

[The Long and Winding Road]

""Jim Devane""  wrote in message
news:[EMAIL PROTECTED]
> hello all,
>
> (Re-post...not sure if original msg made it our not)
>
> playing around again and have a question. eBGP multi-hop cannot come up if
> the peer is known through a default route.
> Is there a reason why?
> I mean, what is the point of a static route that causes a recursive lookup
> or a static route that simply points to the same next hop as a default
route?
> For that matter, I can't see it being a matter of proximity either. If
> convergence time were not an issue, what is really wrong with having a 10
> hop or even 50 hop BGP session? (I know it is unlikely and there are
> cetainly better ways to handle it (GRE or IPSec tunnel)) but for the sake
of
> argument...


I've done BGP peering with other folks across the internet - as many as 25
hops away. It's doable with no problems, so long as your provider is not
filtering BGP somewhere.


>
> Just curious, not able to find much on WHY it is like this... >


I've run into this problem as well. My theory - it's part of the code,
requiring a specific route to a peer. BGP in general is not supposed to do
much of anything with any information unless there is a specific route in
the router's routing table. Counter intuitive, but rational in that BGP is
meant to be reliable, and dependence on a default route is not reliable.




> thanks,
> Jim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65850&t=65823
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Large number of VLANS [7:65815]

[The Long and Winding Road]

""Skarphedinsson Arni V.""  wrote in message
news:[EMAIL PROTECTED]
> I was testing this in my lab, and could not get VTP to work with this
setup,
> as soon as I went over 254 vlans the Cat2950 gave me this message
>
> 00:17:11: %SW_VLAN-6-VTP_MODE_CHANGE: VLAN manager changing device mode
from
> CLIENT to TRANSPARENT.
> 00:17:11: VTP LOG RUNTIME: VTP mode changed to Transparent
>
> so it looks like I cant use VTP with this one, but I gues it will work if
I
> dont use VTP and just configure the vlans myself on the switches.


You could if you planned it well.

Just limit which VLANs are allowed over your trunks.

May I ask? Why do you need so many VLANs?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65848&t=65815
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Token Ring is it true? [7:65846]

[Mark Godfrey]

Team,

Is it true that Token ring, FDDI and appletalk have been removed from
the test? Geez If this is true I have packed my brain with junk. :-(   lol

Mark

Shine only the brightest light on Old Glory.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65846&t=65846
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: eBGP Multi-hop [7:65823]

[bergenpeak]

I'll guess and say this is an accident prevention mechanism.  Suppose
you have two egress points and each advertises a default.  If the link
from one of these egress devices to its peer fails, might the eBGP
session
remain up, but follow the default through the other egress location?
You wouldn't want this eBGP session to stay up, but it might if you
allow
eBGP to follow a default.  




Jim Devane wrote:
> 
> hello all,
> 
> (Re-post...not sure if original msg made it our not)
> 
> playing around again and have a question. eBGP multi-hop cannot come up if
> the peer is known through a default route.
> Is there a reason why?
> I mean, what is the point of a static route that causes a recursive lookup
> or a static route that simply points to the same next hop as a default
route?
> For that matter, I can't see it being a matter of proximity either. If
> convergence time were not an issue, what is really wrong with having a 10
> hop or even 50 hop BGP session? (I know it is unlikely and there are
> cetainly better ways to handle it (GRE or IPSec tunnel)) but for the sake
of
> argument...
> 
> Just curious, not able to find much on WHY it is like this...
> 
> thanks,
> Jim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65849&t=65823
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Convert from Custome Queue to CBWFQ [7:65700]

[Dom]

Do not forget to set the max reserved bandwidth to 100%

Dom  Stocqueler

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: 20 March 2003 13:36
To: [EMAIL PROTECTED]
Subject: RE: Convert from Custome Queue to CBWFQ [7:65700]


Within your CQ

queue 1 = 500/3000= 16%
queue 2 = 1500/3000   = 50%
queue 3 = 1000/3000   = 33%

So, with CBWQ you would use bandwidth 16 for the traffic that was
destinated to queue1 in CQ, and so on.

Does it make sense?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65847&t=65700
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: eBGP Multi-hop [7:65823]

[Jim Devane]

Thanks for the replies so far...
Hmm, Well, actually becuase BGP uses TCP 179 is can traverse non-BGP
speakers to a router that does speak BGP ( Just like TFTP'ing to another
router)
I put the config I was testing below. The config works, BGP runs everyone is
happy when I have a specific route to the opposite side peer's Loopback
address.

ip route 172.16.10.1 255.255.255.255 192.168.33.2

but if I remove that and install

ip route 0.0.0.0 0.0.0.0 192.168.33.2

then BGP breaks. I don't understand why. There is no IGP. Both routes point
to exactly the same place.

conf t
router bgp 65500
no synchronization
bgp log-neighbor-changes
network 192.168.47.0
network 192.168.55.0
aggregate-address 192.168.0.0 255.255.0.0
neighbor 172.16.10.1 remote-as 6
neighbor 172.16.10.1 ebgp-multihop5
neighbor 172.16.10.1 update-source Loopback0
neighbor 172.16.10.1 version 4
neighbor 172.16.10.1 soft-reconfiguration inbound
neighbor 172.16.10.1 password 7 140705191C117B3821
neighbor 172.16.10.1 filter-list 3 in
neighbor 172.16.10.1 filter-list 4 out


- Original Message -
From: "Carroll Kong" 
To: 
Sent: Thursday, March 20, 2003 6:54 AM
Subject: Re: eBGP Multi-hop [7:65823]


> I guess I am kind of just going to a quick stab.  Do you have "no
> synchronization" under the BGP configuration?
>
> > hello all,
> >
> > (Re-post...not sure if original msg made it our not)
> >
> > playing around again and have a question. eBGP multi-hop cannot come up
if
> > the peer is known through a default route.
> > Is there a reason why?
> > I mean, what is the point of a static route that causes a recursive
lookup
> > or a static route that simply points to the same next hop as a default
> route?
> > For that matter, I can't see it being a matter of proximity either. If
> > convergence time were not an issue, what is really wrong with having a
10
> > hop or even 50 hop BGP session? (I know it is unlikely and there are
> > cetainly better ways to handle it (GRE or IPSec tunnel)) but for the
sake
> of
> > argument...
> >
> > Just curious, not able to find much on WHY it is like this...
> >
> > thanks,
> > Jim
> -Carroll Kong




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65853&t=65823
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: eBGP MultiHop [7:65748]

[lenny lim]

This is because how can bgp form a peer when it doesn't know where is it's
neighbor?


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65854&t=65748
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Difference on L3 switching of Cat4500 and Cat6 [7:65832]

[Priscilla Oppenheimer]

Robert Edmonds wrote:
> 
> Actually, Multiprotocol Label Switch is MPLS.  MLS is
> MultiLayer Switching.
> This refers to a switch that can do not noly what Kiran said
> about L3
> switching, but can make forwarding decisions based on higher
> level
> protocols, such as tcp, udp, etc.

Oh dear, this has really gotten funny.

MLS is neither MPLS nor switching based on multiple OSI layers.

MLS refers to a route/switch architecture in which the forwarding and
routing jobs (layers or modules) are assigned to two different pieces of
hardware. A router module learns how to reach destinations, handles the
first set of packets to a destination, and then tells a switching module how
to handle subsequent packets for that flow. Some high-end routers do this
(with VIPs, etc.) and some high-end switches can do it also, either with the
help of an outside router or by using built-in feature cards.

MLS is often used to specifically refer to the architecture and features on
a Cat 5000 and 6000 that enable this division of tasks. There are three
components (or layers) to the MLS architecture on these switches:

MLS Route Processor (MLS-RP)
MLS Switching Engine (MLS-SE)
Multilayer Switching Protocol (MLSP)

The router part talks to the switching part using MLSP. This allows the
switching part to develop a cache that enables "shortcut switching" of
packets.

That's just one way of handling the necessary tasks, however. 

Take the 8500 "switch" as an example of another way of handling the problem.
It can run the entire IOS and act just like a traditional router, only
faster. It has a Switch Route Processor that handles routing functions at
high speeds. Just to confuse matters, it behaves a little differently from
the Route Switch Processor available on other platforms. :-)

Unfortunately, I don't know much about the Catalyst 4000, which was
mentioned in the original question. But from what I understand about it,
it's basically a router with switch ports. Its architecture is more like the
8500. It runs most of IOS and can do routing protocols, including BGP, OSPF,
etc. It can forward packets at high speeds based on Layer 3 info or Layer 2
info. It's a router on steroids, whereas a Cat 5000 or 6000 with MLS is a
switch that has been told how to forward packets that normally a router
would handle.

Which method is better? Neither one, though they have their pluses and
minues. Really, you just have to realize that all these options came out
during the dot com craze when Cisco had thousands and thousands of employees
all working to solve the same problem, gobs of money to buy companies with
products that all sovled the same problem, etc. So in true Cisco style, you
can accomplish the exact same thing (fast forwarding of packets) in a bunch
of different ways.

___

Priscilla Oppenheimer
www.troubleshootingnetworks.com
www.priscilla.com


> 
> 
> ""Kirankumar Patel""  wrote in message
> news:[EMAIL PROTECTED]
> > Dear
> >
> > L3 switching is nothing but switch acting as a router.
> >
> > MLS -- Multiprotocol Label Switch -- Can enables routers to
> make
> forwarding
> > decisions based on short labels, thereby avoiding the complex
> > packet-by-packet look-ups used in conventional routing.
> >
> > With MLS, can run faster then ATM switch.
> >
> > Regards,
> >
> > Kiran
> >
> >
> > >From: "Neil Arlante"
> > >Reply-To: "Neil Arlante"
> > >To: [EMAIL PROTECTED]
> > >Subject: Difference on L3 switching of Cat4500 and Cat6500?
> [7:65802]
> > >Date: Thu, 20 Mar 2003 02:56:26 GMT
> > >
> > >Hi group,
> > >
> > >What is the difference between L3 switching capabilities of
> 4500 and
> 6500?
> > >Catalyst 4500 docs mentioned it support L3 switching, but
> not MLS. What
> is
> > >the
> > >main difference between L3 switching of 4500 and MLS of 6500?
> > >
> > >TIA
> >
> _
> > Cricket World Cup 2003
> http://server1.msn.co.in/msnspecials/worldcup03/
> > News, Views and Match Reports.
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65858&t=65832
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: eBGP Multi-hop [7:65823]

[Jim Devane]

Ah!

ok, I guess I can make do with that.
They just want you to be deliberate about the config.
Ok, cool,

THANKS!
jim


- Original Message -
From: "John Neiberger" 
To: 
Sent: Thursday, March 20, 2003 8:10 AM
Subject: Re: eBGP Multi-hop [7:65823]


> >> hello all,
> >>
> >> (Re-post...not sure if original msg made it our not)
> >>
> >> playing around again and have a question. eBGP multi-hop cannot come up
if
> >> the peer is known through a default route.
> >> Is there a reason why?
> >> I mean, what is the point of a static route that causes a recursive
lookup
> >> or a static route that simply points to the same next hop as a default
> >route?
> >> For that matter, I can't see it being a matter of proximity either. If
> >> convergence time were not an issue, what is really wrong with having a
10
> >> hop or even 50 hop BGP session? (I know it is unlikely and there are
> >> cetainly better ways to handle it (GRE or IPSec tunnel)) but for the
sake
> >of
> >> argument...
> >>
> >> Just curious, not able to find much on WHY it is like this...
> >>
> >> thanks,
> >> Jim
>
> "Note:   To avoid the accidental creation of loops through oscillating
> routes, the multihop session will not be established if the only route to
> the multihop peer's address is the default route (0.0.0.0). "
>
> Taken from:
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c
/ipcprt2/1cdbgp.htm#27110
>
> HTH,
> John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65855&t=65823
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT: Satellite Modem [7:65830]

[s vermill]

Kiran Kumar M wrote:
> 
> Hai,
> 
> This is out of topic to Cisco. But it is related with
> Communication, so I
> dared to post this in Cisco group. I think knowledgable persons
> in
> Networking won't mind.
> 
> If any one having experience in Satellite modems please help
> me. We have
> one Comstream CM701 modem, in that we are unable to configure
> the
> frequency, can any body guide me how to configure frequency in
> Comstream
> CM701.
> 
> Thanks & Regards,
> Kiran
> 
> 

Kiran,

I can't help you with that particular model much.  I can offer you some very
basic insight thought.  Some modern satellite modems do in fact interface
directly the the antenna electronics (that is to say that they have an RF
input/output).  "Traditional" satellite modems have a digital interface on
one side and an Intermediate Frequency (IF) interface on the other.  It's
then the responsibility of an up/down converter pair to modulate the IF onto
the RF.  So many satellite modems can't be "tuned."  They often have a fixed
70 MHz IF (or some other frequency or possibly even two or three selectable
frequencies).

The information in this link, which I found in a yahoo search, would suggest
that the CM701 is, in fact, an IF modem with 70 or 140 MHz interfaces to
up/down converter systems.

Regards,

Scott 



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65859&t=65830
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Why did Cisco do this? Off Topic [7:65834]

[Hanna, Keith]

to buy into a huge growth market?
Especially in an area which they do not really cover at the minute (home
user)...
Personally, I think it was only a matter of time - they announced earlier
this year they were looking to buy companies to expand into growth areas in
which they currently have little (or no) involvement at the minute.
Also, they have just recently bought someone who provides voice technology
(Signal or something I think) in their IP phones.

I would expect them to be going for someone in the storage arena next,
they've also said they want to expand/improve their network storage product
stuff.

just my $0.02

-Original Message-
From: Elijah Savage [mailto:[EMAIL PROTECTED]
Sent: 20 March 2003 14:50
To: [EMAIL PROTECTED]
Subject: Why did Cisco do this? Off Topic [7:65834]


Cisco buys Linksys.

http://www.quicken.com/investments/news/story/?story=NewsStory/BW/20030320/a5141_1048177983.var&p=CSCO


-- 
"BSD is for people who love Unix -
Linux is for people who hate Microsoft"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65856&t=65834
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Why did Cisco do this? Off Topic [7:65834]

[The Long and Winding Road]

""Elijah Savage""  wrote in message
news:[EMAIL PROTECTED]
> Cisco buys Linksys.
>
>
http://www.quicken.com/investments/news/story/?story=NewsStory/BW/20030320/a
5141_1048177983.var&p=CSCO
>


Note that Cisco will continue with the Linksys name and operate the company
as a separate division.

Cisco failed miserably in the SOHO / Consumer market. But there is a LOT of
money to be made there. So Cisco did what Cisco does - go out and buy a
company that does it right.

The advantage of operating the acquisition under its existing name, and
operating it separately is that Cisco doesn't get into the game of trying to
make their products interoperable from top to bottom. Part of their earlier
problem is customers expected seamless integration of the low end with the
high end, and Cisco couldn't make it happen. Linksys comsumer products -
wireless, DSL, cable, switches, etc are great products, especially for the
home market. Now Cisco is in the market as a player, not a wannabe.



>
> --
> "BSD is for people who love Unix -
> Linux is for people who hate Microsoft"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65861&t=65834
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX Questions [7:65806]

[Ben W]

The PIX is not a router, however it does have a routing table and can
participate in a limited fashion in certain routing protocols, like RIP.

To answer your 2nd question, there is no functional difference between the
IOS and PIX doing nat/pat.  Its just a difference in configuration really.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65867&t=65806
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DS3 bandwidth issues [7:65790]

[Scott Roberts]

why do people refer to a DS3 as a DS3 and not a T3? is there something I'm
missing?

scott

""Nate""  wrote in message
news:[EMAIL PROTECTED]
> We've run a bandwidth test on our DS3 with nothing connected to it but a
> workstation (and obviously a router/pix).  We went to testmyspeed.com as
> well as dslreports.com.  We both got very good bandwidth tests (upward
6m/s)
> however in transferring a 200m file to/from a workstation behind the
> connection, we got over 30 minutes while our existing T1 got 26 minutes.
> Anyone mind explaining this phenomenon?  Just a side note, we have no
> encryption between GRE tunnels.  Thanks in advanced.
>
> -Nate




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65864&t=65790
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Anyone configured nat under tunnel [7:65843]

[Ben W]

The problem with doing standby track tunnel is quite often, the tunnel
interface doesn't go down.  I had the same question awhile back when I was
configuring HSRP and i found out that the tunnel interfaces would stay up,
up, even though traffic stopped routing through it for one reason or
another.  And if the interface doesn't go down, hsrp won't kick in.

Something to consider in your testing of it.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65863&t=65843
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX VPN home access question [7:65666]

[Richard Campbell]

Hi..  May I know whether your PIX 515 at your company is only for your VPN 
access from home or it can be used for internet access for your company as 
well.

If I have only one outside interface and one leased line, can it be used as 
for the internet access and VPN access from home at the same time??

Thanks

>From: "BJ Rice" 
>Reply-To: "BJ Rice" 
>To: [EMAIL PROTECTED]
>Subject: RE: PIX VPN home access question [7:65666]
>Date: Tue, 18 Mar 2003 22:05:21 GMT
>
>The software is available at
>http://www.cisco.com/kobayashi/sw-center/sw-vpn.shtml.
>
>Once you have the VPN tunnel established, there should be no need for a 
>dial
>in line.
>
>Here is a sample configuration for my VPN tunnel to my home 515 PIX -  I 
>use
>DES, I would recommend 3DES.
>
>PIX Version 6.2(2)
>nameif ethernet0 outside security0
>nameif ethernet1 inside security100
>nameif ethernet2 pix/intf2 security10
>nameif ethernet3 pix/intf3 security15
>nameif ethernet4 pix/intf4 security20
>nameif ethernet5 pix/intf5 security25
>enable password XXX encrypted
>passwd XXX encrypted
>hostname X
>fixup protocol ftp 21
>fixup protocol http 80
>fixup protocol h323 h225 1720
>fixup protocol h323 ras 1718-1719
>fixup protocol ils 389
>fixup protocol rsh 514
>fixup protocol rtsp 554
>fixup protocol smtp 25
>fixup protocol sqlnet 1521
>fixup protocol sip 5060
>fixup protocol skinny 2000
>names
>access-list 80 permit ip 10.0.0.0 255.255.255.0 10.0.0.0 255.255.255.0
>pager lines 24
>logging on
>logging timestamp
>logging trap debugging
>logging host inside 10.0.0.111
>no logging message 305012
>no logging message 305011
>no logging message 302015
>no logging message 302014
>no logging message 302013
>no logging message 302016
>interface ethernet0 10full
>interface ethernet1 10full
>interface ethernet2 auto shutdown
>interface ethernet3 auto shutdown
>interface ethernet4 auto shutdown
>interface ethernet5 auto shutdown
>mtu outside 1500
>mtu inside 1500
>mtu pix/intf2 1500
>mtu pix/intf3 1500
>mtu pix/intf4 1500
>mtu pix/intf5 1500
>ip address outside dhcp setroute
>ip address inside 10.0.0.1 255.255.255.0
>ip address pix/intf2 127.0.0.1 255.255.255.255
>ip address pix/intf3 127.0.0.1 255.255.255.255
>ip address pix/intf4 127.0.0.1 255.255.255.255
>ip address pix/intf5 127.0.0.1 255.255.255.255
>ip audit name IDSATTACK attack action alarm reset
>ip audit interface outside IDSATTACK
>ip audit info action alarm
>ip audit attack action alarm
>ip local pool REMOTEIPPOOLS 10.0.0.210-10.0.0.215
>no failover
>failover timeout 0:00:00
>failover poll 15
>failover ip address outside 0.0.0.0
>failover ip address inside 0.0.0.0
>failover ip address pix/intf2 0.0.0.0
>failover ip address pix/intf3 0.0.0.0
>failover ip address pix/intf4 0.0.0.0
>failover ip address pix/intf5 0.0.0.0
>pdm location 10.0.0.4 255.255.255.255 inside
>pdm location 10.0.0.111 255.255.255.255 inside
>pdm location 10.0.0.0 255.0.0.0 inside
>pdm history enable
>arp timeout 14400
>global (outside) 1 interface
>nat (inside) 0 access-list 80
>nat (inside) 1 0.0.0.0 0.0.0.0 0 0
>timeout xlate 3:00:00
>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
>0:05:00 sip 0:30:00 sip_media 0:02:00
>timeout uauth 0:05:00 absolute
>aaa-server TACACS+ protocol tacacs+
>aaa-server RADIUS protocol radius
>aaa-server LOCAL protocol local
>http server enable
>http 10.0.0.111 255.255.255.255 inside
>no snmp-server location
>no snmp-server contact
>snmp-server community public
>no snmp-server enable traps
>floodguard enable
>sysopt connection permit-ipsec
>no sysopt route dnat
>crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
>crypto dynamic-map outside_dyn_map 10 set transform-set ESP-DES-MD5
>crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
>crypto map outside_map interface outside
>isakmp enable outside
>isakmp policy 10 authentication pre-share
>isakmp policy 10 encryption des
>isakmp policy 10 hash md5
>isakmp policy 10 group 2
>isakmp policy 10 lifetime 86400
>vpngroup GROUPNAME address-pool REMOTEIPPOOLS
>vpngroup GROUPNAME idle-time 1800
>vpngroup GROUPNAME password xx
>telnet 10.0.0.0 255.255.255.0 inside
>telnet timeout 60
>ssh timeout 30
>dhcpd address 10.0.0.2-10.0.0.200 inside
>dhcpd lease 3600
>dhcpd ping_timeout 750
>dhcpd auto_config outside
>dhcpd enable inside
>username  password  encrypted privilege 2
>terminal width 80
>Cryptochecksum:dc24ebe736764b81a98b1e78c3f9f326
>: end
_
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65845&t=65666
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Why did Cisco do this? Off Topic [7:65834]

[Scott Roberts]

why not?

my boss came to me this morning prior to the announcement and thought they
were going to say they were buying checkpoint!

scott

""Elijah Savage""  wrote in message
news:[EMAIL PROTECTED]
> Cisco buys Linksys.
>
>
http://www.quicken.com/investments/news/story/?story=NewsStory/BW/20030320/a
5141_1048177983.var&p=CSCO
>
>
> --
> "BSD is for people who love Unix -
> Linux is for people who hate Microsoft"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65866&t=65834
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

The Answer, Re: eBGP Multi-hop [7:65823]

[John Neiberger]

>Thanks for the replies so far...
>Hmm, Well, actually becuase BGP uses TCP 179 is can traverse non-BGP
>speakers to a router that does speak BGP ( Just like TFTP'ing to another
>router)
>I put the config I was testing below. The config works, BGP runs everyone is
>happy when I have a specific route to the opposite side peer's Loopback
>address.
>
>ip route 172.16.10.1 255.255.255.255 192.168.33.2
>
>but if I remove that and install
>
>ip route 0.0.0.0 0.0.0.0 192.168.33.2
>
>then BGP breaks. I don't understand why. There is no IGP. Both routes point
>to exactly the same place.

Just in case you missed this in my previous reply, I'll re-post it here:

"Note: To avoid the accidental creation of loops through oscillating routes,
the multihop session will not be established if the only route to the
multihop peer's address is the default route (0.0.0.0). "

Taken from: 
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt2/1cdbgp.htm#27110
 

HTH,
John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65860&t=65823
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: DS3 bandwidth issues [7:65790]

[s vermill]

Nate wrote:
> 
> We've run a bandwidth test on our DS3 with nothing connected to
> it but a
> workstation (and obviously a router/pix).  We went to
> testmyspeed.com as
> well as dslreports.com.  We both got very good bandwidth tests
> (upward 6m/s)
> however in transferring a 200m file to/from a workstation
> behind the
> connection, we got over 30 minutes while our existing T1 got 26
> minutes.
> Anyone mind explaining this phenomenon?  Just a side note, we
> have no
> encryption between GRE tunnels.  Thanks in advanced.
> 
> -Nate
> 
> 


Nate,

A few rambling thoughts in addition to those already offered:

Where is this 200MB file?  On a lightning-fast server on a lightning-fast
LAN connected to a lightning-fast router with a lightning fast connection to
the Internet?  In other words, is the file location the bottleneck?  Because
26 minutes on even a T1 is TERRIBLE.

Also, the download test sites don't do file tranfer using FTP in general. 
They establish an HTTP/TCP/IP session and dump a BUNCH of random text.  So
the control mechanisms are different between the test and the "real world"
file transfer.

Perhaps more rambling thoughts later...



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65865&t=65790
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DS3 bandwidth issues [7:65790]

[s vermill]

Scott Roberts wrote:
> 
> why do people refer to a DS3 as a DS3 and not a T3? is there
> something I'm
> missing?

It's a bit esoteric.  I'm working on something that will help clarify.  In
short, a DS3 is a frame structure (28 T1s plus 1.504 mbps overhead, all
interleaved in a certain way, etc, etc).  A T3 is an actual interface
(certain peak-to-peak voltage, certain impedance, etc).  It's rare that you
would ever get your hands on an actual DS3 because that is created by, say,
a T3 mux.  T1s as input, DS3 frame created from those, and T3 out for
further transmission.  In that example, there’s never a discrete DS3 out in
the open - it exists only inside the mux and only briefly.  To (hopefully)
further clarify, you won't find a SONET box with a DS3 interface.  It'll
have a T3 interface.

They're pretty much used interchangeably in industry though.  


> 
> scott
> 
> ""Nate""  wrote in message
> news:[EMAIL PROTECTED]
> > We've run a bandwidth test on our DS3 with nothing connected
> to it but a
> > workstation (and obviously a router/pix).  We went to
> testmyspeed.com as
> > well as dslreports.com.  We both got very good bandwidth
> tests (upward
> 6m/s)
> > however in transferring a 200m file to/from a workstation
> behind the
> > connection, we got over 30 minutes while our existing T1 got
> 26 minutes.
> > Anyone mind explaining this phenomenon?  Just a side note, we
> have no
> > encryption between GRE tunnels.  Thanks in advanced.
> >
> > -Nate
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65868&t=65790
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Large number of VLANS [7:65815]

[Skarphedinsson Arni V.]

I have goten it to work in a lab enviroment, i.e. with out using VTP, just
using VTP transperant mode and manualy configuring the vlans on all the
switchs.

Even though I use the "switchport trunk allowed vlan" command to limmit
vlans on the trunk links, VTP still send the whole list through, and the
2950 switch goes to transparent mode as soon as the vlans go over the 254 it
can handle.

I am going to be using this at a Hotel, that is using a system called the
Universal subscriber gateway from a company called Nomadix, it´s similar to
cisco´s BBSM

In this case we are using VLAN per room, to make the billing easyer, for
example. if you are using VLAN 202 you are in room 202, so the billing
system can send the bill to the correct room, for internet usage.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65879&t=65815
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DS3 bandwidth issues [7:65790]

[s vermill]

I should also have added that "DS" is derived from "digital signal" while
"T" is derived from "T-Carrier."

s vermill wrote:
> 
> Scott Roberts wrote:
> > 
> > why do people refer to a DS3 as a DS3 and not a T3? is there
> > something I'm
> > missing?
> 
> It's a bit esoteric.  I'm working on something that will help
> clarify.  In short, a DS3 is a frame structure (28 T1s plus
> 1.504 mbps overhead, all interleaved in a certain way, etc,
> etc).  A T3 is an actual interface (certain peak-to-peak
> voltage, certain impedance, etc).  It's rare that you would
> ever get your hands on an actual DS3 because that is created
> by, say, a T3 mux.  T1s as input, DS3 frame created from those,
> and T3 out for further transmission.  In that example, there’s
> never a discrete DS3 out in the open - it exists only inside
> the mux and only briefly.  To (hopefully) further clarify, you
> won't find a SONET box with a DS3 interface.  It'll have a T3
> interface.
> 
> They're pretty much used interchangeably in industry though.  
> 
> 
> > 
> > scott
> > 
> > ""Nate""  wrote in message
> > news:[EMAIL PROTECTED]
> > > We've run a bandwidth test on our DS3 with nothing connected
> > to it but a
> > > workstation (and obviously a router/pix).  We went to
> > testmyspeed.com as
> > > well as dslreports.com.  We both got very good bandwidth
> > tests (upward
> > 6m/s)
> > > however in transferring a 200m file to/from a workstation
> > behind the
> > > connection, we got over 30 minutes while our existing T1 got
> > 26 minutes.
> > > Anyone mind explaining this phenomenon?  Just a side note,
> we
> > have no
> > > encryption between GRE tunnels.  Thanks in advanced.
> > >
> > > -Nate
> > 
> > 
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65872&t=65790
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Why did Cisco do this? Off Topic [7:65834]

[Jim Devane]

Not yet. But with Broadcom now in charge of security technology, we can
probably expect big changes in the PIX line or seeing the PIX move to the
SOHO market and a new introduction of a Carrier Class firewall. (hopefully)


- Original Message -
From: "Scott Roberts" 
To: 
Sent: Thursday, March 20, 2003 11:13 AM
Subject: Re: Why did Cisco do this? Off Topic [7:65834]


> why not?
>
> my boss came to me this morning prior to the announcement and thought they
> were going to say they were buying checkpoint!
>
> scott
>
> ""Elijah Savage""  wrote in message
> news:[EMAIL PROTECTED]
> > Cisco buys Linksys.
> >
> >
>
http://www.quicken.com/investments/news/story/?story=NewsStory/BW/20030320/a
> 5141_1048177983.var&p=CSCO
> >
> >
> > --
> > "BSD is for people who love Unix -
> > Linux is for people who hate Microsoft"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65877&t=65834
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: DS3 bandwidth issues [7:65790]

[Priscilla Oppenheimer]

s vermill wrote:
> 
> Nate wrote:
> > 
> > We've run a bandwidth test on our DS3 with nothing connected
> to
> > it but a
> > workstation (and obviously a router/pix).  We went to
> > testmyspeed.com as
> > well as dslreports.com.  We both got very good bandwidth tests
> > (upward 6m/s)
> > however in transferring a 200m file to/from a workstation
> > behind the
> > connection, we got over 30 minutes while our existing T1 got
> 26
> > minutes.
> > Anyone mind explaining this phenomenon?  Just a side note, we
> > have no
> > encryption between GRE tunnels.  Thanks in advanced.
> > 
> > -Nate
> > 
> > 
> 
> 
> Nate,
> 
> A few rambling thoughts in addition to those already offered:
> 
> Where is this 200MB file?  On a lightning-fast server on a
> lightning-fast LAN connected to a lightning-fast router with a
> lightning fast connection to the Internet?  In other words, is
> the file location the bottleneck?  Because 26 minutes on even a
> T1 is TERRIBLE.

That's a good point. I wondered why the transfer was taking 26 minutes also.

Since he said he tested with those other tools and got 6m/sec (I guess he
meant 6 megabits per second which is OK, thought not great), the file
transfer speed is probably due to a really slow server or maybe a slow
client. We may be able to rule out the router and firewall since they were
in the picture for the other tests too. However, they might be relevant
since they were undoubtedly applying different rules when doing the file
transfer versus the other tests.

With a sniffer you can often tell where the bottleneck resides. Or maybe it
will be obvious because he'll tell us that the server or client is a 286
sitting on dial-up home network. Just kidding. He should do some more tests
and if he wants our help, give us more info. What is the server? What is its
OS? Was it FTP he was using? What about the client? What is the config on
the router and firewall? What else has he not told us about NAT, VPN,
tunnels, etc.? What variables were different for the one test versus the
other?

Priscilla


> 
> Also, the download test sites don't do file tranfer using FTP
> in general.  They establish an HTTP/TCP/IP session and dump a
> BUNCH of random text.  So the control mechanisms are different
> between the test and the "real world" file transfer.
> 
> Perhaps more rambling thoughts later...
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65871&t=65790
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: eBGP Multi-hop [7:65823]

[Brian Dennis]

Jim,
The default route as you've seen won't work but this will:

Rack4R2#conf t 
Enter configuration commands, one per line.  End with CNTL/Z.
Rack4R2(config)#ip route 0.0.0.0 128.0.0.0 192.168.33.2
Rack4R2(config)#ip route 128.0.0.0 128.0.0.0 192.168.33.2
Rack4R2(config)#^Z
Rack4R2#show ip route static
S0.0.0.0/1 [1/0] via 192.168.33.2
S128.0.0.0/1 [1/0] via 192.168.33.2
Rack4R2#

It's the next best thing to a default route ;-)

Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security)
[EMAIL PROTECTED]
http://www.labforge.com



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Jim Devane
Sent: Thursday, March 20, 2003 9:28 AM
To: [EMAIL PROTECTED]
Subject: Re: eBGP Multi-hop [7:65823]

Thanks for the replies so far...
Hmm, Well, actually becuase BGP uses TCP 179 is can traverse non-BGP
speakers to a router that does speak BGP ( Just like TFTP'ing to another
router)
I put the config I was testing below. The config works, BGP runs
everyone is
happy when I have a specific route to the opposite side peer's Loopback
address.

ip route 172.16.10.1 255.255.255.255 192.168.33.2

but if I remove that and install

ip route 0.0.0.0 0.0.0.0 192.168.33.2

then BGP breaks. I don't understand why. There is no IGP. Both routes
point
to exactly the same place.

conf t
router bgp 65500
no synchronization
bgp log-neighbor-changes
network 192.168.47.0
network 192.168.55.0
aggregate-address 192.168.0.0 255.255.0.0
neighbor 172.16.10.1 remote-as 6
neighbor 172.16.10.1 ebgp-multihop5
neighbor 172.16.10.1 update-source Loopback0
neighbor 172.16.10.1 version 4
neighbor 172.16.10.1 soft-reconfiguration inbound
neighbor 172.16.10.1 password 7 140705191C117B3821
neighbor 172.16.10.1 filter-list 3 in
neighbor 172.16.10.1 filter-list 4 out


- Original Message -
From: "Carroll Kong" 
To: 
Sent: Thursday, March 20, 2003 6:54 AM
Subject: Re: eBGP Multi-hop [7:65823]


> I guess I am kind of just going to a quick stab.  Do you have "no
> synchronization" under the BGP configuration?
>
> > hello all,
> >
> > (Re-post...not sure if original msg made it our not)
> >
> > playing around again and have a question. eBGP multi-hop cannot come
up
if
> > the peer is known through a default route.
> > Is there a reason why?
> > I mean, what is the point of a static route that causes a recursive
lookup
> > or a static route that simply points to the same next hop as a
default
> route?
> > For that matter, I can't see it being a matter of proximity either.
If
> > convergence time were not an issue, what is really wrong with having
a
10
> > hop or even 50 hop BGP session? (I know it is unlikely and there are
> > cetainly better ways to handle it (GRE or IPSec tunnel)) but for the
sake
> of
> > argument...
> >
> > Just curious, not able to find much on WHY it is like this...
> >
> > thanks,
> > Jim
> -Carroll Kong




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65875&t=65823
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

what kind of simulation on BSCI [7:65869]

[lenny lim]

i was wondering if anyone could give me some ideas on what kind of
simulation questions whould the BSCI exam come out?


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65869&t=65869
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 6509 cam entries [7:65758]

[David Vital]

Did you do a clear counters?


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65878&t=65758
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Open http: traffic on firewall... [7:65755]

[Steve Wilson]

without seeing your router it may be that the ethernet port is e0/0
perchance. It may even be a fastethernet port. Check the physical make up of
the router.
Cheers,
Steve Wilson

-Original Message-
From: SMAN
To: [EMAIL PROTECTED]
Sent: 20/03/2003 15:33
Subject: Re: Open http: traffic on firewall... [7:65755]

OK...I got to the point of issuing this command (ip route 2.2.2.2
255.255.255.255 ethernet 0) at the configure prompt and got:

Internet(config)#ip route 216.224.32.195 255.255.255.240 ethernet 0
% Incomplete command.

Any recommendations???

Thanks

Ken

""Robert Edmonds""  wrote in message
news:[EMAIL PROTECTED]
> First, you need to define your inside and outside interfaces for NAT.
> Usually, the interface where your webserver is connected will be
defined
as
> inside and all others are outside.  This would look something like
this,
> assuming your web server is on interface ethernet 0:
>
> interface ethernet 0
>  ip address 2.2.2.1 255.255.255.240
>  ip nat inside
> interface serial 0 (or interface serial 0.1 for frame relay
subinterface,
> depending on your setup)
>  ip nat outside
>
> Next, you'll need to define a static translation between your web
server
and
> your outside IP addresses assigned by your ISP.  I will use 10.0.0.1
to
> represent your web server address and 2.2.2.2 for your ISP assigned
address.
>
> ip nat inside source static 10.0.0.1 2.2.2.2
>
> Or, if you want to get fancy and do PAT:
>
> ip nat inside source static tcp 10.0.0.1 80 2.2.2.2 80 extendable
>
> Next, tell your router to send all traffic destined for 2.2.2.2 (the
outside
> address of your web server) to the proper interface.
>
> ip route 2.2.2.2 255.255.255.255 ethernet 0
>
> Your setup may demand something a little different, but in general I
think
> this should get you started.
>
> Robert
>
>
> ""SMAN""  wrote in message
> news:[EMAIL PROTECTED]
> > I have a cisco 2611 router/firewall that I need to open up for http:
> > traffic.  I need to configure NAT to point to the static IP on the
web
> > server.  How do I do this?  What are the specifics?
> >
> > Thanks
> >
> > Ken




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65880&t=65755
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: pix 501 limitations [7:65785]

[CCIE #6746]

With 3des encryption is it only capable of doing 3MB per sec.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of bk
Sent: Wednesday, March 19, 2003 5:24 PM
To: [EMAIL PROTECTED]
Subject: pix 501 limitations [7:65785]

Good day,

I thought I read somewhere that the vpn tunnel on a 501 is limited to 
3mb/sec throughput??  But I can't find that anywhere.

Has anyone actually got the inside of a 501 to use 100mbs??

thanks,

bk




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65873&t=65785
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP Certification [7:65759]

[David Vital]

Ms. Oppenheimer, Are the new ccnp exams going to be 642 level exams?  I
recieved got that email from Cisco but after looking at the list of 642
exams, I just assumed that it was only for tests that I wasn't going to be
taking.  I thought they had already updated the BSCI test.  Am I way off
base here?

David


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65876&t=65759
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Unable to delete flash [7:65529]

[Scott Roberts]

boot into boot-helper mode (conf-reg 0x2101) this will allow the flash to be
in read/write and not just read only mode.

let us know please if this solved it for, its always nice to hear what works
in the end.

scott

 wrote in message
news:[EMAIL PROTECTED]
> Question with similar interest...
>
> I have a file marked for delete in the bootflash of a 7513. When I issue
the
> squeeze command I get the following...
>
> 7513#show bootflash
> -#- ED --type-- --crc--- -seek-- nlen -length- -date/time-- name
> 1   .D image5BE93E76  6D42E8   22  6898280 Mar 04 2002 08:32:35
> rsp-boot-mz.
> 122-7a.bin
> 2   .. image7415A36D  DC4F08   24  7277472 Aug 13 2002 12:41:14
> rsp-boot-mz.
> 122-8.t5.bin
>
>
> 7513#squeeze bootflash
> All deleted files will be removed. Continue? [confirm]
> Squeeze operation may take a while. Continue? [confirm]
> %Error squeezing bootflash (File open for write)
>
> A reboot has been suggested. Any other ideas?
>
> Thanks,
> Tim
>
> -Original Message-
> From: Scott Roberts [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, March 19, 2003 3:16 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Unable to delete flash [7:65529]
>
>
> from the cisco IOS command reference:
>
> delete:
> "When you delete a file, the software simply marks the file as deleted,
but
> it does not erase the file. This feature allows you to later recover a
> "deleted" file using the undelete command. You can delete and undelete a
> file up to 15 times. To permanently delete all files marked "deleted" on a
> Flash memory device, use the squeeze command."
>
> erase:
>
> "When a file system is erased, none of the files in the file system can be
> recovered.
>
> The erase command can be used on both Class B and Class C Flash file
systems
> only. To reclaim space on Flash file systems after deleting files using
the
> delete command, you must use the erase command. This command erases all of

> the files in the Flash file system. "
>
>
>
> scott
>
> ""Sales""  wrote in message
> news:[EMAIL PROTECTED]
> > Some possible things to try would be to use the /force switch with the
> > delete command.  Also try erase versus delete to see if that helps.
> >
> >
> > Thanks,
> >
> > www.ccie4u.com
> > Rack Rentals and Lab Scenarios
> >
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
> > John Tafasi
> > Sent: Saturday, March 15, 2003 11:09 PM
> > To: [EMAIL PROTECTED]
> > Subject: Unable to delete flash [7:65529]
> >
> > Hi Group,
> >
> > I have a problem deleting a file from a 4500 series flash memory. The
> > file
> > shows up as been deleted but the available free space indicates that the
> > file has not been deleted yet. I tried to use the squeeze command but it
> > will not work with this file system. Can you guys suggest something.
> >
> > Thanks
> >
> > John Tafasi
> >
> > r1#show fla
> >
> > System flash directory:
> > File  Length   Name/status
> >   1   10031664  c4500-a3jk8s-mz.122-7b.bin [deleted]
> >   2   3668568  c4500-i-mz.120-25.bin
> > [13700360 bytes used, 3076856 available, 16777216 total]
> > 16384K bytes of processor board System flash (Read/Write)
> >
> > r1#delete flash:c4500-a3jk8s-mz.122-7b.bin
> > Delete filename [c4500-a3jk8s-mz.122-7b.bin]?
> > Delete flash:c4500-a3jk8s-mz.122-7b.bin? [confirm]
> > %Error deleting flash:c4500-a3jk8s-mz.122-7b.bin (No such file or
> > directory)
> > r1#
> This message has been scanned for viruses by the McAfee Security e500
> Appliance.
>
>
>
>
>
> Note: This e-mail contains PRIVILEGED and CONFIDENTIAL information
intended
> only for the use of the specific individual or entity named above. If you
or
> your employer is not the intended recipient of this e-mail or an employee
or
> agent responsible for delivering it to the intended recipient, you are
> hereby notified that any unauthorized dissemination or copying of this
> e-mail is strictly prohibited. If you have received this transmission in
> error, please immediately delete the message and advise the above by
> telephone, email or fax response to this message.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65862&t=65529
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX Questions [7:65806]

[Robert Perez]

Newer versions of the PIX OS have more routing protocol support such as
OSPF. Vs. 6.3

-Original Message-
From: Ben W [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 20, 2003 2:16 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX Questions [7:65806]


The PIX is not a router, however it does have a routing table and can
participate in a limited fashion in certain routing protocols, like RIP.

To answer your 2nd question, there is no functional difference between the
IOS and PIX doing nat/pat.  Its just a difference in configuration really.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65874&t=65806
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT: Satellite Modem [7:65830]

[s vermill]

And now for that link...

http://store.satcomresources.com/index.cfm?do=catalog&a=pd&sku=R1_CM701A




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65870&t=65830
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DS3 bandwidth issues [7:65790]

[MADMAN]

six of one half dozen of the other, they both describe the same 
thing.  I "think" T is a Bellcore name and DS is a some standards body name.

  Dave

Scott Roberts wrote:
> why do people refer to a DS3 as a DS3 and not a T3? is there something I'm
> missing?
> 
> scott
> 
> ""Nate""  wrote in message
> news:[EMAIL PROTECTED]
> 
>>We've run a bandwidth test on our DS3 with nothing connected to it but a
>>workstation (and obviously a router/pix).  We went to testmyspeed.com as
>>well as dslreports.com.  We both got very good bandwidth tests (upward
> 
> 6m/s)
> 
>>however in transferring a 200m file to/from a workstation behind the
>>connection, we got over 30 minutes while our existing T1 got 26 minutes.
>>Anyone mind explaining this phenomenon?  Just a side note, we have no
>>encryption between GRE tunnels.  Thanks in advanced.
>>
>>-Nate
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

I would rather have a German division in front of me than a French one 
behind me."
--- General George S. Patton




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65882&t=65790
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CAT3924 Web Simulator [7:65883]

[Warren McCluer]

I have made a Cat3924 Token Ring Concentrator simulator. I can be accessed
at http:/wmccluer.home.mindspring.com


-
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65883&t=65883
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP Certification [7:65759]

[Priscilla Oppenheimer]

David Vital wrote:
> 
> Ms. Oppenheimer, Are the new ccnp exams going to be 642 level
> exams? 

Cisco is always updating their exams. I think the new batch will be 642. I
don't know a timeframe. The CID exam replacement is imminent because they've
announced that one. But the other ones haven't been announced, so we can't
assume any dates for CCNP exam replacements.

> I recieved got that email from Cisco but after looking
> at the list of 642 exams, I just assumed that it was only for
> tests that I wasn't going to be taking.  I thought they had
> already updated the BSCI test.  

But they will update it again too. Sorry I don't have more info. 

Priscilla

> Am I way off base here?
> 
> David




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65881&t=65759
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Why did Cisco do this? Off Topic [7:65834]

[nrf]

""The Long and Winding Road""  wrote in
message news:[EMAIL PROTECTED]
> ""Elijah Savage""  wrote in message
> news:[EMAIL PROTECTED]
> > Cisco buys Linksys.
> >
> >
>
http://www.quicken.com/investments/news/story/?story=NewsStory/BW/20030320/a
> 5141_1048177983.var&p=CSCO
> >
>
>
> Note that Cisco will continue with the Linksys name and operate the
company
> as a separate division.
>
> Cisco failed miserably in the SOHO / Consumer market. But there is a LOT
of
> money to be made there. So Cisco did what Cisco does - go out and buy a
> company that does it right.

To be fair to Cisco, it is extremely hard to serve 2 distinct markets well.
Cisco dominates in the enterprise/government market which demands features
and integratability.  Margins are high, sales are done mostly through the
channel, and brand-name recognition and the 'golden halo' of the Cisco name
are important.  The SOHO market is different.  Price is paramount, margins
are low, and practically everything is done through retail.

True indeed, there is good money to be made in the SOHO market.  But it
requires an entirely different mentality where competition is brutal and you
have to construct a high-volume, low-margin business model - a far cry from
the Cisco we know and love. It's the difference between operating
Neiman-Marcus and Walmart.

>
> The advantage of operating the acquisition under its existing name, and
> operating it separately is that Cisco doesn't get into the game of trying
to
> make their products interoperable from top to bottom. Part of their
earlier
> problem is customers expected seamless integration of the low end with the
> high end, and Cisco couldn't make it happen. Linksys comsumer products -
> wireless, DSL, cable, switches, etc are great products, especially for the
> home market. Now Cisco is in the market as a player, not a wannabe.
>
>
>
> >
> > --
> > "BSD is for people who love Unix -
> > Linux is for people who hate Microsoft"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65884&t=65834
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Token Ring and CCNP Switching Exam 640-604 [7:65885]

[Tim]

Is token ring a part of the CCNP Switching Exam 640-604?  It is not listed
in the exam objectives.

 

Thanks,

 

Tim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65885&t=65885
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: how to spoof a IP? [7:65559]

[Priscilla Oppenheimer]

Alan Stone wrote:
> 
> Hi..   Group
> 
> I always heard of those hacker spoof a IP and hack other people
> system.  Does spoof IP mean they are changing their source IP
> so that they pass thru firewall?  If yes, may I know what tool
> can they use in order to change their source IP

Spoofing an IP address means that you change your IP address to be that of
some other host. Packets from you will have that address in the Source IP
Address field of the IP header. For example, you could change your address
to be in the range of inside trusted addresses, even though you are on the
outside.

To change your address, use the TCP/IP Control Panel or equivalent in the
operating system that you are using.

You probably won't get through any firewalls, though. Firewalls make sure an
outsider isn't using an inside address. Routers ensure this too. It can be
easily accomplished with a simple access list.

Even before firewalls and routers watched for this, IP spoofing didn't mean
you could hack much unless you had additional hacking abilities. You had to
spoof the IP address of a trusted host and you had to be running software
that didn't care that you didn't see any replies. The replies go to the
legitimate holder of the IP address.

So, let's say that you start a 3-way handshake claiming that your address is
10.0.0.1. You send a SYN. The SYN ACK goes to the real holder of the
10.0.0.1 address. You send an ACK anyway after waiting the proper amount of
time. For this to work, you have to guess what sequence number the target
host is using in its SYN ACK packet. These days most operating systems
and/or firewalls randomize the initial sequence number so you can't guess it.

Even if you got that far and established a 3-way handshake, you would have
to keep guessing at sequence numbers and you would have to know how to get
root access or equivalent, or have some other hacking abilities to do any
damage.

Priscilla


> 
> Thanks a lot 
> 
> 
> 
> -
> Do you Yahoo!?
> Yahoo! Web Hosting - establish your business online




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65887&t=65559
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Network design product selecion question [7:65564]

[John Brandis]

Hi All,
 
once again, I am back designing a network for my company (scary).
 
The budget I have been given from my manager, would not pay for a family
visit to McDonalds.
 
However, this is the requirment (my product selection is below)
 
* Provide up to 200 ports on the floor
* 2 level building, with multi-mode fibre between level 1 & 2
* Level 1, has 70 users, 30 servers
* Level 2 has 60 users
* 2 subnets will be used in this office
 
I suggested, that we use a single 4003 as the core, purchase a Sup III, 1 x
8 port GBIC module, 1 x 48 port 10/100/1000 module. We then use the GBIC's
to extend to the 2 x 2950's on the floor above, and 2 x copper GBIC's to the
2950's on the same floor as the core switch. This solution, worked out to be
around $100K AUD (australian $$). This was seen as far to expensive. 
 
Is there any other model of Cisco catalyst switch that can perform layer 3
routing, GBIC between floors and etc that could do the job of the 4003/4006
? Or is there a better way of doing it ?
 
John
Sydney Australia


**

visit http://www.solution6.com

UK Customers - http://www.solution6.co.uk

**

Level 14, 383 Kent Street, Sydney NSW 2000.

General Phone: 61 2 9278 0666

General Fax: 61 2 9278 0555

**

This email message (and attachments) may contain information that is
confidential to Solution 6. If you are not the intended recipient you cannot
use, distribute or copy the message or attachments.  In such a case, please
notify the sender by return email immediately and erase all copies of the
message and attachments.  Opinions, conclusions and other information in
this message and attachments that do not relate to the official business of
Solution 6 are neither given nor endorsed by it.

*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65888&t=65564
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX Questions [7:65806]

[Darrell Newcomb]

And for IOS nat'ing you can use policy routing to determine egress interface
and thus NAT pool, which determines source address of outgoing traffic,
which can be useful in controlling inbound traffic flow.  YMMV But, this can
be very useful when you are trying to do network gymnastics or inflict pain
on a support team.

""Robert Perez""  wrote in message
news:[EMAIL PROTECTED]
> Newer versions of the PIX OS have more routing protocol support such as
> OSPF. Vs. 6.3
>
> -Original Message-
> From: Ben W [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 20, 2003 2:16 PM
> To: [EMAIL PROTECTED]
> Subject: RE: PIX Questions [7:65806]
>
>
> The PIX is not a router, however it does have a routing table and can
> participate in a limited fashion in certain routing protocols, like RIP.
>
> To answer your 2nd question, there is no functional difference between the
> IOS and PIX doing nat/pat.  Its just a difference in configuration really.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65890&t=65806
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: DS3 bandwidth issues [7:65790]

[[EMAIL PROTECTED]]

Being in the "CLEC" business I can tell you that we typically refer to T3
when discussing "Transport only" type ciruits of 45Mbps from point to point.
When we refer to putting services on it, such as Frame Relay, ATM, PPP,
voice (PRI, Trunks, etc) then we usually refer to them as DS3.

However, they are certainly used interchangibly by most.

A T1 or T3 is a "Carrier" as explained below:

To see the relationship between T-carrier, E-carrier, and DS0 multiples, see
digital signal X.
The T-carrier system, introduced by the Bell System in the U.S. in the
1960s, was the first successful system that supported digitized voice
transmission. The original transmission rate (1.544 Mbps) in the T-1 line is
in common use today in Internet service provider (ISP) connections to the
Internet. Another level, the T-3 line, providing 44.736 Mbps, is also
commonly used by Internet service providers. Another commonly installed
service is a fractional T-1, which is the rental of some portion of the 24
channels in a T-1 line, with the other channels going unused.

The T-carrier system is entirely digital, using pulse code modulation and
time-division multiplexing. The system uses four wires and provides duplex
capability (two wires for receiving and two for sending at the same time).
The T-1 digital stream consists of 24 64-Kbps channels that are multiplexed.
(The standardized 64 Kbps channel is based on the bandwidth required for a
voice conversation.) The four wires were originally a pair of twisted pair
copper wires, but can now also include coaxial cable, optical fiber, digital
microwave, and other media. A number of variations on the number and use of
channels are possible.

In the T-1 system, voice signals are sampled 8,000 times a second and each
sample is digitized into an 8-bit word. With 24 channels being digitized at
the same time, a 192-bit frame (24 channels each with an 8-bit word) is thus
being transmitted 8,000 times a second. Each frame is separated from the
next by a single bit, making a 193-bit block. The 192 bit frame multiplied
by 8,000 and the additional 8,000 framing bits make up the T-1's 1.544 Mbps
data rate. The signaling bits are the least significant bits in each frame.

A DS0/1/3 is a Digital signal carried by the "T" carrier as explained below:


Digital signal X is a term for the series of standard digital transmission
rates or levels based on DS0, a transmission rate of 64 Kbps, the bandwidth
normally used for one telephone voice channel. Both the North American
T-carrier system system and the European E-carrier systems of transmission
operate using the DS series as a base multiple. The digital signal is what
is carried inside the carrier system.
DS0 is the base for the digital signal X series. DS1, used as the signal in
the T-1 carrier, is 24 DS0 (64 Kbps) signals transmitted using pulse-code
modulation (PCM) and time-division multiplexing (TDM). DS2 is four DS1
signals multiplexed together to produce a rate of 6.312 Mbps. DS3, the
signal in the T-3 carrier, carries a multiple of 28 DS1 signals or 672 DS0s
or 44.736 Mbps.

Digital signal X is based on the ANSI T1.107 guidelines. The ITU-TS
guidelines differ somewhat.




> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> MADMAN
> Sent: Thursday, March 20, 2003 4:32 PM
> To: [EMAIL PROTECTED]
> Subject: Re: DS3 bandwidth issues [7:65790]
>
>
> six of one half dozen of the other, they both describe the same
> thing.  I "think" T is a Bellcore name and DS is a some standards
> body name.
>
>   Dave
>
> Scott Roberts wrote:
> > why do people refer to a DS3 as a DS3 and not a T3? is there
> something I'm
> > missing?
> >
> > scott
> >
> > ""Nate""  wrote in message
> > news:[EMAIL PROTECTED]
> >
> >>We've run a bandwidth test on our DS3 with nothing connected to it but a
> >>workstation (and obviously a router/pix).  We went to testmyspeed.com as
> >>well as dslreports.com.  We both got very good bandwidth tests (upward
> >
> > 6m/s)
> >
> >>however in transferring a 200m file to/from a workstation behind the
> >>connection, we got over 30 minutes while our existing T1 got 26 minutes.
> >>Anyone mind explaining this phenomenon?  Just a side note, we have no
> >>encryption between GRE tunnels.  Thanks in advanced.
> >>
> >>-Nate
> --
> David Madland
> CCIE# 2016
> Sr. Network Engineer
> Qwest Communications
> 612-664-3367
>
> I would rather have a German division in front of me than a French one
> behind me."
> --- General George S. Patton




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65893&t=65790
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Anyone configured nat under tunnel [7:65843]

[nrf]

""Ben W""  wrote in message
news:[EMAIL PROTECTED]
> The problem with doing standby track tunnel is quite often, the tunnel
> interface doesn't go down.  I had the same question awhile back when I was
> configuring HSRP and i found out that the tunnel interfaces would stay up,
> up, even though traffic stopped routing through it for one reason or
> another.  And if the interface doesn't go down, hsrp won't kick in.

Which is why the HSRP 'standby track' is generally considered a poor man's
routing protocol. You should consider using a real routing protocol for true
redundancy.

>
> Something to consider in your testing of it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65892&t=65843
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX Questions [7:65806]

[nrf]

""Ben W""  wrote in message
news:[EMAIL PROTECTED]
> The PIX is not a router, however it does have a routing table and can
> participate in a limited fashion in certain routing protocols, like RIP.

I'm afraid I have to disagree.  The Pix is a router.  Basically, any device
that will forward packets between different subnets is a router.

>
> To answer your 2nd question, there is no functional difference between the
> IOS and PIX doing nat/pat.  Its just a difference in configuration really.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65891&t=65806
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Policy based routing [7:65776]

[Patasse Eyabane]

Greg,
i believe you are missing an important command in your configuration:
on the serial interface where you applied the policy, add the command " ip
route-cache policy". that command will cache in the first usage of the
policy, so it won't have to dig for it everytime a packet comes flying
through. that should restore some speed. Let me know if it helped.

E.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65894&t=65776
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DS3 bandwidth issues [7:65790]

[Darrell Newcomb]

""Priscilla Oppenheimer""  wrote in message
news:[EMAIL PROTECTED]
> s vermill wrote:
> >
> > Nate wrote:
> > >
> > > We've run a bandwidth test on our DS3 with nothing connected
> > to
> > > it but a
> > > workstation (and obviously a router/pix).  We went to
> > > testmyspeed.com as
> > > well as dslreports.com.  We both got very good bandwidth tests
> > > (upward 6m/s)
> > > however in transferring a 200m file to/from a workstation
> > > behind the
> > > connection, we got over 30 minutes while our existing T1 got
> > 26
> > > minutes.
> > > Anyone mind explaining this phenomenon?  Just a side note, we
> > > have no
> > > encryption between GRE tunnels.  Thanks in advanced.
> > >

> Since he said he tested with those other tools and got 6m/sec (I guess he
> meant 6 megabits per second which is OK, thought not great), the file

The above is what I key'ed in on as the last test transfer he had done over
the new path.  Which is why I had originally suggested to tune tcp(the URL's
below the jokes were seen weren't they?) since a single tcp session at 6Mbps
crossing the continent(country) could be within expectations.  In most stock
tcp's and a 80ms RTT he would need a packet loss rate near .02%(.0002)  to
get 6Mbps.  Nothing unrealistic about those numbers and it seemed to me
someone just wanted to see 40+ Mbps numbers.  But I overlooked the part
about 30minutes over the DS3.

Regarding the concerns about the 26 minute T1 transer.  Maybe I'm a little
too sleep deprived from doing datacenter moves, but I don't see the issue
with
26minutes for a 200MB(bytes) file is roughly 1Mbps, don't forget overhead
too.  That's completely within norm for a single TCP session between two
reasonably distant endpoints bandlimited by a T1.

Back to the DS3 being slower for this one.  As everyone has been saying
break down the problem.  My guess would be you've got some major performance
inhibiting thing like a duplex mismatch somewhere and by being able to ramp
up transmit speeds quicker the session is smacked back down due to the
loss(from duplex mismatch).  What might be the simpliest suggestion for
testing is to start up the file transfer and while it's running do a
traceroute(large packet size if you could) from one end-host to the far end
and see if you notice a place of particularly high loss to go look at.

My appologies for overlooking the note about 30minute 200MB transfer over
DS3(not T1),
Darrell




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65895&t=65790
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

What is shared VC and dedicated VC ? [7:65896]

[dkshin]

What is difference between these things ?

Dedicated VC means that it allocate a separately physical cable per user to
transport point-to-point ?

How about the shared VC ?

Thanks

Dkshin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65896&t=65896
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

64M Flash Support on 6500 [7:65901]

[Jeffrey Reed]

Just an FYI for the group. I recently started looking for Flash PC Cards
that held more than 20M of storage and found the 6500s did not support
anything higher. I ran across this release note and will be testing a 64M
ATA Flash card next week. Heres the release note:

Supervisor Engine 2 ROMMON software release 7.1(1) introduces support for
the MEM-C6K-ATA-1-64M= (64MB) PCMCIA ATA FlashDisk device.

The following guidelines apply to the PCMCIA ATA FlashDisk device:
 After a reset, ROMMON release 7.1(1) implements a delay of 200 micro
seconds (ms) before you can access the PCMCIA ATA FlashDisk device.
 The Read/Write access time for the PCMCIA ATA FlashDisk device is 150 nano
second (ns), and the Read/Write cycle time is 280 ns.
 ROMMON release 7.1(1) allows a maximum of 300 ns for each of these
parameters.

Note Support for the PCMCIA ATA FlashDisk is for Catalyst 6000 family and
Cisco 7600 series systems that are running Cisco IOS Release 12.1(8a)EX and
later on the Supervisor Engine 2 and on the MSFC2. Support for systems
running Cisco IOS on the MSFC and Catalyst operating software on the
supervisor engine requires Catalyst software release 7.5(1) or later
releases.


Jeff Reed




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65901&t=65901
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Priscilla Oppenheimer + Danny Free [7:65897]

[jonathan jonathan]

I just wanted to thank you guys for taking the time to give me that little
boost that i needed for the frame-relay lab setup. i really get it now! I
was looking at the physical layer the whole time and not the physical /
logical picture. Anyway the lab is just about up and running I have gone
with a hub and spoke model and will later go for the patial meshed using
sub-int's. Which i think i have to do if i want to practice ospf. anyway
thanks again for all the hlp
jonathan


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65897&t=65897
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Priscilla Oppenheimer + Danny Free [7:65897]

[jonathan jonathan]

by the way getting deeper into it, i can now ping from all spoke routers to
the hub router however i cannot ping back. could this be a route map
statement on the frame switch (2521)? I'm still digging into it.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65899&t=65897
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Network design product selecion question [7:65564]

[Daniel Cotts]

I'll assume that you have reviewed "Top Down Network Design" and have mapped
your data flows. Do you need the bandwidth provided by the equipment that
you have listed? Any thoughts about Jurassic networking - used older gear?
3524XL switches etc.

> -Original Message-
> From: John Brandis [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 20, 2003 5:44 PM
> To: [EMAIL PROTECTED]
> Subject: Network design product selecion question [7:65564]
> 
> 
> Hi All,
>  
> once again, I am back designing a network for my company (scary).
>  
> The budget I have been given from my manager, would not pay 
> for a family
> visit to McDonalds.
>  
> However, this is the requirment (my product selection is below)
>  
> * Provide up to 200 ports on the floor
> * 2 level building, with multi-mode fibre between level 1 & 2
> * Level 1, has 70 users, 30 servers
> * Level 2 has 60 users
> * 2 subnets will be used in this office
>  
> I suggested, that we use a single 4003 as the core, purchase 
> a Sup III, 1 x
> 8 port GBIC module, 1 x 48 port 10/100/1000 module. We then 
> use the GBIC's
> to extend to the 2 x 2950's on the floor above, and 2 x 
> copper GBIC's to the
> 2950's on the same floor as the core switch. This solution, 
> worked out to be
> around $100K AUD (australian $$). This was seen as far to expensive. 
>  
> Is there any other model of Cisco catalyst switch that can 
> perform layer 3
> routing, GBIC between floors and etc that could do the job of 
> the 4003/4006
> ? Or is there a better way of doing it ?
>  
> John
> Sydney Australia
> 
> 
> **
> 
> visit http://www.solution6.com
> 
> UK Customers - http://www.solution6.co.uk
> 
> **
> 
> Level 14, 383 Kent Street, Sydney NSW 2000.
> 
> General Phone: 61 2 9278 0666
> 
> General Fax: 61 2 9278 0555
> 
> **
> 
> This email message (and attachments) may contain information that is
> confidential to Solution 6. If you are not the intended 
> recipient you cannot
> use, distribute or copy the message or attachments.  In such 
> a case, please
> notify the sender by return email immediately and erase all 
> copies of the
> message and attachments.  Opinions, conclusions and other 
> information in
> this message and attachments that do not relate to the 
> official business of
> Solution 6 are neither given nor endorsed by it.
> 
> *




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65900&t=65564
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: how to spoof a IP? [7:65559]

[Steve Dispensa]

A couple of amplifications:

On Sun, 2003-03-16 at 20:51, Priscilla Oppenheimer wrote:
> Alan Stone wrote:
> > 
> > Hi..   Group
> > 
> > I always heard of those hacker spoof a IP and hack other people
> > system.  Does spoof IP mean they are changing their source IP
> > so that they pass thru firewall?  If yes, may I know what tool
> > can they use in order to change their source IP
.
> To change your address, use the TCP/IP Control Panel or equivalent in the
> operating system that you are using.

More commonly (in my experience) people (skr1pt k1dd3z) use some stupid
program on a UNIX computer that writes to the network on a raw socket. 
This way the administrator of the system doesn't have to know (as long
as the user has root - required for raw sockets).

> You probably won't get through any firewalls, though. Firewalls make sure
an
> outsider isn't using an inside address. Routers ensure this too. It can be
> easily accomplished with a simple access list.

Those ACLs are far less common in enterprises than one would hope. 
Routers should do ingress filtering, but if the attacker chooses just a
random address, it won't be in the filter list.  Most of the packet
floods I've been on the business end of have been completely random
addresses.  In fact, some of them pick a random address per packet.  On
networks that do ingress filtering, the user may only have to pick an
address in the network's range, which will often still disguise his true
identity.

> Even before firewalls and routers watched for this, IP spoofing didn't mean
> you could hack much unless you had additional hacking abilities. You had to
> spoof the IP address of a trusted host and you had to be running software
> that didn't care that you didn't see any replies. The replies go to the
> legitimate holder of the IP address.

Another scenario is the above-mentioned packet flood attack, which still
happens every day to somebody.  Outside of SYN floods, this is usually
done with non-TCP datagrams, and the sender never reallly cares about
responses.  

A special case of this is the smurf attack - the attacker writes the
address of the victim host into the source address field and sends a big
directed-broadcast ping to a big network.  Each host on the network
sends a big response to the victim, chewing up most/all of its
bandwidth.

As Priscilla pointed out, hijacking attacks are pretty difficult these
days, given the ISN randomization and ingress filtering that many
firewalls and routers tend to do.  It's usually easier to just exploit a
security hole directly.

 -sd




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65898&t=65559
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: what kind of simulation on BSCI [7:65869]

[Tan Ben Liang]

www.boson.com
- Original Message -
From: "lenny lim" 
To: 
Sent: Friday, March 21, 2003 3:23 AM
Subject: what kind of simulation on BSCI [7:65869]


> i was wondering if anyone could give me some ideas on what kind of
> simulation questions whould the BSCI exam come out?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65903&t=65869
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE switch suggestions [7:65904]

[Brad Nixon]

I know this question probably has been asked here before, so forgive me. I
already have three routers (2x2514 and a 2509) and a Catalyst 1900 in my
home lab. I want to get a switch that will help me in preparing for the
CCIE. Can anyone make a suggestion on a switch that will give me the IOS
features that I need while not being outrageously priced?

--
Brad A. Nixon
CCDA, CCNP, MCP, NNCSS
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65904&t=65904
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Token Ring is it true? [7:65846]

[Biff Terrific]

"Junk"? Token Ring is still big on the written. While it's highly unlikely
that nobody will be designing a new token ring network, it will be around
for quite some time and as a Cisco Certified Internetworking "Expert" you
will need to know it. I have to deal with it on a consistant basis and I'm
just a CCIE wannabe. I would expect any CCIE to know that technology at
least as well as me. Appletalk isn't dead either; I had to configure
Appletalk routing just last week. You will still have to know this stuff;
trust me buddy, you didn't waste your time.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65905&t=65846
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BGP update-source Loopback0 [7:65902]

[Priscilla Oppenheimer]

What's with the "update-source Loopback0" that you see popping up in BGP
examples in books and white papers with no explanation? :-) What does it mean?

For example

router bgp 75
neighbor 10.100.65.1 remote-as 50
neighbor 10.100.65.1 update-source Loopback0

The example I'm looking at is much more complicated and I can tell you more
if you need me to, but I don't know if the rest of the stuff is relevant to
my question about this "update-source" parameter.

Wouldn't the router use the Loopback anyway for sending BGP messages?

Thanks

Priscilla


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65902&t=65902
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: Satellite Modem [7:65830]

[Prabhu K.]

Hello Kiran,
 
   I think it's not a big task to do that, just press config and u get
Tx/Rx  freq option there u press enter and change the parameter by
selecting up/down arrows. Here u can vary the frequency +/- 20Mhz from I.F
band. If u still couldn't able to do, pls contact me on off-line.

Good luck.
Prabu   


On Thu, 20 Mar 2003, Kiran Kumar M wrote:

> Hai,
> 
> This is out of topic to Cisco. But it is related with Communication, so I
> dared to post this in Cisco group. I think knowledgable persons in
> Networking won't mind.
> 
> If any one having experience in Satellite modems please help me. We have
> one Comstream CM701 modem, in that we are unable to configure the
> frequency, can any body guide me how to configure frequency in Comstream
> CM701.
> 
> Thanks & Regards,
> Kiran




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65906&t=65830
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]