RE: getpass!.exe [7:25270]
Brute force for enable secret: Too Many Secrets v0.7beta is a commandline tool to crack the enable secret passwords on Cisco routers. You need the md5 password hash from the config to run this tool. It contents dictionary and brute force attacks and a nice feature to combine brute forcing with a partial known password string. Homepage: http://www.ernw.de. By Michael Thumann http://packetstormsecurity.org/cisco/tomas.zip I'll warn yah though...if they have any idea about secure passwords, it'll take some time. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of l0stbyte Sent: Thursday, January 02, 2003 4:05 PM To: [EMAIL PROTECTED] Subject: Re: getpass!.exe [7:25270] cswan wrote: > Hi guys.. > > Where can I get a copy of getpass!.exe . I need it to decrpyt the enable > secret password. > > Thanks good luck :) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60264&t=25270 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Grace period for slackers... [7:60046]
I am a CCNA that has talked about getting the NP for almost two years now. Well, my NA is about to expire and I have two months to crank out four tests. I was talking with another slacker friend that mentioned a 6 month grace period if I have completed two of the four tests. I am still planning to do the tests in the 2 months, however it "really" is a bad time for me where the six month extension would really help. Anyone aware of this? Thanks Tony Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60046&t=60046 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MRTG [7:56076]
Shilpa, I agree with Oliver...use RRD. Much more efficient. I'm not using cricket...but cacti rocks: http://www.raxnet.net/products/cacti/index.php And for a complete list of tools: http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/rrdworld/index.html Check out NTOP as well...good protocol stats :) -Original Message- From: [EMAIL PROTECTED] [mailto:nobody@;groupstudy.com] On Behalf Of shilpa Sent: Tuesday, October 22, 2002 7:23 AM To: [EMAIL PROTECTED] Subject: MRTG [7:56076] Hi everybody Has anyone got hands on experience in configuring mrtg on for cisco switches??... if yes then kindly give me some good references Regards Shilpa Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56329&t=56076 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: redundant power feed for 3548 XL [7:54988]
I've done it...it took both feeds fine (for a few minutes...didn't run it too long), however does not act "redundant" The switch will loose power going to DC. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Koen Zeilstra Sent: Monday, October 07, 2002 3:59 AM To: [EMAIL PROTECTED] Subject: redundant power feed for 3548 XL [7:54988] Hi All, The 3548XL has like the 2900 a DC input as well as a AC input. Has anyone of you guys tried to connect both? The manuals says not to do it. If this works you'll have a very cheap redundant power solution, of course Cisco doesn't like it and will say it's impossible ;-) Any experience connecting the AC to wall power and DC with a external power supply? grtz, Koen --- Cleanliness is next to impossible. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55075&t=54988 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Tech Tips [7:55015]
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Persio Pucci Sent: Monday, October 07, 2002 1:38 PM To: [EMAIL PROTECTED] Subject: Tech Tips [7:55015] Hey folks, where did the "Tech Tips" go that I cannot find it anywhere in the new Cisco site? Did anybody find it already? :( Regards, Persio Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55072&t=55015 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CMTS Simulator [7:54603]
Any know how to simulate a CMTS? I have a few uBR900's in a lab environment, and would love to use the cable interface. Since I don't know much about the cable infrastructure, I don't know if I can use the interfaces without a CMTS (i.e. back to back cable interfaces) Any suggestions? Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54603&t=54603 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Simple static route redistribution [7:54040]
Hi all, Just a quick question: I have the following setup: (a)(b)---OSPF network Router A (extreme L3 switch) is connected to router B, and router B is running ospf to other cisco boxes. I have setup a static route that points from A to B so machines can get to pc's in the ospf area. The static that ive configured is a /13 next-hop. Router a is not running ospf, and b only has ospf configured on the interfaces connected to the ospf network. Do I need to configure anything on router b to allow packets from router A's network into router B ?? Since ive got a static route pointing to b, i guess that B will do a lookup on the destination and route as persay. Is this correct or am I talking waffle. regards, A. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54040&t=54040 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP community Q [7:48250]
Would ^200_ work? On Thu, 04 Jul 2002 07:09:53 -0300, "Carlos G Mendioroz" said: > Omer, > _ should also match ^, so this is not it, or if it is, it's a bug :-) > > [See the same page you referred to, _1300_ does account for > ^1300(space).] > > Also, be careful with ^200.*, you would match "2001 100 5 " which is > not > what is asked for, and you would loose points, or permit transit, > depending on > the task at hand :-) > > Regards, > > > Omer Ansari wrote: > > > > Annu, > > > > you are using _200_ to match a route coming directly from 200. > > i see AS200 is adjacent. > > > > try ^200.* > > > > see bgp example at the end of the link: > > http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ftersv_c/ftsappx/tcfaapre.htm > > > > let us know if this helps? > > > > On Tue, 2 Jul 2002, Annu Roopa wrote: > > > > > Group, > > > > > > I have a community related question and the scenario > > > is as follows.What am i doing wrong ? Scenario is: > > > > > > > > > (AS100) > > > r11-r8-r10(AS 200) > > > iBGPeBGP > > > > > > There are some Networks (196.196.10.0/175.10.10.0 > > > etc)coming via R10 to R8.I want to add a community > > > string of 100:88 to all routes containing AS 200 and > > > send it to R11 from R8.But somehow its not adding it > > > rather adding 100:900 when i see it on R11. Whats > > > wrong with my logic ? > > > > > > Here are my configs and show commands. > > > > > > R8#sr > > > Building configuration... > > > Current configuration: > > > hostname r8 > > > ! > > > router bgp 100 > > > bgp router-id 8.1.1.1 > > > network 8.1.1.0 mask 255.255.255.0 > > > neighbor 11.1.1.1 remote-as 100 > > > neighbor 11.1.1.1 update-source Loopback0 > > > neighbor 11.1.1.1 next-hop-self > > > neighbor 11.1.1.1 send-community > > > neighbor 11.1.1.1 route-map address out > > > neighbor 180.10.10.1 remote-as 200 > > > neighbor 180.10.10.1 ebgp-multihop 255 > > > neighbor 180.10.10.1 update-source Loopback0 > > > ! > > > ip bgp-community new-format > > > ip as-path access-list 11 permit _200_ > > > ip as-path access-list 11 deny .* > > > ! > > > route-map address permit 10 > > > match as-path 11 > > > set community 100:88 > > > ! > > > route-map address permit 20 > > > set community 100:900 > > > > > > -- > > > r8#sh ip bgp regexp _200_ > > > BGP table version is 12, local router ID is 8.1.1.1 > > > Status codes: s suppressed, d damped, h history, * > > > valid, > best, i - internal > > > Origin codes: i - IGP, e - EGP, ? - incomplete > > > > > >Network Next Hop Metric LocPrf > > > Weight Path > > > *> 10.1.1.0/24 180.10.10.1 0 200 300 i > > > *>175.10.10.0/24 180.10.10.10 200 300 i > > > *> 180.10.10.0/24 180.10.10.1 0 0 200 i > > > *> 190.10.10.0/24 180.10.10.1 0 200 300 400 > > > i*> 192.168.1.0 180.10.10.1 0 200 300 i > > > *> 196.196.1.0 180.10.10.1 0 200 300 i > > > --- > > > R11#b 196.196.1.0 > > > BGP routing table entry for 196.196.1.0/24, version 40 > > > Paths: (1 available, best #1, table > > > Default-IP-Routing-Table) > > > Advertised to non peer-group peers: > > > 1.1.1.2 > > > 200 300 > > > 8.1.1.1 (metric 129) from 8.1.1.1 (8.1.1.1) > > > Origin IGP, localpref 100, valid, internal, best > > > Community:100:900 > > > > > > R11#b 175.10.10.0 > > > BGP routing table entry for 175.10.10.0/24, version 38 > > > Paths: (1 available, best #1, table > > > Default-IP-Routing-Table) > > > Advertised to non peer-group peers: > > > 1.1.1.2 > > > 200 300 > > > 8.1.1.1 (metric 129) from 8.1.1.1 (8.1.1.1) > > > Origin IGP, localpref 100, valid, internal, best > > > Community: 100:900 > > > --- > > > > > > Failed to troubleshoot it.Anyone with ideas. > > > > > > > > > > > > > > > > > > = > > > Thanks in a
pix question [7:45639]
Hi all, I appreciate any feedback to my question: I am setting up a lab environment and intially trying to configure a router and a pix behind it. my router's outside interface is connected to a cable modem and have a live ip address assigned to it. cable modempix> inside hosts. the router's inside interface has a private ip add. of 172.16.1.1 /24 and the pix' outside interface is 172.161.1.2 /24. the inside interface of the pix has an ip address of 10.1.1.1 /24 and all inside hosts have that as the default gateway. securities are set up correctly on the inside and outside interfaces. I am using a global pat address, different from the one on the router's interface connected to the cable modem (no statics going on in the pix). i am unable to reach the internet even when I use the statement: "conduit permit ip any any" and no packets are able to reach the 172.16.1.0 network from the inside hosts not even the 172.16.1.2 address which belongs to the pix's outside interface. I have a "route outside 0 0 172.16.1.2" statement as well. from the router I can ping inside hosts, with the correct route statement. hope this is enough information. please help! thanks Tony __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=45639&t=45639 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: route science [7:43131]
I saw this demoed @ InterOp last year...I had my doubts as well. I have never had to tweak BGP to the point of doing it all the time...and that was the sales pitch. Their box will do the work for you. It was a sweet box...doesn't sit inline with traffic so wouldn't be a single point of failure nor degrade speed. They will do a full thirty day eval, if you are truly interested. They can even do a test without providing you the hardware, all you have to do is stick a 1 by 1 pixel on a web page...their equipment remotely will monitor your routes and spit out a report comparing your config to their optimized routes. I have to admit I was intrigued...but for as little as I tweak BGP, 100K wasn't worth it for our size network. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of sam sneed Sent: Thursday, May 02, 2002 12:07 PM To: [EMAIL PROTECTED] Subject: route science [7:43131] I received a newsletter about a product that looks interesting. It costs $99,000 though. Has anyone heard any good this about this supposed breakthrough technology. http://www.networkcomputing.com/1305/1305sp1.html I am curious to see if htis is just a hyped up product or a viable solution. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43193&t=43131 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: WIC-1T and WIC-2T [7:42209]
I've been getting good prices from: http://www.networkhardware.com/ hope this helps. Tony Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42743&t=42209 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NAT question [7:42676]
Ricky, if you are overloading on an interface's ip address then your above statement would be correct. assuming that you have an access list permitting the range of the network. if you have a nat pool then a static statement would suffice. such as ip nat inside source static private ip - public ip of course you would make sure that your outside and inside interfaces have their respective nat statements. your access list needs to deny the static statements so they do not use the nat pool , if one is configured. if you are overloading on an interface then you need to permit the range of the network. hope this helps. Tony Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42740&t=42676 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT question [7:42676]
IP NAT INSIDE on the 10.0.0.x interface and IP NAT OUTSIDE on the 141.155.121.x interface. Anthony Pace ""Ricky Chan"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > > I can't connect to my internal web server from outside even though I put in > the "IP NAT.." command. Is there anything else I missed? Please let me know. > > Here is the command I put in the c2600 router: > > ip nat inside source static tcp 10.0.0.5 80 141.155.121.134 80 extendable > > Thanks > > Ricky Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42678&t=42676 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Why does IOS only allow ICMP granularity on "destination" [7:42675]
I thought I was actually asking a CISCO syntax question but the ICMP discussion turned out to be very educational as I thought I understood ICMP but in fact was really not clear on the relationship of the echo and echo-reply. It sounds like it is fairly primitve and straight forward. THank you everyone! Anthony Pace ""Gaz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > You didn't muddy them half as much as I did! > > I think mine ranks up with my most inaccurate post ever. Unfortunately, I > answered with the junk that I had in my mind, which for creating > access-lists and configuring firewall rule bases has always been close > enough to allow things to work (even if totally for the wrong reasons). > As soon as I read John's post I realised what an arse I'd made of it. > > I will take a severe hand smacking for that one. Lesson learnt - get the > facts right - don't guess. > But maybe my totally incorrect answer induced John to shoot me down with a > decent answer. I'll console myself with that. > I've now read the RFC. > > John Nemeth, you're a cruel man, and I totally deserved it ;-) > > > Joe Bloggs > (Definitely not Gaz anyway) > > > ""Jeremy"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I think it relates to the fact that ICMP uses TYPES rather than PORTS. > > Though it still uses source and destination IP address, ports are not > used, > > so the whole source port thing doesn't really make sense with ICMP. There > > really is no "source type", so they don't have granularity on the source > > address. Make Sense? Or did I muddy the waters further? > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, April 25, 2002 5:29 PM > > To: [EMAIL PROTECTED] > > Subject: Re: Why does IOS only allow ICMP granularity on "destination" > > [7:42618] > > > > > > On Sep 15, 12:40pm, "Gaz" wrote: > > } > > } I don't think you will see the source as echo reply. By that, I mean > that > > } the echo reply will only be evident in the destination. The source could > > be > > } any port. > > > > ICMP does not have "port"s; therefore, this statement is > > non-sensical. > > > > } Remember ICMP is the odd protocol, which has to be allowed both ways > > through > > } a firewall, because the reply is a totally separate session. > > > > ICMP is a connectionless protocol; therefore, there is nu such > > thing as a "session". > > > > } If you telnet from A to B. The destination port is 23. In the reply from > B > > } to A 'source' port is 23. > > > > Telnet uses TCP. There is no comparison. > > > > } If you use ping though for example, from A to B. The destination will be > > } echo. In the reply from B to A, the source will not be 'echo' it could > be > > } anything. The important part will be the destination port which is > > } 'echo-reply'. > > > > ICMP does not have "port"s. It has "type"s and "code". Echo is > > type 8 and Echo Reply is type 0. Neither one uses codes, so the code > > is 0. The only information as to the source of an ICMP message is the > > IP address. As I said to the other guy, go read RFC 792 (especially > > before answering any more questions about it). > > > > } Hope I haven't confused. Hope even more that I haven't errored. > > > > You have errored. Go read the RFC, it is a simple one and will > > get you into the habit of going to the source when conducting your > > research. > > > > }-- End of excerpt from "Gaz" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42675&t=42675 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ACL - Let's put some numbers on... [7:41738]
Theses seem to conflict. Is there some historical eveolution htat aloows them both to be true at different times on different platforms? 1) Just remember if you run CEF on this router or fast switching (as you should) it will process switch if you apply access-lists to interfaces. 2) Actually on ALL platforms, ACLs are fast or CEF-switched by default. Anthony Pace ""Marty Adkins"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Anthony Pace wrote: > > > > I thought on some platforms there was a way to cache the ACLs and or policy > > route-maps so they could be fast/CEF/mls switched. Like the logic got > > copiled and pushed into silicon (or something like that). Is there any > > vlaidity to that? > > > > Anthony Pace > > > Actually on ALL platforms, ACLs are fast or CEF-switched by default. > You can use netflow feature acceleration on models and IOS releases > that support that as well. ACLs have been fast-switched both inbound > and outbound since IOS 10.0 (quite a ways back :) > Policy routing has been fast/CEF-switched for several major releases. > > Yes, ACLs cause impact and yes, how deep it has to search for a match > does make the difference. So the only true answer is to benchmark a > case with typical traffic mix both with and without the ACL. > > The final solution is to use turbo ACLs or Cat6500 ACLs. The former > finds a match in three lookups for any length ACL. > > The one action that does cause IOS process CPU time is the generation of > an ICMP administratively prohibited unreachable message sent back to > the source. That's why those are rate-limited to one/sec per source. > And you can disable them entirely to prevent a DoS with "no ip unreachables". > > - Marty > > > ""Brunner Joseph"" wrote in message > > news:[EMAIL PROTECTED]... > > > Just remember if you run CEF on this router or fast switching (as you > > > should) it will process switch if you apply access-lists to interfaces. > > > > > > Any time you apply ip policy (policy routing) or access lists it really > > > hammers the cpu. Do you run MRTG ? If you do consider graphing the CPU of > > > your router. I used to run about 80 to 100 % without cef, (process > > > switching) now I run around 10 to 20 % with cef. Consider using "routes > to > > > null" or the bit bucket instead of access lists (unless your using the > > ACL's > [snip] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42670&t=41738 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP RTP Priority command [7:42555]
I was under the same impression that "IP RTP PRIORITY" was a "one-liner" which got you out from under having to do alot of fancy Queing if all you needed was the ability to prioritize voice or video. Can you change the bandwidth with the "bandwidth" configuration command to raise the RTP ceiling? The quieng question is a good one, because, allthough queing is supposed to be applied to a phisical interface, you can apply quing in a frame-relay class-map, and different maps can be applied to different interfaces. Anthony Pace ""Michael Williams"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I'm wanting to use the IP RTP Priority command but I'm running into a couple > of situations that aren't covered by any documentation I can find and wanted > to see if anyone else knew or had used this and could offer some suggestions: > > BTW, I'm doing this on a 4700M+ with IOS 12.1(9) with a OC-3 ATM module and > two FastEthernet modules. > > 1) When using the 'ip rtp priority' command you must configure a range of > UDP ports (no problem) but then you *must* specify a bandwidth restriction, > and the range is from 0-2000 Kbps... No where in the docs does it specify > that 2000 Kbps is the maximum you can use, but it seems I'm limited. > > 2) It appears you can only configure this command on a physical interface, > not a subinterface. Example. When trying to use this command on an ATM PVC > (subinterface) it lets you enter the command, but then I get the following > error: > > Router(config-subif)#ip rtp priority 2300 63 2000 > IP RTP: Not enough bandwidth: available 0 needed 2000 > > This ATM subinterface is configured with a 'bandwidth 4', so I can't > figure out why is says 'available 0'. It does the same on the FastEthernet > subinterfaces (for an ISL trunk). > > If this is the case, then this sux azz because in our WAN core we have an > OC-12, and from the looks of it, I can only give up to 2Mbps priority to RTP > traffic (to the actual OC-12 interface). Since we're looking at running > (the equivalent) of 10 T1 voice trunks through our core, we would want up to > 15Mbps reserved for RTP (not including overhead). The only solution I can > think of is to use the G.729a/b compression to reduce the voice traffic 8:1 > so that 10 voice trunks would only require 1.5Mbps, which isn't a bad > solution, but I can't believe Cisco would be so shortsighted as to only > allow you to reserve 2Mbps of bandwidth for RTP traffic no matter what the > bandwidth of the interface (i.e. OC-3 or OC-12). > > Otherwise, it looks like I'll have to go with PQ or something. Does using > LLQ (which is really just a single Priority queue on top of CBWFQ) have a > similar restriction? My goal in using IP RTP Priority was that I could > configure all interfaces in the voice path with a single command instead of > configuring Priority queues or Classes (with CBWFQ in LLQ) on every > router/interface. > > As a side question: When configuring subinterfaces, can you only apply a > queueing method to the physical interface or can you apply different > queueing methods to subinterfaces? Does the queueing method on the physical > interface "override" the queueing configured on the subinterfaces? > AHH!!! > > Any input or suggestions? > > TIA, > Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42611&t=42555 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Alternatives to Cisco VPN client [7:42604]
When I last used the CISCO VPN solution they were reselling the SAFENET client which did exactly as you describe. (and if your "stuff in the VPN" was not contiguous you had to create multiple profiles within the client). It stayed resident like a TSR and monitored all your traffic to see if any packets met the criteria for tunneling. The tricky part is an internal DNS needed to be used and all DNS needed to be tunneled because if you used a name and not an IP there was no resoltion on a public DNS server. If CISCO no longer uses SAFENET you can most likely just get the client from them. I have seen alot of VPN companies sell the SAFENET client as their own. Anthony Pace ""Craig Columbus"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Let me preface this by saying that all of my VPN experience has been either > peer-peer or client to peer with the Cisco VPN client 1.x or 3.x. Please > ignore my ignorance if I've missed something obvious. > > I've got a major complaint with the Cisco VPN client. It's not smart > enough to differentiate local traffic/Internet traffic from VPN > traffic. Therefore, you can't browse the Internet and your VPN network at > the same time. > I'm looking for alternative software clients that are smart enough to say > "Ok. Any traffic destined for 10.x.x.x (or whatever you define VPN traffic > to be) goes to the tunnel. If the traffic has any destination other than > 10.x.x.x, it's treated as if the tunnel weren't even present." This would > allow my client machine to easily browse the Internet and the VPN remote > network at the same time. > I've done some preliminary searches for third-party clients, but don't want > to waste time trying 50 clients that may not be any good. I've found some > for Mac OS X that'll do what I want, but I haven't found one for Win > 9x/ME/NT/2K/XP. > There's got to be a decent client that does this. > Sorry for rambling :-) It's been a long day. > > As usual, thanks in advance to everyone. > > Craig Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42607&t=42604 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Why does IOS only allow ICMP granularity on "destination" [7:42606]
ok. For instance to allow ping outbound, we would have one outbound ACL with : access-list 101 permit icmp any any echo and another inbound with: access-list 102 permit icmp any any echo-reply This would allow the responses to our outbound pings but stop anyone from the outside from initiateing a ping to a device behind ACL 102. Does that sound correct? Anthony Pace ""Gaz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I don't think you will see the source as echo reply. By that, I mean that > the echo reply will only be evident in the destination. The source could be > any port. > Remember ICMP is the odd protocol, which has to be allowed both ways through > a firewall, because the reply is a totally separate session. > > If you telnet from A to B. The destination port is 23. In the reply from B > to A 'source' port is 23. > If you use ping though for example, from A to B. The destination will be > echo. In the reply from B to A, the source will not be 'echo' it could be > anything. The important part will be the destination port which is > 'echo-reply'. > > > Hope I haven't confused. Hope even more that I haven't errored. > > > Gaz > > > ""Anthony Pace"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > for instance : > > > > access-list 101 permit icmp any host 207.122.1.5 echo > > access-list 101 permit icmp host 207.122.2.3 any echo-reply > > > > but not > > > > access-list 101 permit icmp any echo-reply any > > > > Anthony Pace Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42606&t=42606 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Why does IOS only allow ICMP granularity on "destination" in an [7:42590]
for instance : access-list 101 permit icmp any host 207.122.1.5 echo access-list 101 permit icmp host 207.122.2.3 any echo-reply but not access-list 101 permit icmp any echo-reply any Anthony Pace Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42590&t=42590 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Differences: Group-Async1 and Dialer and DialerRotary [7:42584]
Also Virtual-Template? Is there a good explanation of their different applications? Does the Group-Async alow you to defing a template for analog calls landing on a PRI? Anthony Pace Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42584&t=42584 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: canonical to non-canonical [7:42576]
084C2A6E195D3B7F can be written and another row above it with the HEX numbers in order 0-F. Anthony Pace ""Persio Pucci"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Is there any formula to transform a hexadec pair of number from canonical to > non-canonical format beides the chart presented on Caslow's book? (SR/TLB) > > Persio Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42579&t=42576 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF Virtual-links [7:42565]
I think the VL must be defined on both routers using each others RID not just any arbitraray interface) In your case maybe the time it worked just happened to be when you defined the link with the RID. Anthony Pace ""Jeremy"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > My question is regarding OSPF and virtual links. As you can see, I have > created an area 23 between R2 and R3 such that R3 will need a virtual link > defined in order to have a connection to Area 0. My question is, does R3 > have to peer with an interface in R2 that is a member of area 0? I have > noticed that if I put R2's loopback interface (which R3 is peering to) in > area 23, it fails, whereas, if I move the interface to area 0, the virtual > link comes up. Please take a look at the crude diagram below, or the > attached visio for clarification. Please let me know your thoughts on this. > Thanks again for all of your informed help (and I apologize if this appears > to be a less-than-CCIE-caliber question). > > Topology map (excuse the crude map, if you have visio, check out the > enclosed diagram: > R5---R1 > / \ > /\ >R4R2--R3 > > Router2: > router ospf 10 > area 23 virtual-link 130.10.23.3 > network 130.10.2.2 0.0.0.0 area 0 (Loopback Interface) > network 130.10.23.2 0.0.0.0 area 23 (Link to R3 Serial Interface (S1)) > network 130.10.245.2 0.0.0.0 area 0 (Link to R5 Frame-Relay Interface (S0) > [DR=R5]) > > Router3: > router ospf 10 > area 23 virtual-link 130.10.2.2 (Virtual link peering to Loopback on R2 (in > area 0, does it have to be?) > network 130.10.23.3 0.0.0.0 area 23 (link to R3 Serial Interface (S0)) > > Router4: > router ospf 10 > network 130.10.4.4 0.0.0.0 area 4 (Loopback Interface) > network 130.10.245.4 0.0.0.0 area 0 (Link to R5 Frame-Relay Interface (S0) > [DR=R5]) > > Router5: > router ospf 10 > network 130.10.5.5 0.0.0.0 area 5 > network 130.10.245.5 0.0.0.0 area 0 > neighbor 130.10.245.2 > neighbor 130.10.245.4 > > > BTW, anyone else taking the exam on April 30th? I am...heheh... > > [GroupStudy.com removed an attachment of type application/vnd] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42572&t=42565 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ACL - Let's put some numbers on... [7:41738]
I thought on some platforms there was a way to cache the ACLs and or policy route-maps so they could be fast/CEF/mls switched. Like the logic got copiled and pushed into silicon (or something like that). Is there any vlaidity to that? Anthony Pace ""Brunner Joseph"" wrote in message news:[EMAIL PROTECTED]... > Just remember if you run CEF on this router or fast switching (as you > should) it will process switch if you apply access-lists to interfaces. > > Any time you apply ip policy (policy routing) or access lists it really > hammers the cpu. Do you run MRTG ? If you do consider graphing the CPU of > your router. I used to run about 80 to 100 % without cef, (process > switching) now I run around 10 to 20 % with cef. Consider using "routes to > null" or the bit bucket instead of access lists (unless your using the ACL's > for your first line of security). If you are just nuking bogus websites, or > rfc 1918 space consider - > > ip route 10.0.0.0 255.255.255.0 null0 > ip route 172.16.0.0 255.240.0.0 null0 > ip route 169.254.0.0 255.255.0.0 null0 > ip route 192.168.0.0 255.255.0.0 null0 > > instead of > > ! > ip access-list 101 deny ip 10.0.0.0 0.255.255.255 any > ip access-list 101 deny ip 172.16.0.0 0.15.0.0 any > ip access-list 101 deny ip 169.254.0.0 0.0.255.255 any > ip access-list 101 deny ip 192.168.0.0 0.0.255.255 any > ! > int s0/0 > ip access-group 101 in > > The difference is night and day for a 3600 cpu. > > Joseph Brunner > ASN 21572 > MortgageIT MITLending > New York, NY 10038 > (212) 651 - 7695 Voice Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41857&t=41738 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPX EIGRP Metrics [7:41585]
IPX EIGRP and IP EIGRP are 2 different processes (it would seem) but the floating static route would be : ipx route default DDD.0004.dd82.0340 floating-static Anthony Pace ""Logan, Harold"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Steve, > > What IP routing protcol are you using? If you're using an IP routing > protocol that only routes based on bandwidth (ie OSPF) you should be able to > influence the IPX EIGRP routing decisions by changing the delay on the > interface. > > If you're using EIGRP as your IP routing protcol as well, that doesn't do > you much good. From there you have two possible solutions I can think of. > One would be to change the bandwidth or delay to get your IPX traffic to do > what you want, then use policy routing to force your IP traffic to do what > you want. That sounds like the simplest approach. > > Your other option would be to tune the metrics under IP EIGRP so that they > don't take delay into account, then change the delay on the interface > however you see fit. I don't know if changing the metric weights in IP EIGRP > would affect IPX EIGRP, so I'd shy away from that if at all possible. > > hth, > Hal > > -Original Message- > From: Stephen Barlow [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, April 16, 2002 8:10 AM > To: [EMAIL PROTECTED] > Subject: IPX EIGRP Metrics [7:41585] > > > Is there any way to alter the metrics of IPX EIGRP other than changing the > bandwidth on an interface? Specifically, I want to route IPX traffic over a > 40Mbs link instead of a 100Mbs temporarily, and I don't want to alter the > bandwidth on the interface as it will affect the IP routing. > Thank you in advance. > > Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41870&t=41585 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Untagged Frames ?? [7:41853]
In 802.1q some devices send also send untagged frames on the trunk links and these are considered to be associated with the "native" VLAN. The thread below indicates anohter use of the "native" VLAN which is the VLAN used for VTP. How can you change it form VLAN 1 on a CISCO device? Anthony Pace ""Larry Letterman"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > To my knowledge, tagging is only applied to the data when it goes on the > trunk and/or vlan associated devices. When the packet leaves the vlan device > the tag is stripped off and the packet traverses the non-vlan network > devices > as a normal, untagged packet. > > anybody else ? > > Larry Letterman > Cisco Systems > [EMAIL PROTECTED] > - Original Message - > From: "Anthony Pace" > To: > Sent: Thursday, April 18, 2002 11:49 AM > Subject: Untagged Frames ?? [7:41853] > > > > How can you tell a switch or router to treat untagged frames as any other > > VLAN other thatn VLAN1 which is the default? Is it a VTP command on the > > switch? How about routers ? How about 2924 siwtches? > > > > Anthony Pace > > ""Jeffrey Reed"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > One of the things related to native VLAN was VTP updates. I think they > go > > > over the "native" VLAN, so you'll need to make sure its the same for all > > the > > > switches in the same VTP domain. > > > > > > Jeffrey Reed > > > Classic Networking, Inc. > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > > Lopez, Robert > > > Sent: Thursday, April 18, 2002 1:10 PM > > > To: [EMAIL PROTECTED] > > > Subject: native vlan [7:41837] > > > > > > Group, > > > > > > What is the significance of deciding what vlan to use for the "native > > vlan" > > > when setting up a trunk. Presently, I use "native vlan 1" when setting > > up > > > a trunk. Could I use any other vlan that is established on both > switches > > as > > > the "native vlan"? I'll be searching thru CCO while I wait for a faster > > > response. :) TIA. > > > > > > Robert > > > > > > > > > > > > > > > Robert M. Lopez > > > Network Engineering > > > CIT - Ann Arbor > > > Pfizer Global Research & Development > > > Phone 734-622-3948 Fax 734-622-1690 > > > > > > "There are only two ways to live your life. One is as though nothing is > a > > > miracle. The other is as though everything is a miracle." ...Albert > > > Einstein Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41868&t=41853 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: access-list 1 permit 0.0.0.0 in route-map question [7:41860]
I think 0.0.0.0 0.0.0.0 is default and 0.0.0.0 255.255.255.255 is "ANY" which some IOS's will replace with the actual word "ANY" Anthony Pace ""Ruihai An"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Group, > > I have seen this "access-list 1 permit 0.0.0.0" with route-map a couple of > times and had trouble to find a definite answer. Some place on Cisco web > site say this is permit EVERYTHING, some place says permit NOTHING. Can > anyone explain this? > > Thanks > > Ruihai > > > router bgp 3 > redistribute ospf 2 match internal external 1 external 2 route-map filter1 > > access-list 1 permit 0.0.0.0 > access-list 2 permit any > ! > route-map filter1 deny 10 > match ip address 1 > ! > route-map filter1 permit 20 > match ip address 2 > ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41860&t=41860 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PPP MULTILINK LOAD THRIESHOLD [7:41783]
ok . That makes sense. It seems PPP MULTILINK has two flavors: 1) for bringing up another ISDN Bearer channel which uses dialer load-threshold 2) for bundling any ohter kind of interfaces using PPP : ppp multilink load-threshold (which would be for load balancing at a layer lower than the packet, or for fragmentaion of large data packets) Does that sound reasonable for the "dual" syntaxes?? Anthony Pace ""Richard Botham"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Anthony, > I think (?) that ppp multilink load threshold is used when you bundle 2 or > more serial interfaces in to a multilink channel. > Not sure, but I'll have a look > > HTH > Richard Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41856&t=41783 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Untagged Frames ?? [7:41853]
How can you tell a switch or router to treat untagged frames as any other VLAN other thatn VLAN1 which is the default? Is it a VTP command on the switch? How about routers ? How about 2924 siwtches? Anthony Pace ""Jeffrey Reed"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > One of the things related to native VLAN was VTP updates. I think they go > over the "native" VLAN, so you'll need to make sure its the same for all the > switches in the same VTP domain. > > Jeffrey Reed > Classic Networking, Inc. > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Lopez, Robert > Sent: Thursday, April 18, 2002 1:10 PM > To: [EMAIL PROTECTED] > Subject: native vlan [7:41837] > > Group, > > What is the significance of deciding what vlan to use for the "native vlan" > when setting up a trunk. Presently, I use "native vlan 1" when setting up > a trunk. Could I use any other vlan that is established on both switches as > the "native vlan"? I'll be searching thru CCO while I wait for a faster > response. :) TIA. > > Robert > > > > > Robert M. Lopez > Network Engineering > CIT - Ann Arbor > Pfizer Global Research & Development > Phone 734-622-3948 Fax 734-622-1690 > > "There are only two ways to live your life. One is as though nothing is a > miracle. The other is as though everything is a miracle." ...Albert > Einstein Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41853&t=41853 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PPP MULTILINK LOAD THRIESHOLD [7:41783]
What is the difference between PPP MULTILINK LOAD THRIESHOLD and DILAERR LOAD-THRESHOLD ??? Anthony Pace Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41783&t=41783 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem to configure IS-IS [7:41138]
Did you enable CLNS routing? You need to turn this on before you can configure ISIS. Anthony Pace ""nntp.groupstudy.com"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, Group, > > I am trying to configure IS-IS at CCIE lab, and two of my router did not > allow > me to get into the IS-IS router mode. I wonder if anyone can tell me what > the > problem is. See following router output: > > Thanks > > Ruihai > > IOS (tm) C2600 Software (C2600-DS-M), Version 12.1(13), RELEASE SOFTWARE > (fc3) > System image file is "flash:c2600-ds-mz.121-13.bin" > > cisco 2610 (MPC860) processor (revision 0x202) with 39936K/9216K bytes of > memory > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41220&t=41138 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP question [7:41132]
You could set the local preference to be higher on the routes comming in via the prefered provider and prepend your own AS onto the aggrigate route you send out to the non-prefered provider. For the one /24 that you want to go in/out via the backup provider you could use a route-map to "source-route" to the backup provider and prepend your AS onto that specific route going to the "main" provider while at the same time announcing it without the prepend to the "backup"provider. I think you may have problems announcing a route for a network as specific as a /24 as many providers will not propogate this via BGP. Anthony Pace ""Kim Seng"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > My network has an Internet Border router. The router > has two ISPs connection: UUNET(T3) and SPRINT(T1). We > have a supernet class B: 18x.18x.0.0/16. Can I > configure the router so that only one of the class C > subnet of this supernet for example 18x.18x.1.0/24 to > use the SPRINT link for both inbound and outbound > traffic. The rest of the supernet will use the UUNET > link. But they need to backup each other when one of > them fails. > > Thanks in advance. > > Kim. > > __ > Do You Yahoo!? > Yahoo! Tax Center - online filing with TurboTax > http://taxes.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41134&t=41132 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access-List Question [7:41126]
The "COMMUNITY" attribute is being sent to this neighbor and it is being set to NO-EXPORT for any routes exept the ones which match ACL 101 via the logiic in route-map SetCommunity. NO-EXPORT means : don't advertise this route to any ohter AS's. The "HOST 255.255.0.0" in the destination of an extended ACL is a weird sort of "shorthand" meaning "only this aggrigate and not routes which are more spcecific". Does anyone know the meaning of 10.0.0.0 0.255.255.255 0.0.0.0 0.0.0.0 ? Anthony Pace ""Hunt Lee"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi group , > > I found the following Access-List from a router's config, what does it do? > Why is there a "host 255.255.0.0" at the end of the access-list statement? > > router bgp 3 > aggregate-address 172.16.0.0 255.255.0.0 > neighbor 192.168.10.1 send community > neighbor 192.168.10.1 route-map SetCommunity out > > access-list 101 permit ip 172.16.0.0 0.0.255.255 host 255.255.0.0 > access-list 101 permit ip 10.0.0.0 0.255.255.255 0.0.0.0 0.0.0.0 > > route-map SetCommunity permit 10 > match ip address 101 > > route-map SetCommunity permit 20 > set community no-export > > Thanx > Hunt Lee Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41127&t=41126 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ac-path access list [7:40983]
A. will catch any routes which have ever traversed AS-10 B. will catch only routes which have originated in 10 and have just come into your AS from AS-10 (meaning you would be directly connected to AS-10. Does anyone else interperete B differently than this?? Anthony Pace ""Steven A. Ridder"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Is there any difference in these two commands? > > A. ip as-path access-list deny _10_ > > B. ip as-path access-list deny ^10$ > > If I understand corerctly, they both deny AS 10, and only 10. > > -- > > RFC 1149 Compliant. > Get in my head: > http://sar.dynu.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4&t=40983 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Configure transparent bridging on Cisco router [7:40709]
The router will "bridge" all traffic on those interfaces EXCEPT IP. If you want to bridge IP you disable IP routing or use CRB or IRB which lets you configure your choice of bridge/route per protocol per interface (in the case of IRB you route into the bridge group via the BVI. Anthony Pace ""timothy thielen"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I believe you are right... You are working on a ROUTER, therefore, it > prefers to ROUTE ROUTABLE traffic. If you take the ROUTING option away, > then it will attempt other configured methods of forwarding traffic. > > --Tim > > Priscilla Oppenheimer wrote: > > > > At 11:50 AM 4/6/02, nntp.groupstudy.com wrote: > > >I put two FA interfaces into same bridge group, and enable > > bridge protocol > > >ieee. There is not IP address configured on the bridge port. > > But it will > > >not > > >bridge any IP traffic unless I disable IP routing on the router > > > > I think that's normal. If you want to bridge IP, you must > > disable IP > > routing because IP routing is enabled by default. See this: > > > > > http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fibm _c/bcfpart1/bcftb.htm#xtocid30 > > > > >or use bridge > > >irb. I was expecting the bridged ports will bridge IP, > > because there is no > > >IP configured on these two interface. Can somebody explain > > why? > > > > > >Thanks > > > > > >Ruihai > > > > > > Priscilla Oppenheimer > > http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40865&t=40709 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to keep BGP's session open indefinitly with no [7:40856]
I got a message saying it was not a valid value. Is that because I tried to just do one zero (my thinking being it would then give me the valid options for holdtime) I tried ROUTER BGP 100 neighbor 1.1.1.1 timers 0 ? Anthony Pace ""Chris Camplejohn"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > router bgp 100 > bgp log-neighbor-changes > timers bgp 0 0 > > > ""Anthony Pace"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > CCO say's if the holdtime is "0" then the sessions are assumed up and do > not > > exchange keepalives, but on the command line "timers" does not permit 0 > for > > the hello or hlodrime interval. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40856&t=40856 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How to keep BGP's session open indefinitly with no "keepalives" [7:40657]
CCO say's if the holdtime is "0" then the sessions are assumed up and do not exchange keepalives, but on the command line "timers" does not permit 0 for the hello or hlodrime interval. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40657&t=40657 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNA, CCNP Titles [7:39437]
Wow Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39757&t=39437 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Console Cable [7:39585]
The default settings in HT PE should work unless the BAUD speed settings changed on the router. Check your speed settings first... if that doesn't work, check the stop bits... flow control etc. I can't help you on the 2501... sorry. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39609&t=39585 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Finally! [7:39583]
Congrats!... I just started my CCNP by sitting the Switching Beta. Hope to be fast on your heels. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39610&t=39583 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Redistribution & Seed Metric [7:39512]
Hi all, could someone please enlighten me on this: what is the best or appropriate way to determine the seed metric in a redistributed environment? for example, if you are redistributing eigrp into ospf or vice versa. Does the administrative distance of the protocol being distributed come into play here? I appreciate your feedback. Tony __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39512&t=39512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Frame Relay bandwidth utilization [7:38423]
I am simulating a Frame Relay network using the Adtran Atlas 550 emulator. I configure the emulator to provide a bandwidth of 1.544M bps, but I notice that the bandwidth utilization is only about 78% on the average after full burst at the beginning. I thought Frame Relay have very few overheads and should run with very high bandwidth utilization. Appreciate if anyone can consult me on this, thanks in advance. Anthony. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38423&t=38423 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
SWITCH FOR CCNP BCMSN COURSE [7:37847]
Hi All, I was wondering if I could get some advice on the type of Cisco switch to purchase for the BCMSN, CCNP course. Looking over the book, it seems like there is much emphasis on Layer 2 functionalities. I am using the Cisco Press book by Krean Webb and the case studies deal much with the "Set" commands. Have any of you purchased a switch for this type of course/LAB and based on your experience which switch is most useful for this course and in using it for future advanced CCIE courses? I appreciate your feeback- Tony __ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37847&t=37847 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP LAB QUESTION [7:37595]
Hi All, I am studying to take the BSCN exam for CCNP track and I have two questions, one about building a frame-relay lab/switch and the other about serial connections. I have three routers a cisco 1605 and two cisco 1720s they each have two WIC cards with integrated cscu/dsu. the 1605 has the same type of WIC card. I know the commands to make the router, for example, the 1720 with two WIC cards, to act as a frame relay switch. can you tell me what other equipment I need to be able to actually create the FR cloud and to be able to connect the other routers with serial interfaces into it? Second question: are there any equipment out there that can simulate a serial connection such as ppp or hdlc? I appreciate any feedback. thx. Tony __ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37595&t=37595 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Fwd: Re: strange problem [7:37359]
if you have layer 3 connectivity, as you mentioned, you can ping ip addresses on the internet, then you might want to check DNS problems or misconfigurations. Tony __ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ X-Apparently-To: [EMAIL PROTECTED] via web21303.mail.yahoo.com; 05 Mar 2002 20:32:56 -0800 (PST) Return-Path: X-Track: 64: 40 Return-Path: Received: from www.groupstudy.com (EHLO groupstudy.com) (63.104.50.75) by mta503.mail.yahoo.com with SMTP; 05 Mar 2002 20:32:51 -0800 (PST) Received: from localhost (mail@localhost) by groupstudy.com (8.9.3/8.9.3) with SMTP id XAA06306; Tue, 5 Mar 2002 23:31:20 -0500 Received: by groupstudy.com (bulk_mailer v1.13); Tue, 5 Mar 2002 23:03:45 -0500 Received: (from listserver@localhost) by groupstudy.com (8.9.3/8.9.3) id XAA00584 GroupStudy Mailer; Tue, 5 Mar 2002 23:03:42 -0500 Received: (from mail@localhost) by groupstudy.com (8.9.3/8.9.3) id XAA00574 GroupStudy Mailer; Tue, 5 Mar 2002 23:03:41 -0500 Date: Tue, 5 Mar 2002 23:03:41 -0500 From: "Chuck" X-GroupStudy-Version: 3.1.1a X-GroupStudy: Network Technical To: [EMAIL PROTECTED] Subject: Re: strange problem [7:37359] Sender: [EMAIL PROTECTED] Reply-To: "Chuck" Precedence: bulk Content-Length: 909 David Letterman's top 10 reasons this customer can't browse the internet: 10) aliens are abducting the packets 9) someone experimenting in Tessla physics has created a time warp nearby. the packets will reach the internet tomorrow, or they may have been thrown back in time and have arrived before the internet was created 8) Art Bell is talking about this phenomenon at this very moment on his radio show 7) the server is temperamental and would rather talk to other people than your customer 6) through 2) make up your own. I have to stop because I have finally realized I will never have a successful career in comedy 1) there is an access list on the edge router that is wreaking havoc my best guess, never having seen configs or traceroutes, etc Chuck ""kaushalender"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi group > > I am facing strange problem one of customer whom we have given 128Kbps > linkand connected on ppp ecapsulation. They r not able to browse the > website.When i did traceroute and ping it was working fine and customer > is able to reach the internet .But when i typed www.yahoo.com in the > browser the browser was respoding "website found waiting for reply " and > it keeps on waiting .Can somebody can help me in identifing that why > http request is dieng or geting killed Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37365&t=37359 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Autonomous-system command [7:36067]
Hi, take a look at the protocol IGRP in the Cisco website. Maybe you can have a better understanding of what an Autonomous system number is all about. Anthony. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36175&t=36067 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PVC status don't go down [7:35389]
I thks to all who come to advise, really appreciate. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35662&t=35389 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PVC status don't go down [7:35389]
You see Eric, because I have an ISDN line as backup, that's why I need both routers to see the PVC as down for any failure that happen on either side. In that case, both routers can then activate the ISDN from either side and use the backup route properly. Now, with router B not able to see the frame relay route down, it keeps sending data through the PVC. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35484&t=35389 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PVC status don't go down [7:35389]
Can anyone enlight me on this. I have 2 sites connected through a Frame Relay network as below : Router A Frame Relay Router B My question is this when interface of router A goes down, router B cannot notice it and the whole PVC is not updated as down. But when the interfaces of both routers are configured as subinterface, router B can then update router A's interface as down and the whole PVC goes down. What is concept behind ? Why doesn't the keepalive update both side properly ? Anthony. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35389&t=35389 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Frame Relay too slow [7:31346]
The placement of the ISDN line is not correct due to the aligment. Sorry for that. Anthony. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31347&t=31346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Frame Relay too slow [7:31346]
This is a project I am doing. I am using 3 Cisco 2600 series routers to link two sites and Adtran Atlas 550 to simulate a Frame Relay and a ISDN line (as backup) network. The arrangement is this: server PC--router--router--Frame Relay(Atlas)--router--client PC |ISDN___| My problem is : When the client PC download file from the server PC, the transmitting speed is very slow (about 15KB/sec). The transmit starts with a speed of about 70KB/sec and then slowly drops to 15KB/sec. Appreciate for any suggestion(s). Anthony. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31346&t=31346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Need advice [7:30742]
As far as I come to know, yes. Hope you good luck. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30794&t=30742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MPLS exam content [7:30217]
I did MPLS while it was in beta, I found MPLS and VPN Architectures by Pepelnjak and Guichard very useful (ISBN 1-58705-002-1). Also, Boson have an MPLS practice test available. It won't give you the exact exam questions but topics are covered well, also it has references to the above book. Good luck. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30481&t=30217 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
About Frame Relay [7:29383]
Does anyone know any websites that have good & simple introduction/explaination on Frame Relay network ? Pls direct me. What does it mean by "Frame Relay is a layer 2 protocol (Data link layer)" and "Frame Relay works on the layer 2 of the OSI model" ? Appreciate for any enlightenment. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29383&t=29383 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Desperately SeekingIOS 12.2(4)T [7:28486]
Desperately seeking this IOS (or any other newer IOS for 2610 that supports WIC-1ADSL) to enable my new WIC-1ADSL for my 2610. Please help, I will return the favor. [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28486&t=28486 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IOS ver 12.1(7) or higher [7:28241]
Hi, thks for your reply. But I have problem getting the SMARTnet program activate. My product documentation cd don't work properly. Wonder if you can help me get the IOS and send it to me ? Anthony. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28344&t=28241 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IOS ver 12.1(7) or higher [7:28241]
Appreciate if anyone could show me where can I find & download the Cisco IOS 12.1(7) or higher release version. I need it urgently for the use of configuring Dialer Watch feature. I am using Cisco 2620 router. Thks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28241&t=28241 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: problem in router config ? [7:27288]
I thks to all of you for showing a helping hand. Really appreciate. Regrds. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27959&t=27288 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
network simulator [7:27658]
Is there any router simulation software that I can configure to run in a Frame Relay and ISDN network ? Appreciate if anyone who knows can send me one. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27658&t=27658 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Slimline 2 [7:27365]
Hi, is this Slimline 2 ISDN simulator a software ? If it is, can you send one copy to me ? [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27657&t=27365 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Frame Relay/ISDN Question [7:27386]
Joshua, I would like to take a look at your router config at both ends. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27413&t=27386 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Frame-relay [7:24332]
show your config out Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27302&t=24332 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: problem in router config ? [7:27288]
I have add in the ppp authenication chap command at both physical and logical interfaces. This is my output of debug q931 commnad : The message "Message not compatible" seems to be the problem, can anyone highlight me what does it mean ? 01:00:52: ISDN BR0/0: RX on B1 at 64 Kb/ 01:00:225504882236: %DIALER-6-BIND: Interface BRI0/0:1 bound to profile Dialer1 01:00:223338299392: ISDN BR0/0: TX -> CALL_PROC pd = 8 callref = 0x9B 01:00:225504866764: Channel ID i = 0x89 01:00:52: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to up 01:00:52: %DIALER-6-UNBIND: Interface BRI0/0:1 unbound from profile Dialer1 01:00:52: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected to 5554000 01:00:223338299392: ISDN BR0/0: TX -> CONNECT pd = 8 callref = 0x9B 01:00:225504866764: Channel ID i = 0x89 01:00:223338299392: ISDN BR0/0: TX -> DISCONNECT pd = 8 callref = 0x9B 01:00:225504866764: Cause i = 0x8090 - Normal call clearing 01:00:52: ISDN BR0/0: RX STATUS pd = 8 callref = 0x9B 01:00:229799834060: Cause i = 0x80E5 - Message not compatible with call state or protocol error, threshold exceeded 01:00:227633266688: Call State i = 0x0B 01:00:53: ISDN BR0/0: RX RELEASE_COMP pd = 8 callref = 0x9B 01:00:54: ISDN BR0/0: RX on B1 at 64 Kb/s 01:00:234094816828: %DIALER-6-BIND: Interface BRI0/0:1 bound to profile Dialer1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27297&t=27288 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
problem in router config ? [7:27288]
Hi,I am trying to configure two 2600 series routers to run in a Frame Relay network with an ISDN dial line as backup operation. The Frame Relay configuration is working alright but the ISDN is not. With reference to the figure below : R1---S1Frame RelayS0---R2 \---Bri0-ISDN--Bri0---/ The problem is with reference to R2 being the sender : - if serial link of both routers are brought down, the ISDN will activate. - if only 1 serial link of either router is brought down, the ISDN will not activate. The same case happen with R1 being the sender. I am struck with this for weeks, really appreciate very much if you can help to chk my router config. My configurations of both routers are as below : R1 configuration : ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname R1 ! username R2 password 0 cisco ! no ip domain-lookup ! isdn switch-type basic-ni ! interface FastEthernet0/0 ip address 172.16.32.1 255.255.240.0 ! interface Serial0/1 backup delay 10 40 backup interface Dialer1 ip address 172.16.96.1 255.255.240.0 encapsulation frame-relay cdp enable frame-relay map ip 172.16.96.1 17 ! interface BRI0/0 no ip address no ip directed-broadcast encapsulation ppp dialer pool-member 5 isdn switch-type basic-ni isdn spid1 51055512340001 5551234 isdn spid2 51055512350001 5551235 ! interface Dialer1 ip address 172.16.16.1 255.255.240.0 no ip directed-broadcast encapsulation ppp dialer remote-name R1 dialer idle-timeout 300 dialer string 5554000 dialer string 5554001 dialer load-threshold 128 either dialer pool 5 dialer-group 1 ppp authentication chap ppp multilink ! router igrp 100 passive-interface Dialer1 network 172.16.0.0 ! ip classless ip route 0.0.0.0 0.0.0.0 172.16.96.2 ip route 0.0.0.0 0.0.0.0 172.16.16.2 200 no ip http server ! dialer-list 1 protocol ip permit ! line con 0 transport input none line aux 0 line vty 0 4 password project login ! end R2 configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname R2 ! username R1 password 0 cisco ! no ip domain-lookup ! isdn switch-type basic-ni ! process-max-time 200 ! interface FastEthernet0/0 ip address 172.16.48.1 255.255.240.0 no ip directed-broadcast ! interface BRI0/0 no ip address no ip directed-broadcast encapsulation ppp dialer pool-member 1 isdn switch-type basic-ni isdn spid1 5105554001 5554000 isdn spid2 51055540010001 5554001 ! interface Serial0/0 backup delay 10 40 backup interface Dialer1 ip address 172.16.96.2 255.255.240.0 no ip directed-broadcast encapsulation frame-relay frame-relay map ip 172.16.96.2 16 ! interface Dialer1 ip address 172.16.16.2 255.255.240.0 no ip directed-broadcast encapsulation ppp dialer remote-name R2 dialer idle-timeout 300 dialer string 5551234 dialer string 5551235 dialer load-threshold 128 either dialer pool 1 dialer-group 1 ppp authentication chap ppp multilink ! router igrp 100 passive-interface Dialer1 network 172.16.0.0 ! ip classless ip route 172.16.32.0 255.255.240.0 172.16.96.1 ip route 172.16.32.0 255.255.240.0 172.16.16.1 200 no ip http server ! dialer-list 1 protocol ip permit ! line con 0 transport input none line aux 0 line vty 0 4 password project login ! end Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27288&t=27288 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router Simulator [7:26886]
Hi, I can sent you a copy of it. Just let me know your emaill address. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27287&t=26886 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: weird termsrv problem [7:23719]
I had a problem like this before on checking ,the memory and cpu utilization was very high .what i did was just to run a smaller size ios.This actually happen when i try configuring DLSW on the system.Try change your ios Regards >try another IOS in order to eliminate a possible SW issue (yes, even though >it might of been working before without problem!) > >jaz > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >routerjocky >Sent: 21 October 2001 08:05 >To: [EMAIL PROTECTED] >Cc: [EMAIL PROTECTED] >Subject: weird termsrv problem > > >I'm having a strange problem with my homelab 2511. Telnet sessions to the >terminal server just drop unexpectedly. No rhyme or reason to it. A 'clear >arp' command (from the console) allows me to access the terminal server >again. >No errors on the e0 interface are being generated. I've tried changing the >transceiver, cable, and moving to a different hub port, but none of those >changes seem to solve the problem. One of the weirdest 'flaky' problems >that >I've ever seen, and terribly frustrating because I can't diagnose the >problem >from the router. (next step: sniff the network) > >Has anyone seen this kind of behavior before? > >If so, what was the solution? > >If not, what's your best guess at what the problem could be? > >thanks in advance >-e- >May the route be with you >Switch if you must, route if you can ;-) >http://members.home.net/airwrck Ohanusi Anthony CCNA,CCNP,CCIE Written. WAN Engineer Network Solution, A Schlumberger Company Email : Phone : 234-1-2610446 EXT 3230 Fax : 234-1-2621034 Learn to qualify your statement Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23719&t=23719 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN in labs [7:12563]
What is the cheapest emulator that one can buy? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12570&t=12563 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN in labs [7:12563]
Is there any way to incorporate ISDN into my lab without spending $1800 on an emulator? Are there any ISDN crossover cables? I don't a lot of money to spend on emulators and simulators. Any advice is greatly appreciated. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12563&t=12563 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
AAA and TACACS+ [7:12150]
Can I use a TACAC+ server to restrict access between two networks? I have a corporate network and a development network separated by a router. Each network is off of an ethernet interface on the router. I want to restrict access between these two networks, not based on IP addresses but based on User accounts. Is this possible using AAA and TACACS+. What are the limitations. Can I use a TACACS+ server to retrict certain ports based on usernames/passwords or can I only use it to restrict IP addresses? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12150&t=12150 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
connecting T1 modules [7:12139]
Anyone know what kind of cable to use to connect two T1 modules? I have a 2525 with the Fractional/full T1 module(RJ45) and a 2621 with the WIC-1DSU-T1 module(RJ45). What kind of cable can I use to connect these momdules? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12139&t=12139 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Which IOS for Token Ring? [7:10425]
I have a Cisco 2525 router. Since it has token ring, which IOS would I need to get for it? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=10425&t=10425 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
TACACS+ and AAA [7:10211]
Anyone got any good reference or know where to get documentation on configuring TACACS+, AAA, and Cisco ACS server Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=10211&t=10211 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
TACACS+ and AAA [7:10208]
Anyone got any good reference or know where to get documentation on configuring TACACS+, AAA, and Cisco ACS server Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=10208&t=10208 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
TACACS+ and AAA [7:10210]
Anyone got any good reference or know where to get documentation on configuring TACACS+, AAA, and Cisco ACS server Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=10210&t=10210 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
TACACS+ and AAA [7:10209]
Anyone got any good reference or know where to get documentation on configuring TACACS+, AAA, and Cisco ACS server Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=10209&t=10209 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Passing Exams without a lab!! Read this its a [7:9078]
I totally see what you are saying. I am somewhat in the same boat as I just recieved the CCNP. There is no substitute for experience. NONE! As long as you know that then you will be OK. Just because I have my CCNP doesn't mean much to me. My was asking me "why don't you seem happy about it?" The truth is that what I really want is the experience and I use certifications to get the experience. The truth is that it was a totally humbling experience for me. I realize how little I know and how little I am in this field. Humility can get you a long way in this field. The more you realize you don't know, the more you want to learn. For many, certifications are the way to get that knowledge. Should people stop getting them because they don't have the big job at the big company with the big experience??? Everyone started somewhere. Nobody is born with a CCIE. You have to start somewhere and many people forget where they started. They look down on others because they don't have the equivalent knowledge. They look down on others because they attained an "easy" certification. Never forget where you came from and how hard it was to get where you are. Maybe there are people out there who have these certs but don't have the knowledge. . .don't knock them down. . lift them up. What goes around comes around. Everyone had help getting to where they are. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=9112&t=9078 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Lab Construction [7:9092]
Let me know what you find out. I have only one switch but 2 2621's, a 2610, a 2524, and a 1601. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=9108&t=9092 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Accounting w/o Authentication [7:8935]
Hi. I have tried doing a similar thing but as soon as you configure: aaa new-model you are them almost stuck with using usernames and p/w for any form of access, this includes vty and console. You may need to check the Cisco Connection Online (CCO) to find out more. Hope this helps. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8938&t=8935 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
cisco 2600 BOOT ROM? [7:8864]
There are two chips on the systmem which are right next to each other and right next to the fan on a 2600 series router. I though that they were the BOOT ROM. I was later told that the boot ROM is only one chip. To make a long story short I have a router that is not working. One of those chips is missing. I replaced them with the chips from another 2600 series router and it worked. Just plopped them in the slots. Any idea what those chips are, if not BOOT ROM? Know where I can get a diagram of a 2600 series router motherboard? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8864&t=8864 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Token Ring and Cisco Lab? [7:8547]
In order to incorporate Token Ring into my lab what would I need? I have two routers with Token Ring interfaces right now. What do I need to get them going? Token Ring Switch? Mau? What types of cables are necessary? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8547&t=8547 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE lab? [7:8440]
Anyone got any advice on equipment that should go into CCIE lab. What has worked for you. I know that the Cisco web site has the lab equipment list but what I want to know is LITERALLY what equipment do you have in your lab or do you know of that has worked for others. Thanks. . this site is awesome? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8440&t=8440 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Reverse telnet [7:7451]
Yes. . Did you get the NM-16A module? You just need that module and the octal cables and you are good to go with a few configurations. I use a 2621 myelf Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=7457&t=7451 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How many CCIE's are there? [7:7456]
Does anyone know where to find out how many CCIE's threre and what number is the last CCIE issued? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=7456&t=7456 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Whooo Hoooooo !!!!! [7:7230]
I just passed the BCRAN yesterday to complete the CCNP! I thought that the order from hardest to easiest was ACRC BCRAN CIT BCMSN What is next for you? I am trying to figure out what to do next and where to get started on the road to CCIE. Any ideas? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=7260&t=7230 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE where to start? [7:7259]
I just passed CCNP yesterday. Does anyone have any ideas as to where I should start on the path to CCIE? Should I do CCDP next? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=7259&t=7259 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: reverse telnet [7:6987]
I only need to extend about 10 feet. Is that one of the cables that has a black ends with 8 RJ45 ports on each end? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=7013&t=6987 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BCRAN exam [7:6988]
It is a pain! I don't think that you need to know much about the commands as much as you need to know about those stupid profiles. When are you planning on taking it? If I take if before you I will let you know how it goes if you give me your e-mail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6991&t=6988 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
reverse telnet [7:6987]
What kind of cable and adapter do I need to extend the octal cable that I am using for reverse telnet? I am not sure what the name of the cable is. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6987&t=6987 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BCRAN exam [7:6988]
I am taking the BCRAN in a couple of days. Does anyone have any advice? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6988&t=6988 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Passed CCIE written today [7:5947]
What line of work on you in and what type of hands on did you get? do you have a lab at home? I have one exam left for ccnp. How long was it in between when you finished CCNP and took CCIE written. How much more is there to know than is covered in all of CCNP? Thanks ""Bryan in Richmond"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Thanks for all of the help and interesting discussion. I passed the CCIE > written today and it was a bitch. The written is only a test that is a > turning > point for focus. Yes it is hard and it also can be somewhat convoluted. > To avoid all of the questions about what did you use and "what was on the > exam" here is a synopsis that does not violate the agreement. (I hope!) > > Preparing for the CCDP and CCNP are the best ways to get there. After that go > with a Cisco prep book (I used the Que CCIE prep). Read all of the white > papers that you can get your hands on from Cisco, concentrating on the areas > that you feel you are the weakest. > > Hands on is the best teacher but it does not substitute for understanding. As > Cisco says the steps are - Hands on, self study & training. > > Use the Rossi token paper @ > > http://www.ccprep.com/resources/news/archives/Token_Ring2.pdf > > Confirm your knowledge of RIF's @ > > http://www.loopy.org/rif.cgi > > Thanks Chad! > > Read the cramsession @ > > http://www.cramsession.brainbuzz.com > > Boson gives you an idea if you are ready but ... > > The CID book is a great refresher and yes the blue print on Cisco.com is to > be > followed with reverence. > I have read alot of e-mails about what people did and did not see on the test > and they are all different. The blueprint is your best guide. Use it. > > I will not answer specific questions about the exam but anything general > please feel free to email me personally. > > On to the real test. ugh Man I love this stuff!! > > > Bryan > > CCDP,CCNP,MCSE,CNE > > btw ccie written is not a cert... > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=5961&t=5947 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX to PIX VPN [7:5920]
Has anyone experience any problems with their PIX to PIX vpn? It seems that mine tends to go down much more often than I like, forcing me to clear the IPSEC and ISAKMP SA's. Any ideas or suggestions? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=5920&t=5920 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
reverse telnet [7:5644]
I am trying to set up reverse telnet. Doesn't seem to be working. what are the steps involved? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=5644&t=5644 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
isdn router simulator for BCRAN [7:5643]
I am taking the BCRAN pretty soon. Does anyone know how to get an ISDN simulator? Either software or hardware. I would like to get my hands on something like that. Thanks a lot Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=5643&t=5643 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BCRAN [7:5498]
I am taking it also. Where did you get the isdn router sim? ""Boywonder"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Thanks Pat. > > Anyone else got any good info? > > > ""Patrick Donlon"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I passed the Remote Access exam last Thursday, expect some Framely relay, > > X25, and ISDN of course. I had a lot of questions where I had to choose a > > command from a list of commands, including some non existant ones, such as > > how do I map an IP address to an ISDN number. I used the Cisco Press book > > and it's practice exam and the isdn router cim and didn't find it > difficult, > > > > good luck > > > > Pat > > > > ""Bryce Jewell"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Hi guys, > > > > > > I am just new to the group. Can anyone please tell me what to expect in > > the > > > BCRAN exam? I am taking it next week and any tips and tricks will be > > muchly > > > appreciated. > > > > > > Thanks, > > > Bryce > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=5641&t=5498 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
16 port async module for 2621 [7:5640]
I bought the nm-16a module for my 2621 router. It is the 16 port async module. The router is not auto-detecting it like it usually does with other modules. Am I missing something here? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=5640&t=5640 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
snapshot routing [7:4644]
I am looking for some advice on where to go with a config I am working on. This config is lab number 8 in the "All-in-one CCIE Lab study guide". I am setting up snapshot routing between two routers that use ISDN BRIs to connect. One router is setup as the client using the snapshot client 5 8 dialer command and the other is the server using the snapshot server 5 command. I have configured the dialer map snapshot command and the client successfully dials and connects to the server and while they are connected, RIP routing updates are exchanged. While they are connected, the ip routing table shows the routes learned via RIP and everything looks ok. When the routers enter the quiet period, the RIP routes only stay in the routing table for about 3-4 minutes and then vanish. It is my understanding that when configured for snapshot, the routing table should be frozen during the quient period (8 minutes). Why are the RIP routes vanishing from the table? Also, the information I have on snapshot routing tells me that snapshot routing doesn't work with ppp multilink. However, when I went to the cisco site for a snapshot routing config, their sample config uses the ppp multilink command. Does anyone know for a fact that snapshot routing will/will not work with ppp multilink? How about 2 B channels? When I use the dialer load threshold command to bring up the second B channel, the snapshot config doesn't work. Should it? Tony Russell Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4644&t=4644 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP routes? [7:4305]
Can you recommend any good references on what/how to filter. Do you filter based on the AS? Do you filter based on the subnet mask? Do you have any sample policies or know where to get any that I can use for some type of reference? ""andyh"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > the memory stats in the "sh ip bgp summ" are a little misleading. Try a > "show proc mem | inc BGP": > > PID TTY Allocated FreedHoldingGetbufsRetbufs Process > 74 0 631172512 4098051860 31705348 0 0 BGP Router > 75 0 343694804 15643832 158284041196 19808064 BGP I/O > 76 0 0 1086676808 6796 0 0 BGP Scanner > > with a full table you can see that there is around 32MB of RAM used for > around 100k routes. Thing to watch is whether you are using soft-reconfig, > cef, or other RAM-intensive stuff. Personally would go for 128MB as a > minimum for a full routing table (am putting 256MB in my new high-end > boxes). > > With 64MB you can probably get away with a full table if you're careful, but > it's not going to scale, or last for very much longer. You're probably > better off getting a default and local routes off each provider, unless you > *really* need a full table, in which case you should go for 128MB RAM. > > Filtering routes inbound is all well and god, but you should really use > soft-reconfig so you can mess with you policies live, but this means that > the routes still fill up the table, even if they are not actually entered > into the forwarding table. > > hth > > Andy > > - Original Message - > From: "Anthony" > To: > Sent: Sunday, May 13, 2001 7:35 AM > Subject: BGP routes? [7:4305] > > > > I have two 2621's, each with 64MB of memory. I am setting up a BGP > > multihoming config with two ISP's. Anyone know approximately how many > > routes I can accept with that much memory? > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4418&t=4305 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How work in large environment? [7:4420]
I have been in the field now for about 4 years. I worked my way up from the bottom as a desktop support tech and for the last year and a half been working with cisco equipment and alteon equipment in a small environment. I have set up a web site, VRRP, HSRP, BGP multihoming, VLANs, VPNs, and PIX firewalls. I got my CCNA and have one exam left for CCNP. How do I make the jump from a small company to a large company? I understand the concepts and I am fairly proficient with the lower line of Cisco equipment like 4000 and below switches and 2600 and below routers. I really want to get a job with a larger company or even and ISP where I can challenge myself and get the experience to someday get the CCIE. Any suggestions are much appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4420&t=4420 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
network baselining [7:4417]
Does anyone know any good tools that I could use to get a network baseline? I need to get one and not sure what tools and guidlines to use. Thanks in advance for your help Anthony Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4417&t=4417 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP routes? [7:4305]
I have two 2621's, each with 64MB of memory. I am setting up a BGP multihoming config with two ISP's. Anyone know approximately how many routes I can accept with that much memory? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4305&t=4305 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IPS multihoming [7:4303]
Can anyone give me the steps in Multihoming with 2 ISP's. I have already obtained an ASN and both of my ISPs have agreed to announce my space as long as it is a /24 or lower. Since I registered the ASN with ARIN, my ISP has given me a different block of addresses that would satisfy the /24 requirement. Do I need to change anything now with ARIN? What else is involved here? Any tips on setting up BGP policies on my end? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4303&t=4303 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]