802.1x authentication - minimal requirements? [7:74563]
Hi, Im new to this list(first post, been watching it for a while though) I'm having a hard time trying to find the minimal requirements for 802.1x authentication. Like what version of Cisco Secure ACS do I need (is 3.0 enough?) Are all switches supported (like 3500XL for example) And what would be the minimal iso requirements for the 3500 (if supported) and 2950... Does anyone of you know this? Thanks in Advance - Jsnatan ^sr Jsnasson Net Admin [EMAIL PROTECTED] - Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74563&t=74563 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
PPP Question [7:74568]
Hiyah guys, I have a question on PPP CHAP. From the various sources, we just need to declare the remote router's username and have the same password, apply CHAP on the PPP serial interfaces and the link will be up. In my case, it doesn't work. It became a flapping link. I am using a 2500 and 2600 router to run PPP. Instead, I have to configure this: Router1 Username Router2 password abc Username Router1 password abc Router2 Username Router1 password abc Username Router2 password abc Applying CHAP now will have the link up. Any comments on this matter would be appreciated. Thanks. Kenneth Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74568&t=74568 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: 802.3x switch traffic disruption [7:74455] [7:74455]
But you always have to consider caveat lector Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: annlee [mailto:[EMAIL PROTECTED] Sent: Friday, August 29, 2003 2:25 PM To: [EMAIL PROTECTED] Subject: Re: 802.3x switch traffic disruption [7:74455] Netgear does have its problems... http://www.dslreports.com/shownews/31774?mode=flat That said, all the inexpensive devices have problems of one sort or another. I think it's a case of getting what you paid for / caveat emptor. For small networks clients, I always try to get them to buy one step higher quality than they wanted to pay for (since if they understood the ramifications, they wouldn't need me). It rarely works though ... which does tend to lead to repeat business... Annlee Priscilla Oppenheimer wrote: > It sounds like the Netgear Layer 2 802.3 flow control is buggy. It sounds > like you can't turn it off, though, because it's not a managed switch. > Should have bought Cisco!? :-) > > You can turn it off on the workstations, though, and I would somewhat > hesitantly recomment that. You might risk other problems by disabling it. > Flow control should be negotiated with autonegotiation, but we know how well > that works for duplex mode. Nontheless, if it were me, I think I would turn > it off on the workstations carefully, as a test to start with. > > I'd be interested in other people's opinions, but I think flow control at > the data-link-layer is risky and unnecessary anyway. > > No offence to Netgear (really!) but I'm not sure I would trust them to do it > right, especially on a low-end switch. So, let's say a switch port has been > flow controlled and told not to send any packets for a while. What does it > do with the packets? How much buffering can it support? Does it have > features to avoid head-of-the-line blocking? Will the flow control on that > interface cause problems for other interfaces? > > TCP already does end-to-end flow control. Of course, not every application > uses TCP, but a lot do. I think that's a better way to handle it. > > And one final comment, if you really need to be flow controlling traffic, > perhaps you should just upgrade the bandwidth? Ethernet flow control sounds > like a bandaid over a design problem to me > > What do others think? Do you use 802.3x flow control? Thanks. > > Priscilla > > > > [EMAIL PROTECTED] wrote: > >>I need some expert option on the following matter: >> >>I have a Netgear Fast Ethernet Switch FS608 (which does 802.3x >>Flow >>control) connected to a DLink 5 port switch (no flow control) >> >>Twice this week, the FS608 locked itself causing ALL traffic in >>the company >>to be disrupted. The problem was solved by power cycling the >>switch. >> >>All the clients on the FS608 have 3Com network cards that >>support flow >>control. >> >>Here are my questions: >> >>1) Are there some caviat in running 802.3x I am not aware of? >>I did >>extensive research before implementing this and did not find >>any issues with >>the implementation of the technology? >> >>2) Is there an issue of running 802.3x on one switch and not on >>the other? >> >>3) I could turn off the 802.3x feature on all the workstations >>but I can't >>turn it off on the FS608. This is NOT a managed switch. Any >>suggestion on >>how to troubleshoot this problem? >> >>Thank you, >> >>Pierre-Alex > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74569&t=74455 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PPP Question [7:74568]
The way chap works is one router has to "challenge" the other for Shared secret. If you look at it this way then you see the solutions If you do not want one router to challenge the other you can delete the Ppp authe chap or you can use ppp authe chap callin where you can say: "I will challenge the other just fo incoming calls and if he calls me I will not challenge him.." this way you need his username Bu you do not need your router's username in his database Try it! -Original Message- From: Kenneth [mailto:[EMAIL PROTECTED] Sent: Sunday, August 31, 2003 5:02 AM To: [EMAIL PROTECTED] Subject: PPP Question [7:74568] Hiyah guys, I have a question on PPP CHAP. From the various sources, we just need to declare the remote router's username and have the same password, apply CHAP on the PPP serial interfaces and the link will be up. In my case, it doesn't work. It became a flapping link. I am using a 2500 and 2600 router to run PPP. Instead, I have to configure this: Router1 Username Router2 password abc Username Router1 password abc Router2 Username Router1 password abc Username Router2 password abc Applying CHAP now will have the link up. Any comments on this matter would be appreciated. Thanks. Kenneth **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74571&t=74568 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Cisco ICS 7750 experiences [7:74481]
Hello,
I will be rolling out IPCC express and the 7750 in early Nov. at our call
center (65 agents) and HQ 27 VP exec types. These two sites will be
contacted by a PtP T1 just for voice. I am a little worried about call
quality; did you get the echo taken care of? Any other tips you can pass on
would be great. We have very simple call flow so the IPCC I am not to
worried about but the whole project could effect 70% of our revenue (the
call center) which equals about 80 million so I am stressed. :(
I have decide to have 1 7940 on each desk and media termination points
installed on the PCs for the CC agents to use. I feel this gives them the
opportunity to use basically the soft phone but not relying on the PC for
the sound card. Also not all desk our on the generator so if we lose power
everyone will still have a phone. All network equipment will be on the
generator. I am hoping by not using the PC sound card some of the voice
quality problems will not be an issue.
Let me know how it goes.
~Paul~
> -Original Message Snip-
> got it configured pretty quick and, once it was up and I was making calls
> across my PSTN, the only issues I had were a little echo. Other than
> that,
> it is
> a good system. VERY SCALABLE, yet compact. I like it.
>
> Rob Hugo
> Senior Network Engineer
> STL Technology Partners
---
{This E-mail scanned for viruses by Declude Virus/McAfee}
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74574&t=74481
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: PPP Question [7:74568]
This should work. You can be overriding the hostname and the password by using the interface commands: ppp chap hostname ... ppp chap password ... also one more thing that you can be aware: in an outgoing call, if you do not want to send an OUTGOING CHALLENGE you can be using the "callin" option like: ppp authen chap callin To: Sent: Sunday, August 31, 2003 5:02 AM Subject: PPP Question [7:74568] > Hiyah guys, > > I have a question on PPP CHAP. From the various sources, we just need to > declare the remote router's username and have the same password, apply CHAP > on the PPP serial interfaces and the link will be up. > > In my case, it doesn't work. It became a flapping link. I am using a 2500 > and 2600 router to run PPP. Instead, I have to configure this: > > Router1 > Username Router2 password abc > Username Router1 password abc > > Router2 > Username Router1 password abc > Username Router2 password abc > > Applying CHAP now will have the link up. > > > Any comments on this matter would be appreciated. Thanks. > > > Kenneth > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74572&t=74568 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: ooking for CCIE practice test. What boson test [7:74274]
Actually, I just purchased CCIE Test #3 by Dennis. I was having a little bit of trouble with the older version so I installed the latest version of the software, 5.10 I think, and everything was fixed. Not only that, but in Dennis's test, he has multimedia tutorials as well. I only saw one of them, "How to hack a 2500". Really cool study material. I swear, Boson just keeps getting better and better. If you have the money, about $40 per test, I would highly recommend you get both Bernard and Dennis. :) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74575&t=74274 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: 802.1x authentication - minimal requirements? [7:74563]
Use the Doc CD online... it has a wealth of information: http://www.cisco.com/univercd/home/home.htm 2950: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12114ea1/2950scg/sw8021x.htm 3550: http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114ea1/3550scg/sw8021x.htm Cheers, Jeff ""Jsnatan ^. Jsnasson"" wrote in message news:[EMAIL PROTECTED] > Hi, > > Im new to this list(first post, been watching it for a while though) > I'm having a hard time trying to find the minimal requirements for 802.1x > authentication. > > Like what version of Cisco Secure ACS do I need (is 3.0 enough?) > Are all switches supported (like 3500XL for example) > And what would be the minimal iso requirements for the 3500 (if supported) > and 2950... > > Does anyone of you know this? > > > Thanks in Advance > - > Jsnatan ^sr Jsnasson > Net Admin > [EMAIL PROTECTED] > - > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74576&t=74563 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
mpls fragmentation [7:74577]
does anyone know if using frame-mode mpls affects the mtu on an interface? i can't help thinking that sticking in an extra 32-bit header would mean reducing the amount of user data that could be carried by 32 bits - causing fragmentation if the data field is already at its max for a given interface... apologies if the question is an inane one, but i'm just starting to get into this ls thang thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74577&t=74577 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
