VPN 3015 using Windows 2000 Domain Authentication
Has anyone out there successfully implemented external domain authentication with the Cisco 3015 Concentrator on a Windows 2000 Domain Controller. The documentation out there does really focus on a "2000" domain authentication. Any pointers would be appreciated. Adam _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
No Subject
Anyone have any ideas?? HELP!! I have a 7204 router with IOS 12.0(7). I have a FastEthernet interface sub-interfaced into two (Fa0/0.1 and Fa0/0.2). They are set for isl 1 and isl 2 respectively. Fa0/0.1 is outside nat and Fa0/0.2 is inside nat. I am connected to a 3524 switch setup for VTP using ISL and divided into half for VLAN 1 and VLAN 2. VLAN1 is global (outside) and VLAN 2 is inside I have an access list setup to allow 192.168.250.0 from the inside and have setup a single global address for PAT translation. 1. This setup works fine when reaching the net on Fa0/0.1 (the outside). However I cannot reach the Internet which is out the routers serial ports. From VLAN 1 which is the outside, I can reach the internet with no problem. 2. I can ping all devices on VLAN 1 (outside) but not past there from the inside (VLAN2) except when I turn Proxy-Arp OFF. Once problems 1 & 2 are resolved, I'll need to solve the initial problem... 3. I tried to setup static maps to 6 terminal servers on the inside so I can manage them. The terminal servers are attached to phone lines and will recieve dial-up traffic. I cannot reach the devices I statically mapped (they show up correctly in the show ip nat trans command. I used the ip nat inside etc. command to map). When I checked ARP after trying to ping to these devices from the outside, the switch shows that "Encapuslation failed" and the show arp shows an "Incomplete" where the MAC address should be. I left this configuration overnight and the next morning, the MAC Address was in the table (actually the mac address of the routers ethernet interface as one would expect with NAT or proxy-arp) and I was able to reach the devices I statically mapped. However, when I added another, I ran into the same problem. Is this an issue where the router needs to be power cycled to allow for static maps??? I did find a tech article on Cisco's site, CSCdp22947, stating that there is an issue where the router will not send the MAC address for statically mapped devices using nat. However, it was with ios 12.0(7.1) and 12.0(7.2) and I have 12.0(7). Who knows?? Any help is greatly appreciated. I have wrestled this for several days. I have viewed millions of sample configs and they are all very simple and straight forward. I am beginning to think an IOS upgrade is in order here. However, the rest of the router config is complicated and with 4 T1s and 35 sites through frame relay with STUN encapsulation and IP all for Internet and AS400 access. S, I would rather not upgrade and risk NEW bugs causing problems with the mission critical stuff. But if I gotta. -- AT Bauer CPU Specialist _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NT domain access after connecting through VPN [7:66618]
>From my experiences in deploying both pix and the 3000 series concentrators, the question of 'seamless' authentication or access to network resources once connected to the vpn is always an issue. To get around this I have seen various methods utilized, each of which has catches and possibly user's computers altered which throws a wrench into things if we're talking home users PC's etc. Argh. The first method, is what you have already mentioned which is to have the cisco client load before the windows login prompt and establish the vpn, and then use the regular domain username and password, which will provide full resource authentication based on the NT account rights. I have been successful with this method and have found it to work quite reliably. The other methods I have used is kind of clunky in my own opinion which is a) have the users authenticate to the vpn, then distribute a batch file login script with the 'user' switch in it, which when executed will prompt the user for a password once, and then cache the authenticaiton credentials for future resource requests or b) Create a matching profile on the local machine that matches the username/password created in the NT database which will allow the seamleass authentication affect. As you can see, a & b are not scalable and require more configuration of the user's machine and ability on the user's part. I apologize for the long winded reply, and I hope this sheds some light on the topic. I am interested to hear of anyone else's solutions to this problem. Utltimately I think with your specific case, seamless authentication is your only route (ie. using the client boot before startup method) as the domain event logs will not prompt you to authenticate, in which case cached credentials have to be used. Cheers. Adam > I am using a PIX and VPN client 3.6 and getting in works just fine. Problem > is I want to connect to NT domain resources across the board after logging > into VPN. I know you can connect to network shares using alternate username > and password but for things like remote event logs on the domain, you don't > get prompted and will be denied. > > I am aware that you can have VPN connect before logging into Windows and > then log into the domain after VPN is connected but I don't want to alter > people's computers that are logging in locally. I would rather get access to > the domain after logging in locally and then the VPN. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66647&t=66618 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: PAT AFTER NAT...IS IT POSSIBLE??? [7:66672]
I knew this was possible on the pix, but have never configured it on an IOS router. It would be really appreciated if someone wouldn't mind posting a sample config as I cannot locate one on cisco's site or the netpro forum specific to IOS routers with both NAT and PAT configured like outlined in this post. Thanks. > Yes you can just take your nat statement (ip nat inside source list 1...) > and add the word overload on the end of the command. > > You will use a 1:1 NAT for the first set of users. Once your IP's are used > up you will use PAT. It is important to note that some issues arise with PAT > versus NAT like IPSEC or DLSW. > > just an fyi. -- Composed with Newz Crawler 1.3 http://www.newzcrawler.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66694&t=66672 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: PAT AFTER NAT...IS IT POSSIBLE??? [7:66672]
This is what I have run into in the past and I was almost certain that it was not possible. I set it up in the lab here with various configs and had the same result. As far as I was told in the last routing update I attended at our local cisco office, the SE's there confirmed that the PIX can be defined with a NAT Pool of addresses and then have the same pool statement entered only this time specifying the same address (ie. PAT) as an overload. They confirmed that the IOS router code does not function like this and that you would have to statically NAT those addresses that you wanted 1:1 on and then have a blanket PAT (overload) statement in to cover the rest. In the case of the original question with wanting to NAT 128 clients 1:1 and then have PAT for the rest, this would require a lot of configuration and to guarantee that 1:1 would occur (or to at least keep track of it) you would require static IPs on the clients wishing to 1:1 NAT. Hope I'm not flying way offline here but I believe this is the only way possible with an IOS router. Cheers > I've found that you cannot do this, at least not when you do nat to a pool > of addresses. You have to do static nat, then overload the rest. I tried > adding overload to the end of my existing nat statment with the pool, it > started PATing the addresses from the beginning. Instead of using the 1:1 > from the pool, then pating anything beyond that. > > ""Lee Carter"" wrote in message > news:[EMAIL PROTECTED] > > Yes you can just take your nat statement (ip nat inside source list 1...) > > and add the word overload on the end of the command. > > > > You will use a 1:1 NAT for the first set of users. Once your IP's are used > > up you will use PAT. It is important to note that some issues arise with > PAT > > versus NAT like IPSEC or DLSW. > > > > just an fyi. -- Composed with Newz Crawler 1.3 http://www.newzcrawler.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66712&t=66672 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Traffic Shaping web traffic will this work? [7:70559]
I would have to agree with Dom. CBWFQ is probably your best bet as you can set up your classes for the various traffic types that you have sniffed out. ""Elijah Savage"" wrote in message news:[EMAIL PROTECTED] > Not to mention I just realized after posting this my access-list is > screwed up it should be. > > Access-list should actually look like this > > Access-list 199 permit tcp any any eq www > > -Original Message- > From: Dom [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 11, 2003 11:49 PM > To: Elijah Savage; [EMAIL PROTECTED] > Subject: RE: Traffic Shaping web traffic will this work? [7:70559] > > It looks like a job for Class Based Weighted Fair Queueing (CBWFQing). > As you have already put a sniffer on to identify the legitimate traffic > etc it should be no problem to setup. > > If you require further assistance, please do not hesitate to contact me > off-list. > > Best regards, > > Dom Stocqueler > Zoo Keeper - SysDom Technologies > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Elijah Savage > Sent: 12 June 2003 02:50 > To: [EMAIL PROTECTED] > Subject: Traffic Shaping web traffic will this work? [7:70559] > > > All, > > Long story short we have a point to point t1 back to corporate. While > using nbar on the router along with sniffers 90% of the traffic is web > based and things like sql transfers and legitimate business traffic is > timing out because of congestion basically the t1 is maxed out during > working hours. At night legit traffic runs great no one in the office > and no http traffic and things are great. > > I know this is a management problem about appropriate use and management > knows also after I presented them with this data but they want to do > something short term to throttle http traffic. > > > Can I use generic traffic shaping like below so that http does not > consume no more than half of the link see below. > > Example > > int s0/0 > traffic-shape group 199 50 62500 62500 > > access-list 199 permit 80 any any > > > On CCO I can only find this done with standard access-list nothing about > extended access-list is mentioned that I can find. > http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configur > ation_guide_chapter09186a00800c60cc.html > > Thank you Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70580&t=70559 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pix NAT Config Question for Current "Secondary" Addresses [7:70635]
Hello, We are in the plans to add a 525 to a customers network which is currently utilizing a 6509 with ACL's for all intra-campus routing and interfacing to the internet. The internet is provided by a special ISP of sorts as it serves connectivity to various school districts in the county. The 6509 is currently utilizing secondary addresses on the internet vlan for TCP/IP based printing through nat. (hard to explain) ie. Interface vlan100 ip address 63.x.x.x 255.255.255.x ip address 192.168.10.x 255.255.255.0 secondary ip nat outside ip nat inside source static 10.10.10.10 192.168.10.5 (NAT'd TCP/IP Printer) Basically the ISD (ISP for school districts) has their routers configured to forward traffic destine for 192.168.10.x to the 63.x.x.x address on VLAN100 which in turn has a secondary on the 192.168.10.x subnet. From there the NAT takes place to the 10.10.10.10 internal printer. With the plans to add a pix to the network, my plans are to move the 63.x.x.x network to the outside interface and the inside will reside on a 10.x.x.x network consistent with the campus IP schema. My question is can similar functionality be taken over for the 'secondary' addressing NATs? I read a similar post that stated that as long as the upstream router from the ISD is configured to route properly for the NAT'd 192.168.10.x subnet to the outside of the PIX interface, I can from there have static NATs in the form of: static (inside,outside) 192.168.10.5 10.10.10.10 (or similar) Otherwise is there another way to accomplish this functionality similar to secondary address functionality of the IOS based platforms? Possibly trunking with logical interfaces using the 6.3 code? Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70635&t=70635 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: whois microsoft.com
http://www.cnn.com/2001/TECH/computing/01/24/microsoft.blackout.idg/index.ht ml http://slashdot.org/articles/01/01/24/1455247.shtml Adam Hickey [EMAIL PROTECTED] CCNA CCNP (in progress) _ "And One!" - Original Message - From: "Natasha" <[EMAIL PROTECTED]> To: "Allen May" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, January 24, 2001 1:26 PM Subject: Re: whois microsoft.com > Oh that is just so funny > To bad I can't paste the whois in here lol > > > Allen May wrote: > > > > Quick! do a whois no microsoft.com. It's been hacked ;) > > > > _ > > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > -- > Natasha Flazynski > 440.949.1399 > http://www.ciscobot.com > My Cisco information site. > http://www.botbuilders.com > Artificial Intelligence and Linux development > > A bus station is where a bus stops. > A train station is where a train stops. > On my desk, I have a work station... > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SH RUN reveals encrypted password
How readily available are these decryptors? I heard of them but I do not know anyone with one. > > ""Hans Stout"" <[EMAIL PROTECTED]> wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Hello colleagues, > > > > > > do you know if there is a way to make the line 'enable secret 5 > > > $1$vwIl$YEZxTVGPapUUVCD.c54Ya' invisible when doing a 'sh run' in user > > mode > > > ? The problem is that I want to allow RO access and also allow to execute > > > the 'sh run' command, but that with a password decryptor, one could eaily > > > decrypt the enable password. > > > Thanks for your help in advance. > > > > > > Regards, > > > > > > Hans > > > _ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AUX port connects to Console???
> I have four 25xx routers... but I don't have a terminal server = Using your example, you will need to connect the AUX port on R1 to the = CON port on R2, etc, etc. =20 Standard Cisco Roll-Over cable is needed. Config on the R1 should work with: line aux 0 access-class 1 in no exec exec-timeout 0 0 transport input all stopbits 1 flowcontrol hardware You will probably also need to: clear line aux 0 on the control router (or do a restart) before the config will work. You will then be able to telnet to R1 on TCP 2001 to gain console access = to R2. I do this on a 2509 so my AUX port is actually TCP 2009 as 2001-2008 are = used by Async Ports. Likewise on a 2511, AUX would be TCP 2017 as = 2001-2016 are used by Async Ports. Good Luck. Adam Burgess Brisbane, Australia _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP Books
Actually, I have to correct only one point made in the response below. There are a lot of people who are too lazy to search things out on the internet here. That is why we keep getting numerous questions that are answered either on cisco.com or the archives of the site. So this "send me free stuff" isn't surprising. Admittedly, I love free stuff too and will gladly take any help I can get provided I am not breaking any rules. So unless these PDF's that are being spoken of aren't copyrighted, I don't see the harm here. My $.02 Adam Hickey [EMAIL PROTECTED] CCNA CCNP (in progress) _ "And One!" - Original Message - From: "Andy" <[EMAIL PROTECTED]> To: "Robert Nickson" <[EMAIL PROTECTED]> Cc: "Tariq" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, January 30, 2001 12:21 AM Subject: RE: CCNP Books > > Because your contribution of 'send me free stuff too' is not something > that enriches the group nor helps one reach their goal of completing their > cisco certifications. There are plenty of repositories of Cisco > information across the net for you to peruse. Once the list degenerates > into 'send me free stuff too' then it is no longer useful. Most everyone > on this list is choosing to work hard, search the web for the information > they need, making a fiscal investment for the equipment and sacrificing > their time and lives to achieve these certifications. To have their time > wasted with your lazy 'send me free stuff too' request is the pinacle of > everything this list does not stand for. Try to stay focused in your > response next time also. I never mentioned anything about copyright, and > you rather trailed off into a mess of insults to the point they didn't > even make sense. Even a private reply would be appropriate. > > andy > > > On Tue, 30 Jan 2001, Robert Nickson wrote: > > > And why should they be banned.I thought the whole purpose of this list is to > > help people pass there Cisco exams not preach about copyright laws etc.If > > you personally don't wish to read mails about PDF requests then ignore > > them,don't let it bother you mate.Lifes to short,get abit more of a life. > > Air your fews on 'Points of View'They like moaners ! > > > > Bob > > > > -Original Message- > > From: Andy [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, January 30, 2001 7:46 AM > > To: Robert Nickson > > Cc: Tariq; [EMAIL PROTECTED] > > Subject: RE: CCNP Books > > > > > > > > I propose the word [pdf/PDF] are banned from this list. > > > > andy > > > > On Tue, 30 Jan 2001, Robert Nickson wrote: > > > > > Thats right > > > Can you send PDF books to me also !! > > > > > > Cheers > > > Bob > > > > > > -Original Message- > > > From: Tariq [mailto:[EMAIL PROTECTED]] > > > Sent: Tuesday, January 30, 2001 1:00 PM > > > To: [EMAIL PROTECTED] > > > Subject: CCNP Books > > > > > > > > > Hello Everybody. > > > > > > I am watching this news group from last 3/4 weeks. > > > Most of the people here are talking about CCNA PDF Files. > > > It seems that CCNA Guys are trying to help each other and they are sharing > > > their PDF files (E-Books). > > > > > > Now I want to ask from everybody that if anybody have CCNP PDF Files than > > we > > > can start sharing of our resources and exam experience. I am interested in > > > Routing PDF File. If you have please forward it to me > > > > > > Thanks > > > > > > Tariq > > > > > > _ > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > _ > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > _ > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re[2]: gsr12012 show command..
> The following is from a GSR 12012, running 12.0(10)S1 > router#sho int ser 1/0 > router#sho controllers serial 1/0 there also: r1#sh gsr Slot 0 type = Route Processor state = IOS Running PRIMARY Slot 1 type = 1 port ATM Over SONET OC12c/STM-4c state = Line Card Enabled Slot 2 type = 4 port ATM Over SONET OC-3c/STM-1 state = Line Card Enabled [...] LC-Slot1#show ver Cisco Internetwork Operating System Software IOS (tm) GS Software (GLC1-LC-M), Version 12.0(15)S, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Fri 26-Jan-01 18:42 by pwade Image text-base: 0x40010950, data-base: 0x4048 ROM: System Bootstrap, Version 12.0(2609:183828) [bdelaney-blizzard.commit 104], DEVELOPMENT SOFTWARE ROM: GS Software (GLC1-LC-M), Version 12.0(15)S, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) LC-Slot1 uptime is 17 hours, 37 minutes System restarted at 16:14:09 MET Tue Jan 30 2001 Running default software cisco OC12-ATM (R5000) processor (revision 0x02) with 262144K bytes of memory. R5000 CPU at 200Mhz, Implementation 35, Rev 2.1 Last reset from mbus reset Configuration register is 0x0 LC-Slot1#sh contr TX SAR (Patch 3.2.2) is Operational; RX SAR (Patch 3.2.2) is Operational; Interface Configuration Mode: STM-4 Active Maker Channels: total # 5 VCID VPI ChID Type OutputInfoInPkts InOAMs MacString 1 0 2D08 UBR0C019120 152740 2D08200003000800 00 2 0 2D28 UBR0C019140 00 2D28200003000800 00 3 0 2D48 UBR0C0191604020 2D48200003000800 00 4 0 2E88 UBR0C019180 3314750 2E88200003000800 00 5 0 2EA8 UBR0C0191A0 1522480 2EA8200003000800 00 SAR Counters: tx_paks459851 tx_abort_paks 0 tx_idle_cells 2584471704 rx_paks499189 rx_drop_paks 0 rx_discard_cells10 Host Counters: rx_crc_err_paks 0 rx_giant_paks 0 rx_abort_paks0 rx_crc10_cells 0 rx_tmout_paks0 rx_unknown_paks0 rx_out_buf_paks 0 rx_unknown_vc_paks 0 rx_len_err_paks 0 rx_len_crc32_err_paks 0 LC-Slot1#sh contr ? atmShow ATM controllers events LC event counters fiaFabric Interface ASIC info frfab From Fab (TX) io IO information l3 L3 information ratelimit Rate limit information rewrites L2 rewrite table tofab To Fab (RX) | Output modifiers -- Regards, Adam ObszyƱski ATM Inc. +48-22-5156418 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DR Election
Any network that can only has 2 OSPF routers (ie. Point-to-Point Serial) does not need to be involved in a DR/BDR election. Any other type of network (even and Ethernet network that only has two OSPF routers) is a 'Multiaccess segment'. Regards Adam Burgess Brisbane, Australia - Original Message - From: "pinoal" <[EMAIL PROTECTED]> Newsgroups: groupstudy.cisco To: <[EMAIL PROTECTED]> Sent: Wednesday, January 31, 2001 5:57 PM Subject: DR Election > > > Hi , > > From the OSPF Design Guide - Sam Halabi > > ' DR and BDR concepts are per multiaccess segment ' > > My question is what type of segments are considered as "multiaccess > segment" ? > > Ethernet , FR with Point-to-Multipoint with broadcast option enabled , any > others?? > > What does he mean by 'per multiaccess segment ' ? > > thanks > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
3640 PPP Authentication Issue
I have a 3640 with IP Plus 56 12.0(7)T. =20 The box connects to 3 different LANs using Ethernet. It has a 10 = channel PRI running 4 data and 6 voice channels, with aaa configured but = no external authentication is set (or needed), so all authentication is = based on local accounts. I would like to connect to another site with serial (2048Kbps unframed = data via G.703 convertor into X.21 interface), but this new link MUST = use PPP encapsulation, and the other end does not (or the admin will = not) support PPP authentication. The problem is that whenever I try to connect the serial line to the = router, aaa jumps in and decides that it needs to authenticate with the = remote end. I can't remove AAA as it will cause problems with the = existing data services running through this router. I am looking at the following possible configuration to my problem: aaa authentication NOAUTH none aaa authorization network NOAUTH none interface serial 2/0 encapsulation ppp ppp authentication chap pap NOAUTH ppp authorization NOAUTH Each time I try to bring the service over to this router it causes about = 10-15 minutes downtime (as the connection is currently running via = another router) and I would like to minimise that if possible. Any ideas ? Does anyone know if this will/will not work ? Thanks in advance. Adam Burgess Brisbane, Australia _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Radius server - which one should I use ?
Have you tried Internet Authentication Services that ships with Windows 2000? I have a couple of client sites running it with Cisco dial-in gear and no complaints so far. Adam Burgess Brisbane, Australia - Original Message - From: "Schimek, Hans" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, February 01, 2001 7:38 PM Subject: Radius server - which one should I use ? > Hi ! > > > can anyone recommend a windows-based radius server - > respectively can anyone send it to me - for test resons > > > thx > hans > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Looking for Cisco 4000/4500 in Australia
I am looking for a Second-Hand Cisco 4000 or 4500 in Australia or NZ if = possible. Unit must be working but I am not concerned with what modules are = installed, how much RAM it has, or what IOS is installed. Regards Adam Burgess Brisbane, Australia _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
route summarization in rip
Does anyone know if route summary is avaliable in rip (v1/v2) on the cisco router. I know it can be down in OSPF and EIGRP. Thanks Adam __ Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Telco guru question
Well, the first part makes sense. Dan West and I work together at Cable and Wireless. The BIPP in question is a T1 we have coming in to our office which used to be a part of MCInet before MCI merged w/ WorldCom and sold most of MCInet to C&W. Since the BIPP is a T1 coming into our office, I'm not so sure that the term would reference a regional POP. We have been having some issues with this line yesterday and really didn't understand what a BIPP was supposed to be. Thanks for the information. Adam Hickey [EMAIL PROTECTED] CCNA CCNP (in progress) _ "And One!" - Original Message - From: "Andy" <[EMAIL PROTECTED]> To: "Dan West" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, February 02, 2001 1:47 AM Subject: Re: Telco guru question > > MCINet's BIPP (Basic IP Platform). I have only heard MCI types use the > term so I think its internal to them. I remember one calling a large > regional POP a BIPP and mentioning there were only like 6 of them. > > andy > > On Fri, 2 Feb 2001, Dan West wrote: > > > Hi All, > > > > Any telco guys know what a "BIPP" (BIP)? refers to? > > One of our guys here says it's a circuit "out to the > > Internet". Better phrased, is BIPP something physical? > > circuit? card/slot? etc...I was thinking maybe it was > > where two LECS hand-off on a high cap customer > > circuit. > > > > OR Is it something like a demarq point? Thanks and > > have a great weekend! > > > > = > > Don't forget to cross your digits... > > Dan West -- CCNA, CCNP (in progress) > > > > __ > > Get personalized email addresses from Yahoo! Mail - only $35 > > a year! http://personal.mail.yahoo.com/ > > > > _ > > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Netflow
Daley, I have implemented NFFC (although only with SupIII cards - but I assume it all works the same) in the past, and configured them for data collection. Did you have a specific question about the NFFC? Adam - Original Message - From: "Okuwa, Daley" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, February 03, 2001 12:12 AM Subject: Cisco Netflow > hi all , > > Is there anyone who has used Cisco Netflow for collection of data > how can you enable cisco netflow on a cisco catalyst 5505 with supervisor > engine II G using a NFFC (Netflow Feature Card) > > Daley Okuwa > EDS Network services > Stockley Park > Tel no0181-5353144 > fax no 0181-7545983 > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: very confused with access-list, pls help!!
Chee Tong, > 1)I am very confused with access-list now, I have named my access-list as > below > > But I found when apply multiple access group in the int E0, > like below > Router(config-if)#ip access-group a3000 in > Router(config-if)#ip access-group range in > Router(config-if)#ip access-group telnet in > > but when I Router#sh run only ip access-group telnet in shown in the config > (the last one), where are the a3000, range ?? Only one access list may be applied per interface, per direction, at any given time. If you want all these access-list statements to work together, then you will need to put them into a single access list, ie: ip access-list extended MyGroovyStuff contents of a3000 ... contents of range ... contents of telnet ... Then apply the new list to your interface, ie: interface ethernet 0 ip access-group MyGroovyStuff in > 2)When I type sh access-list, why it shows me that access-group "range" is > still applied as shown below. Besides, why the line > permit tcp host 199.105.182.190 eq 8194 host 192.168.3.112 eq 8201 (17 > matches) and etc appear in the Extended IP access list telnet and I thought > it should show in the Extended IP access list range > I would guess that any matches on the 'a3000' and 'range' access lists (providing that you are applying them to your interface in the order you listed above) are as a result of 'hits' on the access list while you are making the change, eg: > Router(config-if)#ip access-group a3000 in When you type this command and press enter, it is applied to your interface. Stats will be logged for this list from now until when you type the next line and press enter (say 10 seconds). > Router(config-if)#ip access-group range in Same behavious as above, but now the 'range' access list has been applied and the 'a3000' list removed. > Router(config-if)#ip access-group telnet in Now your final access list 'telnet' is applied (and neither 'a3000' or 'range' are applied to the interface. I am also assuming that you have entered the 'ip access-group ...' commands a number of times in your effort to fix it and each time traffic that matches the list (even though that list may only be active for a very short while), a 'match' is recorded. > 3)In my config file, there are entry like "no ip route-cache" as shown > below, may I know how to delete it? Enter the command 'route-cache' (ie. the opposite of no route-cache), eg: router(config)#interface ethernet 0 router(config-if)#route-cache > 4)when I do a on router > SIN01>sh ip route connected > C 58.199.164.0/22 is directly connected, FastEthernet0/0 > C 58.199.126.0/27 is directly connected, FastEthernet0/0 > > Why two networks can state directly connected to one interface, what does it > mean?? You may have two IP addresses configured for the interface. Regards Adam Burgess Brisbane, Australia _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Exam Number: 640-503
Mike, I would recommend 'CCNP 2.0 Routing' from Robert Myhre. It covers all the material well and has very few errors. Regards Adam - Original Message - From: "Mike Bowlin" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, February 06, 2001 1:54 AM Subject: Exam Number: 640-503 > Can anyone recommend a couple of good book for the Routing exam 640-503? > > Thanks, > Mike > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Netflow
Daley, VLAN/MLS configuration example (using IP/IPX in VLAN 1 and IP only in VLAN 2): Router Configuration mls rp ip interface FastEthernet0/0 speed 100 full-duplex mls rp vtp-domain MyVTP mls rp ip interface FastEthernet0/0.1 encapsulation isl 1 ip address 192.168.0.1 255.255.255.0 mls rp management-interface mls rp ip interface FastEthernet0/0.2 encapsulation isl 2 ip address 192.168.1.1 255.255.255.0 mls rp ip Switch Config (Cat 55xx + NFFC) set vtp domain MyVTP set vlan 1 name default type ethernet mtu 1500 said 11 state active set vlan 2 name MySpecialLAN type ethernet mtu 1500 said 18 state active set interface sc0 1 192.168.0.2/255.255.255.0 172.168.0.255 set mls enable ipx set mls flow full set mls agingtime 512 set mls agingtime fast 32 0 set mls include 192.168.0.1 Cheers Adam Burgess Brisbane, Australia - Original Message - From: "Okuwa, Daley" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, February 05, 2001 10:40 PM Subject: Cisco Netflow > hi all , > > Is there anyone who has used Cisco Netflow for collection of data > how can you enable cisco netflow on a cisco catalyst 5505 with supervisor > engine II G using a NFFC (Netflow Feature Card) > > Daley Okuwa > EDS Network services > Stockley Park > Tel no0181-5353144 > fax no 0181-7545983 > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
distribute list in EIGRP
Hi Group, A quick question. If a distribute list has be established in EIGRP for a while, and you remove the list. How long will it take for the new route to be discovered? And how EIGRP is acting in this case. Thanks in advance. Adam __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PPP Multilink or Cisco BoD
To all DDR gurus: Are there any benefits in using the Cisco Proprietary = Bandwidth-on-Demand feature (ie. dialer load-threshold), rather than = using ppp multilink (other than the fact the ppp multilink is standard)? Regards Adam Burgess Brisbane, Australia _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PPP Multilink or Cisco BoD
Correct - although you don't need to specify 'dialer load-threshold' in order to bring up multiple channels, as if it is specified without ppp multilink, it enables bandwidth on demand and seems to provide the same throughput as ppp multilink. If you specify dialer load-threshold AND ppp multilink, then the interfacses switches to 'industry standard' ppp multilink. I was curious if there were any benefits (ie. bandwidth utilisation, delay, CPU time, memory, etc) to be gained by using bandwidth on demand without ppp multilink. Adam - Original Message - From: "Santosh Koshy" <[EMAIL PROTECTED]> Newsgroups: groupstudy.cisco To: <[EMAIL PROTECTED]> Sent: Sunday, February 11, 2001 3:46 PM Subject: Re: PPP Multilink or Cisco BoD > The dialer load-threshold feature, works in combination with ppp > multilink... > What "dialer load-threshold" does is, define the load level that must be > exceeded on the first ISDN B channel before the router attempts to bring up > a second B channel for a multilink PPP connection. > > ""Adam Burgess"" <[EMAIL PROTECTED]> wrote in message > 011001c093dd$116e7140$[EMAIL PROTECTED]">news:011001c093dd$116e7140$[EMAIL PROTECTED]... > > To all DDR gurus: > > > > Are there any benefits in using the Cisco Proprietary = > > Bandwidth-on-Demand feature (ie. dialer load-threshold), rather than = > > using ppp multilink (other than the fact the ppp multilink is standard)? > > > > Regards > > > > Adam Burgess > > Brisbane, Australia > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PPP Multilink or Cisco BoD (Correction on Typo)
Sorry - previous message should have read: Correct - although you don't need to specify 'ppp multilink' in order to bring up multiple channels, you only need to use 'dialer load-threshold'. This enables bandwidth on demand and seems to provide the same throughput and functionality as ppp multilink. If you specify dialer load-threshold AND ppp multilink, then the interfaces switches to 'industry standard' ppp multilink. I was curious if there were any benefits (ie. bandwidth utilisation, delay, CPU time, memory, etc) to be gained by using bandwidth on demand without ppp multilink. Adam > - Original Message - > From: "Santosh Koshy" <[EMAIL PROTECTED]> > Newsgroups: groupstudy.cisco > To: <[EMAIL PROTECTED]> > Sent: Sunday, February 11, 2001 3:46 PM > Subject: Re: PPP Multilink or Cisco BoD > > > > The dialer load-threshold feature, works in combination with ppp > > multilink... > > What "dialer load-threshold" does is, define the load level that must be > > exceeded on the first ISDN B channel before the router attempts to bring > up > > a second B channel for a multilink PPP connection. > > > > ""Adam Burgess"" <[EMAIL PROTECTED]> wrote in message > > 011001c093dd$116e7140$[EMAIL PROTECTED]">news:011001c093dd$116e7140$[EMAIL PROTECTED]... > > > To all DDR gurus: > > > > > > Are there any benefits in using the Cisco Proprietary = > > > Bandwidth-on-Demand feature (ie. dialer load-threshold), rather than = > > > using ppp multilink (other than the fact the ppp multilink is standard)? > > > > > > Regards > > > > > > Adam Burgess > > > Brisbane, Australia > > > > > > _ > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re cat 1900 enterprise version
Nandit, The default config for 1900's (at least when upgraded from standard edition) is to support bridge groups and not VLAN's. You can change this once you have the EN software in the menu by going to the System menu and choosing 'Reset system to enable VLANs' (or something like that). This should enable VLANs on the switch. Adam - Original Message - From: "nandit" <[EMAIL PROTECTED]> Newsgroups: groupstudy.cisco To: <[EMAIL PROTECTED]> Sent: Tuesday, February 13, 2001 2:14 PM Subject: Re cat 1900 enterprise version > Hi, > I was able to upgrade from the standard edition to the enterprise version on > a switch with the image cat1900EN_9_00_03.bin.bin, but am not getting any > VLAN configuration utilities.Which version is required for VLAN > configuration. > Thanks > Nandit > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Windows 2000 sniffer
I believe 4.6 works for win2k. Now, with that said, do you have a supported card that will let you see all of the captured frames? The list of adapters is pretty small. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bob Johnson Sent: Monday, February 12, 2001 11:45 AM To: [EMAIL PROTECTED] Subject: RE: Windows 2000 sniffer EtherPeek 4.1 works on Win2K also. Coming from a Mac background I've always been quite "snobbish" about Etherpeek. However I had a chance to play with SnifferPro4.5 for a few days last week (a friend works at a place with a much larger budget than I get) and have to say that it's decoders are better than EtherPeek. Now if only SnifferPro would show the packets as they capture them (someting that it's predecessor NetXray had, I believe) I would be truly converted. Seeing packets as them come on the wire (rather than having to stop to decode them) has helped me with problems in the past There is also a large price difference also Plus SnifferPro has hardware capture devices for just about every transport possible. Bob -Original Message- From: Christopher Supino [mailto:[EMAIL PROTECTED]] Sent: Monday, February 12, 2001 10:12 AM To: [EMAIL PROTECTED] Subject: Windows 2000 sniffer Can anyone recommend a good sniffer program for Windows 2000? I am having problems attempting to run the NT version on 2000. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 3640 Access server ISDN and PSTN Dial in
Charles, Here is a cut of a config I use on a 3640 to achive this (This router has 12 MICA modems in slot 1 - the remainder of the PRI timeslots are used for incoming ISDN calls): controller E1 2/0 pri-group timeslots 1-31 ! interface Serial2/0:15 ip unnumbered Loopback0 no ip directed-broadcast encapsulation ppp isdn switch-type primary-net5 isdn incoming-voice modem no peer default ip address ppp authentication pap ppp multilink ! interface Group-Async 1 ip unnumbered Loopback0 no ip directed-broadcast encapsulation ppp ip tcp header-compression passive async mode dedicated peer default ip address pool default no cdp enable ppp authentication pap group-range 33 44 Regards Adam Burgess - Original Message - From: "Clare, Charles" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, February 12, 2001 11:10 PM Subject: 3640 Access server ISDN and PSTN Dial in > > Hi All. > > Trying to set up a 3640 for ISDN and PSTN Dial in. Have E1 and 30 > Digital Modems. Have set-up a Group-Async for Modem uses and all works > fine. Question is how do I set up so ISDN callers are handled in the same > way. Does not seem to be a Group-Dialer command. Does it require me to > setup 30 Dialler interfaces ? > > Thanks in advance. > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
backup subinterface on another subinterface
Hi group, I have 2 PVCs setup using Frame Relay on a serial interface with 2 subinterafces, and I want these 2 subinterfaces to backup each other when 1 fails. I did backup interface s0.2, but it won't allow a subinterface on the backup command, only the physical interface. So backup interface s0 is possible. Why is that and how can I do this Thanks in advance Adam __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: backup subinterface on another subinterface
Thanks for all your input on setting up a floating static suggestion, but the 2 PVCs that I have are both active and in production, and each is carrying different type of traffic. They are both acting as primary links. I want to set up something that if one fail, it will jump to the other one. I don't think floating static will work in this case. Adam --- Kelly D Griffin <[EMAIL PROTECTED]> wrote: > The way my company does it is to weight routes for > the two PVC's. > > Serial0/0.1 point-to-point > ip address 192.168.255.1 255.255.255.252 > no ip route-cache > no cdp enable > frame-relay interface-dlci 20 > ! > Serial0/0.2 point-to-point > ip address 192.168.255.5 255.255.255.252 > no ip route-cache > no cdp enable > frame-relay interface-dlci 21 > ! > ip route 10.0.0.0 255.0.0.0 192.168.255.2 > ip route 10.0.0.0 255.0.0.0 192.168.255.6 200 > ! > end > wr > > This says to route the traffic over S0/0.1 as it is > directly connected. > Route the traffic over S0/0.2 if the primary link > should become unreachable. > You have to be careful with the administrative > distance on the backup route. > If you are running a routing protocol (OSPF, RIP, > etc.) you will have to > take into account what the default distances are for > these protocols. Keep > in mind that a route that points to an interface is > distance 0 and a route > to an IP address is distance 1. > > Kelly D Griffin, CCNA, CCDA > Network Engineer > Kg2 Network Design > http://www.kg2.com > > > - Original Message - > From: "Adam Wang" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, February 14, 2001 10:08 AM > Subject: backup subinterface on another subinterface > > > > Hi group, > > > > I have 2 PVCs setup using Frame Relay on a serial > > interface with 2 subinterafces, and I want these 2 > > subinterfaces to backup each other when 1 fails. > > > > I did backup interface s0.2, but it won't allow a > > subinterface on the backup command, only the > physical > > interface. So backup interface s0 is possible. > > > > Why is that and how can I do this > > > > > > Thanks in advance > > > > > > Adam > > > > __ > > Do You Yahoo!? > > Get personalized email addresses from Yahoo! Mail > - only $35 > > a year! http://personal.mail.yahoo.com/ > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > > http://1cis.com > > Free E-mail Servers with unlimited mailboxes > > 1st Class Internet Solutions > > > http://1cis.com > Free E-mail Servers with unlimited mailboxes > 1st Class Internet Solutions > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: %SYS-4-CONFIG_NEWER
This occurs after a software upgrade or downgrade to inform you that configurations may not be 100% compatible between versions. You can normally get rid of the message by saving the configuration file into NVRAM under the new IOS. You should probably find that after doing a 'copy run start' and 'reload', that the message no longer appears on boot. Regards Adam > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Michael Ibidunni > Sent: February 14, 2001 4:22 PM > To: [EMAIL PROTECTED] > Subject: %SYS-4-CONFIG_NEWER > > > > Folks, > > I was wondering if someone can assist me in solving this problem or > direct me to a link on > cisco's web site to solve this problem. I upgraded the IOS on my 2513 from > 11.1 to 12.0 and after > that whenever I start the router it comes up with the following message > :%SYS-4-CONFIG_NEWER: > Configurations from version 12.0 may not be correctly under > stood. From my search on cco, I upgraded the boot roms which I got from > cisco, but that didn't > solve the problem, HELP. > > Thanks in advance > > > > = > Michael Ibidunni > > > __ > Do You Yahoo!? > Yahoo! Shopping - Thousands of Stores. Millions of Products. > http://shopping.yahoo.com/ > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ghost Server and clients using multicast
Jeff, My understanding of the Ghost multicast clients is that they use the OSI Packet Driver, and support layer 2 multicast only (ie. cannot be routerd through VLANs). You may need to put a multicast server in any VLAN where there are clients (remember that the server does very little and could just be an ordinary PC). Another option would be to purchase an Intel Server Pro (or similar) card that supports VLAN trunking at the server, so the one multicast server system could be logically connected to all VLANs. Adam - Original Message - From: "Jeff" <[EMAIL PROTECTED]> Newsgroups: groupstudy.cisco To: <[EMAIL PROTECTED]> Sent: Saturday, February 17, 2001 2:06 AM Subject: Ghost Server and clients using multicast > Does anyone have experience working with a Ghost Server that multicast? I > have a 6509 and 4006's in the closets with multiple VLANs and having > troubles with the client using a boot floppy. It works fine if you iniate > from the server though. > > Thanks in advance, > Jeff > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN
Jim, You can schedule the exchange site connector (providing you are not using a 'Site Connector'). I would suggest X400 connector for this purpose. This will allow you to control when the exchange server communicates between sites. NT 4.0 DC relationships don't really have any way to schedule synchronisation between servers but you could always upgrade to Windows 2000 if you really needed to schedule the sync. What will be defined as 'interesting traffic' to bring up the ISDN connection? If you can control this outside the NT 4 world, then you could create an access list to block NetBIOS over TCP/IP and RPC traffic and allow the necessary traffic. X400 could be configured to send messages immediately (which would dial the connection) or as needed in the X400 connector, and you could schedule your directory connector between the two sites to only synchronise a couple of times a day, to keep the traffic on the link to a minimum. This would still allow your PDC/BDC to synchronise when the link is available, but would not dial the link or keep it active after the idle timeout. Remember that your clients need to have access to the PDC to reset their passwords and you won't be able to do any administration work on the domain from the site with the BDC, unless the line is active. It would probably be better to configure each site with a PDC in different domains and configure a two-way trust between them. Exchange will still work (I would suggest configuring with a service account local to the specific exchange server, and use the 'override' security function when connecting between sites) but you will not have problems relating to NT 4 replication. Let me know if this helps - I can provide more info if needed. Regards Adam Burgess Brisbane, Australia - Original Message - From: "Jim Bond" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, February 19, 2001 12:18 PM Subject: ISDN > Hello, > > We are trying to set up an ISDN from China to US. In > order to lower the ISDN charge, we'll put a BDC and an > Exchange server locally. The concern is BDC to PDC and > exchange servers sync will make the ISDN line up all > the time. Any suggestions? > > Thanks in advance. > > Jim > > > __ > Do You Yahoo!? > Get personalized email addresses from Yahoo! Mail - only $35 > a year! http://personal.mail.yahoo.com/ > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cat 5000 !
This generally means that the packet was not returned and there was no specific error (ie. no response at all, rather than an unreachable or administratively denied, etc). Does your switch has a default route configured? Regards Adam Burgess Brisbane, Australia - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, February 19, 2001 8:28 AM Subject: Cat 5000 ! > Hi ! All, > > Has anyone seen this error before while pinging from one switch to other > switch? > > " Ping XX.YY.ZZ.AA: error=0 " > > Cheers. > > > > === > WARNING > This message may contain information that is confidential > and may be subject to the provisions of section 61A of the > Police Act 1958, which creates an offence to have unlawful > possession of Police documents. If you are not the > intended recipient of this message or have received > this message in error, you must not peruse, use, pass or > copy this message or any of its contents. > > Also note, the views expressed in this message may not > necessarily reflect those of the New Zealand Police. > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Looking for second-hand equipment in Australia
This message probably only applies to people in Australia/NZ I am looking for some second hand Cisco gear, preferably in Australia = (cheap freight). If anyone has (or can get hold of) the following, I am = interested: 2 x Cisco 2513/2612/2613 (or combination) Ethernet/Token Ring/Serial = Routers. Any IOS. Any RAM config. 1 x Cisco 4000/4500/4700 (or variant). Any module configuration. Any = IOS. Any RAM config. 1 x NP-2E Dual Ethernet Port for Cisco 4000 series. 1 x NP-2T Dual Serial Port for Cisco 4000 series. 2 x CAB-NPX21C (X21 DCE cable for Cisco 4000) OR 2 x CAB-NPX21T (X21 DTE = cable for Cisco 4000). They do not need to be X21 but I would prefer = X21 or V35. I am only interested in realistic prices as these are for personal use = (ie. I'm not really interested in purchasing new gear). I would also consider trade on some other gear that I have, including: 4 Port BRI for 4000 Series ISDN WIC's for 1600, 2600, 3600, etc 2 x High Density X21 DTE Cables (used with WIC-2T) NM-2E2W (2 Ethernet, 2 WIC for 3600) NM-4E (4 Ethernet for 2600, 3600) 2503 (Ethernet, Serial & ISDN) 2514 (14 Ethernet Hub Ports, Serial, ISDN) Other assorted stuff. Please respond direct to my email address. Regards Adam Burgess AustEcom Pty Ltd Brisbane, Australia _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Tcpip Transmission over RS232
> >Back to back rs-232 DCE/DTE. Just like v.35 but, up to 128 kb/s you can > >run HDLC, PPP and or Frame obviously w/ a frame switch. I would guess that this would also be possible with back-to-back DTE cables using a null modem adaptor. Has anyone tried this before? Adam - Original Message - From: "Priscilla Oppenheimer" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, February 23, 2001 8:06 AM Subject: Re: OT: Tcpip Transmission over RS232 > Here's a response that someone sent directly to me. I thought it was worth > sharing with the group. I don't know if it's true, but it could generate > some good discussion... > > > >Back to back rs-232 DCE/DTE. Just like v.35 but, up to 128 kb/s you can > >run HDLC, PPP and or Frame obviously w/ a frame switch. > > > > > > > > >From: Priscilla Oppenheimer > > >Reply-To: Priscilla Oppenheimer > > >To: [EMAIL PROTECTED] > > >Subject: Re: OT: Tcpip Transmission over RS232 > > >Date: Thu, 22 Feb 2001 11:15:19 -0800 > > > > > >At 01:07 AM 2/22/01, Amit Gupta wrote: > > > >Hi All, > > > > > > > >Just a thought on Whether Tcp/Ip can run over RS232 > > > >Interfaces. > > > > > >Can't see why not. You could get TCP/IP running over a coat hanger if you > > >tried enough. Seriously, a terminal server can enable PCs to connect via > > >RS-232 to a TCP/IP network. > > > > > >Priscilla > > > > > > > > > >Any comments please ? > > > > > > > > > > > >Regds > > > > > > > >Amit > > > > > Priscilla Oppenheimer > http://www.priscilla.com > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2600 router - 12.0 IOS wanted
Unless you purchase it from a vendor, you have to have a CCO login. Adam Hickey [EMAIL PROTECTED] CCNA CCNP (in progress) _ "And One!" - Original Message - From: "Ravi Kumar" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, February 23, 2001 2:38 AM Subject: 2600 router - 12.0 IOS wanted > hi friends > > can u pls let me know few links, from where i can down load ios 12.0 form 2600 > series router. > > tanx in advance. > > bye > ravee > > > > Get free email and a permanent address at http://www.netaddress.com/?N=1 > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
good book on T1
Anyone know a good book on T1. Thanks Adam Wang __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
cisco equipment list price comapres to discounted price
Hi group, Anybody had done mass puchase with Cisco/its parnters. Our company is roll out a project of purchasing over $1 million of cisco equipments. We just want an idea what discount rate can we get from the cisco list price with this quantity (some say we can get as much as 50%), and what discount if there is any for the support contracts. Your input is greatly appreciated. Adam __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: **Login Scripts (Long)
> I have users in branches all across the company that logon to other > BDC's in other city's. Eg. Someone in vancouver logging into say > montreal. > Does anyone know of a port that I can block that off of each branch > router ( im currently using 3661's ) to stop that. Or a Win2k setting I > can modify to specify what server to login to?.I know i can probably > specify that in that in the login script, if so, What command do I use? > Or a registry setting in Win2k/9x I assume that you are using NT 4 servers in the backend? If you are using Win2K servers, you can make the NT/9x clients Active Directory aware by installing DSClient.exe, which will 'encourage' the clients to authenticate with their local DC before running over the WAN to a random DC. There is no real way to control what DC authenticates a client in the NT 4 world, and you can't block a logon script 'port' as the client runs the logon script using a UNC path (ie. \\DCNAME\netlogon\yourscript.bat). The only way to stop this would be to block all file sharing traffic over the link (which I assume you don't). A way around the problem is to use a batch file that allows initial authentication to occur at any DC, but then forces the logon script to execute from a local DC. The basic idea is to run ipconfig on the client, which will output the IP address, network mask and default router. These settings are saved to a text file and can be searched the matches on the default router value can be made to determine the LAN that the user is logging in from. Sample script: @echo off rem The CFG_SVR is your 'default' DC, probably the PDC or at least a DC rem closest to the 'centre' of your NT network. This is an initial value to rem ensure that the script always has a server to contact. set CFG_SVR=DEFDC rem If Windows 95 - need to copy down ipconfig.exe in order to rem complete the following task. Always do the initial copy rem from CFG_SVR. All other OS's have a compatible copy of rem ipconfig.exe installed with their TCP/IP stack. ver | find /I "95" if not errorlevel 1 goto 95_98 goto ALL_SYS :95_98 if not exist %windir%\ipconfig.exe copy \\LOGON5\netlogon\bin\ipconfig.exe %windir%\ipconfig.exe :ALL_SYS net use /persistent:no > NUL rem Find the current subnetwork by checking the output from ipconfig rem against a list of known default router addresses ipconfig > %windir%\ipconfig.logon type %windir%\ipconfig.logon | find /I "10.1.1.254" > NUL if not errorlevel 1 goto SITE1 type %windir%\ipconfig.logon | find /I "10.1.1.254" > NUL if not errorlevel 1 goto SITE2 goto SLOW_NET :SITE1 rem In this section you set the CFG_SVR variable to a DC at the specific site rem that you are trying to control the logon script for. Then once you have rem set the variable, you can execute a logon script on a specific server that rem has been created for this site only. Remember that the CFG_SVR rem variable will be available to the new batch file (in this case SITE1.bat) rem so you can use it to launch other processes on a specific server in a rem controlled fashion. set CFG_SVR=SITE1DC echo. echo Current LAN: SITE1 echo LAN Logon Server: %CFG_SVR% start /wait \\%CFG_SVR%\netlogon\SITE1.bat goto RUN_MAIN :SITE2 set CFG_SVR=SITE2DC echo Current LAN: SITE2 echo LAN Logon Server: %CFG_SVR% start /wait \\%CFG_SVR%\netlogon\SITE1.bat goto RUN_MAIN :SLOW_NET rem This part of the script is just a handler for unknown rem networks or in the event of an error. set CFG_SVR=DEFDC echo. echo Current LAN: Remote or Unknown echo LAN Logon Server: %CFG_SVR% echo echo NOTICE: echo. echo You have connected to the network echo from an unknown or undefined location echo. echo Please call the Help Desk for Assistance. echo. pause goto RUN_MAIN :RUN_MAIN echo Script Completed set CFG_SVR= Hope this helps. Regards Adam Burgess Brisbane, Australia _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Just picked up 2 routers
8mb flash -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kenneth Sent: Sunday, March 04, 2001 3:41 PM To: [EMAIL PROTECTED] Subject: Re: Just picked up 2 routers You have 1024+1024 bytes which totals to 2048 bytes of RAM (2 Mb) "vert" <[EMAIL PROTECTED]> wrote in message 97umes$vp3$[EMAIL PROTECTED]">news:97umes$vp3$[EMAIL PROTECTED]... > I just bought 2 Cisco 2524's and I am trying to check how much ram they came > with. Can anyone inform me on how to view the memory. When I boot the router > I get this config: > cisco 2524 (68030) processor (revision J) with 1024K/1024K bytes of memory. > Processor board ID 06956739, with hardware revision > Bridging software. > X.25 software, Version 3.0.0. > Basic Rate ISDN software, Version 1.0. > 1 Ethernet/IEEE 802.3 interface(s) > 2 Serial network interface(s) > 1 ISDN Basic Rate interface(s) > Integrated NT1 for ISDN Basic Rate interface > 5-in-1 module for Serial Interface 0 > 56k 4-wire CSU/DSU for Serial Interface 1 > 32K bytes of non-volatile configuration memory. > 8192K bytes of processor board System flash (Read ONLY) > > Can I figure out what the total amount of ram is from this info? I just > don't want to be cheated. I am new to the Cisco environment. > > Thanks > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Am I alive??
Nah, your dead, and I am the grim reaper.. :-D -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of SAM Meng Wai Sent: Friday, January 26, 2001 12:56 AM To: 'David Richard'; [EMAIL PROTECTED] Subject: RE: Am I alive?? Yes You are alive > -Original Message- > From: David Richard [SMTP:[EMAIL PROTECTED]] > Sent: Friday, January 26, 2001 4:48 PM > To: [EMAIL PROTECTED] > Subject: Am I alive?? > > Hey.. > > This is test mail.. > > > DR. > > > Get free email and a permanent address at http://www.netaddress.com/?N=1 > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN Switch Types
Can anyone point me to any documents that go into detail about the major = ISDN switch-types (5ESS, DMS-100, NI)? It does not matter whether they = are online or in a book. I have searched the web and CCO to no avail and, unfortunatley, I don't = have a support contract w/ Lucent or Nortel that would allow access to = their sites. Any and all help is appreciated. Thanks Adam Hickey [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Off Topic - Contact in China
I will be travelling to China (Beijing) next week and will have some = time to look around and see the sights, and am looking for a local = contact. As a few of the messages I have received from this list have = originated from China, I was wondering if anyone would be willing to = answer a few questions for me. =20 If you can help me, please reply direct to this address, otherwise sorry = about the waste of bw. Adam Burgess Brisbane, Australia _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Rip 2 and VLSM "Does rip 2 support VLSM"
Sure does. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, January 16, 2001 11:43 AM To: [EMAIL PROTECTED] Subject: Rip 2 and VLSM "Does rip 2 support VLSM" Does Rip 2 support VLSM?? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
setting up DS3 using HSSI
Hi group I'm trying to setup a 7100 with a HSSI card to connect to Internet through a DS3. BGP will be the routing protocol. Anyone has a sample config that I can use as a reference? Any special commands for the HSSI interface and DS3? Your input will be greatly appreciated. Adam __ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices. http://auctions.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sample CCNA test question..bogus?
It would appear to me that by the statement 172.16.0.0/19 they are stating a major net rather than one of the subnets created by the masking. If you look carefully at the answers, D is the only one that can be right because it is the only one that qualifies as a host address. A) 172.16.32.0 = a subnet address, B) 172.16.64.0 = a subnet address, C) 172.16.63.255 = a broadcast address within a subnet, D) 172.16.80.255 = a host address within a subnet. If I am wrong, it wouldn't be the first time. but that's what I see. Adam Hickey [EMAIL PROTECTED] - Original Message - From: "Bruce" <[EMAIL PROTECTED]> Newsgroups: groupstudy.cisco To: <[EMAIL PROTECTED]> Sent: Wednesday, March 14, 2001 9:38 PM Subject: Re: Sample CCNA test question..bogus? > Tom, Thanks for your response but I beg to differ. I agree that answer D > falls inside the range of the 64 subnet as you explain, but this is not the > question. The question asks for a valid host using 172.16.0.0/19, not > 172.16.64.0/19 > By my reckoning, the valid host range is 172.16.0.1 to 172.16.31.254 > > Regards, > BR. > > "Tom Lisa" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Well, since I'm not a qualified psychiatrist I don't want to comment on > your mental > > health, but there is a correct answer here. If we go to binary it all > becomes clear. > > > > The /19 means that the first 19 bits are network/subnetwork bits and the > remaining 13 > > bits are host bits. Therefore our mask would look like this: > > ..1110. > > > > Since the first two octects are identical, we can dispense with them and > concentrate on > > the first 3 bits of the third octet and the remaining host bits. > > > > Our subnet addresses would be as follows: > > > > X.X.. = X.X.0.0 Hosts = X.X.0.1 - X.X.31.254 Bdcst = > X.X.31.255* > > *Assumes Subnet Zero Allowed > > X.X.0010. = X.X.32.0 Hosts = X.X.32.1 - X.X.63.254 Bdcst = > X.X.63.255 > > X.X.0100. = X.X.64.0 Hosts = X.X.64.1 - X.X.95.254 Bdcst = > X.X.95.255 > > X.X.0110. = X.X.96.0 Etcetera, Etcetera > > . > > . > > Etcetera (You get the picture) > > > > From this you can see that: > > answer A is the "wire" address of the 32 subnet > > answer B is the "wire" address of the 64 subnet > > answer C is the Broadcast address of the 32 subnet > > answer D falls within the valid host range for the 64 subnet and is > correct. > > > > BTW, a good source for learning IP Addressing & subnetting is: > www.learntosubnet.com > > > > HTH, > > Prof. Tom Lisa, CCAI > > Community College of Southern Nevada > > Cisco Regional Networking Academy > > > > > > Bruce wrote: > > > > > Q. Which one of the following is a valid host using the address of > > > 172.16.0.0 /19? > > > > > > a. 172.16.32.0 > > > > > > b. 172.16.64.0 > > > > > > c. 172.16.63.255 > > > > > > d. 172.16.80.255 > > > > > > Which one and why? > > > > > > (I say none of them. Am I going mad?) > > > > > > _ > > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AS5300 radius
I think it is just the matter of having... aaa authentication ppp default group radius in the config. It supposedly uses the list of radius servers configured. Adam Hickey [EMAIL PROTECTED] CCNA CCNP (in progress) _ "And One!" - Original Message - From: "Dale Frohman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 15, 2001 7:25 AM Subject: AS5300 radius > Quick question for the group. I have an AS5300 that i thought i had setup > for two radius servers, however we had a situation where the primary > radius server went down and the 5300 did not switch to use the secondary. > I had to remove the primary in order for the secondary to work. > > Here is what i had configured: > > radius-server host x.x.x.x auth-port 1812 acct-port 1813 non-standard > radius-server host x.x.x.x auth-port 1812 acct-port 1813 non-standard > > Thanks > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sample CCNA test question..bogus?
Amen! Thank You Adam Hickey Cable & Wireless Network Engineer, IOPS [EMAIL PROTECTED] ___ "And One!" - Original Message - From: "Lowell Sharrah" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, March 15, 2001 10:10 AM Subject: Re: Sample CCNA test question..bogus? > this is assuming vlsm. when you have a class network with varibale bits in the subnet mask that is different than the default subnet mask, you have multiple subnets and multiple host on each subnet. This question is telling us that there are 3 bits as subnet bits (since the default for class B networks is 16) and the remaining 13 are host bits. This arnagement (172.16.0.0/19) calculates out to be more than one subnet and answer d falls in one of the valid subnet ranges. If thew question was worded differently with a particular subnet such as 172.16.30.x/19, then it would not be true. > > >>> "John Neiberger" <[EMAIL PROTECTED]> 03/15/01 12:04PM >>> > How could the wording be correct? 172.16.80.255 is a host address in > 172.16.64.0/19, *not* 172.16.0.0/19. There is no correct answer > provided to that specific question as worded. I agree that it is trying > to be a trick question, but it fails because of poor wording or a typo. > Perhaps one of the answers should have been 172.16.15.255 or something > like that. That would have been tricky yet also correct given the > question that was being asked. > > John > > >>> "Arthur Simplina" <[EMAIL PROTECTED]> 3/15/01 9:51:53 AM >>> > I think the trick part of question here is that the answer d. > 172.16.80.255 > seems like a broadcast address because of the 255 (all 1's in the last > > octec.) So now the test taker faces the dilemna of choosing between two > > subnetwork addressess and two "broadcast" addresses. > > Cisco would want to know if you really know subnetting. Hence, the > wording > of the question (which to my opinion is still correct). > > Arthur > > > >From: "John Neiberger" <[EMAIL PROTECTED]> > >Reply-To: "John Neiberger" <[EMAIL PROTECTED]> > >To: [EMAIL PROTECTED] > >Subject: Re: Sample CCNA test question..bogus? > >Date: Thu, 15 Mar 2001 09:19:53 -0700 > > > >I think I'll side with those who say there is no correct answer, but > >there is an answer that's closer to being correct than the others. > :-) > > > >The question is asking for a valid host in the 172.16.0.0/19 range. > >Answer D is not in that range! It is in the 172.16.64.0/19 network. > >Valid host addresses in the 172.16.0.0/19 range are: > > > >172.16.0.1 through 172.16.31.254 > > > >I would agree that by making a subtle adjustment to the question, > >answer D is the only answer possible. Given a /19 prefix length, the > >only possible host address given in the answers is D, which forces us > to > >change the question to fit the answer. > > > >This just appears to be a poorly worded question that not only allows > >you to figure out the most-correct answer eventually but also forces > you > >to deduce what the actual question is in the first place.In > other > >words, it's a typical Cisco test question! > > > >Regards, > >John > > > > >>> "Arthur Simplina" <[EMAIL PROTECTED]> 3/15/01 8:46:27 AM > >>> > >d. 172.16.80.255 > > > >This belongs to subnet 172.16.64.0 with host range of 172.16.64.1 - > >172.16.95.254. > > > >Arthur > > > > > > >From: "Bruce" <[EMAIL PROTECTED]> > > >Reply-To: "Bruce" <[EMAIL PROTECTED]> > > >To: [EMAIL PROTECTED] > > >Subject: Sample CCNA test question..bogus? > > >Date: Thu, 15 Mar 2001 15:11:07 +1100 > > > > > >Q. Which one of the following is a valid host using the address of > > >172.16.0.0 /19? > > > > > >a. 172.16.32.0 > > > > > >b. 172.16.64.0 > > > > > >c. 172.16.63.255 > > > > > >d. 172.16.80.255 > > > > > > > > > > > >Which one and why? > > > > > >(I say none of them. Am I going mad?) > > > > > > > > > > > >_ > > >FAQ, list archives, and subscription info: > > >http://www.groupstudy.com/list/cisco.html > > >Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > > > >___
Re: 2500 wont save config
What does free memory have to do with trying to save a running-config (already in memory) to NVRAM (nothing but the startup-config there)? Last time I checked IOS, does not have any part in NVRAM. Plus, he didn't say anything about trying to upgrade IOS either. Are you sure he's the one with a paper cert? (I am only kidding, I know you weren't picking on him) =P Adam Hickey [EMAIL PROTECTED] CCNA CCNP (in progress) _ "And One!" - Original Message - From: "The.Rock" <[EMAIL PROTECTED]> Newsgroups: groupstudy.cisco To: <[EMAIL PROTECTED]> Sent: Monday, March 19, 2001 9:03 AM Subject: Re: 2500 wont save config > It might not save due to lack of mem. Make sure you have enough room to hold > both the current IOS as well as the one your trying to upgrade. Otherwise > you will need to delete one of them first. Being that your on IOS 10.3 tells > me that probably you don't have enough memory. > > And I see your title." LAN Engineer". I'm not picking on you, but it > just seems that for the question you just asked, its not one that someone > would ask in your position. This goes back to the paper cert thing > > > ""Plantier, William (Spencer)"" <[EMAIL PROTECTED]> wrote in > message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I have a 2500 router with 10.3 IOS and I cant save the config. Any > > suggestions? > > > > Wm. Spencer Plantier > > LAN Engineer > > (919) 474-1300 ext 0873 Office > > (919) 474-1056 Fax > > (919)696-8848 Cell > > [EMAIL PROTECTED] > > > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
how to check statistics on a single nat entry
Hi group How would I check statistics on a single nat entry show ip nat statistics will give me the whole picture, not individual entries. Thanks Adam __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: GRE VS. IPSEc
Liwang, You aren't comparing apples to apples in your questions. Let me see if I can shed some light on the subject. IPSec is a VPN technology that is responsible for securing a data stream between two VPN peers. It does not provide multi-protocol support, so if you need to transport anything other than IP, you will need to use a GRE tunnel. (assuming you only connect to the outside world using IP) A GRE tunnel does not provide any security. It is a tunneling protocol that can give you the illusion that two tunnel interfaces are connected together. You can then set attributes within those two tunnel interfaces as if you they are directly connected to each other (not everything, but most everything). Thus, GRE tunnels do provide multi-protocol support. In order to determine which technology would be best suited for your needs, your VPN business case should provide you with answers to the following questions: 1) Are there just two sites that need to be connected together? (i.e. are there plans for a large scale deployment?) 2) Do you need encryption? 3) Do you need authentication? 4) Do you need to protect against a replay attack? 5) Who are you protecting your data from? Cisco Encryption Technology (CET), which is frequently used with GRE tunnels, is a precursor to IPSec and has been available since IOS 11.2. While there are similarities between IPSec and CET, they do not provide the same functionality. This is why I asked the previous questions. CET can only encrypt your data streams, while IPSec can encrypt, authenticate and provide protection against a replay attack. CET does not provide for a Public Key Infrastrucutre (PKI) and thus if you had 100's of sites to connect, CET could become an administrative nightmare. On the other hand, IPSec does provide for a PKI which can ease administrative burdens, but can give you a whole different set of problems. For example, who administers the Certificate Authority server and where do they get their authority. This is important if it is an Extranet VPN. In an Intranet VPN this is not nearly as important since most Companies can inherently trust themselves (notice I said MOST not ALL ;-). CET is fairly simple to setup, especially since it only encrypts your data streams. IPSec, has a tremendous amount of flexibility and as we all know the more flexibility a technology has, the more complicated it gets. IPSec can take a while to understand all of the underlying technology, but it can give you an extremely secure environment. Personally, assuming that: 1) We want a simple Intranet VPN protecting our data crossing the public Internet 2) We aren't protecting trade secrets worth millions of dollars 3) There are no plans on increasing the number of VPN connections I would go with a GRE tunnel with CET. If any of the above criteria aren't met I would go with IPSec. HTH, AQ At 08:46 AM 11/23/00, Liwanag, Manolito wrote: >I have a remote site that I want to connect to our central site that has a >PIX. I was thinking of using IPSec with context based access control. But >I was wondering if GRE is just as good ? ( to Qualify - reliable, easy to >set up, secure and can handle plenty of tunnels) Can anyone advise ? > >Manolito > > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ** Adam Quiggle Senior Network Engineer MCI Worldcom/BP Amoco [EMAIL PROTECTED] ** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: GRE VS. IPSEc
Manolito, At 01:44 PM 11/23/00, you wrote: >Thanks for the detailed replied. BTW my first name is Manolito. No big >deal. Take a look at my comments below when you have a minute > >-Original Message- >From: Adam Quiggle [mailto:[EMAIL PROTECTED]] >Sent: Thursday, November 23, 2000 1:13 PM >To: Liwanag, Manolito; 'Cisco Group Study' >Subject: Re: GRE VS. IPSEc > > >1) Are there just two sites that need to be connected together? > (i.e. are there plans for a large scale deployment?) > > >> Right now yes.. This remote branch that I want to connect to corporate >is using ISDN to get to corporate and the Net. Recent expansion have raised >the number of ee to 40 and the bandwidth is now super saturated. I was >planning on getting an ADSL connection to replace the ISDN. Basically I >want that remote branch to access the internet locally - not to go through >our PIX at the corporate site - but other network traffic to go through an >IPSec tunnel to corporate. What do you mean you have the number of ee to 40? What is ee? It is easy to encrypt traffic destined for the corporate site and let the other "Internet" traffic go directly to it, not through the corporate site. Just make sure the access list used in your crypto map only identifies traffic to the corporate office as traffic to be encrypted. If you are talking about PC's that need this functionality it is a little bit more difficult. Your VPN client would have to support "split mode". I believe the Cisco 3000 VPN router (formerly Altiga) can support this type of behavior, although I don't have the details as to how it works. >2) Do you need encryption? > >> Yes > >3) Do you need authentication? > > >> I think yes as well >4) Do you need to protect against a replay attack? > > >> Yes >5) Who are you protecting your data from? > > >> everyone that is not an employee With regard to protecting your data, will you be transmitting trade secrets? What would be the potential of having someone intercept your messages? Don't use a shotgun to kill a mosquito. >How about using IPSEc with GRE in it ? Any suggestions are very helpfull >for me as I am new in this field. I have set up an IPsec tunnel to our >other PIX in Australia and I figured that I could do the same for a 1605-R >router to the corporate PIX. There is nothing wrong with using IPSec to encrypt a GRE tunnel, it is perfectly acceptable. The question is, do you want to spend the time learning IPSec (this is a good thing) or do you just want to get it done? Realize that the skills required to implement CET are not quite 1/2 the skills/knowledge you need to implement IPSec (in your particular instance). Also realize that you can get bogged down in the details once you realize the features that can be deployed with IPSec. AQ p.s. Sorry about the name. I did get it right this time. :-) ** Adam Quiggle Senior Network Engineer MCI Worldcom/BP Amoco [EMAIL PROTECTED] ** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN in CCIE LAB?
Rol, Check out the following link. It is an interview with Jeff Buddemeier, Cisco's CCIE Program Manager, on December 8, 1999, right from the horses mouth, so to speak. http://www.tcpmag.com/chat/cisco120899.doc A few excerpts from the conversation Eddie says: Jeff how much of the lab involves security issues and VPN's Host Jeff_B says: Eddie: We have one lab with VPN's that has about 8 points on it. HTH, AQ At 04:02 AM 11/24/00, Rol wrote: >Somebody told me that VPN appeared on LAB. Is that true? > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ** Adam Quiggle Senior Network Engineer MCI Worldcom/BP Amoco [EMAIL PROTECTED] ** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE TroubleShooting Part
I think this is the interview Darren was talking about. http://www.tcpmag.com/chat/cisco120899.doc Funny, just posted this link in a different thread earlier today. :-) AQ At 07:48 PM 11/24/00, Darren Ward wrote: >Actually there was an Interview with the head of the CCIE Program online >at one of the >prep sites and he stated that you can expect one of two things: > >1) Your existing Network has errors introduced into it. >2) A New broken Network has been downloaded onto you network > >So both are possible, remember this portion of the test is for your >ability to logically >troubleshoot pregressively and document your findings. > >BTW none of this is against the NDA as I have said it because it's all >available from >Cisco Releases or the CCIE Program info itself > >Darren > >James Wilson wrote: > > > Depends on your paper, and thats going a little beyond the NDA. > > > > At 11:45 PM 23/11/2000 -0800, ShahzaD Ali wrote: > > >Hi there, > > > > > >Is it true you need to troubleshoot entirely a new scnerio when you are > > >trouble shooting in day 2? AnyOne knows about this? > > > > > >Regards, > > > > > >SchahzaD > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ** Adam Quiggle Senior Network Engineer MCI Worldcom/BP Amoco [EMAIL PROTECTED] ** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: bgp path selection criteria
Local Preference 1st. (see pgs 158 & 159 of Internet Routing Architectures 2nd Ed.) Adam Hickey [EMAIL PROTECTED] - Original Message - From: "Yee, Jason" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, November 21, 2000 12:38 AM Subject: bgp path selection criteria > > > hi , > > > Anyone here knows which BGP path criteria takes precedence ? AS_PATH or > local preference > > > From what I read it is local preference , but in actual fact it is not so , > why I said this is because I have a customer who prepends their prefixes > many times then advertise them to us but on our side we set local preference > to customers' routes to 90 which in fact will always come back to us if we > do this but this is not happening > > Instead the prefixes go to another providers' link because their AS-PATH is > shorter > > why is that so? > > > Jason > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Line Down , Protocol Up ?
Oh ya. I turn up PRI's all the time at work and have seen a number of them stating that layer 1 was down and layer 2 up. Cisco's only response was a bug. The line is actually up though. Adam Hickey [EMAIL PROTECTED] - Original Message - From: "Elias Aggelidis" <[EMAIL PROTECTED]> To: "John Neiberger" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Sunday, November 26, 2000 1:24 AM Subject: Re: Line Down , Protocol Up ? > I have seen this question in one of the cisco exams ! > > The obvious answer was BUG ERROR ! > > - Original Message - > From: "John Neiberger" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, November 23, 2000 4:22 AM > Subject: Re: Line Down , Protocol Up ? > > > > Think this through starting at the first OSI layer. If the line is down > > (physical) layer, then how could the next higher layer--which depends on > > lower layers--ever possibly hope to function? > > > > It can't. You can't have a functional datalink layer without first having > > valid physical connectivity. > > > > > Hi Gang, > > > Just been looking at the binary possibilities of > > > these options i.e 0 0 > > >0 1 > > >1 0 > > >1 1 > > > > > > And feel thet that Line Down, Protocol Up is > > > impossible. > > > Can anyone confirm this or has anyone seen anything > > > quirky of this nature. > > > > > > Regards, > > > > > > Phil. > > > > > > > > > > > > > > > Do You Yahoo!? > > > Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk > > > or your free @yahoo.ie address at http://mail.yahoo.ie > > > > > > _ > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > > > > > > ___ > > Tired of slow Internet? Get @Home Broadband Internet > > http://www.home.com/xinbox/signup.html > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CID Beta - anyone taken it yet?
> I'm due to take it in about three hours and am doing some last minute study. > Just wondering if anyone had any general (NDA-friendly) tips / gripes about > it. i think about it but still waitng a reply from testing center -- Regards, Adam ObszyƱski ATM Inc. +48-22-5156418 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Version 1 or version 2...NOT AGAIN!
With all due respect, this was discussed numerous times at length prior to July 31st when version 1 was retired. Searching the archives would reveal all of the information you need. Or looking at www.cisco.com (but no, you may continue w/out recertifying CCNAv2) Adam Hickey [EMAIL PROTECTED] - Original Message - From: "Dyland Desmarais" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, November 29, 2000 9:19 AM Subject: Version 1 or version 2 > Greets > I am beginning my CCNP V2.0 certs this week (as you are all aware by now) > I was curious, my CCNA cert is only v 1.0, to become certified as a CCNP > v2.0 do I have to have CCNA v2.0? > Will I have to redo my CCNA? > > Thanx > > Dyland > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: garbage in hperterminal ?
Xon/Xoff - Original Message - From: "Ric Messier" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 30, 2000 10:14 AM Subject: RE: garbage in hperterminal ? > Always got it to work with 9600 8N1, though I do recall having problems with > flow control at times. Seems as though no flow control is right. Been quite > a while, though. > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > Donald B Johnson Jr > > Sent: Thursday, November 30, 2000 12:41 PM > > To: william yuwono; [EMAIL PROTECTED] > > Subject: Re: garbage in hperterminal ? > > > > > > I think both work 8-n-1 or 8-n-2 > > At least the 4700 in front of me does. > > Duck > > - Original Message - > > From: william yuwono <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Thursday, November 30, 2000 8:52 AM > > Subject: Re: garbage in hperterminal ? > > > > > > > Hi Barbara, > > > > > > I think your Hyperterminal setting is not corect (9600-8-N-2). > > I think you > > > should change the Hyperterminal setting to 9600-8-N-1. > > > > > > I hope this help, > > > > > > william > > > > > > - Original Message - > > > From: Barbara Cobbina <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Wednesday, November 29, 2000 7:13 AM > > > Subject: garbage in hperterminal ? > > > > > > > > > > Can anyone please tell me why I get garbage in > > > > hyperterminal when I try to access my 2503 from the > > > > console. > > > > > > > > My settings are 9600-8-N-2 and I think I have the > > > > right cable as it worked before. > > > > > > > > Cheers > > > > Babs > > > > > > > > __ > > > > Do You Yahoo!? > > > > Yahoo! Shopping - Thousands of Stores. Millions of Products. > > > > http://shopping.yahoo.com/ > > > > > > > > _ > > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > > > _ > > > Do You Yahoo!? > > > Get your free @yahoo.com address at http://mail.yahoo.com > > > > > > _ > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF question
Correct me if I am wrong, but I don't think you can advertise a class C if the address is assigned to the loopback. Because the router is not aware of any network, only that address. I believe you would have to assign the ip to an eth interface (or any other besides lo0) which would be known to the router as a network directly connected and thus able to be advertised. Please correct this if it is incorrect. Adam Hickey [EMAIL PROTECTED] - Original Message - From: "Elaluf, Sylvia," <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, December 04, 2000 6:10 AM Subject: OSPF question > Hello everybody > > I need some help with the following: > > Given the following > > loopback 0 > ip address 10.10.10.1 255.255.255.0 > > router ospf 1 > network 10.0.0.0 0.0.0.255 area 0 > > sh ip route 10.10.10.1 > known via connected loopback 0 > distributed via ospf 1 > 10.10.10.1 255.255.255.255 > > what I want is to Advertise the loopback interface as class C and not host > specific route. > > distributed via ospf 1 > 10.10.10.1 255.255.255.0 > > How do I do that? > > Silvia Elaluf-Calderwood > [EMAIL PROTECTED] > > "Only two things are infinite, the universe and human stupidity, and I'm not > sure about the former." > - Albert Einstein > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Unix Administrator Opportunity
I apologize in advance if this is the wrong group in which to post job postings.Ā I am a Technical Recruiter with Hall Kinion (www.hallkinion.com)Ā I deal with all types of network related contract opportunities in the New York City area (i.e Network/System Administrators, System Engineers, System Support, Desktop Support, DBA's, System Architects) Ā I currently have a contract opportunity for a Unix System Administrator in New York City.Ā The ideal person for this position will have at least three years of Unix (Solaris) experience.Ā Knowledge of setting up user accounts and privileges.Ā Capable of troubleshooting, doing backup and recovery, as well as disk partitioning. Knowledge of shell scripting (Korn, Bourne, or Perl) is a plus.Ā If you are interested in hearing more about this position feel free to contact me via email or phone.Ā My contact information is listed below.Ā Thank you for your time. Ā Adam Bernstein Technical Recruiter [EMAIL PROTECTED] 212 575-1400 ext 216Ā
Publishing Date?
Anyone know when Doyle is going to publish Vol 2? Adam Hickey [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: about AS 5300
Each T1/E1 uses a virtual serial interface when it comes in the NAS with PRI signaling. 15, if I am correct is the D-channel on the E1-PRI (equal to channel 23 on a T1 PRI). No modems involved. Adam [EMAIL PROTECTED] - Original Message - From: "Babar Hameed" <[EMAIL PROTECTED]> To: "Frank" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, December 13, 2000 12:09 AM Subject: Re: about AS 5300 > the serial 0:15 etc means the 15th (virtual) modem on the first (0 E1 > controller) PRI. > > Babar Hameed > Network Engineer > Unisys Pakistan > > -Original Message- > From: "Frank" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Date: Wed, 13 Dec 2000 13:21:21 +0800 > Subject: about AS 5300 > > > i am reading a config example about 5300 which has octal E1/PRI card > > with 4 > > serial interfaces. > > there are "controller E1 0","int s0...int s3" items. > > but what does "int s0:15...int s7:15" mean? > > i guess they are the signalling channels of 8 E1 controllers. > > why use int serial term? > > > > Any explanations about this is greatly appreciated. > > > > > > frank > > > > > > _ > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Switching method help!!
Hey all, Question: 1) On a router with multiple outbound paths, if fast switching (or CEF) = is enabled and outbound traffic comes through towards a given = destination, is all traffic for that same destination then locked to the = same path untill the route cache is cleared? 2) If the above is yes, how long does the router maintain its route = cache? Purpose: We have a 7507 that will be running BGP over 2 T1's. We are attempting = to establish load balancing both inbound and out. Halabi (2nd Ed.) in = Chapter 7 warns that to do this one must be familiar with the different = methods of switching. Thus I am studying to find the pro's and cons of = each. CEF or fast switching sounds about right, however, the above = question was raised as I was discussing this with our lead engineer. Thank You Adam [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Switching Method Help
Hey all, Question: 1) On a router with multiple outbound paths, if fast switching (or CEF) = =3D is enabled and outbound traffic comes through towards a given =3D destination, is all traffic for that same destination then locked to the = =3D same path untill the route cache is cleared? 2) If the above is yes, how long does the router maintain its route =3D cache? Purpose: We have a 7507 that will be running BGP over 2 T1's. We are attempting = =3D to establish load balancing both inbound and out. Halabi (2nd Ed.) in = =3D Chapter 7 warns that to do this one must be familiar with the different = =3D methods of switching. Thus I am studying to find the pro's and cons of = =3D each. CEF or fast switching sounds about right, however, the above =3D question was raised as I was discussing this with our lead engineer. Thank You Adam [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Switching method help!!
Does this case (CEF needed on both ends) still exist even if my 2 T1's terminate, on the far end, on two different routers (same provider though)? Thanks Adam Hickey [EMAIL PROTECTED] - Original Message - From: "Marty Adkins" <[EMAIL PROTECTED]> To: "Tony van Ree" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Cc: "Priscilla Oppenheimer" <[EMAIL PROTECTED]>; "Adam Hickey" <[EMAIL PROTECTED]> Sent: Monday, December 18, 2000 9:25 AM Subject: Re: Switching method help!! > Tony van Ree wrote: > > > > Hi, > > > > I understand yes that CEF can assist with load balancing but, be aware it must be set at both ends of a service as I understand it. Unfortunately I don't know enough about CEF yet. We do however have it configured in a number of instances. > > > > Teunis, > > Hobart, Tasmania > > Australia > > > The packet forwarding process is independent on each router, but to get the > benefit of load-sharing by source and destination pairs, in _both_ directions, > both ends would need to use CEF. > > For the group, here are a couple more links that explain CEF and other > switching modes in more detail (no CCO account required): > How to Choose the Best Router Switching Path for Your Network >http://www.cisco.com/warp/public/105/20.html > Performance Tuning Basics: >http://www.cisco.com/warp/public/63/tuning.html > > Marty Adkins Email: [EMAIL PROTECTED] > Mentor Technologies Phone: 410-280-8840 x3006 > 275 West Street, Plaza 70WWW: http://www.mentortech.com > Annapolis, MD 21401 Cisco CCIE #1289 > > > On Friday, December 15, 2000 at 11:27:59 AM, Priscilla Oppenheimer wrote: > > > > > Fast switching definitely has the problem you refer to. Fast switching > > > offers per-destination load-sharing. Since the router caches information on > > > how to forward traffic to a destination, all traffic to that destination > > > exits the same interface. > > > > > > One of the goals of CEF was to overcome this problem. I can't remember the > > > details, but I think you can do more precise load-balancing with CEF. I'll > > > see if I can dig up more details and get back to you. Or maybe some other > > > folks who use CEF can chime in. > > > > > > Priscilla > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP trainning course (more advancet the better)
Is somebody here who nows place when BGP course trainning can be attended ? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP trainning course (more advancet the better)
> >Is somebody here who nows place when BGP course trainning can be attended ? > What are your objectives for such a course? Just the certification > aspects, the broader view of ISP operations, or of code development? > ISP level with all available optiosn abilities... ticks and tricks etc... not cert for that not code writing too... :wq _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Case: SC-00907239 Exam Survey Inquiry
Hmmm...based upon the entire paragraph I would agree that the survey has no bearing on the actual exam. However, a more literal interpretation indicates that it DOES have bearing. ;-) 1st paragraph --- ***These surveys does reflect in any way on the exam. At the very least, there are conflicting statements within the entire message. 2nd paragraph --- ***The surveys again does not reflect on the exams.*** My guess is that the writer is kicking himself for such an inconsistent email. Doh! I hate it when that happens! :-) Happy Holidays to all, AQ At 02:07 PM 12/19/00, Priscilla Oppenheimer wrote: >Well, here you have your answer, if you can parse it. It appears to be >written by a non-native English speaker, as is probably the case with the >survey instructions on the test. > >Priscilla > >At 09:13 AM 12/19/00, you wrote: > >Dear Customer, > > > >Thank you for contacting the Cisco Training. In regards to your question, > >the surveys given before the exam is for customer service evaluation and > >statistics. One is from Prometric, the testing vendor, is for customer > >service on the exam. The other survey is from Cisco to see if a candidate > >has any backgrounds in the networking industry. These surveys does > >reflect in any way on the exam. > >If a candidate has no or little experience/backgrounds in the networking > >industry and replys in the surveys with that answer, the exam(s) will not > >be easier. The surveys again does not reflect on the exams. > > > >If you have further questions, please feel free to contact us for > assistance. > > > >Kind regards, > >The Cisco Career Certifications Team > > > > >Priscilla Oppenheimer >http://www.priscilla.com > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BCRAN Questions
VPDN was on CMTD, but not BCRAN (at least not that I've seen or heard). I saw the outline in question on Cisco's web site a while ago, but so far as I can tell, no one who has taken and reported back to this group that any of these topics have appeared on the BCRAN exam. I assumed that some Cisco employee inadvertently put this outline on the web site and just forgot about it. I'm really quite surprised it is still there after several months, especially since no one, specifically those who provide certified Cisco training, are jumping to expand the outline of their BCRAN material. http://db.globalknowledge.com/catalog/outline.asp?course=5500&cat=6 In addition if you look at the switching link: http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/pdf/bcmsn.pdf you will see a requirement to understand DDR (Dial On Demand Routing). This inconsistency just leads me to suspect that someone made a mistake and just hasn't corrected it. Does anyone know anything different? AQ At 10:38 PM 12/19/00, Mike Balistreri wrote: >I don't remember any frame tagging, DMZ or VoIP. But VPDN definitely. I >think I used >stuff off the Cisco web site for that. > >Mike Balistreri > >"Wilson, Christian" wrote: > > > Hi all > > > > I was reviewing the test outline for BCRAN on the CCO and noticed VoIP > > mentioned twice, firewalls, DMZ's, frame tagging, and VPDN's. I did > not see > > any of these topics covered in the BCRAN book with the exception of a brief > > mention of VPN technology in appendix F. It even mentions routed vs > routing > > protocols. It seems that other tests encompass some of these topics. I > > realize that nearly any topic is fair game for Cisco, but can someone tell > > me, do I need to spend extensive time studying these topics? I test on > > Friday and have been focusing my study efforts on DDR, ISDN, Frame Relay, > > Dial backup, NAT, AAA. Do I need to stop studying these and start looking > > at voice over IP? Any help would be greatly appreciated! > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > >-- > > > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ** Adam Quiggle Senior Network Engineer MCI Worldcom/NOC/BP Amoco [EMAIL PROTECTED] ** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP bandwidth question
Nope, it would probably kill ya. We have a neighbor (in our office building) that tried to do full table. It ended up being darn near 130 Megs, maybe 126MB. So even if it is less than the 128MB that you have for memory, you do not want to use ALL of your memory just to store the table. There will be no room left for simply running your IOS. Do you have a real purpose for full table or "just to see if you can"? Cheers Adam Hickey [EMAIL PROTECTED] > - Original Message - > From: "Gardner, Donald/COR" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, November 18, 2000 3:26 AM > Subject: BGP bandwidth question > > > > OK, I have a discussion going on in the office about what a full BGP > session > > is going to do to our Internet bandwidth and memory. > > > > Right now I have 2 T1s from two providers, one from PSI and one from > Epoch, > > and am getting partial routes from both. I get 6505 prefixes from PSI and > > 1238 from Epoch. We are running a 7206 NPE150 with 128 Meg of Ram. I am > > looking at getting full routes from one or both providers. > > > > I am getting conflicting feedback about what getting full routes will do > to > > our bandwidth and memory. One says it will kill us and another says no > > problem. > > > > Any real world experiences and feedback would be appreciated... > > > > Don > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > _ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to verify port speed and CIR
Jim, You can not verify the CIR on a Cisco Router unless you are running Cisco LMI. If you are running Cisco LMI you will find the CIR by performing a show frame pvc. If you aren't running Cisco LMI then you won't be able to find out what it is set to. As an alternative you can always test your throughput by pulling a large file and see what kind of throughput you get. I use a NMS called Spectrum that allows me to see the frame pvc utilization in real time from the router's perspective, unfortunately it is expensive and I can't recommend another. Whatever tool you do use make sure that you measure the byte count from the show frame pvc command. If you don't have access to a good snmp tool then just send a large file through and grab the byte count before and after sending the file and don't forget to time how long it takes. The bigger the file, the longer the sample time, the more accurate the measurement. Remember that your PVCs throughput will be based upon your Frame Relay provider's technology/policies. There are a million variables that could cause your throughput to go above your CIR, but there are only two reasons why it should will below your CIR: 1) Your CIR isn't set as high as you think it should be 2) Your Frame service isn't working correctly In either event, if it does drop below your CIR, then you need to contact your service provider and find out why. HTH, AQ p.s. All of the above is predicated on the fact that your routers are configured correctly. :-) At 08:10 PM 1/1/01, Dennis wrote: >I am pretty sure that the port speed can be verified by the number of >channels you have set on the CSU and the CIR can be verified by doing a show >frame map on the router. > >-dennis >"Jim Bond" <[EMAIL PROTECTED]> wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hello, > > > > We have a frame relay link with 512K/256K. How do I > > verify port speed is 512K and CIR is 256K? I used some > > tools, like MRTG, but I don't think it shows the real > > speed. > > > > Thanks in advance. > > > > > > Jim > > > > __ > > Do You Yahoo!? > > Yahoo! Photos - Share your holiday photos online! > > http://photos.yahoo.com/ > > > > _ > > FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ** Adam Quiggle Senior Network Engineer MCI Worldcom/NOC/BP Amoco [EMAIL PROTECTED] ** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX VPNs
Geroge, Interesting perspective. However, depending upon the VPN protocol you are using it may or may not provide a connectivity solution. Since we are talking about the PIX firewall, we must be talking about IPSec. I don't see IPSec as a connectivity solution, it is a security solution. There are many ways to provide security, the most obvious is encryption. Another method for providing security would be to hide the real ip addresses of my Intranet. By using the private address range (RFC 1918) on my Intranet and translating outgoing packets to an Internet routable address, I almost guarantee that no one can send a packet directly to any of the computers on my intranet without going through my firewall or VPN. VPNs can solve many problems, but connectivity is not always one of them. There are certain VPN protocols such as PPTP, L2F, L2TP that can give you a connectivity solution. If you want to run a routing protocol through a VPN, specifically IPSec, then you do need to setup a GRE tunnel. The way I see it GRE tunnels are a connectivity solution, because it allows you to transport protocols that are not routable across an IP only backbone. Keep in mind that GRE tunnels are not a security solution, which is why you might encrypt a GRE tunnel with IPSec. If you don't care about hiding your address space from the rest of the world and thus want a solution that doesn't require two distinct address spaces, why focus on a PIX firewall, especially since it's primary goal is to hide your address space. Instead, why not just terminate an IPSec tunnel between two VPN accelerated routers? (They don't need to be accelerated, but depending upon the projected bandwidth utilization they might need to be). There are many routers that can be used to fit any number of requirements. It all just depends upon that famous quote "what problem are we trying to solve". As my father always said.."the right tool for the right job" :-) So, where was I? Oh..right...Austin...here is the link you are looking for: http://www.cisco.com/warp/public/110/38.html HTH, AQ At 11:40 AM 1/2/01, gwakin wrote: >I feel led to tell you that, unless IOS or PIX software has been enhanced >since last I >dealt with this issue, you will need to ensure that you're running >different IP schemas >on each PIX, and preferably non-translated schemas at that. Also, if >you're planning to >run a routing protocol such as OSPF across the VPN link, you will need to >look at >setting up a GRE tunnel to accomplish that purpose. Needless to say, >Cisco needs to do >a better job of due diligence on this VPN solution. > >GWA > >Austin wrote: > > > I am looking for sample configs on PIX to PIX VPNs. > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ** Adam Quiggle Senior Network Engineer MCI Worldcom/NOC/BP Amoco [EMAIL PROTECTED] ** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TACACS and Telnet
Cristian, Good question! No your telnet session is not secure. When you type in your password you are sending it across the network in clear text. However, the session that is used between your router and the TACACS server is encrypted using the shared key that you define when you setup TACACS. If you want secure communications using a telnet like session you will have to use SSH. I believe it was implemented in IOS 12.0, but I could be wrong. Just remember that you will have to have a SSH client in order to use SSH to communicate with your router. Here is a link for more info. http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t1/sshv1.htm (watch the wrap) HTH, AQ At 03:47 AM 1/3/01, Piatnitchi Cristian wrote: >Hi all > >I intend to setup TACACS+ authentication for all our network devices and >I need to understand the following question: > >Is the telnet authentication sequence encrypted ? I am asking about the >situation >when the net. device is set up to work with TACACS+. >If it isn't what should I do to have a secure connection during the >authentication phase. > >I have to say that I use an IP connection not PPP. (It's just a simple >Telnet session from our internal LAN) > >In my opinion it is not a secure session but I would like to be a secure one >and I don't know how to set it. >I will be waiting for your advice. > >Thanks in advance >Cristian > > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ** Adam Quiggle Senior Network Engineer MCI Worldcom/NOC/BP Amoco [EMAIL PROTECTED] ** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS and Telnet
Cristian, If you are asking me if the IOS upgrade is free or not, that I couldn't answer. It all depends upon how you like to pay the piper. :-) If you have smartnet maintenance, then I think it is free. If not you will probably have to purchase it. I am no expert in this area, maybe someone who works for a reseller can help you out here .Bueller? Bueller? anyone? ;-) Later, AQ At 05:18 AM 1/3/01, Piatnitchi Cristian wrote: >Hi Adam > >Thanks for the link. Now the question is clear for me. >Yes is is true ssh is supported starting with IOS 12 but IOS 12.1 not >IOS 12.0 >Is the upgrade free from a version to a higher one. I mean from 12.0 to 12.1 >? > >Thanks for help. >Cristian > > >-Original Message- >From: Adam Quiggle [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, January 03, 2001 11:22 AM >To: Piatnitchi Cristian; '[EMAIL PROTECTED]' >Subject: Re: TACACS and Telnet > > >Cristian, > >Good question! No your telnet session is not secure. When >you type in your password you are sending it across the network >in clear text. However, the session that is used between your >router and the TACACS server is encrypted using the shared key >that you define when you setup TACACS. > >If you want secure communications using a telnet like session >you will have to use SSH. I believe it was implemented in IOS 12.0, >but I could be wrong. Just remember that you will have to have >a SSH client in order to use SSH to communicate with your router. > >Here is a link for more info. > >http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121 >t/121t1/sshv1.htm >(watch the wrap) > >HTH, >AQ > >At 03:47 AM 1/3/01, Piatnitchi Cristian wrote: > >Hi all > > > >I intend to setup TACACS+ authentication for all our network devices and > >I need to understand the following question: > > > >Is the telnet authentication sequence encrypted ? I am asking about the > >situation > >when the net. device is set up to work with TACACS+. > >If it isn't what should I do to have a secure connection during the > >authentication phase. > > > >I have to say that I use an IP connection not PPP. (It's just a simple > >Telnet session from our internal LAN) > > > >In my opinion it is not a secure session but I would like to be a secure >one > >and I don't know how to set it. > >I will be waiting for your advice. > > > >Thanks in advance > >Cristian > > > > > >_ > >FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > >** > Adam Quiggle > Senior Network Engineer > MCI Worldcom/NOC/BP Amoco > [EMAIL PROTECTED] >** > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX and OSPF help! (Revisited)
Nabil, Looking back on my post to this thread I realized I forgot to answer the original question. Yes you can setup a GRE tunnel to pass your OSPF traffic from one router to another router. Below is a working config for a multipoint GRE tunnel that uses OSPF. This is just one config file from which four routers were participating in a multipoint GRE tunnel. What makes this interesting is that the hub router (which was not participating in OSPF) had no idea about the routes being exchanged by the four tail routers. This is very similiar to what you are trying to do (except for the multipoint tunnel). I think you should be able to glean what you are looking for from the following config. If not let me know. Don't forget to open up IP port 47 on your firewall so that tunnel traffic can get through. HTH, AQ 1 version 11.3 2 service timestamps debug uptime 3 service timestamps log uptime 4 no service password-encryption 5 ! 6 hostname Dwyer_Inc 7 ! 8 interface Loopback100 9 ip address 1.1.1.1 255.255.255.255 10 ! 11 interface Tunnel100 12 ip address 200.200.0.1 255.255.255.0 13 no ip redirects 14 ip nhrp map 200.200.0.2 192.168.20.2 15 ip nhrp network-id 200 16 ip nhrp nhs 200.200.0.2 17 ip ospf network non-broadcast 18 tunnel source Serial0 19 tunnel mode gre multipoint 20 tunnel key 200 221 ! 22 interface Ethernet0 23 ip address 200.200.110.1 255.255.255.0 24 ! 25 interface Serial0 26 ip address 192.168.10.2 255.255.255.0 27 ! 28 interface Serial1 29 no ip address 30 shutdown 31 ! 32 router eigrp 10 33 network 192.168.10.0 34 ! 35 router ospf 25 36 network 200.200.0.0 0.0.255.255 area 0 37 neighbor 200.200.0.2 priority 1 38 neighbor 200.200.0.3 priority 1 39 neighbor 200.200.0.4 priority 1 40 ! 41 ip classless 42 ! 43 ! 44 ! 45 line con 0 46 exec-timeout 0 0 47 line aux 0 48 line vty 0 4 49 exec-timeout 0 0 50 login 51 ! 52 end >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of >gwakin >Sent: Tuesday, January 02, 2001 9:19 AM >To: [EMAIL PROTECTED] >Subject:Re: PIX and OSPF help! (Revisited) > >it is my understanding that a GRE tunnel is required for passing multicast >traffic over >a VPN link... however I won't even attempt to forge a working config here- >you're better >off checking CCO for that. > >GWA > >Nabil Fares wrote: > > > Greetings, > > > > I can't seem to find any information about PIX passing OSPF traffic >between > > routers. I'm trying to install a PIX515 between 2 regional routers. > > > > Router-C1--PIX515---Router-C2 > > > > Cisco recommends using the OSPF neighbor command, anyone out there used >this > > configuration before? Any information would be helpful. > > > > Thanks, > > > > Nabil > > > > _ > > FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ** Adam Quiggle Senior Network Engineer MCI Worldcom/NOC/BP Amoco [EMAIL PROTECTED] ** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Modem access from Router
Sam, Here is a sample config from a 2501 that gives you PPP access to your network through the aux port. Don't worry about the missing lines because I've pulled stuff out that wasn't relevant to your question as well as stuck some stuff in that you need. Notice that "line 1" is all about configuring the physical layer, while "async 1" is all about configuring the data link layer and network layer. HTH, AQ p.s. If all you want is console access, this config should give it to you as well. 1 version 12.0 2 service timestamps debug uptime 3 service timestamps log uptime 4 no service password-encryption 5 ! 6 hostname RouterAsyncConfig 9 ! 10 ip subnet-zero 11 ! 22 interface Loopback0 23 ip address 1.1.1.1 255.255.255.255 24 no ip directed-broadcast 25 ! 26 interface Ethernet0 27 no ip address 28 no ip directed-broadcast 29 no ip route-cache 30 no ip mroute-cache 31 shutdown 32 ! 33 interface Serial0 34 ip address 192.168.10.2 255.255.255.0 35 no ip directed-broadcast 36 no ip route-cache 37 no ip mroute-cache 38 no fair-queue 39 ! 40 interface Serial1 41 no ip address 42 no ip directed-broadcast 43 no ip route-cache 44 no ip mroute-cache 45 shutdown 46 no fair-queue 47 ! 48 interface Async1 49 no ip address 50 no ip directed-broadcast 51 encapsulation ppp 52 async mode interactive 53 peer default ip address pool default 54 ppp authentication ms-chap chap pap 59 ! 47 ip local pool Dialup-pool 172.16.20.10 172.16.20.100 60 ip classless 61 ! 62 line con 0 63 exec-timeout 0 0 64 transport input none 65 line aux 0 66 no exec 67 no motd-banner 68 no exec-banner 69 autoselect ppp 70 modem Dialin 71 modem autoconfigure type usr_sportster 72 transport input all 73 stopbits 1 74 speed 38400 75 flowcontrol hardware 76 line vty 0 4 77 login 78 ! 79 end At 10:35 AM 1/3/01, Sam wrote: >Hello friends > >I have a modem connected to the AUX port of my router. I am using this modem >to dial into the router. > >Now I need to access this modem from the router. >What do i need to configure on the router to be able to access the modem >from the router itself. ie to be able to configure the modem using the AT >command set. >Could someone help me out on this. > >Thanks > >Sam > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ** Adam Quiggle Senior Network Engineer MCI Worldcom/NOC/BP Amoco [EMAIL PROTECTED] ** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: fore
> Has anyone configured a forerunner ASX-200BX if so could you point me in = > the direction of some documentation. www.fore.com || www.marconi.com there is some doc an TAC pages and documents _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2501 Problems
Agreed. I use TeraTerm Pro as well and I like it for three reasons: 1) You can send a Ctrl-break sequence right from the menu (under control->send break). 2) If you want to remove a command,(a) do a show config (so you can see command), (b) get into the appropriate config mode, (c) type "no", (d) highlight the command you want to remove, (e) then right click anywhere (it automatically gets copied into the clipboard and pasted into your command line). 3) I can use it to telnet as well as connect to my serial port. In addition, it supports SSH (although I haven't tried it yet). HTH, AQ At 07:24 PM 1/6/01, you wrote: >Hyperterm is broke. I've lost count on which versions work and which ones >are broke. It doesn't pass the "break" sequence properly. > >Do yourself a favor and download TeraTerm. > >It works great on every Windows platform I've used so far. > >Kevin Wigle > >- Original Message - >From: "Troy" <[EMAIL PROTECTED]> >Newsgroups: groupstudy.cisco >To: <[EMAIL PROTECTED]> >Sent: Saturday, 06 January, 2001 18:53 >Subject: 2501 Problems > > > > I have a 2501 router. There is a password set on the user mode and I >don't > > have the password. I went to TAC website and followed the instructions >for > > recovering password but when I'm in Hyperterminal (version 6.1) on my NT > > server 4.0 sp6 I can't boot into Memory monitoring mode. I get what is > > below. And it just stops. Any help would be great. Thanks. > > > > > > > > System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE > > Copyright (c) 1986-1995 by cisco Systems > > 2500 processor with 4096 Kbytes of main memory > > > > F3: 5773940+168176+415888 at 0x360 > > > > Restricted Rights Legend > > > > Use, duplication, or disclosure by the Government is > > subject to restrictions as set forth in subparagraph > > (c) of the Commercial Computer Software - Restricted > > Rights clause at FAR sec. 52.227-19 and subparagraph > > (c) (1) (ii) of the Rights in Technical Data and Computer > > Software clause at DFARS sec. 252.227-7013. > > > >cisco Systems, Inc. > >170 West Tasman Drive > >San Jose, California 95134-1706 > > > > > > > > Cisco Internetwork Operating System Software > > IOS (tm) 2500 Software (C2500-IO-L), Version 12.0(1), RELEASE SOFTWARE >(fc1) > > Copyright (c) 1986-1998 by cisco Systems, Inc. > > Compiled Tue 20-Oct-98 15:05 by phanguye > > Image text-base: 0x03030258, data-base: 0x1000 > > > > cisco 2500 (68030) processor (revision F) with 4096K/2048K bytes of >memory. > > Processor board ID 05198864, with hardware revision > > Bridging software. > > X.25 software, Version 3.0.0. > > 1 Ethernet/IEEE 802.3 interface(s) > > 2 Serial network interface(s) > > 32K bytes of non-volatile configuration memory. > > 8192K bytes of processor board System flash (Read ONLY) > > > > > > > > Press RETURN to get started! > > > > > > 00:00:20: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up > > 00:00:20: %LINK-3-UPDOWN: Interface Serial0, changed state to down > > 00:00:20: %LINK-3-UPDOWN: Interface Serial1, changed state to down > > 00:00:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, >changed > > state to down > > 00:00:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed > > state to down > > 00:00:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed > > state to down > > 00:00:26: %LINK-5-CHANGED: Interface Loopback1, changed state to > > administratively down > > 00:00:27: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0.16, > > changed state to down > > 00:00:27: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0.100, > > changed state to down > > 00:00:31: %LINK-5-CHANGED: Interface Serial1, changed state to > > administratively down > > 00:00:33: %SYS-5-CONFIG_I: Configured from memory by console > > 00:00:33: %SYS-5-RESTART: System restarted -- > > Cisco Internetwork Operating System Software > > IOS (tm) 2500 Software (C2500-IO-L), Version 12.0(1), RELEASE SOFTWARE >(fc1) > > Copyright (c) 1986-1998 by cisco Systems, Inc. > > Compiled Tue 20-Oct-98 15:05 by phanguye > > > > > > _ > > FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RADIUS + Cat 2924XL
Hello cisco, Is cat 2924XL with ATMuplin support radius ? In aaa command set directive "radius" apperas and can be set-up but no radius-server etc directives in command line This is a bad parser code in (12.0.5) release or just 29..XL doesn;t support radius auth... and tacacs+ only ? -- Regards, Adam ObszyƱski ATM Inc. +48-22-5156418 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: SNMP
Teunis, I just found GetIF this weekend and think it is definitely an excellent tool for troubleshooting. Small, light-weight and very easily understood. I really like being able to do traceroutes between two devices without having to telnet to either device. Other cool things: -Graph values in real time (like mapping real time packets going into an interface -Check routing tables -Look at the ARP table When it comes to Cisco routers it is frequently easier to telnet to the device and use the corresponding Cisco command. But when I have to deal with Bay routers it is very difficult for me because I haven't mastered the Bay command line. GetIF puts everything in simple easy to understand format. I can see this tool is going to slow down my efforts for learning Bay commandsnot sure if that's a good thing or a bad thing... The only thing I don't like about it, is that you can't make the window bigger. You can only see about 8 - 12 lines on any single tab. However, if that's my only complaint..I'd say its pretty good. :-) Later, AQ At 04:27 PM 1/7/01, Tony van Ree wrote: >Hi, > >GetIF I tend to use for small things in a rush as a trouble discovery >tool. I find it excellent. It allows you to get into devices you have >little details on. > >gxsnmp is another "free" management tool. This is far more complicated >but allows you to do stuff more in the lines of HP Openview or Cabletrons >Spectrum. > >MG-Soft also have some excellent products that make it easier to generate >the sort of MIB trees you might want to design for particular applications. > >As more discussion on SNMP seems to be requested here are some little >findings I have made over the years. > >Of all the SNMP managers I found Spectrum whilst the most cost expensive >in the intitial stages I found it was easier to use and provided better >models than any of the other products I tried. > >I found the secret to any management was understand what it is you want to >manage, what you were going to do with the data, how you were going to >lay out the model and to whom the reports would be sent. Without these >things you could waste hours producing useless pictures, graphs and >stats. You would feel good and nobody else could care less. > >Just some thoughts > >Teunis >Hobart, Tasmania >Australia > >On Saturday, January 06, 2001 at 07:44:19 PM, David C Prall wrote: > > > Use Getif on a Windows Environment to browse the MIB's. > > http://www.geocities.com/SiliconValley/Hills/8260/ > > > > It's free and works wonderfully for walking the tree. > > > > David C Prall [EMAIL PROTECTED] http://dcp.dcptech.com > > - Original Message - > > From: "Pierre-Alex" <[EMAIL PROTECTED]> > > To: "Cisco" <[EMAIL PROTECTED]> > > Sent: Saturday, January 06, 2001 5:38 PM > > Subject: SNMP > > > > > > > I am looking for a free utility that will allow me to experiment querying > > > the MIB database of a switch. Is there such a thing? > > > > > > Pierre-Alex > > > > > > _ > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > >-- >www.tasmail.com > > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ** Adam Quiggle Senior Network Engineer MCI Worldcom/NOC/BP Amoco [EMAIL PROTECTED] ** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Troubleshooting 102 - "password recovery"
Chuck, I know it's a little late, but feel free to help yourself to this configuration register setting thing that I received and have since modified to suit my needs. It has all of the corresponding values in the configuration register and what they mean. http://home.nc.rr.com/quiggle/ConfigReg.xls There is a place to convert the configuration register to binary, so that you can easily see the configuration. In addition there is a place to enter the binary values you want and it'll spit out the configuration register for you. :-) Not that you can't find what you need on CCO, but sometimes its just more convenient to have it on a laptop that can travel with you. :-) If anyone sees any errors, please let me know. Thanks, AQ At 01:57 AM 1/8/01, Chuck Larrieu wrote: >Well that wasn't nearly so bad as it could have been. The low life who >trashed my router, not to mention spoiled it for a lot of folks on these >lists, could have been more malicious. But he was deliberate. No doubt about >it. > >So here is today's troubleshooting lesson - not really password recovery, >but configuration register setting recovery. I have done a bit of password >recovery practice, but not much. > >1) cannot get into rommon mode. Not that I can tell. Gibberish of various >sorts on screen. Check to be sure my version of HyperTerminal sends the >correct control-break sequence, using another router. it does. I was sure I >had upgraded this particular version, but these days, when moving between so >many different computers at home and on the job, one never can tell. > >2) Ok, with gibberish on the screen, what are some things to check? A quick >look through CCO confirms that baud rate is the only terminal setting that >can be changed in the register. Thank goodness one cannot also change the >data, stop, and parity. > >3) OK. Brute force this thing. 9600 does not work. Let's work down the >scale, and see. 4800 does not work. 1200 did not work earlier this >afternoon. But 2400 does work. I see clear text and I see I am in rommon >after all. > >4) Check the current config register setting. E/s 202 [enter] reveals >the setting as 0x3942 you bad boy! > >5) Use the o/r 0x2102 to reset the register and reload. > >6) Rommon again! Hhmmm. > >7) OK, this time do a config mem ( I probably should have looked at this >last time anyway, but I did not ) > >8) Well, what did the yo-yo do here? Hostname rommon> interesting. >Certainly explains the console message I was seeing last time I reloaded. >Well, I don't have time to fool around any more. Erase start, reload, things >come up ok. I will copy my saved configuration later. > >9) Too bad garbage-head inserted himself into this weekend. Someone was >doing a very interesting IPSec tunnel between my pod and theirs. I was >looking forward to seeing the result. > >10) End result - learned a few more things which will be valuable in the >lab - troubleshooting portion. > >Extra credit - with a configuration register setting of 0x3942, what was >happening at boot time? > >Chuck >-- >I am Locutus, a CCIE Lab Proctor. Xx_Brain_dumps_xX are futile. Your life as >it has been is over ( if you hope to pass ) From this time forward, you will >study US! >( apologies to the folks at Star Trek TNG ) > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ** Adam Quiggle Senior Network Engineer MCI Worldcom/NOC/BP Amoco [EMAIL PROTECTED] ** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Partialy OT: 5ESS Switch Type Issue
Heya All, When working with AS5800's and turning up PRI's, I noticed that the = B-Channel busyout command will not work when the telco switch is running = 5ESS standard. I have had it indicated to me that 5E does not send some = sort of needed comm packet. Does anyone have any further insight on this = or could point to some docs on the subject (cisco has proved useless). Thanks Adam Hickey [EMAIL PROTECTED] =20 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: configuration register
Zuszus, Feel free to use this spreadsheet to determine the appropriate values for your configuration register. http://home.nc.rr.com/quiggle/ConfigReg.xls HTH, AQ At 03:49 PM 1/8/01, zuszus wrote: >i am a network administrator of CORVIT SYSTEMS PRIVATE LIMITED PAKISTAN.I >JUST CHANGED TJE CONFIGURATION REGISTOR VALUE to 0x2101 OF MY cisco routers >( cpa 2501),and reloaded. after that they are not get started.i erased the >flash and reloaded from tftp , but all my efforts ended in in vain. please >help. > >khawaja usman mahmood >[EMAIL PROTECTED] > > > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: why the flash mem doesn't increase
Frank, After you delete it don't forget to squeeze it. When you delete it you are only marking it for deletion. Squeezing flash actually gets rid of the file. HTH, AQ At 11:49 PM 1/13/01, Frank wrote: >do i have to erase the flash totally to upgrade the ios ,then copy the >vcw-vfc-mz.c549.mc.7.23.bin back? > >"Frank" <[EMAIL PROTECTED]> wrote in message >93re40$ffa$[EMAIL PROTECTED]">news:93re40$ffa$[EMAIL PROTECTED]... > > I want to upgrade the ios ,and i want to keep the > > vcw-vfc-mz.c549.mc.7.23.bin. > > if i run "copy tftp flash",i have to erase the flash file system totally >to > > make room. > > So i try to delete c5300-is-mz.120-7.T first ,but why the available mem > > doesn;t increase, > > and i reload the router ,no change,why ?/what does the mark [deleted] >mean? > > > > > > Thanks, > > > > Frank > > > > * > > cisco#sh flash > > > > System flash directory: > > File Length Name/status > > 1 7023036 c5300-is-mz.120-7.T > > 2 8401248 c5300-is-mz.121-5.T.bin > > 3 341960 vcw-vfc-mz.c549.mc.7.23.bin > > [15766436 bytes used, 1010780 available, 16777216 total] > > 16384K bytes of processor board System flash (Read/Write) > > > > cisco#delete flash:c5300-is-mz.120-7.T > > Delete filename [c5300-is-mz.120-7.T]? > > Delete flash:c5300-is-mz.120-7.T? [confirm] > > > > cisco#sh flash > > System flash directory: > > File Length Name/status > > 1 7023036 c5300-is-mz.120-7.T [deleted] > > 2 8401248 c5300-is-mz.121-5.T.bin > > 3 341960 vcw-vfc-mz.c549.mc.7.23.bin > > [15766436 bytes used, 1010780 available, 16777216 total] > > 16384K bytes of processor board System flash (Read/Write) > > > > > > _ > > FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
SPD (Selective Packet Discard)
Hi everyone, I'm trying to find information regarding SPD and am having a heck of time. Here is what I've found so regarding SPD (selective packet discard): Selective Packet Discard - When in severe overload conditions, routers that cannot keep up with the incoming packet stream must drop packets. If no intelligence is applied to choosing which ones to discard, this will impact the stability of routing protocols. This feature applies some simple choices to selectively discard packets likely to be unimportant for routing and interface stability. SPD is enabled by default; there are no commands or configuration tasks required. The problem I have is that if I wanted to disable SPD (not that I'm suggesting you would want to) how would you go about doing it? I can't find any commands or documentation indicating how to do so. The only documentation I've been able to dredge up is about configuring spd for aggressive mode (allows a router to drop all packets that fail sanity check, bad checksums, bad ttl, etc.). Even then I can't seem to find an IOS that allows me to do so. My questions are: 1) Has anyone seen or used SPD and if so, under what circumstances? 2) What IOS version? 3) Is there a successor to SPD? 4) How come we don't hear about it more often? Thanks everyone, AQ ** Adam Quiggle Senior Network Engineer MCI Worldcom/NOC/BP Amoco [EMAIL PROTECTED] ** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: SPD (Selective Packet Discard)
At 04:11 PM 1/14/01, J Roysdon wrote: >I've never heard of SPD, but as usual a quick search at CCO gave results: >http://www.cisco.com/univercd/cc/td/doc/product/software/ios112/ios112p/xprn >112/141503.htm > >New Features in Release 11.2(5)P: >Selective Packet Discard (SPD) >http://www.cisco.com/univercd/cc/td/doc/product/software/ios112/ios112p/xprn >112/141503.htm#xtocid2187540 > >I have a feeling that this may have been phased out though with other router >switching/queuing technologies taking it's place (FIFO, WFQ, CBWFQ, WRED, >etc.). > >-- >Jason Roysdon, CCNP/CCDP, MCSE, CNA, Network+, A+ >List email: [EMAIL PROTECTED] >Homepage: http://jason.artoo.net/ >Cisco resources: http://r2cisco.artoo.net/ Except that I've seen it get disabled in IOSes as late as IOS 12.0(5)T running WFQ. Router>show ver Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JOS56I-L), Version 12.0(5)T, RELEASE SOFTWARE (fc1) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Fri 23-Jul-99 10:41 by kpma Image text-base: 0x0306BE34, data-base: 0x1000 ROM: System Bootstrap, Version 11.0(10c), SOFTWARE BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWARE (fc1) Router uptime is 3 hours, 34 minutes System returned to ROM by power-on System image file is "flash:/c2500-jos56i-l.120-5.T.bin" cisco 2500 (68030) processor (revision N) with 14336K/2048K bytes of memory. Processor board ID 06107486, with hardware revision Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 1 Ethernet/IEEE 802.3 interface(s) 2 Serial network interface(s) Router>ena Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#vpdn enable % SPD temporarily disabled. Not compatible with VPDN Router(config)# Router#show queueing Current fair queue configuration: Interface Discard Dynamic Reserved threshold queue count queue count Serial0 64 256 0 Serial1 64 256 0 Current priority queue configuration: Current custom queue configuration: Current random-detect configuration: AQ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Best place to buy book
www.fatbrain.com www.elgrande.com Adam Hickey [EMAIL PROTECTED] - Original Message - From: <[EMAIL PROTECTED]> Newsgroups: groupstudy.cisco To: <[EMAIL PROTECTED]> Sent: Tuesday, January 16, 2001 8:35 AM Subject: Best place to buy book > Does anyone know of any places on the web that sell cisco press books > cheaper than cisco sell them? Thanks > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Visio Stencils
Login to CCO and go to software download Adam Hickey [EMAIL PROTECTED] - Original Message - From: "Steven Crawford" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, January 16, 2001 9:25 AM Subject: Visio Stencils > Are there any visio stencils for Cisco products?? > > eg. 4006, 6500, etc. > > I am looking for product images > _ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
access list logging
Hi all, I want to build an access list on a cisco router that will log all the denied traffic to a file/server. Can this be done on the implicit deny statement or I have to define the deny traffic. Thanks Adam __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Visio Stencils
http://www.cisco.com/partner/visio/index.html Adam Hickey [EMAIL PROTECTED] - Original Message - From: "Sar Feng" <[EMAIL PROTECTED]> Newsgroups: groupstudy.cisco To: <[EMAIL PROTECTED]> Sent: Wednesday, January 17, 2001 7:33 AM Subject: Re: Visio Stencils > Can you please give more detail? I logined in CCO, software, but can not > find it. > please help, > ""Adam Hickey"" <[EMAIL PROTECTED]> wrote in message > 00f001c07fe5$1e5fb140$[EMAIL PROTECTED]">news:00f001c07fe5$1e5fb140$[EMAIL PROTECTED]... > > Login to CCO and go to software download > > > > Adam Hickey > > [EMAIL PROTECTED] > > > > - Original Message - > > From: "Steven Crawford" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Tuesday, January 16, 2001 9:25 AM > > Subject: Visio Stencils > > > > > > > Are there any visio stencils for Cisco products?? > > > > > > eg. 4006, 6500, etc. > > > > > > I am looking for product images > > > > _ > > > Get Your Private, Free E-mail from MSN Hotmail at > http://www.hotmail.com. > > > > > > _ > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Sorta OT: More than T1, less than T3...
Craig, Here are some sample products that I've seen. http://www.larscom.com/worldacc/ww_or2k.htm http://www.larscom.com/worldacc/ww_orion.htm http://www.dl.com/products/nxt1nxe1/dl3800.html Some of the key features you might look for: * - in-band management of the remote end (doesn't require an ethernet connection at the far end) * - Automatically turn down circuits when they go down I think some of them will even allow you to test the circuit yourself. HTH, AQ At 09:06 PM 1/17/01, Chuck Larrieu wrote: >Check with you local carriers to see if they can provide you with ATM IMA >service. > >This is pretty neat. Cisco and other vendors have products which allow you >to take in ATM lines in increments of 1.54 mbs ( T1 ). These are ATM >circuits. For a Cisco 26xx router or above, you can purchase ATM IMA cards >with 4 or 8 port capacity, meaning up to 12 mbs total bandwidth. As you add >T1's the IMA multiplexes those into one fat pipe. > >The nice thing is this can grow with you. > >As with everything else in the data comm world, YMMV > >Chuck > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of >Craig Columbus >Sent: Wednesday, January 17, 2001 4:19 PM >To: [EMAIL PROTECTED] >Subject:Sorta OT: More than T1, less than T3... > >Ok..given a situation where you need more than T1 Internet connectivity >(say 10Mb), but can't spring for a T3, how do you resolve the issue? Do >you buy multiple T1's and multiplex them? If so, I assume that this >requires cooperation with the ISP to de-mux on their site. What Cisco >equipment has proven reliable for this? Is there a third-party solution >that will take Cisco HSSI output into a bunch of multi-plexed T1s? Is >there a solution that I'm overlooking? > >Thanks, >Craig > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ** Adam Quiggle Senior Network Engineer MCI Worldcom/NOC/BP Amoco [EMAIL PROTECTED] ** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
cat 3524 init setup problem
Hi, I have a cat 3524 for an initial setup. I gave the vlan1 (the management vlan) an ip address, but when I look at the interface vlan1, the interface is up, protocol is down. I can not go on to access its web config page because I can't get this interface up. Any idea what else I need to do? Thanks. Adam __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Seally Question!!!!
A little further clarification. NetBEUI is a networking protocol which uses NetBIOS at its core. Thus its name is an acronym for NetBIOS Extended User Interface. Adam Hickey - Original Message - From: "John Nemeth" <[EMAIL PROTECTED]> To: "Joseph Kiang" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, January 19, 2001 4:09 AM Subject: Re: Seally Question > On Mar 15, 10:37am, "Joseph Kiang" wrote: > } > } What's the difference between NetBIOS and NetBEUI??? > > NetBIOS is a networking API, similar to Berkeley sockets and > winsocks. It is approximately layer 4. NetBEUI is a networking > protocol. It is a very simple one where hosts are identified by 14 > character names, and there is no network field (i.e. it isn't routable; > things like DLSw and DLSw+ not withstanding). It is approximately > layer 2. > > }-- End of excerpt from "Joseph Kiang" > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Seally Question!!!!
point taken... =) Adam - Original Message - From: "John Nemeth" <[EMAIL PROTECTED]> To: "Adam Hickey" <[EMAIL PROTECTED]>; "Joseph Kiang" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, January 19, 2001 5:45 AM Subject: Re: Seally Question > On Jun 11, 12:14am, Adam Hickey wrote: > } > } A little further clarification. > } > } NetBEUI is a networking protocol which uses NetBIOS at its core. Thus its > } name is an acronym for NetBIOS Extended User Interface. > > Usually I think of "core" as being the innermost or lowest layer > of something. NetBEUI doesn't provide a user interface, it is the > lowest layer, sitting just above the hardware. The name is a bit of a > misnomer. > > }-- End of excerpt from Adam Hickey > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Dialer pool question!!
Jeongwoo, The purpose of dialer profiles is to allow a physical interface to have multiple configurations, within certain parameters (you knew there had to be a caveat :-) 1. Only one dialer interface can be applied to a physical interface at any time. 2. Dialer interfaces can not contain any configuration information that pertains to the physical configuration, such as the ISDN switch type, spids, framing, etc. This must be done on the physical interface. 3. The encapsulation used on the dialer interface and the physical interface can not be different (this is not completely true but if you are trying to understand the differences between physical interfaces and dialer interfaces you should think it is true, until you fully grasp their differences). HTH, AQ At 08:14 PM 10/11/00, jeongwoo park wrote: >HI all. >I have a conceptual question about dialer pool. >As far as I know, a physical interface can belong to >numerous dialer pools. >Then here is a configuration. >interface dialer1 >. >. >. >dialer pool1 >! >interface dialer2 >. >. >. >dialer pool2 > >Like I said, one physical interface belongs to dialer >pool1 and dialer pool2 in this brief configuration. > >Question: >Is it possible for one physical interface to have two >different interface configurations? > >Could somebody clarify this concept? > >Thanks in adv. > >jeongwoo > >__ >Do You Yahoo!? >Get Yahoo! Mail - Free email you can access from anywhere! >http://mail.yahoo.com/ > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ** Adam Quiggle Senior Network Engineer MCI Worldcom/BP Amoco [EMAIL PROTECTED] ** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
AS5800 PRI's
Wierd little issue I ran into while turning up a set of PRI's. While doing "sh isdn stat", numerous d-channels were showing up having both TEI_ASSIGNED and MULTIPLE_FRAMES_ESTABLISHED attributes. I mean that there were, literally, two lines saying two different states for a single d-channel. Has anyone ran into this before? Has anyone figured out a cause? Solution? I can't find anything on TAC. Thanks Adam Hickey CCNA MCP Network Engineer Cable & Wireless [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router in (boot) mode
Actually, I had this exact same thing happen about a month-and-a-half ago. I tried exactly what it says below and received an invalid checksum on the new images I downloaded as well. What finally resolved the issue (although I have no idea how) was that I opened up the router and reseated the flash. Although it appeared to be seated to begin with it helped as the next file I uploaded (which was the same one I tried before) worked great! Cheers Adam Hickey CCNA MCP [EMAIL PROTECTED] > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Paul Werner > Sent: Friday, October 13, 2000 12:56 PM > To: [EMAIL PROTECTED] > Subject: Re: Router in (boot) mode > > > > I have done a show flash and noticed after the file is listed > it shows [invalid checksum] > > > > This is a wierd one. The file is not too big for the flash, > and this was working a few weeks ago. This is why I am coming > to the assumption that the flash file may be corrupted. I have > promted a reload and this same condition results. I am going > to power cycle which I feel is not going to fix anything. I am > wondering if a netboot from another source would fix this > issue, but I'm still not sure of the exact problem? Anyone have > any advice or knowledge they would like to impart on me?< > > This is more detail than previously mentioned, which leads to a > different course of action. First, you have a corrupted image > on your flash, which needs to be replaced(the image, that is). > Generally, this can be accomplished by the following steps: > > 1. Place a TFTP server with the valid image and necessary > permissions and proper IP address directly connected to an > Ethernet interface on this router. > > 2. Ensure that you have a properly bound IP address on the > same Ethernet interface from the same subnetwork. > > 3. Ping the TFTP server from the router. If it doesn't work, > check to make sure you did a "no shut" at interface > configuraion mode for the router. Once the ping works, go to > the next step. > > 4. At priviledged mode on the router, execute the following > command: > > copy tftp flash > > It will then prompt you for the following: > > Address or name of remote host []? Enter the TFTP server IP > address > > Source filename []? This will be the valid IOS image name on > your TFTP server, such as, "c2500-js-l_120-3.bin" > > Destination filename [c2500-js-l_120-3.bin]? Just press > > At this point, a copy operation should commence. > > The real issue is why your image got corrupted in the first > place. That is one area you have not resolved. Assuming that > somebody did not recently replace the software image, it may > have been an isolated incident. OTOH, you will need to monitor > this router to see if there is a repeat occurrence. If there > is, you may have corrupted flash. Flash does have a finite > life on write operations. It is electrically erasable > programmable read only memory and is subject to a relatively > short life. Flash can also be damaged by dropping/mishandling > as well. If it happens again, you may need to replace the > flash SIMMs or PC card flash. > > HTH, > > Paul Werner > > > > > Get your own "800" number - Free > Free voicemail, fax, email, and a lot more > http://www.ureach.com/reg/tag > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
