Sanity Check - ISDN and EIGRP [7:66016]
I'm working on a practice lab problem. there are two domains - OSPF and EIGRP The two domains can only communicate via ISDN OSPF---R1---ISDN--R2EIGRP R1 is where redistribution takes place. The ISDN link is in the EIGRP domain. Pretty much I've concluded that the only way this works is that here have to be static default routes on R1 and R2 pointing to eachother. The only other way I can see this working is for the ISDN link to be permanently up. Unfortunately, the lab instructions are not very clear on this point. The only relevant instructions are: 1) no broadcast packets should initiate a DDR session. Multicast packets should be able to traverse the ISDN link. 2) use an access-list 120 for any filters you may need for DDR 3) only IP traffic will need to traverse the link That multicast instruction is interesting. Am I on the right track thinking the test here is to let the link stay up forever by defining the EIGRP hellos as "interesting" ?? thoughts? Chuck -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66016&t=66016 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT overload as security [7:66015]
On my home network, I rely almost exclusively on NAT overload for security. Even though I know it's not a security measure, I've yet to hear anyone with a good explanation of why it's not enough, at least for a home network. I know there's a bunch of really bright people here, so if anyone would point out the flaws in my reasoning, I'd love to hear it. Below are some exerpts from an email converstation with a friend that explain how I think about it: --- I mostly rely on NAT overload for security. The only traffic that will be allowed in is traffic for which a translation has been created. Since these translations are only created by outbound traffic, no one from the outside can initiate a connection unless they bypass NAT by using the actual private ip addresses configured on the workstation. To do that, they'de have to have no routers between them and my router (meaning my ATT segment only) as any other router would drop packets for these addresses. To protect against that, I deny traffic for the ip's configured behind the router. access-list 151 deny any 192.168.0.0 0.0.0.255 access-list 151 permit any any (this whole acl could just as well be: access-list 165 permit any host (outside int IP address) access-list 50 permit 192.168.0.0 0.0.0.255 Int e0 ip address 192.168.0.1 255.255.255.0 ip nat inside Int e1 ip address dhcp ip nat outside ip access-group 51 in ip nat inside source list 50 int e1 overload Even though NAT isn't a security feature, I think overload works pretty well for security because no traffic will be allowed in unless an inside host has created a NAT entry by originating the flow. All legitimate flows on a home network are going to be created by CLIENT processes running on the machine, so what do I care if someone tries to connect to that port. What I mean is: 1) I go to surf the web at 200.200.200.200, my workstation uses tcp port 1456 to connect to tcp port 80 2a) tcp port 1456 is taking in traffic only for web browser, which is a client application that's only going to display what's sent back to my browser. 2b) as this traffic passes through the router a NAT entry is created: INSIDE LOCALINSIDE GLOBAL OUSIDE GLOBAL 192.168.0.100:1456 12.228.99.129:1456 200.200.200.200:80 3) A 'hole' has been created that now allows traffic to my workstation. 4) A really good hacker wants to exploit this hole. To do this, s/he's going to have to do a few tricky things: First, since this translation is only going allow traffic only from 200.200.200.200:80 to be sent to 192.168.0.100:1456, s/he's going to have to figure out how to spoof that address/port pair AND get the return traffic back to his machine (if he wants any return traffic there might be) Second, since it's only my web browser, and not some service that's running on port 1456, the only traffic that could possibly even be interpreted on that port would be html. And since that port is maintaining the tcp stream info from the original connection (seq #'s ack's) s/he's going to have to accurately spoof that too. If all this is sucessful, I guess there is malicious html code that s/he could run, but wouldn't it have been easier for the hacker just to put it up on a website and let me click on it myself? To me it seems like NAT overload on home computers meets the security idea of making it more difficult than what it's worth for the hacker. There is no way I would ever rely on this on a production network with services available, themselves initiating connections. I'd really like to hear a security expert's views about these ideas, but so far, no one I've talked to has explained to me a way that a hacker could get past NAT overload. The only two ways I can think of are 1)bypass NAT by using the actual configured ip's of the workstations inside 2)Get you to install software on you're machine that will both create a nat translation to the outside and let them connect back through that translation to a SERVICE that's listening on that port. If they are able to do that, even CBAC isn't going to stop them anyhow. Access lists trying to protect home workstations that are being NAT'ed seem for the most part redundant to me. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66015&t=66015 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2501 and 2503 Lab [7:65942]
Pete, I remember that to run ISIS you need to have a "j" image which is an enterprise image or a "p" image which is a service provider image.For memory requirements and checking the image with the service provider or enterprise you can check this link: http://www.cisco.com/kobayashi/sw-center/sw-ios.shtml -rbx10 CCIE-in-trainingPete Nugent wrote: > > Just got a small Lab fo home 2 x 2501 and a 2503 here's what I > really need to know. As the MCNS is fo router security mainly > will this be OK. > > Will these run BGP, OSPF, ISIS IPSec/DES/3DES. Basically what > are the limitations. They all have V12 IOS. Seems like an easy > question but I dont wanna start trying something I cant do. > > Also if I want to look at the CSSP at a later date are 2 PIX > 501's enough. > > Any advice on additions to my Lab will be appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66014&t=65942 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE written R&S [7:65972]
Thanks Thom, What is the name of Dennis book so I can buy it right now.. rbx10Thomas Larus wrote: > > I think Dennis Laganiere's own CCIE prep book is very good. He > is too > polite to mention it here himself, but I think people should > know about it. > I like how it covers a vast array of topics in a summary > fashion, but goes > into considerable depth when it comes to especially difficult > topics that > cry out for in-depth coverage (like RIFs). It is a great way > to cover the > material for this particular exam. > > I bought it recently from Amazon for 30-some dollars to assess > its > usefulness for early stage CCIE preparation. It is worth more > than it > costs, in my opinion. > > > Tom Larus, CCIE #10,014 > > > > Tom Larus, CCIE #10,014 > > > ""Dennis Laganiere"" wrote in message > news:[EMAIL PROTECTED] > > Hi rbx10... > > > > I would say that you need to read many of the same books > you'll need to > read > > for the lab anyway. I put together a list of books I thought > are > important, > > along with some preparation advice, at www.laganiere.net > > > > I hope you find it useful... > > > > Thanks... > > > > --- Dennis > > > > > > - Original Message - > > From: "rbx10 Defcom" > > To: > > Sent: Friday, March 21, 2003 9:03 PM > > Subject: CCIE written R&S [7:65972] > > > > > > > To All the CCIEs out there: > > > > > > I'm a newbie to CCIE...:-) > > > I'm currently trying to prepare for my written Exam > > > And honestly it's very puzzling and scary > > > > > > These are the books that I have read so far: > > > > > > LAN switching, Clarks > > > Routing with TCP/IP I, Doyle > > > Internet Routing Architecture, Sam Halabai > > > > > > I fear that the above books are not enough. I'm also going > to read every > > > last one of the Cisco recommended links. > > > > > > I was wondering if you could please tell me: > > > > > > 1) What book do I use to study for IP Multicast, QOS, and > Multiservice. > > > 2) What should I focus on the most (Especially For those > of you who > > > recently took the exam) > > > 3) If I need to buy more books > > > > > > > > > Thank you all very much in advance for your response. > > > > > > rbx10, > > > CCNA > > > CCNP > > > CCIE in training > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66010&t=65972 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP header [7:65718]
The protocol field within the IP header will simply state if it is carrying icmp,igmp,tcp,udp. Julian - Original Message - From: "KW S" To: Sent: Tuesday, March 18, 2003 11:53 PM Subject: IP header [7:65718] > Can someone tell me what is the function of the protocol field in the IP > header. > > I get a little confused after reading from some many sources. > > Regards > kws Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66013&t=65718 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP header [7:65718]
Can someone tell me what is the function of the protocol field in the IP header. I get a little confused after reading from some many sources. Regards kws Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66008&t=65718 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE written R&S [7:65972]
Dennis... thanks a million my friend. Your site has really giving me a start to face on how to best prepare for this exam. When I "PASS" I'll have you think primarily Thanks again rbx10 :-) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66009&t=65972 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP header [7:65718]
""KW S"" wrote in message news:[EMAIL PROTECTED] > Can someone tell me what is the function of the protocol field in the IP > header. > > I get a little confused after reading from some many sources. here's the horse's mouth: http://www.iana.org/assignments/protocol-numbers ( it says everything that RFC 791 says on the subject :-> ) > > Regards > kws Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66012&t=65718 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PPP mru option [7:66007]
Hi All, I have a question but can't find an answer from RFC 1661 During ppp negotiation, if A advertises MRU 1440, B advertises MRU 1460, do they have to re-negotiate to agree with a MRU? If so, should it be the lower MRU? If they don't need to re-negotiate, what MRU is actually being used? Is there any guideline for this? I observed a ppp nego debug between cisco 7200 and an adsl modem, the result appears to be if one end advertises 1500, it becomes the one regardless what MRU the other end advertises. Mar 7 03:25:28.768: ppp1152 PPP: Authorization required Mar 7 03:25:28.768: ppp1152 PPP: Phase is ESTABLISHING Mar 7 03:25:28.768: ppp1152 PPP: Authorization required Mar 7 03:25:28.768: ppp1152 LCP: O CONFREQ [Closed] id 1 len 14 Mar 7 03:25:28.768: ppp1152 LCP:AuthProto PAP (0x0304C023) Mar 7 03:25:28.768: ppp1152 LCP:MagicNumber 0x8261E624 (0x05068261E624) Mar 7 03:25:28.796: ppp1152 LCP: I CONFREQ [REQsent] id 2 len 14 Mar 7 03:25:28.796: ppp1152 LCP:MRU 1454 (0x010405AE) Mar 7 03:25:28.796: ppp1152 LCP:MagicNumber 0x6DB9FEC2 (0x05066DB9FEC2) Mar 7 03:25:28.796: ppp1152 LCP: O CONFNAK [REQsent] id 2 len 8 Mar 7 03:25:28.796: ppp1152 LCP:MRU 1500 (0x010405DC) Mar 7 03:25:28.800: ppp1152 LCP: I CONFACK [REQsent] id 1 len 14 Mar 7 03:25:28.800: ppp1152 LCP:AuthProto PAP (0x0304C023) Mar 7 03:25:28.800: ppp1152 LCP:MagicNumber 0x8261E624 (0x05068261E624) Mar 7 03:25:28.816: ppp1152 LCP: I CONFREQ [ACKrcvd] id 3 len 10 Mar 7 03:25:28.816: ppp1152 LCP:MagicNumber 0x6DB9FEC2 (0x05066DB9FEC2) Mar 7 03:25:28.816: ppp1152 LCP: O CONFACK [ACKrcvd] id 3 len 10 Mar 7 03:25:28.816: ppp1152 LCP:MagicNumber 0x6DB9FEC2 (0x05066DB9FEC2) Mar 7 03:25:28.816: ppp1152 LCP: State is Open Mar 7 03:25:28.816: ppp1152 PPP: Phase is AUTHENTICATING, by this end Thanks Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66007&t=66007 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Dependency of subnet zero [7:65726]
Hi i have small question like dependency of subnet zero on routing and other things like nat n firewall From cco i got this link for NAT http://www.cisco.com/en/US/partner/tech/tk648/tk361/technologies_tech_note09186a0080094e75.shtml but i didnt find about routing could anybody help me in this regard Thanks Deepak Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66011&t=65726 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Good book for CCIE Written Prep [7:65104]
I spent several months last year updating everything to the new blueprint (as I'm sure every other author did), and I think it's now representative of what's out there. That said, the new exam is much toughter; you're lucky you passed the old one. Make sure you don't let your status slip... :-) --- Dennis - Original Message - From: "Logan, Harold" To: Sent: Wednesday, March 12, 2003 12:17 PM Subject: RE: Good book for CCIE Written Prep [7:65104] > Dennis, > > Has your Boson test been updated for the new written? I found your old test > very helpful when I took the old written, and I have a friend who is getting > ready for the new one. > > Thanks, > > Hal Logan CCAI, CCDP, CCNP: Voice > Network Specialist / Adjunct Faculty > Computing & Engineering Technology > Manatee Community College > > > > -Original Message- > > From: Dennis Laganiere [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, March 12, 2003 10:51 AM > > To: [EMAIL PROTECTED] > > Subject: Re: Good book for CCIE Written Prep [7:65104] > > > > > > I recently revised the list of the book I thought were useful > > for this exam > > at www.laganiere.net, let me know if you find it useful... > > > > --- Dennis Laganiere > > > > - Original Message - > > From: "Troy Leliard" > > To: > > Sent: Wednesday, March 12, 2003 12:44 AM > > Subject: RE: Good book for CCIE Written Prep [7:65104] > > > > > > > I think you should be asking good books? :) I am > > currently using Bruces > > > Caslows, Routing and Switching, New Cisco Press CCIE book, > > and the Cisco > > > Press CCIE - Practical Book. > > > > > > I think the best way to tackle the "big one" is to start a > > file yourself, > > an > > > in it have a chapter for each topic that appears on the blueprint, > > > methodically go through each topic and research if from a number of > > sources > > > (books, white papers, RFC's) etc, Obviously, topics where > > you are stronger > > > needs less detail. And of course back it all up with hands > > on. Even for > > the > > > written ecam, memory retention, I find is always better > > when I have worked > > > through a lab or section of a lab. > > > > > > The idea being that you will cover everything off, and > > realise that the > > > area's you dont like, you need to put in a little but more > > work. At the > > end > > > of it and, when you get the email saying congrats, you're > > ccie is you > > > can then sell you file and get it published :) hehehe, then > > future ccie > > > wannabies will be asking,.what is s good bookm, and you can > > recommend your > > > own. :) > > > > > > Good luck studying! > > > > > > > > > Skarphedinsson Arni V. wrote: > > > > > > > > Can anyone recomend a good book for CCIE Written preperation ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66006&t=65104 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Networkers Presentations [7:66005]
Here ya go tough guy! http://www.cisco.com/networkers/nw02/post.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Howard C. Berkowitz Sent: Saturday, March 22, 2003 9:59 AM To: [EMAIL PROTECTED] Subject: Networkers: is there a consistent link from CCO to [7:66000] I'll have to admit that I usually go to a specific presentation for which I already have the URL, and then work backwards to find the presentation index for a particular Networkers' event. Is there a better way? When I search on CCO for a root to Networkers, all I seem to come up with is registration information for upcoming ones or salesy stuff on why I should attend. Does anyone know if there is a consistent place to go and find the starting point for the presentation archives for a given Networkers? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66005&t=66005 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IOS Compression [7:66004]
dear Pro, I have a router 1601 with 4 MB flash and 8 MB dram , does it work to install IOS version 12.2 (3) required 12 MB flash ? And how can i do it through TFTP ? Would anyone gives me the access for the IOS images in CIsco sites, Please ! Thanks, waiting for your reply. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66004&t=66004 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using communites to change the local-pref - not working?? [7:66002]
> > > Question: Should AS7018 on receiving the communites from AS1239 and AS701 > > set the desired local pref?? > > Why not?? > > What am I missing? > > Please advise. > >My read on it ( after checking Halabi's and Stewart's books ) is that >LOCAL_PREF is typically set on the inbound side, not with the outbound side. >LOCAL_PREF is an optional attribute. You don't want others to be able to >impose their criteria on you. This is actually a real world scenario. In an ISP network, I want control of everything. Letting customers influence their flows (or peers or anyone for that matter other than me) makes me nervous. For these reasons, even though it may be safe to use it, I'd zero all inbound meds. However, I may want to allow a customer some controlled flexibility, so I give them a few communities to strap on routes that will influence my pref setting. This is what CN is referencing. ATT might give you 7018:90, 7018:80 and 7018:100 to use which they will honor with LPref settings on their end (of 80,90 and 100 in this case). In this way, as the ISP, you give the customer the ability to influence your exit decisions, but you do it on your terms. Pet >also - are you remembering to use the bgp send-communities switch? This, or buggy IOS that itself might have overlooked this setting would be my guess. > > > > Thank you. > > Sincerely, > > CN > > > > > > > > > > > > >_ > > Add photos to your e-mail with MSN 8. Get 2 months FREE*. > > http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66002&t=66002 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
how to change dial up prompt [7:65712]
We have a 5300 router as dial up server. When users get connected, their terminals pop up and prompt for "Username:" and "Password:" Is there a way that I can change it to "Enter Token Password:"? Thanks. Yoshi Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66003&t=65712 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE written R&S [7:65972]
I think Dennis Laganiere's own CCIE prep book is very good. He is too polite to mention it here himself, but I think people should know about it. I like how it covers a vast array of topics in a summary fashion, but goes into considerable depth when it comes to especially difficult topics that cry out for in-depth coverage (like RIFs). It is a great way to cover the material for this particular exam. I bought it recently from Amazon for 30-some dollars to assess its usefulness for early stage CCIE preparation. It is worth more than it costs, in my opinion. Tom Larus, CCIE #10,014 Tom Larus, CCIE #10,014 ""Dennis Laganiere"" wrote in message news:[EMAIL PROTECTED] > Hi rbx10... > > I would say that you need to read many of the same books you'll need to read > for the lab anyway. I put together a list of books I thought are important, > along with some preparation advice, at www.laganiere.net > > I hope you find it useful... > > Thanks... > > --- Dennis > > > - Original Message - > From: "rbx10 Defcom" > To: > Sent: Friday, March 21, 2003 9:03 PM > Subject: CCIE written R&S [7:65972] > > > > To All the CCIEs out there: > > > > I'm a newbie to CCIE...:-) > > I'm currently trying to prepare for my written Exam > > And honestly it's very puzzling and scary > > > > These are the books that I have read so far: > > > > LAN switching, Clarks > > Routing with TCP/IP I, Doyle > > Internet Routing Architecture, Sam Halabai > > > > I fear that the above books are not enough. I'm also going to read every > > last one of the Cisco recommended links. > > > > I was wondering if you could please tell me: > > > > 1) What book do I use to study for IP Multicast, QOS, and Multiservice. > > 2) What should I focus on the most (Especially For those of you who > > recently took the exam) > > 3) If I need to buy more books > > > > > > Thank you all very much in advance for your response. > > > > rbx10, > > CCNA > > CCNP > > CCIE in training Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66001&t=65972 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Networkers: is there a consistent link from CCO to [7:66000]
I'll have to admit that I usually go to a specific presentation for which I already have the URL, and then work backwards to find the presentation index for a particular Networkers' event. Is there a better way? When I search on CCO for a root to Networkers, all I seem to come up with is registration information for upcoming ones or salesy stuff on why I should attend. Does anyone know if there is a consistent place to go and find the starting point for the presentation archives for a given Networkers? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66000&t=66000 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using communites to change the local-pref - not working?? [7:65998]
""Cisco Nuts"" wrote in message news:[EMAIL PROTECTED] > Hello, > I have 2 routers in AS300 > RTF is connected to RTA in AS 1239 & > RTG is connected to RTH in AS 701 > In AS300 I have set communities via a route-map to be advertised as follows: > 1239:110 to AS 1239 & > 701:120 to AS 701 > > Routers in AS 1239 and AS 701 have been configured with a community list and > a route-map to match these communities and change the local pref to 110 and > 120 respectively. > > These work fine: > Ex.AS701-H#bt >Network Next HopMetric LocPrf Weight Path > *> 3.3.3.0/24 190.90.10.1 120 0 300 i > > Ex. AS1239-A#bt >Network Next HopMetric LocPrf Weight Path > *> 3.3.3.0/24 180.80.10.1 0110 0 300 i > > > > AS1239 and AS701 are connected to RTE AS7018-NAP > > From AS7018, I wanted to route to be preferred through AS701 which has a > higher local pref of 120 > BUT AS7018 still prefers the route thru AS1239 which has a local pref. > And I do not see the local pref values in AS7018. Why?? > > Ex. AS7018-NAP#bt >Network Next HopMetric LocPrf Weight Path > * 3.3.3.0/24 170.70.10.20 701 300 i > *> 160.60.10.20 1239 300 i > > 160.60.10.2 is AS1239 > Now I do understand that all things being equal, BGP will prefer the router > with the lowest RID, which in this case is AS1239, 160.60.100.100. Thus > AS7018 chooses this route. > > BUT I want AS7018 to choose AS701 to get to AS300's networks!!! > > Question: Should AS7018 on receiving the communites from AS1239 and AS701 > set the desired local pref?? > Why not?? > What am I missing? > Please advise. My read on it ( after checking Halabi's and Stewart's books ) is that LOCAL_PREF is typically set on the inbound side, not with the outbound side. LOCAL_PREF is an optional attribute. You don't want others to be able to impose their criteria on you. also - are you remembering to use the bgp send-communities switch? > > Thank you. > Sincerely, > CN > > > > > > > _ > Add photos to your e-mail with MSN 8. Get 2 months FREE*. > http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65998&t=65998 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using communites to change the local-pref - not working?? [7:65999]
Are you sure the communities are on the routes when they hit UU/Sprint? I expect you remembered to add send-community to the peer :) Pete At 04:26 PM 3/22/2003 +, Cisco Nuts wrote: >Hello, >I have 2 routers in AS300 >RTF is connected to RTA in AS 1239 & >RTG is connected to RTH in AS 701 >In AS300 I have set communities via a route-map to be advertised as follows: >1239:110 to AS 1239 & >701:120 to AS 701 > >Routers in AS 1239 and AS 701 have been configured with a community list and >a route-map to match these communities and change the local pref to 110 and >120 respectively. > >These work fine: >Ex.AS701-H#bt >Network Next HopMetric LocPrf Weight Path >*> 3.3.3.0/24 190.90.10.1 120 0 300 i > >Ex. AS1239-A#bt >Network Next HopMetric LocPrf Weight Path >*> 3.3.3.0/24 180.80.10.1 0110 0 300 i > > > >AS1239 and AS701 are connected to RTE AS7018-NAP > > >From AS7018, I wanted to route to be preferred through AS701 which has a >higher local pref of 120 >BUT AS7018 still prefers the route thru AS1239 which has a local pref. >And I do not see the local pref values in AS7018. Why?? > >Ex. AS7018-NAP#bt >Network Next HopMetric LocPrf Weight Path >* 3.3.3.0/24 170.70.10.20 701 300 i >*> 160.60.10.20 1239 300 i > >160.60.10.2 is AS1239 >Now I do understand that all things being equal, BGP will prefer the router >with the lowest RID, which in this case is AS1239, 160.60.100.100. Thus >AS7018 chooses this route. > >BUT I want AS7018 to choose AS701 to get to AS300's networks!!! > >Question: Should AS7018 on receiving the communites from AS1239 and AS701 >set the desired local pref?? >Why not?? >What am I missing? >Please advise. > >Thank you. >Sincerely, >CN > > > > > > >_ >Add photos to your e-mail with MSN 8. Get 2 months FREE*. >http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65999&t=65999 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AS-Path acl question?? [7:65988]
""John Neiberger"" wrote in message news:[EMAIL PROTECTED] > > Hello, > > Can any explain what these EXACTLY mean? > > > > ip as-path access-list 1 permit _109_ > > Matches any prefix that passed through AS 109. the book answer is that the underscore _ matches a lot of things including the beginning and the end of string. so _109_ should in theory match anything with 109 in it, including origination or most recent > > > ip as-path access-list 2 permit _200$ > > Matches any prefix that originated in AS 200. > > > ip as-path access-list 2 permit ^100$ > > Matches any prefix that only has AS 100 in the AS path. This would assume > that AS100 is directly adjacent and the prefix originated there. > > It would probably be helpful for you to learn about BGP regular expressions. > Do a search on Google using the terms "unix regular expressions" and you'll > find plenty of information that should clarify their use. The Cisco world of regulat expressions is found in, of all places, the dial solutions part of the documentation http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/dial _r/drdapp/drdrapre.htm#1017420 watch the wrap. better just to memorize the few most likely _x$ ^x_ _x_ ,* _x_y_ _x_y$ ^x_y_ should serve you pretty well. > > Good luck, > John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65997&t=65988 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using communites to change the local-pref - not working?? [7:65995]
Hi! The local preference attribute used only in the AS it was set. The NAP could set the local pref for you or you should use other method like MED (always compare med needed at the NAP in this case) or AS-path prepending to influence the incoming path. It's up to them whether they accept your preferred route or not. On 22 Mar 2003 at 16:26, Cisco Nuts wrote: > Hello, > I have 2 routers in AS300 > RTF is connected to RTA in AS 1239 & > RTG is connected to RTH in AS 701 > In AS300 I have set communities via a route-map to be advertised as follows: > 1239:110 to AS 1239 & > 701:120 to AS 701 > > Routers in AS 1239 and AS 701 have been configured with a community list and > a route-map to match these communities and change the local pref to 110 and > 120 respectively. > > These work fine: > Ex.AS701-H#bt >Network Next HopMetric LocPrf Weight Path > *> 3.3.3.0/24 190.90.10.1 120 0 300 i > > Ex. AS1239-A#bt >Network Next HopMetric LocPrf Weight Path > *> 3.3.3.0/24 180.80.10.1 0110 0 300 i > > > > AS1239 and AS701 are connected to RTE AS7018-NAP > > >From AS7018, I wanted to route to be preferred through AS701 which has a > higher local pref of 120 > BUT AS7018 still prefers the route thru AS1239 which has a local pref. > And I do not see the local pref values in AS7018. Why?? > > Ex. AS7018-NAP#bt >Network Next HopMetric LocPrf Weight Path > * 3.3.3.0/24 170.70.10.20 701 300 i > *> 160.60.10.20 1239 300 i > > 160.60.10.2 is AS1239 > Now I do understand that all things being equal, BGP will prefer the router > with the lowest RID, which in this case is AS1239, 160.60.100.100. Thus > AS7018 chooses this route. > > BUT I want AS7018 to choose AS701 to get to AS300's networks!!! > > Question: Should AS7018 on receiving the communites from AS1239 and AS701 > set the desired local pref?? > Why not?? > What am I missing? > Please advise. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65995&t=65995 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP bestpath as-path ignore - Hidden cmd?? [7:65987]
""Cisco Nuts"" wrote in message news:[EMAIL PROTECTED] > Hello, > Why is BGP bestpath as-path ignore a hidden cmd - if it indeed is?? Here is > what I got: > AS7018-NAP(config)#router bgp 7018 > AS7018-NAP(config-router)#bgp bestpath as? > % Unrecognized command > AS7018-NAP(config-router)#bgp bestpath as-path ? > % Unrecognized command > AS7018-NAP(config-router)#bgp bestpath as-path ignore > AS7018-NAP(config-router)# > > AS7018-NAP#rbr > router bgp 7018 > no synchronization > bgp router-id 150.50.100.100 > bgp log-neighbor-changes > bgp bestpath as-path ignore > > > Any ideas?? I've been going through the Parkhurt book again, and I have found a couple of these kinds of things on the IOS images I am using. IOS 12.1.5T10 and 12.2.12a. I believe both of these are IP Plus. neighbor x.x.x.x filter-list x weight is not in either of those versions, even though Parkhurst uses the command on page 173 and 174 I suspect these commands are available on higher end equipment. I'm pretty sure Parkhurst was not using 2501's when he did his work. I'm sure he had access to at least 7204's or 6's. > > > > > _ > Help STOP SPAM with the new MSN 8 and get 2 months FREE* > http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65996&t=65987 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AS-Path acl question?? [7:65988]
> Hello, > Can any explain what these EXACTLY mean? > > ip as-path access-list 1 permit _109_ Matches any prefix that passed through AS 109. > ip as-path access-list 2 permit _200$ Matches any prefix that originated in AS 200. > ip as-path access-list 2 permit ^100$ Matches any prefix that only has AS 100 in the AS path. This would assume that AS100 is directly adjacent and the prefix originated there. It would probably be helpful for you to learn about BGP regular expressions. Do a search on Google using the terms "unix regular expressions" and you'll find plenty of information that should clarify their use. Good luck, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65994&t=65988 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE written R&S [7:65972]
Hi rbx10... I would say that you need to read many of the same books you'll need to read for the lab anyway. I put together a list of books I thought are important, along with some preparation advice, at www.laganiere.net I hope you find it useful... Thanks... --- Dennis - Original Message - From: "rbx10 Defcom" To: Sent: Friday, March 21, 2003 9:03 PM Subject: CCIE written R&S [7:65972] > To All the CCIEs out there: > > I'm a newbie to CCIE...:-) > I'm currently trying to prepare for my written Exam > And honestly it's very puzzling and scary > > These are the books that I have read so far: > > LAN switching, Clarks > Routing with TCP/IP I, Doyle > Internet Routing Architecture, Sam Halabai > > I fear that the above books are not enough. I'm also going to read every > last one of the Cisco recommended links. > > I was wondering if you could please tell me: > > 1) What book do I use to study for IP Multicast, QOS, and Multiservice. > 2) What should I focus on the most (Especially For those of you who > recently took the exam) > 3) If I need to buy more books > > > Thank you all very much in advance for your response. > > rbx10, > CCNA > CCNP > CCIE in training Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65992&t=65972 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Using communites to change the local-pref - not working?? [7:65993]
Hello, I have 2 routers in AS300 RTF is connected to RTA in AS 1239 & RTG is connected to RTH in AS 701 In AS300 I have set communities via a route-map to be advertised as follows: 1239:110 to AS 1239 & 701:120 to AS 701 Routers in AS 1239 and AS 701 have been configured with a community list and a route-map to match these communities and change the local pref to 110 and 120 respectively. These work fine: Ex.AS701-H#bt Network Next HopMetric LocPrf Weight Path *> 3.3.3.0/24 190.90.10.1 120 0 300 i Ex. AS1239-A#bt Network Next HopMetric LocPrf Weight Path *> 3.3.3.0/24 180.80.10.1 0110 0 300 i AS1239 and AS701 are connected to RTE AS7018-NAP >From AS7018, I wanted to route to be preferred through AS701 which has a higher local pref of 120 BUT AS7018 still prefers the route thru AS1239 which has a local pref. And I do not see the local pref values in AS7018. Why?? Ex. AS7018-NAP#bt Network Next HopMetric LocPrf Weight Path * 3.3.3.0/24 170.70.10.20 701 300 i *> 160.60.10.20 1239 300 i 160.60.10.2 is AS1239 Now I do understand that all things being equal, BGP will prefer the router with the lowest RID, which in this case is AS1239, 160.60.100.100. Thus AS7018 chooses this route. BUT I want AS7018 to choose AS701 to get to AS300's networks!!! Question: Should AS7018 on receiving the communites from AS1239 and AS701 set the desired local pref?? Why not?? What am I missing? Please advise. Thank you. Sincerely, CN _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65993&t=65993 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Any free access to SNMP devices ? [7:65982]
Symon, Was able to ping but telnet failed. Solarwinds reported that gstudy was red only snmp string for the device identified it as a Cisco device but could not connect (needs read/write privilege) Looks like you got it set up ok --- The ideal engineer is a composite ... He is not a scientist, he is not a mathematician, he is not a sociologist or a writer; but he may use the knowledge and techniques of any or all of these disciplines in solving engineering problems. Dr. Jim Valentine MsC Sr. Network Consultant INS -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Symon Thurlow Sent: Saturday, March 22, 2003 7:37 AM To: [EMAIL PROTECTED] Subject: RE: Any free access to SNMP devices ? [7:65982] I have set up a 2500 from my lab on the web, you should be able to get SNMP info from it, the RO community string is gstudy, ip address is 217.204.228.203 You shouldn't be able to telnet to it, if I have set the access-list up correctly :) I'll leave it up for a few days. Symon -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: 22 March 2003 10:39 To: [EMAIL PROTECTED] Subject: Any free access to SNMP devices ? [7:65982] Hi everybody I want to test some features of SNMP. It is going to be at home so I have no devices to test on them. I am wondering if are there any network devices or servers providing a free access for SNMP. I mean a publicly available SNMP community (even it is RO) . Any clue would be helpful Thank you in advance Cristian = This email has been content filtered and subject to spam filtering. If you consider this email is unsolicited please forward the email to [EMAIL PROTECTED] and request that the sender's domain be blocked from sending any further emails. = = Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65990&t=65982 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN remote access via analog modem?? [7:65991]
Hi.. 1)I want to know can I can configure PIX 515 firewall to be used as for internet access and allow VPN connection from my home as well. FYI, I have only one outside interface and one leased line. How many client can connect at the same time? 2)And I am using analog modem from my home PC to access internet and no NIC, can I still connect to my office VPN. I am curious that if I dial up to internet, then I will be assigned public IP by my ISP. So, when I connect to my company VPN via internet, my PC IP will be changed to my company IP ??? Please kindly explain to me 3)I got this sample config from net about mobile VPN on PIX515, I want to know there is no command to specify the outside interface IP? or he deleted it? what password is specify in the vpngroup GROUPNAME password ? what is that for? ip address outside dhcp setroute ip address 10.0.0.1 255.255.255.0 .. ip local pool REMOTEIPPOOLS 10.0.0.210-10.0.0.220 vpngroup GROUPNAME address-pool REMOTEIPPOOLS vnpgroup GROUPNAME idle-time 1800 vpngroup GROUPNAME password xx dhcpd address 10.0.0.2-10.0.0.200 inside dhcpd leased 3600 dhcpd ping_timeout 750 dhcpd auto_config outside dhcpd enable inside _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65991&t=65991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP bestpath as-path ignore - Hidden cmd?? [7:65987]
Hello, Why is BGP bestpath as-path ignore a hidden cmd - if it indeed is?? Here is what I got: AS7018-NAP(config)#router bgp 7018 AS7018-NAP(config-router)#bgp bestpath as? % Unrecognized command AS7018-NAP(config-router)#bgp bestpath as-path ? % Unrecognized command AS7018-NAP(config-router)#bgp bestpath as-path ignore AS7018-NAP(config-router)# AS7018-NAP#rbr router bgp 7018 no synchronization bgp router-id 150.50.100.100 bgp log-neighbor-changes bgp bestpath as-path ignore Any ideas?? _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65987&t=65987 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Any free access to SNMP devices ? [7:65982]
It was supposed to be "I want to test some features of HP NNM", in my previous message.Sory for that. Thank you Symon. It is exactly what I need because I want to install Cisco Works 2000 also. Chris wrote: > Hi everybody > > I want to test some features of SNMP. It is going to be at home so I > have no devices to test on them. I am wondering if are there any network > devices or servers providing a free access for SNMP. I mean a publicly > available SNMP community (even it is RO) . > > Any clue would be helpful > Thank you in advance > Cristian Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65989&t=65982 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
AS-Path acl question?? [7:65988]
Hello, Can any explain what these EXACTLY mean? ip as-path access-list 1 permit _109_ ip as-path access-list 2 permit _200$ ip as-path access-list 2 permit ^100$ Thank you. Sincerely, CN _ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65988&t=65988 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PDM Question [7:65954]
the PDM is a useful tool for a graphical view of the configuration. If you are using your PIX to terminate VPN clients or tunnels you may stillned to use the command line to administer and configure them. This might be improved in the next release of the Operating System. Personally i agree that the CLI is still the best way to program the beast. Best of luck Steve -Original Message- From: Hartnell, George To: [EMAIL PROTECTED] Sent: 21/03/2003 20:34 Subject: PDM Question [7:65954] Hi there, I've got a 515UR failover I jus' upgraded from 5.3(1) to 6.1(4). I'd like to pop PDM on that system(s) and try that interface out. I'm a command line kind of guy, so am comfortable with CLI, but, I've heard that PDM is a worthy utility. Any words of wisdom on PDM installation? Best, G. "Nations have recently been led to borrow billions for war; no nation has ever borrowed largely for education... no nation is rich enough to pay for both war and civilization. We must make our choice; we cannot have both." -- Abraham Flexner Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65986&t=65954 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP update-source Loopback0 [7:65902]
Not necessarily. Recall that with eBGP sessions it is typical to peer with the physical address. There are times when you want to use the lo0 for eBGP (two parallel links, etc.) but you'll need to specify both ebgp_multihop and define a route to the peer's loopback. Priscilla Oppenheimer wrote: > > What's with the "update-source Loopback0" that you see popping up in BGP > examples in books and white papers with no explanation? :-) What does it mean? > > For example > > router bgp 75 > neighbor 10.100.65.1 remote-as 50 > neighbor 10.100.65.1 update-source Loopback0 > > The example I'm looking at is much more complicated and I can tell you more > if you need me to, but I don't know if the rest of the stuff is relevant to > my question about this "update-source" parameter. > > Wouldn't the router use the Loopback anyway for sending BGP messages? > > Thanks > > Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65984&t=65902 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Any free access to SNMP devices ? [7:65982]
I have set up a 2500 from my lab on the web, you should be able to get SNMP info from it, the RO community string is gstudy, ip address is 217.204.228.203 You shouldn't be able to telnet to it, if I have set the access-list up correctly :) I'll leave it up for a few days. Symon -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: 22 March 2003 10:39 To: [EMAIL PROTECTED] Subject: Any free access to SNMP devices ? [7:65982] Hi everybody I want to test some features of SNMP. It is going to be at home so I have no devices to test on them. I am wondering if are there any network devices or servers providing a free access for SNMP. I mean a publicly available SNMP community (even it is RO) . Any clue would be helpful Thank you in advance Cristian = This email has been content filtered and subject to spam filtering. If you consider this email is unsolicited please forward the email to [EMAIL PROTECTED] and request that the sender's domain be blocked from sending any further emails. = = Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65985&t=65982 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Frame Relay [7:65658]
Disregard previous. After further review, I find the ping failed because I typed in the wrong ip. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65983&t=65658 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Any free access to SNMP devices ? [7:65982]
Hi everybody I want to test some features of SNMP. It is going to be at home so I have no devices to test on them. I am wondering if are there any network devices or servers providing a free access for SNMP. I mean a publicly available SNMP community (even it is RO) . Any clue would be helpful Thank you in advance Cristian Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65982&t=65982 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Wireless LAN Support Exam [7:65625]
Duncan, I'm not sure if you're talking about the new exam or the old one that you could take in the privacy of your office (aka open book test). I haven't taken the new exam yet, but will in about 30-45 days. I'm sure it's going to be more difficult than the old test and hopefully updated. The old test had some questions and none of the answers were correct, which was a little frustrating. For the new test, I would highly recommend going to a Cisco training partner and take the Wireless SE course. The stuff on the old test was nearly impossible to find in manuals or marketing material found on Cisco's web site. I suspect the new test will be the same. Good luck! Jeffrey Reed Classic Networking, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Duncan Wallace Sent: Monday, March 17, 2003 10:22 PM To: [EMAIL PROTECTED] Subject: Wireless LAN Support Exam [7:65625] I was wondering if anyone out there has attempted the Wireless LAN Support yet, and if so, what study materials you used (other than the web site). I have been going over the CWNA for a solid background, but was looking for something with more of a Cisco flavor. Thanks in advance, Duncan Wallace 12835 SW Thunderhead Way Beaverton, Or. 97008 503-646-5707 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65978&t=65625 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What is a distributed/collapsed backbone? [7:65225]
Marc, There are two nice whitepapers about designing switched multi-layer networks on CCO. Contain lots of networks design examples, including collapsed backbones. Search for: Designing High-Performance Campus Intranets with Multilayer Switching Author: Geoff Haviland Gigabit Campus Network Design-Principles and Architecture Very valuable for anyone preparing for CID or switching. Eric - Original Message - From: "Marc Thach Xuan Ky" To: Sent: Thursday, March 13, 2003 10:17 PM Subject: Re: What is a distributed/collapsed backbone? [7:65225] > Thanks for all the replies, I haven't yet looked at Priscilla's Top Down > but probably will. I have found the official guides useful in the past > since they often come up with some unusual and Cisco-centric ideas, > which you need to know for the exams. > rgds > Marc > > aletoledo wrote: > > > > she was too modest to mention it, but you're best bet for a design > education > > is from Priscillas book. > > > > its well worth twice the price (twice the discounted bookpool price that > > is!! ;)). > > > > scott > > > > ""Marc Thach Xuan Ky"" wrote in message > > news:[EMAIL PROTECTED] > > > Hi all, > > > I thought I'd do 640-025 CID before it disappears, so I started reading > > > the Ciscopress book, CID exam certification guide. Now in chapter 2, > > > section "Issues facing campus LAN designers" (I'm using Safari books > > > online so I don't know the page number) it shows figs 2.4 and 2.5 > > > distributed and collapsed backbones respectively. The distributed > > > backbone shows per floor, one router and one switch, the collapsed > > > backbone shows a single router for the building fanning out to one > > > switch per floor. Fair enough I guess, but the scenario 1, Q2 in the > > > same chapter asks what backbone to use in a particular case and then > > > answers it with "distributed backbone" and a picture fig 2.8 that looks > > > rather like the collapsed backbone shown earlier. I obviously have to > > > learn Ciscospeak for the exam so can anybody tell me, which is it? > > > rgds > > > Marc Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65977&t=65225 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Difference on L3 switching of Cat4500 and Cat6 [7:65832]
Thanks for the enlightening explanation, Priscilla. I know experts like you in this group will not let some funny answers go, that would confuse the subject more... thanks again Thanks also to others who answered... - Original Message - From: "Priscilla Oppenheimer" To: Sent: Friday, March 21, 2003 2:04 AM Subject: Re: Difference on L3 switching of Cat4500 and Cat6 [7:65832] > Robert Edmonds wrote: > > > > Actually, Multiprotocol Label Switch is MPLS. MLS is > > MultiLayer Switching. > > This refers to a switch that can do not noly what Kiran said > > about L3 > > switching, but can make forwarding decisions based on higher > > level > > protocols, such as tcp, udp, etc. > > Oh dear, this has really gotten funny. > > MLS is neither MPLS nor switching based on multiple OSI layers. > > MLS refers to a route/switch architecture in which the forwarding and > routing jobs (layers or modules) are assigned to two different pieces of > hardware. A router module learns how to reach destinations, handles the > first set of packets to a destination, and then tells a switching module how > to handle subsequent packets for that flow. Some high-end routers do this > (with VIPs, etc.) and some high-end switches can do it also, either with the > help of an outside router or by using built-in feature cards. > > MLS is often used to specifically refer to the architecture and features on > a Cat 5000 and 6000 that enable this division of tasks. There are three > components (or layers) to the MLS architecture on these switches: > > MLS Route Processor (MLS-RP) > MLS Switching Engine (MLS-SE) > Multilayer Switching Protocol (MLSP) > > The router part talks to the switching part using MLSP. This allows the > switching part to develop a cache that enables "shortcut switching" of > packets. > > That's just one way of handling the necessary tasks, however. > > Take the 8500 "switch" as an example of another way of handling the problem. > It can run the entire IOS and act just like a traditional router, only > faster. It has a Switch Route Processor that handles routing functions at > high speeds. Just to confuse matters, it behaves a little differently from > the Route Switch Processor available on other platforms. :-) > > Unfortunately, I don't know much about the Catalyst 4000, which was > mentioned in the original question. But from what I understand about it, > it's basically a router with switch ports. Its architecture is more like the > 8500. It runs most of IOS and can do routing protocols, including BGP, OSPF, > etc. It can forward packets at high speeds based on Layer 3 info or Layer 2 > info. It's a router on steroids, whereas a Cat 5000 or 6000 with MLS is a > switch that has been told how to forward packets that normally a router > would handle. > > Which method is better? Neither one, though they have their pluses and > minues. Really, you just have to realize that all these options came out > during the dot com craze when Cisco had thousands and thousands of employees > all working to solve the same problem, gobs of money to buy companies with > products that all sovled the same problem, etc. So in true Cisco style, you > can accomplish the exact same thing (fast forwarding of packets) in a bunch > of different ways. > > ___ > > Priscilla Oppenheimer > www.troubleshootingnetworks.com > www.priscilla.com > > > > > > > > ""Kirankumar Patel"" wrote in message > > news:[EMAIL PROTECTED] > > > Dear > > > > > > L3 switching is nothing but switch acting as a router. > > > > > > MLS -- Multiprotocol Label Switch -- Can enables routers to > > make > > forwarding > > > decisions based on short labels, thereby avoiding the complex > > > packet-by-packet look-ups used in conventional routing. > > > > > > With MLS, can run faster then ATM switch. > > > > > > Regards, > > > > > > Kiran > > > > > > > > > >From: "Neil Arlante" > > > >Reply-To: "Neil Arlante" > > > >To: [EMAIL PROTECTED] > > > >Subject: Difference on L3 switching of Cat4500 and Cat6500? > > [7:65802] > > > >Date: Thu, 20 Mar 2003 02:56:26 GMT > > > > > > > >Hi group, > > > > > > > >What is the difference between L3 switching capabilities of > > 4500 and > > 6500? > > > >Catalyst 4500 docs mentioned it support L3 switching, but > > not MLS. What > > is > > > >the > > > >main difference between L3 switching of 4500 and MLS of 6500? > > > > > > > >TIA > > > > > _ > > > Cricket World Cup 2003 > > http://server1.msn.co.in/msnspecials/worldcup03/ > > > News, Views and Match Reports. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65980&t=65832 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN Callback Config [7:65649]
I just got ISDN for my lab and am trying to set up a call back. I am using an 801 and a 3620. Config of Interface on the 3620 interface Dialer 60 description Connection for home lab ip address 10.69.240.237 255.255.255.252 encapsulation ppp dialer pool 1 dialer remote-name cisco801 dialer callback-secure dialer idle-timeout 55 dialer callback-secure dialer string xx dialer-group 1 ppp callback accept ppp authentication chap ppp chap password 0 stortCisco ppp multilink 801 Config interface BRI0 no ip address no ip directed broadcast encapsulation ppp dialer pool-member 1 isdn-switch-type basic net3 ppp callback request ppp authentification chap Without the call back it was working fine , now it breaks the connection right after dialing in. Is this a a chap problem? Am I missing a command perhaps. thanks stuart Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65979&t=65649 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE written R&S [7:65972]
Bro.. Be easy, just follow the blue print for the written exam and make sure you understand the material. If at anytime you feel you don't understand something look it up on CCO and if still uncertain just post your questions here and I am sure someone will be able to help. Once you feel confident for the sit down try some practice exam (Boson) before you actually site for the test. Enjoy the ride. ""rbx10 Defcom"" wrote in message news:[EMAIL PROTECTED] > To All the CCIEs out there: > > I'm a newbie to CCIE...:-) > I'm currently trying to prepare for my written Exam > And honestly it's very puzzling and scary > > These are the books that I have read so far: > > LAN switching, Clarks > Routing with TCP/IP I, Doyle > Internet Routing Architecture, Sam Halabai > > I fear that the above books are not enough. I'm also going to read every > last one of the Cisco recommended links. > > I was wondering if you could please tell me: > > 1) What book do I use to study for IP Multicast, QOS, and Multiservice. > 2) What should I focus on the most (Especially For those of you who > recently took the exam) > 3) If I need to buy more books > > > Thank you all very much in advance for your response. > > rbx10, > CCNA > CCNP > CCIE in training Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65976&t=65972 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
