RE: Policy-Based Routing [7:71944]
I'M A CHINESE CCNA.I NEED SOME HELP.I WANT TO PASS CCNP EXAM.THANKS. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72013&t=71944 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Need PIX memory for Lab [7:71975]
In the pas I used regular non Cisco memory and it worked fine. Just make sure it's similar (number of pins, speed, etc). Ian www.ccie4u.com Rack Rentals and Lab Scenarios starting at $20 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shawn Sousa Sent: Monday, July 07, 2003 6:26 AM To: [EMAIL PROTECTED] Subject: Need PIX memory for Lab [7:71975] I have an older PIX 525 that only has 32Mb of memory and Im looking to upgrade it to 128Mb so I can put the latest version of PIXOS on it. Does anyone know of either an inexpensive place to purchase "128mb Cisco Approved Memory SM564168574N6BP" or a third party undocumented alternative source? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72012&t=71975 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: field replaceable units [7:72011]
A unit (parts like printed circuit board or the complete router or switch) that can be replaced in the field (site). Normally this unit can be carried by the field engineer to the customer's site. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72014&t=72011 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
field replaceable units [7:72011]
what's the meaning of field replaceable units? thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72011&t=72011 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3725 Internet router revisited... [7:72003]
At 9:27 PM + 7/7/03, Priscilla Oppenheimer wrote: >Puckette, Larry (TIFPC) wrote: >> >> Just to conclude an issue that I queried the group on a couple >> weeks ago... >> We had 2 new 3725 routers with internal DS3 DSUs that would >> crash when >> downloading large files from the web. These crashes were >> happening when >> traffic reached 200-300Kbps, which is nothing for a DS3. >> >> A couple of you answered and I just wanted to let you know that >> the problem >> turned out to be both routers had bad memory cards in them. > >Both routers had bad memory! Wow. Thanks for getting back to us. It's very >helfpul to hear the resolution. > >Priscilla > I think I had bad memory once, but I forget. What were we discussing again? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72010&t=72003 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco catalyst 3548 and Radius [7:71991]
Robert, Kind of annoying isn't it? I looked a while ago and the short answer was it's not there and you can't do it. Some quick checking on Cisco's site showed that they might finally have released it in newer code though: http://www.cisco.com/en/US/partner/products/hw/switches/ps637/prod_release_note09186a00800c8102.html#xtocid17 The release notes are for 12.0(5)WC5a, which might not even be the latest. Perhaps you just need to update your software? - Tom Robert Perez wrote: > Hi all, > > I am configuring Radius on a cat 3548 and I do not have the global config > "radius" command available. Anyone know what the commands ought to be to > create a server, key, etc.. Normally it is Radius-server key, radius-server > host.. Can't figure it out.. > > I have IOS 12.0(5.2)XU Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72009&t=71991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Exam changes [7:71982]
Hi, yes, you have to attend a Cisco class from Cisco Learing partner to get the courseware (Student kit). They are not sold in stores. In a class you get a lot more information from your instructor including the hands-on lab than any self study or e-learing can give you. Sometimes courseware is sold on ebay.com (mostly older versions). With kind regards Jens Neelsen --- maine dude wrote: > Hi, > > I want to get hold of the Cisco Learning Product folders you > get when you > sit on a Cisco official learning course. > > I find them much better to read then the Cisco press books. > > Does anyone know if I can purchase them from anywhere, or that > if they are > only available when I attend a official Cisco course. > > The other reason is that with all the exams changing > (CCNP/DP/SP), Cisco > press take a while for the books to come out, but with Cisco > folders you get > on the course, I guess they will become available much > earlier. > > Any ides? > > Thanks in advance, > -Dj > > > > > > - > Yahoo! Plus - For a better Internet experience [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72008&t=71982 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IOS AUTH-PROXY problem [7:72005]
Hi, Just run away from 12.1.5T(9). We had some problem with it and discussed in this group with Dmitry and Fabrice. Even if you do not enable http server on the router auth-proxy will be invoked . Regards, Vilmos -Original Message- From: d tran [mailto:[EMAIL PROTECTED] Sent: 06 July 2003 18:19 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: IOS AUTH-PROXY problem All, Below is the configuration I have with AUTH-PROXY. I don't understand why the configuration works with IOS version 12.2.15(T) but doesn't work with IOS version 12.1.5T(9). With version 12.1.5T(9), I am not getting a "authentication failed". Instead I am getting "bad request". Any ideas? C2610#sh run Building configuration... Current configuration : 4248 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname C2610 ! logging buffered 8192 notifications logging rate-limit 1 no logging console aaa new-model aaa authentication login default group tacacs+ local aaa authentication login NONE none aaa authentication login TACACS group tacacs+ local enable aaa authentication login LOCAL local enable aaa authorization auth-proxy default group tacacs+ enable secret 5 $1$Bj2H$ad4Dn5rkgKvwPZzJDKAgZ1 ! memory-size iomem 10 ip subnet-zero no ip source-route ! ! no ip finger ip tcp intercept list 100 ip tcp intercept connection-timeout 3600 ip tcp intercept watch-timeout 5 ip tcp intercept max-incomplete low 300 ip tcp intercept max-incomplete high 1000 ip tcp intercept one-minute low 100 ip tcp intercept one-minute high 500 ip domain-name micronetsolution.com ip host tac 2065 10.10.10.10 ip name-server 172.17.1.2 ip name-server 129.174.1.8 ip dhcp excluded-address 10.100.0.71 ip dhcp excluded-address 10.100.0.72 ip dhcp excluded-address 10.100.0.254 ip dhcp ping packets 5 ! ip dhcp pool DHCP network 10.100.0.0 255.255.255.0 netbios-name-server 172.17.1.2 129.174.1.8 dns-server 172.17.1.2 129.174.1.8 default-router 10.100.0.254 domain-name micronetsolution.com lease 3 ! ip inspect audit-trail ip inspect dns-timeout 15 ip inspect name CBAC tcp timeout 3600 ip inspect name CBAC udp timeout 3600 ip auth-proxy auth-proxy-banner ip auth-proxy auth-proxy-audit ip auth-proxy auth-cache-time 1 ip auth-proxy name AUTH-PROXY http ip audit info action alarm drop reset ip audit attack action alarm drop reset ip audit notify log ip audit po max-events 100 ip audit name ATTACK attack action alarm drop reset ip audit name INFO info action alarm ! ! call rsvp-sync cns event-service server ! ! ! ! ! ! ! ! interface Loopback0 ip address 10.10.10.10 255.255.255.255 ! interface Ethernet0/0 ip address 172.18.1.1 255.255.0.0 ip nat outside half-duplex ! interface FastEthernet1/0 ip address 10.100.0.254 255.255.255.0 ip nat inside ip auth-proxy AUTH-PROXY speed 100 full-duplex ! ip kerberos source-interface any ip nat pool natpool 172.18.1.1 172.18.1.1 netmask 255.255.0.0 ip nat inside source list 130 interface Ethernet0/0 overload ip nat inside source static 10.100.0.71 172.18.0.71 ip classless ip route 0.0.0.0 0.0.0.0 172.18.1.254 ip http server ip http authentication aaa ! ! ip access-list extended NAMEDACL permit tcp any any permit udp any any permit ip any any ip access-list extended in2out permit udp 10.100.0.0 0.0.0.255 any eq domain reflect traffic permit tcp 10.100.0.0 0.0.0.255 any eq www reflect traffic permit tcp 10.100.0.0 0.0.0.255 any eq telnet reflect traffic deny ip any any ip access-list extended out2in permit icmp any any evaluate traffic deny ip any any logging trap notifications logging facility local5 logging source-interface Ethernet0/0 logging 172.17.1.2 access-list 100 permit tcp any host 10.100.0.71 eq www access-list 100 permit tcp any host 10.100.0.71 eq 443 access-list 100 permit tcp any host 10.100.0.71 eq 22 access-list 100 permit tcp any host 10.100.0.71 eq telnet access-list 100 permit tcp any host 10.100.0.71 eq ftp access-list 100 permit tcp any host 10.100.0.71 eq ftp-data access-list 110 permit tcp 10.100.0.0 0.0.0.255 host 10.100.0.254 eq telnet access-list 110 dynamic lock-and-key permit ip 10.100.0.0 0.0.0.255 any access-list 110 deny ip any any access-list 120 permit udp 10.100.0.0 0.0.0.255 any eq domain access-list 120 permit tcp 10.100.0.0 0.0.0.255 host 10.100.0.254 eq www access-list 120 deny ip any any access-list 130 permit ip 10.100.0.0 0.0.0.255 any access-list 140 permit ip host 172.18.1.2 host 172.18.1.1 access-list 140 permit icmp any 10.100.0.0 0.0.0.255 access-list 140 permit icmp any host 172.18.0.71 access-list 140 deny ip any any ! tacacs-server host 172.18.1.2 tacacs-server attempts 2 ! dial-peer cor custom ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous login authentication NONE transport input none line aux 0 login authentication NONE transport input all line vty 0 4 login authentication LOCAL ! ntp clock-period 17208324
RE: 3725 Internet router revisited... [7:72003]
Puckette, Larry (TIFPC) wrote: > > Just to conclude an issue that I queried the group on a couple > weeks ago... > We had 2 new 3725 routers with internal DS3 DSUs that would > crash when > downloading large files from the web. These crashes were > happening when > traffic reached 200-300Kbps, which is nothing for a DS3. > > A couple of you answered and I just wanted to let you know that > the problem > turned out to be both routers had bad memory cards in them. Both routers had bad memory! Wow. Thanks for getting back to us. It's very helfpul to hear the resolution. Priscilla > We > replaced the > memory and all has been working well. > > Thanx again for the great forum this group provides. > > Larry Puckette > Senior Network Analyst > Temple Inland/Austin Data Center > 512/434-1838 > [EMAIL PROTECTED] > > Where the only idol is money and power, there is no hope for > integrity. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72007&t=72003 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Configuring TCP intercept question; need help [7:72004]
Hello, I think this is 12.1.(5)T9 problem again. Although you did not enable CBAC, but bear in mind: "Cisco IOS IDS/CBAC and the TCP Intercept feature work independently of each other and, in fact, should not be used together due to the fact that they use the same internal engine." http://www.cisco.com/en/US/customer/products/sw/secursw/ps1018/products_qand a_item09186a008009464d.shtml Regards, Vilmos -Original Message- From: d tran [mailto:[EMAIL PROTECTED] Sent: 06 July 2003 18:14 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Configuring TCP intercept question; need help Hi, Has anyone actually been playing with Cisco TCP intercept lately? Does this piece of crap work at all? I am running both IOS version 12.1.5(T9) and 12.2.15(T) and TCP intercept is not working in "intercept" mode. TCP intercept does work in "watch" mode. when it is running in "intercept" mode, I can not get to the web page at all. It works in "watch" mode. Any ideas why? In "intercept" mode, it has to handle the connection for the server. In "watch" mode, it just watchs the connection. Here is what I am testing with: 1) Apache web server in linux, 2) hping2 utility to generate 10,000 concurrent http connections I also use NAT to make the apache web server available to the external so that hping2 can DOS it. Here is my config: C2610#sh run Building configuration... Current configuration : 4222 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname C2610 ! logging buffered 8192 notifications logging rate-limit 1 no logging console aaa new-model aaa authentication login default group tacacs+ local aaa authentication login NONE none aaa authentication login TACACS group tacacs+ local enable aaa authentication login LOCAL local enable aaa authorization auth-proxy default group tacacs+ enable secret 5 $1$Bj2H$ad4Dn5rkgKvwPZzJDKAgZ1 ! memory-size iomem 10 ip subnet-zero no ip source-route ! ! no ip finger ip tcp intercept list 100 ip tcp intercept connection-timeout 3600 ip tcp intercept watch-timeout 5 ip tcp intercept max-incomplete low 300 ip tcp intercept max-incomplete high 1000 ip tcp intercept one-minute low 100 ip tcp intercept one-minute high 500 ip domain-name micronetsolution.com ip host tac 2065 10.10.10.10 ip name-server 172.17.1.2 ip name-server 129.174.1.8 ip dhcp excluded-address 10.100.0.71 ip dhcp excluded-address 10.100.0.72 ip dhcp excluded-address 10.100.0.254 ip dhcp ping packets 5 ! ip dhcp pool DHCP network 10.100.0.0 255.255.255.0 netbios-name-server 172.17.1.2 129.174.1.8 dns-server 172.17.1.2 129.174.1.8 default-router 10.100.0.254 domain-name micronetsolution.com lease 3 ! ip inspect audit-trail ip inspect dns-timeout 15 ip inspect name CBAC tcp timeout 3600 ip inspect name CBAC udp timeout 3600 ip auth-proxy auth-proxy-banner ip auth-proxy auth-proxy-audit ip auth-proxy auth-cache-time 1 ip auth-proxy name AUTH-PROXY http ip audit info action alarm drop reset ip audit attack action alarm drop reset ip audit notify log ip audit po max-events 100 ip audit name ATTACK attack action alarm ip audit name INFO info action alarm ! ! call rsvp-sync cns event-service server ! ! ! ! ! ! ! ! interface Loopback0 ip address 10.10.10.10 255.255.255.255 ! interface Ethernet0/0 ip address 172.18.1.1 255.255.0.0 ip nat outside half-duplex ! interface FastEthernet1/0 ip address 10.100.0.254 255.255.255.0 ip nat inside speed 100 full-duplex ! ip kerberos source-interface any ip nat pool natpool 172.18.1.1 172.18.1.1 netmask 255.255.0.0 ip nat inside source list 130 interface Ethernet0/0 overload ip nat inside source static 10.100.0.71 172.18.0.71 ip classless ip route 0.0.0.0 0.0.0.0 172.18.1.254 ip http server ip http authentication aaa ! ! ip access-list extended NAMEDACL permit tcp any any permit udp any any permit ip any any ip access-list extended in2out permit udp 10.100.0.0 0.0.0.255 any eq domain reflect traffic permit tcp 10.100.0.0 0.0.0.255 any eq www reflect traffic permit tcp 10.100.0.0 0.0.0.255 any eq telnet reflect traffic deny ip any any ip access-list extended out2in permit icmp any any evaluate traffic deny ip any any logging trap notifications logging facility local5 logging source-interface Ethernet0/0 logging 172.17.1.2 access-list 100 permit tcp any host 10.100.0.71 eq www access-list 100 permit tcp any host 10.100.0.71 eq 443 access-list 100 permit tcp any host 10.100.0.71 eq 22 access-list 100 permit tcp any host 10.100.0.71 eq telnet access-list 100 permit tcp any host 10.100.0.71 eq ftp access-list 100 permit tcp any host 10.100.0.71 eq ftp-data access-list 110 permit tcp 10.100.0.0 0.0.0.255 host 10.100.0.254 eq telnet access-list 110 dynamic lock-and-key permit ip 10.100.0.0 0.0.0.255 any access-list 110 deny ip any any access-list 120 permit udp 10.100.0.0 0.0.0.255 any eq domain access-list 120 permit tcp 10.1
Re: What Hardware do I need? [7:71712]
Justin, The lab I use is at work, and I need remote access to it to do labs at home. I use a Linux PC with a Moxa PCI serial port card (8 serial ports). With the 2 built-in serial ports, I can connect to 10 Cisco devices. I have users set up so that when user R1 logs in via SSH the console window immediately appears... I looked around and found it to be much more cost effective than purchasing a used 2509, as well as far more functional since it also serves as a source of traffic. I also have home-grown scripts to automate the downloading and archiving of router configs/network topology which is nice. Anyway, that's what worked for me. - Tom Justin Clark wrote: > I currently have 3 2501 routers and a 1924 switch. I use them as a study > lab but when I'm not using it, it just sits there. I'm trying to find out > what is the least expensive way to share those to the internet. I want to > be able to give access to one IP that a person can telnet to and then > console out to the 4 devices. What do i need to do this? Console server, > terminal server, what? Preferably I would like it to be a seperate piece of > hardware so i can just leave the cisco hardware on and no need a computer to > run it all. Also, keep in mind, i'm just doing this some someone else can > get use out of them when I'm not using them so i really dont want to spend a > lot of money to get this up and running. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72006&t=71712 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
3725 Internet router revisited... [7:72003]
Just to conclude an issue that I queried the group on a couple weeks ago... We had 2 new 3725 routers with internal DS3 DSUs that would crash when downloading large files from the web. These crashes were happening when traffic reached 200-300Kbps, which is nothing for a DS3. A couple of you answered and I just wanted to let you know that the problem turned out to be both routers had bad memory cards in them. We replaced the memory and all has been working well. Thanx again for the great forum this group provides. Larry Puckette Senior Network Analyst Temple Inland/Austin Data Center 512/434-1838 [EMAIL PROTECTED] Where the only idol is money and power, there is no hope for integrity. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72003&t=72003 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: cisco back to back cable [7:71992]
You need to set clock on one, I leave it as an exercise to the poster to figure out which. Brian The path to a desireable destination is often more difficult than the path to stay where you are. On Mon, 7 Jul 2003, KW S wrote: > Dear All > > I have a 2501 and 2505 and I am trying to set up a homelab..These 2 routers > come with a cable which is a DB60(DTE) and the other end is a DB60(DCE).This > is wat that is label on the cable. Anyway, I try to connect this cable to > the serial interface of the 2 routers...and both the routers are showing > serial is down and line protocol is down. > > I guess I have used the wrong cable...or maybe I have missed out something. > > Please comment.. > > Regards, kws Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72000&t=71992 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ATM Bandwith [7:71937]
=?iso-8859-1?q?Gerard=20Torin?= wrote: > > Hi Dom, we did test with TFY aplication, generating a burst > traffic of 3000 bytes UDP. Where is the testing being done? Is it through a path that actually handles a 3000-byte packet without IP fragmentation? ATM might default to a high MTU, but if you're starting on Ethernet, then you can't use such a large MTU. So that means that you're doing IP fragmentation. That takes time and causes even more overhead from headers. UDP has an 8-byte header. IP has a 20 byte header. Ethernet supports an MTU of 1500 bytes. So, first figure out what your tool means by 3000-byte packet. Does it count headers? But probaby you want to test with 1472 at most, assuming you're starting on an Ethernet link. If you're starting on ATM, find out the MTU for the ATM interface. So, add to my list of things that affect throughput (not bandwidth): IP fragmentation and reassembly. Thanks, Priscilla > This aplication stressed the link, > but I don`t undestard why not reach the maximun bandwith > permited: 34Mbps. What do you think about this test? Is right? > > Dom wrote: > -Original Message- > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of > Gerard Torin > >Sent: 05 July 2003 19:06 > >To: [EMAIL PROTECTED] > >Subject: ATM Bandwith [7:71937] > > > >Hi guys, > > >Anybody know how is built the ATM4S Bandwith?. For example, In > ATM`s > link of 34Mbps, Is true that 4Mbps is just only > >header?, I ask that, because actually my company has it. But > we don4t > reach the maximun bandwith of 34Mbps. Yesterday, we > >did stress test in the link and just only reach 30Mbps. > > >I thanks any comment. > > > Please supply more details. How did you test and with what size > packets? > Cell tax (the overhead of breaking your data down in 53byte > chunks) > might account for hat you are observing. > > > Best regards, > > Dom Stocqueler > SysDom Technologies > Visit our website - www.sysdom.org > Yahoo! Messenger > Nueva versión: Super Webcam, voz, caritas animadas, y > más #161;Gratis! > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72002&t=71937 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Are the system UP - without using ping [7:71920]
Really you have a couple things to worry about, the physical ether link and the service in question. Assuming the device in question connects to a managed switch, syslog, snmp, or something similar can tell you when the port status changes. Re service monitoring, NoCOl used to be a great free option, I'm sure theres several out there now, just google for service monitor. Brian The path to a desireable destination is often more difficult than the path to stay where you are. On Mon, 7 Jul 2003, alaerte Vidali wrote: > Thanks, > > I am looking for a program running under Window or Lunix that could > automatically indicates when a device goes down. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72001&t=71920 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ATM Bandwith [7:71937]
=?iso-8859-1?q?Gerard=20Torin?= wrote: > > Hi guys, > > Anybody know how is built the ATM4S Bandwith?. For example, In > ATM`s link of 34Mbps, Is true that 4Mbps is just only header?, > I ask that, because actually my company has it. But we don4t > reach the maximun bandwith of 34Mbps. Yesterday, we did stress > test in the link and just only reach 30Mbps. Bandwidth means capacity. It is a given. The amount of bandwidth you have is dictated by your provider and the type of interface you are using. It is not measured. It doesn't change (unless you have some technology that uses dynamic bandwidth allocation, such as multilink PPP). What you seem to be doing is measuring throughput. Throughput is measured. It's the amount of data per timeframe that can be sent. Because they have the same unit of measurement (bits per second or something similiar) people think bandwidth and throughput mean the same thing. They don't. Just want to encourage people to use the terms correctly! :-) Now, throughput can measure numerous different things. If you had a tool that could send raw, unframed bits as fast as the interface allows, throughput could equal bandwidth, assuming the link is not used by anything but your testing tool. Since such tools aren't very common, and, of more importance, don't resemble real-world applications, that's not how throughput is really measured. What you really care about is the user's experience. So you care about application-layer throughput. Some tools let you measure the amount of user data that is sent per unit of time. This refers to the application-layer payload. It leaves out overhead caused by headers at the data-link, network, transport, and application layer. Or you can measure throughput using a tool that does count data-link layer overhead, or network, or whatever. If you don't know what your tool is measuring, find out. Otherwise your results are meaningless. Throughput, depending on what layer you are measuring, can be affected by numerous factors: * packet header overhead (and ATM cell overhead) * errors, resulting in retransmissions and dropped frames * dropped frames at internetworking devices due to buffer overflows * media contention on shared links * protocol behavior, including the need to find a resource, set up a connection, ack data, etc. * RAM access speed at end systems and internetworking devices * hard drive access speed at end systems * processing required at end systems and internetworking devices * software inefficiencies And about a zillion other things, depending on what you are actually measuring, which is not bandwidht, but is throughput at some layer. :-) ___ Priscilla Oppenheimer www.priscilla.com > > I thanks any comment. > > > - > Yahoo! Messenger > Nueva versión: Super Webcam, voz, caritas animadas, y > más #161;Gratis! > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71999&t=71937 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: cisco back to back cable [7:71992]
Did you set up the clock rate on the DCE side? I'm assuming you have HDLC encapsulation on both ends. Here is a link that you can refer to on the command: http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1831/products_comm and_reference_chapter09186a00800880c2.html#1019126 Watch the wrap. Good luck on your studies. Mike -Original Message- From: KW S [mailto:[EMAIL PROTECTED] Sent: Monday, July 07, 2003 9:22 AM To: [EMAIL PROTECTED] Subject: cisco back to back cable [7:71992] Dear All I have a 2501 and 2505 and I am trying to set up a homelab..These 2 routers come with a cable which is a DB60(DTE) and the other end is a DB60(DCE).This is wat that is label on the cable. Anyway, I try to connect this cable to the serial interface of the 2 routers...and both the routers are showing serial is down and line protocol is down. I guess I have used the wrong cable...or maybe I have missed out something. Please comment.. Regards, kws Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71998&t=71992 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Exam changes [7:71982]
I've seen them for sale on the auction sites before. Shawn K. -Original Message- From: maine dude [mailto:[EMAIL PROTECTED] Sent: Monday, July 07, 2003 8:47 AM To: [EMAIL PROTECTED] Subject: Exam changes [7:71982] Hi, I want to get hold of the Cisco Learning Product folders you get when you sit on a Cisco official learning course. I find them much better to read then the Cisco press books. Does anyone know if I can purchase them from anywhere, or that if they are only available when I attend a official Cisco course. The other reason is that with all the exams changing (CCNP/DP/SP), Cisco press take a while for the books to come out, but with Cisco folders you get on the course, I guess they will become available much earlier. Any ides? Thanks in advance, -Dj - Yahoo! Plus - For a better Internet experience Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71994&t=71982 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: want lab mates [7:71980]
hello am also planing to take lab on sept in b'lore,so i think ,v can work together , i added u in my yahoo mess [EMAIL PROTECTED] and u can contact me ,tel 0484-2360760 thanx VijayAnand 2000 technologie wrote: Hi iam looking for lab mates planing to take my lab in september in india plse contact me on yahoo messenger [EMAIL PROTECTED] SMS using the Yahoo! Messenger;Download latest version. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71997&t=71980 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Exam changes [7:71982]
DJ, You need to either take the course or buy a used one off of eBay. And the newer courseware won't be cheap--in some instances, expect to pay up to $300US for it, depending on the demand. Cheers! -- Richard A. Deal Visit my home page at http://home.cfl.rr.com/dealgroup/ Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration Exam Cram Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco exams on the market. ""maine dude"" wrote in message news:[EMAIL PROTECTED] > Hi, > > I want to get hold of the Cisco Learning Product folders you get when you > sit on a Cisco official learning course. > > I find them much better to read then the Cisco press books. > > Does anyone know if I can purchase them from anywhere, or that if they are > only available when I attend a official Cisco course. > > The other reason is that with all the exams changing (CCNP/DP/SP), Cisco > press take a while for the books to come out, but with Cisco folders you get > on the course, I guess they will become available much earlier. > > Any ides? > > Thanks in advance, > -Dj > > > > > > - > Yahoo! Plus - For a better Internet experience Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71988&t=71982 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
cisco back to back cable [7:71992]
Dear All I have a 2501 and 2505 and I am trying to set up a homelab..These 2 routers come with a cable which is a DB60(DTE) and the other end is a DB60(DCE).This is wat that is label on the cable. Anyway, I try to connect this cable to the serial interface of the 2 routers...and both the routers are showing serial is down and line protocol is down. I guess I have used the wrong cable...or maybe I have missed out something. Please comment.. Regards, kws Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71992&t=71992 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re:baby!your friend send this file to you ! [7:71995]
Read this file [GroupStudy removed an attachment of type application/octet-stream which had a name of fred.Kiss.ok.exe] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&iq995&tq995 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Are the system UP - without using ping [7:71920]
Thanks, I am looking for a program running under Window or Lunix that could automatically indicates when a device goes down. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71993&t=71920 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
HELP??- [7:71996]
Help... [GroupStudy removed an attachment of type application/octet-stream which had a name of fred.htm] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&iq996&tq996 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco catalyst 3548 and Radius [7:71991]
Hi all, I am configuring Radius on a cat 3548 and I do not have the global config "radius" command available. Anyone know what the commands ought to be to create a server, key, etc.. Normally it is Radius-server key, radius-server host.. Can't figure it out.. I have IOS 12.0(5.2)XU Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71991&t=71991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: avoid multicast storming on catalyst fe [7:71820]
s vermill wrote: > When I went to the Software Advisor on CCO, IGMP Snooping didn't show up as > a supported option for the 3550. Did your sales team lead you astray? I'd > take them to task if they did... The 3550 does support IGMP snooping, since 12.1(4)EA1. See http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12113ea1/3550cr/cli1.htm#1861998 and http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12113ea1/3550scg/swigmp.htm Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71990&t=71820 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: avoid multicast storming on catalyst fe [7:71820]
TP wrote: > > Thank you at all for your support. > Just few comments (sorry for delay but when you are working I'm > sleeping ;)). > > - I can not configure the 3550 as router. I can not change IP > and subnet for > many reasons. > - I can not configure VLAN, I've no chance to configure here > inter vlan > routing > - I've bought 3550 because of IGMP snooping...but It seems that > it does not > work Teresa, When I went to the Software Advisor on CCO, IGMP Snooping didn't show up as a supported option for the 3550. Did your sales team lead you astray? I'd take them to task if they did... > > Maybe access-list or something based on mac control can help > us to avoid that > our tests based on multicast traffic floods on all the LAN. > > I can configure the multicast address (so I can know the > multicast layer 2 > mac). > Wich is the configuration (if any) I've to set on fastethernet > 0/1 in order to > avoid that the specific multicast mac go out from this port? > > Anybody knows why switchport block multicast doesn't take any > effect? Sounds as if your hardware is new. Can you open a TAC case? > > > Thank you again and have a nice week end. > Teresa > > > > - Original Message - > From: Priscilla Oppenheimer > To: [EMAIL PROTECTED] > Sent: Friday, July 04, 2003 5:35 AM > Subject: RE: avoid multicast storming on catalyst fe [7:71820] > > > Couldn't you use a VLAN? Maybe that's too much work since > you're just > testing though But VLANs divide broadcast/multicast > domains... > > Priscilla > > TP wrote: > > > > Dear Group, > > > > I need help about multiscast. > > This is a simple topology... I've to test some video > streamer > > devices so I > > must generate multicast traffic. > > All video devices are connected to a catalyst 3550xl. > > We can reach the office LAN through the same catalyst, in > > particular from/by > > fastethernet0/1. > > > > I must avoid that multicast traffic genereted locally > floods > > the LAN creating > > excessive traffic. > > Can I achieve this? > > > > This is the configuration runnig...it doesn't work. I mean > > when I generate > > multicast traffic it crosses fe0/1 and reachs the rest of > the > > LAN > > degrading network performance. > > > > Any help will be appreciated. > > Thank you. > > Teresa > > > > > > interface FastEthernet0/1 > > switchport protected > > switchport block multicast > > no ip address > > storm-control multicast level 20.00 > > > > System image file is > > "flash:c3550-i9q3l2-mz.121-11.EA1/c3550-i9q3l2-mz.121-11.EA > > 1.bin" > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71987&t=71820 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MTU size on Hub and spoke IPSEC VPN [7:71978]
Hi Fabio, It certainly sounds like an MTU issue. Most Cisco ATM interfaces have a default MTU of 4470 on the main interface. Sub-interfaces can have a smaller or up to the same value as the main interface. If you issue the command "show interface atm #/#" it will tell you what the size of the MTU is set for on that interface. If you need to configure the MTU on the subinterface you would use the "MTU " command. I would probably set the value of the MTU to ~1400. This will take into account the additional overhead including the IPsec header which in itself can be 50 to 60 bytes. Hope this helps. Thanks, Mario Puras SoluNet Technical Support Mailto: [EMAIL PROTECTED] Direct: (321) 309-1410 888.449.5766 (USA) / 888.SOLUNET (Canada) -Original Message- From: Fabio Macchi [mailto:[EMAIL PROTECTED] Sent: Monday, July 07, 2003 7:53 AM To: [EMAIL PROTECTED] Subject: MTU size on Hub and spoke IPSEC VPN [7:71978] Hi all, I have a problem on an hub and spoke IPSEC VPN. There are two 827H connected to a 1721 acting as an hub, configured to make two VPN IPSEC tunnel. All seems to run correctly ( IPSEC SA are up, I can ping from 827 to 1721 and from 827 to 827 ), except I have problem only with some applications ( example FTP with no small file ) and only from 827 to 827 ( 827 to 1721 works fine ). It seems to be an MTU problem. I have set ip tcp adjust-mss 1440 on all ethernet interfaces ( 1440 + 52 IPSEC header + 8 PPPOE = 1500 ) and this seem to be correct, but in the two hops connection ( 827 to 1721 to 827 ) the packets don't travell across the fastethernet on 1721, simply entry and exit from the same ATM0 interface, so this settings is not applied. Have I to apply MTU directly on ATM interface ? Which value would be correct ? Any other idea ? Any help appreciate. Thanks. Fabio Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71986&t=71978 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: GRE with IPsec [7:71959]
First of all, these should be two separate ACLs. A) is what you would reference in your crypto map. Anything conforming to that ACL is encrypted, so you would include all traffic that you would like to be encrypted on that acl. i.e all IP traffic from the source network to the destination network. B) this you would actually apply to the physical public facing interface, so that gre traffic can be allowed through the interface. Instead of any any you could specify the tunnel source and destinations that you are using. Michael Jia wrote: > > Hi, > > Anyone has good reference doc about GRE with Ipsec . > > I am a little confused about 2 flavors of crypto ACL used: > A) permit ip > B) permit gre any any > > It seems option A is encry first then GRE encap, while option B > is encap > first then encrypt. > > Is there a good ref about these setups? > > > Thanks > Michael > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71989&t=71959 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: New features [7:71981]
I dont know any way to get notified but you can check out the new features here: http://www.cisco.com/univercd/cc/td/doc/product/software/ Thanks, Mario Puras SoluNet Technical Support Mailto: [EMAIL PROTECTED] Direct: (321) 309-1410 888.449.5766 (USA) / 888.SOLUNET (Canada) -Original Message- From: Muhtari Adanan [mailto:[EMAIL PROTECTED] Sent: Monday, July 07, 2003 8:25 AM To: [EMAIL PROTECTED] Subject: New features [7:71981] I was wondering whether other than the alert tool, There exists a way of getting notified of the latest features being made avialable. M. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71984&t=71981 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Authentication [7:71977]
Hi. You can use the cisco software ACS. CCO has tips and configs for that software. Antero VAsconcelos -Original Message- From: Alexandre Chaves [mailto:[EMAIL PROTECTED] Sent: segunda-feira, 7 de Julho de 2003 12:45 To: [EMAIL PROTECTED] Subject: Authentication [7:71977] Dear Friends, I read this group for a while but this is my first question. My client have a Cisco 827 (ADSL) and he asked me to create a server to authenticate his users. When the user try to go the internet the browser opens a window to put login and pass and he starts to navigate after this authentication. I always do this with Linux (squid). Can I do with Cisco? Can the login data base be in the router or in a radius server? Thanks in advance! Alexandre Chaves *** Este email assim como os ficheiros que possa ter em anexo sao confidenciais e para uso exclusivo da pessoa ou organizacao para o qual foi enviado. Se recebeu esta mensagem por engano por favor notifique a Compta atraves do endereco [EMAIL PROTECTED] Esta mensagem foi verificada pelo sistema MAILsweeper nao tendo sido encontrados virus. http://www.mimesweeper.com MAILsweeper - Modulo da suite MIMEsweeper, solucao de filtragem de conteudos comercializada pela Compta SA. A Compta SA detem o mais alto nivel de especializacao MIMEsweeper, tendo sido reconhecida pela Clearswift como Premier Partner. *** This message is confidential and may contain privileged information intended solely for the named addressee(s). It may not be used or disclosed except for the purpose for which it has been sent. If you are not the intended recipient, you must not copy, distribute or take any action in reliance on it. If you have received this message in error, please notify Compta by emailing [EMAIL PROTECTED] quoting the sender and delete the message and any attached documents. This footnote confirms that this email message has been swept by MIMEsweeper for Content Security threats, including computer viruses *** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71983&t=71977 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Exam changes [7:71982]
Hi, I want to get hold of the Cisco Learning Product folders you get when you sit on a Cisco official learning course. I find them much better to read then the Cisco press books. Does anyone know if I can purchase them from anywhere, or that if they are only available when I attend a official Cisco course. The other reason is that with all the exams changing (CCNP/DP/SP), Cisco press take a while for the books to come out, but with Cisco folders you get on the course, I guess they will become available much earlier. Any ides? Thanks in advance, -Dj - Yahoo! Plus - For a better Internet experience Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71982&t=71982 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MTU size on Hub and spoke IPSEC VPN [7:71978]
Hi all, I have a problem on an hub and spoke IPSEC VPN. There are two 827H connected to a 1721 acting as an hub, configured to make two VPN IPSEC tunnel. All seems to run correctly ( IPSEC SA are up, I can ping from 827 to 1721 and from 827 to 827 ), except I have problem only with some applications ( example FTP with no small file ) and only from 827 to 827 ( 827 to 1721 works fine ). It seems to be an MTU problem. I have set ip tcp adjust-mss 1440 on all ethernet interfaces ( 1440 + 52 IPSEC header + 8 PPPOE = 1500 ) and this seem to be correct, but in the two hops connection ( 827 to 1721 to 827 ) the packets don't travell across the fastethernet on 1721, simply entry and exit from the same ATM0 interface, so this settings is not applied. Have I to apply MTU directly on ATM interface ? Which value would be correct ? Any other idea ? Any help appreciate. Thanks. Fabio Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71978&t=71978 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
want lab mates [7:71980]
Hi iam looking for lab mates planing to take my lab in september in india plse contact me on yahoo messenger [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71980&t=71980 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
New features [7:71981]
I was wondering whether other than the alert tool, There exists a way of getting notified of the latest features being made avialable. M. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71981&t=71981 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Authentication [7:71977]
Dear Friends, I read this group for a while but this is my first question. My client have a Cisco 827 (ADSL) and he asked me to create a server to authenticate his users. When the user try to go the internet the browser opens a window to put login and pass and he starts to navigate after this authentication. I always do this with Linux (squid). Can I do with Cisco? Can the login data base be in the router or in a radius server? Thanks in advance! Alexandre Chaves Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71977&t=71977 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Policy Based Routing [7:71974]
I believe the set default for both interface and next-hop are not supported. Chirag Arora -Original Message- From: Muhtari Adanan [mailto:[EMAIL PROTECTED] Sent: Monday, July 07, 2003 3:31 PM To: [EMAIL PROTECTED] Subject: Policy Based Routing [7:71974] When PBR is applied to an interface, what command options are not supported by CEF i.e. set interface? M. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71979&t=71974 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Need PIX memory for Lab [7:71975]
I have an older PIX 525 that only has 32Mb of memory and Im looking to upgrade it to 128Mb so I can put the latest version of PIXOS on it. Does anyone know of either an inexpensive place to purchase "128mb Cisco Approved Memory SM564168574N6BP" or a third party undocumented alternative source? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71975&t=71975 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Policy Based Routing [7:71974]
When PBR is applied to an interface, what command options are not supported by CEF i.e. set interface? M. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71974&t=71974 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: CCNP newbie [7:71868]
Hi David, Did you pass the routing exam? Pooven -Original Message- From: David Vital [mailto:[EMAIL PROTECTED] Sent: 05 July 2003 03:38 AM To: [EMAIL PROTECTED] Subject: RE: CCNP newbie [7:71868] I hope the routing exam is the hardest. I just took it yesterday and am starting the preperation for the Switching exam next. I used the Sybex book among other things. since I havn't found the Cisco Press books for anything newer than the 503 exam, I havn't seen them. I'm curious to see the new books that come out for this next series of exams. I checked their website and didn't see the new books listed yet. I think you should be fine with either series of books. The main thing is to get comfortable with the material. David Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71976&t=71868 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Policy-Based Routing [7:71944]
here is a link http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configuration_guide_chapter09186a00800ca590.html ""Jason Viera"" a icrit dans le message de news:[EMAIL PROTECTED] > Just for clarification can someone comment on or confirm the following: If > policy routing is enabled on an interface and the policy states that a > packet received on that particular interface be sent to a next hop IP or an > interface, will the packet be sent to that next hop even if a route exists > via an IGP that points to another next hop?? I guess my real question is > does the packet even get processed in regards to the routing table, or is > its destination set as soon as its matched by the route-map applied to the > ingress interface?? Thanks in advance!! > Jason Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71973&t=71944 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
tftp problem via checkpoint firewalls [7:71971]
Hi, I have a problem trying to tftp router configs through a cluster-pair of checkpoint-nokia firewalls. I can Telnet from the inside to the router outside the firewall but get a firewall error message when attempt to tftp the config back through the firewall. This all worked fine on Checkpoint firewall-1 running on NT, but doesn't work using Nokia boxes. external side: tftp client (router) connected to external lan external lan is vlan-X across two Cisco Cat switches two firewalls with a connection to this external lan (fw1 on sw1 and fw2 on sw2) internal side: tftp server (unix) connected to internal lan internal lan is vlan-Y across same two Cisco Cat switches same two firewalls with a connection to this internal lan (fw1 on sw1 and fw2 on sw2) inter-firewall: a direct x-over cable between the firewall synch interfaces Tftp Client router attempts to tftp its configuration to the TFTP Host The Tftp Client Router sees the Tftp Host as an "external address" with the Checkpoint Firewalls translating this "external address" to the real internal address. This fails with the firewall logging the message "Connection contains real ip of NATed address" Checkpoint Knowledge Base Article SK14613 below seems to describe, but not quite as we have each firewall connected to a different switch for resilience. https://support.checkpoint.com/public/idsearch.jsp?id=sk14613&QueryText=%28% 28real%2C+ip%29%29&resultStart=1 Have raised a fault with Checkpoint but not holding my breath. Any thoughts? regards, Alan ** This e-mail is for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mail messages are not necessarily secure. Ulster Bank Group/The Royal Bank of Scotland and each of its Group companies does not accept responsibility for changes made to this message after it was sent. ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71971&t=71971 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Are the system UP - without using ping [7:71920]
Hello, I suggest using sho cdp neigh or something like this. Does it help? Best regards, Sergei A. Chernooki Telecommunications Engineer, CCNP NPP Belsoft, Inc 18 Moskovskaja str. office 525, 220007 Minsk Republic of Belarus phone: (375 (0)17) 222, ext.435, 2281321 fax: (375 (0)17) 2228058, mob. +375-(0)29-653-55-03. E-mail: [EMAIL PROTECTED] ICQ: 50242822 WWW: > -Original Message- > From: alaerte Vidali [mailto:[EMAIL PROTECTED] > Sent: Saturday, July 05, 2003 12:33 AM > To: [EMAIL PROTECTED] > Subject: Are the system UP - without using ping [7:71920] > > > Any recommended free program to check if an equipment is up > without using > ping? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71972&t=71920 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
