Network Lag on Cisco? [7:70648]
Our network is running a 3640 as a core router and several other smaller routers plus an HP Procurve for the Servers and LAN. We run BGP across two upstream networks. Now, for a long time we have had a slight lag on our network. For example, whenever I am logged into our Linux servers, I will be typing something and I will lose the cursor, then suddenly a bunch of letters will appear at the cursor. There are other examples. We have hunted up and down and not found a problem/solution. Now comes the interesting part. A friend of mine who has been running Linux for years used a Linux machine as a router for the last 3.5 years. At my urging he decided to try a Cisco because his server was getting old and needed an overhaul. Yesterday he did and now has the same problem. His config is very simple - he has a 2640 router running IOS 12.1 - one T-1 and one Ethernet port to which he has connected his Dialup equipment (he is a Dialup ISP). What gives? He is now bad mouthing Cisco even more than he did before! Any ideas appreciated. Thanx, Anil Gupte Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70648&t=70648 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Simple config issues [7:70482]
> Do you have a route to x.x.x.x? Is that not what I am doing with the statement ip route 0.0.0.0 0.0.0.0 x.x.x.x Or do I need to do something more? Incidentally, the router is not connected to anything - I want to have it fully pre-configured because we cannot afford to be down for more than a few minutes. Will it only establish the routes after it connects? To clarify (I cannot disclose the actual IPs of course), here is what I did: conf t router rip network 63.x.x.0 exit ip route 0.0.0.0 0.0.0.0 63.x.x.193 int s0/0 ip address 63.x.x.194 255.255.255.248 So what did I miss? Thanx, Anil Gupte - Original Message - From: "Brian Dennis" To: Sent: Tuesday, June 10, 2003 6:22 PM Subject: RE: Simple config issues [7:70482] > Do you have a route to x.x.x.x? If your router does not have a route to > x.x.x.x it will not install the static route in the routing table since the > next hop is unreachable. As far as RIP goes you are seeing the correct > behavior. Remember that RIP is classful. > > Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security) > > Anil Gupte wrote: > > > > I am trying to configure a 2600 router. I have two problems: > > > > 1. I issued the default route command > > ip route 0.0.0.0 0.0.0.0 x.x.x.x > > > > I can see this under ip classless in "sh run" > > > > However, when I do a "sh ip route", it does not appear there > > and in fact > > says: > > > > Gateway of last resort is not set > > > > 2. I configured it for RIP using > > router rip > > network 63.x.x.0 > > > > and it shows as > > 63.0.0.0 > > > > in "sh run". Is this correct behavior? Until now I had only > > dealt with > > networks in the Class C range. This is a Class C assigned to > > us but by the > > first octet you can see that it is from a Class A range. > > > > Any help or pointers will be muchly appreciated. > > > > Thanx, > > Anil Gupte Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70520&t=70482 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Simple config issues [7:70482]
I am trying to configure a 2600 router. I have two problems: 1. I issued the default route command ip route 0.0.0.0 0.0.0.0 x.x.x.x I can see this under ip classless in "sh run" However, when I do a "sh ip route", it does not appear there and in fact says: Gateway of last resort is not set 2. I configured it for RIP using router rip network 63.x.x.0 and it shows as 63.0.0.0 in "sh run". Is this correct behavior? Until now I had only dealt with networks in the Class C range. This is a Class C assigned to us but by the first octet you can see that it is from a Class A range. Any help or pointers will be muchly appreciated. Thanx, Anil Gupte Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70482&t=70482 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP route to Null0? [7:66755]
You are right, it is using BGP. What does summarization do? Do I need an identical statement for my new Class C? Thanx, Anil Gupte - Original Message - From: "Karsten" To: "Anil Gupte" ; Sent: Thursday, April 03, 2003 10:46 AM Subject: Re: IP route to Null0? [7:66755] Either a sloppy way to drop traffic for a /24, or bgp summarization using null routing. -Karsten On Thursday 03 April 2003 07:40 am, Anil Gupte wrote: > I am trying to understand some IP route commands on our router. Several of > them go to Null0 - what does that mean? > > For example, I have > ip route xxx.xxx.xxx.0 255.255.255.0 Null0 200 > > What is this doing? > > I need to add another block of class Cs from the same provider. Do I need > a similar statement to the above? > > Thanx for your help. > Anil Gupte > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66797&t=66755 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP route to Null0? [7:66755]
I am trying to understand some IP route commands on our router. Several of them go to Null0 - what does that mean? For example, I have ip route xxx.xxx.xxx.0 255.255.255.0 Null0 200 What is this doing? I need to add another block of class Cs from the same provider. Do I need a similar statement to the above? Thanx for your help. Anil Gupte Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66755&t=66755 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
3640 ATM Support (NM-4T1-IMA) [7:48858]
I am reposting this because I got no replies. I hope someone can advise me, I am really stuck. - We are running Cisco IOS 12.07 T-code as show below on our Cisco 3640 router. Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3640-I-M), Version 12.0(7)T2, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Sat 09-Feb-02 14:32 by ccai Image text-base: 0x600088F0, data-base: 0x60858000 ROM: System Bootstrap, Version 11.1(19)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc 1) I just put in a ATM card, namely NM-4T1-IMA (two other slots are already occupied by NM1E2W cards) and it is not recognized. At bootup, the lights flash briefly and the EN light comes on for about 2 seconds, then goes out. Is something the matter with the card, or do I need to get a software upgrade? I understand that the card should work with any IOS greater than 12.05, and we have 12.07, but perhaps it needs some other feature set that has been removed? Thanx for any input. Anil Gupte Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48858&t=48858 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
3640 ATM Support (NM-4T1-IMA) [7:48803]
We are running Cisco IOS 12.07 T-code as show below on our Cisco 3640 router. Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3640-I-M), Version 12.0(7)T2, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Sat 09-Feb-02 14:32 by ccai Image text-base: 0x600088F0, data-base: 0x60858000 ROM: System Bootstrap, Version 11.1(19)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc 1) I just put in a ATM card, namely NM-4T1-IMA (two other slots are already occupied by NM1E2W cards) and it is not recognized. At bootup, the lights flash briefly and the EN light comes on for about 2 seconds, then goes out. Is something the matter with the card, or do I need to get a software upgrade? I understand that the card should work with any IOS greater than 12.05, and we have 12.07, but perhaps it needs some other feature set that has been removed? Thanx for any input. Anil Gupte Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48803&t=48803 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ATM T-1 cards for a 3640 [7:47348]
Someone sent me the following: > Here are the prices that I found (approx. prices): > > 4 port T1 ATM interfaces NEW=$3000 Refurb (no returns etc.)=$2100 > 8 port T1 ATM interfaces NEW=$5250 Refurb (no returns etc.)=$4100 > Is there not a less expensive card with a single ATM interface for a 3640? Thanx, Anil Gupte Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47348&t=47348 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Removing stuff from our router [7:44839]
No, this is a real implementation on our network. Since I am not even a CCNA yet (maybe in a couple of weeks), I wanted to make sure I would not break something. I just substituted names and AS numbers. I am hopefully going to take advanced routing and learn more about the BGP soon after my test. Thanx, Anil Gupte - Original Message - From: "Scott H." To: Sent: Thursday, May 23, 2002 12:09 PM Subject: Re: Removing stuff from our router [7:44839] > Removing the route map and as-path filters will work the way you have it (if > you do "no route-map MyISP-In" it will remove the entire route-map), but you > should also remove the neighbor statements in your config. that reference > these things. By looking at the configs., I'm assuming this is in a lab > environment and not a real implementation. > > permit ^$ is simply permitting an empty as path. In other words, only > routes originating in the local AS will be permitted. It's a common way to > ensure that your AS does not become transit for somebody else's traffic. > > permit ^[0-9]* is a little more complicated. This statement is saying to > permit zero or more instances of a number between 0 and 9. Do a search on > CCO for AS path filters and you should find some good info. to help you on > your way. > > HTH, > Scott > CCIE #9340 > > ""Anil Gupte"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > To remove this: > > > > route-map MyISP-In permit 10 > > match as-path 6 > > set local-preference 200 > > > > Do I just do this?: > > no route-map MyISP-In permit 10 > > > > Also, to remove: > > ip as-path access-list 1 permit ^[0-9]* > > ip as-path access-list 2 permit ^$ > > ip as-path access-list 3 permit ^1234$ > > ip as-path access-list 3 permit ^1234_[0-9]*_[0-9]*$ > > > > Do I just?: > > no ip as-path access-list 1 permit ^[0-9]* > > no ip as-path access-list 2 > > no ip as-path access-list 3 > > > > > > Also what is that "permit ^$" and "permit ^[0-9]*" for? What does it do? > > > > Thanx for the help. > > > > Anil Gupte Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44862&t=44839 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Removing stuff from our router [7:44839]
To remove this: route-map MyISP-In permit 10 match as-path 6 set local-preference 200 Do I just do this?: no route-map MyISP-In permit 10 Also, to remove: ip as-path access-list 1 permit ^[0-9]* ip as-path access-list 2 permit ^$ ip as-path access-list 3 permit ^1234$ ip as-path access-list 3 permit ^1234_[0-9]*_[0-9]*$ Do I just?: no ip as-path access-list 1 permit ^[0-9]* no ip as-path access-list 2 no ip as-path access-list 3 Also what is that "permit ^$" and "permit ^[0-9]*" for? What does it do? Thanx for the help. Anil Gupte Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44839&t=44839 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Dumb Access-List question [7:44588]
What is the difference between using either of the two syntax: access-list 5 permit etc and ip access-list extended AllNets permit ip 216.136.1.0 0.0.0.255 any Is this simply the difference between simple and extended access-lists? Thanx, Anil Gupte Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44588&t=44588 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP Question [7:42847]
If I look for BGP info on an IP using one of the Looking Glass sites (specifically Mae-East) does the number of entries returned mean anything? I have noticed that sometimes there are five or six entries and sometimes only one or two. The number of upstream connections is two. If only one entry exists, then is BGP broken? For example: BGP routing table entry for 216.91.141.0/24, version 7089796 Paths: (1 available, best #1) Advertised to peer-groups: rr-pop Advertised to non peer-group peers: 198.32.187.122 6347 20068 64.241.88.17 (metric 175301) from 165.117.1.110 (165.117.1.110) Origin IGP, metric 4294967294, localpref 100, valid, internal, best Community: 2548:196 2548:229 2548:666 3706:168 6347:1002 6347:3000 To me that implies that there are no alternate routes, and so no BGP on this route. Also, if there are more than two routes does that mean the routes are better connected? What is the best resource for learning more about BGP? Thanx, Anil Gupte Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42847&t=42847 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Spanning Tree Question [7:42806]
For spanning tree to work, do all the switches on a network (let us say a LAN) have to support or enable Spanning Tree? That is the general question. Specifically, I have an HP Procurve connected to a router, and then a Netgear Switch that hooks into one of the ports on the HP. On the Netgear are 3 or 4 more Netgear switches (all of there are simple unmanaged switches)and we are pretty sure there are some redundant loops in there - especially with two servers that dual NICs that are bound together using an Intel "teaming" driver. Do I need to turn Spanning Tree on? It is recommended? Is it even going to work? Thanx for any input. Anil Gupte Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42806&t=42806 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Gateway/Network Address confusion [7:36400]
You said: "It is possible to have multiple logical subnets on one physical
network, although not recommended. " Why not? The purpose here is to keep
customers from stealing Ips that are not theirs and causing IP conflicts
(Windows Servers die when that happens). Also, it prevents at least for low
level crackers, the ability to crack into a domain/machine if they are on
different logical subnets. They are on the same wire in that they all come
off the same switch which in turn is connected to the Ethernet on the
router.
In your exmaple of the two router configuration, ("Then on R2-E0, assign
address 63.142.137.33/27. ..."), how would packets know how to get to
63.142.137.2/30 from the .33 gateway). Sorry for the dumb wuestions, but
that is how I learn.
Thanx for your detailed explanations.
Anil Gupte
- Original Message -
From: "Chris Charlebois"
To:
Sent: Monday, February 25, 2002 1:25 PM
Subject: RE: Gateway/Network Address confusion [7:36400]
> OK, some terminology. We've got physical networks. They are bound by
> routers. Anytime a packet goes through a router, it is moving from one
> physical network to another. Then you have a logical subnet. This is what
> actually gets addressed. It is possible to have multiple logical subnets
on
> one physical network, although not recommended. Each device can only
> directly communicate with other members of the same logical subnet. A
> router would have to "translate" between the two logical subnets.
>
> Now, in the scenario you described, you have two logical subnets on one
> physical network (that's what the secondary address does). Also, the two
> logical subnets consume all your address space.
>
> You mentioned partitioning off subnets for customers. Does this mean each
> customer gets a seperate physical network? And do you need to provision
> networks for WAN links?
>
> Here would be one way to do it. Take the .137.X network off the main
router
> (Call it R1). Get a second router (R2) for this customer. Setup a
> point-to-point connection between the two. Now, R1-E0 has an address of
> 63.142.136.1/24. Assign R1-S0 to 63.142.137.1/30 and R2-S0 to
> 63.142.137.2/30. This is the WAN connection. Then on R2-E0, assign
address
> 63.142.137.33/27. The default gateway for the hosts on this network would
> be 63.142.137.33 and the broadcast would be 63.142.137.63. And on a
correct
> built network, the hosts (servers) never need to have route add commands.
>
> Now if you are doing this all on one router, you just need to add a
> secondary address of 63.142.137.33/27 (this would require you take off the
> 63.142.137.1/24 address first). This creates a logical subnet on your
> existing physical network.
>
> I hope this made some sense to you. If you have questions, I'll be
lurking
> around here somewhere.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36471&t=36400
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Gateway/Network Address confusion [7:36400]
Trying to apply what I am learning in the CCNA class, I am running into some confusion regarding some basic concepts. I am trying to apply what I learned to our network which has a few colocated customers to whom I want to assign ips with subnets. We have a /23 assigned to us, let us call it 63.142.136.0/23. We have broken it up into (assigned on our router's etherne port): Internet address is 63.142.136.1/24 Secondary address 63.142.137.1/24 Also, "show ip route static" shows (among other things): S 63.142.136.0/23 is directly connected, Null0 S* 0.0.0.0/0 [1/0] via 66.100.223.193 Now here is where my confusion begins. I want to assign a subnet to a customer, let us say 63.142.136.32/27 which will be 32 - 63 with 32 being the network address and 63 being the broadcast. I will then add ip route 63.142.136.32 255.255.255.224 On his Windows server, do I assign 63.142.136.33 as the default gateway? and now do I need to add a route to route his subnet to 63.142.136.1? Am I confused about the Gateway vs. network address? If I could understand this, I think I would understand everything about routing. :-) Well maybe not, but I sure would feel better about it... Thanx, Anil Gupte Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36400&t=36400 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access Lists are a bit mystifying [7:36164]
Yes, that does make sense. Thanx for the detailed reply. I did finally use the following: conf t int ethernet0/0 no ip access-list extended secure2 ip access-list extended secure2 deny tcp any any eq deny tcp any any eq 139 permit ip any any int ethernet0/0 ip access-group secure2 out ip access-group secure2 in exit wr Thanx again, Anil Gupte - Original Message - From: "Tom Petzold" To: "Anil Gupte" ; Sent: Friday, February 22, 2002 11:35 AM Subject: RE: Access Lists are a bit mystifying [7:36164] > Remember the model OSI model. IP can have multiple higher level protocols > running over it. So IP uses protocol numbers to identify the higher level > protocol that it should send the data to. If you do a deny ? on a router > you will see all the different protocols (eigrp, gre, icmp, ospf, pim, tcp, > udp). Once the IP layer passes the packet up to the transport layer the > layer 4 protocol has to know which application to send the data to. So the > TCP protocol will send traffic on port 80 to the web server and traffic to > port 25 to the smtp server. > > Layer 7 - Application > Layer 6 - Presentation > Layer 5 - Session > Layer 4 - Transport Layer 3 - NetworkLayer 2 - Datalink Layer 1 - Physical > > The first line will not work. IP is the layer 3 protocol, tcp, udp, icmp, > etc are layer 4 protocols. So while tcp and udp have port numbers, ip > doesn't. If I want to deny http traffic I must deny tcp port 80 because > http uses TCP port 80. The same holds true for UDP. If I wanted to deny > snmp traffic I would deny UDP port 161. > > If you set the last line to "permit tcp any any" it would allow any tcp > based traffic but because there is a specific deny all at the end of all > access-lists, you would deny udp, icmp, eigrp, ospf, etc. The permit ip any > any says allow all layer 4 ip protocols. > > Does this make sense? > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Anil Gupte > Sent: Thursday, February 21, 2002 11:24 PM > To: [EMAIL PROTECTED] > Subject: Re: Access Lists are a bit mystifying [7:36164] > > > Actually my question was not clear, I think. My confusion is with the IP > vs. TCP. In other words should it not be somthing like: > > deny ip any any eq 139 > permit ip any any > > Why deny TCP and permit IP as opposed to deny IP and permit IP? > > Also, the purpose of these is that I am trying to block some suspicious > activity on those ports (I think someone may be running an illegal IRC > server on that port). > > Thanx for the reply (and the kid gloves). :-) > Anil Gupte > > - Original Message - > From: "Scott Nawalaniec" > To: "'Anil Gupte'" ; > Sent: Thursday, February 21, 2002 10:17 PM > Subject: RE: Access Lists are a bit mystifying [7:36164] > > > > Hi Anil, > > > > Sometimes its scaring posting to this group. =) > > > > To answer your question, > > if you don't the permit IP any any command, there is an implicit deny rule > > at the end of an access-list, which will drop all traffic that you have > not > > allowed through the access-list. > > > > The other two deny statements are dropping netbios port 139 and something > > that uses port . > > > > Hope this helps. > > > > Scott > > > > -Original Message- > > From: Anil Gupte [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, February 21, 2002 7:59 PM > > To: [EMAIL PROTECTED] > > Subject: Access Lists are a bit mystifying [7:36164] > > > > > > Hi All! > > > > I watch this list occassionally (when I have time). This is my first post > > to this list, so be kind. :p) > > > > In the access list below: > > ** > > conf t > > int ethernet0/0 > > no ip access-list extended secure2 > > ip access-list extended secure2 > > deny tcp any any eq > > deny tcp any any eq 139 > > permit ip any any > > > > int ethernet0/0 > > ip access-group secure2 out > > ip access-group secure2 in > > > > exit > > wr > > ** > > Why is it that you need to deny TCP and permit IP? Or did I not do this > > right? > > > > Thanx, > > Anil Gupte Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36397&t=36164 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access Lists are a bit mystifying [7:36164]
Actually my question was not clear, I think. My confusion is with the IP vs. TCP. In other words should it not be somthing like: deny ip any any eq 139 permit ip any any Why deny TCP and permit IP as opposed to deny IP and permit IP? Also, the purpose of these is that I am trying to block some suspicious activity on those ports (I think someone may be running an illegal IRC server on that port). Thanx for the reply (and the kid gloves). :-) Anil Gupte - Original Message - From: "Scott Nawalaniec" To: "'Anil Gupte'" ; Sent: Thursday, February 21, 2002 10:17 PM Subject: RE: Access Lists are a bit mystifying [7:36164] > Hi Anil, > > Sometimes its scaring posting to this group. =) > > To answer your question, > if you don't the permit IP any any command, there is an implicit deny rule > at the end of an access-list, which will drop all traffic that you have not > allowed through the access-list. > > The other two deny statements are dropping netbios port 139 and something > that uses port . > > Hope this helps. > > Scott > > -Original Message- > From: Anil Gupte [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 21, 2002 7:59 PM > To: [EMAIL PROTECTED] > Subject: Access Lists are a bit mystifying [7:36164] > > > Hi All! > > I watch this list occassionally (when I have time). This is my first post > to this list, so be kind. :p) > > In the access list below: > ** > conf t > int ethernet0/0 > no ip access-list extended secure2 > ip access-list extended secure2 > deny tcp any any eq > deny tcp any any eq 139 > permit ip any any > > int ethernet0/0 > ip access-group secure2 out > ip access-group secure2 in > > exit > wr > ** > Why is it that you need to deny TCP and permit IP? Or did I not do this > right? > > Thanx, > Anil Gupte Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36168&t=36164 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Access Lists are a bit mystifying [7:36164]
Hi All! I watch this list occassionally (when I have time). This is my first post to this list, so be kind. :p) In the access list below: ** conf t int ethernet0/0 no ip access-list extended secure2 ip access-list extended secure2 deny tcp any any eq deny tcp any any eq 139 permit ip any any int ethernet0/0 ip access-group secure2 out ip access-group secure2 in exit wr ** Why is it that you need to deny TCP and permit IP? Or did I not do this right? Thanx, Anil Gupte Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36164&t=36164 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
