Re: Urgent Help On Cisco Radius [7:72617]

[Rohit Sundriyal]

Hi nakul

We have 7 routers all over 7 sites what we wanted to do is we will provide
username and password to few ppl around these site and want that what ever
they made changes or commands they execute shuld be loged in to the one
central radius server.
Is wondows 2000 radius server will do the work or we need to put some other
radius software for that .


Thanks and Regards
Rohit Sundriyal


Nakul Malik  wrote in message
news:[EMAIL PROTECTED]
 what topic ezxactly do u need help on?
 give me some details and i might be able to help.
 -Nakul

 --
 Nakul Malik

 H-342
 New Rajendra Nagar
 New Delhi - 110060

 Mobile: +91-9811424477
 Ph: +91-11- 2582 3488
   +91-11- 2585 0155
 Fax:: +91-11- 2575 2904

 [EMAIL PROTECTED]

 Rohit Sundriyal  wrote in message
 news:[EMAIL PROTECTED]
  Team
 
  We need to setup cisco radius server.i have no knowledge on this can
 someone
  please help me out.
 
  Quit Urgent
 
  Rohit Sundriyal




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72681t=72617
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Bandwidth, QoS, and Contention networks [7:72645]

Reimer, Fred  wrote in message
news:[EMAIL PROTECTED]
 Chuck -
  well sure. one of the other reasons I got to pondering the original
 question
 ( are we overselling the value of bandwidth? ) is the following:

 http://newsroom.cisco.com/dlls/video_audio_archive/?video

 check out the long reach ethernet presentation, maybe 3/4 down the page.

 LRE can provide up to 5 megabits full duplex over cat 3 phone wire - data
 and voice. after viewing the presentation, you tell me - is this not
saying
 that 5 megabits is more than adequate for voice, video, etc?

 as for wireless - I fully understand that the requirements of the
 application drive the need for bandwidth. I'm just asking - if people are
 more productive, despite the obvious lack of bandwidth, and despite the
step
 back to a contention medium, is there something to be said about the
 perceived need for 100 megabits to the desktop?

 Me -

 I think you have to take into account the application requirements.

I thought I said that. [ looks at my earlier statement] why yes, I did say
that :-

Would you want to stick an enterprise server on wireless?  Heck no.

Oh i don't know. The answer is it depends :-  but suppose I stick the
server on my 3550-24PWR and run 23 access points off that switch, instead of
putting in a  4507 with a port ( and wiring ) for each user?


Would you want to stick an Oracle database on wireless?  I'd say not.

do I have a thin client? am I downloading large reports? uploading large
volumes of data?

Take a look at what wireless is actually being used for, and I think you
will find that, in
 most cases, the shared media is not a huge issue.  It's not like we are
 transferring hundreds of megabytes of data over wireless on a regular
basis,
 if at all.

my point exactly -


 Is 100MBps really needed to the desktop, let alone 1Gb?  I'd say 99.44% of
 the time the answer is no.  10Mbps switched to the desktop should be more
 than enough for most users.  There will always be users and applications
 that require greater bandwidth, but as I'm sure most everyone knows the
 Gigabit downlinks to the core in most corporations are not being loaded to
a
 significant degree.  Yes, there will be exceptions, but the general rule
 I've seen is that the average Gb utilization is well below 10% on a
 downlink.

 Still, I would not even think of proposing or installing a network today
 that did not have 100Mbps capabilities at the edge, and Gb connections to
 the core.

neither would I. The kids need shoes and I have house payments to make ;-


 Fred Reimer - CCNA


 Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
 Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050


 NOTICE; This email contains confidential or proprietary information which
 may be legally privileged. It is intended only for the named recipient(s).
 If an addressing or transmission error has misdirected the email, please
 notify the author by replying to this message. If you are not the named
 recipient, you are not authorized to use, disclose, distribute, copy,
print
 or rely on this email, and should immediately delete it from your
computer.


 -Original Message-
 From: Chuck Whose Road is Ever Shorter [mailto:[EMAIL PROTECTED]
 Sent: Sunday, July 20, 2003 2:50 PM
 To: [EMAIL PROTECTED]
 Subject: Re: Bandwidth, QoS, and Contention networks [7:72645]

 Zsombor Papp  wrote in message
 news:[EMAIL PROTECTED]
  I think comparing shared wireless to dedicated wired connections is a
bit
 of
  an apple vs orange contest. You can get shared wireless where you can't
 get
  anything else (e.g. walking from one meeting room to the other, or
 attending
  a meeting with 10 other people in a room where there are only 4 wired
  ports), so obviously it is better than all the other choices. If you can
  choose between a 100Mbps switch port and a 11Mbps shared wireless link
  without sacrificing anything (e.g. in case of servers or desktop
 machines),
  then the 100Mbps switch port is obviously better.

 well sure. one of the other reasons I got to pondering the original
question
 ( are we overselling the value of bandwidth? ) is the following:

 http://newsroom.cisco.com/dlls/video_audio_archive/?video

 check out the long reach ethernet presentation, maybe 3/4 down the page.

 LRE can provide up to 5 megabits full duplex over cat 3 phone wire - data
 and voice. after viewing the presentation, you tell me - is this not
saying
 that 5 megabits is more than adequate for voice, video, etc?

 as for wireless - I fully understand that the requirements of the
 application drive the need for bandwidth. I'm just asking - if people are
 more productive, despite the obvious lack of bandwidth, and despite the
step
 back to a contention medium, is there something to be said about the
 perceived need for 100 megabits to the desktop?





 
  Thanks,
 
  Zsombor
 
  Chuck Whose Road is Ever Shorte wrote:
  
   Howard C. Berkowitz  wrote in message
   news:[EMAIL PROTECTED]
  

Re: CCNP BCRAN 642-821 exam [7:72650]

[wisnu]

Ya, i had a test few day ago
but, not the new version
i still had 640-605

it had 53 question
passing score is 706
time 75 minutes

Mai NhF0 ThC nh  wrote in message
news:[EMAIL PROTECTED]
 Hi every body,
 Does any one know about CCNP BCRAN 642-821 exam, I am going to take it
 next week
 Please kindly give me your help
 Thanks in advance

 -- 
 MNThanh
 Support Division, VDC1
 292 Tay Son, Hanoi, Vietnam
 Telephone: +84-4-5374165
 Fax:   +84-4-5372781
 Handphone: +84-91-3213801
 Email: [EMAIL PROTECTED] / [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72680t=72650
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IS-IS and IOS ver. 11.1 [7:72648]

BTW, there is an enterprise basic for 26xx and higher. A lot of the
obsolete things like Apollo and Vines have been eliminated. Still contains
DecNet. But MPLS and MPLS VPNs are supported. I'm not sure if Cisco plans on
a version for the 25xx or not.

John Jones  wrote in message
news:[EMAIL PROTECTED]
 Thanks for the reply.  I had a hunch, but wasn't sure...

 Why not remove the command from the config mode if it can't be used in a
 certian version? Go figure...

 I guess it's off to more memory and get 12.2 IOS loaded. ;)

 John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72679t=72648
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IS-IS and IOS ver. 11.1 [7:72648]

[wisnu]

i'm not sure if my answer will help you
i had same case with you, but i forgot what the ios version i was using
then i only added command clns routing in global conf
the the problem is missing


wisnu

John Jones  wrote in message
news:[EMAIL PROTECTED]
 Thanks for the reply.  I had a hunch, but wasn't sure...

 Why not remove the command from the config mode if it can't be used in a
 certian version? Go figure...

 I guess it's off to more memory and get 12.2 IOS loaded. ;)

 John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72682t=72648
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Command rejected: FastEthernet5/14 not an acce [7:72674]

[Zsombor Papp]

Try 'switchport mode access' first.

Thanks,

Zsombor

John Brandis wrote:
 
 Hi all,
  
 I am wishing to implement port security on my 4006 + supIII
 using Version
 12.1(13)EW1
  
 I tried to enter the command
  
 SYD_CORE1(config)#int fastEthernet 5/14
 SYD_CORE1(config-if)#switchport port
 SYD_CORE1(config-if)#switchport port-security max
 SYD_CORE1(config-if)#switchport port-security maximum 2 ?
   
  
 SYD_CORE1(config-if)#switchport port-security maximum 2
 Command rejected: FastEthernet5/14 not an access port.
  
 I then confirmed my config for the port
  
 interface FastEthernet5/14
  description a computer internal
  switchport access vlan 11
  no snmp trap link-status
  
  
 Can any one tell me why I would get the error? I have tried
 this on a few
 ports now and got the same error every time. I looked on the
 cisco site and
 around deja, and found nothing about the error. Can any one
 provide some
 help
  
 John
  
 
 
 **
 This email and any files transmitted with it are confidential
 and
 intended solely for the use of the individual or entity to whom
 they
 are addressed. If you have received this email in error please
 notify
 the system manager.
 
 This footnote also confirms that this email message has been
 swept by
 MIMEsweeper for the presence of computer viruses.
 www.solution6.com
 **
 
 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72676t=72674
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Command rejected: FastEthernet5/14 not an access port. [7:72683]

[Erick B.]

john,

Under the port, add 'switchport mode access' as well. 

By default the switchports can automatically become
trunks if both sides agree, etc. If trunk isn't
negotiated then the port is in access vlan 11 in your
config below. The 'switchport mode access' command
forces port to be in access mode and not the I'll
decide what type of port i'll be mode.

--- John Brandis  wrote:
 Hi all,
  
 I am wishing to implement port security on my 4006 +
 supIII using Version
 12.1(13)EW1
  
 I tried to enter the command
  
 SYD_CORE1(config)#int fastEthernet 5/14
 SYD_CORE1(config-if)#switchport port
 SYD_CORE1(config-if)#switchport port-security max
 SYD_CORE1(config-if)#switchport port-security
 maximum 2 ?
   
  
 SYD_CORE1(config-if)#switchport port-security
 maximum 2
 Command rejected: FastEthernet5/14 not an access
 port.
  
 I then confirmed my config for the port
  
 interface FastEthernet5/14
  description a computer internal
  switchport access vlan 11
  no snmp trap link-status
  
  
 Can any one tell me why I would get the error? I
 have tried this on a few
 ports now and got the same error every time. I
 looked on the cisco site and
 around deja, and found nothing about the error. Can
 any one provide some
 help
  
 John
  
 
 

**
 This email and any files transmitted with it are
 confidential and
 intended solely for the use of the individual or
 entity to whom they
 are addressed. If you have received this email in
 error please notify
 the system manager.
 
 This footnote also confirms that this email message
 has been swept by
 MIMEsweeper for the presence of computer viruses.
 www.solution6.com

**
[EMAIL PROTECTED]


__
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72683t=72683
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX DNS Issue [7:72685]

[Tunde Kalejaiye]

I swapped a router running ios firewall with a pix 506e and i have been
having
all sorts of issues. first, is the DNSall clients use an internal DNS
server which forwards all request to an external DNS serverthis works
fine
with the router but with the PIX it doesnt work. when i configured the
clients
to use the external DNS server everything worked fine. The pix box is running
the 6.3 code.


i know i am missing something...but can't figure it out yet...i really would
appreciate any comments.

regards,

Tunde




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72685t=72685
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

mac address filtering [7:72684]

[Skarphedinsson Arni V.]

Hi

I have some catalyst 2950 and 3550 switches, that I need to control the mac
addresses of the machines that are alowed to connect to the switches, i.e.
something similar to port security, but i dont want to configure it per
port, but rather for a whole switch or vlan, what would be the best way to
accomplish this ?


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72684t=72684
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IS-IS and IOS ver. 11.1 [7:72648]

[Reimer, Fred]

Since the 2500s (and non XM 2600s except for the 2691) are EOL'd I'd say
probably not...

Fred Reimer - CCNA


Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050


NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.


-Original Message-
From: Chuck Whose Road is Ever Shorter [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 21, 2003 1:05 AM
To: [EMAIL PROTECTED]
Subject: Re: IS-IS and IOS ver. 11.1 [7:72648]

BTW, there is an enterprise basic for 26xx and higher. A lot of the
obsolete things like Apollo and Vines have been eliminated. Still contains
DecNet. But MPLS and MPLS VPNs are supported. I'm not sure if Cisco plans on
a version for the 25xx or not.

John Jones  wrote in message
news:[EMAIL PROTECTED]
 Thanks for the reply.  I had a hunch, but wasn't sure...

 Why not remove the command from the config mode if it can't be used in a
 certian version? Go figure...

 I guess it's off to more memory and get 12.2 IOS loaded. ;)

 John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72686t=72648
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: mac address filtering [7:72684]

[David Vital]

WELL  You can set port security by blade (module) to make it easier,
but if you want to be able to move from one port to another that's gonna be
tough.  I don't know of any 3rd party software that manages that but I
wouldn't be surprised if it was out there.An option you might want to
explore is setting up a MAC-access list.  The question really is how tight
you want security to be and what sort of trade off you are willing to accept
for the convenience.  You can even set up the MAC-access list and associate
traffic for a VLAN and what to do with that traffic.  But you are getting
back to a granular management that might make it easier to just set the
security by port again.  check out this page on Cisco's site.

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/1214ea1/3550cr/cli1.htm#23702

Good luck.  Let us know how you work it out.

David


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72692t=72684
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX DNS Issue [7:72685]

[Andrew Larkins]

Please send the config and we can have a look.

-Original Message-
From: Tunde Kalejaiye [mailto:[EMAIL PROTECTED]
Sent: 21 July 2003 11:57
To: [EMAIL PROTECTED]
Subject: PIX DNS Issue [7:72685]


I swapped a router running ios firewall with a pix 506e and i have been
having
all sorts of issues. first, is the DNSall clients use an internal DNS
server which forwards all request to an external DNS serverthis works
fine
with the router but with the PIX it doesnt work. when i configured the
clients
to use the external DNS server everything worked fine. The pix box is
running
the 6.3 code.


i know i am missing something...but can't figure it out yet...i really would
appreciate any comments.

regards,

Tunde




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72688t=72685
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

basic PRI question. [7:72691]

[Stuart Pittwood]

I know this is basic  the answer is probably yes but I'll ask anyway

We have a 1Mb leased line betweem two sites, if we also had 8 channels of a
PRi at both sites, in the event that the leased line was unavailble could
the available PRI channels multilink and dial into the remote site to give
at least some connectivity if yes, could these channels also be used for
remote access when they are not needed as a backup to the leased line.

Any input appreciated.

Thanks

Stu P




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72691t=72691
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Accounting. Pay-per-use service [7:72690]

[Alejandro Acosta]

Hello,
I wanted to hear some suggestions from you in this case:

My company is thinking to add an Internet product where we can charge 
the customer regarding the bandwidth usage, something like pay per 
use. Do you have any experience about it?. I would like to hear some 
recommendations like what software you are using, or if this products is 
just a headache and does not worth the time for implementing it.
I have used Netflow just for traffic analysis, never for accounting, 
can I do this using netflow or there are other software/methods?

Thanks

Alejandro Acosta,-




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72690t=72690
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX DNS Issue [7:72685]

[Nakul Malik]

try accessing port 53 of your external DNS server from your internal DNS
server. Should be reachable from it in order to work.
-Nakul

Tunde Kalejaiye  wrote in message
news:[EMAIL PROTECTED]
 I swapped a router running ios firewall with a pix 506e and i have been
 having
 all sorts of issues. first, is the DNSall clients use an internal DNS
 server which forwards all request to an external DNS serverthis works
 fine
 with the router but with the PIX it doesnt work. when i configured the
 clients
 to use the external DNS server everything worked fine. The pix box is
running
 the 6.3 code.


 i know i am missing something...but can't figure it out yet...i really
would
 appreciate any comments.

 regards,

 Tunde




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72687t=72685
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Default Route ... [7:72652]

[Nakul Malik]

 ip route 0.0.0.0  0.0.0.0  20.20.20.1
 ip route 0.0.0.0  0.0.0.0  20.20.10.1  200

Second route has higher AD, so the first will be used.
If it goes down, all traffic will go to the second.


 is it possible to have 2 default route???

YES



H T  wrote in message
news:[EMAIL PROTECTED]
 Hi all,
 can any one tell us what will be the effect of these 2 default routes.


 ip route 0.0.0.0  0.0.0.0  20.20.20.1
 ip route 0.0.0.0  0.0.0.0  20.20.10.1  200


 is it possible to have 2 default route???




 Cheers.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72689t=72652
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ODR, was RE: CCDA: changes in syllabus. [7:72380]

[Tom Martin]

John,

I have come across ODR in production a couple of times. Up until 
recently I had thought that ODR worked quite well for hub and spoke 
topologies...

My most recent involvement with ODR occurred when replacing a 2621 with 
a 3745, which was the hub of the hub-and-spoke topology. I quickly 
learned that the 3745 doesn't enable CDP by default. I was also reminded 
that Cisco doesn't save configuration commands that are considered 
default...

What ended up happening was CDP was not enabled by default and when I 
enabled it (cdp run) the command wouldn't save because it was 
considered a default command! Each time the router booted CDP was 
disabled again!

I recommend to everyone that ODR not be used in a Cisco production 
environment. You never know when an IOS (platform?) bug will render your 
WAN unusable!

- Tom

John Neiberger wrote:
 
 
 I've never heard of anyone using ODR. Anyone here know of anyone using ODR
 in a production environment? Are there any environments where ODR is
 recommended over other options?
 
 John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72693t=72380
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Bandwidth, QoS, and Contention networks [7:72645]

[quot;Chuck Whose Road is Ever Shorte]

Zsombor Papp  wrote in message
news:[EMAIL PROTECTED]
 Chuck Whose Road is Ever Shorte wrote:
  after viewing the presentation, you tell me - is
  this not saying
  that 5 megabits is more than adequate for voice, video, etc?

 I don't think that was the point of the presention. Regardless, I can tell
 you that 5Mbps is enough for voice. :) For video, it depends on the
quality.

30 frame per second video over ISDN requires 3 ISDN lines ( 6 B-channels )
for a total of 384K. I've spoken about video over WAN links on several
occasions with the video guy in my group. He tells me he likes to reserve
500K over T1's typically.

Howard, if your reading, I just looked over my unsent drafts of the question
regarding bandwidth, and the point I failed to raise in this posted thread
is that of global synchronization. One of the major benefits of such QoS
mechanisms as RED and WRED is that the phenomenon of global synch can be
controlled, meaning a more efficient use of bandwidth ( no periods of
congestion followed by periods of  low activity because of the TCP backoff
mechanisms )

Now supposing, even in a contention medium, I could fine tune my queueing
such that I no longer suffered from global synch. I set my voice queues and
my delay sensative queues such that sufficient badwidth was available, and I
used RED or WRED for the general queue. I'm wondering if there are studies
done, papers in the IETF working groups demonstrating that given proper
queueing mechanisms that less bandwidth is required or necessary?

Cisco does offer downstream only QoS on their wireless product line. Not
sure I understand the mechanism completely, but I have to believe it is
based on enough solid study such that given a reasonable design, there would
be less concern for voice in the mix. Recall that Cisco will soon be
releasing their own wireless IP phone, and  the whole point of it is to
provide untethered mobility throughout an enterprise.




  I'm just asking - if people are more productive,
  despite the obvious lack of bandwidth, and
  despite the step back to a contention medium,
  is there something to be said about the
  perceived need for 100 megabits to the desktop?

 I agree with Fred, such a perception is probably misguided in most cases.
 Most people are very happy even with their 1.5Mbps DSL line. But all this
 depends on what you want to do. Full-screen DVD quality video won't work
 over DSL. Even online gaming could use more than 1.5Mbps. FWIW, I've heard
 that in Korea, there is a serious market for dedicated 100Mbps connections
 to the *home* due to wide-spread online gaming (I don't know if this is
 true, I find it a bit hard to believe).


can't comment much regarding the needs of on-line gaming, but the guy
teaching the wireless class two weeks ago said he was an avvid on line gamer
and that his DSL was plenty fine for what he did. He also said he had a
couple friends around his neighborhood who did on-line gaming via a sireless
AP that he set up for their use. Don't know the particular game, so I can
say as to whether it is the same one you play.


 Also consider that pure 10Mbps Ethernet interfaces are getting pretty
rare;
 most of the Ethernet interfaces are 10/100. So in a campus network, in
most
 cases, there is no real reason to not have 100Mbps to the desktop.

indeed. and with three teenage boys around the house, I am happy to sell
lots of these things in order to keep the refridgerator full. ;- yes, Mr
Customer, you never can tell when your users will need this bandwidth, what
with internet radio, lots of databases out there on the web, and all the
e-mail attachments people need to read to get their work done. ;-




 Thanks,

 Zsombor




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72678t=72645
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Why ppp encaps at physical as well as dialer int? [7:72440]

[Tom Martin]

Greg,

The configuration on the dialer interface is used when making outbound 
calls. When an incoming call comes in, it isn't associated with a 
specific dialer interface. If you don't specify the encapsulation on the 
interface any incoming calls will be treated as HDLC.

- Tom

Greg Kirkness wrote:
 Subject pretty much says it all. Why is ppp encaps specified at the dialer
 interface as well as on the physical? Where are the LCP extensions
 available?
 
 Cheers




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72694t=72440
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: what cable do I need [7:72585]

[Nakul Malik]

You need a T-1 crossover cable.
Jacks=RJ-48 (C?)
pinout-- I'm not really sure but I seem to recall 12-45 was the pinout for
t1 crossover.
-Nakul


David Ristau  wrote in message
news:[EMAIL PROTECTED]
 I've got two 2621XM routers with WIC-1DSU-T1 cards in them
 here at work to play around with,  I want to mimic a serial connection
 between the two 2621's via the WIC,

 any idea as to what cable I need to use or a Cisco part number
 so I can connect these to routers together ?

 TIA




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72695t=72585
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: mac address filtering [7:72684]

[Nakul Malik]

use VMPS
-Nakul

Skarphedinsson Arni V.  wrote in message
news:[EMAIL PROTECTED]
 Hi

 I have some catalyst 2950 and 3550 switches, that I need to control the
mac
 addresses of the machines that are alowed to connect to the switches, i.e.
 something similar to port security, but i dont want to configure it per
 port, but rather for a whole switch or vlan, what would be the best way to
 accomplish this ?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72698t=72684
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 3524XL Error Message [7:72563]

[Nakul Malik]

interfaces send a keepalive-type loopback packet every x no of seconds to
verify the interface's integrity. same thing happens at POST.
The message means faulty Hardware. More specifically, it is probably the Rx
of your interface that has failed.
Solution=Hardware replacement.
-Nakul

Firesox  wrote in message
news:[EMAIL PROTECTED]
 Folks,
 I am troubleshooting the 3524XL and get the following message at the boot.

 C3500XL POST FAILURE: front-end post: GigabitEthernet0/2:

 C3500XL POST FAILURE: looped-back packet not received



 It is connected to 2950G-24.  2950 is seeing the 3524XL via CDP, but not
 vice versa.



 Has anyone seen this error messgae/condition?



 Thanks in advance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72696t=72563
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Help PLEASE FAST [7:72603]

[Tom Martin]

Describe how your clients lose their network connection. Do IP pings 
fail? Does DNS lookups fail (say, pinging www.google.com)? Do server 
shares become unreachable? Is network neighborhood not working?

It also would be very helpful to get a network capture during the 
problem. If you don't already have a favorite, check out www.ethereal.com.

- Tom

E. Keith J. wrote:
 Hi all
 
 HELP!
 
 
  The clients on my network seem to be loosing their connection to the 
 network for no apparent reason. we have a main office and a spoke location 
 running over vpn.
 
 The problem seems to be at main office because it happens here and was 
 happening before the other location came on-line. There are some internal 
 DNS issues also. I haven't determined if they are related but is happening 
 at both locations now. it is a AD domain and the other site is part of the 
 domain. I need help in getting this resolved soon. I will try to answer
any
 questions as best I can.
 
  I know this may not be Cisco issue but I do have Cisco products and 
 this is the best list of people with experience will all types of problems 
 that I know. I know of none better. I know someone here has had this issue 
 before, and can help me. I just hope they read this email soon.
 
  A reboot of the machine seems to fix the problem. Lease time is 24
 hours.
 DHCP is being used. I need to resolve this soon as it is a critical 
 situation.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72701t=72603
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Anyone using Qwest PRN ? [7:72704]

[John Neiberger]

Are any of you using Qwest PRN? If so, I have a few questions for you:

1. How do you like it so far?
2. Did you migrate from something else? If so, how did the migration go?
3. Any 'gotchas' that you learned later that you wish you'd learned sooner?
4. How does the service compare to what you were using before?
5. How many sites do you have? Is this solution scaling well for you?

Of course, it's not necessary to answer every question. I'm just doing some
research on their solution and thought I'd check around here for
references.

Thanks,
John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72704t=72704
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How do I check if load balancing works ? Catalyst 2900 and [7:72700]

[Tom Martin]

Chris,

Since you are choosing the link based on MAC addresses and only one 
switch LED is blinking, is your test traffic to stations located across 
a router? The router will obviously have a single MAC address, so 
EtherChannel based on MACs will use only a single link. Perhaps you 
should change to IP balancing.

Regarless of whether you use MAC or IP balancing, make sure that your 
test includes multiple destinations or you will only ever use one link!

- Tom

Chris wrote:
 Hi everybody
 
 
 I have a Compaq server with 2 NC3121 cards. According with the docs, the
 card supports Fast Etherchannel
 static configuration (ON).
 I couldn't find a procedure to set up Fast Etherchannel for the network
card
 so I did what I thought it was better.
 
 I selected the following :
 Teaming control =Load balancing
 Load balancing options:
 ---
 [x]Switch assisted load balancing
 [ ]Transmit load balancing
 ---
 [x ]Balance with MAC addresses
 [ ]Balance with IP addresses
 ---
 
 On the switch side I set up the following:
 
 interface Port-channel
  no ip address
  flowcontrol send off
 !
 interface FastEthernet0/1
  no ip address
  channel-group 1 mode on
 !
 interface FastEthernet0/2
  no ip address
  channel-group 1 mode on
 
 Everything looks fine, the redundancy works but how can I see if it works ?
 I mean the load balancing.
 I don't know the SNMP OID to monitor that interface. Judging by the
blinking
 lights it works only on one interface.
 I made the tests selecting different classes of IPs (10 mod 2 and 10 mod 5)
 for transmission on the server side
 I set up the switch on source balancing. Not very sure that both MAC aren't
 in the same class (MAC) mod 2.
 The 'show int' command shows me load only on the first interface of the
 channel.
 The 'debug etherchanel' shows that the switch senses the disconnecting of
 the interfaces (if I test this).
 
 Any clue ?
 Thank you
 Chris




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72700t=72700
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ODR, was RE: CCDA: changes in syllabus. [7:72380]

[John Neiberger]

In addition to that, how many times have you heard that we should disable
CDP for security reasons? I'm sure there are some companies that aren't
allowed to run CDP for this reason. Then again, that's usually a big company
that probably wouldn't want to run ODR in the first place.

John

 Tom Martin 7/21/03 10:05:02 AM 
John,

I have come across ODR in production a couple of times. Up until 
recently I had thought that ODR worked quite well for hub and spoke 
topologies...

My most recent involvement with ODR occurred when replacing a 2621 with 
a 3745, which was the hub of the hub-and-spoke topology. I quickly 
learned that the 3745 doesn't enable CDP by default. I was also reminded 
that Cisco doesn't save configuration commands that are considered 
default...

What ended up happening was CDP was not enabled by default and when I 
enabled it (cdp run) the command wouldn't save because it was 
considered a default command! Each time the router booted CDP was 
disabled again!

I recommend to everyone that ODR not be used in a Cisco production 
environment. You never know when an IOS (platform?) bug will render your 
WAN unusable!

- Tom

John Neiberger wrote:
 
 
 I've never heard of anyone using ODR. Anyone here know of anyone using
ODR
 in a production environment? Are there any environments where ODR is
 recommended over other options?
 
 John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72702t=72380
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: basic PRI question. [7:72691]

[Nakul Malik]

I think so.
You would need to setup DDR for the PRI.
Install the PRI route with a higher AD than the leased line route so that it
is only used when the leased line is unavailable.
Also, set up thresholds for the PRI channels.
-Nakul


Stuart Pittwood  wrote in message
news:[EMAIL PROTECTED]
 I know this is basic  the answer is probably yes but I'll ask anyway

 We have a 1Mb leased line betweem two sites, if we also had 8 channels of
a
 PRi at both sites, in the event that the leased line was unavailble could
 the available PRI channels multilink and dial into the remote site to give
 at least some connectivity if yes, could these channels also be used for
 remote access when they are not needed as a backup to the leased line.

 Any input appreciated.

 Thanks

 Stu P




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72699t=72691
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 1601 flash card. [7:72560]

[Nakul Malik]

no
-nakul

Johan Bornman  wrote in message
news:[EMAIL PROTECTED]
 Can this type of flash card be installed in a notebook PCMCIA slot to copy
 files?



 This e-mail may contain confidential information and may be legally
 privileged and is intended only for the person to whom it is addressed. If
 you are not the intended recipient, you are notified that you may not use,
 distribute or copy this document in any manner whatsoever. Kindly also
 notify the sender immediately by telephone, and delete the e-mail. When
 addressed to clients of the company from where this e-mail originates
(the
 sending company ) any opinion or advice contained in this e-mail is
subject
 to the terms and conditions expressed in any applicable terms of business
or
 client engagement letter . The sending company does not accept liability
for
 any damage, loss or expense arising from this e-mail and/or from the
 accessing of any files attached to this e-mail.

 At present, the integrity of e-mail across the Internet cannot be
 guaranteed and messages sent via this medium are potentially at risk.  The
 recipient should scan any attached files for viruses.  All liability
arising
 as a result of the use of this medium to transmit information by or to
 e-Innovation is excluded to the extent permitted by law.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72697t=72560
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Bandwidth, QoS, and Contention networks [7:72645]

[Reimer, Fred]

We have customers using Vocera's wireless VoIP phones (they look like Star
Trek communicators) with no problems.  We did have to use wireless VLANs,
but I was not involved in the configuration of the AP's.  They are having no
problems that I'm aware of.


Fred Reimer - CCNA


Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050


NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.


-Original Message-
From: quot;Chuck Whose Road is Ever Shorte [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 21, 2003 11:08 AM
To: [EMAIL PROTECTED]
Subject: Re: Bandwidth, QoS, and Contention networks [7:72645]

Zsombor Papp  wrote in message
news:[EMAIL PROTECTED]
 Chuck Whose Road is Ever Shorte wrote:
  after viewing the presentation, you tell me - is
  this not saying
  that 5 megabits is more than adequate for voice, video, etc?

 I don't think that was the point of the presention. Regardless, I can tell
 you that 5Mbps is enough for voice. :) For video, it depends on the
quality.

30 frame per second video over ISDN requires 3 ISDN lines ( 6 B-channels )
for a total of 384K. I've spoken about video over WAN links on several
occasions with the video guy in my group. He tells me he likes to reserve
500K over T1's typically.

Howard, if your reading, I just looked over my unsent drafts of the question
regarding bandwidth, and the point I failed to raise in this posted thread
is that of global synchronization. One of the major benefits of such QoS
mechanisms as RED and WRED is that the phenomenon of global synch can be
controlled, meaning a more efficient use of bandwidth ( no periods of
congestion followed by periods of  low activity because of the TCP backoff
mechanisms )

Now supposing, even in a contention medium, I could fine tune my queueing
such that I no longer suffered from global synch. I set my voice queues and
my delay sensative queues such that sufficient badwidth was available, and I
used RED or WRED for the general queue. I'm wondering if there are studies
done, papers in the IETF working groups demonstrating that given proper
queueing mechanisms that less bandwidth is required or necessary?

Cisco does offer downstream only QoS on their wireless product line. Not
sure I understand the mechanism completely, but I have to believe it is
based on enough solid study such that given a reasonable design, there would
be less concern for voice in the mix. Recall that Cisco will soon be
releasing their own wireless IP phone, and  the whole point of it is to
provide untethered mobility throughout an enterprise.




  I'm just asking - if people are more productive,
  despite the obvious lack of bandwidth, and
  despite the step back to a contention medium,
  is there something to be said about the
  perceived need for 100 megabits to the desktop?

 I agree with Fred, such a perception is probably misguided in most cases.
 Most people are very happy even with their 1.5Mbps DSL line. But all this
 depends on what you want to do. Full-screen DVD quality video won't work
 over DSL. Even online gaming could use more than 1.5Mbps. FWIW, I've heard
 that in Korea, there is a serious market for dedicated 100Mbps connections
 to the *home* due to wide-spread online gaming (I don't know if this is
 true, I find it a bit hard to believe).


can't comment much regarding the needs of on-line gaming, but the guy
teaching the wireless class two weeks ago said he was an avvid on line gamer
and that his DSL was plenty fine for what he did. He also said he had a
couple friends around his neighborhood who did on-line gaming via a sireless
AP that he set up for their use. Don't know the particular game, so I can
say as to whether it is the same one you play.


 Also consider that pure 10Mbps Ethernet interfaces are getting pretty
rare;
 most of the Ethernet interfaces are 10/100. So in a campus network, in
most
 cases, there is no real reason to not have 100Mbps to the desktop.

indeed. and with three teenage boys around the house, I am happy to sell
lots of these things in order to keep the refridgerator full. ;- yes, Mr
Customer, you never can tell when your users will need this bandwidth, what
with internet radio, lots of databases out there on the web, and all the
e-mail attachments people need to read to get their work done. ;-




 Thanks,

 Zsombor




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72703t=72645
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: 1601 flash card. [7:72560]

[Tom Martin]

Johan,

Sure! Linux has the ability to read and write various flash types and 
formats. I did something very similar a while back, albeit not with a 1600.

There's a really good chance that your Linux system will pick up the 
flash, but not necessarily out-of-the-box. I had to recompile my 
kernel before I could read flash cards...

Once the flash is recognized you may be able to mount the flash (if the 
filesystem is supported by the kernel). If not, and it probably won't 
be, perform a dd to image the flash card to a file -- it will be much 
easier and faster to work from.

If the format is proprietary, and honestly I have no idea what format is 
used by the 1600 series, then you might have to write a standalone 
interpreter for it. I've had to do this with some old CP/M images. 
Although it's not terribly difficult it does require a programming 
background.

If you just want to be able to read and write files using your notebook 
and don't care about being able to use them in your 1600 then things are 
a bit easier. You'll still have to know a thing or two about Linux though.

- Tom

Johan Bornman wrote:
 Can this type of flash card be installed in a notebook PCMCIA slot to copy
 files?
 
 
 
 This e-mail may contain confidential information and may be legally
 privileged and is intended only for the person to whom it is addressed. If
 you are not the intended recipient, you are notified that you may not use,
 distribute or copy this document in any manner whatsoever. Kindly also
 notify the sender immediately by telephone, and delete the e-mail. When
 addressed to clients of the company from where this e-mail originates (the
 sending company ) any opinion or advice contained in this e-mail is
subject
 to the terms and conditions expressed in any applicable terms of business
or
 client engagement letter . The sending company does not accept liability
for
 any damage, loss or expense arising from this e-mail and/or from the
 accessing of any files attached to this e-mail.
 
 At present, the integrity of e-mail across the Internet cannot be
 guaranteed and messages sent via this medium are potentially at risk.  The
 recipient should scan any attached files for viruses.  All liability
arising
 as a result of the use of this medium to transmit information by or to
 e-Innovation is excluded to the extent permitted by law.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72705t=72560
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX DNS Issue [7:72685]

[[EMAIL PROTECTED]]

PIX treats DNS queries little different, especially replies.  The client
has the potential of contacting multiple DNS servers sequentially in the
event the first one experiencing some delays.  The PIX keeps track of
all them and allows one reply to come back through.  I'm not sure if
things changed in the version but its a good idea to check..  HTH

Thanks...Nabil

I have never let my schooling interfere with my education.


   
   
  Andrew
Larkins
 
cc:
  Sent by:   Subject:  RE: PIX DNS Issue
[7:72685]
 
[EMAIL PROTECTED]
 
om
   
   
   
   
  07/21/2003 09:41
AM
  Please respond
to
  Andrew
Larkins
   
   
   
   




Please send the config and we can have a look.

-Original Message-
From: Tunde Kalejaiye [mailto:[EMAIL PROTECTED]
Sent: 21 July 2003 11:57
To: [EMAIL PROTECTED]
Subject: PIX DNS Issue [7:72685]


I swapped a router running ios firewall with a pix 506e and i have been
having
all sorts of issues. first, is the DNSall clients use an internal
DNS
server which forwards all request to an external DNS serverthis
works
fine
with the router but with the PIX it doesnt work. when i configured the
clients
to use the external DNS server everything worked fine. The pix box is
running
the 6.3 code.


i know i am missing something...but can't figure it out yet...i really
would
appreciate any comments.

regards,

Tunde




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72706t=72685
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: We (Cisco mailing list) are moving ... [7:72060]

[brian dell]

paul,

then why not provide for links to cert books, router simulators etc.

cert books from sybex and cisco press can be a good start and if you can
request the merchant (amazon as you mentioned) to provide a promotion code
then during checkout one could put that code and may be (may be) amazon
could give some $$ off to us as well, like free shippping (just an example).
so its a win-win for all, amazon, groupstudy and us !!!  (i am pretty sure
amazon could provide that to a site like groupstudy)

thanks


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72707t=72060
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX DNS Issue [7:72685]

[Stevo]

You know I've had similar weirdness with my Pix (6.3) and DNS.

I have 2 internal AD DNS servers and 2 external BIND DNS servers.  The 2
external DNS servers sit outside the PIX and AD DNS server obviously sit
behind the Pix on the inside network.

I have a host mail that has a different DNS entry on both internal and
external name servers.  Let's say internally the IP is 10.1.1.10 and
externally 203.132.60.10.  When I am on a host on the internal network and
query the external name server it seems like the response comes from the
internal dns server...  example below:

I'm trying to resolve mail on the external name server.  When I'm on the
external name server (or outside the Pix) the response is always
203.132.60.10.  However, when I'm on an internal host and do a look up
against the external name server I get 10.1.1.10 as the answer everytime!

So it seems like the Pix is grabbing that DNS query and sending it to the
internal name server instead of letting it through...

Any ideas as to why??

Stevo


 wrote in message
news:[EMAIL PROTECTED]
 PIX treats DNS queries little different, especially replies.  The client
 has the potential of contacting multiple DNS servers sequentially in the
 event the first one experiencing some delays.  The PIX keeps track of
 all them and allows one reply to come back through.  I'm not sure if
 things changed in the version but its a good idea to check..  HTH

 Thanks...Nabil

 I have never let my schooling interfere with my education.



   Andrew
 Larkins

 cc:
   Sent by:   Subject:  RE: PIX DNS
Issue
 [7:72685]

 [EMAIL PROTECTED]

 om


   07/21/2003 09:41
 AM
   Please respond
 to
   Andrew
 Larkins






 Please send the config and we can have a look.

 -Original Message-
 From: Tunde Kalejaiye [mailto:[EMAIL PROTECTED]
 Sent: 21 July 2003 11:57
 To: [EMAIL PROTECTED]
 Subject: PIX DNS Issue [7:72685]


 I swapped a router running ios firewall with a pix 506e and i have been
 having
 all sorts of issues. first, is the DNSall clients use an internal
 DNS
 server which forwards all request to an external DNS serverthis
 works
 fine
 with the router but with the PIX it doesnt work. when i configured the
 clients
 to use the external DNS server everything worked fine. The pix box is
 running
 the 6.3 code.


 i know i am missing something...but can't figure it out yet...i really
 would
 appreciate any comments.

 regards,

 Tunde




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72711t=72685
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: Anyone using Qwest PRN ? [7:72704]

[Peter van Oene]

At 04:31 PM 7/21/2003 +, John Neiberger wrote:
Are any of you using Qwest PRN? If so, I have a few questions for you:

1. How do you like it so far?
2. Did you migrate from something else? If so, how did the migration go?
3. Any 'gotchas' that you learned later that you wish you'd learned sooner?
4. How does the service compare to what you were using before?
5. How many sites do you have? Is this solution scaling well for you?

Hey John,

What is PRN? Private routed network? Can't seem to find much about it in my 
brief googling.


Of course, it's not necessary to answer every question. I'm just doing some
research on their solution and thought I'd check around here for
references.

Thanks,
John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72708t=72704
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: Anyone using Qwest PRN ? [7:72704]

[John Neiberger]

Peter van Oene wrote:
 
 At 04:31 PM 7/21/2003 +, John Neiberger wrote:
 Are any of you using Qwest PRN? If so, I have a few questions
 for you:
 
 1. How do you like it so far?
 2. Did you migrate from something else? If so, how did the
 migration go?
 3. Any 'gotchas' that you learned later that you wish you'd
 learned sooner?
 4. How does the service compare to what you were using before?
 5. How many sites do you have? Is this solution scaling well
 for you?
 
 Hey John,
 
 What is PRN? Private routed network? Can't seem to find much
 about it in my
 brief googling.
 
 
 Of course, it's not necessary to answer every question. I'm
 just doing some
 research on their solution and thought I'd check around here
 for
 references.
 
 Thanks,
 John
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72709t=72704
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: Anyone using Qwest PRN ? [7:72704]

[John Neiberger]

Peter van Oene wrote:
 
 At 04:31 PM 7/21/2003 +, John Neiberger wrote:
 Are any of you using Qwest PRN? If so, I have a few questions
 for you:
 
 1. How do you like it so far?
 2. Did you migrate from something else? If so, how did the
 migration go?
 3. Any 'gotchas' that you learned later that you wish you'd
 learned sooner?
 4. How does the service compare to what you were using before?
 5. How many sites do you have? Is this solution scaling well
 for you?
 
 Hey John,
 
 What is PRN? Private routed network? Can't seem to find much
 about it in my
 brief googling.
 

Oops. Accidentally hit post before adding any content.  ;-)

Yes, it stands for Private Routed Network. It's a very interesting solution.
Our hub sites would participate in OSPF with their network, while our spoke
sites would use static routing. The PRN would have static routes pointing to
our spoke sites and those statics would be redistributed into OSPF.

The biggest downside to this is that we'd have to contact Qwest each time we
added a new subnet at a branch, but I suppose that just means we'd need to
plan ahead better.

This solution buys us a few things over our current frame relay network.
Each site has a full pipe into the PRN instead of multiple PVCs sharing a
single link, and we don't have to deal with CIR. From the perspective of our
routers each site is one hop away from any other site. These combination of
these features will allow us to proceed with VoIP throughout our network,
which is not feasible with the current frame relay network.

John


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72710t=72704
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Two ABRs on the same area - requirements [7:72587]

[alaerte Vidali]

Thanks,

The challenge I am facing is to improve the OSPF design of a network that is
in production, without changing the existing WAN links. The area 5 is bigger
than I think it would be ideal (there are 56 routers) and  there is no
interesting traffic between all the spoke routers in the area, as Howard
mentioned.

In the beginning I were wondering about transforming R1 in an ABR; but I
gave up because the stability of the backbone (R1 is not so powerful as the
others, R2 and R3). Also, today there are two ABRs  in area 5, and it would
have just 1 ABR with this change.
Now I am considering to change the spoke routers connected to R3 to a new
area. Today there is only one exit point for the spoke routers connected to
R3, and it would not be changed.

R3 would be connected to R2 (through area 0 and area 5) and to R1 (through
area 5), as it is today.
R2 and R3 would be the ABR for area 5; no changes here.
R1 has an ATM link to its two ABRs, R2 and R3. The main link is to R2; the
link to R3 is a backup.
R3 would participate in area 5 just because the existing WAN link to R1.
R3 would be the ABR for the new area, probably area 6.
The benefit is a small database for area 5 and area 6, without flooding
information where it is not useful.


Is there a document explaining the rules of summarization when there are two
ABRs on a area?


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72712t=72587
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: Anyone using Qwest PRN ? [7:72704]

so, John, whatever happened to the MPLS network they were trying to sell you
a while back? what advantage does PRN have vis a vis MPLS such that Quest is
no longer trying to convince you to buy it?

inquiring minds need to know :-


John Neiberger  wrote in message
news:[EMAIL PROTECTED]
 Peter van Oene wrote:
 
  At 04:31 PM 7/21/2003 +, John Neiberger wrote:
  Are any of you using Qwest PRN? If so, I have a few questions
  for you:
  
  1. How do you like it so far?
  2. Did you migrate from something else? If so, how did the
  migration go?
  3. Any 'gotchas' that you learned later that you wish you'd
  learned sooner?
  4. How does the service compare to what you were using before?
  5. How many sites do you have? Is this solution scaling well
  for you?
 
  Hey John,
 
  What is PRN? Private routed network? Can't seem to find much
  about it in my
  brief googling.
 

 Oops. Accidentally hit post before adding any content.  ;-)

 Yes, it stands for Private Routed Network. It's a very interesting
solution.
 Our hub sites would participate in OSPF with their network, while our
spoke
 sites would use static routing. The PRN would have static routes pointing
to
 our spoke sites and those statics would be redistributed into OSPF.

 The biggest downside to this is that we'd have to contact Qwest each time
we
 added a new subnet at a branch, but I suppose that just means we'd need to
 plan ahead better.

 This solution buys us a few things over our current frame relay network.
 Each site has a full pipe into the PRN instead of multiple PVCs sharing a
 single link, and we don't have to deal with CIR. From the perspective of
our
 routers each site is one hop away from any other site. These combination
of
 these features will allow us to proceed with VoIP throughout our network,
 which is not feasible with the current frame relay network.

 John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72713t=72704
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Bandwidth, QoS, and Contention networks [7:72645]

[Priscilla Oppenheimer]

I hear you Chuck. I think microsegmentation (that's what we used to call it,
as you know I'm sure) was definitely oversold by the marketing types.
Microsegmentation to a point certainly makes sense. I troubleshooted quite a
few shared Ethernet networks that were approaching meltdown because of too
many users sharing the bandwidth. But for most applications, 100 full duplex
to the desktop isn't actually necessary. Links that carry multiple users'
data need more bandwidth, but a link that just carries a single user's data
for a user doing ordinary typical applications, will use a minimal amount of
that 100 Mbps.

I challenge my students to try to use just 10 Mbps. They are shocked at how
hard it is.

We tend to lose sight of the fact that switches do have some disadvantages
too. They are more complex and more likely to have problems than hubs. They
make protocol analysis difficult.

But we can't go backwards. It's getting harder and harder to even buy a hub!

But, as you say 11 Mbps shared RF, i.e. 802.11 is a step backwards, and it
works! I'm using it right now! Is it making me more productive? Absolutely
not. I'm trying to type on this awful little keyboard, looking at an
eensy-weensy screen, doing Group Study when I should be eating lunch and
decompressing and chatting (face-to-face) with colleauges. :-)

Last year I attended a security conference. I think it was the first time
they had wireless available. Much less work got done. All the guys sat
hunkered over their notebook computers, working and trying to attack each
other. The informal discussions that lead to brilliant ideas and
collaboration were much harder to start. It was up to the women to start
them. :-) Unforutately, we made up about 5% of the attendees.

OK, now it really is lunch time. I hope some colleagues will be in the
cafeteria and we can talk in person.

Priscilla



Chuck Whose Road is Ever Shorte wrote:
 
 Zsombor Papp  wrote in message
 news:[EMAIL PROTECTED]
  I think comparing shared wireless to dedicated wired
 connections is a bit
 of
  an apple vs orange contest. You can get shared wireless where
 you can't
 get
  anything else (e.g. walking from one meeting room to the
 other, or
 attending
  a meeting with 10 other people in a room where there are only
 4 wired
  ports), so obviously it is better than all the other choices.
 If you can
  choose between a 100Mbps switch port and a 11Mbps shared
 wireless link
  without sacrificing anything (e.g. in case of servers or
 desktop
 machines),
  then the 100Mbps switch port is obviously better.
 
 well sure. one of the other reasons I got to pondering the
 original question
 ( are we overselling the value of bandwidth? ) is the following:
 
 http://newsroom.cisco.com/dlls/video_audio_archive/?video
 
 check out the long reach ethernet presentation, maybe 3/4 down
 the page.
 
 LRE can provide up to 5 megabits full duplex over cat 3 phone
 wire - data
 and voice. after viewing the presentation, you tell me - is
 this not saying
 that 5 megabits is more than adequate for voice, video, etc?
 
 as for wireless - I fully understand that the requirements of
 the
 application drive the need for bandwidth. I'm just asking - if
 people are
 more productive, despite the obvious lack of bandwidth, and
 despite the step
 back to a contention medium, is there something to be said
 about the
 perceived need for 100 megabits to the desktop?
 
 
 
 
 
 
  Thanks,
 
  Zsombor
 
  Chuck Whose Road is Ever Shorte wrote:
  
   Howard C. Berkowitz  wrote in message
   news:[EMAIL PROTECTED]
  
What's the medium cost between the two cities?  Can you
 use
   demand
circuits as a backup? Can you live with one more PVC and
   trust the
physical connection?  Is QoS-unpredictable cable or DSL
   available?
   
  
   Funny you should ask this, Howard. I've been struggling for
   several weeks
   how to pose the question. Have we, the engineering /
 technical
   sales
   community oversold the idea of dedicated bandwidth and QoS?
  
   Take, for example, wireless.
  
   Wireless is essentially a step backwards. For years we have
   been convincing
   customers to get rid of their hubs and move into a switched
   domain, with
   dedicated bandwidth for every user. This is often done in
 the
   name of
   productivity. Fewer interruptions of data streams, meaning
 work
   completed
   faster.Now all the wireless vendors ( Cisco included ) are
   producing studies
   showing how wireless is increasing productivity to the tune
 of
   an hour a
   day. On a shared contention medium. Cisco will shortly
 release
   their
   wireless telephone as part of their AVVID suite of products,
   competing with
   the SpectraLink product that has been available for a
 couple of
   years.
  
   All this gives one reason to re-evaluate what we have been
 told
   for the last
   couple of years. a contention medium provides the means for
   greater
   productivity?
  
   You mention QoS in your response above. QoS is 

Re: OT: Anyone using Qwest PRN ? [7:72704]

[John Neiberger]

I think this actually is an MPLS VPN, of sorts. It's been fairly hard for me
to get the nitty gritty details. As I see it, it's a layer 3 MPLS vpn with
OSPF as our 'interface' to their network but I may be wrong about that.

As someone else just mentioned, this service is expensive compared to frame
relay. In fact, at the moment it's about twice the monthly cost, but we're
quickly growing to a point where the frame network is not going to support
our goals. This solution looks pretty slick, I must admit.

John

 Chuck Whose Road is Ever Shorter  7/21/03 1:50:51
PM 
so, John, whatever happened to the MPLS network they were trying to sell
you
a while back? what advantage does PRN have vis a vis MPLS such that Quest
is
no longer trying to convince you to buy it?

inquiring minds need to know :-


John Neiberger  wrote in message
news:[EMAIL PROTECTED]
 Peter van Oene wrote:
 
  At 04:31 PM 7/21/2003 +, John Neiberger wrote:
  Are any of you using Qwest PRN? If so, I have a few questions
  for you:
  
  1. How do you like it so far?
  2. Did you migrate from something else? If so, how did the
  migration go?
  3. Any 'gotchas' that you learned later that you wish you'd
  learned sooner?
  4. How does the service compare to what you were using before?
  5. How many sites do you have? Is this solution scaling well
  for you?
 
  Hey John,
 
  What is PRN? Private routed network? Can't seem to find much
  about it in my
  brief googling.
 

 Oops. Accidentally hit post before adding any content.  ;-)

 Yes, it stands for Private Routed Network. It's a very interesting
solution.
 Our hub sites would participate in OSPF with their network, while our
spoke
 sites would use static routing. The PRN would have static routes pointing
to
 our spoke sites and those statics would be redistributed into OSPF.

 The biggest downside to this is that we'd have to contact Qwest each time
we
 added a new subnet at a branch, but I suppose that just means we'd need
to
 plan ahead better.

 This solution buys us a few things over our current frame relay network.
 Each site has a full pipe into the PRN instead of multiple PVCs sharing a
 single link, and we don't have to deal with CIR. From the perspective of
our
 routers each site is one hop away from any other site. These combination
of
 these features will allow us to proceed with VoIP throughout our network,
 which is not feasible with the current frame relay network.

 John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72718t=72704
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: mac address filtering [7:72684]

[David j]

I know that the following is not MAC security based, but I think you are
looking for something like EAPOL Security. Here is a link
http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a008007f395.html

Skarphedinsson Arni V. wrote:
 
 Hi
 
 I have some catalyst 2950 and 3550 switches, that I need to
 control the mac addresses of the machines that are alowed to
 connect to the switches, i.e. something similar to port
 security, but i dont want to configure it per port, but rather
 for a whole switch or vlan, what would be the best way to
 accomplish this ?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72714t=72684
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX DNS Issue [7:72685]

[jhodge]

You will have to use the alias command or static dns command to all
translation from internal to external.

CCO site has great examples of your situation.

Cheers,

Jamie

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Stevo
Sent: July 21, 2003 11:27 AM
To: [EMAIL PROTECTED]
Subject: Re: PIX DNS Issue [7:72685]

You know I've had similar weirdness with my Pix (6.3) and DNS.

I have 2 internal AD DNS servers and 2 external BIND DNS servers.  The 2
external DNS servers sit outside the PIX and AD DNS server obviously sit
behind the Pix on the inside network.

I have a host mail that has a different DNS entry on both internal and
external name servers.  Let's say internally the IP is 10.1.1.10 and
externally 203.132.60.10.  When I am on a host on the internal network
and
query the external name server it seems like the response comes from the
internal dns server...  example below:

I'm trying to resolve mail on the external name server.  When I'm on the
external name server (or outside the Pix) the response is always
203.132.60.10.  However, when I'm on an internal host and do a look up
against the external name server I get 10.1.1.10 as the answer
everytime!

So it seems like the Pix is grabbing that DNS query and sending it to
the
internal name server instead of letting it through...

Any ideas as to why??

Stevo


 wrote in message
news:[EMAIL PROTECTED]
 PIX treats DNS queries little different, especially replies.  The
client
 has the potential of contacting multiple DNS servers sequentially in
the
 event the first one experiencing some delays.  The PIX keeps track of
 all them and allows one reply to come back through.  I'm not sure if
 things changed in the version but its a good idea to check..  HTH

 Thanks...Nabil

 I have never let my schooling interfere with my education.



   Andrew
 Larkins

 cc:
   Sent by:   Subject:  RE: PIX DNS
Issue
 [7:72685]

 [EMAIL PROTECTED]

 om


   07/21/2003 09:41
 AM
   Please respond
 to
   Andrew
 Larkins






 Please send the config and we can have a look.

 -Original Message-
 From: Tunde Kalejaiye [mailto:[EMAIL PROTECTED]
 Sent: 21 July 2003 11:57
 To: [EMAIL PROTECTED]
 Subject: PIX DNS Issue [7:72685]


 I swapped a router running ios firewall with a pix 506e and i have
been
 having
 all sorts of issues. first, is the DNSall clients use an internal
 DNS
 server which forwards all request to an external DNS serverthis
 works
 fine
 with the router but with the PIX it doesnt work. when i configured the
 clients
 to use the external DNS server everything worked fine. The pix box is
 running
 the 6.3 code.


 i know i am missing something...but can't figure it out yet...i really
 would
 appreciate any comments.

 regards,

 Tunde




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72717t=72685
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT: Anyone using Qwest PRN ? [7:72704]

[Wilmes, Rusty]

I looked at Qwests VPN stuff a while back which I think is at least similar
in overall design to PRN.  Though there was benefit in this type of solution
over frame relay from a technical standpoint, there was no cost benefit
versus converting my frame network to point-to-point lines via local carrier
and maintaining control over my own network.  Their stuff at the time was
ungodly expensive.

I do have a Qwest Internet T1 that has been flawless and their support is
first rate.  Its been down twice.  The first time they had it fixed w/i 10
minutes of my call.  The second time was because we lost main power to the
building and it knocked out our perimeter router.  Qwest took the
initiative, and called me wondering why it was down about 3 hours after it
went down.  Verizon won't even guarantee a callback w/i 3 hours much less
initiate the investigation.  That said, we'll be moving it to an SBC
internet line in the near future due to the high MRC on the Qwest line.  

-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2003 11:02 AM
To: [EMAIL PROTECTED]
Subject: Re: OT: Anyone using Qwest PRN ? [7:72704]


Peter van Oene wrote:
 
 At 04:31 PM 7/21/2003 +, John Neiberger wrote:
 Are any of you using Qwest PRN? If so, I have a few questions
 for you:
 
 1. How do you like it so far?
 2. Did you migrate from something else? If so, how did the
 migration go?
 3. Any 'gotchas' that you learned later that you wish you'd
 learned sooner?
 4. How does the service compare to what you were using before?
 5. How many sites do you have? Is this solution scaling well
 for you?
 
 Hey John,
 
 What is PRN? Private routed network? Can't seem to find much
 about it in my
 brief googling.
 

Oops. Accidentally hit post before adding any content.  ;-)

Yes, it stands for Private Routed Network. It's a very interesting solution.
Our hub sites would participate in OSPF with their network, while our spoke
sites would use static routing. The PRN would have static routes pointing to
our spoke sites and those statics would be redistributed into OSPF.

The biggest downside to this is that we'd have to contact Qwest each time we
added a new subnet at a branch, but I suppose that just means we'd need to
plan ahead better.

This solution buys us a few things over our current frame relay network.
Each site has a full pipe into the PRN instead of multiple PVCs sharing a
single link, and we don't have to deal with CIR. From the perspective of our
routers each site is one hop away from any other site. These combination of
these features will allow us to proceed with VoIP throughout our network,
which is not feasible with the current frame relay network.

John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72716t=72704
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Two ABRs on the same area - requirements [7:72587]

[Reimer, Fred]

Is there a document explaining the rules of summarization when there are
two ABRs on a area?

I believe you would summarize the same, unless you had special needs.  The
cumulative cost from the ABR back to the source of the traffic should allow
the routers in-between to choose the correct path.  So if you had:

RaRcRd
| | |
|  5  |  0  |
| | |
RbRdRe

Routers Rc and Rd would be the ABRs.  In summarizing into the backbone, or
summarizing out to area 5, you would setup the same summary ranges.
Assuming all links were the same cost, Ra would go through Rc in order to
get to anything in area 0 (assuming all networks were summarized) and Rb
would go through Rd.  Similarly, Rd would go through Rc in order to get to
anything in area 5, while Re would go through Rd.

Now, in the original question (unless I've gotten questions confused, which
is definitely possible), there was no link between Ra and Rb (and there
never was).  So, although they were both called area 5, they were in fact
two different areas.  Ra and Rb never shared the same database (assuming
that the link between Rc and Rd was in area 0) at any point in time.  If
they summarized their whole area (including routes off of both Ra and Rb
in the misguided thinking that both area 5's were the same area), then Rd
would send traffic destined for Rb to Rc, which wouldn't have a more
specific route for it.  Re would send traffic for Ra towards Rd, which also
wouldn't have a more specific route for that traffic.

As long as you have your areas properly connected, you shouldn't have to
worry about any special summarization requirements, other than if you want
traffic to flow a particular way due to bandwidth, cost of service, or some
other external consideration.

Fred Reimer - CCNA


Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050


NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.


-Original Message-
From: alaerte Vidali [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 21, 2003 3:06 PM
To: [EMAIL PROTECTED]
Subject: RE: Two ABRs on the same area - requirements [7:72587]

Thanks,

The challenge I am facing is to improve the OSPF design of a network that is
in production, without changing the existing WAN links. The area 5 is bigger
than I think it would be ideal (there are 56 routers) and  there is no
interesting traffic between all the spoke routers in the area, as Howard
mentioned.

In the beginning I were wondering about transforming R1 in an ABR; but I
gave up because the stability of the backbone (R1 is not so powerful as the
others, R2 and R3). Also, today there are two ABRs  in area 5, and it would
have just 1 ABR with this change.
Now I am considering to change the spoke routers connected to R3 to a new
area. Today there is only one exit point for the spoke routers connected to
R3, and it would not be changed.

R3 would be connected to R2 (through area 0 and area 5) and to R1 (through
area 5), as it is today.
R2 and R3 would be the ABR for area 5; no changes here.
R1 has an ATM link to its two ABRs, R2 and R3. The main link is to R2; the
link to R3 is a backup.
R3 would participate in area 5 just because the existing WAN link to R1.
R3 would be the ABR for the new area, probably area 6.
The benefit is a small database for area 5 and area 6, without flooding
information where it is not useful.


Is there a document explaining the rules of summarization when there are two
ABRs on a area?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72719t=72587
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: Anyone using Qwest PRN ? [7:72704]

[John Neiberger]

 Peter van Oene 7/21/03 3:26:30 PM 
Oops. Accidentally hit post before adding any content.  ;-)

Yes, it stands for Private Routed Network. It's a very interesting
solution.
Our hub sites would participate in OSPF with their network, while our
spoke
sites would use static routing. The PRN would have static routes pointing
to
our spoke sites and those statics would be redistributed into OSPF.

Cool.  I thought it was a IP VPN based network, but wasn't completely 
sure.  You might consider BGP at the hub site just to isolate your hub.  If

they wack up their PE box and give you way to many routes, it might become

painful.  Usually I recommend the provider asked the customer to run BGP or

RIP vs OSPF for this reason, but it makes sense from the customers 
perspective as well.   This also mitigates some messy backdoor scenarios 
that come up with spokes gain spoke to spoke or non VPN spoke to hub 
connections.

They mentioned that iBGP was an option but given our network design this
would complicate matters, at least as I understand it.



The biggest downside to this is that we'd have to contact Qwest each time
we
added a new subnet at a branch, but I suppose that just means we'd need
to
plan ahead better.

Spoke wise, can you not pre-provision some aggregate blocks to the spokes 
inline with growth expectations?  This would ease your provisioning 
pain.  I'd ask for portal capability for this as well (spoke static route 
adds).  They likely don't have it, but it isn't that hard to do and would 
likely be consistent with stuff they may already be considering.   In other

words, they won't likely be able to do it, but you might help them make it

happen sooner than later.


To some extent we can preprovision, especially if we stick to our addressing
scheme! Portal capability would be nice. I'll have to ask them about that.
Right now, route adds require a telephone call, or possibly an email. If I
had some web-based control, for example, I'd be quite thrilled.


I should note that I'm not directly familiar with their offering.

This solution buys us a few things over our current frame relay network.
Each site has a full pipe into the PRN instead of multiple PVCs sharing a
single link, and we don't have to deal with CIR. From the perspective of
our
routers each site is one hop away from any other site. These combination
of
these features will allow us to proceed with VoIP throughout our network,
which is not feasible with the current frame relay network.

I take it sharing routing information wasn't a big concern for your 
company?  It seems to be for some, but I never saw the risk myself.

It was a concern for a moment, but upon further reflection we decided that
we're not really any worse off than we are right now. We're already at the
mercy of the provider, and if they have people internally who are willing to
attempt to gain useful information from our network connections then we're
in trouble already.  

John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72721t=72704
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Bandwidth, QoS, and Contention networks [7:72645]

[Priscilla Oppenheimer]

Quick addendum:

As Howard mentioned, the problem with a contention medium isn't only how
much bandwidth is available but also how quickly a station can access it. If
the stataion listens before it sends and can't send for long periods of time
because the medium is not free, this is bad news for voice and video.

Shared Ethernet has gone the way of LocalTalk, (almost?) but shared wireless
is gaining popularity, as Chuck has been saying. I haven't seen any studies
yet that address medium access delay on wireless networks based on load and
access characteristics, but maybe they will get published at some point,
(although it's pretty unpredicatable with bursy data sources, of course).

Suffice it to say, microsegmentation for wireless networks will be
necessary to some extent, just like it was with shared Ethernet, depending
on delay and delay variance requirements of the applications.

Priscilla

Chuck Whose Road is Ever Shorte wrote:
 
 Zsombor Papp  wrote in message
 news:[EMAIL PROTECTED]
  Chuck Whose Road is Ever Shorte wrote:
   after viewing the presentation, you tell me - is
   this not saying
   that 5 megabits is more than adequate for voice, video, etc?
 
  I don't think that was the point of the presention.
 Regardless, I can tell
  you that 5Mbps is enough for voice. :) For video, it depends
 on the
 quality.
 
 30 frame per second video over ISDN requires 3 ISDN lines ( 6
 B-channels )
 for a total of 384K. I've spoken about video over WAN links on
 several
 occasions with the video guy in my group. He tells me he likes
 to reserve
 500K over T1's typically.
 
 Howard, if your reading, I just looked over my unsent drafts of
 the question
 regarding bandwidth, and the point I failed to raise in this
 posted thread
 is that of global synchronization. One of the major benefits of
 such QoS
 mechanisms as RED and WRED is that the phenomenon of global
 synch can be
 controlled, meaning a more efficient use of bandwidth ( no
 periods of
 congestion followed by periods of  low activity because of the
 TCP backoff
 mechanisms )
 
 Now supposing, even in a contention medium, I could fine tune
 my queueing
 such that I no longer suffered from global synch. I set my
 voice queues and
 my delay sensative queues such that sufficient badwidth was
 available, and I
 used RED or WRED for the general queue. I'm wondering if there
 are studies
 done, papers in the IETF working groups demonstrating that
 given proper
 queueing mechanisms that less bandwidth is required or
 necessary?
 
 Cisco does offer downstream only QoS on their wireless product
 line. Not
 sure I understand the mechanism completely, but I have to
 believe it is
 based on enough solid study such that given a reasonable
 design, there would
 be less concern for voice in the mix. Recall that Cisco will
 soon be
 releasing their own wireless IP phone, and  the whole point of
 it is to
 provide untethered mobility throughout an enterprise.
 
 
 
 
   I'm just asking - if people are more productive,
   despite the obvious lack of bandwidth, and
   despite the step back to a contention medium,
   is there something to be said about the
   perceived need for 100 megabits to the desktop?
 
  I agree with Fred, such a perception is probably misguided in
 most cases.
  Most people are very happy even with their 1.5Mbps DSL line.
 But all this
  depends on what you want to do. Full-screen DVD quality video
 won't work
  over DSL. Even online gaming could use more than 1.5Mbps.
 FWIW, I've heard
  that in Korea, there is a serious market for dedicated
 100Mbps connections
  to the *home* due to wide-spread online gaming (I don't know
 if this is
  true, I find it a bit hard to believe).
 
 
 can't comment much regarding the needs of on-line gaming, but
 the guy
 teaching the wireless class two weeks ago said he was an avvid
 on line gamer
 and that his DSL was plenty fine for what he did. He also said
 he had a
 couple friends around his neighborhood who did on-line gaming
 via a sireless
 AP that he set up for their use. Don't know the particular
 game, so I can
 say as to whether it is the same one you play.
 
 
  Also consider that pure 10Mbps Ethernet interfaces are
 getting pretty
 rare;
  most of the Ethernet interfaces are 10/100. So in a campus
 network, in
 most
  cases, there is no real reason to not have 100Mbps to the
 desktop.
 
 indeed. and with three teenage boys around the house, I am
 happy to sell
 lots of these things in order to keep the refridgerator full.
 ;- yes, Mr
 Customer, you never can tell when your users will need this
 bandwidth, what
 with internet radio, lots of databases out there on the web,
 and all the
 e-mail attachments people need to read to get their work done.
 ;-
 
 
 
 
  Thanks,
 
  Zsombor
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72722t=72645
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: OT: Anyone using Qwest PRN ? [7:72704]

John Neiberger  wrote in message
news:[EMAIL PROTECTED]
 I think this actually is an MPLS VPN, of sorts. It's been fairly hard for
me
 to get the nitty gritty details. As I see it, it's a layer 3 MPLS vpn with
 OSPF as our 'interface' to their network but I may be wrong about that.

 As someone else just mentioned, this service is expensive compared to
frame
 relay. In fact, at the moment it's about twice the monthly cost, but we're
 quickly growing to a point where the frame network is not going to support
 our goals. This solution looks pretty slick, I must admit.


you shopped this to WorldCom or ATT? Those two bad boys have been pretty
agressive in the WAN market, at least in these parts. You might be able to
get some decent ATM and FRATM setups, in which case Qwest might revisit
their pricing. ;-



 John

  Chuck Whose Road is Ever Shorter  7/21/03 1:50:51
 PM 
 so, John, whatever happened to the MPLS network they were trying to sell
 you
 a while back? what advantage does PRN have vis a vis MPLS such that Quest
 is
 no longer trying to convince you to buy it?

 inquiring minds need to know :-


 John Neiberger  wrote in message
 news:[EMAIL PROTECTED]
  Peter van Oene wrote:
  
   At 04:31 PM 7/21/2003 +, John Neiberger wrote:
   Are any of you using Qwest PRN? If so, I have a few questions
   for you:
   
   1. How do you like it so far?
   2. Did you migrate from something else? If so, how did the
   migration go?
   3. Any 'gotchas' that you learned later that you wish you'd
   learned sooner?
   4. How does the service compare to what you were using before?
   5. How many sites do you have? Is this solution scaling well
   for you?
  
   Hey John,
  
   What is PRN? Private routed network? Can't seem to find much
   about it in my
   brief googling.
  
 
  Oops. Accidentally hit post before adding any content.  ;-)
 
  Yes, it stands for Private Routed Network. It's a very interesting
 solution.
  Our hub sites would participate in OSPF with their network, while our
 spoke
  sites would use static routing. The PRN would have static routes
pointing
 to
  our spoke sites and those statics would be redistributed into OSPF.
 
  The biggest downside to this is that we'd have to contact Qwest each
time
 we
  added a new subnet at a branch, but I suppose that just means we'd need
 to
  plan ahead better.
 
  This solution buys us a few things over our current frame relay network.
  Each site has a full pipe into the PRN instead of multiple PVCs sharing
a
  single link, and we don't have to deal with CIR. From the perspective of
 our
  routers each site is one hop away from any other site. These combination
 of
  these features will allow us to proceed with VoIP throughout our
network,
  which is not feasible with the current frame relay network.
 
  John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72723t=72704
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

source specific m-cast error [7:72724]

[p b]

I'm testing a setup using source specific multicast.  On
the RPF interface for the target source IP (192.168.25.25)
I've configured the following command:

ip igmp static-group 232.232.232.232 source 192.168.25.25

This seems to get the right messages forwarded up towards
the source in order to get the SPT built.  

However, when I reboot this router, I see the following
error message in the boot output:

  Accepting source reports only for groups in ssm
   range, 192.168.25.25 ignored

and the above ip igmp static-group command is removed
from the running config.

Anyone seen this before or understand why the command is
being removed?  Should I be doing something different to
statically cause the interface to join the SSM channel?

Thanks







Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72724t=72724
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: basic PRI question. [7:72691]

[wisnu]

Yes, you can do that
you are need to setup up DDR
then setup backup interface on leased line interface to that DDR
and then setup the interface PRI become member that DDR
so the interface of the DDR will be stand by, not the interface of the PRI
install the route through PRI with higher AD


wisnu

Stuart Pittwood  wrote in message
news:[EMAIL PROTECTED]
 I know this is basic  the answer is probably yes but I'll ask anyway

 We have a 1Mb leased line betweem two sites, if we also had 8 channels of
a
 PRi at both sites, in the event that the leased line was unavailble could
 the available PRI channels multilink and dial into the remote site to give
 at least some connectivity if yes, could these channels also be used for
 remote access when they are not needed as a backup to the leased line.

 Any input appreciated.

 Thanks

 Stu P




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72725t=72691
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: Anyone using Qwest PRN ? [7:72704]

[Peter van Oene]

At 07:58 PM 7/21/2003 +, John Neiberger wrote:
I think this actually is an MPLS VPN, of sorts. It's been fairly hard for me
to get the nitty gritty details. As I see it, it's a layer 3 MPLS vpn with
OSPF as our 'interface' to their network but I may be wrong about that.

This sounds exactly like a 2547bis based IP VPN.

As someone else just mentioned, this service is expensive compared to frame
relay. In fact, at the moment it's about twice the monthly cost, but we're
quickly growing to a point where the frame network is not going to support
our goals. This solution looks pretty slick, I must admit.

Keep in mind that this solution involves the provider managing aspects of 
your WAN routing which involves a different level of attention from them 
then you would see with a traditional layer two network.  Usually, this 
type of service commands a premium, but the market tends to dictate pricing 
in many areas (depending upon where you are located).

Pete


John

  Chuck Whose Road is Ever Shorter  7/21/03 1:50:51
PM 
so, John, whatever happened to the MPLS network they were trying to sell
you
a while back? what advantage does PRN have vis a vis MPLS such that Quest
is
no longer trying to convince you to buy it?

inquiring minds need to know :-


John Neiberger  wrote in message
news:[EMAIL PROTECTED]
  Peter van Oene wrote:
  
   At 04:31 PM 7/21/2003 +, John Neiberger wrote:
   Are any of you using Qwest PRN? If so, I have a few questions
   for you:
   
   1. How do you like it so far?
   2. Did you migrate from something else? If so, how did the
   migration go?
   3. Any 'gotchas' that you learned later that you wish you'd
   learned sooner?
   4. How does the service compare to what you were using before?
   5. How many sites do you have? Is this solution scaling well
   for you?
  
   Hey John,
  
   What is PRN? Private routed network? Can't seem to find much
   about it in my
   brief googling.
  
 
  Oops. Accidentally hit post before adding any content.  ;-)
 
  Yes, it stands for Private Routed Network. It's a very interesting
solution.
  Our hub sites would participate in OSPF with their network, while our
spoke
  sites would use static routing. The PRN would have static routes pointing
to
  our spoke sites and those statics would be redistributed into OSPF.
 
  The biggest downside to this is that we'd have to contact Qwest each time
we
  added a new subnet at a branch, but I suppose that just means we'd need
to
  plan ahead better.
 
  This solution buys us a few things over our current frame relay network.
  Each site has a full pipe into the PRN instead of multiple PVCs sharing a
  single link, and we don't have to deal with CIR. From the perspective of
our
  routers each site is one hop away from any other site. These combination
of
  these features will allow us to proceed with VoIP throughout our network,
  which is not feasible with the current frame relay network.
 
  John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72726t=72704
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX DNS Issue [7:72685]

[Bikespace]

Careful if anybody is using PDM because it doesn't support the alias
command, so will limit you to monitoring only if you use it in the CLI.

You can use static outbound NAT instead. Anyone got any other tricks for
this?

Bikespace


jhodge  wrote in message
news:[EMAIL PROTECTED]
 You will have to use the alias command or static dns command to all
 translation from internal to external.

 CCO site has great examples of your situation.

 Cheers,

 Jamie

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
 Stevo
 Sent: July 21, 2003 11:27 AM
 To: [EMAIL PROTECTED]
 Subject: Re: PIX DNS Issue [7:72685]

 You know I've had similar weirdness with my Pix (6.3) and DNS.

 I have 2 internal AD DNS servers and 2 external BIND DNS servers.  The 2
 external DNS servers sit outside the PIX and AD DNS server obviously sit
 behind the Pix on the inside network.

 I have a host mail that has a different DNS entry on both internal and
 external name servers.  Let's say internally the IP is 10.1.1.10 and
 externally 203.132.60.10.  When I am on a host on the internal network
 and
 query the external name server it seems like the response comes from the
 internal dns server...  example below:

 I'm trying to resolve mail on the external name server.  When I'm on the
 external name server (or outside the Pix) the response is always
 203.132.60.10.  However, when I'm on an internal host and do a look up
 against the external name server I get 10.1.1.10 as the answer
 everytime!

 So it seems like the Pix is grabbing that DNS query and sending it to
 the
 internal name server instead of letting it through...

 Any ideas as to why??

 Stevo


  wrote in message
 news:[EMAIL PROTECTED]
  PIX treats DNS queries little different, especially replies.  The
 client
  has the potential of contacting multiple DNS servers sequentially in
 the
  event the first one experiencing some delays.  The PIX keeps track of
  all them and allows one reply to come back through.  I'm not sure if
  things changed in the version but its a good idea to check..  HTH
 
  Thanks...Nabil
 
  I have never let my schooling interfere with my education.
 
 
 
Andrew
  Larkins
 
  cc:
Sent by:   Subject:  RE: PIX DNS
 Issue
  [7:72685]
 
  [EMAIL PROTECTED]
 
  om
 
 
07/21/2003 09:41
  AM
Please respond
  to
Andrew
  Larkins
 
 
 
 
 
 
  Please send the config and we can have a look.
 
  -Original Message-
  From: Tunde Kalejaiye [mailto:[EMAIL PROTECTED]
  Sent: 21 July 2003 11:57
  To: [EMAIL PROTECTED]
  Subject: PIX DNS Issue [7:72685]
 
 
  I swapped a router running ios firewall with a pix 506e and i have
 been
  having
  all sorts of issues. first, is the DNSall clients use an internal
  DNS
  server which forwards all request to an external DNS serverthis
  works
  fine
  with the router but with the PIX it doesnt work. when i configured the
  clients
  to use the external DNS server everything worked fine. The pix box is
  running
  the 6.3 code.
 
 
  i know i am missing something...but can't figure it out yet...i really
  would
  appreciate any comments.
 
  regards,
 
  Tunde




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72728t=72685
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

a song for all of us [7:72729]

[nettable_walker]

Over the mountain, take me across the sky
Something in my monitor, something bridged inside
Where did I wander? where d'ya think I telnet'ed to?
I've seen Cisco's magic astral plane. I'll use the CLI to get through

I heard them tell me that this land of BGP peers was now
I told them I had ridden high speed fault tolerant rings
And said I'd show them how

Over and over, always tried to get that cert
Living in a term server, only place I had to stay
Fever of a upgrade burning in me many hops away
People around me talking to the CCO

I heard them tell me that this land of hot swappable cards was now
I told them I had ridden SRT bridge groups  seen the RIF's
And said I'd show them how

Don't need no CCIE, it's inside of you and me
Firewall has a deny all
IPX just won't go away.
You don't need a route-map to log on with me.
DLSw is the solution.  Remote peer back to me.

Over and over, where did that .pdf  go to ?
Over and under, in between the debug's and reloads
Under and under, something that they said in class -
Mind on a lunch break, SmartNET contract goes 'round and round
After the meltdown, kissing VISIO inlaid clouds
Where is the Network Designer?  He said MPLS would make me understand.
Another round of layoff's. Looking for those stupid ROM chips
Watching my packet's disappear into the broadcast domain
Can't remember the command ! Now I remember why !

Don't need no CCIE, it's inside of you and me
Nortel's might as well go out of business.
Maybe the boss will understand.
Can't keep working all these hours.  Stock options were supposed to expand.
You don't need an extended ACL to route with me, I'm free - yeah!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72729t=72729
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]