RE: BGP update-source Loopback0 [7:65902]

[Orlando Palomar Jr CCIE#11206]

"You only have to use the update-source command when someone is peering to
your loopback address. This is true for an iBGP peer and an eBGP peer."

More info here:
http://www.cisco.com/en/US/partner/tech/tk826/tk365/technologies_tech_note09186a0080093fb8.shtml#updatesource


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65908&t=65902
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE switch suggestions [7:65904]

[Orlando Palomar Jr CCIE#11206]

The only IOS L-3 switch I know of that's relatively "cheap" other than the
3550 is the 2948G-L3. The latter is already EOL, however.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65907&t=65904
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DS3 bandwidth issues [7:65790]

[Howard C. Berkowitz]

At 8:30 AM + 3/20/03, Nate wrote:
>thanks guys.  I knew I could count on such bright and light-hearted people.


Just for completeness, the Microsoft solution is to increase the 
speed of darkness.

Nortel's is complex. There were times I thought the approach was to 
increase entropy, but one must remember that I was seeing it from the 
perspective of the corporate research lab.  I think the real approach 
was to increase the density of management until the passage, at any 
speed, of useful information was impossible and thus transfer rates 
unaffected by subsequent changes in the environment.

>
>- Original Message -
>From: "Priscilla Oppenheimer"
>To:
>Sent: Wednesday, March 19, 2003 6:19 PM
>Subject: Re: DS3 bandwidth issues [7:65790]
>
>
>>  Or he could do the file transfer to a server that is sitting on the edge
>of
>>  a Black Hole! :-)
>>
>>  Darrell Newcomb wrote:
>>  >
>>  > Increase the speed of light.
>>  >   By increasing the speed of light you will increase the
>>  > speed of your
>>  > file transfer.  Ask management to fund advanced research into
>>  > light
>>  > accelerators, then wait to do your transfers after light has
>>  > been speed up
>>  > by a few orders of magnitude.  (This works best for
>>  > non-technical folks)
>>  >
>>  > or  Use the turbo switch on the back of the router labeled - /
>>  > oor...
>>  >
>>  > Pull fiber directly from A to B
>>  > Help out the economy and network staff.  Buy a backhoe,
>>  > some explosives,
>>  > and a fiber splice hit.  Start at location A, use gps to plot a
>>  > direct path
>>  > to B(as the crow flys), point the tractor in the precise
>>  > direction and do
>>  > not deviate.  Remove any buildings, reroute roads, destroy
>>  > gardens, but keep
>>  > driving in a straight line.  Don't bother with regen, just stay
>>  > the course.
>>  > (Works good for technical staff who don't yet get it)
>>  >
>>  > ..OR..
>>  >
>>  > ""Nate""  wrote in message
>>  > news:[EMAIL PROTECTED]
>>  > > We've run a bandwidth test on our DS3 with nothing connected
>>  > to it but a
>>  > > workstation (and obviously a router/pix).  We went to
>>  > testmyspeed.com as
>>  > > well as dslreports.com.  We both got very good bandwidth
>>  > tests (upward
>>  > 6m/s)
>>  > > however in transferring a 200m file to/from a workstation
>>  > behind the
>>  > > connection, we got over 30 minutes while our existing T1 got
>>  > 26 minutes.
>>  > > Anyone mind explaining this phenomenon?  Just a side note, we
>>  > have no
>>  > > encryption between GRE tunnels.  Thanks in advanced.
>>  > >
>>  > > -Nate
>>  > >
>>  >
>>  > ..
>>  > Tune your tcp stack on the send side.
>>  > http://www.psc.edu/networking/perf_tune.html
>>  > http://www-iepm.slac.stanford.edu/monitoring/bulk/fast/
>>  >
>>  > Or maybe you have a real life problem or capacity shortage
>>  > somewhere.
>>  >
>>  > Good Luck,
>>  > Darrell
>>  > Always looking for the next big project...
>>
>>  As in increasing the speed of light? :-)
>>
>>  Priscilla
>>
>>  > darrell (at) hayaitacos  net




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65909&t=65790
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: CCIP Announcement - This ends the speculation! [7:65912]

[George Murage]

There has been some speculation on the fate of the CCIP track since the
beta testing of exam 642-661 - Configuring BGP on Cisco Routers. Well,
this is what Cisco has to say about it. 

Cisco Systems recently adjusted the CCIP (Cisco Certified Internetwork 
Professional) program to meet the changing needs of the service 
provider market.  With this adjustment, the CCIP curriculum will 
follow in the CCDP and CCNP tradition of four exams and four courses.  
The elective approach will be phased out and the existing QoS course 
will be a part of the CCIP program. For those customers interested in 
pursuing the elective areas, the Cisco Qualified Specialist program 
will offer focused training and certification in multiple areas of 
high demand.

http://www.cisco.com/warp/public/10/wwtraining/ecampaign/blast 
http://www.cisco.com/warp/public/10/wwtraining/ecampaign/blast2

Question is what happens to those who have the "old" CCIP with an
elective.

Then there is an overlap in course material. A good portion of the BSCI
course covers BGP, which is covered again in the new exam "Configuring
BGP on Cisco Routers".

However, IMHO, I think the cert is welcome. By making MPLS and some
advanced BGP concepts mandatory it is more reflective of the skills
required in a SP environment.

GM




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65912&t=65912
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Difference on L3 switching of Cat4500 and Cat6 [7:65832]

[Howard C. Berkowitz]

At 6:04 PM + 3/20/03, Priscilla Oppenheimer wrote:
>Robert Edmonds wrote:
>>
>>  Actually, Multiprotocol Label Switch is MPLS.  MLS is
>>  MultiLayer Switching.
>>  This refers to a switch that can do not noly what Kiran said
>>  about L3
>>  switching, but can make forwarding decisions based on higher
>>  level
>>  protocols, such as tcp, udp, etc.
>
>Oh dear, this has really gotten funny.
>
>MLS is neither MPLS nor switching based on multiple OSI layers.

Multiple Listing System, a Real Estate application.

>
>MLS refers to a route/switch architecture in which the forwarding and
>routing jobs (layers or modules) are assigned to two different pieces of
>hardware. A router module learns how to reach destinations, handles the
>first set of packets to a destination, and then tells a switching module how
>to handle subsequent packets for that flow. Some high-end routers do this
>(with VIPs, etc.) and some high-end switches can do it also, either with the
>help of an outside router or by using built-in feature cards.
>
>MLS is often used to specifically refer to the architecture and features on
>a Cat 5000 and 6000 that enable this division of tasks. There are three
>components (or layers) to the MLS architecture on these switches:
>
>MLS Route Processor (MLS-RP)
>MLS Switching Engine (MLS-SE)
>Multilayer Switching Protocol (MLSP)
>
>The router part talks to the switching part using MLSP. This allows the
>switching part to develop a cache that enables "shortcut switching" of
>packets.


See the ongoing drafts in the IETF FORCES Working Group for some 
general models of this approach. Without getting into vendor-specific 
areas, however, the most advanced routers in development use higher 
levels of multiprocessing and multiple processor interactions.

>
>That's just one way of handling the necessary tasks, however.
>
>Take the 8500 "switch" as an example of another way of handling the problem.
>It can run the entire IOS and act just like a traditional router, only
>faster. It has a Switch Route Processor that handles routing functions at
>high speeds. Just to confuse matters, it behaves a little differently from
>the Route Switch Processor available on other platforms. :-)
>
>Unfortunately, I don't know much about the Catalyst 4000, which was
>mentioned in the original question. But from what I understand about it,
>it's basically a router with switch ports. Its architecture is more like the
>8500. It runs most of IOS and can do routing protocols, including BGP, OSPF,
>etc. It can forward packets at high speeds based on Layer 3 info or Layer 2
>info. It's a router on steroids, whereas a Cat 5000 or 6000 with MLS is a
>switch that has been told how to forward packets that normally a router
>would handle.
>
>Which method is better? Neither one, though they have their pluses and
>minues.

A true point. When I have designed complex networks, on a 
case-by-case basis, I might find that one or another method was best 
for the specific circumstances. I am not convinced that another 
method wouldn't have been "good enough."

>Really, you just have to realize that all these options came out
>during the dot com craze when Cisco had thousands and thousands of employees
>all working to solve the same problem, gobs of money to buy companies with
>products that all sovled the same problem, etc. So in true Cisco style, you
>can accomplish the exact same thing (fast forwarding of packets) in a bunch
>of different ways.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65910&t=65832
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

NT service monitor [7:65911]

[supernet]

Where can I find an NT 4 service monitoring tool? I want to reboot the
server if one of NT service is down. Thanks. Yoshi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65911&t=65911
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE switch suggestions [7:65904]

[Troy Leliard]

Correct me if I am wrong, but does the CCIE have a IOS based switched or a
CatOS?  I thought it was CatOS
> I know this question probably has been asked here before, so
> forgive me. I
> already have three routers (2x2514 and a 2509) and a Catalyst
> 1900 in my
> home lab. I want to get a switch that will help me in preparing
> for the
> CCIE. Can anyone make a suggestion on a switch that will give
> me the IOS
> features that I need while not being outrageously priced?
> 
> --
> Brad A. Nixon
> CCDA, CCNP, MCP, NNCSS
> [EMAIL PROTECTED]
> 
> 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65915&t=65904
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: What is shared VC and dedicated VC ? [7:65896]

[Troy Leliard]

A PVC is a virtual point-to-point circuit, that is established, data flows
and then lays in an idle state waiting for more data etc.  a Switched
virtual circuit, is torn down after the data is sent, and then
re-established when more data is required to be sent.

dkshin wrote:
> 
> What is difference between these things ?
> 
> Dedicated VC means that it allocate a separately physical cable
> per user to
> transport point-to-point ?
> 
> How about the shared VC ?
> 
> Thanks
> 
> Dkshin
> 
> 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65914&t=65896
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: eBGP Multi-hop [7:65823]

[Troy Leliard]

A default route, aka a route of last resort.  For BGP, route to the next
hope must be explicitly in the routing table.  This is one of the pre-reqs
for BGP to advertise its own routes as well (unless you have synchronisation
turned off).

In my deployments of BPG, we alway suse the loopbak interface for iBGP peers
as this is already distributed using our IGP, and then use the interface
address of the peering routing for eBGP, with a atatic route to that IP.

Good old bgp :).  Right now lets spark of some discussion about the security
of BGP peering :)

Brian Dennis wrote:
> 
> Jim,
> The default route as you've seen won't work but this will:
> 
> Rack4R2#conf t 
> Enter configuration commands, one per line.  End with CNTL/Z.
> Rack4R2(config)#ip route 0.0.0.0 128.0.0.0 192.168.33.2
> Rack4R2(config)#ip route 128.0.0.0 128.0.0.0 192.168.33.2
> Rack4R2(config)#^Z
> Rack4R2#show ip route static
> S0.0.0.0/1 [1/0] via 192.168.33.2
> S128.0.0.0/1 [1/0] via 192.168.33.2
> Rack4R2#
> 
> It's the next best thing to a default route ;-)
> 
> Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security)
> [EMAIL PROTECTED]
> http://www.labforge.com
> 
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of
> Jim Devane
> Sent: Thursday, March 20, 2003 9:28 AM
> To: [EMAIL PROTECTED]
> Subject: Re: eBGP Multi-hop [7:65823]
> 
> Thanks for the replies so far...
> Hmm, Well, actually becuase BGP uses TCP 179 is can traverse
> non-BGP
> speakers to a router that does speak BGP ( Just like TFTP'ing
> to another
> router)
> I put the config I was testing below. The config works, BGP runs
> everyone is
> happy when I have a specific route to the opposite side peer's
> Loopback
> address.
> 
> ip route 172.16.10.1 255.255.255.255 192.168.33.2
> 
> but if I remove that and install
> 
> ip route 0.0.0.0 0.0.0.0 192.168.33.2
> 
> then BGP breaks. I don't understand why. There is no IGP. Both
> routes
> point
> to exactly the same place.
> 
> conf t
> router bgp 65500
> no synchronization
> bgp log-neighbor-changes
> network 192.168.47.0
> network 192.168.55.0
> aggregate-address 192.168.0.0 255.255.0.0
> neighbor 172.16.10.1 remote-as 6
> neighbor 172.16.10.1 ebgp-multihop5
> neighbor 172.16.10.1 update-source Loopback0
> neighbor 172.16.10.1 version 4
> neighbor 172.16.10.1 soft-reconfiguration inbound
> neighbor 172.16.10.1 password 7 140705191C117B3821
> neighbor 172.16.10.1 filter-list 3 in
> neighbor 172.16.10.1 filter-list 4 out
> 
> 
> - Original Message -
> From: "Carroll Kong" 
> To: 
> Sent: Thursday, March 20, 2003 6:54 AM
> Subject: Re: eBGP Multi-hop [7:65823]
> 
> 
> > I guess I am kind of just going to a quick stab.  Do you have
> "no
> > synchronization" under the BGP configuration?
> >
> > > hello all,
> > >
> > > (Re-post...not sure if original msg made it our not)
> > >
> > > playing around again and have a question. eBGP multi-hop
> cannot come
> up
> if
> > > the peer is known through a default route.
> > > Is there a reason why?
> > > I mean, what is the point of a static route that causes a
> recursive
> lookup
> > > or a static route that simply points to the same next hop
> as a
> default
> > route?
> > > For that matter, I can't see it being a matter of proximity
> either.
> If
> > > convergence time were not an issue, what is really wrong
> with having
> a
> 10
> > > hop or even 50 hop BGP session? (I know it is unlikely and
> there are
> > > cetainly better ways to handle it (GRE or IPSec tunnel))
> but for the
> sake
> > of
> > > argument...
> > >
> > > Just curious, not able to find much on WHY it is like
> this...
> > >
> > > thanks,
> > > Jim
> > -Carroll Kong
> 
> 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65913&t=65823
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

L3 switching [7:65916]

[KW S]

Dear all

I have a little confusion here

Layer 3 switching is hardware based routing.

If this is correct, does it means that switching path in a router like
netflow and distributed switching is the same as L3 switching

Thanks

KWS




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65916&t=65916
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE switch suggestions [7:65904]

[Vikram JeetSingh]

Hi Brad,
As per me, now one has to use 3550 switch for the R&S lab.

Regards

-Original Message-
From: Troy Leliard [mailto:[EMAIL PROTECTED]
Sent: Friday, March 21, 2003 3:29 PM
To: [EMAIL PROTECTED]
Subject: RE: CCIE switch suggestions [7:65904]


Correct me if I am wrong, but does the CCIE have a IOS based switched or a
CatOS?  I thought it was CatOS
> I know this question probably has been asked here before, so
> forgive me. I
> already have three routers (2x2514 and a 2509) and a Catalyst
> 1900 in my
> home lab. I want to get a switch that will help me in preparing
> for the
> CCIE. Can anyone make a suggestion on a switch that will give
> me the IOS
> features that I need while not being outrageously priced?
> 
> --
> Brad A. Nixon
> CCDA, CCNP, MCP, NNCSS
> [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65918&t=65904
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Messages doubling up on the mailing list [7:65919]

[John Brandis]

Lately, I have seen the odd problem on the list, such as my email being
redistributed some week or so after I sent it. Also, earlier this week, the
list was around 6 hours behind the time of sending. It looks much better now
though


**

This email message (and attachments) may contain information that is
confidential to Solution 6. If you are not the intended recipient you cannot
use, distribute or copy the message or attachments.  In such a case, please
notify the sender by return email immediately and erase all copies of the
message and attachments.  Opinions, conclusions and other information in
this message and attachments that do not relate to the official business of
Solution 6 are neither given nor endorsed by it.

*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65919&t=65919
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 6509 cam entries [7:65758]

[steve]

yes and i still get these static arp entries

any other idea`s


- Original Message -
From: "David Vital" 
To: 
Sent: Thursday, March 20, 2003 9:00 PM
Subject: RE: 6509 cam entries [7:65758]


> Did you do a clear counters?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65921&t=65758
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Convert from Custome Queue to CBWFQ [7:65700]

[alaerte Vidali]

>>Are you asking or responding to a post? I may have missed the first 
>>portion 

As it is common to say, that was my 2C



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65920&t=65700
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DS3 bandwidth issues [7:65790]

[Steven Aiello]

Wow Thank you sooo much.  This is the best explanation of T-carrier Vs. 
Dx-Carrier I've ever read.  I work in the IT field for some time, but 
not to much in the telco side and I could never really find what the 
difference was.

THANKS A TON 

Steve




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65922&t=65790
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: NT service monitor [7:65911]

[Aaron Ajello]

check out sitescope, made by freshwater.  I think you can download a trial
copy.  here's their site: www.freshwater.com



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65923&t=65911
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Lost SA :-( [7:65924]

[Chris Penrose]

Has anyone had a problem with IPSec loosing it's SA,  I have a router
configured for VPN to a PIX and it will occasionally loose it's SA.
Clear crypto sa fixes the problem but it keeps occurring intermittently.
I've never had a problem on PIX to PIX vpn, is this normal? Or is my
config suspect?

Regards

Chris





This email and any attachments are confidential and intended solely for the
individual or organisation to which it is addressed.  If you have received
this email or any attachments in error please notify us by email or telephone
+44 (0) 1872 279727 immediately. Please ensure no further copies of this
email
or attachments are distributed in any form and that all copies are
permanently
deleted from your systems.

The contents of this email and any attachments shall be of no contractual
effect unless otherwise agreed between AC Systems (Danemove Ltd) and the
legitimate recipient.

AC Systems
Danemove House
Newham Road
Truro
Cornwall
TR1 2DP
www.ac-systems.co.uk




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65924&t=65924
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE switch suggestions [7:65904]

[Orlando Palomar Jr CCIE#11206]

Troy Leliard wrote:
> 
> Correct me if I am wrong, but does the CCIE have a IOS based
> switched or a CatOS?  I thought it was CatOS cheap and cheerful 5002 would
do it.
> 

After Nov. 4, 2002, Catalyst 3550 switches with the EMI software officially
replaced the CatOS switches on the CCIE R&S Lab.

http://www.cisco.com/en/US/partner/learning/le3/le11/learning_ccie_resource_guide.html#13


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65925&t=65904
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Confused over NAT [7:65926]

[James Gosnold]

Dear all,

Just having a slight problem getting my head around NAT regarding the
example configurations in the study guides I have.

access-list 1 permit 10.0.0.1 0.0.0.255 (defines list of addresses)

ip nat pool mynatpool 222.2.2.1 222.2.2.254 netmask 255.255.255.0 (defines
pool of inside global addresses NAT can replace the SA with)
ip nat inside source list 1 pool mynatpool (applies the addresses laid out
in the access-list as inside addresses and tells router to replace SA from
mynatpool)

int eth0
ip address 10.0.0.1 255.255.255.0
ip nat inside (tells NAT that this is where inside addresses come from)

int ser0
ip address 133.4.4.1 255.255.255.0
ip nat outside

So here is my confusion: 

If the Ser0 interface is the WAN address (133.4.4.1) and it replaces the
inside local address with a SA from mynatpool (222.2.2.1 - 222.2.2.254) then
how will the packet get back to the WAN interface? I thought that NAT would
replace the inside local address with the address of the WAN interface, not
a group of different public ip addresses? How will the packet get back if
the SA is from the range 222.2.2.1 - 254 and yet the IP address of the WAN
interface is clearly not from this range?

Confused from London

Regards, James.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65926&t=65926
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Priscilla Oppenheimer + Danny Free [7:65897]

[Priscilla Oppenheimer]

jonathan jonathan wrote:
> 
> by the way getting deeper into it, i can now ping from all
> spoke routers to the hub router however i cannot ping back.
> could this be a route map statement on the frame switch (2521)?
> I'm still digging into it.


Hello Jonathan Jonathan,

I'm so glad our messages were helpful.

Usually pinging capablity is symmetrical. That is, if Router A can ping
Router B, then Router B can ping Router A. Sending a ping reply requires the
same "resources" and configuration as sending a ping. So, when you ping from
Router B to Router A, if Router A can send a ping reply, it would be strange
indeed if it can't send a ping, and vice versa.

The exception to this, of course, is access lists. They could make it work
assymetrically.

There may be other exceptions too that I'm just not thinking of...

So, I guess I'm questioning what you're telling us is happening. That's kind
of rude, but I'm in a bit of a rush. :-)

Now, if you said you can't ping your own interface, that's a very common
problem with new Frame Relay configs. You won't be able to ping your own
interface unless you have a map statement for your own address.

Gotta run. Nice talking to you. Good luck with your lab!

Priscilla


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65928&t=65897
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Network design product selecion question [7:65927]

[Carlos Roque]

John,

Take a look at the Cisco 3550 switch. It has layer 3 capabilities using the
EMI IOS version.

Regards,

Carlos Roque




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65927&t=65927
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: eBGP Multi-hop [7:65823]

[Priscilla Oppenheimer]

Troy Leliard wrote:
> 
> A default route, aka a route of last resort.  For BGP, route to
> the next hope 

The next hope. I like that. :-)

> must be explicitly in the routing table.  This is
> one of the pre-reqs for BGP to advertise its own routes as well
> (unless you have synchronisation turned off).
> 
> In my deployments of BPG, we alway suse the loopbak interface
> for iBGP peers as this is already distributed using our IGP,
> and then use the interface address of the peering routing for
> eBGP, with a atatic route to that IP.
> 
> Good old bgp :). 

Man it's complicated! Argh. :-)

> Right now lets spark of some discussion about
> the security of BGP peering :)
> 
> Brian Dennis wrote:
> > 
> > Jim,
> > The default route as you've seen won't work but this will:
> > 
> > Rack4R2#conf t 
> > Enter configuration commands, one per line.  End with CNTL/Z.
> > Rack4R2(config)#ip route 0.0.0.0 128.0.0.0 192.168.33.2
> > Rack4R2(config)#ip route 128.0.0.0 128.0.0.0 192.168.33.2
> > Rack4R2(config)#^Z
> > Rack4R2#show ip route static
> > S0.0.0.0/1 [1/0] via 192.168.33.2
> > S128.0.0.0/1 [1/0] via 192.168.33.2
> > Rack4R2#
> > 
> > It's the next best thing to a default route ;-)
> > 
> > Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security)
> > [EMAIL PROTECTED]
> > http://www.labforge.com
> > 
> > 
> > 
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> > Behalf Of
> > Jim Devane
> > Sent: Thursday, March 20, 2003 9:28 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: eBGP Multi-hop [7:65823]
> > 
> > Thanks for the replies so far...
> > Hmm, Well, actually becuase BGP uses TCP 179 is can traverse
> > non-BGP
> > speakers to a router that does speak BGP ( Just like TFTP'ing
> > to another
> > router)
> > I put the config I was testing below. The config works, BGP
> runs
> > everyone is
> > happy when I have a specific route to the opposite side peer's
> > Loopback
> > address.
> > 
> > ip route 172.16.10.1 255.255.255.255 192.168.33.2
> > 
> > but if I remove that and install
> > 
> > ip route 0.0.0.0 0.0.0.0 192.168.33.2
> > 
> > then BGP breaks. I don't understand why. There is no IGP. Both
> > routes
> > point
> > to exactly the same place.
> > 
> > conf t
> > router bgp 65500
> > no synchronization
> > bgp log-neighbor-changes
> > network 192.168.47.0
> > network 192.168.55.0
> > aggregate-address 192.168.0.0 255.255.0.0
> > neighbor 172.16.10.1 remote-as 6
> > neighbor 172.16.10.1 ebgp-multihop5
> > neighbor 172.16.10.1 update-source Loopback0
> > neighbor 172.16.10.1 version 4
> > neighbor 172.16.10.1 soft-reconfiguration inbound
> > neighbor 172.16.10.1 password 7 140705191C117B3821
> > neighbor 172.16.10.1 filter-list 3 in
> > neighbor 172.16.10.1 filter-list 4 out
> > 
> > 
> > - Original Message -
> > From: "Carroll Kong" 
> > To: 
> > Sent: Thursday, March 20, 2003 6:54 AM
> > Subject: Re: eBGP Multi-hop [7:65823]
> > 
> > 
> > > I guess I am kind of just going to a quick stab.  Do you
> have
> > "no
> > > synchronization" under the BGP configuration?
> > >
> > > > hello all,
> > > >
> > > > (Re-post...not sure if original msg made it our not)
> > > >
> > > > playing around again and have a question. eBGP multi-hop
> > cannot come
> > up
> > if
> > > > the peer is known through a default route.
> > > > Is there a reason why?
> > > > I mean, what is the point of a static route that causes a
> > recursive
> > lookup
> > > > or a static route that simply points to the same next hop
> > as a
> > default
> > > route?
> > > > For that matter, I can't see it being a matter of
> proximity
> > either.
> > If
> > > > convergence time were not an issue, what is really wrong
> > with having
> > a
> > 10
> > > > hop or even 50 hop BGP session? (I know it is unlikely and
> > there are
> > > > cetainly better ways to handle it (GRE or IPSec tunnel))
> > but for the
> > sake
> > > of
> > > > argument...
> > > >
> > > > Just curious, not able to find much on WHY it is like
> > this...
> > > >
> > > > thanks,
> > > > Jim
> > > -Carroll Kong
> > 
> > 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65929&t=65823
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Confused over NAT [7:65926]

[John Hutchison]

Nat replaces the inside IP with a/the real IP from it's outside pool. It
keeps track of which inside device each NAT'd (is that a word?) packet
belongs to via the port it assigns to the packet when it puts the outside IP
addy on it and sends it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65933&t=65926
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Confused over NAT [7:65926]

[James Gosnold]

Ok, I think I have it now. So in a way the pool of addresses are like a load
of virtual interfaces?

I understand the use of sockets for overloading and how this can enable to
use just one address, it was just the pool thing that confused me a little!

Thanks guys, James.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65937&t=65926
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DS3 bandwidth issues [7:65790]

[s vermill]

Darrell,

I guess you're right about the T1.  Assuming that only about 1 mbps of true
throughput is achieved, 26 minutes is easily within the realm of
possibility.  I just downloaded a 4MB file over a T1 (and it's shared by
quite a number of folks).  It took 31 seconds.  Extrapolating, 200MB / 4MB =
50 x 31 sec = 1550 sec / 60 = ~26 min.

Huh!

Checking that math, 200MB = 208,715,200 bytes = 1,677,721,600 bits / 1 mbps
= ~1678 seconds / 60 = ~28 minutes.

Huh!

Tuning the TCP stack is always a good idea.  However, assuming your example
of 80ms RTT, here's where you should start having problems:

throughput = window size / RTT 

throughput = ??
standard Microsoft window size = 65,536 bytes or 524,288 bits
RTT = 80ms or .08 sec

524,288 / .08 = 6,553,600

So up to ~6.5 mbps (w/ 80ms RTT), TCP flow control probably isn't an issue. 
I think that's what you were saying.

But, as we all agree, that sucks for a T3.  Further indication that there's
a bottleneck somewhere beyond the immediate connectivity...


 
Darrell Newcomb wrote:
> 
> ""Priscilla Oppenheimer""  wrote in
> message
> news:[EMAIL PROTECTED]
> > s vermill wrote:
> > >
> > > Nate wrote:
> > > >
> > > > We've run a bandwidth test on our DS3 with nothing
> connected
> > > to
> > > > it but a
> > > > workstation (and obviously a router/pix).  We went to
> > > > testmyspeed.com as
> > > > well as dslreports.com.  We both got very good bandwidth
> tests
> > > > (upward 6m/s)
> > > > however in transferring a 200m file to/from a workstation
> > > > behind the
> > > > connection, we got over 30 minutes while our existing T1
> got
> > > 26
> > > > minutes.
> > > > Anyone mind explaining this phenomenon?  Just a side
> note, we
> > > > have no
> > > > encryption between GRE tunnels.  Thanks in advanced.
> > > >
> 
> > Since he said he tested with those other tools and got 6m/sec
> (I guess he
> > meant 6 megabits per second which is OK, thought not great),
> the file
> 
> The above is what I key'ed in on as the last test transfer he
> had done over
> the new path.  Which is why I had originally suggested to tune
> tcp(the URL's
> below the jokes were seen weren't they?) since a single tcp
> session at 6Mbps
> crossing the continent(country) could be within expectations. 
> In most stock
> tcp's and a 80ms RTT he would need a packet loss rate near
> .02%(.0002)  to
> get 6Mbps.  Nothing unrealistic about those numbers and it
> seemed to me
> someone just wanted to see 40+ Mbps numbers.  But I overlooked
> the part
> about 30minutes over the DS3.
> 
> Regarding the concerns about the 26 minute T1 transer.  Maybe
> I'm a little
> too sleep deprived from doing datacenter moves, but I don't see
> the issue
> with
> 26minutes for a 200MB(bytes) file is roughly 1Mbps, don't
> forget overhead
> too.  That's completely within norm for a single TCP session
> between two
> reasonably distant endpoints bandlimited by a T1.
> 
> Back to the DS3 being slower for this one.  As everyone has
> been saying
> break down the problem.  My guess would be you've got some
> major performance
> inhibiting thing like a duplex mismatch somewhere and by being
> able to ramp
> up transmit speeds quicker the session is smacked back down due
> to the
> loss(from duplex mismatch).  What might be the simpliest
> suggestion for
> testing is to start up the file transfer and while it's running
> do a
> traceroute(large packet size if you could) from one end-host to
> the far end
> and see if you notice a place of particularly high loss to go
> look at.
> 
> My appologies for overlooking the note about 30minute 200MB
> transfer over
> DS3(not T1),
> Darrell
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65935&t=65790
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Confused over NAT [7:65926]

[Robert Perez]

You would need to have routing out on the internet that says how to get back
to those addresses or what would do is get rid of the nat pool and nat using
the Serial interface address.

-Original Message-
From: James Gosnold [mailto:[EMAIL PROTECTED] 
Sent: Friday, March 21, 2003 9:55 AM
To: [EMAIL PROTECTED]
Subject: Confused over NAT [7:65926]


Dear all,

Just having a slight problem getting my head around NAT regarding the
example configurations in the study guides I have.

access-list 1 permit 10.0.0.1 0.0.0.255 (defines list of addresses)

ip nat pool mynatpool 222.2.2.1 222.2.2.254 netmask 255.255.255.0 (defines
pool of inside global addresses NAT can replace the SA with)
ip nat inside source list 1 pool mynatpool (applies the addresses laid out
in the access-list as inside addresses and tells router to replace SA from
mynatpool)

int eth0
ip address 10.0.0.1 255.255.255.0
ip nat inside (tells NAT that this is where inside addresses come from)

int ser0
ip address 133.4.4.1 255.255.255.0
ip nat outside

So here is my confusion: 

If the Ser0 interface is the WAN address (133.4.4.1) and it replaces the
inside local address with a SA from mynatpool (222.2.2.1 - 222.2.2.254) then
how will the packet get back to the WAN interface? I thought that NAT would
replace the inside local address with the address of the WAN interface, not
a group of different public ip addresses? How will the packet get back if
the SA is from the range 222.2.2.1 - 254 and yet the IP address of the WAN
interface is clearly not from this range?

Confused from London

Regards, James.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65931&t=65926
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: eBGP Multi-hop [7:65823]

[Brian Dennis]

The 0.0.0.0/1 and 128.0.0.0/1 routes will work for the next hop.

Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security)
[EMAIL PROTECTED]
http://www.labforge.com

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Friday, March 21, 2003 1:42 AM
To: [EMAIL PROTECTED]
Subject: RE: eBGP Multi-hop [7:65823]

A default route, aka a route of last resort.  For BGP, route to the next
hope must be explicitly in the routing table.  This is one of the
pre-reqs
for BGP to advertise its own routes as well (unless you have
synchronisation
turned off).

In my deployments of BPG, we alway suse the loopbak interface for iBGP
peers
as this is already distributed using our IGP, and then use the interface
address of the peering routing for eBGP, with a atatic route to that IP.

Good old bgp :).  Right now lets spark of some discussion about the
security
of BGP peering :)

Brian Dennis wrote:
> 
> Jim,
> The default route as you've seen won't work but this will:
> 
> Rack4R2#conf t 
> Enter configuration commands, one per line.  End with CNTL/Z.
> Rack4R2(config)#ip route 0.0.0.0 128.0.0.0 192.168.33.2
> Rack4R2(config)#ip route 128.0.0.0 128.0.0.0 192.168.33.2
> Rack4R2(config)#^Z
> Rack4R2#show ip route static
> S0.0.0.0/1 [1/0] via 192.168.33.2
> S128.0.0.0/1 [1/0] via 192.168.33.2
> Rack4R2#
> 
> It's the next best thing to a default route ;-)
> 
> Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security)
> [EMAIL PROTECTED]
> http://www.labforge.com
> 
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of
> Jim Devane
> Sent: Thursday, March 20, 2003 9:28 AM
> To: [EMAIL PROTECTED]
> Subject: Re: eBGP Multi-hop [7:65823]
> 
> Thanks for the replies so far...
> Hmm, Well, actually becuase BGP uses TCP 179 is can traverse
> non-BGP
> speakers to a router that does speak BGP ( Just like TFTP'ing
> to another
> router)
> I put the config I was testing below. The config works, BGP runs
> everyone is
> happy when I have a specific route to the opposite side peer's
> Loopback
> address.
> 
> ip route 172.16.10.1 255.255.255.255 192.168.33.2
> 
> but if I remove that and install
> 
> ip route 0.0.0.0 0.0.0.0 192.168.33.2
> 
> then BGP breaks. I don't understand why. There is no IGP. Both
> routes
> point
> to exactly the same place.
> 
> conf t
> router bgp 65500
> no synchronization
> bgp log-neighbor-changes
> network 192.168.47.0
> network 192.168.55.0
> aggregate-address 192.168.0.0 255.255.0.0
> neighbor 172.16.10.1 remote-as 6
> neighbor 172.16.10.1 ebgp-multihop5
> neighbor 172.16.10.1 update-source Loopback0
> neighbor 172.16.10.1 version 4
> neighbor 172.16.10.1 soft-reconfiguration inbound
> neighbor 172.16.10.1 password 7 140705191C117B3821
> neighbor 172.16.10.1 filter-list 3 in
> neighbor 172.16.10.1 filter-list 4 out
> 
> 
> - Original Message -
> From: "Carroll Kong" 
> To: 
> Sent: Thursday, March 20, 2003 6:54 AM
> Subject: Re: eBGP Multi-hop [7:65823]
> 
> 
> > I guess I am kind of just going to a quick stab.  Do you have
> "no
> > synchronization" under the BGP configuration?
> >
> > > hello all,
> > >
> > > (Re-post...not sure if original msg made it our not)
> > >
> > > playing around again and have a question. eBGP multi-hop
> cannot come
> up
> if
> > > the peer is known through a default route.
> > > Is there a reason why?
> > > I mean, what is the point of a static route that causes a
> recursive
> lookup
> > > or a static route that simply points to the same next hop
> as a
> default
> > route?
> > > For that matter, I can't see it being a matter of proximity
> either.
> If
> > > convergence time were not an issue, what is really wrong
> with having
> a
> 10
> > > hop or even 50 hop BGP session? (I know it is unlikely and
> there are
> > > cetainly better ways to handle it (GRE or IPSec tunnel))
> but for the
> sake
> > of
> > > argument...
> > >
> > > Just curious, not able to find much on WHY it is like
> this...
> > >
> > > thanks,
> > > Jim
> > -Carroll Kong




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65934&t=65823
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE switch suggestions [7:65904]

[Troy Leliard]

Good thing I asked .. Oh well, back to the original question .. where can i
find a cheap 3550 ??
hehehe

Orlando Palomar Jr  CCIE#11206 wrote:
> 
> Troy Leliard wrote:
> > 
> > Correct me if I am wrong, but does the CCIE have a IOS based
> > switched or a CatOS?  I thought it was CatOS > cheap and cheerful 5002
would do it.
> > 
> 
> After Nov. 4, 2002, Catalyst 3550 switches with the EMI
> software officially replaced the CatOS switches on the CCIE R&S
> Lab.
> 
>
http://www.cisco.com/en/US/partner/learning/le3/le11/learning_ccie_resource_guide.html#13


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65930&t=65904
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: NT service monitor [7:65911]

[Kevin Stone]

You can try Servers Alive.  There is a free version that supports up to
10 device entries, the full registered version is under 200.00usd. You
can download it at http://www.woodstone.nu./salive/

-Kevin


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
> Behalf Of supernet
> Sent: Friday, March 21, 2003 2:03 AM
> To: [EMAIL PROTECTED]
> Subject: NT service monitor [7:65911]
> 
> 
> Where can I find an NT 4 service monitoring tool? I want to 
> reboot the server if one of NT service is down. Thanks. Yoshi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65932&t=65911
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

VLAN as Firewall zones [7:65938]

[Paulo Roque]

Hi.
I usually separate firewall zone with different physical LAN in different
switches.
What do you think of separating firewall zone with VLANs in the same
switch/chassis?
Paulo




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65938&t=65938
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Confused over NAT [7:65926]

[Daniel Cotts]

The rest of the world has to have a route to your pool of addresses
(222.2.2.1-254 in your example). The pool is assigned by your local ISP.
They should have a route to it.
With PAT you could use the WAN interface address for all translations.

> -Original Message-
> From: James Gosnold [mailto:[EMAIL PROTECTED]
> Sent: Friday, March 21, 2003 8:55 AM
> To: [EMAIL PROTECTED]
> Subject: Confused over NAT [7:65926]
> 
> 
> Dear all,
> 
> Just having a slight problem getting my head around NAT regarding the
> example configurations in the study guides I have.
> 
> access-list 1 permit 10.0.0.1 0.0.0.255 (defines list of addresses)
> 
> ip nat pool mynatpool 222.2.2.1 222.2.2.254 netmask 
> 255.255.255.0 (defines
> pool of inside global addresses NAT can replace the SA with)
> ip nat inside source list 1 pool mynatpool (applies the 
> addresses laid out
> in the access-list as inside addresses and tells router to 
> replace SA from
> mynatpool)
> 
> int eth0
> ip address 10.0.0.1 255.255.255.0
> ip nat inside (tells NAT that this is where inside addresses 
> come from)
> 
> int ser0
> ip address 133.4.4.1 255.255.255.0
> ip nat outside
> 
> So here is my confusion: 
> 
> If the Ser0 interface is the WAN address (133.4.4.1) and it 
> replaces the
> inside local address with a SA from mynatpool (222.2.2.1 - 
> 222.2.2.254) then
> how will the packet get back to the WAN interface? I thought 
> that NAT would
> replace the inside local address with the address of the WAN 
> interface, not
> a group of different public ip addresses? How will the packet 
> get back if
> the SA is from the range 222.2.2.1 - 254 and yet the IP 
> address of the WAN
> interface is clearly not from this range?
> 
> Confused from London
> 
> Regards, James.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65936&t=65926
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Large number of VLANS [7:65815]

[CCIE #6746]

Have you tried BBSM, it much easier than that to use and it's compatible
with all popular billing systems. I did many installs of it as a Cisco SE


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 20, 2003 4:21 PM
To: [EMAIL PROTECTED]
Subject: Re: Large number of VLANS [7:65815]

I have goten it to work in a lab enviroment, i.e. with out using VTP, just
using VTP transperant mode and manualy configuring the vlans on all the
switchs.

Even though I use the "switchport trunk allowed vlan" command to limmit
vlans on the trunk links, VTP still send the whole list through, and the
2950 switch goes to transparent mode as soon as the vlans go over the 254 it
can handle.

I am going to be using this at a Hotel, that is using a system called the
Universal subscriber gateway from a company called Nomadix, it4s similar to
cisco4s BBSM

In this case we are using VLAN per room, to make the billing easyer, for
example. if you are using VLAN 202 you are in room 202, so the billing
system can send the bill to the correct room, for internet usage.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65889&t=65815
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DS3 bandwidth issues [7:65790]

[Scott Roberts]

wow thanks for all the responses everyone! I learn something new everyday on
this board.

scott

""[EMAIL PROTECTED]""  wrote in message
news:[EMAIL PROTECTED]
> Being in the "CLEC" business I can tell you that we typically refer to T3
> when discussing "Transport only" type ciruits of 45Mbps from point to
point.
> When we refer to putting services on it, such as Frame Relay, ATM, PPP,
> voice (PRI, Trunks, etc) then we usually refer to them as DS3.
>
> However, they are certainly used interchangibly by most.
>
> A T1 or T3 is a "Carrier" as explained below:
>
> To see the relationship between T-carrier, E-carrier, and DS0 multiples,
see
> digital signal X.
> The T-carrier system, introduced by the Bell System in the U.S. in the
> 1960s, was the first successful system that supported digitized voice
> transmission. The original transmission rate (1.544 Mbps) in the T-1 line
is
> in common use today in Internet service provider (ISP) connections to the
> Internet. Another level, the T-3 line, providing 44.736 Mbps, is also
> commonly used by Internet service providers. Another commonly installed
> service is a fractional T-1, which is the rental of some portion of the 24
> channels in a T-1 line, with the other channels going unused.
>
> The T-carrier system is entirely digital, using pulse code modulation and
> time-division multiplexing. The system uses four wires and provides duplex
> capability (two wires for receiving and two for sending at the same time).
> The T-1 digital stream consists of 24 64-Kbps channels that are
multiplexed.
> (The standardized 64 Kbps channel is based on the bandwidth required for a
> voice conversation.) The four wires were originally a pair of twisted pair
> copper wires, but can now also include coaxial cable, optical fiber,
digital
> microwave, and other media. A number of variations on the number and use
of
> channels are possible.
>
> In the T-1 system, voice signals are sampled 8,000 times a second and each
> sample is digitized into an 8-bit word. With 24 channels being digitized
at
> the same time, a 192-bit frame (24 channels each with an 8-bit word) is
thus
> being transmitted 8,000 times a second. Each frame is separated from the
> next by a single bit, making a 193-bit block. The 192 bit frame multiplied
> by 8,000 and the additional 8,000 framing bits make up the T-1's 1.544
Mbps
> data rate. The signaling bits are the least significant bits in each
frame.
>
> A DS0/1/3 is a Digital signal carried by the "T" carrier as explained
below:
>
>
> Digital signal X is a term for the series of standard digital transmission
> rates or levels based on DS0, a transmission rate of 64 Kbps, the
bandwidth
> normally used for one telephone voice channel. Both the North American
> T-carrier system system and the European E-carrier systems of transmission
> operate using the DS series as a base multiple. The digital signal is what
> is carried inside the carrier system.
> DS0 is the base for the digital signal X series. DS1, used as the signal
in
> the T-1 carrier, is 24 DS0 (64 Kbps) signals transmitted using pulse-code
> modulation (PCM) and time-division multiplexing (TDM). DS2 is four DS1
> signals multiplexed together to produce a rate of 6.312 Mbps. DS3, the
> signal in the T-3 carrier, carries a multiple of 28 DS1 signals or 672
DS0s
> or 44.736 Mbps.
>
> Digital signal X is based on the ANSI T1.107 guidelines. The ITU-TS
> guidelines differ somewhat.
>
>
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> > MADMAN
> > Sent: Thursday, March 20, 2003 4:32 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: DS3 bandwidth issues [7:65790]
> >
> >
> > six of one half dozen of the other, they both describe the same
> > thing.  I "think" T is a Bellcore name and DS is a some standards
> > body name.
> >
> >   Dave
> >
> > Scott Roberts wrote:
> > > why do people refer to a DS3 as a DS3 and not a T3? is there
> > something I'm
> > > missing?
> > >
> > > scott
> > >
> > > ""Nate""  wrote in message
> > > news:[EMAIL PROTECTED]
> > >
> > >>We've run a bandwidth test on our DS3 with nothing connected to it but
a
> > >>workstation (and obviously a router/pix).  We went to testmyspeed.com
as
> > >>well as dslreports.com.  We both got very good bandwidth tests (upward
> > >
> > > 6m/s)
> > >
> > >>however in transferring a 200m file to/from a workstation behind the
> > >>connection, we got over 30 minutes while our existing T1 got 26
minutes.
> > >>Anyone mind explaining this phenomenon?  Just a side note, we have no
> > >>encryption between GRE tunnels.  Thanks in advanced.
> > >>
> > >>-Nate
> > --
> > David Madland
> > CCIE# 2016
> > Sr. Network Engineer
> > Qwest Communications
> > 612-664-3367
> >
> > I would rather have a German division in front of me than a French one
> > behind me."
> > --- General George S. Patton




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65941&t=65790
-

2501 and 2503 Lab [7:65942]

[Pete Nugent]

Just got a small Lab fo home 2 x 2501 and a 2503 here's what I really need
to know. As the MCNS is fo router security mainly will this be OK.

Will these run BGP, OSPF, ISIS IPSec/DES/3DES. Basically what are the
limitations. They all have V12 IOS. Seems like an easy question but I dont
wanna start trying something I cant do.

Also if I want to look at the CSSP at a later date are 2 PIX 501's enough. 

Any advice on additions to my Lab will be appreciated.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65942&t=65942
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Confused over NAT [7:65926]

[fred barreras]

The source address of the packet(host address) is replaced with one of the
addresses in the natpool.  That is contained in the header of the packet. 
The routing protocol takes care of insuring that the packet gets back to
your WAN interface.  Hope this helps.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65939&t=65926
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Unable to delete flash [7:65529]

[[EMAIL PROTECTED]]

I just rebooted and this cleared the problem. I did not change the conf-reg.

Thanks for the suggestions,
Tim

-Original Message-
From: Scott Roberts [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 20, 2003 2:15 PM
To: [EMAIL PROTECTED]
Subject: Re: Unable to delete flash [7:65529]


boot into boot-helper mode (conf-reg 0x2101) this will allow the flash to be
in read/write and not just read only mode.

let us know please if this solved it for, its always nice to hear what works
in the end.

scott

 wrote in message
news:[EMAIL PROTECTED]
> Question with similar interest...
>
> I have a file marked for delete in the bootflash of a 7513. When I issue
the
> squeeze command I get the following...
>
> 7513#show bootflash
> -#- ED --type-- --crc--- -seek-- nlen -length- -date/time-- name
> 1   .D image5BE93E76  6D42E8   22  6898280 Mar 04 2002 08:32:35
> rsp-boot-mz.
> 122-7a.bin
> 2   .. image7415A36D  DC4F08   24  7277472 Aug 13 2002 12:41:14
> rsp-boot-mz.
> 122-8.t5.bin
>
>
> 7513#squeeze bootflash
> All deleted files will be removed. Continue? [confirm]
> Squeeze operation may take a while. Continue? [confirm]
> %Error squeezing bootflash (File open for write)
>
> A reboot has been suggested. Any other ideas?
>
> Thanks,
> Tim
>
> -Original Message-
> From: Scott Roberts [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, March 19, 2003 3:16 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Unable to delete flash [7:65529]
>
>
> from the cisco IOS command reference:
>
> delete:
> "When you delete a file, the software simply marks the file as deleted,
but
> it does not erase the file. This feature allows you to later recover a
> "deleted" file using the undelete command. You can delete and undelete a
> file up to 15 times. To permanently delete all files marked "deleted" on a
> Flash memory device, use the squeeze command."
>
> erase:
>
> "When a file system is erased, none of the files in the file system can be
> recovered.
>
> The erase command can be used on both Class B and Class C Flash file
systems
> only. To reclaim space on Flash file systems after deleting files using
the
> delete command, you must use the erase command. This command erases all of

> the files in the Flash file system. "
>
>
>
> scott
>
> ""Sales""  wrote in message
> news:[EMAIL PROTECTED]
> > Some possible things to try would be to use the /force switch with the
> > delete command.  Also try erase versus delete to see if that helps.
> >
> >
> > Thanks,
> >
> > www.ccie4u.com
> > Rack Rentals and Lab Scenarios
> >
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
> > John Tafasi
> > Sent: Saturday, March 15, 2003 11:09 PM
> > To: [EMAIL PROTECTED]
> > Subject: Unable to delete flash [7:65529]
> >
> > Hi Group,
> >
> > I have a problem deleting a file from a 4500 series flash memory. The
> > file
> > shows up as been deleted but the available free space indicates that the
> > file has not been deleted yet. I tried to use the squeeze command but it
> > will not work with this file system. Can you guys suggest something.
> >
> > Thanks
> >
> > John Tafasi
> >
> > r1#show fla
> >
> > System flash directory:
> > File  Length   Name/status
> >   1   10031664  c4500-a3jk8s-mz.122-7b.bin [deleted]
> >   2   3668568  c4500-i-mz.120-25.bin
> > [13700360 bytes used, 3076856 available, 16777216 total]
> > 16384K bytes of processor board System flash (Read/Write)
> >
> > r1#delete flash:c4500-a3jk8s-mz.122-7b.bin
> > Delete filename [c4500-a3jk8s-mz.122-7b.bin]?
> > Delete flash:c4500-a3jk8s-mz.122-7b.bin? [confirm]
> > %Error deleting flash:c4500-a3jk8s-mz.122-7b.bin (No such file or
> > directory)
> > r1#
> This message has been scanned for viruses by the McAfee Security e500
> Appliance.
>
>
>
>
>
> Note: This e-mail contains PRIVILEGED and CONFIDENTIAL information
intended
> only for the use of the specific individual or entity named above. If you
or
> your employer is not the intended recipient of this e-mail or an employee
or
> agent responsible for delivering it to the intended recipient, you are
> hereby notified that any unauthorized dissemination or copying of this
> e-mail is strictly prohibited. If you have received this transmission in
> error, please immediately delete the message and advise the above by
> telephone, email or fax response to this message.
This message has been scanned for viruses by the McAfee Security e500
Appliance.





Note: This e-mail contains PRIVILEGED and CONFIDENTIAL information intended
only for the use of the specific individual or entity named above. If you or
your employer is not the intended recipient of this e-mail or an employee or
agent responsible for delivering it to the intended recipient, you are
hereby notified that any unauthorized dissemination or copying of this
e-mail is strictly prohibited. If you have received this transmission in
error, please immediately delete the message and advise the above by
telephone, email or fax

7507 - How many modules? [7:65943]

[[EMAIL PROTECTED]]

Is the slot 2 and 3 reserved for RSP, so one can just use 5 other modules?
Even if there is only one RSP?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65943&t=65943
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VLAN as Firewall zones [7:65938]

[Andrew Dorsett]

On Fri, 21 Mar 2003, Paulo Roque wrote:

> I usually separate firewall zone with different physical LAN in different
> switches.
> What do you think of separating firewall zone with VLANs in the same
> switch/chassis?

Generally a very bad idea!  I fully agree with physical seperation.
Because if it's based on VLANs then they only have to compromise the
switch to compromise the entire network.  Also because there are new layer
2 techniques that can allow a packet to hop across VLANs.  These are the
only things that worry me about the FW module for the 6500 chassis.  It's
based on VLANs.  So if I can hop VLANs somewhere then I can bypass the
firewall.

Andrew
---

http://www.andrewsworld.net/
ICQ: 2895251
Cisco Certified Network Associate

"Learn from the mistakes of others. You won't live long enough to make all
of them yourself."




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65944&t=65938
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE switch suggestions [7:65904]

[The Long and Winding Road]

Cisco has already answered this question

Your first point of reference:

http://www.cisco.com/warp/public/625/ccie/ccie_program/whatsnew.html

and in particular for the 3550 switches

http://www.cisco.com/warp/public/625/ccie/ccie_program/whatsnew.html#13

and

http://www.cisco.com/warp/public/625/ccie/ccie_program/whatsnew.html#15

Do you need the particular switches to study? Well, there are things common
to the 3550 and the 3500XL and maybe a couple of the other switches.

The IOS image is similar enough to routers, that you can practice the
configs on a router.

Ask yourself - what is Cisco likely to test, and plan you studies
accordingly.

Rather than spend a lot of money on equipment so you can duplicate the Lab,
you may want to invest in fewer pieces of equipment, and some on rack rental
to practice a few particular things.

--
TANSTAAFL
"there ain't no such thing as a free lunch"




""Troy Leliard""  wrote in message
news:[EMAIL PROTECTED]
> Correct me if I am wrong, but does the CCIE have a IOS based switched or a
> CatOS?  I thought it was CatOS
> > I know this question probably has been asked here before, so
> > forgive me. I
> > already have three routers (2x2514 and a 2509) and a Catalyst
> > 1900 in my
> > home lab. I want to get a switch that will help me in preparing
> > for the
> > CCIE. Can anyone make a suggestion on a switch that will give
> > me the IOS
> > features that I need while not being outrageously priced?
> >
> > --
> > Brad A. Nixon
> > CCDA, CCNP, MCP, NNCSS
> > [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65945&t=65904
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

7206 PROBLEM! [7:65950]

[Xy Hien Le]

Dear All member,

Does anyone know how the procedure of how to recover a BOOTLDR image for a
cisco 7206 router?
When I boot this router up, it did not see the boot image and reboot with
image store in flash card.
Thanks you all in advance.

Xy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65950&t=65950
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PHBs in QoS [7:65947]

[[EMAIL PROTECTED]]

Can somone please (in English) tell me what a PHB actually is and how I can
identify or set one.

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
 00.. = Differentiated Services Codepoint: Default (0x00)
 ..0. = ECN-Capable Transport (ECT): 0
 ...0 = ECN-CE: 0

Many thx :))


Ken Farrington
Global Networks, Barclays Capital, 5 The North Colonnade, Canary
Wharf, London, E14 4BB
* Tel : 020 7773 3550
* Mob : 07768-866655
* [EMAIL PROTECTED]   





For more information about Barclays Capital, please
visit our web site at http://www.barcap.com.


Internet communications are not secure and therefore the Barclays 
Group does not accept legal responsibility for the contents of this 
message.  Although the Barclays Group operates anti-virus programmes, 
it does not accept responsibility for any damage whatsoever that is 
caused by viruses being passed.  Any views or opinions presented are 
solely those of the author and do not necessarily represent those of the 
Barclays Group.  Replies to this email may be monitored by the Barclays 
Group for operational or business reasons.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65947&t=65947
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ISDN Idle-Timeout [7:65951]

[Don Kanicki]

Hello all

Working on an isdn router for a client and the customer never wants the line
to drop.The value range for the idle-timeout command is
0-2147483.I want to know if there is a value that specifies always on.The
max value for the command comes out to around 28 days and change and while
thats a hell of a long time I'm wondering if the 0 value might equal never.


TIA
Don K.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65951&t=65951
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 7507 - How many modules? [7:65943]

[MADMAN]

No, if you have only one RSP slot 3 can be utilize a VIP or IP card.

   Dave

[EMAIL PROTECTED] wrote:
> Is the slot 2 and 3 reserved for RSP, so one can just use 5 other modules?
> Even if there is only one RSP?
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

I would rather have a German division in front of me than a French one 
behind me."
--- General George S. Patton




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65949&t=65943
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 7507 - How many modules? [7:65943]

[Daniel Cotts]

True.

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Friday, March 21, 2003 11:44 AM
> To: [EMAIL PROTECTED]
> Subject: 7507 - How many modules? [7:65943]
> 
> 
> Is the slot 2 and 3 reserved for RSP, so one can just use 5 
> other modules?
> Even if there is only one RSP?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65946&t=65943
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Looking for Trashed 7507 Chassis [7:65948]

[Daniel Cotts]

I need a module that holds the MAC addresses for a 7000/7507. The 7000 puts
the addresses on the RP or RSP7000 card. The 7507 puts it on the backplane.
I have an RSP7000 that is missing its module. (The RP doesn't use this
module.) On the 7507 it can be reached by removing the plastic bezel. It is
on the large circuit card just above the electrical buss bar. Location J1.
Part is labeled Dallas DS1201. It plugs into the card. Five pins.
If you have a 7507 junk chassis, I'd like to buy that module from you. Or if
anyone has junked RSP7000 cards. The module is at the bottom rear of the
card below the edge connectors.
Thanks in advance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65948&t=65948
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE switch suggestions [7:65904]

[Reza]

WWW.ebay.com

They go for about $1800
Reza


""Troy Leliard""  wrote in message
news:[EMAIL PROTECTED]
> Good thing I asked .. Oh well, back to the original question .. where can
i
> find a cheap 3550 ??
> hehehe
>
> Orlando Palomar Jr  CCIE#11206 wrote:
> >
> > Troy Leliard wrote:
> > >
> > > Correct me if I am wrong, but does the CCIE have a IOS based
> > > switched or a CatOS?  I thought it was CatOS > cheap and cheerful 5002
> would do it.
> > >
> >
> > After Nov. 4, 2002, Catalyst 3550 switches with the EMI
> > software officially replaced the CatOS switches on the CCIE R&S
> > Lab.
> >
> >
>
http://www.cisco.com/en/US/partner/learning/le3/le11/learning_ccie_resource_
guide.html#13




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65940&t=65904
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VLAN as Firewall zones [7:65938]

[neal r]

We deploy 2620/2621 in our microwave network with Catalyst 1912/1924 to 'fan
out' via
VLANs, but we just use the aux port on the 26xx to reverse telnet to the
19xx, rather
than assigning an IP address to the switch.


   I have seen several situations where ARP requests leak across VLANs on
29xx/35xx
series equipment, never really had the chance to observe enough on the other
platforms
(4xxx/5xxx/6xxx) to know if they're involved - the 19xx seem to be very
stable and I've
never detected anything like leaking information on them.

  The big benefit for us, besides cheaper port density, is that we 'twin'
each port -
an on site tech wanting to work on the thing plugged in to port 1 on the cat
1924 knows
he can just hook his laptop to port 11 and he is on the same segment.



Andrew Dorsett wrote:

> On Fri, 21 Mar 2003, Paulo Roque wrote:
>
> > I usually separate firewall zone with different physical LAN in different
> > switches.
> > What do you think of separating firewall zone with VLANs in the same
> > switch/chassis?
>
> Generally a very bad idea!  I fully agree with physical seperation.
> Because if it's based on VLANs then they only have to compromise the
> switch to compromise the entire network.  Also because there are new layer
> 2 techniques that can allow a packet to hop across VLANs.  These are the
> only things that worry me about the FW module for the 6500 chassis.  It's
> based on VLANs.  So if I can hop VLANs somewhere then I can bypass the
> firewall.
>
> Andrew
> ---
>
> http://www.andrewsworld.net/
> ICQ: 2895251
> Cisco Certified Network Associate
>
> "Learn from the mistakes of others. You won't live long enough to make all
> of them yourself."




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65952&t=65938
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PDM Question [7:65954]

[Hartnell, George]

Hi there,

I've got a 515UR failover I jus' upgraded from 5.3(1) to 6.1(4).  I'd like
to pop PDM on that system(s) and try that interface out.

I'm a command line kind of guy, so am comfortable with CLI, but, I've heard
that PDM is a worthy utility.

Any words of wisdom on PDM installation?

Best, G.

"Nations have recently been led to borrow billions for war;
no nation has ever borrowed largely for education...
no nation is rich enough to pay for both war and civilization.
We must make our choice; we cannot have both." -- Abraham Flexner




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65954&t=65954
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Removing IP address from CatOS switch [7:65634]

[ericbrouwers]

Hi,

I now understand the purpose of the "clear ip address [vlan vlan-id] "
command.  If the switch receives its IP address from for example DHCP, and
you clear the IP address by using this command, the DHCP server reassigns
the address. If you use the "no ip address" command, IP connectivity is gone
for sure.

On CatOS you can renew the IP address with "set interface sc0 dhcp release &
renew"

Eric Brouwers


- Original Message -
From: "Amazing" 
To: 
Sent: Wednesday, March 19, 2003 1:59 AM
Subject: Re: Removing IP address from CatOS switch [7:65634]


> For IOS devices i have only ever used:
> int vlan1
> no ip address
>
> i dont think it disables the TCP/IP stack (which on most IOS based
switches
> is just there for management) but if you were connected to the switch on
> that IP address, you will lose your connection for sure.  you will need to
> make sure you have console access via a modem or console cable to a PC to
> manage the device.
>
> For CatOS I am not 100% -- there is definitely no "clear interface sc0"
> command.  you may be able to say set interface sc0 0.0.0.0/0.0.0.0
>
>
> ""ericbrouwers""  wrote in message
> news:[EMAIL PROTECTED]
> > Hi,
> >
> > Consider this: suppose that you have configured an inband-management
> > interface
> > of an IOS-based switch
> >
> > Switch(config)#interface vlan 1
> > Switch(config-if)#ip address 172.16.10.2 255.255.255.0
> > Switch(config-if)#no shutdown
> > Switch(config-if)#exit
> > Switch(config)#ip default-gateway 172.16.10.254
> >
> > If you want to remove the IP address you can either do
> > Switch(config)#clear ip address vlan 1
> >  or
> > Switch(config)#interface vlan 1
> > Switch(config-if)#no ip address
> >
> > Some people advise to use the first option, since the latter seems to
> disable
> > the complete TCP/IP stack...
> >
> > I'm having two questions with regard to this:
> >
> > 1. What is your advise?
> >
> > 2. Does the same option exist for CatOS switches, for example something
> like
> > this
> >
> > Switch(enable) clear interface sc0 ipaddress
> >
> > Thanks,
> >
> > Eric




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65953&t=65634
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Gratuitous ARP and HSRP [7:65633]

[ericbrouwers]

Priscilla,

> The Gratuitous ARP fixes the MAC address tables on switches. Isn't that
> explained in any Cisco docs? It has to work that way it seems to me.
>

I think you're right. I never thought about it in this way. Neither seen an
explanation in any book.

Thanks,

Eric


- Original Message -
From: "Priscilla Oppenheimer" 
To: 
Sent: Wednesday, March 19, 2003 1:37 AM
Subject: Re: Gratuitous ARP and HSRP [7:65633]


> ericbrouwers wrote:
> >
> > It is indeed related to the command "use-bia". Here's a section
> > from the doc
>
> An HSRP router using Gratuitous ARP isn't just related to switches that
have
> to use a BIA. Unfortunately, most descriptions of HSRP, including ones I
> have written myself, assume two routers on a shared old-style Ethernet.
> Remember HSRP has been around for a long time!
>
> But consider this typical modern campus network design that GroupStudy
> posting software hopefully won't totally munge:
>
> R1   R2
>  |   |
>  |   |
> Sw1--Sw2
>  ||
> PC1   PC2
>
> Let's say the routers have chosen a virtual HSRP address of 10.0.0.1 for
> HSRP Group 1. The virtual MAC address is .0c07.ac01.
>
> PC1 broadcasts an ARP looking for 10.0.0.1 and R1 is the active router. R1
> sends back a unicast ARP reply.
>
> Sw1 picks up that .0c07.ac01 is reachable via the port at the top of
SW1
> in the drawing.
>
> When PC2 broadcast an ARP, the reply will travel from Sw1 to Sw2 to PC2.
So
> Sw2 picks up that the .0c07.ac01 address is reachable via the port to
> the left of Sw2 in the drawing. Sorry, if that's too confusing, but I
don't
> want to waste time doing a good drawing with port numbers that will just
get
> munged anyway.
>
> Now R2 stops hearing from R1 and takes over as the active HSRP router. R2
> must send a Gratuitous ARP broadcast so that Sw1 and Sw2 change their MAC
> address tables. Now the virtual MAC address .0c07.ac01 is reachable on
> Sw1 on its port that is shown to the right of Sw1 in the drawing.
>
> On Sw2, the .0c07.ac01 address is reachable from its port at the top
of
> the drawing.
>
> The Gratuitous ARP fixes the MAC address tables on switches. Isn't that
> explained in any Cisco docs? It has to work that way it seems to me.
>
>
> > "Hot Standby Router Protocol Features and Functionality" that
> > was suggested
> > by Daniel:
> >
> > However, the usebbia command has several disadvantages:
> > - When a router becomes active, the virtual IP address is moved
> > to a
> > different MAC address. The newly
> > active router sends a gratuitous ARP response, but not all host
> > implementations handle the gratuitous
> > ARP correctly.
>
> That may be true, but it's not meant to say that this is the only case
where
> the Gratuitous ARP is needed. It's needed for the general case too, from
> what I understand.
>
> Most host implementations do handle the Gratuitous ARP correctly, by the
> way. In fact, this is open to an infamous man-in-the-middle security
> vulnerability, sometimes misnamed as "ARP sniffing." An attacker can send
a
> Gratuitous ARP claiming to be the default gateway. Now all traffic
destined
> for another network goes to the attacker's machine! The attacker's machine
> can use the info, but also better forward the traffic, or it will also be
a
> denial-of-service attack.
>
> > > - Original Message -
> > > From: ericbrouwers
> > > Date: Tuesday, March 18, 2003 1:24 am
> > > Subject: Gratuitous ARP and HSRP [7:65633]
> > >
> > > > Hello all,
> > > >
> > > > I've read in the CCNP Switching Exam Cert. Guide that a
> > standby
> > > > router that
> > > > becomes active in an HSRP group, sends a gratuitous ARP to
> > update
> > > > the ARP
> > > > cache of the end stations with the new active MAC address...
> > > >
> > > > This is strange, since the same virtual MAC address is used
> > by
> > > > active and
> > > > standby HSRP routers.
> > > >
> > > > However, maybe Cisco's implementation has once been like
> > this,
> > > > because I've
> > > > seen instances in the field that ARP caches contained the
> > real MAC
> > > > instead of
> > > > the virtual MAC address when using HSRP.
>
> Seeing the real MAC address is probably a different problem. You could see
> it if the router was at one point using the virtual address on a real
> interface. For example, when you first get HSRP up and running, you may
move
> Ethernet1's IP address to the virtual address and assign a new real
address
> to Ethernet1.
>
> The hosts will still have in their ARP cache the previous mapping. You can
> clear their cache. Or just wait a couple minutes if it's Windows and the
> users aren't doing anything. On Windows entries stay in the ARP cache for
> only 2 minutes.
> 
>
> Priscilla Oppenheimer
> www.troubleshootingnetworks.com
> www.priscilla.com
>
> > > >
> > > > Can someone give comments on this?
> > > >
> > > > Thanks,
> > > >
> > > > Eric Brouwers
> > > > [EMAIL PROTECTED]
> > > > Nondisclosure violations to [EMA

RE: L3 switching [7:65916]

[Priscilla Oppenheimer]

KW S wrote:
> 
> Dear all
> 
> I have a little confusion here
> 
> Layer 3 switching is hardware based routing.
> 
> If this is correct, does it means that switching path in a
> router like netflow 

I think netflow on a router is software based, isn't it? But it's certainly
helping in the job of switching packets using Layer 3 information. It's
doing Layer 3 switching, whether it's hardware-baed or not.

> and distributed switching is the same as L3
> switching

Distributed switching could certainly be called L3 switching. I don't think
Cisco uses that term, but it's technically accurate and goes along with your
definition that Layer 3 switching is hardware-based routing of packets
(forwarding of packets).

If you look at older books and documents, before LAN switches existed, and
we just had bridges and routers, Cisco router documentation used to say this:

A router has two jobs:

path determination
switching of packets

That confused people when LAN swtiches came out, so they started saying

A router has two jobs:

path determination
forwarding of packets

A router works at Layer 3. That switching (or forwarding or routing) of
packets always was "Layer 3 switcing," even though nobody called it that. We
were doing "Layer 3 switching" long before marketing started using the term
to specifically mean "hardward-based routing," and before the new-fangled
switches that are really routers with a lot of switch ports built in came out.

It's just a matter of packaging. That's something marketing people deal with.

We are engineers. We use the term switching in the same way engineers have
used it for many years when talking about switching telegraph signals,
telephone calls, current through an electrical circuit, trains on a train
track, and packets through an internetworking device.

Don't forget that. WE ARE ENGINEERS. :-) We do the real work. Marketing
makes up names for what we do, packages what we do, and gives advice to the
other people who do the real work, the SALES people. They can make up any
names they want. The names don't really have much to do with operating and
troubleshooting networks.

Priscilla

> 
> Thanks
> 
> KWS
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65955&t=65916
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX question [7:65769]

[JSalminen]

In my opinion it is smarter and safer to use a DMZ interface on a PIX
firewall vice having a switch/hub before the firewall. This is because if
one of your DMZ nodes are attacked from the internet you can easily close
the hole and block the attack source. With a hub before firewall you will
have to rely on the OS to block the attack or disconnect the node from the
switch/hub.
It may be work to create static NAT translations and ACLs, but you
definitely have control over what is being accessed exactly.

""Sam""  wrote in message
news:[EMAIL PROTECTED]
> Hey there
>
> Mostly, firewall design includes a dmz. In most companies, within this
DMZ,
> is it more likely to see the servers directly being given registered
public
> IP's,
>
> OR
>
> Is it more likely to see the servers being given private IP's and then a
nat
> translation created for internet users to access the servers.
>
>
> Also, what are the pros and cons for the above two situations?
>
> thx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65958&t=65769
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DS3 slow connection problem. [7:65491]

[Nate]

When I do a 'sh tech' on the border router, I get:

2648846 encapsulation failed
127 bad hop count

Everything else is 0.  Could this be the issue?  encapsulation?


- Original Message -
From: "Priscilla Oppenheimer" 
To: 
Sent: Monday, March 17, 2003 11:06 AM
Subject: RE: DS3 slow connection problem. [7:65491]


> Priscilla Oppenheimer wrote:
> >
> > >
> > > I logged into the routers and did some ping tests, pinging the
> > > routers own serial interface I still get the 1% packet loss.
> >
> > It may surprise you to learn that when you ping from a router's
> > serial interface to the router's own serial interface, the
> > packets actually do go across the serial link. Try turning on
> > ICMP debug on the other end and you will see that the pings get
> > there and get redirected back.
>
> By the way, the fact that there's still packet loss when you're pinging
> yourself, added to the fact that these pings really do go out across the
> circuit, is more evidence that the fault probably lies in the carrier's
> network.
>
> As others are saying, get the carrier involved. Do some loopbacks with
their
> help. (Do loopbacks still make sense with DS3? I've only worked with DS1).
> Regardless, I think you've done the requisite testing and swapping on your
> side. Time to hassle the carrier.
>
> Priscilla
>
> >
> > Here's what Marty Atkins, CCIE (some very low number), had to
> > say about this when it came up before:
> >
> > "If the router itself is the source of the packet, and it pings
> > its own serial IP, and the outbound interface and layer 2 encap
> > are
> > resolved and unambiguous, then the router will launch the packet
> > out that p2p interface or PVC.  I have done exactly what
> > Priscilla
> > describes, and not only seen the output from "debug ip icmp" on
> > the
> > neighbor router, but also observed it generating ICMP
> > redirects, since
> > the packet was forwarded out the interface it arrived on!
> >
> > This Cisco aberation is extremely useful for troubleshooting
> > p2p WAN
> > links.  When the path has been looped (line protocol up
> > (looped)), the
> > only IP that is pingable is the directly connected one.  That
> > the router actually sends the packet makes it possible to test
> > the link with ping."
> >
> > So it shouldn't surprise you that you see the errors even when
> > pinging yourself.
> >
> > Weird, eh? But helpful to hopefully.
> >
> > Priscilla
> >
> > > I
> > > did this on both routers, I thought this might rule out the
> > > actual line because I'm not pinging across the ds3 connection
> > > please correct me if i'm wrong.
> > >
> > > Somebody asked if scrambling was on but I'm not sure what
> > > scrambling does or how to check if it's turned on or off so
> > > i'll look into that too.
> > >
> > >
> > > Thanks for everybody's help and I'm going to spend all day
> > > checking out what you've said and going through the
> > > troubleshooting stuff from cisco and i'll let you know how I
> > > get on.
> > >
> > > Anymore advice would be greatly appreciated.
> > >
> > > Mark




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65959&t=65491
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PDM Question [7:65954]

[Symon Thurlow]

Make sure you don't have the sun java sdk installed on your management
machine, otherwise the PDM is filthily slow.

It's not bad actually, I don't think you can do everything through it,
but it is quite good.

Symon

-Original Message-
From: Hartnell, George [mailto:[EMAIL PROTECTED] 
Sent: 21 March 2003 20:34
To: [EMAIL PROTECTED]
Subject: PDM Question [7:65954]


Hi there,

I've got a 515UR failover I jus' upgraded from 5.3(1) to 6.1(4).  I'd
like to pop PDM on that system(s) and try that interface out.

I'm a command line kind of guy, so am comfortable with CLI, but, I've
heard that PDM is a worthy utility.

Any words of wisdom on PDM installation?

Best, G.

"Nations have recently been led to borrow billions for war;
no nation has ever borrowed largely for education...
no nation is rich enough to pay for both war and civilization. We must
make our choice; we cannot have both." -- Abraham Flexner
=

 This email has been content filtered and
 subject to spam filtering. If you consider
 this email is unsolicited please forward
 the email to [EMAIL PROTECTED] and
 request that the sender's domain be
 blocked from sending any further emails.

=



=




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65957&t=65954
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Need help - Security Vs Communications and Services [7:65960]

[Fundas]

Hi,
I am CCIE in R&S. Thinking of appearing for another track. I know 
several of you have CCIE in multiple tracks

Can you suggest me which one of Security Vs Communications and Services 
is better w.r.t

1. Equipment needed for preparation.
2. Ease of preparation (I am fairly new to both).
3. Able to self preparation without depending on attending classes.
4. More needed in the field.

Any kind of help is appriciated.

Thanks,
F




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65960&t=65960
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

redistribution loop? [7:65962]

[paul dong so]

Hi All,

Practicing redistribution.

(route) - r8 - (eigrp) - r7 - ospf- r6
|   |
--- eigrp 

150.50.3.0/24 is redistributed by r8 eigrp, r8 advertises it to r7 via 
eigrp. R7 redistributes eigrp to ospf, also redistribute ospf to eigrp. 
On r7, ospf database has type 5 LSA for 150.50.3.0/24, AD 110. eigrp 
topology has EX route, AD 170. But r7 routing table use eigrp learned 
path for forwarding. Why? I was expecting a loop. When will a loop created?

r6 learns the route from ospf and eigrp, it use ospf as the forwarding 
path, which is expected.

Partial router config:

r8:
interface Ethernet0
  ip address 150.50.3.8 255.255.255.0
router eigrp 1
  redistribute connected
  no auto-summary

r8#sh ip route | i 150.50.3.0
C   150.50.3.0/24 is directly connected, Ethernet0

r7:
router eigrp 1
  redistribute ospf 1 metric 56 100 255 1 1500
router ospf 1
  redistribute eigrp 1 metric-type 1 subnets

r7#sh ip route | i 150.50.3
D EX150.50.3.0/24 [170/46251776] via 150.50.5.69, 01:40:13, Serial4/1
r7#sh ip ospf database | i 150.50.3
Type-5 AS External Link States
150.50.3.0  200.0.0.7   796 0x8003 0x00186A 1

r7#sh ip route 150.50.3.0
Routing entry for 150.50.3.0/24
   Known via "eigrp 1", distance 170, metric 46251776, type external
   Redistributing via ospf 1, eigrp 1
   Advertised by ospf 1 metric-type 1 subnets tag 1
   Last update from 150.50.5.69 on Serial4/1, 01:44:46 ago
   Routing Descriptor Blocks:
   * 150.50.5.69, from 150.50.5.69, 01:44:46 ago, via Serial4/1
   Route metric is 46251776, traffic share count is 1
   Total delay is 21000 microseconds, minimum bandwidth is 56 Kbit
   Reliability 255/255, minimum MTU 1500 bytes
   Loading 1/255, Hops 1

r6
r6#sh ip route | i 150.50.3.0
O E1150.50.3.0/24 [110/30] via 150.50.7.7, 01:19:53, Ethernet0
r6#sh ip ospf database
Type-5 AS External Link States
150.50.3.0  200.0.0.7   927 0x8003 0x186A   1


Thanks

Paul




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65962&t=65962
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Need help - Security Vs Communications and Services [7:65961]

[Ffun]

> Hi,
> I am CCIE in R&S. Thinking of appearing for another track. I know 
> several of you have CCIE in multiple tracks
>
> Can you suggest me which one of Security Vs Communications and 
> Services is better w.r.t
>
> 1. Equipment needed for preparation.
> 2. Ease of preparation (I am fairly new to both).
> 3. Able to self preparation without depending on attending classes.
> 4. More needed in the field.
>
> Any kind of help is appriciated.
>
> Thanks,
> F




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65961&t=65961
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PDM Question [7:65954]

[John Cianfarani]

The realtime charting / graphing option is quite nice for simple
monitoring.

John

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Symon Thurlow
Sent: Friday, March 21, 2003 5:36 PM
To: [EMAIL PROTECTED]
Subject: RE: PDM Question [7:65954]

Make sure you don't have the sun java sdk installed on your management
machine, otherwise the PDM is filthily slow.

It's not bad actually, I don't think you can do everything through it,
but it is quite good.

Symon

-Original Message-
From: Hartnell, George [mailto:[EMAIL PROTECTED] 
Sent: 21 March 2003 20:34
To: [EMAIL PROTECTED]
Subject: PDM Question [7:65954]


Hi there,

I've got a 515UR failover I jus' upgraded from 5.3(1) to 6.1(4).  I'd
like to pop PDM on that system(s) and try that interface out.

I'm a command line kind of guy, so am comfortable with CLI, but, I've
heard that PDM is a worthy utility.

Any words of wisdom on PDM installation?

Best, G.

"Nations have recently been led to borrow billions for war;
no nation has ever borrowed largely for education...
no nation is rich enough to pay for both war and civilization. We must
make our choice; we cannot have both." -- Abraham Flexner
=

 This email has been content filtered and
 subject to spam filtering. If you consider
 this email is unsolicited please forward
 the email to [EMAIL PROTECTED] and
 request that the sender's domain be
 blocked from sending any further emails.

=



=




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65963&t=65954
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: redistribution loop? [7:65962]

[The Long and Winding Road]

Sorry if I am misunderstanding your diagram. Where do you think the loop
should appear?

Routes originating on R8 would appear as connected, and therefore not be
overwritten by redistribution, Same on R7.

I guess I am just not seeing what the topology is or where you think the
break should be.


""paul dong so""  wrote in message
news:[EMAIL PROTECTED]
> Hi All,
>
> Practicing redistribution.
>
> (route) - r8 - (eigrp) - r7 - ospf- r6
> | |
> --- eigrp 
>
> 150.50.3.0/24 is redistributed by r8 eigrp, r8 advertises it to r7 via
> eigrp. R7 redistributes eigrp to ospf, also redistribute ospf to eigrp.
> On r7, ospf database has type 5 LSA for 150.50.3.0/24, AD 110. eigrp
> topology has EX route, AD 170. But r7 routing table use eigrp learned
> path for forwarding. Why? I was expecting a loop. When will a loop
created?
>
> r6 learns the route from ospf and eigrp, it use ospf as the forwarding
> path, which is expected.
>
> Partial router config:
>
> r8:
> interface Ethernet0
>   ip address 150.50.3.8 255.255.255.0
> router eigrp 1
>   redistribute connected
>   no auto-summary
>
> r8#sh ip route | i 150.50.3.0
> C   150.50.3.0/24 is directly connected, Ethernet0
>
> r7:
> router eigrp 1
>   redistribute ospf 1 metric 56 100 255 1 1500
> router ospf 1
>   redistribute eigrp 1 metric-type 1 subnets
>
> r7#sh ip route | i 150.50.3
> D EX150.50.3.0/24 [170/46251776] via 150.50.5.69, 01:40:13, Serial4/1
> r7#sh ip ospf database | i 150.50.3
> Type-5 AS External Link States
> 150.50.3.0  200.0.0.7   796 0x8003 0x00186A 1
>
> r7#sh ip route 150.50.3.0
> Routing entry for 150.50.3.0/24
>Known via "eigrp 1", distance 170, metric 46251776, type external
>Redistributing via ospf 1, eigrp 1
>Advertised by ospf 1 metric-type 1 subnets tag 1
>Last update from 150.50.5.69 on Serial4/1, 01:44:46 ago
>Routing Descriptor Blocks:
>* 150.50.5.69, from 150.50.5.69, 01:44:46 ago, via Serial4/1
>Route metric is 46251776, traffic share count is 1
>Total delay is 21000 microseconds, minimum bandwidth is 56 Kbit
>Reliability 255/255, minimum MTU 1500 bytes
>Loading 1/255, Hops 1
>
> r6
> r6#sh ip route | i 150.50.3.0
> O E1150.50.3.0/24 [110/30] via 150.50.7.7, 01:19:53, Ethernet0
> r6#sh ip ospf database
> Type-5 AS External Link States
> 150.50.3.0  200.0.0.7   927 0x8003 0x186A   1
>
>
> Thanks
>
> Paul




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65964&t=65962
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: windows syslog server [7:65232]

[M.C. van den Bovenkamp]

Symon Thurlow wrote:

> Kiwisyslog.com
>  
>> I am looking for a good free ware PIX / CISCO syslog server on windows
>> platform. Any  recommendations???

The 3Com 3-in-1 utility (TFTP, FTP & syslog) is pretty useful as well: 
http://support.3com.com/software/utilities_for_windows_32_bit.htm

Regards,

Marco.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65965&t=65232
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Need help - Security Vs Communications and Services [7:65966]

[nrf]

""Fundas""  wrote in message
news:[EMAIL PROTECTED]
> Hi,
> I am CCIE in R&S. Thinking of appearing for another track. I know
> several of you have CCIE in multiple tracks
>
> Can you suggest me which one of Security Vs Communications and Services
> is better w.r.t
>
> 1. Equipment needed for preparation.
> 2. Ease of preparation (I am fairly new to both).
> 3. Able to self preparation without depending on attending classes.
> 4. More needed in the field.

How about I offer you some better criteria.

#1) Your personal interest

I have found that the most satisfying choice is usually one that encompasses
doing things that you are actually doing things you actually like.  Surely
by now you should have figured out that there are some things in networking
that you like and others that you don't.  For example, if you are truly
interested in security topics, then the security CCIE might be right for you
(but if that was the case, I wouldn't just stop at the Cisco network-related
security topics that pertain to the security CCIE, rather I'd be zealously
reading about ALL security-related topics).

#2) What you actually do in your job

Let's face it, it's far more meaningful to study things that are actually
useful for your job.  Why bother learning, say, traffic-engineering deeply
unless you actually do traffic-engineering on your job? Wouldn't your time
be better spent learning more about whatever it is you actually do for a
living? By studying things that have to do with your job, you will get
better at your job, thereby increasing your chances of promotion and/or
decreasing your chances of getting laid off.  And let's face it, isn't that
the real goal behind all of this - to make more money and/or protect
yourself from layoffs?

Furthermore, it is far more efficient to study things that you are actually
going to be utilizing.  The fact is, if you study something and never use
it, you will forget it quickly. Mental atrophy - use it or lose it. If you
forget everything your learn because you never used it, then what exactly
was the point of learning it in the first place?  It's not like another
CCIE - without the accompanying knowledge - is going to protect you from
layoffs.   Seems rather inefficient to me to study something that you will
end up forgetting anyway.


>
> Any kind of help is appriciated.
>
> Thanks,
> F




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65966&t=65966
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN Idle-Timeout [7:65951]

[Orlando Palomar Jr CCIE#11206]

An idle-timeout of 0 would prevent it from disconnecting the line.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65967&t=65951
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN Idle-Timeout [7:65951]

[Don Kanicki]

Thanks Orlando!
Thats what I suspected but I dont have a way to test it at the moment.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65969&t=65951
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Large number of VLANS [7:65815]

[CCIE #6746]

You should use the port protected feature on the switches instead of
separate vlans.  This let's you use a single vlan or whatever needed, but
does not allow a port within a vlan to talk to another port in the vlan.
You can also implement this for meeting rooms on the cisco wireless products
but it is not in the menu system, if you are doing this I can send you the
"top secret" commands.  With this enabled wireless clients cannot see or
share files with other wireless clients, works well for public wireless
areas.

Dave

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 20, 2003 3:46 AM
To: [EMAIL PROTECTED]
Subject: Large number of VLANS [7:65815]

Hi

One question

If I have the need to use many VLANS, let4s say around 400, can could I use
a 3550 switch that supports 1005 vlans as the core, and then 2950 switches
in the wiring closets, but they dont support more than 250 vlans, i.e. can I
use the 3550 with all the vlans, and the just trunk for example vlans 100-50
to switch 1, 151-200 to switch 2, and so one, and would be possible to
implement that with VTP ?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65968&t=65815
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX Questions [7:65806]

[CCIE #6746]

The pix does have limited routing functionality.  It can route packets but
it's not it's primary purpose.  It's primary purpose is however NAT / PAT /
stateful inspection etc...   With that said it can perform NAT/PAT in
realtime, much faster than a router which has a multitude of functions to
perform, whereas the pix is more focused on specific functions.

Dave

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Guruprasad Sanjeevi
Sent: Wednesday, March 19, 2003 11:46 PM
To: [EMAIL PROTECTED]
Subject: PIX Questions [7:65806]

Hi group,
 
I have a few questions
 
1.  Is PIX a Router?
2.  How different is a PIX and Router in handling NAT & PAT?
 
 For the 2nd question is I have a pix and 5 valid ips (range) for my
internal network to access the internet. It allows only 3 machines at
any time to 
 Access the internet 
 
 I added a global command and all machines are able to access the
internet. Can anyone throw some light on how PIX handles PAT and how
different it is from a router
 Handling PAT?
 
 Anticipating a reply
 
Regards
Guruprasad




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65970&t=65806
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Why did Cisco do this? Off Topic [7:65834]

[CCIE #6746]

I used to work in a high visibility position within Cisco and John Chambers
told me he was not interested in entering this market space in any way shape
or form.  With that said, we had developed several products, such as a low
end broadband router with built in firewall and vpn access, and low dollar
wireless access points.  The router is nice, and I have several of them but
the wireless products really sucked and he threw the R&D dollars out the
door, and never marketed the products and pretty much gave the products away
to employees really cheap.  Now to see this after throwing all that money
away surprises me, plus this is the first time I have seen John contradict
himself.  Now I just hope they "Ciscoize" the products and our home wireless
networks will get much cheaper :)

d-

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Elijah Savage
Sent: Thursday, March 20, 2003 9:50 AM
To: [EMAIL PROTECTED]
Subject: Why did Cisco do this? Off Topic [7:65834]

Cisco buys Linksys.

http://www.quicken.com/investments/news/story/?story=NewsStory/BW/20030320/a
5141_1048177983.var&p=CSCO


-- 
"BSD is for people who love Unix -
Linux is for people who hate Microsoft"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65971&t=65834
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PHBs in QoS [7:65947]

[Dom]

In English (well almost), a PHB is a Per Hop Behaviour.

A quick google search give the following document -

www.sfc.wide.ad.jp/~uhyo/html/japan/STREAM/ppt/RTMach99-kiri.pdf 

It is the DSCP (Differentiated Services Code Point) that needs to and
identified.

See RFCs 2474 and 2475 for more details.

HTH

Dom Stocqueler 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: 21 March 2003 19:07
To: [EMAIL PROTECTED]
Subject: PHBs in QoS [7:65947]


Can somone please (in English) tell me what a PHB actually is and how I
can identify or set one.

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
 00.. = Differentiated Services Codepoint: Default (0x00)
 ..0. = ECN-Capable Transport (ECT): 0
 ...0 = ECN-CE: 0

Many thx :))


Ken Farrington
Global Networks, Barclays Capital, 5 The North Colonnade, Canary
Wharf, London, E14 4BB
* Tel : 020 7773 3550
* Mob : 07768-866655
* [EMAIL PROTECTED]   





For more information about Barclays Capital, please
visit our web site at http://www.barcap.com.


Internet communications are not secure and therefore the Barclays 
Group does not accept legal responsibility for the contents of this 
message.  Although the Barclays Group operates anti-virus programmes, 
it does not accept responsibility for any damage whatsoever that is 
caused by viruses being passed.  Any views or opinions presented are 
solely those of the author and do not necessarily represent those of the

Barclays Group.  Replies to this email may be monitored by the Barclays 
Group for operational or business reasons.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65975&t=65947
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: redistribution loop? [7:65962]

[paul dong so]

Unfortunately the browser did not get the diagram character right. 
Diagram should be:
(route)- r8 - (eigrp 1) - r7 - (ospf) - r6

r7 - eigrp 1 - r6


r7 runs ospf and eigrp 1 with r6.
r7 runs eigrp 1 with r8
r8 redistributes connected interface.

The question is with r7.
r7 is redistributing ospf to eigrp and vice versa.
So route, here is 150.50.3.0/24, should appears in r7 ospf with AD 110, 
also in r7 eigrp topology with AD 170, thus, in theory, r7 should 
install the ospf path into forwarding table. Because the next hop of 
ospf path is r7 itself, so loop starts.

That is how i undertand.

But in fact, r7 choose eigrp path for its forwarding, which is something 
confused me.

Paul

The Long and Winding Road wrote:

> Sorry if I am misunderstanding your diagram. Where do you think the loop
> should appear?
> 
> Routes originating on R8 would appear as connected, and therefore not be
> overwritten by redistribution, Same on R7.
> 
> I guess I am just not seeing what the topology is or where you think the
> break should be.
> 
> 
> ""paul dong so""  wrote in message
> news:[EMAIL PROTECTED]
> 
>>Hi All,
>>
>>Practicing redistribution.
>>
>>(route) - r8 - (eigrp) - r7 - ospf- r6
>>| |
>>--- eigrp 
>>
>>150.50.3.0/24 is redistributed by r8 eigrp, r8 advertises it to r7 via
>>eigrp. R7 redistributes eigrp to ospf, also redistribute ospf to eigrp.
>>On r7, ospf database has type 5 LSA for 150.50.3.0/24, AD 110. eigrp
>>topology has EX route, AD 170. But r7 routing table use eigrp learned
>>path for forwarding. Why? I was expecting a loop. When will a loop
>>
> created?
> 
>>r6 learns the route from ospf and eigrp, it use ospf as the forwarding
>>path, which is expected.
>>
>>Partial router config:
>>
>>r8:
>>interface Ethernet0
>>  ip address 150.50.3.8 255.255.255.0
>>router eigrp 1
>>  redistribute connected
>>  no auto-summary
>>
>>r8#sh ip route | i 150.50.3.0
>>C   150.50.3.0/24 is directly connected, Ethernet0
>>
>>r7:
>>router eigrp 1
>>  redistribute ospf 1 metric 56 100 255 1 1500
>>router ospf 1
>>  redistribute eigrp 1 metric-type 1 subnets
>>
>>r7#sh ip route | i 150.50.3
>>D EX150.50.3.0/24 [170/46251776] via 150.50.5.69, 01:40:13, Serial4/1
>>r7#sh ip ospf database | i 150.50.3
>>Type-5 AS External Link States
>>150.50.3.0  200.0.0.7   796 0x8003 0x00186A 1
>>
>>r7#sh ip route 150.50.3.0
>>Routing entry for 150.50.3.0/24
>>   Known via "eigrp 1", distance 170, metric 46251776, type external
>>   Redistributing via ospf 1, eigrp 1
>>   Advertised by ospf 1 metric-type 1 subnets tag 1
>>   Last update from 150.50.5.69 on Serial4/1, 01:44:46 ago
>>   Routing Descriptor Blocks:
>>   * 150.50.5.69, from 150.50.5.69, 01:44:46 ago, via Serial4/1
>>   Route metric is 46251776, traffic share count is 1
>>   Total delay is 21000 microseconds, minimum bandwidth is 56 Kbit
>>   Reliability 255/255, minimum MTU 1500 bytes
>>   Loading 1/255, Hops 1
>>
>>r6
>>r6#sh ip route | i 150.50.3.0
>>O E1150.50.3.0/24 [110/30] via 150.50.7.7, 01:19:53, Ethernet0
>>r6#sh ip ospf database
>>Type-5 AS External Link States
>>150.50.3.0  200.0.0.7   927 0x8003 0x186A   1
>>
>>
>>Thanks
>>
>>Paul




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65974&t=65962
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE written R&S [7:65972]

[rbx10 Defcom]

To All the CCIEs out there:

I'm a newbie to CCIE...:-)
I'm currently trying to prepare for my written Exam
And honestly it's very puzzling and scary

These are the books that I have read so far:

LAN switching, Clarks
Routing with TCP/IP I, Doyle
Internet Routing Architecture, Sam Halabai

I fear that the above books are not enough. I'm also going to read every
last one of the Cisco recommended links.

I was wondering if you could please tell me:

1) What book do I use to study for IP Multicast, QOS, and Multiservice.
2) What should I focus on the most  (Especially For those of you who
recently took the exam)
3) If I need to buy more books


Thank you all very much in advance for your response.

rbx10,
CCNA
CCNP
CCIE in training



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65972&t=65972
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Can DRAM From Cisco 3600 go into a Cisco 1600 [7:65323]

[Symon Thurlow]

I am pretty sure I have had a 4MB from a 1600 working in a 3620 (I could
read it, it was too small to do much with) not sure if a 1600 will
support 16MB though.

Pcheck cisco.com to see what the max size is.

I think the format is ok.

Symon

-Original Message-
From: Simon Watson [mailto:[EMAIL PROTECTED] 
Sent: 13 March 2003 16:53
To: [EMAIL PROTECTED]
Subject: Can DRAM From Cisco 3600 go into a Cisco 1600 [7:65323]


Hi All

I will soon get a 16MB DRAM that was in a Cisco 3600, can I install it
in a Cisco 1603.

Thanks

Simon
=

 This email has been content filtered and
 subject to spam filtering. If you consider
 this email is unsolicited please forward
 the email to [EMAIL PROTECTED] and
 request that the sender's domain be
 blocked from sending any further emails.

=




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65973&t=65323
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]