RE: Can you rename flash? [7:70722]
I experienced similiar trouble just last week. Mine was when I added flash one flash became 8-mg write/ read and the other 8-mg read only. Stopping the file transfer due to lack of space. If your flash is read only you need to convert that which is as far as I'm capable of getting .. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70838&t=70722 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: STP problem [7:70797]
"" Riley"" wrote in message news:[EMAIL PROTECTED] > What an interesting scenario! If I understood your message correctly, the > network picture is something like this: > > > Wired Network -Cat-Wireless Network > |User| > > Your problem is that the user is bridging the wired and wireless (and so is > the Cat), which means there are two functioning links (bridges) between the > wireless and wired. > > Your real problem is even if you track this user down and beat them severaly > with an AP antenna until his MCSE falls on the floor,this problem is going > to repeat itself with the next user who has a similar wired/wireless card. > > So...it's a long day and I can't think of the specific commands or > syntax or what I had for lunch, but configure the cat port that the wireless > AP is connected to to make it the root bridge such that it will always beat > the out of any wanna be bridges, thus ensuring that the rogues block. > > Sorry, can't be more specific than this, but my brain is frazzled so right > now, I think STP is something you put in your car...but maybe it will help > with your problem... > > HTH anyway, > > Charles nice to see you here again, Charles. Where you been keeping yourself? :-> I like your layout. Like the other guy said, though, I'm not sure a Windoze machine would bridge between these tow interfaces. Of course, I ould be wrong. It could also be that the integrated ethernet / wirelss card is broken for wahtever reason. Nothing would surprise me I put in a Linksys wireless network here at home, and put my wife and the kids on the wireless. My wife's laptop has a PCMCIA nic and a built in ethernet port. wonder if I could get her off the internet long enough to let me try a test or two. she's really loving being able to sit on the back deck and cruise. :-> don't be such a stranger, guy. > > > ""Christopher Dumais"" wrote in message > news:[EMAIL PROTECTED] > > Hi all, > > We are having an STP problem where we think a user with an integrated > > wireless and LAN NIC is creating a bridge loop and bringing down the > entire > > network. The problem occurs then goes away after 20 or so minutes unless > we > > can narrow down which closet it is coming from and reboot the switch. All > of > > our management tools die during the outage. Does anyone have any ideas on > > how we might prevent this from happening or track down the offender? We > have > > 6509's in our Core and a mix of 3548's and 3550-SMI. Any thoughts are > > appreciated. Thanks! > > > > Chris Dumais, CCNP, CNA > > Sr. Network Administrator > > NSS Customer and Desktop Services Team > > Maine Medical Center > > (207)871-6940 > > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70833&t=70797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: STP problem [7:70797]
My hub is calling me to dinner so I have to make this quick. The access point that I'm most familiar with is the Apple airport. It's essentially a router. It connects 2 subnets and does DHCP and NAT. It can also be put into bridging mode, in which it is transparent and connects devices in the same subnet. I doubt it does STP. I hadn't noticed that the originial poster said wireless NIC. That seems sort of unlikely to cause major problems I agree. I sketeched out some simple loops though. They certainly could happen. Wish we had whiteboard capability on GroupStudy. Gotta run. The hub made dinner! :-) Priscilla The Road Goes Ever On wrote: > > ""Zsombor Papp"" wrote in message > news:[EMAIL PROTECTED] > > At 08:34 PM 6/17/2003 +, Priscilla Oppenheimer wrote: > > >Access points can be configured to do bridging and I > wouldn't be > surprised > > >to discover that they don't do STP, especially low-end ones > from the > local > > >KMart. A lot of low-end switches don't do STP either. > > > > Yet they filter out BPDUs? If they don't, then assuming proper > > configuration on the "high end" switches, can there be really > loop? > > > > > So, the access point > > >would have to be inserted into the network just right so > that it caused a > > >loop, but that's certainly possible. In that case all the > looping > broadcast > > >traffic, not to mention looping unknown unicast traffic, > could bring a > > >network to its knees. > > > > > >I'm surprised so many people doubted his decription of the > problem!? > > > > A 6509 can switch multiple gigabits of traffic without any > problems. You > > would need quite a few wireless loops to kill such a box. I > might be > > missing something but I still doubt that "a user with an > integrated > > wireless and LAN NIC" can kill bring down a network of 6509 > and 3550 > > switches. > > > Not knowing firsthand, I've checked the Cisco documentation. > For the 1200 > series of AP's, at least, I can find no reference to spanning > tree. Not > saying it isn't there. Just saying I see no reference. > > every AP with which I am familiar has but a single ethernet > port. It is > essentially a hub, although some of the vendors have some pretty > sophisticated capability build in as part of their firmware and > OS. I've > been working with Proxim on a deal, with 802.1x port based > authentication. > The particular Proxim device creates virtual ports for end > stations, and > communicates with radius to ensure that the user can > authenticate against > the 802.1x database, even as the user moves from AP to AP. > > It is not inconceivable that putting in a series of wireless > AP's could > create a loop somewhere. Particularly if there are rogue > devices out there > and someone is wandering among them. Just thinkking out loud, > but the switch > would see a user MAC comming into different ports as the user > moved around. > > Thinking out loud again, with an authorized and reasonably > thought out > wireless installation, all your AP's would be in the same > subnet/vlan and > users wandering from AP to AP would cause no problems becasue > to the back > room switch the user mac would be on the same vlan as it moves. > as far as > the switch is concerned, nothing untoward has happened. > > Unless something is terribly wrong - i.e. major bug in the AP > software - > users cannot be connected to more than one access-point > simultaneously ( if > they could, that might cause loop problems ) generally, the > wireless nic > firmware negotiates connection to the AP with the strongest > signal in a > mobile situation. > > Once in a while I see a comment that leads to believe that > there may be some > misunderstanding about the term "bridge" when used in > conjunction with > wireless. > > A wireless bridge is a device for point to point wireless > communication with > another wireless bridge. It is more like a serial link than > what most folks > think of when they hear the term "bridge". one of those > newfangled terms > that is in the purist sense misused, but neverless is used > differently than > in the world of switches. > > So, one way for wireless, with it's single ethernet port, to > create a loop > would be for it to bridge to anther AP, which in turn is > plugged into the > same switch. Loops would form and the ensuing broadcast storm > could wreak > havoc. > > > > > > > > > > Thanks, > > > > Zsombor > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70836&t=70797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: STP problem [7:70797]
""Zsombor Papp"" wrote in message news:[EMAIL PROTECTED] > At 08:34 PM 6/17/2003 +, Priscilla Oppenheimer wrote: > >Access points can be configured to do bridging and I wouldn't be surprised > >to discover that they don't do STP, especially low-end ones from the local > >KMart. A lot of low-end switches don't do STP either. > > Yet they filter out BPDUs? If they don't, then assuming proper > configuration on the "high end" switches, can there be really loop? > > > So, the access point > >would have to be inserted into the network just right so that it caused a > >loop, but that's certainly possible. In that case all the looping broadcast > >traffic, not to mention looping unknown unicast traffic, could bring a > >network to its knees. > > > >I'm surprised so many people doubted his decription of the problem!? > > A 6509 can switch multiple gigabits of traffic without any problems. You > would need quite a few wireless loops to kill such a box. I might be > missing something but I still doubt that "a user with an integrated > wireless and LAN NIC" can kill bring down a network of 6509 and 3550 > switches. Not knowing firsthand, I've checked the Cisco documentation. For the 1200 series of AP's, at least, I can find no reference to spanning tree. Not saying it isn't there. Just saying I see no reference. every AP with which I am familiar has but a single ethernet port. It is essentially a hub, although some of the vendors have some pretty sophisticated capability build in as part of their firmware and OS. I've been working with Proxim on a deal, with 802.1x port based authentication. The particular Proxim device creates virtual ports for end stations, and communicates with radius to ensure that the user can authenticate against the 802.1x database, even as the user moves from AP to AP. It is not inconceivable that putting in a series of wireless AP's could create a loop somewhere. Particularly if there are rogue devices out there and someone is wandering among them. Just thinkking out loud, but the switch would see a user MAC comming into different ports as the user moved around. Thinking out loud again, with an authorized and reasonably thought out wireless installation, all your AP's would be in the same subnet/vlan and users wandering from AP to AP would cause no problems becasue to the back room switch the user mac would be on the same vlan as it moves. as far as the switch is concerned, nothing untoward has happened. Unless something is terribly wrong - i.e. major bug in the AP software - users cannot be connected to more than one access-point simultaneously ( if they could, that might cause loop problems ) generally, the wireless nic firmware negotiates connection to the AP with the strongest signal in a mobile situation. Once in a while I see a comment that leads to believe that there may be some misunderstanding about the term "bridge" when used in conjunction with wireless. A wireless bridge is a device for point to point wireless communication with another wireless bridge. It is more like a serial link than what most folks think of when they hear the term "bridge". one of those newfangled terms that is in the purist sense misused, but neverless is used differently than in the world of switches. So, one way for wireless, with it's single ethernet port, to create a loop would be for it to bridge to anther AP, which in turn is plugged into the same switch. Loops would form and the ensuing broadcast storm could wreak havoc. > > Thanks, > > Zsombor Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70832&t=70797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Technology, Certification, Skill Sets, and Looking [7:70816]
The Road Goes Ever On wrote: > > ""Priscilla Oppenheimer"" wrote in > message > news:[EMAIL PROTECTED] > > > > Someone also just sent me a URL to this newspaper article > that points out > > the importance of learning business practices, not just > particular > > technologies. It's a good read: > > > > http://www.startribune.com/stories/789/3936460.html > > > > An interesting artivcle, and one with some nuggets of good > advice, > particularly for those new to the business cycle. For those who > have been > seeing articles like this over the past twenty years or so, > this article > reinforces good advice, much along the lines that NRF has > offered in other > threads that appear regularly on Groupstudy. Good advice is > timeless, and > the advice in this article, which reiterates similar outlooks > as have > appeared in the business press over the past couple of decades > remains true. > > Way back when I was learning things and formulating my own > technology > philosophy, I was blown away by three things I read - Peter > Keens book > Competing in Time, Paul Strassman's book The Business Value of > Computers, > and an obscure article written by an economist working for the > Chicago > Federal Reserve Bank. Each of these sources in its own way says > similar > things from a higher level. The Fed study was a short and > simple one, but of > all the business sources I have read, still seems the most > relevant. The > gist of the study was that investment in infrastructure yielded > high returns > in productivity. The author was reporting on government > investment in > physical infrastructure such as roads, water treatement, and > the like, but a > clever studentworking towards his master degree while going to > night school > ran with that theme and wrote a master's thesis which earned him > departmental honors. Was that you? :-) Sounds interesting. Thanks for commenting on the article. I thought it made some good points. Priscilla > > Anyone in the technology field, whether it be IT Management, > Consulting, or > even something as seemingly mundane as sales, should ALWAYS be > aware of the > business value of technology. Over the past 15 years or so it > has been > technology which has driven productivity. > > The dark side is that technology changes, and has a way of > becoming more > appliance like, meaning that what as skilled labor yesterday is > out of the > box tomorrow. Thin about it. All you folks who are AVVID > experts and > therefore in high demand. How long before AVVID is nothing more > than another > PBX, and routers self configure for QoS? Think the telco > employee who drives > the truck and installs your DSL is making 100K? not likely. > > So yes - keep your skills up to date, so you don't end up like > the guy in > the article. My own opinion is that one must always consider > the value to > business for any skill set one pursues. > > JMHO > > NRF - your comments are always welcome on topics such as these. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70835&t=70816 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: mode enable on aaa authentication [7:70800]
If you have Cisco ACS server 2.x and 3.x, under any Group Properties/TACACS Settings, select Shell(exec) and put level 15 for "privilege levels". First Case: "Shell/exec" dictates initial login level of access. The access level can be as high as 15, which means you login to the "enable privileged" prompt directly. "enable options" on ACS have no effect Second Case: Not using "Shell/Exec option", but using "enable options" in conjunction with device "enable" aaa authentication command: -- aaa authentication enable default tacacs+ enable Initially, you login to level 1 (basic user level). When you enter "enable" command, your password (checked against ACS servers) will determine your next level of access. This password is usually is your initial login password Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70837&t=70800 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Split horizon affecting OSPF [7:70834]
Does split horizon affect distance-vector routing protocols (RIP, IRGP, EIGRP) only? Or OSPF/IS-IS are also affected? Thanks. -Jim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70834&t=70834 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: STP problem [7:70797]
I seem to recall a similar problem when MS released one of the first beta versions of XP. I don't recall the exact details right off but I know it involved a laptop (generally) with a wireless NIC and Windows XP, resulting in the catastropic meltdown of Cisco switched networks. I will see if I can locate some more details, but it may be something to look into. HTH > Christopher Dumais wrote: > >>Hi all, >>We are having an STP problem where we think a user with an integrated >>wireless and LAN NIC is creating a bridge loop and bringing down the entire >>network. The problem occurs then goes away after 20 or so minutes unless we >>can narrow down which closet it is coming from and reboot the switch. All > > of > >>our management tools die during the outage. Does anyone have any ideas on >>how we might prevent this from happening or track down the offender? We > > have > >>6509's in our Core and a mix of 3548's and 3550-SMI. Any thoughts are >>appreciated. Thanks! >> >>Chris Dumais, CCNP, CNA >>Sr. Network Administrator >>NSS Customer and Desktop Services Team >>Maine Medical Center >>(207)871-6940 >>[EMAIL PROTECTED] > -- Thomas Crowe Senior Engineer / Senior Architect EMC Proven Professional, Master Architect EMC Proven Professional, Master+ Operator CTS Professional Services, Atlanta Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70830&t=70797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: serial interface discards [7:70752]
Thanks for all the advice. I'm going to definitely use most of what was posted. I appreciate the help. -Nate - Original Message - From: "Priscilla Oppenheimer" To: Sent: Tuesday, June 17, 2003 11:50 AM Subject: Re: serial interface discards [7:70752] > Nate wrote: > > > > It is entirely possible that the monitoring software (Lucent > > Vital Net) is > > showing something other than discards. > > Your monitoring software probably uses the word "discard" for "drop" and is > just doing what you have already done, which is "show int." As we have all > said, output drops on a serial interface are almost always caused by simply > too much traffic. You said that bandwidth usage wasn't the issue, but I > agree with the other poster that you may not be getting an accurate picture > because of the 5-minute exponential nature of the load stat. See Brad's > excellent advice about changing this. > > You said something about 2 redundant links. Which link is actually getting > used? Is load balancing supposed to be occuring? Maybe only one link is > getting used and it's overwhelmed. Trace-route might help you with that. > Also examining the routing table should help. > > Your monitoring software may mean something else by "discard." I'm still > worried about the tunnel. If I understand it correctly, you've added headers > to the traffic to support IPSec. That can cause packets to be too big to > support the MTU of the interface. These packets must get "discarded." > > Unfortunatlely, the only way I know to determine if packets are getting > discarded due to an MTU issue is with "debug ip packet detail" which is > risky on a production network. Well, the other way, is a WAN sniffer or > Ethernet sniffers on both ends of the WAN link to see what's getting across > and what isn't and to monitor for any ICMP errors. > > Folks, how else could he determine if there's an MTU issue? > > Finally, one last comment to echo Brad's comment. If users aren't > complaining, don't worry about the drops! Seriously. As HCB would say, "what > problem are you trying to solve?" Good luck with it, regardless. :-) > > Priscilla > > > > Unfortunately, that > > software doesn't > > tell us what kind of discards. The interface information > > doesn't reflect > > what the monitoring sotware is showing so there is no way to > > confirm. > > > > -Nate > > > > - Original Message - > > From: "Priscilla Oppenheimer" > > To: > > Sent: Monday, June 16, 2003 10:59 PM > > Subject: RE: serial interface discards [7:70752] > > > > > > > You started the thread by saying that your monitoring > > software is saying > > > that there are discards. What monitoring software is it? Are > > you sure it's > > > referring to the drops that "show int" is displaying? Maybe > > it means > > > something else by "discard." > > > > > > Priscilla > > > > > > Nathan wrote: > > > > > > > > Basically, we have two paths: One going to the internet, > > and > > > > one going > > > > to the Corporate WAN. We also have redundancy so that if > > > > either pipe > > > > goes down, the other can be used for whatever service is > > > > missing. In > > > > order to do redundancy for the pipe going to Corporate WAN, > > we > > > > needed a > > > > netscreen and a Tunnel Interface (netscreen for GRE and > > Tunnel > > > > for > > > > IPSEC). We are also using EBGP for the Corporate WAN > > > > redistributing > > > > into EIGRP internally. The access list is used so that > > EIGRP > > > > won't > > > > accept default routes from the Internet pipe going to the > > > > remote site. > > > > I'm not sure if there are any MTU issues with it but as far > > as > > > > high > > > > utilization, the traffic is only showing a max / day of > > 20-30% > > > > so I > > > > don't think bandwidth is the issue. > > > > > > > > I would agree that discards are unavoidable in a FA or GE > > > > environment, > > > > but prior to adding the internet circuit as the default > > route > > > > for the > > > > site, there were no discards. > > > > > > > > I have been to that site but the scenario is different from > > > > mine. > > > > > > > > > > > > -Original Message- > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > > > Sent: Monday, June 16, 2003 4:29 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: Re: serial interface discards [7:70752] > > > > > > > > > > > > Nate wrote: > > > > > > > > > > well, it's a ESF Full T1. > > > > > > > > What feeds into the T1? If it's a busy Ethernet, especially > > > > Fast or > > > > Gigabit Ethernet, drops are unavoidable. Even though your > > stats > > > > show > > > > that the T1 utilization is only 23/255 (less than 10%), the > > > > stats show a > > > > moving average for the last 5 minutes, but the drops are > > since > > > > the last > > > > time you cleared the counters, 6 hours ago. So at some > > point, > > > > you > > > > probably had too much data to send over the 1.5Mbps T1. > > > > > > > > You need to watch it carefu
Re: STP problem [7:70797]
Sorry, I should have done the search first. Came up first link in google... padding padding padding http://cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00605.html > Christopher Dumais wrote: > >>Hi all, >>We are having an STP problem where we think a user with an integrated >>wireless and LAN NIC is creating a bridge loop and bringing down the entire >>network. The problem occurs then goes away after 20 or so minutes unless we >>can narrow down which closet it is coming from and reboot the switch. All > > of > >>our management tools die during the outage. Does anyone have any ideas on >>how we might prevent this from happening or track down the offender? We > > have > >>6509's in our Core and a mix of 3548's and 3550-SMI. Any thoughts are >>appreciated. Thanks! >> >>Chris Dumais, CCNP, CNA >>Sr. Network Administrator >>NSS Customer and Desktop Services Team >>Maine Medical Center >>(207)871-6940 >>[EMAIL PROTECTED] > -- Thomas Crowe Senior Engineer / Senior Architect EMC Proven Professional, Master Architect EMC Proven Professional, Master+ Operator CTS Professional Services, Atlanta Office Phone: 770-664-3900 Cell Phone: 678-521-0360 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70831&t=70797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: encap for ethernet interface ? [7:70802]
brian dell wrote: > > say if cdp is enabled for an interface, then since cdp uses sap > encapsulation (as Priscilla mentioned), then i don't think one > configures encapsulation for that interface as sap ? > > the question is that why is this statement ("encap sap")in the > configuration not needed if an interface has cdp enabled ? > (i guess "encap arpa" is by default understood for an ethernet > interface ? is that correct ? ) No. There's no default for an interface. There's only defaults for particular protocols. CDP uses snap (not sap). IP uses ARPA. Spanning Tree uses sap. Novell users novell-ether. With the exception of Novell, VLAN tagging, and ARP, you can't change the encapsulation that will be used for Ethernet frames for the various protocols. Try it on a real router. It's nothing like changing encapsulation on a WAN, which causes all traffic across the WAN link to use that encapsulation. Here are some hints: Albany#config t Enter configuration commands, one per line. End with CNTL/Z. Albany(config)#ipx routing Albany(config)#int e0 Albany(config-if)#ipx network 400 encapsulation ? arpa Novell Ethernet_II hdlc HDLC on serial links novell-ether Novell Ethernet_802.3 sap IEEE 802.2 on Ethernet, FDDI, Token Ring snap IEEE 802.2 SNAP on Ethernet, Token Ring, and FDDI Albany(config-if)#ipx network 400 encapsulation snap Albany(config-if)#ipx network 100 encapsulation arpa secondary Albany(config-if)#ipx network 200 encapsulation sap secondary Albany(config-if)#ipx network 300 encapsulation novell-ether secondary Albany#config t Enter configuration commands, one per line. End with CNTL/Z. Albany(config)#int e0 Albany(config-if)#arp ? arpa Standard arp protocol frame-relay Enable ARP for a frame relay interface probeHP style arp protocol snap IEEE 802.3 style arp timeout Set ARP cache timeout Albany(config-if)#arp snap If you try just the encapsulation command in interface configuration mode, you get a choice of VLAN tagging methods. I can't show you that because my routers don't support it. VLAN tagging is a topic for another disertation, not really related to the question you are asking. Priscilla > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70829&t=70802 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: encap for ethernet interface ? [7:70802]
say if cdp is enabled for an interface, then since cdp uses sap encapsulation (as Priscilla mentioned), then i don't think one configures encapsulation for that interface as sap ? the question is that why is this statement ("encap sap")in the configuration not needed if an interface has cdp enabled ? (i guess "encap arpa" is by default understood for an ethernet interface ? is that correct ? ) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70826&t=70802 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: STP problem [7:70797]
At 08:34 PM 6/17/2003 +, Priscilla Oppenheimer wrote: >Access points can be configured to do bridging and I wouldn't be surprised >to discover that they don't do STP, especially low-end ones from the local >KMart. A lot of low-end switches don't do STP either. Yet they filter out BPDUs? If they don't, then assuming proper configuration on the "high end" switches, can there be really loop? > So, the access point >would have to be inserted into the network just right so that it caused a >loop, but that's certainly possible. In that case all the looping broadcast >traffic, not to mention looping unknown unicast traffic, could bring a >network to its knees. > >I'm surprised so many people doubted his decription of the problem!? A 6509 can switch multiple gigabits of traffic without any problems. You would need quite a few wireless loops to kill such a box. I might be missing something but I still doubt that "a user with an integrated wireless and LAN NIC" can kill bring down a network of 6509 and 3550 switches. Thanks, Zsombor Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70825&t=70797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Internet is very slow behind Pix 515E UR [7:70783]
"100basetx" is 100MB, half duplex. Try "interface ethernet0 100full" and "interface ethernet1 100full" instead. Make sure that whatever is on the other side of the outside interface is 100/full or auto too. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 10:19 AM To: [EMAIL PROTECTED] Subject: Internet is very slow behind Pix 515E UR [7:70783] Whenever I access the web site which is behind the Pix firewalls, the speed is really slow. I bypassed the firewall and accessed the same site and it's fast! I checked my settings and made sure all the connected devices are running at 100 and full duplex, they all are! I mean why this is happening ... is it because the pix have to inspect each packet! The Bandwidth from the service provider is 64k. Any Idea Please. Any ideas? The Pix version is 6.1 besides this is satellite connection The internal Address range is 191.1.1.0-191.1.1.254 255.255.0.0 Outside address range is 10.15.9.163-183 255.255.255.224 Default Gateway: 10.15.9.62 255.255.255.224 DNS1: 195.238.62.1 DNS2: 195.238.40.30 AN# show config : Saved : PIX Version 6.1(4) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 intf2 security10 enable password kC9ZDwfWejkBqApp encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname AN domain-name ciscopix.com fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names access-list acl_in permit icmp any any access-list acl_in permit udp any any access-list acl_in permit tcp any any pager lines 10 logging buffered debugging interface ethernet0 100basetx interface ethernet1 100basetx interface ethernet2 auto shutdown mtu outside 1500 mtu inside 1500 mtu intf2 1500 ip address outside 10.15.9.163 255.255.255.224 ip address inside 191.1.1.85 255.255.0.0 ip address intf2 127.0.0.1 255.255.255.255 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 10.15.9.164-10.15.9.180 global (outside) 1 10.15.9.181 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 access-group acl_out in interface outside access-group acl_in in interface inside route outside 0.0.0.0 0.0.0.0 10.15.9.163 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius http server enable no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable no sysopt route dnat telnet 0.0.0.0 0.0.0.0 inside telnet timeout 5 ssh timeout 5 terminal width 80 Cryptochecksum:97ca54591b41f6b215dabb457fe7c9de AN# Ismail Al-Shelh [GroupStudy removed an attachment of type image/gif which had a name of image001.gif] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70809&t=70783 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: number of CCIE [7:70151]
> Those three have pretty much echoed my themes. Hansang, in fact, has > admitted that he accelerated his ccie studies so that he would take (and > pass) the 2-day exam because he didn't want to run the risk of being known > as an "asterisk-ccie" (meaning the one-day ccie). I know someone who took both the two day and one day. He felt the one day was harder. He might have been an exception, I do not know any other two dayers who took a one day. He was R&S first, then he just got a Security one to get the double. Of all the CCIEs I do know, none of them ever wanted to really take it again (except one other CCIE I know... he wants to see if he still got the touch!) While I agree to some degree about how the "old style" might have been "harder" to some degree, I feel it is more of a preference. I think depending on the kind of problem solver you are, one will appear easier than the other and vice versa. I only took the one day, and all I have to say is it is a real speed torture exam. One slip up, and it's pretty much over. You have a SLIGHT margin of the error and that is only if you are very fast, both in the mind and on the keyboard. This is not to say if you are slower you are necessarily any less qualified, just, some people do not type as fast or take longer to formulate a very solid plan anyway. Those people suffer greatly from this new format. This is also probably why I got some seriously mixed reviews from different CCIEs in terms of the difficulty of the exams (be it one day or two day). For the record, the one day exam was more suited to my style than the two day sounded like. Oh well, I will never have a direct comparison now. The same was said about the two day as well in terms of speed but with some ancillary tricks such as the physical element, etc. I suppose that is good to know, but hey, nothing 5 minutes couldn't figure out on a web page. The troubleshooting element was definitely a sorely missed element from the two day lab, but trust me, with the one day it is a dynamic truobleshooting element built in. It is VERY easy to break your working network while you perform the exam. Unfortunately, because it is more speed driven and because the content, while jam packed, is probably 'less', it also means it might be more prone to some form of bootcamp brain dumpage. But this is not really conclusive. It might just be that, the CCIE is becoming "more popular" and people have recently tapped into this market. The drop in Cisco gear pricing on the used market probably had a LOT to do with bringing down this barrier to entry. Regretably, it is difficult to say whether or not it is the slippery slope we are going up if we really believe a one day exam is instantly easier than a two day and that is the reason why there are more CCIEs per month, or if it is because the failure rate is the same, and the expected value of passing CCIEs goes up due to the higher volume of candidates per month. Whether or not it is easy or not, I cannot say. I encourage any CCIEs of the two day to take a one day and see how it is. I only know of one who did it, and he felt it was worse than the two day lab. But, like I said, different types of people, different types of problem solvers. Might be easier for some. One thing is true though. By law of numbers, even if the percentage rate of failure IS the same, since the NET number of CCIES passing is higher, by supply and demand the value of the CCIE is dropping. (someone else mentioned this as well). If the percentage of failure is even lower... then the value just drops exponentially. :) As for having a lower CCIE number, I do not care, I do not know. Most of the really older CCIE numbers I know tend to be mediocre with the new technology and are sick of knob turning anyway (although some are still verry good). The medium numbers seem to be the best. ;) The ones on the highest numbers end seem to be a mixed bag. And while someone said the "higher number ones" have "less experience" that should not be true in theory since the CCIE was designed for people who already worked in the networking field for years. However, I will agree in practice, that does seem to happen often (higher numbers, less experience). I think as with all things in life, take the individual on a case to case basis. You are going to find good and bad apples in every basket. The CCIE is still a very good certification, I do not think anyone is denying that. But I do not think it is clear if it is blatantly easier now. -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70806&t=70151 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: serial interface discards [7:70752]
>The interface information doesn't reflect > what the monitoring software is showing so there is no way to confirm. > -Nate I have this problem often and always trust the router's interface statistics over monitoring software reports. get iperf (http://dast.nlanr.net/Projects/Iperf/) & generate large blasts of traffic through the link and see if you can cause the "discards" being recorded by the monitoring software to increment. This should help to determine if the discards are really just output drops related to bursts of traffic, in which case you can not worry about it or implement some sort of congestion management if it actually causes a problem. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70822&t=70752 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: serial interface discards [7:70752]
Brad Dodds wrote: > > >The interface information doesn't reflect > > what the monitoring software is showing so there is no way to > confirm. > > -Nate That got me wondering. Maybe discard just means that the monitoring software isn't keeping up? It has to discard packets and not analyze them because it's slow or too busy. I've certainly seen that. It's just a thought. Can't say anything for sure without more info. Better get back to work! :-) Priscilla > > I have this problem often and always trust the router's > interface statistics > over monitoring software reports. > > get iperf (http://dast.nlanr.net/Projects/Iperf/) & generate > large blasts of > traffic through the link and see if you can cause the > "discards" being > recorded by the monitoring software to increment. > This should help to determine if the discards are really just > output drops > related to bursts of traffic, in which case you can not worry > about it or > implement some sort of congestion management if it actually > causes a > problem. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70823&t=70752 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: STP problem [7:70797]
Access points can be configured to do bridging and I wouldn't be surprised to discover that they don't do STP, especially low-end ones from the local KMart. A lot of low-end switches don't do STP either. So, the access point would have to be inserted into the network just right so that it caused a loop, but that's certainly possible. In that case all the looping broadcast traffic, not to mention looping unknown unicast traffic, could bring a network to its knees. I'm surprised so many people doubted his decription of the problem!? Anyway, finding it will be hard, though there's good advice from Tom and others. I think I would revert to an old-fasioned communications channel. Announce over the loud speaker that if you just connected a wireless access point, disconnect it now and report to the office! :-) Priscilla Tom Martin wrote: > > Chris, > > STP should be enough to avoid these types of problems. In order > to cause > a bridging loop the station would have to have both interfaces > in the > same VLAN and forward all L2 traffic except for BPDUs. Even if > this were > the case the wireless network (10-Mbps?) shouldn't be enough to > bring > the LAN to its knees (100-Mbps?). If you have STP enabled on > all of your > switches, I'm doubt that a single station is bringing the > network down. > > Once you find the offending switch that you need to reboot, you > can > issue console commands to determine the root bridge and any > blocked > ports. Make sure that things are normal. You do have your root > bridge > set manually, don't you? :) > > To find out which port is causing the loop, take a look at the > interface > counters. You should see an unreal amount of traffic on the > offending > port (and the uplink to the core switch). > > When STP has been enabled I have only come across layer-2 loops > twice. > Once when a few HP switches had gone bad, and another time when > a > customer had configured channeling on one side but not the > other (3500 > series, no channel negotiation). > > In both cases I found that the problem was made worse with > increasing > traffic levels, and the problem also revolved around the same > set of > switches. The channeling problem was a bit more difficult to > narrow down > though, since it disabled MLS on the core switch and every > segment > appeared to have problems!!! > > I hope that helps, > > - Tom > > > Christopher Dumais wrote: > > Hi all, > > We are having an STP problem where we think a user with an > integrated > > wireless and LAN NIC is creating a bridge loop and bringing > down the entire > > network. The problem occurs then goes away after 20 or so > minutes unless we > > can narrow down which closet it is coming from and reboot the > switch. All of > > our management tools die during the outage. Does anyone have > any ideas on > > how we might prevent this from happening or track down the > offender? We have > > 6509's in our Core and a mix of 3548's and 3550-SMI. Any > thoughts are > > appreciated. Thanks! > > > > Chris Dumais, CCNP, CNA > > Sr. Network Administrator > > NSS Customer and Desktop Services Team > > Maine Medical Center > > (207)871-6940 > > [EMAIL PROTECTED] > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70821&t=70797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: encap for ethernet interface ? [7:70802]
Ethernet type Novell Cisco - ----- Ethernet version 2 Ethernet_II arpa Novell 802.3 raw Ethernet_802.3 novell-ether IEEE 802.3Ethernet_802.2 sap IEEE 802.3 SNAP Ethernet_snap snap Eric - Original Message - From: "brian dell" To: Sent: Tuesday, June 17, 2003 8:37 PM Subject: encap for ethernet interface ? [7:70802] > ARPA is the default encapsulation for an ethernet interface ? > > what are the other encapsulations ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70824&t=70802 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: STP problem [7:70797]
>When STP has been enabled I have only come across layer-2 loops twice. >Once when a few HP switches had gone bad, and another time when a >customer had configured channeling on one side but not the other (3500 >series, no channel negotiation). The interesting thing about this last configuration is that the side configured for channeling could predict the future. Really weird. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70818&t=70797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: encap for ethernet interface ? [7:70802]
brian dell wrote: > > ARPA is the default encapsulation for an ethernet interface ? ARPA's real name is Ethernet II. It's used for IP packets. > > what are the other encapsulations ? Novell-ether is the default Cisco encapsulation for Novell IPX packets, even though Novell doesn't use it any more. It's also known as Novell Raw because it has only an 802.3 header, with no 802.2 header. Other possibilities are: Cisco uses "sap" to refer to an 802.3 with 802.2 header. This is used for many modern and IEEE-influence protocols, including Spanning Tree Protocol, etc. Cisco uses "snap" to refer to an 802.3 with 802.2 and SNAP header. AppleTalk uses this. Many other protocols do also, including Cisco Discovery Protocol (CDP), VLAN Trunking Protocol, Dynamic Inter-Switch Link Protocol. This is a complex subject. Here are a couple links to help you: http://www.cisco.com/warp/public/105/encheat.html http://www.troubleshootingnetworks.com/ethernet.html Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70813&t=70802 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: STP problem [7:70797]
To be honest about the only way to isolate these meltdowns is to start disconnecting devices. I assume you have a general idea where the problem is occuring. The flatter your network the more difficult I might add!! Dave Christopher Dumais wrote: > Hi all, > We are having an STP problem where we think a user with an integrated > wireless and LAN NIC is creating a bridge loop and bringing down the entire > network. The problem occurs then goes away after 20 or so minutes unless we > can narrow down which closet it is coming from and reboot the switch. All of > our management tools die during the outage. Does anyone have any ideas on > how we might prevent this from happening or track down the offender? We have > 6509's in our Core and a mix of 3548's and 3550-SMI. Any thoughts are > appreciated. Thanks! > > Chris Dumais, CCNP, CNA > Sr. Network Administrator > NSS Customer and Desktop Services Team > Maine Medical Center > (207)871-6940 > [EMAIL PROTECTED] -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "Government can do something for the people only in proportion as it can do something to the people." -- Thomas Jefferson Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70815&t=70797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 7500 (RSP8) config save problems [7:70767]
Good point!!! Dave Zsombor Papp wrote: > ATA flash disks (disk0:, disk1:) work as you expected. Linear flash cards > (slot0:, slot1:, bootflash:) work (by design) as Geoff described. > > Thanks, > > Zsombor > > At 02:21 PM 6/17/2003 +, MADMAN wrote: > >>Mossburg, Geoff (MAN-Corporate) wrote: >> >>>Has anyone had problems save configs to a PCMCIA flash card on an RSP8? >> > The > >>>problem I'm having is that when I save a newer config over-top of the old >>>config with the same name, it creates 2 separate instances of the file. I >>>keep having to re-format or squeeze the card every month or two! Any >> > ideas? > >>>Geoff Mossburg >>> >> >> Must be a new "feature" ;) Mine works as you expected, running >>12.2.11T and dual RSP8's: >> >>C7507A#copy running-config disk0: >>Destination filename [running-config]? >> >>3628 bytes copied in 0.756 secs (4799 bytes/sec) >>C7507A#dir disk0: >>Directory of disk0:/ >> >> 1 -rw-19102960 Jun 02 2003 08:20:50 rsp-jsv-mz.122-11.T.bin >> 2 -rw-3628 Jun 17 2003 05:48:06 running-config >> >>41721856 bytes total (22614016 bytes free) >> >>C7507A#copy running-config disk0: >>Destination filename [running-config]? >>%Warning:There is a file already existing with this name >>Do you want to over write? [confirm] >> >>3628 bytes copied in 0.704 secs (5153 bytes/sec) >>C7507A#dir disk0: >>Directory of disk0:/ >> >> 1 -rw-19102960 Jun 02 2003 08:20:50 rsp-jsv-mz.122-11.T.bin >> 2 -rw-3628 Jun 17 2003 05:49:48 running-config >> >>41721856 bytes total (22614016 bytes free) >> >> Dave >> >> >> >>-- >>David Madland >>CCIE# 2016 >>Sr. Network Engineer >>Qwest Communications >>612-664-3367 >> >>"Government can do something for the people only in proportion as it >>can do something to the people." -- Thomas Jefferson -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "Government can do something for the people only in proportion as it can do something to the people." -- Thomas Jefferson Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70817&t=70767 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: STP problem [7:70797]
Turn on bpdu-guard in spanning tree..that will disable the port That the bridge is looping..or it should. Larry Letterman Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher Dumais Sent: Tuesday, June 17, 2003 9:53 AM To: [EMAIL PROTECTED] Subject: STP problem [7:70797] Hi all, We are having an STP problem where we think a user with an integrated wireless and LAN NIC is creating a bridge loop and bringing down the entire network. The problem occurs then goes away after 20 or so minutes unless we can narrow down which closet it is coming from and reboot the switch. All of our management tools die during the outage. Does anyone have any ideas on how we might prevent this from happening or track down the offender? We have 6509's in our Core and a mix of 3548's and 3550-SMI. Any thoughts are appreciated. Thanks! Chris Dumais, CCNP, CNA Sr. Network Administrator NSS Customer and Desktop Services Team Maine Medical Center (207)871-6940 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70814&t=70797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: STP problem [7:70797]
At 06:59 PM 6/17/2003 +, Zsombor Papp wrote: >At 04:52 PM 6/17/2003 +, Christopher Dumais wrote: > >Hi all, > >We are having an STP problem where we think a user with an integrated > >wireless and LAN NIC is creating a bridge loop > >Based on what do you think this? Somehow it seems unlikely to me that a >loop through a wireless link (I assume it's the ... [hmm, groupstudy ate half my email] .. 11Mbps type) brings down a 6509, or even a 3550. Also, I am not sure what a "user" means in this context, but I don't think Windows or Linux does bridging by default, regardless of how many interfaces there are. In general, first step of loop-avoidance is usually to disable portfast on every port where you are not 100% sure that it can't participate in a loop (in your case this seems to be every port). Thanks, Zsombor > > and bringing down the entire > >network. The problem occurs then goes away after 20 or so minutes unless we > >can narrow down which closet it is coming from and reboot the switch. All of > >our management tools die during the outage. Does anyone have any ideas on > >how we might prevent this from happening or track down the offender? We have > >6509's in our Core and a mix of 3548's and 3550-SMI. Any thoughts are > >appreciated. Thanks! > > > >Chris Dumais, CCNP, CNA > >Sr. Network Administrator > >NSS Customer and Desktop Services Team > >Maine Medical Center > >(207)871-6940 > >[EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70819&t=70797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Technology, Certification, Skill Sets, and Looking Forward [7:70816]
""Priscilla Oppenheimer"" wrote in message news:[EMAIL PROTECTED] > > Someone also just sent me a URL to this newspaper article that points out > the importance of learning business practices, not just particular > technologies. It's a good read: > > http://www.startribune.com/stories/789/3936460.html > An interesting artivcle, and one with some nuggets of good advice, particularly for those new to the business cycle. For those who have been seeing articles like this over the past twenty years or so, this article reinforces good advice, much along the lines that NRF has offered in other threads that appear regularly on Groupstudy. Good advice is timeless, and the advice in this article, which reiterates similar outlooks as have appeared in the business press over the past couple of decades remains true. Way back when I was learning things and formulating my own technology philosophy, I was blown away by three things I read - Peter Keens book Competing in Time, Paul Strassman's book The Business Value of Computers, and an obscure article written by an economist working for the Chicago Federal Reserve Bank. Each of these sources in its own way says similar things from a higher level. The Fed study was a short and simple one, but of all the business sources I have read, still seems the most relevant. The gist of the study was that investment in infrastructure yielded high returns in productivity. The author was reporting on government investment in physical infrastructure such as roads, water treatement, and the like, but a clever studentworking towards his master degree while going to night school ran with that theme and wrote a master's thesis which earned him departmental honors. Anyone in the technology field, whether it be IT Management, Consulting, or even something as seemingly mundane as sales, should ALWAYS be aware of the business value of technology. Over the past 15 years or so it has been technology which has driven productivity. The dark side is that technology changes, and has a way of becoming more appliance like, meaning that what as skilled labor yesterday is out of the box tomorrow. Thin about it. All you folks who are AVVID experts and therefore in high demand. How long before AVVID is nothing more than another PBX, and routers self configure for QoS? Think the telco employee who drives the truck and installs your DSL is making 100K? not likely. So yes - keep your skills up to date, so you don't end up like the guy in the article. My own opinion is that one must always consider the value to business for any skill set one pursues. JMHO NRF - your comments are always welcome on topics such as these. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70816&t=70816 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: serial interface discards [7:70752]
At 6:50 PM + 6/17/03, Priscilla Oppenheimer wrote: > > >Folks, how else could he determine if there's an MTU issue? > >Finally, one last comment to echo Brad's comment. If users aren't >complaining, don't worry about the drops! Seriously. As HCB would say, "what >problem are you trying to solve?" Good luck with it, regardless. :-) > >Priscilla > Well, NRF was talking about how a serial killer couldn't get a job...maybe this example shows what happens if one does get a job on a network. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70820&t=70752 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
encap for ethernet interface ? [7:70802]
ARPA is the default encapsulation for an ethernet interface ? what are the other encapsulations ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70802&t=70802 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: STP problem [7:70797]
What an interesting scenario! If I understood your message correctly, the network picture is something like this: Wired Network -Cat-Wireless Network |User| Your problem is that the user is bridging the wired and wireless (and so is the Cat), which means there are two functioning links (bridges) between the wireless and wired. Your real problem is even if you track this user down and beat them severaly with an AP antenna until his MCSE falls on the floor,this problem is going to repeat itself with the next user who has a similar wired/wireless card. So...it's a long day and I can't think of the specific commands or syntax or what I had for lunch, but configure the cat port that the wireless AP is connected to to make it the root bridge such that it will always beat the out of any wanna be bridges, thus ensuring that the rogues block. Sorry, can't be more specific than this, but my brain is frazzled so right now, I think STP is something you put in your car...but maybe it will help with your problem... HTH anyway, Charles ""Christopher Dumais"" wrote in message news:[EMAIL PROTECTED] > Hi all, > We are having an STP problem where we think a user with an integrated > wireless and LAN NIC is creating a bridge loop and bringing down the entire > network. The problem occurs then goes away after 20 or so minutes unless we > can narrow down which closet it is coming from and reboot the switch. All of > our management tools die during the outage. Does anyone have any ideas on > how we might prevent this from happening or track down the offender? We have > 6509's in our Core and a mix of 3548's and 3550-SMI. Any thoughts are > appreciated. Thanks! > > Chris Dumais, CCNP, CNA > Sr. Network Administrator > NSS Customer and Desktop Services Team > Maine Medical Center > (207)871-6940 > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70801&t=70797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
question about serial link ? [7:70803]
help with the following: Serial interfaces typically connect to WAN via serial links ? correct ? and once we say serial links we imply bit oriented traffic via these links ? correct ?? if this is correct then what would be non bit oriented traffic or links ? i guess it would the links connected to LAN, like typical connection between, say a Router and a PC (via 10/100 lan connection). (would this be correct ?) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70803&t=70803 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: STP problem [7:70797]
PVST+ Except no substitute. Hardcode everything. No PAGP, DISL, or VTP EVER AGAIN. Next make sure your root bridge is really what you think it is (knowing what spanning-tree uplink fast does to bridge priority, etc). Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70807&t=70797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: STP problem [7:70797]
Chris, STP should be enough to avoid these types of problems. In order to cause a bridging loop the station would have to have both interfaces in the same VLAN and forward all L2 traffic except for BPDUs. Even if this were the case the wireless network (10-Mbps?) shouldn't be enough to bring the LAN to its knees (100-Mbps?). If you have STP enabled on all of your switches, I'm doubt that a single station is bringing the network down. Once you find the offending switch that you need to reboot, you can issue console commands to determine the root bridge and any blocked ports. Make sure that things are normal. You do have your root bridge set manually, don't you? :) To find out which port is causing the loop, take a look at the interface counters. You should see an unreal amount of traffic on the offending port (and the uplink to the core switch). When STP has been enabled I have only come across layer-2 loops twice. Once when a few HP switches had gone bad, and another time when a customer had configured channeling on one side but not the other (3500 series, no channel negotiation). In both cases I found that the problem was made worse with increasing traffic levels, and the problem also revolved around the same set of switches. The channeling problem was a bit more difficult to narrow down though, since it disabled MLS on the core switch and every segment appeared to have problems!!! I hope that helps, - Tom Christopher Dumais wrote: > Hi all, > We are having an STP problem where we think a user with an integrated > wireless and LAN NIC is creating a bridge loop and bringing down the entire > network. The problem occurs then goes away after 20 or so minutes unless we > can narrow down which closet it is coming from and reboot the switch. All of > our management tools die during the outage. Does anyone have any ideas on > how we might prevent this from happening or track down the offender? We have > 6509's in our Core and a mix of 3548's and 3550-SMI. Any thoughts are > appreciated. Thanks! > > Chris Dumais, CCNP, CNA > Sr. Network Administrator > NSS Customer and Desktop Services Team > Maine Medical Center > (207)871-6940 > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70812&t=70797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: STP problem [7:70797]
At 04:52 PM 6/17/2003 +, Christopher Dumais wrote: >Hi all, >We are having an STP problem where we think a user with an integrated >wireless and LAN NIC is creating a bridge loop Based on what do you think this? Somehow it seems unlikely to me that a loop through a wireless link (I assume it's the and bringing down the entire >network. The problem occurs then goes away after 20 or so minutes unless we >can narrow down which closet it is coming from and reboot the switch. All of >our management tools die during the outage. Does anyone have any ideas on >how we might prevent this from happening or track down the offender? We have >6509's in our Core and a mix of 3548's and 3550-SMI. Any thoughts are >appreciated. Thanks! > >Chris Dumais, CCNP, CNA >Sr. Network Administrator >NSS Customer and Desktop Services Team >Maine Medical Center >(207)871-6940 >[EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70805&t=70797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Port Adapter [7:70772]
I turned on "debug serial int", the log kept saying: serial 5/0:0: attempting to restart. Also, there are a lot of CRC errors. -Original Message- From: Brian W. [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 1:58 AM To: [EMAIL PROTECTED] Subject: Re: Port Adapter [7:70772] Isnt the default for that b8zs/esf with a full t, it gets interesting with a fractional t. Show controller will give you what it is currently setup, IIRC. Brian - Original Message - From: "LIU, JEFF" To: Sent: Monday, June 16, 2003 7:53 PM Subject: Port Adapter [7:70772] > I have PA-MC-8T1 installed on 7206. What is supposedly correct configuration > to support full t1 that is provided my ISP? The thing really gets me is the > timeslot and cable-length parameters. Please advise. > > > Thanx in advance! > > Jeff > > > > * > This electronic message transmission contains information from the law firm > of > Dinsmore & Shohl which may be confidential or privileged. The information is > intended to be for the use of the individual or entity named above. If you > are > not the intended recipient, be aware that any disclosure, copying, > distribution or use of the contents of this information is prohibited. If you > have received this electronic transmission in error, please notify us by > telephone (1-800-934-3477) or by electronic mail ([EMAIL PROTECTED]) > immediately. > * * This email has been scanned by MailMax. http://www.maximizeit.net * * This electronic message transmission contains information from the law firm of Dinsmore & Shohl which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic transmission in error, please notify us by telephone (1-800-934-3477) or by electronic mail ([EMAIL PROTECTED]) immediately. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70808&t=70772 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: serial interface discards [7:70752]
Nate wrote: > > It is entirely possible that the monitoring software (Lucent > Vital Net) is > showing something other than discards. Your monitoring software probably uses the word "discard" for "drop" and is just doing what you have already done, which is "show int." As we have all said, output drops on a serial interface are almost always caused by simply too much traffic. You said that bandwidth usage wasn't the issue, but I agree with the other poster that you may not be getting an accurate picture because of the 5-minute exponential nature of the load stat. See Brad's excellent advice about changing this. You said something about 2 redundant links. Which link is actually getting used? Is load balancing supposed to be occuring? Maybe only one link is getting used and it's overwhelmed. Trace-route might help you with that. Also examining the routing table should help. Your monitoring software may mean something else by "discard." I'm still worried about the tunnel. If I understand it correctly, you've added headers to the traffic to support IPSec. That can cause packets to be too big to support the MTU of the interface. These packets must get "discarded." Unfortunatlely, the only way I know to determine if packets are getting discarded due to an MTU issue is with "debug ip packet detail" which is risky on a production network. Well, the other way, is a WAN sniffer or Ethernet sniffers on both ends of the WAN link to see what's getting across and what isn't and to monitor for any ICMP errors. Folks, how else could he determine if there's an MTU issue? Finally, one last comment to echo Brad's comment. If users aren't complaining, don't worry about the drops! Seriously. As HCB would say, "what problem are you trying to solve?" Good luck with it, regardless. :-) Priscilla > Unfortunately, that > software doesn't > tell us what kind of discards. The interface information > doesn't reflect > what the monitoring sotware is showing so there is no way to > confirm. > > -Nate > > - Original Message - > From: "Priscilla Oppenheimer" > To: > Sent: Monday, June 16, 2003 10:59 PM > Subject: RE: serial interface discards [7:70752] > > > > You started the thread by saying that your monitoring > software is saying > > that there are discards. What monitoring software is it? Are > you sure it's > > referring to the drops that "show int" is displaying? Maybe > it means > > something else by "discard." > > > > Priscilla > > > > Nathan wrote: > > > > > > Basically, we have two paths: One going to the internet, > and > > > one going > > > to the Corporate WAN. We also have redundancy so that if > > > either pipe > > > goes down, the other can be used for whatever service is > > > missing. In > > > order to do redundancy for the pipe going to Corporate WAN, > we > > > needed a > > > netscreen and a Tunnel Interface (netscreen for GRE and > Tunnel > > > for > > > IPSEC). We are also using EBGP for the Corporate WAN > > > redistributing > > > into EIGRP internally. The access list is used so that > EIGRP > > > won't > > > accept default routes from the Internet pipe going to the > > > remote site. > > > I'm not sure if there are any MTU issues with it but as far > as > > > high > > > utilization, the traffic is only showing a max / day of > 20-30% > > > so I > > > don't think bandwidth is the issue. > > > > > > I would agree that discards are unavoidable in a FA or GE > > > environment, > > > but prior to adding the internet circuit as the default > route > > > for the > > > site, there were no discards. > > > > > > I have been to that site but the scenario is different from > > > mine. > > > > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > > Sent: Monday, June 16, 2003 4:29 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: serial interface discards [7:70752] > > > > > > > > > Nate wrote: > > > > > > > > well, it's a ESF Full T1. > > > > > > What feeds into the T1? If it's a busy Ethernet, especially > > > Fast or > > > Gigabit Ethernet, drops are unavoidable. Even though your > stats > > > show > > > that the T1 utilization is only 23/255 (less than 10%), the > > > stats show a > > > moving average for the last 5 minutes, but the drops are > since > > > the last > > > time you cleared the counters, 6 hours ago. So at some > point, > > > you > > > probably had too much data to send over the 1.5Mbps T1. > > > > > > You need to watch it carefully to see if the drops > correspond > > > with high > > > utilization. (I think you said that they do, in fact, which > > > makes > > > sense.) > > > > > > You may simply need more bandwidth. If this is an odd > > > occurence, on the > > > other hand, then perhaps you should check your IDS logs > (you do > > > have > > > such a thing? :-) to determine if you were being probed or > > > something. > > > > > > You've probably been to Cisco's site already and found this > > > link: > > > > > > Troubleshooting Inpu
RE: question about serial link ? [7:70803]
brian dell wrote: > > help with the following: > > Serial interfaces typically connect to WAN via serial links ? > correct ? Yes. > and once we say serial links we imply bit oriented traffic via > these links ? correct ?? Nope. Serial means one bit at a time is sent. The opposite is parallel, which is hardly ever used these days for networking, but is used to connect printers. With parallel communications, multiple bits go out at a time. Serial versus parallel is a completey different concern than bit-oriented versus byte-oriented protocols, which are also known as character-oriented protocols. Character-oriented protocols are generally considered obsolete, though that's arguable. The most popular one was Binary Synchronous Communication or BSC, sometimes called BSYNCH. With a character-oriented protocol, control information is inserted in the message stream in the form of multibit characters. For example, with BSC, a SYN or ACK is sent as a 7-bit ASCII character. A bit-oriented protocol lets specific bits within a byte stream mean something. For example, one bit might mean ACK. SDLC, HDLC, 802.3, 802.5, 802.2 and many upper-layer protocols are bit-oriented. Bit-oriented protocols are much more efficient than character-oriented protocols. 802.3 Ethernet is bit-oriented, even though it doesn't use specific bits much. But an obvious example is that a single bit (first bit transmitted) means unicast versus broadcast/multicast. LLC 802.2 is bit-oriented. A single bit means Command or Reply. TCP is bit-oriented too, by the way. A single bit means SYN. IP is bit-oriented. A single bit means "Don't Fragment," for example. Routing protocols tend to by byte-oriented, by the way. A one or two-byte opcode in the routing protocol header says whether the message is an Update or Hello or Query or whatever. Application-layer protocols, such as SMTP and FTP are even less efficient. They are string-oriented. They send human-readable strings, such as RETR and RCTP TO. They are inefficient, but very easy to use and troubleshoot. Hope that helped! ___ Priscilla Oppenheimer www.priscilla.com > > if this is correct then what would be non bit oriented traffic > or links ? > i guess it would the links connected to LAN, like typical > connection between, say a Router and a PC (via 10/100 lan > connection). (would this be correct ?) > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70811&t=70803 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: cisco 2511 Terminal Server for my first time! [7:53791]
??? wrote: > Hi, > > I am setting up 2511 terminal server for my first time, but don't work... > > this is my 2511 configuration : > > > line con 0 > > line 1 16 > session-timeout 20 > exec-timeout 0 0 > > line aux 0 > > line vty 0 4 > password > login > > > In above, i found i missed one command in "line con 0" prompt. > --> line con 0 > transport input all > So, i tried to type the command, but couldn't. The result is > > -- > Router#conf t > Enter configuration commands, one per line. End with CNTL/Z. > Router(config)#line con 0 > Router(config-line)#transport input all > ^ > % Invalid input detected at '^' marker. > > Router(config-line)# > -- > > I don't know why the command can't be input. There is the command In > cisco documentation. > (http://www.cisco.com/warp/public/793/access_dial/comm_server.html) > > Anyone can help me? > > sooil.. > > [TABLE NOT SHOWN][TABLE NOT SHOWN][IMAGE] You are putting the command in the wrong line. Put it here: line 1 16 no exec transport input all Also, you do not state what command you are using to test with. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70810&t=53791 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: number of CCIE [7:70151]
Vikram JeetSingh wrote: > > Hi All, > > I was stopping myself for writing on this thread for quite some > time. Quite > a number of people have reverted back on this, but this one, > (from Peter) is > just kind of PERFECT. Priscilla also wrote on one of other > threads, that for > having a worthwhile career you just don't need good networking > skills, but > also "good networking of people". And I am sure it works. I > have seen quite > some useful mails from NRF, but this one is a losing battle > (NRF: don't mind > friend, nothing personal) and what Peter has stated is > perfectly right (of > course as per me) So a CCIE number, does matter, but more so, > since all the > chances are that the lower number ones would be having more > experience and > better "networking of people". And the higher numbered ones > would be, in all > chances, relatively new and also still into the stage of > building their > "networking of people". > > Just my 2 cents :) I have never said that people-networking wasn't important. In fact, I have engaged in many newsgroup-post-wars where I have stated precisely that. Go reference some of my many posts on this newsgroup or on alt.certification.cisco on this very subject. However to talk about this subject is really to raise an issue that, for purposes of this discussion, is neither here nor there. The issue at hand is has the value of the CCIE declined over time, and the preponderance of the evidence seems to be that the answer is 'yes', given the fact that everybody, including myself, would like to trade their CCIE number for a lower one. Nor is the gambit that this has to do with the connection between a lower number and more experience have much, if anything, to do with it. I would ask even the lower-number and highly experienced CCIE's would they be neutral to trading their number for a higher one. I'm not asking them to think about trading their experience, just their number. If the CCIE hasn't declined, then they shouldn't care what number they are. But of course we all realize that they DO care, and care deeply. Raising other issues that have to do with employment is not really relevant in this thread. After all, if we wanted to go down that road, then why don't we raise ALL the issues that affect employment? I would say that certain other things are even more important than the people-networking in terms of finding work. For example, a criminal background. I don't care if you're the most brilliant engineer in the world, you're CCIE #1026, and you're on a first name basis with John Chambers - if you're a convicted serial-killer, you're going to have difficulty in finding work. Let's face it - no company is ever going to hire Charles Manson. We could talk about personal lifestyle choices. If you're a coke fiend, finding a job might not be easy for you. If you can't speak the language of the country in which you're trying to find a job, you will have great difficulty no matter how wonderful your other credentials you are. For example, surely you would agree that if you want to get a job as a network guy in the USA, this might be difficult if you can't speak English. But should we really be talking about those kinds of things? I don't think so, for they are not relevant to the discussion. The auspices of this discussion are necessarily narrow - basically what has happened to the value of the CCIE. This is not a general discussion about how to find a job, for which the first tenets should be don't commit crimes, don't make harmful lifestyle choices, and learn the language of the country that you're in, and then (and only then) can we talk about things like who-you-know and what your CCIE number is. Surely you would agree that such a complete discussion that talked about all these issues would be unnecessarily bloated and top-heavy. > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70799&t=70151 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
mode enable on aaa authentication [7:70800]
i4ve configure my router with aaa authentication. Username and password prompt only in login. I want that prompt in enabel mode than. How i make it ??? Tanks. Frederico Madeira Coordenador de Suporte N. Landim Comircio Ltda PABX: 81. 3497.3029 e-mail: [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70800&t=70800 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Internet is very slow behind Pix 515E UR [7:70783]
Your PIX interfaces are set for 100/half duplex. If you want 100/full duplex then specify "100full" in the config. Verify by a "sh int" > -Original Message- > From: Ismail Al-Shelh [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 17, 2003 10:19 AM > To: [EMAIL PROTECTED] > Subject: Internet is very slow behind Pix 515E UR [7:70783] > > > Whenever I access the web site which is behind the Pix > firewalls, the speed > is really slow. > > I bypassed the firewall and accessed the same site and it's fast! > > I checked my settings and made sure all the connected devices > are running at > 100 and full duplex, they all are! > > I mean why this is happening ... is it because the pix have > to inspect each > packet! > > The Bandwidth from the service provider is 64k. > > Any Idea Please. > > > Any ideas? > > > The Pix version is 6.1 besides this is satellite connection > > The internal Address range is 191.1.1.0-191.1.1.254 255.255.0.0 > Outside address range is 10.15.9.163-183 255.255.255.224 > Default Gateway: 10.15.9.62 255.255.255.224 > DNS1: 195.238.62.1 > DNS2: 195.238.40.30 > > > > > AN# show config > : Saved > : > PIX Version 6.1(4) > nameif ethernet0 outside security0 > nameif ethernet1 inside security100 > nameif ethernet2 intf2 security10 > enable password kC9ZDwfWejkBqApp encrypted > passwd 2KFQnbNIdI.2KYOU encrypted > hostname AN > domain-name ciscopix.com > fixup protocol ftp 21 > fixup protocol http 80 > fixup protocol h323 1720 > fixup protocol rsh 514 > fixup protocol rtsp 554 > fixup protocol smtp 25 > fixup protocol sqlnet 1521 > fixup protocol sip 5060 > fixup protocol skinny 2000 > names > access-list acl_in permit icmp any any > access-list acl_in permit udp any any > access-list acl_in permit tcp any any > pager lines 10 > logging buffered debugging > interface ethernet0 100basetx > interface ethernet1 100basetx > interface ethernet2 auto shutdown > mtu outside 1500 > mtu inside 1500 > mtu intf2 1500 > ip address outside 10.15.9.163 255.255.255.224 > ip address inside 191.1.1.85 255.255.0.0 > ip address intf2 127.0.0.1 255.255.255.255 > ip audit info action alarm > ip audit attack action alarm > pdm history enable > arp timeout 14400 > global (outside) 1 10.15.9.164-10.15.9.180 > global (outside) 1 10.15.9.181 > nat (inside) 1 0.0.0.0 0.0.0.0 0 0 > access-group acl_out in interface outside > access-group acl_in in interface inside > route outside 0.0.0.0 0.0.0.0 10.15.9.163 1 > timeout xlate 3:00:00 > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 > 0:05:00 si > p 0:30:00 sip_media 0:02:00 > timeout uauth 0:05:00 absolute > aaa-server TACACS+ protocol tacacs+ > aaa-server RADIUS protocol radius > http server enable > no snmp-server location > no snmp-server contact > snmp-server community public > no snmp-server enable traps > floodguard enable > no sysopt route dnat > telnet 0.0.0.0 0.0.0.0 inside > telnet timeout 5 > ssh timeout 5 > terminal width 80 > Cryptochecksum:97ca54591b41f6b215dabb457fe7c9de > AN# > > > > Ismail Al-Shelh > > [GroupStudy removed an attachment of type image/gif which had > a name of > image001.gif] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70795&t=70783 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Internet is very slow behind Pix 515E UR [7:70783]
Try taking the access-lists off the interfaces and try again. The access control list acting on the interfaces means that every single packet going through the interface is inspected. Steve Wilson Network Engineer -Original Message- From: Ismail Al-Shelh [mailto:[EMAIL PROTECTED] Sent: 17 June 2003 16:19 To: [EMAIL PROTECTED] Subject: Internet is very slow behind Pix 515E UR [7:70783] Whenever I access the web site which is behind the Pix firewalls, the speed is really slow. I bypassed the firewall and accessed the same site and it's fast! I checked my settings and made sure all the connected devices are running at 100 and full duplex, they all are! I mean why this is happening ... is it because the pix have to inspect each packet! The Bandwidth from the service provider is 64k. Any Idea Please. Any ideas? The Pix version is 6.1 besides this is satellite connection The internal Address range is 191.1.1.0-191.1.1.254 255.255.0.0 Outside address range is 10.15.9.163-183 255.255.255.224 Default Gateway: 10.15.9.62 255.255.255.224 DNS1: 195.238.62.1 DNS2: 195.238.40.30 AN# show config : Saved : PIX Version 6.1(4) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 intf2 security10 enable password kC9ZDwfWejkBqApp encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname AN domain-name ciscopix.com fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names access-list acl_in permit icmp any any access-list acl_in permit udp any any access-list acl_in permit tcp any any pager lines 10 logging buffered debugging interface ethernet0 100basetx interface ethernet1 100basetx interface ethernet2 auto shutdown mtu outside 1500 mtu inside 1500 mtu intf2 1500 ip address outside 10.15.9.163 255.255.255.224 ip address inside 191.1.1.85 255.255.0.0 ip address intf2 127.0.0.1 255.255.255.255 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 10.15.9.164-10.15.9.180 global (outside) 1 10.15.9.181 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 access-group acl_out in interface outside access-group acl_in in interface inside route outside 0.0.0.0 0.0.0.0 10.15.9.163 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius http server enable no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable no sysopt route dnat telnet 0.0.0.0 0.0.0.0 inside telnet timeout 5 ssh timeout 5 terminal width 80 Cryptochecksum:97ca54591b41f6b215dabb457fe7c9de AN# Ismail Al-Shelh [GroupStudy removed an attachment of type image/gif which had a name of image001.gif] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70792&t=70783 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
STP problem [7:70797]
Hi all, We are having an STP problem where we think a user with an integrated wireless and LAN NIC is creating a bridge loop and bringing down the entire network. The problem occurs then goes away after 20 or so minutes unless we can narrow down which closet it is coming from and reboot the switch. All of our management tools die during the outage. Does anyone have any ideas on how we might prevent this from happening or track down the offender? We have 6509's in our Core and a mix of 3548's and 3550-SMI. Any thoughts are appreciated. Thanks! Chris Dumais, CCNP, CNA Sr. Network Administrator NSS Customer and Desktop Services Team Maine Medical Center (207)871-6940 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70797&t=70797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Benefits of BGP holding the routing tables [7:70788]
If you are single homed there is no benefit running BGP but if your dual homed, BGP can allow you to utilize the best path along with the ability to dynamically announce your networks, influence incoming traffic and all kinds of fun stuff. Dave Robert Perez wrote: > Could anyone explain the benefit of using BGP and holding the routing tables > on your router versus having the ISP hold the tables and you just receive a > default-route? Thanks. -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "Government can do something for the people only in proportion as it can do something to the people." -- Thomas Jefferson Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70794&t=70788 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Teltone ILS-1000 ISDN Simulator [7:70798]
Hi Does anyone know where i can get new ILS image for this unit. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70798&t=70798 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: serial interface discards [7:70752]
It is entirely possible that the monitoring software (Lucent Vital Net) is showing something other than discards. Unfortunately, that software doesn't tell us what kind of discards. The interface information doesn't reflect what the monitoring sotware is showing so there is no way to confirm. -Nate - Original Message - From: "Priscilla Oppenheimer" To: Sent: Monday, June 16, 2003 10:59 PM Subject: RE: serial interface discards [7:70752] > You started the thread by saying that your monitoring software is saying > that there are discards. What monitoring software is it? Are you sure it's > referring to the drops that "show int" is displaying? Maybe it means > something else by "discard." > > Priscilla > > Nathan wrote: > > > > Basically, we have two paths: One going to the internet, and > > one going > > to the Corporate WAN. We also have redundancy so that if > > either pipe > > goes down, the other can be used for whatever service is > > missing. In > > order to do redundancy for the pipe going to Corporate WAN, we > > needed a > > netscreen and a Tunnel Interface (netscreen for GRE and Tunnel > > for > > IPSEC). We are also using EBGP for the Corporate WAN > > redistributing > > into EIGRP internally. The access list is used so that EIGRP > > won't > > accept default routes from the Internet pipe going to the > > remote site. > > I'm not sure if there are any MTU issues with it but as far as > > high > > utilization, the traffic is only showing a max / day of 20-30% > > so I > > don't think bandwidth is the issue. > > > > I would agree that discards are unavoidable in a FA or GE > > environment, > > but prior to adding the internet circuit as the default route > > for the > > site, there were no discards. > > > > I have been to that site but the scenario is different from > > mine. > > > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Monday, June 16, 2003 4:29 PM > > To: [EMAIL PROTECTED] > > Subject: Re: serial interface discards [7:70752] > > > > > > Nate wrote: > > > > > > well, it's a ESF Full T1. > > > > What feeds into the T1? If it's a busy Ethernet, especially > > Fast or > > Gigabit Ethernet, drops are unavoidable. Even though your stats > > show > > that the T1 utilization is only 23/255 (less than 10%), the > > stats show a > > moving average for the last 5 minutes, but the drops are since > > the last > > time you cleared the counters, 6 hours ago. So at some point, > > you > > probably had too much data to send over the 1.5Mbps T1. > > > > You need to watch it carefully to see if the drops correspond > > with high > > utilization. (I think you said that they do, in fact, which > > makes > > sense.) > > > > You may simply need more bandwidth. If this is an odd > > occurence, on the > > other hand, then perhaps you should check your IDS logs (you do > > have > > such a thing? :-) to determine if you were being probed or > > something. > > > > You've probably been to Cisco's site already and found this > > link: > > > > Troubleshooting Input Queue Drops and Output Queue Drops > > > > http://www.cisco.com/warp/public/63/queue_drops.html#topic4 > > > > It says the same thing about drops being unavoidable in some > > cases, but > > it also has some links to congestion avoidance and congestion > > management > > featuers (advanced queueing) so that you can control what gets > > dropped. > > > > So, what's with the tunnel? Are there any MTU issues with it? > > Tunnels > > add overhead and cause packets to get dropped because they > > don't fit. > > I'm not sure that would get displayed with the "show int" drops > > though. > > It's worth looking into MTU issues though since they are an > > infamous > > problems with tunnels, or am I misunderstanding what you're > > using the > > tunnel for? I've never seen it used with a distribute list. Can > > you > > explain what you're accomplishing with that? Thank-you very > > much. > > > > Priscilla > > > > > > > > > Here's the running config for that > > > interface: > > > > > > interface Serial0/0 > > > bandwidth 1544 > > > ip address x.x.x.2 255.255.255.0 > > > no ip directed-broadcast > > > no ip mroute-cache > > > no fair-queue > > > > > > here's the config for eigrp 1 > > > > > > router eigrp 1 > > > redistribute static > > > network x.x.x.0 > > > distribute-list 25 out Tunnel0 > > > no auto-summary > > > > > > here's the tunnel0 config: > > > > > > interface Tunnel0 > > > bandwidth 1544 > > > ip address x.x.x.2 255.255.255.0 > > > no ip directed-broadcast > > > tunnel source x.x.x.66 > > > tunnel destination x.x.x.66 > > > > > > > > > - Original Message - > > > From: "MADMAN" > > > To: > > > Sent: Monday, June 16, 2003 2:35 PM > > > Subject: Re: serial interface discards [7:70752] > > > > > > > > > > I would like to see you config also. Is this a full or > > > fractional > > > > T1? I don't see any error indications, you may simply be > > > experiencing > > >
Re: serial interface discards [7:70752]
to get a more accurate measure of the traffic currently flowing through the interface you could reduce the time interval to 30 seconds. You may be better able to see bursts of traffic corresponding to the output drops. conf t int s0 load-interval 30 You could also try making the output queue larger, hold-queue 4096 out unless they are causing problems for traffic & users are complaining I generally don't worry about the output drops as they are unavoidable when a larger bandwidth LAN interface feeds into a smaller WAN link as others have stated in this thread. You really want to avoid getting input drops (according to Cisco) which you don't appear to be having. You might also check how the router interface is switching the packets (process vs. fast) with "sh int switching" & "sh int stats" and make sure it is fast switching by turning on "ip route-cache" on the interface or "ip cef" on the router I hope this helps you out, as I have spent many hours on this issue. Brad ""Nate"" wrote in message news:[EMAIL PROTECTED] > guys, for some reason, our monitoring software is showing a bunch of > discards on the serial WAN circuit. The trend of discards seems to follow > the traffic stream. Here's the config for the interface: > > (CISCO3725) > Serial0/0 is up, line protocol is up > Hardware is QUICC Serial > Internet address is x.x.x.2/24 > MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255, load 23/255 > Encapsulation HDLC, loopback not set, keepalive set (10 sec) > Last input 00:00:03, output 00:00:00, output hang never > Last clearing of "show interface" counters 06:29:38 > Queueing strategy: fifo > Output queue 0/40, 22454 drops; input queue 0/75, 0 drops > 5 minute input rate 1000 bits/sec, 0 packets/sec > 5 minute output rate 141000 bits/sec, 50 packets/sec > 9576 packets input, 722935 bytes, 0 no buffer > Received 3124 broadcasts, 0 runts, 0 giants, 0 throttles > 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort > 1605454 packets output, 336655812 bytes, 0 underruns > 0 output errors, 0 collisions, 0 interface resets > 0 output buffer failures, 0 output buffers swapped out > 0 carrier transitions > DCD=up DSR=up DTR=up RTS=up CTS=up > > Here's the config for the other end: > > (CISCO3725) > Serial1/1 is up, line protocol is up > Hardware is DSCC4 Serial > Internet address is x.x.x.1/24 > MTU 1500 bytes, BW 1544 Kbit, DLY 2000 usec, > reliability 255/255, txload 1/255, rxload 19/255 > Encapsulation HDLC, loopback not set > Keepalive set (10 sec) > DTR is pulsed for 1672712 seconds on reset, Restart-Delay is 1672712 secs > Last input 00:00:01, output 00:00:02, output hang never > Last clearing of "show interface" counters 02:59:32 > Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 > Queueing strategy: fifo > Output queue: 0/40 (size/max) > 5 minute input rate 12 bits/sec, 53 packets/sec > 5 minute output rate 0 bits/sec, 0 packets/sec > 966133 packets input, 216228857 bytes, 0 no buffer > Received 1256 broadcasts, 0 runts, 0 giants, 0 throttles > 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort > 4380 packets output, 331039 bytes, 0 underruns > 0 output errors, 0 collisions, 0 interface resets > 0 output buffer failures, 0 output buffers swapped out > 0 carrier transitions > DCD=up DSR=up DTR=up RTS=up CTS=up > > If anyone could help me figure out why this is happening, I'd appreciate it. > Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70793&t=70752 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Benefits of BGP holding the routing tables [7:70788]
Unless you have multiple egress points from your network to the Internet (IOW Load Balancing) there is really not a compelling reason to recieve full BGP routes, just have your ISP send you defaults via BGP, or even simpler set your default to your ISP facing interface. HTH Robert Perez wrote: > Could anyone explain the benefit of using BGP and holding the routing tables > on your router versus having the ISP hold the tables and you just receive a > default-route? Thanks. -- Thomas Crowe Senior Engineer / Senior Architect EMC Proven Professional, Master Architect EMC Proven Professional, Master+ Operator CTS Professional Services, Atlanta Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70791&t=70788 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Networkers, pt. 2 [7:70768]
Router config parties??? Dude, you'll be in florida! Go out to the beaches and check out the babes!!! :) -brad ""Mossburg, Geoff (MAN-Corporate)"" wrote in message news:[EMAIL PROTECTED] > I know Robert McCallum already asked this, but who is going to Networkers in > Orlando next week? Any cool GroupStudy router config parties gonna happen? > :-) > Geoff Mossburg Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70789&t=70768 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 7500 (RSP8) config save problems [7:70767]
ATA flash disks (disk0:, disk1:) work as you expected. Linear flash cards (slot0:, slot1:, bootflash:) work (by design) as Geoff described. Thanks, Zsombor At 02:21 PM 6/17/2003 +, MADMAN wrote: >Mossburg, Geoff (MAN-Corporate) wrote: > > Has anyone had problems save configs to a PCMCIA flash card on an RSP8? The > > problem I'm having is that when I save a newer config over-top of the old > > config with the same name, it creates 2 separate instances of the file. I > > keep having to re-format or squeeze the card every month or two! Any ideas? > > Geoff Mossburg > > > >Must be a new "feature" ;) Mine works as you expected, running >12.2.11T and dual RSP8's: > >C7507A#copy running-config disk0: >Destination filename [running-config]? > >3628 bytes copied in 0.756 secs (4799 bytes/sec) >C7507A#dir disk0: >Directory of disk0:/ > > 1 -rw-19102960 Jun 02 2003 08:20:50 rsp-jsv-mz.122-11.T.bin > 2 -rw-3628 Jun 17 2003 05:48:06 running-config > >41721856 bytes total (22614016 bytes free) > >C7507A#copy running-config disk0: >Destination filename [running-config]? >%Warning:There is a file already existing with this name >Do you want to over write? [confirm] > >3628 bytes copied in 0.704 secs (5153 bytes/sec) >C7507A#dir disk0: >Directory of disk0:/ > > 1 -rw-19102960 Jun 02 2003 08:20:50 rsp-jsv-mz.122-11.T.bin > 2 -rw-3628 Jun 17 2003 05:49:48 running-config > >41721856 bytes total (22614016 bytes free) > >Dave > > > >-- >David Madland >CCIE# 2016 >Sr. Network Engineer >Qwest Communications >612-664-3367 > >"Government can do something for the people only in proportion as it >can do something to the people." -- Thomas Jefferson Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70790&t=70767 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: number of CCIE [7:70151]
Hi All, I was stopping myself for writing on this thread for quite some time. Quite a number of people have reverted back on this, but this one, (from Peter) is just kind of PERFECT. Priscilla also wrote on one of other threads, that for having a worthwhile career you just don't need good networking skills, but also "good networking of people". And I am sure it works. I have seen quite some useful mails from NRF, but this one is a losing battle (NRF: don't mind friend, nothing personal) and what Peter has stated is perfectly right (of course as per me) So a CCIE number, does matter, but more so, since all the chances are that the lower number ones would be having more experience and better "networking of people". And the higher numbered ones would be, in all chances, relatively new and also still into the stage of building their "networking of people". Just my 2 cents :) Vikram -Original Message- From: Peter van Oene [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 3:21 AM To: [EMAIL PROTECTED] Subject: RE: number of CCIE [7:70151] > > > > [JN] Yeah, but does the "college happy" HR dude (your idol) who > > says > > "bachelors required" on dinky IT jobs (e.g. desktop support > > tech) pay > > attention to that? As far as he's concerned all BSs are BSs, > > and they are > > all "superior" to non-graduates. Remember that we are talking > > about IT > > jobs, not "top mamanegent" or "top financial analyst" positions. > >First of all, let me clear up that HR is not "my idol". I too do not like >many of the things that HR does. > >The difference is that I accept that HR has hiring power and I see little >point in raging against the machine on this point. Why? What's the point? >You can whine all you want and they're still going to have hiring power. >It's far more efficient to simply accept that HR has hiring power and learn >to follow their rules. I don't mean to get into the battle of which CCIE number is better than which as I don't really have an opinion. However, one thing I do pick up on is the reliance here upon getting through HR screens. I don't recall ever getting a job through conventional means myself and I don't imagine that many somewhat established folks who do better than average work do either. Most of the hiring I've ever participated in was referral based as well. To me, this debate really only applies to those folks who do not have contacts in a given area and who are not prone to more aggressive employment acquisition strategies. This bunch of folks tends to flood resumes out to Monster and hope they get a call. However, I would see this category of folks as pretty junior, in which case I wouldn't expect to see them applying for the top tier jobs in the industry. These folks need to get a job, get established, and then leverage their contact base to move on to bigger and better things, or leverage their track record to move up internally. So, the way I see it, either you are pretty new to the industry and need some help getting through screener bots, or you are not and should find far better mileage leveraging your contact base in the industry. If you are good at what you do, likely the folks you worked with noticed this as did the vendors who worked with you as did your customers. Somewhere in that mix there has to be a hotter lead than www.findmeajobfor100k.com. If you are new, having a CCIE number of any type likely helps a bunch and I can't see anyone caring how high or low it is unless you are trying to get some uber job. If you are, you'll likely lose to someone else who came recommended and the how many guys passed the lab before you won't be of much significance. (did I just get into the debate I said I wanted to avoid? :) Anyway, I guess I'm not sure who the group of people are who are highly talented, yet have no contacts in the industry but still expect to pull down top calibre jobs. I'm also not sure who the top calibre job employers are that would chose not to hire you based upon how high your CCIE number was vs how well you fit the job and interviewed, but I'm assuming this CCIE number value cut deals more with first cut resume screening. Pete >Second of all, do you not think that if HR sees a degree from Harvard in a >resume, he's going to give more weight to that resume than to a guy from >Podunk Community College? Of course he would. Everybody would. Sure, he's >not going to say that anybody who wants to get a job must have Crimson >blood, but when it comes to making the first cut, you know what he's going >to do. > > > > > [NRF] First of all, what "admissions fiasco"? Are you saying > > that because > > of the > > abundance of information that all of a sudden everybody's > > getting a perfect > > score on their SAT's? I don't see that happening. Do you? If > > so, please > > > > [JN] The admissions process is a fiasco, but that is another > > issue. Are you > > implying that all the certified people are "getting perfe
Benefits of BGP holding the routing tables [7:70788]
Could anyone explain the benefit of using BGP and holding the routing tables on your router versus having the ISP hold the tables and you just receive a default-route? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70788&t=70788 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Internet is very slow behind Pix 515E UR [7:70783]
Whenever I access the web site which is behind the Pix firewalls, the speed is really slow. I bypassed the firewall and accessed the same site and it's fast! I checked my settings and made sure all the connected devices are running at 100 and full duplex, they all are! I mean why this is happening ... is it because the pix have to inspect each packet! The Bandwidth from the service provider is 64k. Any Idea Please. Any ideas? The Pix version is 6.1 besides this is satellite connection The internal Address range is 191.1.1.0-191.1.1.254 255.255.0.0 Outside address range is 10.15.9.163-183 255.255.255.224 Default Gateway: 10.15.9.62 255.255.255.224 DNS1: 195.238.62.1 DNS2: 195.238.40.30 AN# show config : Saved : PIX Version 6.1(4) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 intf2 security10 enable password kC9ZDwfWejkBqApp encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname AN domain-name ciscopix.com fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names access-list acl_in permit icmp any any access-list acl_in permit udp any any access-list acl_in permit tcp any any pager lines 10 logging buffered debugging interface ethernet0 100basetx interface ethernet1 100basetx interface ethernet2 auto shutdown mtu outside 1500 mtu inside 1500 mtu intf2 1500 ip address outside 10.15.9.163 255.255.255.224 ip address inside 191.1.1.85 255.255.0.0 ip address intf2 127.0.0.1 255.255.255.255 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 10.15.9.164-10.15.9.180 global (outside) 1 10.15.9.181 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 access-group acl_out in interface outside access-group acl_in in interface inside route outside 0.0.0.0 0.0.0.0 10.15.9.163 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius http server enable no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable no sysopt route dnat telnet 0.0.0.0 0.0.0.0 inside telnet timeout 5 ssh timeout 5 terminal width 80 Cryptochecksum:97ca54591b41f6b215dabb457fe7c9de AN# Ismail Al-Shelh [GroupStudy removed an attachment of type image/gif which had a name of image001.gif] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70783&t=70783 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 7500 (RSP8) config save problems [7:70767]
Mossburg, Geoff (MAN-Corporate) wrote: > Has anyone had problems save configs to a PCMCIA flash card on an RSP8? The > problem I'm having is that when I save a newer config over-top of the old > config with the same name, it creates 2 separate instances of the file. I > keep having to re-format or squeeze the card every month or two! Any ideas? > Geoff Mossburg > Must be a new "feature" ;) Mine works as you expected, running 12.2.11T and dual RSP8's: C7507A#copy running-config disk0: Destination filename [running-config]? 3628 bytes copied in 0.756 secs (4799 bytes/sec) C7507A#dir disk0: Directory of disk0:/ 1 -rw-19102960 Jun 02 2003 08:20:50 rsp-jsv-mz.122-11.T.bin 2 -rw-3628 Jun 17 2003 05:48:06 running-config 41721856 bytes total (22614016 bytes free) C7507A#copy running-config disk0: Destination filename [running-config]? %Warning:There is a file already existing with this name Do you want to over write? [confirm] 3628 bytes copied in 0.704 secs (5153 bytes/sec) C7507A#dir disk0: Directory of disk0:/ 1 -rw-19102960 Jun 02 2003 08:20:50 rsp-jsv-mz.122-11.T.bin 2 -rw-3628 Jun 17 2003 05:49:48 running-config 41721856 bytes total (22614016 bytes free) Dave -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "Government can do something for the people only in proportion as it can do something to the people." -- Thomas Jefferson Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70787&t=70767 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS - Cheap or Free [7:70764]
Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70784&t=70764 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN How To: [7:70775]
Simple search via Cisco's home page for 'router to router vpn' yielded the following: http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_e xample09186a008009448f.shtml or http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_e xample09186a00800949ef.shtml Be careful though, as some "TAC Authored" examples sometimes have a few bugs in format/syntax. HTH's Mark -Original Message- From: Justin M. Morgenthaler [mailto:[EMAIL PROTECTED] Sent: Monday, June 16, 2003 10:29 PM To: [EMAIL PROTECTED] Subject: VPN How To: [7:70775] Can anyone point me to some in depth but simple documentation on setting up a point to point encrypted link between a 1603 and a 2514? Justin Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70785&t=70775 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP Recert Question [7:70769]
Helena wrote: > > Hi, > > For those of you who have done the CCNP Recertification, do > they cover new > topics/protocols like 802.1w, 802.1s, QoS, IS-IS etc? Or is it > just old > topics? IS-IS is on it. I didn't see anything for those other topics that you mentioned. Priscilla > > Thanks > Helena > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70780&t=70769 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Port Adapter [7:70772]
Isnt the default for that b8zs/esf with a full t, it gets interesting with a fractional t. Show controller will give you what it is currently setup, IIRC. Brian - Original Message - From: "LIU, JEFF" To: Sent: Monday, June 16, 2003 7:53 PM Subject: Port Adapter [7:70772] > I have PA-MC-8T1 installed on 7206. What is supposedly correct configuration > to support full t1 that is provided my ISP? The thing really gets me is the > timeslot and cable-length parameters. Please advise. > > > Thanx in advance! > > Jeff > > > > * > This electronic message transmission contains information from the law firm > of > Dinsmore & Shohl which may be confidential or privileged. The information is > intended to be for the use of the individual or entity named above. If you > are > not the intended recipient, be aware that any disclosure, copying, > distribution or use of the contents of this information is prohibited. If you > have received this electronic transmission in error, please notify us by > telephone (1-800-934-3477) or by electronic mail ([EMAIL PROTECTED]) > immediately. > * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70781&t=70772 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: serial interface discards [7:70752]
Basically, we have two paths: One going to the internet, and one going to the Corporate WAN. We also have redundancy so that if either pipe goes down, the other can be used for whatever service is missing. In order to do redundancy for the pipe going to Corporate WAN, we needed a netscreen and a Tunnel Interface (netscreen for GRE and Tunnel for IPSEC). We are also using EBGP for the Corporate WAN redistributing into EIGRP internally. The access list is used so that EIGRP won't accept default routes from the Internet pipe going to the remote site. I'm not sure if there are any MTU issues with it but as far as high utilization, the traffic is only showing a max / day of 20-30% so I don't think bandwidth is the issue. I would agree that discards are unavoidable in a FA or GE environment, but prior to adding the internet circuit as the default route for the site, there were no discards. I have been to that site but the scenario is different from mine. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, June 16, 2003 4:29 PM To: [EMAIL PROTECTED] Subject: Re: serial interface discards [7:70752] Nate wrote: > > well, it's a ESF Full T1. What feeds into the T1? If it's a busy Ethernet, especially Fast or Gigabit Ethernet, drops are unavoidable. Even though your stats show that the T1 utilization is only 23/255 (less than 10%), the stats show a moving average for the last 5 minutes, but the drops are since the last time you cleared the counters, 6 hours ago. So at some point, you probably had too much data to send over the 1.5Mbps T1. You need to watch it carefully to see if the drops correspond with high utilization. (I think you said that they do, in fact, which makes sense.) You may simply need more bandwidth. If this is an odd occurence, on the other hand, then perhaps you should check your IDS logs (you do have such a thing? :-) to determine if you were being probed or something. You've probably been to Cisco's site already and found this link: Troubleshooting Input Queue Drops and Output Queue Drops http://www.cisco.com/warp/public/63/queue_drops.html#topic4 It says the same thing about drops being unavoidable in some cases, but it also has some links to congestion avoidance and congestion management featuers (advanced queueing) so that you can control what gets dropped. So, what's with the tunnel? Are there any MTU issues with it? Tunnels add overhead and cause packets to get dropped because they don't fit. I'm not sure that would get displayed with the "show int" drops though. It's worth looking into MTU issues though since they are an infamous problems with tunnels, or am I misunderstanding what you're using the tunnel for? I've never seen it used with a distribute list. Can you explain what you're accomplishing with that? Thank-you very much. Priscilla > Here's the running config for that > interface: > > interface Serial0/0 > bandwidth 1544 > ip address x.x.x.2 255.255.255.0 > no ip directed-broadcast > no ip mroute-cache > no fair-queue > > here's the config for eigrp 1 > > router eigrp 1 > redistribute static > network x.x.x.0 > distribute-list 25 out Tunnel0 > no auto-summary > > here's the tunnel0 config: > > interface Tunnel0 > bandwidth 1544 > ip address x.x.x.2 255.255.255.0 > no ip directed-broadcast > tunnel source x.x.x.66 > tunnel destination x.x.x.66 > > > - Original Message - > From: "MADMAN" > To: > Sent: Monday, June 16, 2003 2:35 PM > Subject: Re: serial interface discards [7:70752] > > > > I would like to see you config also. Is this a full or > fractional > > T1? I don't see any error indications, you may simply be > experiencing > > short, large bursts of traffic hence the output drops. > > > > > >Dave > > > > Nate wrote: > > > guys, for some reason, our monitoring software is showing > a bunch of > > > discards on the serial WAN circuit. The trend of discards > seems to > follow > > > the traffic stream. Here's the config for the interface: > > > > > > (CISCO3725) > > > Serial0/0 is up, line protocol is up > > > Hardware is QUICC Serial > > > Internet address is x.x.x.2/24 > > > MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely > 255/255, load > 23/255 > > > Encapsulation HDLC, loopback not set, keepalive set (10 > sec) > > > Last input 00:00:03, output 00:00:00, output hang never > > > Last clearing of "show interface" counters 06:29:38 > > > Queueing strategy: fifo > > > Output queue 0/40, 22454 drops; input queue 0/75, 0 drops > > > 5 minute input rate 1000 bits/sec, 0 packets/sec > > > 5 minute output rate 141000 bits/sec, 50 packets/sec > > > 9576 packets input, 722935 bytes, 0 no buffer > > > Received 3124 broadcasts, 0 runts, 0 giants, 0 > throttles > > > 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, > 0 abort > > > 1605454 packets output, 336655812 bytes, 0 underruns > > > 0 output errors, 0 collisions, 0 interface re
RE: serial interface discards [7:70752]
You started the thread by saying that your monitoring software is saying that there are discards. What monitoring software is it? Are you sure it's referring to the drops that "show int" is displaying? Maybe it means something else by "discard." Priscilla Nathan wrote: > > Basically, we have two paths: One going to the internet, and > one going > to the Corporate WAN. We also have redundancy so that if > either pipe > goes down, the other can be used for whatever service is > missing. In > order to do redundancy for the pipe going to Corporate WAN, we > needed a > netscreen and a Tunnel Interface (netscreen for GRE and Tunnel > for > IPSEC). We are also using EBGP for the Corporate WAN > redistributing > into EIGRP internally. The access list is used so that EIGRP > won't > accept default routes from the Internet pipe going to the > remote site. > I'm not sure if there are any MTU issues with it but as far as > high > utilization, the traffic is only showing a max / day of 20-30% > so I > don't think bandwidth is the issue. > > I would agree that discards are unavoidable in a FA or GE > environment, > but prior to adding the internet circuit as the default route > for the > site, there were no discards. > > I have been to that site but the scenario is different from > mine. > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Monday, June 16, 2003 4:29 PM > To: [EMAIL PROTECTED] > Subject: Re: serial interface discards [7:70752] > > > Nate wrote: > > > > well, it's a ESF Full T1. > > What feeds into the T1? If it's a busy Ethernet, especially > Fast or > Gigabit Ethernet, drops are unavoidable. Even though your stats > show > that the T1 utilization is only 23/255 (less than 10%), the > stats show a > moving average for the last 5 minutes, but the drops are since > the last > time you cleared the counters, 6 hours ago. So at some point, > you > probably had too much data to send over the 1.5Mbps T1. > > You need to watch it carefully to see if the drops correspond > with high > utilization. (I think you said that they do, in fact, which > makes > sense.) > > You may simply need more bandwidth. If this is an odd > occurence, on the > other hand, then perhaps you should check your IDS logs (you do > have > such a thing? :-) to determine if you were being probed or > something. > > You've probably been to Cisco's site already and found this > link: > > Troubleshooting Input Queue Drops and Output Queue Drops > > http://www.cisco.com/warp/public/63/queue_drops.html#topic4 > > It says the same thing about drops being unavoidable in some > cases, but > it also has some links to congestion avoidance and congestion > management > featuers (advanced queueing) so that you can control what gets > dropped. > > So, what's with the tunnel? Are there any MTU issues with it? > Tunnels > add overhead and cause packets to get dropped because they > don't fit. > I'm not sure that would get displayed with the "show int" drops > though. > It's worth looking into MTU issues though since they are an > infamous > problems with tunnels, or am I misunderstanding what you're > using the > tunnel for? I've never seen it used with a distribute list. Can > you > explain what you're accomplishing with that? Thank-you very > much. > > Priscilla > > > > > Here's the running config for that > > interface: > > > > interface Serial0/0 > > bandwidth 1544 > > ip address x.x.x.2 255.255.255.0 > > no ip directed-broadcast > > no ip mroute-cache > > no fair-queue > > > > here's the config for eigrp 1 > > > > router eigrp 1 > > redistribute static > > network x.x.x.0 > > distribute-list 25 out Tunnel0 > > no auto-summary > > > > here's the tunnel0 config: > > > > interface Tunnel0 > > bandwidth 1544 > > ip address x.x.x.2 255.255.255.0 > > no ip directed-broadcast > > tunnel source x.x.x.66 > > tunnel destination x.x.x.66 > > > > > > - Original Message - > > From: "MADMAN" > > To: > > Sent: Monday, June 16, 2003 2:35 PM > > Subject: Re: serial interface discards [7:70752] > > > > > > > I would like to see you config also. Is this a full or > > fractional > > > T1? I don't see any error indications, you may simply be > > experiencing > > > short, large bursts of traffic hence the output drops. > > > > > > > > >Dave > > > > > > Nate wrote: > > > > guys, for some reason, our monitoring software is showing > > a bunch of > > > > discards on the serial WAN circuit. The trend of discards > > seems to > > follow > > > > the traffic stream. Here's the config for the interface: > > > > > > > > (CISCO3725) > > > > Serial0/0 is up, line protocol is up > > > > Hardware is QUICC Serial > > > > Internet address is x.x.x.2/24 > > > > MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely > > 255/255, load > > 23/255 > > > > Encapsulation HDLC, loopback not set, keepalive set (10 > > sec) > > > > Last input 00:00:03, output 00:00:00, output hang nev