Re: Urgent Help On Cisco Radius [7:72617]
Hi nakul We have 7 routers all over 7 sites what we wanted to do is we will provide username and password to few ppl around these site and want that what ever they made changes or commands they execute shuld be loged in to the one central radius server. Is wondows 2000 radius server will do the work or we need to put some other radius software for that . Thanks and Regards Rohit Sundriyal Nakul Malik wrote in message news:[EMAIL PROTECTED] what topic ezxactly do u need help on? give me some details and i might be able to help. -Nakul -- Nakul Malik H-342 New Rajendra Nagar New Delhi - 110060 Mobile: +91-9811424477 Ph: +91-11- 2582 3488 +91-11- 2585 0155 Fax:: +91-11- 2575 2904 [EMAIL PROTECTED] Rohit Sundriyal wrote in message news:[EMAIL PROTECTED] Team We need to setup cisco radius server.i have no knowledge on this can someone please help me out. Quit Urgent Rohit Sundriyal Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72681t=72617 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Bandwidth, QoS, and Contention networks [7:72645]
Reimer, Fred wrote in message news:[EMAIL PROTECTED] Chuck - well sure. one of the other reasons I got to pondering the original question ( are we overselling the value of bandwidth? ) is the following: http://newsroom.cisco.com/dlls/video_audio_archive/?video check out the long reach ethernet presentation, maybe 3/4 down the page. LRE can provide up to 5 megabits full duplex over cat 3 phone wire - data and voice. after viewing the presentation, you tell me - is this not saying that 5 megabits is more than adequate for voice, video, etc? as for wireless - I fully understand that the requirements of the application drive the need for bandwidth. I'm just asking - if people are more productive, despite the obvious lack of bandwidth, and despite the step back to a contention medium, is there something to be said about the perceived need for 100 megabits to the desktop? Me - I think you have to take into account the application requirements. I thought I said that. [ looks at my earlier statement] why yes, I did say that :- Would you want to stick an enterprise server on wireless? Heck no. Oh i don't know. The answer is it depends :- but suppose I stick the server on my 3550-24PWR and run 23 access points off that switch, instead of putting in a 4507 with a port ( and wiring ) for each user? Would you want to stick an Oracle database on wireless? I'd say not. do I have a thin client? am I downloading large reports? uploading large volumes of data? Take a look at what wireless is actually being used for, and I think you will find that, in most cases, the shared media is not a huge issue. It's not like we are transferring hundreds of megabytes of data over wireless on a regular basis, if at all. my point exactly - Is 100MBps really needed to the desktop, let alone 1Gb? I'd say 99.44% of the time the answer is no. 10Mbps switched to the desktop should be more than enough for most users. There will always be users and applications that require greater bandwidth, but as I'm sure most everyone knows the Gigabit downlinks to the core in most corporations are not being loaded to a significant degree. Yes, there will be exceptions, but the general rule I've seen is that the average Gb utilization is well below 10% on a downlink. Still, I would not even think of proposing or installing a network today that did not have 100Mbps capabilities at the edge, and Gb connections to the core. neither would I. The kids need shoes and I have house payments to make ;- Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Chuck Whose Road is Ever Shorter [mailto:[EMAIL PROTECTED] Sent: Sunday, July 20, 2003 2:50 PM To: [EMAIL PROTECTED] Subject: Re: Bandwidth, QoS, and Contention networks [7:72645] Zsombor Papp wrote in message news:[EMAIL PROTECTED] I think comparing shared wireless to dedicated wired connections is a bit of an apple vs orange contest. You can get shared wireless where you can't get anything else (e.g. walking from one meeting room to the other, or attending a meeting with 10 other people in a room where there are only 4 wired ports), so obviously it is better than all the other choices. If you can choose between a 100Mbps switch port and a 11Mbps shared wireless link without sacrificing anything (e.g. in case of servers or desktop machines), then the 100Mbps switch port is obviously better. well sure. one of the other reasons I got to pondering the original question ( are we overselling the value of bandwidth? ) is the following: http://newsroom.cisco.com/dlls/video_audio_archive/?video check out the long reach ethernet presentation, maybe 3/4 down the page. LRE can provide up to 5 megabits full duplex over cat 3 phone wire - data and voice. after viewing the presentation, you tell me - is this not saying that 5 megabits is more than adequate for voice, video, etc? as for wireless - I fully understand that the requirements of the application drive the need for bandwidth. I'm just asking - if people are more productive, despite the obvious lack of bandwidth, and despite the step back to a contention medium, is there something to be said about the perceived need for 100 megabits to the desktop? Thanks, Zsombor Chuck Whose Road is Ever Shorte wrote: Howard C. Berkowitz wrote in message news:[EMAIL PROTECTED]
Re: CCNP BCRAN 642-821 exam [7:72650]
Ya, i had a test few day ago but, not the new version i still had 640-605 it had 53 question passing score is 706 time 75 minutes Mai NhF0 ThC nh wrote in message news:[EMAIL PROTECTED] Hi every body, Does any one know about CCNP BCRAN 642-821 exam, I am going to take it next week Please kindly give me your help Thanks in advance -- MNThanh Support Division, VDC1 292 Tay Son, Hanoi, Vietnam Telephone: +84-4-5374165 Fax: +84-4-5372781 Handphone: +84-91-3213801 Email: [EMAIL PROTECTED] / [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72680t=72650 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IS-IS and IOS ver. 11.1 [7:72648]
BTW, there is an enterprise basic for 26xx and higher. A lot of the obsolete things like Apollo and Vines have been eliminated. Still contains DecNet. But MPLS and MPLS VPNs are supported. I'm not sure if Cisco plans on a version for the 25xx or not. John Jones wrote in message news:[EMAIL PROTECTED] Thanks for the reply. I had a hunch, but wasn't sure... Why not remove the command from the config mode if it can't be used in a certian version? Go figure... I guess it's off to more memory and get 12.2 IOS loaded. ;) John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72679t=72648 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IS-IS and IOS ver. 11.1 [7:72648]
i'm not sure if my answer will help you i had same case with you, but i forgot what the ios version i was using then i only added command clns routing in global conf the the problem is missing wisnu John Jones wrote in message news:[EMAIL PROTECTED] Thanks for the reply. I had a hunch, but wasn't sure... Why not remove the command from the config mode if it can't be used in a certian version? Go figure... I guess it's off to more memory and get 12.2 IOS loaded. ;) John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72682t=72648 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Command rejected: FastEthernet5/14 not an acce [7:72674]
Try 'switchport mode access' first. Thanks, Zsombor John Brandis wrote: Hi all, I am wishing to implement port security on my 4006 + supIII using Version 12.1(13)EW1 I tried to enter the command SYD_CORE1(config)#int fastEthernet 5/14 SYD_CORE1(config-if)#switchport port SYD_CORE1(config-if)#switchport port-security max SYD_CORE1(config-if)#switchport port-security maximum 2 ? SYD_CORE1(config-if)#switchport port-security maximum 2 Command rejected: FastEthernet5/14 not an access port. I then confirmed my config for the port interface FastEthernet5/14 description a computer internal switchport access vlan 11 no snmp trap link-status Can any one tell me why I would get the error? I have tried this on a few ports now and got the same error every time. I looked on the cisco site and around deja, and found nothing about the error. Can any one provide some help John ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.solution6.com ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72676t=72674 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Command rejected: FastEthernet5/14 not an access port. [7:72683]
john, Under the port, add 'switchport mode access' as well. By default the switchports can automatically become trunks if both sides agree, etc. If trunk isn't negotiated then the port is in access vlan 11 in your config below. The 'switchport mode access' command forces port to be in access mode and not the I'll decide what type of port i'll be mode. --- John Brandis wrote: Hi all, I am wishing to implement port security on my 4006 + supIII using Version 12.1(13)EW1 I tried to enter the command SYD_CORE1(config)#int fastEthernet 5/14 SYD_CORE1(config-if)#switchport port SYD_CORE1(config-if)#switchport port-security max SYD_CORE1(config-if)#switchport port-security maximum 2 ? SYD_CORE1(config-if)#switchport port-security maximum 2 Command rejected: FastEthernet5/14 not an access port. I then confirmed my config for the port interface FastEthernet5/14 description a computer internal switchport access vlan 11 no snmp trap link-status Can any one tell me why I would get the error? I have tried this on a few ports now and got the same error every time. I looked on the cisco site and around deja, and found nothing about the error. Can any one provide some help John ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.solution6.com ** [EMAIL PROTECTED] __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72683t=72683 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX DNS Issue [7:72685]
I swapped a router running ios firewall with a pix 506e and i have been having all sorts of issues. first, is the DNSall clients use an internal DNS server which forwards all request to an external DNS serverthis works fine with the router but with the PIX it doesnt work. when i configured the clients to use the external DNS server everything worked fine. The pix box is running the 6.3 code. i know i am missing something...but can't figure it out yet...i really would appreciate any comments. regards, Tunde Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72685t=72685 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
mac address filtering [7:72684]
Hi I have some catalyst 2950 and 3550 switches, that I need to control the mac addresses of the machines that are alowed to connect to the switches, i.e. something similar to port security, but i dont want to configure it per port, but rather for a whole switch or vlan, what would be the best way to accomplish this ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72684t=72684 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IS-IS and IOS ver. 11.1 [7:72648]
Since the 2500s (and non XM 2600s except for the 2691) are EOL'd I'd say probably not... Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Chuck Whose Road is Ever Shorter [mailto:[EMAIL PROTECTED] Sent: Monday, July 21, 2003 1:05 AM To: [EMAIL PROTECTED] Subject: Re: IS-IS and IOS ver. 11.1 [7:72648] BTW, there is an enterprise basic for 26xx and higher. A lot of the obsolete things like Apollo and Vines have been eliminated. Still contains DecNet. But MPLS and MPLS VPNs are supported. I'm not sure if Cisco plans on a version for the 25xx or not. John Jones wrote in message news:[EMAIL PROTECTED] Thanks for the reply. I had a hunch, but wasn't sure... Why not remove the command from the config mode if it can't be used in a certian version? Go figure... I guess it's off to more memory and get 12.2 IOS loaded. ;) John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72686t=72648 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: mac address filtering [7:72684]
WELL You can set port security by blade (module) to make it easier, but if you want to be able to move from one port to another that's gonna be tough. I don't know of any 3rd party software that manages that but I wouldn't be surprised if it was out there.An option you might want to explore is setting up a MAC-access list. The question really is how tight you want security to be and what sort of trade off you are willing to accept for the convenience. You can even set up the MAC-access list and associate traffic for a VLAN and what to do with that traffic. But you are getting back to a granular management that might make it easier to just set the security by port again. check out this page on Cisco's site. http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/1214ea1/3550cr/cli1.htm#23702 Good luck. Let us know how you work it out. David Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72692t=72684 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX DNS Issue [7:72685]
Please send the config and we can have a look. -Original Message- From: Tunde Kalejaiye [mailto:[EMAIL PROTECTED] Sent: 21 July 2003 11:57 To: [EMAIL PROTECTED] Subject: PIX DNS Issue [7:72685] I swapped a router running ios firewall with a pix 506e and i have been having all sorts of issues. first, is the DNSall clients use an internal DNS server which forwards all request to an external DNS serverthis works fine with the router but with the PIX it doesnt work. when i configured the clients to use the external DNS server everything worked fine. The pix box is running the 6.3 code. i know i am missing something...but can't figure it out yet...i really would appreciate any comments. regards, Tunde Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72688t=72685 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
basic PRI question. [7:72691]
I know this is basic the answer is probably yes but I'll ask anyway We have a 1Mb leased line betweem two sites, if we also had 8 channels of a PRi at both sites, in the event that the leased line was unavailble could the available PRI channels multilink and dial into the remote site to give at least some connectivity if yes, could these channels also be used for remote access when they are not needed as a backup to the leased line. Any input appreciated. Thanks Stu P Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72691t=72691 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Accounting. Pay-per-use service [7:72690]
Hello, I wanted to hear some suggestions from you in this case: My company is thinking to add an Internet product where we can charge the customer regarding the bandwidth usage, something like pay per use. Do you have any experience about it?. I would like to hear some recommendations like what software you are using, or if this products is just a headache and does not worth the time for implementing it. I have used Netflow just for traffic analysis, never for accounting, can I do this using netflow or there are other software/methods? Thanks Alejandro Acosta,- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72690t=72690 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX DNS Issue [7:72685]
try accessing port 53 of your external DNS server from your internal DNS server. Should be reachable from it in order to work. -Nakul Tunde Kalejaiye wrote in message news:[EMAIL PROTECTED] I swapped a router running ios firewall with a pix 506e and i have been having all sorts of issues. first, is the DNSall clients use an internal DNS server which forwards all request to an external DNS serverthis works fine with the router but with the PIX it doesnt work. when i configured the clients to use the external DNS server everything worked fine. The pix box is running the 6.3 code. i know i am missing something...but can't figure it out yet...i really would appreciate any comments. regards, Tunde Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72687t=72685 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Default Route ... [7:72652]
ip route 0.0.0.0 0.0.0.0 20.20.20.1 ip route 0.0.0.0 0.0.0.0 20.20.10.1 200 Second route has higher AD, so the first will be used. If it goes down, all traffic will go to the second. is it possible to have 2 default route??? YES H T wrote in message news:[EMAIL PROTECTED] Hi all, can any one tell us what will be the effect of these 2 default routes. ip route 0.0.0.0 0.0.0.0 20.20.20.1 ip route 0.0.0.0 0.0.0.0 20.20.10.1 200 is it possible to have 2 default route??? Cheers. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72689t=72652 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ODR, was RE: CCDA: changes in syllabus. [7:72380]
John, I have come across ODR in production a couple of times. Up until recently I had thought that ODR worked quite well for hub and spoke topologies... My most recent involvement with ODR occurred when replacing a 2621 with a 3745, which was the hub of the hub-and-spoke topology. I quickly learned that the 3745 doesn't enable CDP by default. I was also reminded that Cisco doesn't save configuration commands that are considered default... What ended up happening was CDP was not enabled by default and when I enabled it (cdp run) the command wouldn't save because it was considered a default command! Each time the router booted CDP was disabled again! I recommend to everyone that ODR not be used in a Cisco production environment. You never know when an IOS (platform?) bug will render your WAN unusable! - Tom John Neiberger wrote: I've never heard of anyone using ODR. Anyone here know of anyone using ODR in a production environment? Are there any environments where ODR is recommended over other options? John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72693t=72380 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Bandwidth, QoS, and Contention networks [7:72645]
Zsombor Papp wrote in message news:[EMAIL PROTECTED] Chuck Whose Road is Ever Shorte wrote: after viewing the presentation, you tell me - is this not saying that 5 megabits is more than adequate for voice, video, etc? I don't think that was the point of the presention. Regardless, I can tell you that 5Mbps is enough for voice. :) For video, it depends on the quality. 30 frame per second video over ISDN requires 3 ISDN lines ( 6 B-channels ) for a total of 384K. I've spoken about video over WAN links on several occasions with the video guy in my group. He tells me he likes to reserve 500K over T1's typically. Howard, if your reading, I just looked over my unsent drafts of the question regarding bandwidth, and the point I failed to raise in this posted thread is that of global synchronization. One of the major benefits of such QoS mechanisms as RED and WRED is that the phenomenon of global synch can be controlled, meaning a more efficient use of bandwidth ( no periods of congestion followed by periods of low activity because of the TCP backoff mechanisms ) Now supposing, even in a contention medium, I could fine tune my queueing such that I no longer suffered from global synch. I set my voice queues and my delay sensative queues such that sufficient badwidth was available, and I used RED or WRED for the general queue. I'm wondering if there are studies done, papers in the IETF working groups demonstrating that given proper queueing mechanisms that less bandwidth is required or necessary? Cisco does offer downstream only QoS on their wireless product line. Not sure I understand the mechanism completely, but I have to believe it is based on enough solid study such that given a reasonable design, there would be less concern for voice in the mix. Recall that Cisco will soon be releasing their own wireless IP phone, and the whole point of it is to provide untethered mobility throughout an enterprise. I'm just asking - if people are more productive, despite the obvious lack of bandwidth, and despite the step back to a contention medium, is there something to be said about the perceived need for 100 megabits to the desktop? I agree with Fred, such a perception is probably misguided in most cases. Most people are very happy even with their 1.5Mbps DSL line. But all this depends on what you want to do. Full-screen DVD quality video won't work over DSL. Even online gaming could use more than 1.5Mbps. FWIW, I've heard that in Korea, there is a serious market for dedicated 100Mbps connections to the *home* due to wide-spread online gaming (I don't know if this is true, I find it a bit hard to believe). can't comment much regarding the needs of on-line gaming, but the guy teaching the wireless class two weeks ago said he was an avvid on line gamer and that his DSL was plenty fine for what he did. He also said he had a couple friends around his neighborhood who did on-line gaming via a sireless AP that he set up for their use. Don't know the particular game, so I can say as to whether it is the same one you play. Also consider that pure 10Mbps Ethernet interfaces are getting pretty rare; most of the Ethernet interfaces are 10/100. So in a campus network, in most cases, there is no real reason to not have 100Mbps to the desktop. indeed. and with three teenage boys around the house, I am happy to sell lots of these things in order to keep the refridgerator full. ;- yes, Mr Customer, you never can tell when your users will need this bandwidth, what with internet radio, lots of databases out there on the web, and all the e-mail attachments people need to read to get their work done. ;- Thanks, Zsombor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72678t=72645 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Why ppp encaps at physical as well as dialer int? [7:72440]
Greg, The configuration on the dialer interface is used when making outbound calls. When an incoming call comes in, it isn't associated with a specific dialer interface. If you don't specify the encapsulation on the interface any incoming calls will be treated as HDLC. - Tom Greg Kirkness wrote: Subject pretty much says it all. Why is ppp encaps specified at the dialer interface as well as on the physical? Where are the LCP extensions available? Cheers Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72694t=72440 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: what cable do I need [7:72585]
You need a T-1 crossover cable. Jacks=RJ-48 (C?) pinout-- I'm not really sure but I seem to recall 12-45 was the pinout for t1 crossover. -Nakul David Ristau wrote in message news:[EMAIL PROTECTED] I've got two 2621XM routers with WIC-1DSU-T1 cards in them here at work to play around with, I want to mimic a serial connection between the two 2621's via the WIC, any idea as to what cable I need to use or a Cisco part number so I can connect these to routers together ? TIA Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72695t=72585 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: mac address filtering [7:72684]
use VMPS -Nakul Skarphedinsson Arni V. wrote in message news:[EMAIL PROTECTED] Hi I have some catalyst 2950 and 3550 switches, that I need to control the mac addresses of the machines that are alowed to connect to the switches, i.e. something similar to port security, but i dont want to configure it per port, but rather for a whole switch or vlan, what would be the best way to accomplish this ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72698t=72684 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 3524XL Error Message [7:72563]
interfaces send a keepalive-type loopback packet every x no of seconds to verify the interface's integrity. same thing happens at POST. The message means faulty Hardware. More specifically, it is probably the Rx of your interface that has failed. Solution=Hardware replacement. -Nakul Firesox wrote in message news:[EMAIL PROTECTED] Folks, I am troubleshooting the 3524XL and get the following message at the boot. C3500XL POST FAILURE: front-end post: GigabitEthernet0/2: C3500XL POST FAILURE: looped-back packet not received It is connected to 2950G-24. 2950 is seeing the 3524XL via CDP, but not vice versa. Has anyone seen this error messgae/condition? Thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72696t=72563 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help PLEASE FAST [7:72603]
Describe how your clients lose their network connection. Do IP pings fail? Does DNS lookups fail (say, pinging www.google.com)? Do server shares become unreachable? Is network neighborhood not working? It also would be very helpful to get a network capture during the problem. If you don't already have a favorite, check out www.ethereal.com. - Tom E. Keith J. wrote: Hi all HELP! The clients on my network seem to be loosing their connection to the network for no apparent reason. we have a main office and a spoke location running over vpn. The problem seems to be at main office because it happens here and was happening before the other location came on-line. There are some internal DNS issues also. I haven't determined if they are related but is happening at both locations now. it is a AD domain and the other site is part of the domain. I need help in getting this resolved soon. I will try to answer any questions as best I can. I know this may not be Cisco issue but I do have Cisco products and this is the best list of people with experience will all types of problems that I know. I know of none better. I know someone here has had this issue before, and can help me. I just hope they read this email soon. A reboot of the machine seems to fix the problem. Lease time is 24 hours. DHCP is being used. I need to resolve this soon as it is a critical situation. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72701t=72603 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Anyone using Qwest PRN ? [7:72704]
Are any of you using Qwest PRN? If so, I have a few questions for you: 1. How do you like it so far? 2. Did you migrate from something else? If so, how did the migration go? 3. Any 'gotchas' that you learned later that you wish you'd learned sooner? 4. How does the service compare to what you were using before? 5. How many sites do you have? Is this solution scaling well for you? Of course, it's not necessary to answer every question. I'm just doing some research on their solution and thought I'd check around here for references. Thanks, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72704t=72704 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How do I check if load balancing works ? Catalyst 2900 and [7:72700]
Chris, Since you are choosing the link based on MAC addresses and only one switch LED is blinking, is your test traffic to stations located across a router? The router will obviously have a single MAC address, so EtherChannel based on MACs will use only a single link. Perhaps you should change to IP balancing. Regarless of whether you use MAC or IP balancing, make sure that your test includes multiple destinations or you will only ever use one link! - Tom Chris wrote: Hi everybody I have a Compaq server with 2 NC3121 cards. According with the docs, the card supports Fast Etherchannel static configuration (ON). I couldn't find a procedure to set up Fast Etherchannel for the network card so I did what I thought it was better. I selected the following : Teaming control =Load balancing Load balancing options: --- [x]Switch assisted load balancing [ ]Transmit load balancing --- [x ]Balance with MAC addresses [ ]Balance with IP addresses --- On the switch side I set up the following: interface Port-channel no ip address flowcontrol send off ! interface FastEthernet0/1 no ip address channel-group 1 mode on ! interface FastEthernet0/2 no ip address channel-group 1 mode on Everything looks fine, the redundancy works but how can I see if it works ? I mean the load balancing. I don't know the SNMP OID to monitor that interface. Judging by the blinking lights it works only on one interface. I made the tests selecting different classes of IPs (10 mod 2 and 10 mod 5) for transmission on the server side I set up the switch on source balancing. Not very sure that both MAC aren't in the same class (MAC) mod 2. The 'show int' command shows me load only on the first interface of the channel. The 'debug etherchanel' shows that the switch senses the disconnecting of the interfaces (if I test this). Any clue ? Thank you Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72700t=72700 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ODR, was RE: CCDA: changes in syllabus. [7:72380]
In addition to that, how many times have you heard that we should disable CDP for security reasons? I'm sure there are some companies that aren't allowed to run CDP for this reason. Then again, that's usually a big company that probably wouldn't want to run ODR in the first place. John Tom Martin 7/21/03 10:05:02 AM John, I have come across ODR in production a couple of times. Up until recently I had thought that ODR worked quite well for hub and spoke topologies... My most recent involvement with ODR occurred when replacing a 2621 with a 3745, which was the hub of the hub-and-spoke topology. I quickly learned that the 3745 doesn't enable CDP by default. I was also reminded that Cisco doesn't save configuration commands that are considered default... What ended up happening was CDP was not enabled by default and when I enabled it (cdp run) the command wouldn't save because it was considered a default command! Each time the router booted CDP was disabled again! I recommend to everyone that ODR not be used in a Cisco production environment. You never know when an IOS (platform?) bug will render your WAN unusable! - Tom John Neiberger wrote: I've never heard of anyone using ODR. Anyone here know of anyone using ODR in a production environment? Are there any environments where ODR is recommended over other options? John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72702t=72380 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: basic PRI question. [7:72691]
I think so. You would need to setup DDR for the PRI. Install the PRI route with a higher AD than the leased line route so that it is only used when the leased line is unavailable. Also, set up thresholds for the PRI channels. -Nakul Stuart Pittwood wrote in message news:[EMAIL PROTECTED] I know this is basic the answer is probably yes but I'll ask anyway We have a 1Mb leased line betweem two sites, if we also had 8 channels of a PRi at both sites, in the event that the leased line was unavailble could the available PRI channels multilink and dial into the remote site to give at least some connectivity if yes, could these channels also be used for remote access when they are not needed as a backup to the leased line. Any input appreciated. Thanks Stu P Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72699t=72691 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 1601 flash card. [7:72560]
no -nakul Johan Bornman wrote in message news:[EMAIL PROTECTED] Can this type of flash card be installed in a notebook PCMCIA slot to copy files? This e-mail may contain confidential information and may be legally privileged and is intended only for the person to whom it is addressed. If you are not the intended recipient, you are notified that you may not use, distribute or copy this document in any manner whatsoever. Kindly also notify the sender immediately by telephone, and delete the e-mail. When addressed to clients of the company from where this e-mail originates (the sending company ) any opinion or advice contained in this e-mail is subject to the terms and conditions expressed in any applicable terms of business or client engagement letter . The sending company does not accept liability for any damage, loss or expense arising from this e-mail and/or from the accessing of any files attached to this e-mail. At present, the integrity of e-mail across the Internet cannot be guaranteed and messages sent via this medium are potentially at risk. The recipient should scan any attached files for viruses. All liability arising as a result of the use of this medium to transmit information by or to e-Innovation is excluded to the extent permitted by law. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72697t=72560 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Bandwidth, QoS, and Contention networks [7:72645]
We have customers using Vocera's wireless VoIP phones (they look like Star Trek communicators) with no problems. We did have to use wireless VLANs, but I was not involved in the configuration of the AP's. They are having no problems that I'm aware of. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: quot;Chuck Whose Road is Ever Shorte [mailto:[EMAIL PROTECTED] Sent: Monday, July 21, 2003 11:08 AM To: [EMAIL PROTECTED] Subject: Re: Bandwidth, QoS, and Contention networks [7:72645] Zsombor Papp wrote in message news:[EMAIL PROTECTED] Chuck Whose Road is Ever Shorte wrote: after viewing the presentation, you tell me - is this not saying that 5 megabits is more than adequate for voice, video, etc? I don't think that was the point of the presention. Regardless, I can tell you that 5Mbps is enough for voice. :) For video, it depends on the quality. 30 frame per second video over ISDN requires 3 ISDN lines ( 6 B-channels ) for a total of 384K. I've spoken about video over WAN links on several occasions with the video guy in my group. He tells me he likes to reserve 500K over T1's typically. Howard, if your reading, I just looked over my unsent drafts of the question regarding bandwidth, and the point I failed to raise in this posted thread is that of global synchronization. One of the major benefits of such QoS mechanisms as RED and WRED is that the phenomenon of global synch can be controlled, meaning a more efficient use of bandwidth ( no periods of congestion followed by periods of low activity because of the TCP backoff mechanisms ) Now supposing, even in a contention medium, I could fine tune my queueing such that I no longer suffered from global synch. I set my voice queues and my delay sensative queues such that sufficient badwidth was available, and I used RED or WRED for the general queue. I'm wondering if there are studies done, papers in the IETF working groups demonstrating that given proper queueing mechanisms that less bandwidth is required or necessary? Cisco does offer downstream only QoS on their wireless product line. Not sure I understand the mechanism completely, but I have to believe it is based on enough solid study such that given a reasonable design, there would be less concern for voice in the mix. Recall that Cisco will soon be releasing their own wireless IP phone, and the whole point of it is to provide untethered mobility throughout an enterprise. I'm just asking - if people are more productive, despite the obvious lack of bandwidth, and despite the step back to a contention medium, is there something to be said about the perceived need for 100 megabits to the desktop? I agree with Fred, such a perception is probably misguided in most cases. Most people are very happy even with their 1.5Mbps DSL line. But all this depends on what you want to do. Full-screen DVD quality video won't work over DSL. Even online gaming could use more than 1.5Mbps. FWIW, I've heard that in Korea, there is a serious market for dedicated 100Mbps connections to the *home* due to wide-spread online gaming (I don't know if this is true, I find it a bit hard to believe). can't comment much regarding the needs of on-line gaming, but the guy teaching the wireless class two weeks ago said he was an avvid on line gamer and that his DSL was plenty fine for what he did. He also said he had a couple friends around his neighborhood who did on-line gaming via a sireless AP that he set up for their use. Don't know the particular game, so I can say as to whether it is the same one you play. Also consider that pure 10Mbps Ethernet interfaces are getting pretty rare; most of the Ethernet interfaces are 10/100. So in a campus network, in most cases, there is no real reason to not have 100Mbps to the desktop. indeed. and with three teenage boys around the house, I am happy to sell lots of these things in order to keep the refridgerator full. ;- yes, Mr Customer, you never can tell when your users will need this bandwidth, what with internet radio, lots of databases out there on the web, and all the e-mail attachments people need to read to get their work done. ;- Thanks, Zsombor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72703t=72645 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: 1601 flash card. [7:72560]
Johan, Sure! Linux has the ability to read and write various flash types and formats. I did something very similar a while back, albeit not with a 1600. There's a really good chance that your Linux system will pick up the flash, but not necessarily out-of-the-box. I had to recompile my kernel before I could read flash cards... Once the flash is recognized you may be able to mount the flash (if the filesystem is supported by the kernel). If not, and it probably won't be, perform a dd to image the flash card to a file -- it will be much easier and faster to work from. If the format is proprietary, and honestly I have no idea what format is used by the 1600 series, then you might have to write a standalone interpreter for it. I've had to do this with some old CP/M images. Although it's not terribly difficult it does require a programming background. If you just want to be able to read and write files using your notebook and don't care about being able to use them in your 1600 then things are a bit easier. You'll still have to know a thing or two about Linux though. - Tom Johan Bornman wrote: Can this type of flash card be installed in a notebook PCMCIA slot to copy files? This e-mail may contain confidential information and may be legally privileged and is intended only for the person to whom it is addressed. If you are not the intended recipient, you are notified that you may not use, distribute or copy this document in any manner whatsoever. Kindly also notify the sender immediately by telephone, and delete the e-mail. When addressed to clients of the company from where this e-mail originates (the sending company ) any opinion or advice contained in this e-mail is subject to the terms and conditions expressed in any applicable terms of business or client engagement letter . The sending company does not accept liability for any damage, loss or expense arising from this e-mail and/or from the accessing of any files attached to this e-mail. At present, the integrity of e-mail across the Internet cannot be guaranteed and messages sent via this medium are potentially at risk. The recipient should scan any attached files for viruses. All liability arising as a result of the use of this medium to transmit information by or to e-Innovation is excluded to the extent permitted by law. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72705t=72560 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX DNS Issue [7:72685]
PIX treats DNS queries little different, especially replies. The client has the potential of contacting multiple DNS servers sequentially in the event the first one experiencing some delays. The PIX keeps track of all them and allows one reply to come back through. I'm not sure if things changed in the version but its a good idea to check.. HTH Thanks...Nabil I have never let my schooling interfere with my education. Andrew Larkins cc: Sent by: Subject: RE: PIX DNS Issue [7:72685] [EMAIL PROTECTED] om 07/21/2003 09:41 AM Please respond to Andrew Larkins Please send the config and we can have a look. -Original Message- From: Tunde Kalejaiye [mailto:[EMAIL PROTECTED] Sent: 21 July 2003 11:57 To: [EMAIL PROTECTED] Subject: PIX DNS Issue [7:72685] I swapped a router running ios firewall with a pix 506e and i have been having all sorts of issues. first, is the DNSall clients use an internal DNS server which forwards all request to an external DNS serverthis works fine with the router but with the PIX it doesnt work. when i configured the clients to use the external DNS server everything worked fine. The pix box is running the 6.3 code. i know i am missing something...but can't figure it out yet...i really would appreciate any comments. regards, Tunde Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72706t=72685 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: We (Cisco mailing list) are moving ... [7:72060]
paul, then why not provide for links to cert books, router simulators etc. cert books from sybex and cisco press can be a good start and if you can request the merchant (amazon as you mentioned) to provide a promotion code then during checkout one could put that code and may be (may be) amazon could give some $$ off to us as well, like free shippping (just an example). so its a win-win for all, amazon, groupstudy and us !!! (i am pretty sure amazon could provide that to a site like groupstudy) thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72707t=72060 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX DNS Issue [7:72685]
You know I've had similar weirdness with my Pix (6.3) and DNS. I have 2 internal AD DNS servers and 2 external BIND DNS servers. The 2 external DNS servers sit outside the PIX and AD DNS server obviously sit behind the Pix on the inside network. I have a host mail that has a different DNS entry on both internal and external name servers. Let's say internally the IP is 10.1.1.10 and externally 203.132.60.10. When I am on a host on the internal network and query the external name server it seems like the response comes from the internal dns server... example below: I'm trying to resolve mail on the external name server. When I'm on the external name server (or outside the Pix) the response is always 203.132.60.10. However, when I'm on an internal host and do a look up against the external name server I get 10.1.1.10 as the answer everytime! So it seems like the Pix is grabbing that DNS query and sending it to the internal name server instead of letting it through... Any ideas as to why?? Stevo wrote in message news:[EMAIL PROTECTED] PIX treats DNS queries little different, especially replies. The client has the potential of contacting multiple DNS servers sequentially in the event the first one experiencing some delays. The PIX keeps track of all them and allows one reply to come back through. I'm not sure if things changed in the version but its a good idea to check.. HTH Thanks...Nabil I have never let my schooling interfere with my education. Andrew Larkins cc: Sent by: Subject: RE: PIX DNS Issue [7:72685] [EMAIL PROTECTED] om 07/21/2003 09:41 AM Please respond to Andrew Larkins Please send the config and we can have a look. -Original Message- From: Tunde Kalejaiye [mailto:[EMAIL PROTECTED] Sent: 21 July 2003 11:57 To: [EMAIL PROTECTED] Subject: PIX DNS Issue [7:72685] I swapped a router running ios firewall with a pix 506e and i have been having all sorts of issues. first, is the DNSall clients use an internal DNS server which forwards all request to an external DNS serverthis works fine with the router but with the PIX it doesnt work. when i configured the clients to use the external DNS server everything worked fine. The pix box is running the 6.3 code. i know i am missing something...but can't figure it out yet...i really would appreciate any comments. regards, Tunde Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72711t=72685 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Anyone using Qwest PRN ? [7:72704]
At 04:31 PM 7/21/2003 +, John Neiberger wrote: Are any of you using Qwest PRN? If so, I have a few questions for you: 1. How do you like it so far? 2. Did you migrate from something else? If so, how did the migration go? 3. Any 'gotchas' that you learned later that you wish you'd learned sooner? 4. How does the service compare to what you were using before? 5. How many sites do you have? Is this solution scaling well for you? Hey John, What is PRN? Private routed network? Can't seem to find much about it in my brief googling. Of course, it's not necessary to answer every question. I'm just doing some research on their solution and thought I'd check around here for references. Thanks, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72708t=72704 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Anyone using Qwest PRN ? [7:72704]
Peter van Oene wrote: At 04:31 PM 7/21/2003 +, John Neiberger wrote: Are any of you using Qwest PRN? If so, I have a few questions for you: 1. How do you like it so far? 2. Did you migrate from something else? If so, how did the migration go? 3. Any 'gotchas' that you learned later that you wish you'd learned sooner? 4. How does the service compare to what you were using before? 5. How many sites do you have? Is this solution scaling well for you? Hey John, What is PRN? Private routed network? Can't seem to find much about it in my brief googling. Of course, it's not necessary to answer every question. I'm just doing some research on their solution and thought I'd check around here for references. Thanks, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72709t=72704 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Anyone using Qwest PRN ? [7:72704]
Peter van Oene wrote: At 04:31 PM 7/21/2003 +, John Neiberger wrote: Are any of you using Qwest PRN? If so, I have a few questions for you: 1. How do you like it so far? 2. Did you migrate from something else? If so, how did the migration go? 3. Any 'gotchas' that you learned later that you wish you'd learned sooner? 4. How does the service compare to what you were using before? 5. How many sites do you have? Is this solution scaling well for you? Hey John, What is PRN? Private routed network? Can't seem to find much about it in my brief googling. Oops. Accidentally hit post before adding any content. ;-) Yes, it stands for Private Routed Network. It's a very interesting solution. Our hub sites would participate in OSPF with their network, while our spoke sites would use static routing. The PRN would have static routes pointing to our spoke sites and those statics would be redistributed into OSPF. The biggest downside to this is that we'd have to contact Qwest each time we added a new subnet at a branch, but I suppose that just means we'd need to plan ahead better. This solution buys us a few things over our current frame relay network. Each site has a full pipe into the PRN instead of multiple PVCs sharing a single link, and we don't have to deal with CIR. From the perspective of our routers each site is one hop away from any other site. These combination of these features will allow us to proceed with VoIP throughout our network, which is not feasible with the current frame relay network. John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72710t=72704 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Two ABRs on the same area - requirements [7:72587]
Thanks, The challenge I am facing is to improve the OSPF design of a network that is in production, without changing the existing WAN links. The area 5 is bigger than I think it would be ideal (there are 56 routers) and there is no interesting traffic between all the spoke routers in the area, as Howard mentioned. In the beginning I were wondering about transforming R1 in an ABR; but I gave up because the stability of the backbone (R1 is not so powerful as the others, R2 and R3). Also, today there are two ABRs in area 5, and it would have just 1 ABR with this change. Now I am considering to change the spoke routers connected to R3 to a new area. Today there is only one exit point for the spoke routers connected to R3, and it would not be changed. R3 would be connected to R2 (through area 0 and area 5) and to R1 (through area 5), as it is today. R2 and R3 would be the ABR for area 5; no changes here. R1 has an ATM link to its two ABRs, R2 and R3. The main link is to R2; the link to R3 is a backup. R3 would participate in area 5 just because the existing WAN link to R1. R3 would be the ABR for the new area, probably area 6. The benefit is a small database for area 5 and area 6, without flooding information where it is not useful. Is there a document explaining the rules of summarization when there are two ABRs on a area? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72712t=72587 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Anyone using Qwest PRN ? [7:72704]
so, John, whatever happened to the MPLS network they were trying to sell you a while back? what advantage does PRN have vis a vis MPLS such that Quest is no longer trying to convince you to buy it? inquiring minds need to know :- John Neiberger wrote in message news:[EMAIL PROTECTED] Peter van Oene wrote: At 04:31 PM 7/21/2003 +, John Neiberger wrote: Are any of you using Qwest PRN? If so, I have a few questions for you: 1. How do you like it so far? 2. Did you migrate from something else? If so, how did the migration go? 3. Any 'gotchas' that you learned later that you wish you'd learned sooner? 4. How does the service compare to what you were using before? 5. How many sites do you have? Is this solution scaling well for you? Hey John, What is PRN? Private routed network? Can't seem to find much about it in my brief googling. Oops. Accidentally hit post before adding any content. ;-) Yes, it stands for Private Routed Network. It's a very interesting solution. Our hub sites would participate in OSPF with their network, while our spoke sites would use static routing. The PRN would have static routes pointing to our spoke sites and those statics would be redistributed into OSPF. The biggest downside to this is that we'd have to contact Qwest each time we added a new subnet at a branch, but I suppose that just means we'd need to plan ahead better. This solution buys us a few things over our current frame relay network. Each site has a full pipe into the PRN instead of multiple PVCs sharing a single link, and we don't have to deal with CIR. From the perspective of our routers each site is one hop away from any other site. These combination of these features will allow us to proceed with VoIP throughout our network, which is not feasible with the current frame relay network. John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72713t=72704 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Bandwidth, QoS, and Contention networks [7:72645]
I hear you Chuck. I think microsegmentation (that's what we used to call it, as you know I'm sure) was definitely oversold by the marketing types. Microsegmentation to a point certainly makes sense. I troubleshooted quite a few shared Ethernet networks that were approaching meltdown because of too many users sharing the bandwidth. But for most applications, 100 full duplex to the desktop isn't actually necessary. Links that carry multiple users' data need more bandwidth, but a link that just carries a single user's data for a user doing ordinary typical applications, will use a minimal amount of that 100 Mbps. I challenge my students to try to use just 10 Mbps. They are shocked at how hard it is. We tend to lose sight of the fact that switches do have some disadvantages too. They are more complex and more likely to have problems than hubs. They make protocol analysis difficult. But we can't go backwards. It's getting harder and harder to even buy a hub! But, as you say 11 Mbps shared RF, i.e. 802.11 is a step backwards, and it works! I'm using it right now! Is it making me more productive? Absolutely not. I'm trying to type on this awful little keyboard, looking at an eensy-weensy screen, doing Group Study when I should be eating lunch and decompressing and chatting (face-to-face) with colleauges. :-) Last year I attended a security conference. I think it was the first time they had wireless available. Much less work got done. All the guys sat hunkered over their notebook computers, working and trying to attack each other. The informal discussions that lead to brilliant ideas and collaboration were much harder to start. It was up to the women to start them. :-) Unforutately, we made up about 5% of the attendees. OK, now it really is lunch time. I hope some colleagues will be in the cafeteria and we can talk in person. Priscilla Chuck Whose Road is Ever Shorte wrote: Zsombor Papp wrote in message news:[EMAIL PROTECTED] I think comparing shared wireless to dedicated wired connections is a bit of an apple vs orange contest. You can get shared wireless where you can't get anything else (e.g. walking from one meeting room to the other, or attending a meeting with 10 other people in a room where there are only 4 wired ports), so obviously it is better than all the other choices. If you can choose between a 100Mbps switch port and a 11Mbps shared wireless link without sacrificing anything (e.g. in case of servers or desktop machines), then the 100Mbps switch port is obviously better. well sure. one of the other reasons I got to pondering the original question ( are we overselling the value of bandwidth? ) is the following: http://newsroom.cisco.com/dlls/video_audio_archive/?video check out the long reach ethernet presentation, maybe 3/4 down the page. LRE can provide up to 5 megabits full duplex over cat 3 phone wire - data and voice. after viewing the presentation, you tell me - is this not saying that 5 megabits is more than adequate for voice, video, etc? as for wireless - I fully understand that the requirements of the application drive the need for bandwidth. I'm just asking - if people are more productive, despite the obvious lack of bandwidth, and despite the step back to a contention medium, is there something to be said about the perceived need for 100 megabits to the desktop? Thanks, Zsombor Chuck Whose Road is Ever Shorte wrote: Howard C. Berkowitz wrote in message news:[EMAIL PROTECTED] What's the medium cost between the two cities? Can you use demand circuits as a backup? Can you live with one more PVC and trust the physical connection? Is QoS-unpredictable cable or DSL available? Funny you should ask this, Howard. I've been struggling for several weeks how to pose the question. Have we, the engineering / technical sales community oversold the idea of dedicated bandwidth and QoS? Take, for example, wireless. Wireless is essentially a step backwards. For years we have been convincing customers to get rid of their hubs and move into a switched domain, with dedicated bandwidth for every user. This is often done in the name of productivity. Fewer interruptions of data streams, meaning work completed faster.Now all the wireless vendors ( Cisco included ) are producing studies showing how wireless is increasing productivity to the tune of an hour a day. On a shared contention medium. Cisco will shortly release their wireless telephone as part of their AVVID suite of products, competing with the SpectraLink product that has been available for a couple of years. All this gives one reason to re-evaluate what we have been told for the last couple of years. a contention medium provides the means for greater productivity? You mention QoS in your response above. QoS is
Re: OT: Anyone using Qwest PRN ? [7:72704]
I think this actually is an MPLS VPN, of sorts. It's been fairly hard for me to get the nitty gritty details. As I see it, it's a layer 3 MPLS vpn with OSPF as our 'interface' to their network but I may be wrong about that. As someone else just mentioned, this service is expensive compared to frame relay. In fact, at the moment it's about twice the monthly cost, but we're quickly growing to a point where the frame network is not going to support our goals. This solution looks pretty slick, I must admit. John Chuck Whose Road is Ever Shorter 7/21/03 1:50:51 PM so, John, whatever happened to the MPLS network they were trying to sell you a while back? what advantage does PRN have vis a vis MPLS such that Quest is no longer trying to convince you to buy it? inquiring minds need to know :- John Neiberger wrote in message news:[EMAIL PROTECTED] Peter van Oene wrote: At 04:31 PM 7/21/2003 +, John Neiberger wrote: Are any of you using Qwest PRN? If so, I have a few questions for you: 1. How do you like it so far? 2. Did you migrate from something else? If so, how did the migration go? 3. Any 'gotchas' that you learned later that you wish you'd learned sooner? 4. How does the service compare to what you were using before? 5. How many sites do you have? Is this solution scaling well for you? Hey John, What is PRN? Private routed network? Can't seem to find much about it in my brief googling. Oops. Accidentally hit post before adding any content. ;-) Yes, it stands for Private Routed Network. It's a very interesting solution. Our hub sites would participate in OSPF with their network, while our spoke sites would use static routing. The PRN would have static routes pointing to our spoke sites and those statics would be redistributed into OSPF. The biggest downside to this is that we'd have to contact Qwest each time we added a new subnet at a branch, but I suppose that just means we'd need to plan ahead better. This solution buys us a few things over our current frame relay network. Each site has a full pipe into the PRN instead of multiple PVCs sharing a single link, and we don't have to deal with CIR. From the perspective of our routers each site is one hop away from any other site. These combination of these features will allow us to proceed with VoIP throughout our network, which is not feasible with the current frame relay network. John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72718t=72704 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: mac address filtering [7:72684]
I know that the following is not MAC security based, but I think you are looking for something like EAPOL Security. Here is a link http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a008007f395.html Skarphedinsson Arni V. wrote: Hi I have some catalyst 2950 and 3550 switches, that I need to control the mac addresses of the machines that are alowed to connect to the switches, i.e. something similar to port security, but i dont want to configure it per port, but rather for a whole switch or vlan, what would be the best way to accomplish this ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72714t=72684 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX DNS Issue [7:72685]
You will have to use the alias command or static dns command to all translation from internal to external. CCO site has great examples of your situation. Cheers, Jamie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stevo Sent: July 21, 2003 11:27 AM To: [EMAIL PROTECTED] Subject: Re: PIX DNS Issue [7:72685] You know I've had similar weirdness with my Pix (6.3) and DNS. I have 2 internal AD DNS servers and 2 external BIND DNS servers. The 2 external DNS servers sit outside the PIX and AD DNS server obviously sit behind the Pix on the inside network. I have a host mail that has a different DNS entry on both internal and external name servers. Let's say internally the IP is 10.1.1.10 and externally 203.132.60.10. When I am on a host on the internal network and query the external name server it seems like the response comes from the internal dns server... example below: I'm trying to resolve mail on the external name server. When I'm on the external name server (or outside the Pix) the response is always 203.132.60.10. However, when I'm on an internal host and do a look up against the external name server I get 10.1.1.10 as the answer everytime! So it seems like the Pix is grabbing that DNS query and sending it to the internal name server instead of letting it through... Any ideas as to why?? Stevo wrote in message news:[EMAIL PROTECTED] PIX treats DNS queries little different, especially replies. The client has the potential of contacting multiple DNS servers sequentially in the event the first one experiencing some delays. The PIX keeps track of all them and allows one reply to come back through. I'm not sure if things changed in the version but its a good idea to check.. HTH Thanks...Nabil I have never let my schooling interfere with my education. Andrew Larkins cc: Sent by: Subject: RE: PIX DNS Issue [7:72685] [EMAIL PROTECTED] om 07/21/2003 09:41 AM Please respond to Andrew Larkins Please send the config and we can have a look. -Original Message- From: Tunde Kalejaiye [mailto:[EMAIL PROTECTED] Sent: 21 July 2003 11:57 To: [EMAIL PROTECTED] Subject: PIX DNS Issue [7:72685] I swapped a router running ios firewall with a pix 506e and i have been having all sorts of issues. first, is the DNSall clients use an internal DNS server which forwards all request to an external DNS serverthis works fine with the router but with the PIX it doesnt work. when i configured the clients to use the external DNS server everything worked fine. The pix box is running the 6.3 code. i know i am missing something...but can't figure it out yet...i really would appreciate any comments. regards, Tunde Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72717t=72685 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT: Anyone using Qwest PRN ? [7:72704]
I looked at Qwests VPN stuff a while back which I think is at least similar in overall design to PRN. Though there was benefit in this type of solution over frame relay from a technical standpoint, there was no cost benefit versus converting my frame network to point-to-point lines via local carrier and maintaining control over my own network. Their stuff at the time was ungodly expensive. I do have a Qwest Internet T1 that has been flawless and their support is first rate. Its been down twice. The first time they had it fixed w/i 10 minutes of my call. The second time was because we lost main power to the building and it knocked out our perimeter router. Qwest took the initiative, and called me wondering why it was down about 3 hours after it went down. Verizon won't even guarantee a callback w/i 3 hours much less initiate the investigation. That said, we'll be moving it to an SBC internet line in the near future due to the high MRC on the Qwest line. -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED] Sent: Monday, July 21, 2003 11:02 AM To: [EMAIL PROTECTED] Subject: Re: OT: Anyone using Qwest PRN ? [7:72704] Peter van Oene wrote: At 04:31 PM 7/21/2003 +, John Neiberger wrote: Are any of you using Qwest PRN? If so, I have a few questions for you: 1. How do you like it so far? 2. Did you migrate from something else? If so, how did the migration go? 3. Any 'gotchas' that you learned later that you wish you'd learned sooner? 4. How does the service compare to what you were using before? 5. How many sites do you have? Is this solution scaling well for you? Hey John, What is PRN? Private routed network? Can't seem to find much about it in my brief googling. Oops. Accidentally hit post before adding any content. ;-) Yes, it stands for Private Routed Network. It's a very interesting solution. Our hub sites would participate in OSPF with their network, while our spoke sites would use static routing. The PRN would have static routes pointing to our spoke sites and those statics would be redistributed into OSPF. The biggest downside to this is that we'd have to contact Qwest each time we added a new subnet at a branch, but I suppose that just means we'd need to plan ahead better. This solution buys us a few things over our current frame relay network. Each site has a full pipe into the PRN instead of multiple PVCs sharing a single link, and we don't have to deal with CIR. From the perspective of our routers each site is one hop away from any other site. These combination of these features will allow us to proceed with VoIP throughout our network, which is not feasible with the current frame relay network. John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72716t=72704 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Two ABRs on the same area - requirements [7:72587]
Is there a document explaining the rules of summarization when there are two ABRs on a area? I believe you would summarize the same, unless you had special needs. The cumulative cost from the ABR back to the source of the traffic should allow the routers in-between to choose the correct path. So if you had: RaRcRd | | | | 5 | 0 | | | | RbRdRe Routers Rc and Rd would be the ABRs. In summarizing into the backbone, or summarizing out to area 5, you would setup the same summary ranges. Assuming all links were the same cost, Ra would go through Rc in order to get to anything in area 0 (assuming all networks were summarized) and Rb would go through Rd. Similarly, Rd would go through Rc in order to get to anything in area 5, while Re would go through Rd. Now, in the original question (unless I've gotten questions confused, which is definitely possible), there was no link between Ra and Rb (and there never was). So, although they were both called area 5, they were in fact two different areas. Ra and Rb never shared the same database (assuming that the link between Rc and Rd was in area 0) at any point in time. If they summarized their whole area (including routes off of both Ra and Rb in the misguided thinking that both area 5's were the same area), then Rd would send traffic destined for Rb to Rc, which wouldn't have a more specific route for it. Re would send traffic for Ra towards Rd, which also wouldn't have a more specific route for that traffic. As long as you have your areas properly connected, you shouldn't have to worry about any special summarization requirements, other than if you want traffic to flow a particular way due to bandwidth, cost of service, or some other external consideration. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: alaerte Vidali [mailto:[EMAIL PROTECTED] Sent: Monday, July 21, 2003 3:06 PM To: [EMAIL PROTECTED] Subject: RE: Two ABRs on the same area - requirements [7:72587] Thanks, The challenge I am facing is to improve the OSPF design of a network that is in production, without changing the existing WAN links. The area 5 is bigger than I think it would be ideal (there are 56 routers) and there is no interesting traffic between all the spoke routers in the area, as Howard mentioned. In the beginning I were wondering about transforming R1 in an ABR; but I gave up because the stability of the backbone (R1 is not so powerful as the others, R2 and R3). Also, today there are two ABRs in area 5, and it would have just 1 ABR with this change. Now I am considering to change the spoke routers connected to R3 to a new area. Today there is only one exit point for the spoke routers connected to R3, and it would not be changed. R3 would be connected to R2 (through area 0 and area 5) and to R1 (through area 5), as it is today. R2 and R3 would be the ABR for area 5; no changes here. R1 has an ATM link to its two ABRs, R2 and R3. The main link is to R2; the link to R3 is a backup. R3 would participate in area 5 just because the existing WAN link to R1. R3 would be the ABR for the new area, probably area 6. The benefit is a small database for area 5 and area 6, without flooding information where it is not useful. Is there a document explaining the rules of summarization when there are two ABRs on a area? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72719t=72587 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Anyone using Qwest PRN ? [7:72704]
Peter van Oene 7/21/03 3:26:30 PM Oops. Accidentally hit post before adding any content. ;-) Yes, it stands for Private Routed Network. It's a very interesting solution. Our hub sites would participate in OSPF with their network, while our spoke sites would use static routing. The PRN would have static routes pointing to our spoke sites and those statics would be redistributed into OSPF. Cool. I thought it was a IP VPN based network, but wasn't completely sure. You might consider BGP at the hub site just to isolate your hub. If they wack up their PE box and give you way to many routes, it might become painful. Usually I recommend the provider asked the customer to run BGP or RIP vs OSPF for this reason, but it makes sense from the customers perspective as well. This also mitigates some messy backdoor scenarios that come up with spokes gain spoke to spoke or non VPN spoke to hub connections. They mentioned that iBGP was an option but given our network design this would complicate matters, at least as I understand it. The biggest downside to this is that we'd have to contact Qwest each time we added a new subnet at a branch, but I suppose that just means we'd need to plan ahead better. Spoke wise, can you not pre-provision some aggregate blocks to the spokes inline with growth expectations? This would ease your provisioning pain. I'd ask for portal capability for this as well (spoke static route adds). They likely don't have it, but it isn't that hard to do and would likely be consistent with stuff they may already be considering. In other words, they won't likely be able to do it, but you might help them make it happen sooner than later. To some extent we can preprovision, especially if we stick to our addressing scheme! Portal capability would be nice. I'll have to ask them about that. Right now, route adds require a telephone call, or possibly an email. If I had some web-based control, for example, I'd be quite thrilled. I should note that I'm not directly familiar with their offering. This solution buys us a few things over our current frame relay network. Each site has a full pipe into the PRN instead of multiple PVCs sharing a single link, and we don't have to deal with CIR. From the perspective of our routers each site is one hop away from any other site. These combination of these features will allow us to proceed with VoIP throughout our network, which is not feasible with the current frame relay network. I take it sharing routing information wasn't a big concern for your company? It seems to be for some, but I never saw the risk myself. It was a concern for a moment, but upon further reflection we decided that we're not really any worse off than we are right now. We're already at the mercy of the provider, and if they have people internally who are willing to attempt to gain useful information from our network connections then we're in trouble already. John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72721t=72704 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Bandwidth, QoS, and Contention networks [7:72645]
Quick addendum: As Howard mentioned, the problem with a contention medium isn't only how much bandwidth is available but also how quickly a station can access it. If the stataion listens before it sends and can't send for long periods of time because the medium is not free, this is bad news for voice and video. Shared Ethernet has gone the way of LocalTalk, (almost?) but shared wireless is gaining popularity, as Chuck has been saying. I haven't seen any studies yet that address medium access delay on wireless networks based on load and access characteristics, but maybe they will get published at some point, (although it's pretty unpredicatable with bursy data sources, of course). Suffice it to say, microsegmentation for wireless networks will be necessary to some extent, just like it was with shared Ethernet, depending on delay and delay variance requirements of the applications. Priscilla Chuck Whose Road is Ever Shorte wrote: Zsombor Papp wrote in message news:[EMAIL PROTECTED] Chuck Whose Road is Ever Shorte wrote: after viewing the presentation, you tell me - is this not saying that 5 megabits is more than adequate for voice, video, etc? I don't think that was the point of the presention. Regardless, I can tell you that 5Mbps is enough for voice. :) For video, it depends on the quality. 30 frame per second video over ISDN requires 3 ISDN lines ( 6 B-channels ) for a total of 384K. I've spoken about video over WAN links on several occasions with the video guy in my group. He tells me he likes to reserve 500K over T1's typically. Howard, if your reading, I just looked over my unsent drafts of the question regarding bandwidth, and the point I failed to raise in this posted thread is that of global synchronization. One of the major benefits of such QoS mechanisms as RED and WRED is that the phenomenon of global synch can be controlled, meaning a more efficient use of bandwidth ( no periods of congestion followed by periods of low activity because of the TCP backoff mechanisms ) Now supposing, even in a contention medium, I could fine tune my queueing such that I no longer suffered from global synch. I set my voice queues and my delay sensative queues such that sufficient badwidth was available, and I used RED or WRED for the general queue. I'm wondering if there are studies done, papers in the IETF working groups demonstrating that given proper queueing mechanisms that less bandwidth is required or necessary? Cisco does offer downstream only QoS on their wireless product line. Not sure I understand the mechanism completely, but I have to believe it is based on enough solid study such that given a reasonable design, there would be less concern for voice in the mix. Recall that Cisco will soon be releasing their own wireless IP phone, and the whole point of it is to provide untethered mobility throughout an enterprise. I'm just asking - if people are more productive, despite the obvious lack of bandwidth, and despite the step back to a contention medium, is there something to be said about the perceived need for 100 megabits to the desktop? I agree with Fred, such a perception is probably misguided in most cases. Most people are very happy even with their 1.5Mbps DSL line. But all this depends on what you want to do. Full-screen DVD quality video won't work over DSL. Even online gaming could use more than 1.5Mbps. FWIW, I've heard that in Korea, there is a serious market for dedicated 100Mbps connections to the *home* due to wide-spread online gaming (I don't know if this is true, I find it a bit hard to believe). can't comment much regarding the needs of on-line gaming, but the guy teaching the wireless class two weeks ago said he was an avvid on line gamer and that his DSL was plenty fine for what he did. He also said he had a couple friends around his neighborhood who did on-line gaming via a sireless AP that he set up for their use. Don't know the particular game, so I can say as to whether it is the same one you play. Also consider that pure 10Mbps Ethernet interfaces are getting pretty rare; most of the Ethernet interfaces are 10/100. So in a campus network, in most cases, there is no real reason to not have 100Mbps to the desktop. indeed. and with three teenage boys around the house, I am happy to sell lots of these things in order to keep the refridgerator full. ;- yes, Mr Customer, you never can tell when your users will need this bandwidth, what with internet radio, lots of databases out there on the web, and all the e-mail attachments people need to read to get their work done. ;- Thanks, Zsombor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72722t=72645 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: OT: Anyone using Qwest PRN ? [7:72704]
John Neiberger wrote in message news:[EMAIL PROTECTED] I think this actually is an MPLS VPN, of sorts. It's been fairly hard for me to get the nitty gritty details. As I see it, it's a layer 3 MPLS vpn with OSPF as our 'interface' to their network but I may be wrong about that. As someone else just mentioned, this service is expensive compared to frame relay. In fact, at the moment it's about twice the monthly cost, but we're quickly growing to a point where the frame network is not going to support our goals. This solution looks pretty slick, I must admit. you shopped this to WorldCom or ATT? Those two bad boys have been pretty agressive in the WAN market, at least in these parts. You might be able to get some decent ATM and FRATM setups, in which case Qwest might revisit their pricing. ;- John Chuck Whose Road is Ever Shorter 7/21/03 1:50:51 PM so, John, whatever happened to the MPLS network they were trying to sell you a while back? what advantage does PRN have vis a vis MPLS such that Quest is no longer trying to convince you to buy it? inquiring minds need to know :- John Neiberger wrote in message news:[EMAIL PROTECTED] Peter van Oene wrote: At 04:31 PM 7/21/2003 +, John Neiberger wrote: Are any of you using Qwest PRN? If so, I have a few questions for you: 1. How do you like it so far? 2. Did you migrate from something else? If so, how did the migration go? 3. Any 'gotchas' that you learned later that you wish you'd learned sooner? 4. How does the service compare to what you were using before? 5. How many sites do you have? Is this solution scaling well for you? Hey John, What is PRN? Private routed network? Can't seem to find much about it in my brief googling. Oops. Accidentally hit post before adding any content. ;-) Yes, it stands for Private Routed Network. It's a very interesting solution. Our hub sites would participate in OSPF with their network, while our spoke sites would use static routing. The PRN would have static routes pointing to our spoke sites and those statics would be redistributed into OSPF. The biggest downside to this is that we'd have to contact Qwest each time we added a new subnet at a branch, but I suppose that just means we'd need to plan ahead better. This solution buys us a few things over our current frame relay network. Each site has a full pipe into the PRN instead of multiple PVCs sharing a single link, and we don't have to deal with CIR. From the perspective of our routers each site is one hop away from any other site. These combination of these features will allow us to proceed with VoIP throughout our network, which is not feasible with the current frame relay network. John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72723t=72704 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
source specific m-cast error [7:72724]
I'm testing a setup using source specific multicast. On the RPF interface for the target source IP (192.168.25.25) I've configured the following command: ip igmp static-group 232.232.232.232 source 192.168.25.25 This seems to get the right messages forwarded up towards the source in order to get the SPT built. However, when I reboot this router, I see the following error message in the boot output: Accepting source reports only for groups in ssm range, 192.168.25.25 ignored and the above ip igmp static-group command is removed from the running config. Anyone seen this before or understand why the command is being removed? Should I be doing something different to statically cause the interface to join the SSM channel? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72724t=72724 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: basic PRI question. [7:72691]
Yes, you can do that you are need to setup up DDR then setup backup interface on leased line interface to that DDR and then setup the interface PRI become member that DDR so the interface of the DDR will be stand by, not the interface of the PRI install the route through PRI with higher AD wisnu Stuart Pittwood wrote in message news:[EMAIL PROTECTED] I know this is basic the answer is probably yes but I'll ask anyway We have a 1Mb leased line betweem two sites, if we also had 8 channels of a PRi at both sites, in the event that the leased line was unavailble could the available PRI channels multilink and dial into the remote site to give at least some connectivity if yes, could these channels also be used for remote access when they are not needed as a backup to the leased line. Any input appreciated. Thanks Stu P Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72725t=72691 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Anyone using Qwest PRN ? [7:72704]
At 07:58 PM 7/21/2003 +, John Neiberger wrote: I think this actually is an MPLS VPN, of sorts. It's been fairly hard for me to get the nitty gritty details. As I see it, it's a layer 3 MPLS vpn with OSPF as our 'interface' to their network but I may be wrong about that. This sounds exactly like a 2547bis based IP VPN. As someone else just mentioned, this service is expensive compared to frame relay. In fact, at the moment it's about twice the monthly cost, but we're quickly growing to a point where the frame network is not going to support our goals. This solution looks pretty slick, I must admit. Keep in mind that this solution involves the provider managing aspects of your WAN routing which involves a different level of attention from them then you would see with a traditional layer two network. Usually, this type of service commands a premium, but the market tends to dictate pricing in many areas (depending upon where you are located). Pete John Chuck Whose Road is Ever Shorter 7/21/03 1:50:51 PM so, John, whatever happened to the MPLS network they were trying to sell you a while back? what advantage does PRN have vis a vis MPLS such that Quest is no longer trying to convince you to buy it? inquiring minds need to know :- John Neiberger wrote in message news:[EMAIL PROTECTED] Peter van Oene wrote: At 04:31 PM 7/21/2003 +, John Neiberger wrote: Are any of you using Qwest PRN? If so, I have a few questions for you: 1. How do you like it so far? 2. Did you migrate from something else? If so, how did the migration go? 3. Any 'gotchas' that you learned later that you wish you'd learned sooner? 4. How does the service compare to what you were using before? 5. How many sites do you have? Is this solution scaling well for you? Hey John, What is PRN? Private routed network? Can't seem to find much about it in my brief googling. Oops. Accidentally hit post before adding any content. ;-) Yes, it stands for Private Routed Network. It's a very interesting solution. Our hub sites would participate in OSPF with their network, while our spoke sites would use static routing. The PRN would have static routes pointing to our spoke sites and those statics would be redistributed into OSPF. The biggest downside to this is that we'd have to contact Qwest each time we added a new subnet at a branch, but I suppose that just means we'd need to plan ahead better. This solution buys us a few things over our current frame relay network. Each site has a full pipe into the PRN instead of multiple PVCs sharing a single link, and we don't have to deal with CIR. From the perspective of our routers each site is one hop away from any other site. These combination of these features will allow us to proceed with VoIP throughout our network, which is not feasible with the current frame relay network. John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72726t=72704 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX DNS Issue [7:72685]
Careful if anybody is using PDM because it doesn't support the alias command, so will limit you to monitoring only if you use it in the CLI. You can use static outbound NAT instead. Anyone got any other tricks for this? Bikespace jhodge wrote in message news:[EMAIL PROTECTED] You will have to use the alias command or static dns command to all translation from internal to external. CCO site has great examples of your situation. Cheers, Jamie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stevo Sent: July 21, 2003 11:27 AM To: [EMAIL PROTECTED] Subject: Re: PIX DNS Issue [7:72685] You know I've had similar weirdness with my Pix (6.3) and DNS. I have 2 internal AD DNS servers and 2 external BIND DNS servers. The 2 external DNS servers sit outside the PIX and AD DNS server obviously sit behind the Pix on the inside network. I have a host mail that has a different DNS entry on both internal and external name servers. Let's say internally the IP is 10.1.1.10 and externally 203.132.60.10. When I am on a host on the internal network and query the external name server it seems like the response comes from the internal dns server... example below: I'm trying to resolve mail on the external name server. When I'm on the external name server (or outside the Pix) the response is always 203.132.60.10. However, when I'm on an internal host and do a look up against the external name server I get 10.1.1.10 as the answer everytime! So it seems like the Pix is grabbing that DNS query and sending it to the internal name server instead of letting it through... Any ideas as to why?? Stevo wrote in message news:[EMAIL PROTECTED] PIX treats DNS queries little different, especially replies. The client has the potential of contacting multiple DNS servers sequentially in the event the first one experiencing some delays. The PIX keeps track of all them and allows one reply to come back through. I'm not sure if things changed in the version but its a good idea to check.. HTH Thanks...Nabil I have never let my schooling interfere with my education. Andrew Larkins cc: Sent by: Subject: RE: PIX DNS Issue [7:72685] [EMAIL PROTECTED] om 07/21/2003 09:41 AM Please respond to Andrew Larkins Please send the config and we can have a look. -Original Message- From: Tunde Kalejaiye [mailto:[EMAIL PROTECTED] Sent: 21 July 2003 11:57 To: [EMAIL PROTECTED] Subject: PIX DNS Issue [7:72685] I swapped a router running ios firewall with a pix 506e and i have been having all sorts of issues. first, is the DNSall clients use an internal DNS server which forwards all request to an external DNS serverthis works fine with the router but with the PIX it doesnt work. when i configured the clients to use the external DNS server everything worked fine. The pix box is running the 6.3 code. i know i am missing something...but can't figure it out yet...i really would appreciate any comments. regards, Tunde Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72728t=72685 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
a song for all of us [7:72729]
Over the mountain, take me across the sky Something in my monitor, something bridged inside Where did I wander? where d'ya think I telnet'ed to? I've seen Cisco's magic astral plane. I'll use the CLI to get through I heard them tell me that this land of BGP peers was now I told them I had ridden high speed fault tolerant rings And said I'd show them how Over and over, always tried to get that cert Living in a term server, only place I had to stay Fever of a upgrade burning in me many hops away People around me talking to the CCO I heard them tell me that this land of hot swappable cards was now I told them I had ridden SRT bridge groups seen the RIF's And said I'd show them how Don't need no CCIE, it's inside of you and me Firewall has a deny all IPX just won't go away. You don't need a route-map to log on with me. DLSw is the solution. Remote peer back to me. Over and over, where did that .pdf go to ? Over and under, in between the debug's and reloads Under and under, something that they said in class - Mind on a lunch break, SmartNET contract goes 'round and round After the meltdown, kissing VISIO inlaid clouds Where is the Network Designer? He said MPLS would make me understand. Another round of layoff's. Looking for those stupid ROM chips Watching my packet's disappear into the broadcast domain Can't remember the command ! Now I remember why ! Don't need no CCIE, it's inside of you and me Nortel's might as well go out of business. Maybe the boss will understand. Can't keep working all these hours. Stock options were supposed to expand. You don't need an extended ACL to route with me, I'm free - yeah! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72729t=72729 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]