RE: vpn speed [7:13499]
This is correct, VPN, depending on what features are implemented, can add significant size to packets. Cisco sets the default Payload size for IPSec on the PIX to 1380 to make up for the fact that there can be IPSec headers close to 120 bytes. -Original Message- From: Peter Slow [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 9:07 AM To: [EMAIL PROTECTED] Subject:RE: vpn speed [7:13499] correct me if im wrong, but encryption and compression are COMPLETELY different, and in most cases, encryption results in LARGER payloads. /me hangs his head in dissapointment -Peter -Original Message- From: Patrick Ramsey [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 11:13 AM To: [EMAIL PROTECTED] Subject: Re: vpn speed [7:13499] I'm not exactly sure where the 128k came into play but you are right about end point to endpoint. If either of the ends tops out at 64k, then the throughput will only be 64k. Regardless of compression/and or vpn acceleration. -Patrick Allen May 07/24/01 11:02AM I could be off here...but I believe the accelerator card only helps the cpu intense part of encrypting/decrypting traffic. You would still be limited to internet speed which involves amount of traffic between endpoints, etc. Maximum would be 128K unless you have alot of traffic going through that can be compressed. In that case that traffic can go faster than 128K but most files that can be compressed on the fly with noticable difference are uncompressed files such as .bmp, .txt, comma delimited files, etc. Allen - Original Message - From: Farhan Ahmed To: Sent: Tuesday, July 24, 2001 9:33 AM Subject: vpn speed [7:13499] lets say we have 2 cisco 1720 with vpn accelerator card and both have a 64k connection to internet what would be the speed of the tunnel Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13531t=13499 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: vpn speed [7:13499]
I have VPN running over 56k dialup, and it performs rather well. It's not the fastest, but it is functional. My users say it's about as fast as dialing in /w/ 28000 RAS -Original Message- From: Patrick Ramsey [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 9:14 AM To: [EMAIL PROTECTED] Subject:RE: vpn speed [7:13499] Most definately and across 64k, damn near struggling... I can only hope the vpn is used for telnet... :) Peter Slow 07/24/01 11:53AM correct me if im wrong, but encryption and compression are COMPLETELY different, and in most cases, encryption results in LARGER payloads. /me hangs his head in dissapointment -Peter -Original Message- From: Patrick Ramsey [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 11:13 AM To: [EMAIL PROTECTED] Subject: Re: vpn speed [7:13499] I'm not exactly sure where the 128k came into play but you are right about end point to endpoint. If either of the ends tops out at 64k, then the throughput will only be 64k. Regardless of compression/and or vpn acceleration. -Patrick Allen May 07/24/01 11:02AM I could be off here...but I believe the accelerator card only helps the cpu intense part of encrypting/decrypting traffic. You would still be limited to internet speed which involves amount of traffic between endpoints, etc. Maximum would be 128K unless you have alot of traffic going through that can be compressed. In that case that traffic can go faster than 128K but most files that can be compressed on the fly with noticable difference are uncompressed files such as .bmp, .txt, comma delimited files, etc. Allen - Original Message - From: Farhan Ahmed To: Sent: Tuesday, July 24, 2001 9:33 AM Subject: vpn speed [7:13499] lets say we have 2 cisco 1720 with vpn accelerator card and both have a 64k connection to internet what would be the speed of the tunnel Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13532t=13499 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Need help troubleshooting home connectivity [7:13540]
I think you should reload the IP stack one more time. Sounds like a binding issue. Un-install, reboot, and then re-install. -Original Message- From: J. Li [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 9:54 AM To: [EMAIL PROTECTED] Subject:OT: Need help troubleshooting home connectivity [7:13540] Sorry to bother you all. I lost Internet connectivity at home. I need this fixed so that I can download and practice BOSON test before my scheduled BSMSN exam on Monday. I had redundant links configured at home: 1. Using Sprint Broadband Wireless as my primary connection 2. Using ATT Global Dialer as my backup - use it maybe once every two months. (OS: Windows 2000 Professional) But both of them stopped working. Here is what happened. When everything was working (slowly), I tried to speed it up. I uninstalled TCP/IP protocol and reinstalled it. This is all I did. After reinstalling TCP/IP, my Sprint Broadband stopped working. Here are the symptoms: 1. I can ping Internet IP addresses but HTTP by IP address does not work (so not an DNS issue) 2. HTTP by IP not working with Netscape error message Netscape was unable to create a network socket connection. There may be insufficient system resources or the network may be down. 3. FTP does not work with error message Can't create socket - no winsock present. I then tried ATT Global Dialer. It gets connected but can't get authenticated saying waiting for authentication. Sprint checked my cable modem. They said it's a workstation issue - not a network problem. Sounds familiar? I called my company helpdesk for workstation support. He suggested deleting ATT Global dialer icon and rebooting PC. He also said Uninstalling TCP/IP on Windows 2000 is very troublesome. I may have to reinstall Windows 2000 to fix the problem. He doesn't know any other way to fix winsock issue on Windows 2000. I believe it's a workstation issue: corrupted or missing files. But I don't know how to fix it. The workstation and all other applications are working fine. Any suggestions/ideas would be greatly appreciated. J. Li __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13547t=13540 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: access list.. [7:13564]
That particular combination is not easy with one WC mask, but here are 2 options. Obviously, the less the lines the better. Either Access-list 1 deny 128.252.0.0 0.0.127.255 0-127 Access-list 1 deny 128.252.128.0 0.0.63.255 128-191 Access-list 1 deny 128.252.192.0 0.0.31.255 192-223 Access-list 1 deny 128.252.224.0 0.0.15.255 224-239 Access-list 1 deny 128.252.240.0 0.0.0.255 240 Access-list 1 permit any Or Access-list 1 deny 128.252.240.0 0.0.0.255240 Access-list 1 permit 128.252.240.0 0.0.15.255 240-255 (except the denied 240) Access-list 1 deny 128.252.0.0 0.0.255.2550-255 (except the permitted 241 - 255) Access-list 1 permit any -Original Message- From: Farhan Ahmed [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 11:29 AM To: [EMAIL PROTECTED] Subject:access list.. [7:13564] What mask would be used if you want to create an access list where the IP addresses (128.252.0.0 to 128.252.240.0) would be blocked pls support with explanation, Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13570t=13564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: access list.. [7:13564]
That should be 0.0.15.255, but that allows 240, and you have it backwards, you need to permit the first line (access-list 1 deny 128.252.0.0 0.0.15.255), and then deny the class b , then permit all else -Original Message- From: fgh [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 1:02 PM To: [EMAIL PROTECTED] Subject:Re: access list.. [7:13564] access-list 1 deny 128.252.0.0 0.0.240.255 access-list 1 permit any the 1st line blocks that range and the 2nd line allows all other traffic i think? not positive though - Original Message - From: Farhan Ahmed To: Sent: Tuesday, July 24, 2001 1:28 PM Subject: access list.. [7:13564] What mask would be used if you want to create an access list where the IP addresses (128.252.0.0 to 128.252.240.0) would be blocked pls support with explanation, Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13598t=13564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: access list.. [7:13564]
Your statement (access-list 101 deny ip 128.252.0.0 0.0.255.255 128.252.240.0 0.0.255.255), will AND off the 240 part, and still block all of the class b Thank You, Michael Ayers Network Engineer OneNeck IT Services (480) 539-2203 (800) 272-3077 -Original Message- From: MikeN [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 12:49 PM To: [EMAIL PROTECTED] Subject:Re: access list.. [7:13564] Okay.. default masks meaning classful class B. 128.252.0.0 with a subnet mask of 255.255.0.0 and 128.252.240.0 with a subnet mask of 255.255.0.0 On a router you would use the wildcard mask (inverse) of the subnet mask: access-list 101 deny ip 128.252.0.0 0.0.255.255 128.252.240.0 0.0.255.255 access-list 101 permit ip any any Then apply it to the interface with ip access-group 101 in or out depending on what interface it is applied to. It is easy to envision what the wildcard mask is and what it does if we view the decimal numbers in binary format: wildcard mask 0.0.255.255 = ... 0's = interesting part of the address is to the router; 1's = portion of address the router isn't going to care aboutthis portion of the accress could be any number. If you list the ip address in binary above the wildcard mask, it looks like this: 128 . 252 . 0. 0 1000.1100.. ... 0 . 0.252 . 252 The router will only view the portion of the address NOT blocked by 1's as interesting: 128.252.x.x You will need to grasp this concept before moving on to subnetting and supernetting. There are some excellent explanations for how this works in the Cisco Press CCNA books. To confirm, this is for routers and not the PIX ACLs. HTH MikeN Farhan Ahmed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... What mask would be used if you want to create an access list where the IP addresses (128.252.0.0 to 128.252.240.0) would be blocked pls support with explanation, Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13599t=13564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: access list.. [7:13564]
0.0.15.255 = I only care what the first 20 bits are. So 128.252 are 16 bits, we can ignore them (they match visually). The last octet is all 1, so we can ignore that also don't care. We also don't care what the last 4 bits are, so we do care what the first 4 are. If we use 128.252.240.0, we get 1000 1100 000 in binary. We only want to focus on the 3rd octet . SO CARE Don't Care Decimal Number 240 0001241 0010242 0011243 0100244 0101245 0110246 0111247 1000248 1001249 1010250 1011251 1100252 1101253 1110254 255 -Original Message- From: Farhan Ahmed [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 1:35 PM To: 'Ayers, Michael'; [EMAIL PROTECTED] Subject:RE: access list.. [7:13564] should be 0.0.15.255 but how? -Original Message- From: Ayers, Michael [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 25, 2001 12:27 AM To: [EMAIL PROTECTED] Subject: RE: access list.. [7:13564] Your statement (access-list 101 deny ip 128.252.0.0 0.0.255.255 128.252.240.0 0.0.255.255), will AND off the 240 part, and still block all of the class b Thank You, Michael Ayers Network Engineer OneNeck IT Services (480) 539-2203 (800) 272-3077 -Original Message- From: MikeN [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 12:49 PM To: [EMAIL PROTECTED] Subject:Re: access list.. [7:13564] Okay.. default masks meaning classful class B. 128.252.0.0 with a subnet mask of 255.255.0.0 and 128.252.240.0 with a subnet mask of 255.255.0.0 On a router you would use the wildcard mask (inverse) of the subnet mask: access-list 101 deny ip 128.252.0.0 0.0.255.255 128.252.240.0 0.0.255.255 access-list 101 permit ip any any Then apply it to the interface with ip access-group 101 in or out depending on what interface it is applied to. It is easy to envision what the wildcard mask is and what it does if we view the decimal numbers in binary format: wildcard mask 0.0.255.255 = ... 0's = interesting part of the address is to the router; 1's = portion of address the router isn't going to care aboutthis portion of the accress could be any number. If you list the ip address in binary above the wildcard mask, it looks like this: 128 . 252 . 0. 0 1000.1100.. ... 0 . 0.252 . 252 The router will only view the portion of the address NOT blocked by 1's as interesting: 128.252.x.x You will need to grasp this concept before moving on to subnetting and supernetting. There are some excellent explanations for how this works in the Cisco Press CCNA books. To confirm, this is for routers and not the PIX ACLs. HTH MikeN Farhan Ahmed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... What mask would be used if you want to create an access list where the IP addresses (128.252.0.0 to 128.252.240.0) would be blocked pls support with explanation, Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13611t=13564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: access list.. [7:13564]
You are incorrect. A 240 in a WC mask will, here, deny 16.x, 32.x, 48.x, 64.x, etc... (multiples of 16). You MASK is saying that you don't care what the 4 higher order bits are, but you MUST have in the last 4 bits of the octet in question. This will than only permit combinations of 0 000116 001032 001148 010064 010180 011096 0111112 1000128 1001144 1010160 1011176 1100192 1101208 1110224 240 -Original Message- From: fgh [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 1:23 PM To: Ayers, Michael Cc: [EMAIL PROTECTED] Subject:Re: access list.. [7:13564] He wants to block the range 128.252.0.0-128.252.240.0 and permit all else. access-list 1 deny 128.252.0.0 0.0.240.255 access-list 1 permit any I have a CCIE and a sniffer instructor sitting next to me and they verified that the above commands work for blocking the range and permitting everything else. - Original Message - From: Ayers, Michael To: 'fgh' ; Sent: Tuesday, July 24, 2001 3:04 PM Subject: RE: access list.. [7:13564] That should be 0.0.15.255, but that allows 240, and you have it backwards, you need to permit the first line (access-list 1 deny 128.252.0.0 0.0.15.255), and then deny the class b , then permit all else -Original Message- From: fgh [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 1:02 PM To: [EMAIL PROTECTED] Subject: Re: access list.. [7:13564] access-list 1 deny 128.252.0.0 0.0.240.255 access-list 1 permit any the 1st line blocks that range and the 2nd line allows all other traffic i think? not positive though - Original Message - From: Farhan Ahmed To: Sent: Tuesday, July 24, 2001 1:28 PM Subject: access list.. [7:13564] What mask would be used if you want to create an access list where the IP addresses (128.252.0.0 to 128.252.240.0) would be blocked pls support with explanation, Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13613t=13564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: access list.. [7:13564]
You are incorrect. A 240 in a WC mask will, here, deny 16.x, 32.x, 48.x, 64.x, etc... (multiples of 16). You MASK is saying that you don't care what the 4 higher order bits are, but you MUST have in the last 4 bits of the octet in question. This will than only permit combinations of 0 000116 001032 001148 010064 010180 011096 0111112 1000128 1001144 1010160 1011176 1100192 1101208 1110224 240 -Original Message- From: fgh [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 1:23 PM To: Ayers, Michael Cc: [EMAIL PROTECTED] Subject:Re: access list.. [7:13564] He wants to block the range 128.252.0.0-128.252.240.0 and permit all else. access-list 1 deny 128.252.0.0 0.0.240.255 access-list 1 permit any I have a CCIE and a sniffer instructor sitting next to me and they verified that the above commands work for blocking the range and permitting everything else. - Original Message - From: Ayers, Michael To: 'fgh' ; Sent: Tuesday, July 24, 2001 3:04 PM Subject: RE: access list.. [7:13564] That should be 0.0.15.255, but that allows 240, and you have it backwards, you need to permit the first line (access-list 1 deny 128.252.0.0 0.0.15.255), and then deny the class b , then permit all else -Original Message- From: fgh [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 1:02 PM To: [EMAIL PROTECTED] Subject: Re: access list.. [7:13564] access-list 1 deny 128.252.0.0 0.0.240.255 access-list 1 permit any the 1st line blocks that range and the 2nd line allows all other traffic i think? not positive though - Original Message - From: Farhan Ahmed To: Sent: Tuesday, July 24, 2001 1:28 PM Subject: access list.. [7:13564] What mask would be used if you want to create an access list where the IP addresses (128.252.0.0 to 128.252.240.0) would be blocked pls support with explanation, Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13609t=13564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: access list.. [7:13564]
Only problem, your scenario should be too block all from 0 to 239 to make an easy solution. -Original Message- From: Ayers, Michael Sent: Tuesday, July 24, 2001 1:40 PM To: 'Farhan Ahmed'; Ayers, Michael; [EMAIL PROTECTED] Subject:RE: access list.. [7:13564] 0.0.15.255 = I only care what the first 20 bits are. So 128.252 are 16 bits, we can ignore them (they match visually). The last octet is all 1, so we can ignore that also don't care. We also don't care what the last 4 bits are, so we do care what the first 4 are. If we use 128.252.240.0, we get 1000 1100 000 in binary. We only want to focus on the 3rd octet . SO CARE Don't Care Decimal Number 240 0001241 0010242 0011243 0100244 0101245 0110246 0111247 1000248 1001249 1010250 1011251 1100252 1101253 1110254 255 -Original Message- From: Farhan Ahmed [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 1:35 PM To: 'Ayers, Michael'; [EMAIL PROTECTED] Subject:RE: access list.. [7:13564] should be 0.0.15.255 but how? -Original Message- From: Ayers, Michael [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 25, 2001 12:27 AM To: [EMAIL PROTECTED] Subject: RE: access list.. [7:13564] Your statement (access-list 101 deny ip 128.252.0.0 0.0.255.255 128.252.240.0 0.0.255.255), will AND off the 240 part, and still block all of the class b Thank You, Michael Ayers Network Engineer OneNeck IT Services (480) 539-2203 (800) 272-3077 -Original Message- From: MikeN [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 12:49 PM To: [EMAIL PROTECTED] Subject:Re: access list.. [7:13564] Okay.. default masks meaning classful class B. 128.252.0.0 with a subnet mask of 255.255.0.0 and 128.252.240.0 with a subnet mask of 255.255.0.0 On a router you would use the wildcard mask (inverse) of the subnet mask: access-list 101 deny ip 128.252.0.0 0.0.255.255 128.252.240.0 0.0.255.255 access-list 101 permit ip any any Then apply it to the interface with ip access-group 101 in or out depending on what interface it is applied to. It is easy to envision what the wildcard mask is and what it does if we view the decimal numbers in binary format: wildcard mask 0.0.255.255 = ... 0's = interesting part of the address is to the router; 1's = portion of address the router isn't going to care aboutthis portion of the accress could be any number. If you list the ip address in binary above the wildcard mask, it looks like this: 128 . 252 . 0. 0 1000.1100.. ... 0 . 0.252 . 252 The router will only view the portion of the address NOT blocked by 1's as interesting: 128.252.x.x You will need to grasp this concept before moving on to subnetting and supernetting. There are some excellent explanations for how this works in the Cisco Press CCNA books. To confirm, this is for routers and not the PIX ACLs. HTH MikeN Farhan Ahmed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... What mask would be used if you want to create an access list where the IP addresses (128.252.0.0 to 128.252.240.0) would be blocked pls support with explanation, Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13614t=13564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: access list.. [7:13564]
An I only have a lowly CCNP telling me. (myself) -Original Message- From: fgh [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 1:02 PM To: [EMAIL PROTECTED] Subject:Re: access list.. [7:13564] access-list 1 deny 128.252.0.0 0.0.240.255 access-list 1 permit any the 1st line blocks that range and the 2nd line allows all other traffic i think? not positive though - Original Message - From: Farhan Ahmed To: Sent: Tuesday, July 24, 2001 1:28 PM Subject: access list.. [7:13564] What mask would be used if you want to create an access list where the IP addresses (128.252.0.0 to 128.252.240.0) would be blocked pls support with explanation, Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13616t=13564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cable modems 2501s?? [7:13626]
The answer was, YOU CAN'T. The 2501 has but 1 Ethernet. You nee a 2514! -Original Message- From: Greg Macaulay [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 3:16 PM To: [EMAIL PROTECTED] Subject:RE: Cable modems 2501s?? [7:13626] Allen -- Perhaps I was not clear -- I have a 10 Base T Transceiver for the AUI port. That's how I connected the cable modem to the port with the cat5 cable (RJ45). The question remains -- how do I connect from the router to the hub? Thanks, Greg Macaulay Oldest CCNP/CCDP on Earth Lifetime Member of AARP Retired Attorney/Law Professor -Original Message- From: Allen May [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 5:53 PM To: Greg Macaulay; [EMAIL PROTECTED] Subject: Re: Cable modems 2501s?? [7:13626] Get a 10 Base T Transceiver for the AUI port ;) I think someone was selling 5 of them on here the other day for like $5-15...not sure how much but it was cheap. Allen - Original Message - From: Greg Macaulay To: Sent: Tuesday, July 24, 2001 4:49 PM Subject: Cable modems 2501s?? [7:13626] Hi all, I need some assistance with setting up my 2501 with my cable modem. I know I'm missing something very obvious -- but attribute my oversight to my age! (1) I configured the e0 port with ip address dhcp. (2) I connected the cat5 cable from the cable modem to the e0 port. (3) Now I know I need to connect the router to my hub -- but how?? -- since there is only (1) ethernet port on a 2501?? Do I need a 2514 (or some other router that has more than one ethernet port? Again -- I know I'm missing the obvious -- but any help (with or without flaming would be appreciated! -- Besides we old folks don't burn well!) Thanks to all, Greg Macaulay Oldest CCNP/CCDP on Earth Lifetime Member of AARP Retired Attorney/Law Professor Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13640t=13626 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Cable modems 2501s?? [7:13626]
Linksys makes a way cool option for this :) -Original Message- From: Jason Kinney [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 3:32 PM To: [EMAIL PROTECTED] Subject:RE: Cable modems 2501s?? [7:13626] Can't you use a 10BaseT Transceiver in the AUI port? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Allen May Sent: Tuesday, July 24, 2001 3:11 PM To: [EMAIL PROTECTED] Subject: Re: Cable modems 2501s?? [7:13626] Ya know whatnever mind...just looked up 2501 and it's 2 serial ports and AUI. My bad. - Original Message - From: Greg Macaulay To: Sent: Tuesday, July 24, 2001 4:49 PM Subject: Cable modems 2501s?? [7:13626] Hi all, I need some assistance with setting up my 2501 with my cable modem. I know I'm missing something very obvious -- but attribute my oversight to my age! (1) I configured the e0 port with ip address dhcp. (2) I connected the cat5 cable from the cable modem to the e0 port. (3) Now I know I need to connect the router to my hub -- but how?? -- since there is only (1) ethernet port on a 2501?? Do I need a 2514 (or some other router that has more than one ethernet port? Again -- I know I'm missing the obvious -- but any help (with or without flaming would be appreciated! -- Besides we old folks don't burn well!) Thanks to all, Greg Macaulay Oldest CCNP/CCDP on Earth Lifetime Member of AARP Retired Attorney/Law Professor Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13647t=13626 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cable modems 2501s?? [7:13626]
I don't think you can use the same interface for the NAT outside and inside. :) . now if you could sub-interface... no never mind -Original Message- From: Leigh Anne Chisholm [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 3:59 PM To: Ayers, Michael; [EMAIL PROTECTED] Subject:RE: Cable modems 2501s?? [7:13626] Why couldn't you plug the cable modem and router into a hub and have the router do one-arm routing? A better alternative though (because of security) is the one I posed in a previous message... -- Leigh Anne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ayers, Michael Sent: Tuesday, July 24, 2001 4:28 PM To: [EMAIL PROTECTED] Subject: RE: Cable modems 2501s?? [7:13626] The answer was, YOU CAN'T. The 2501 has but 1 Ethernet. You nee a 2514! -Original Message- From: Greg Macaulay [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 3:16 PM To: [EMAIL PROTECTED] Subject:RE: Cable modems 2501s?? [7:13626] Allen -- Perhaps I was not clear -- I have a 10 Base T Transceiver for the AUI port. That's how I connected the cable modem to the port with the cat5 cable (RJ45). The question remains -- how do I connect from the router to the hub? Thanks, Greg Macaulay Oldest CCNP/CCDP on Earth Lifetime Member of AARP Retired Attorney/Law Professor -Original Message- From: Allen May [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 5:53 PM To: Greg Macaulay; [EMAIL PROTECTED] Subject: Re: Cable modems 2501s?? [7:13626] Get a 10 Base T Transceiver for the AUI port ;) I think someone was selling 5 of them on here the other day for like $5-15...not sure how much but it was cheap. Allen - Original Message - From: Greg Macaulay To: Sent: Tuesday, July 24, 2001 4:49 PM Subject: Cable modems 2501s?? [7:13626] Hi all, I need some assistance with setting up my 2501 with my cable modem. I know I'm missing something very obvious -- but attribute my oversight to my age! (1) I configured the e0 port with ip address dhcp. (2) I connected the cat5 cable from the cable modem to the e0 port. (3) Now I know I need to connect the router to my hub -- but how?? -- since there is only (1) ethernet port on a 2501?? Do I need a 2514 (or some other router that has more than one ethernet port? Again -- I know I'm missing the obvious -- but any help (with or without flaming would be appreciated! -- Besides we old folks don't burn well!) Thanks to all, Greg Macaulay Oldest CCNP/CCDP on Earth Lifetime Member of AARP Retired Attorney/Law Professor Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13658t=13626 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: tftp server! [7:13203]
I use the Cisco TFTP server, and have had no issues with it. I also used the Instsrv/SRVANY NT utilities to make it start as a service. -Original Message- From: Jason Roysdon [mailto:[EMAIL PROTECTED]] Sent: Saturday, July 21, 2001 4:37 PM To: [EMAIL PROTECTED] Subject:Re: tftp server! [7:13203] You just need a tftp server/daemon to run on your PC. I like 3Com's 3CDaemon which supports tftp client and server, as well as ftp and syslog, but Cisco has there own, and Pumpkin is another popular one. http://support.3com.com/software/utilities_for_windows_32_bit.htm Their IPCalc is pretty useful as well. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ chica wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... hi, i'm setting up my lab and want to install the tftp server on one PC.I would also want to upgrade my IOS image and install the IP feature pack.I reckon,that the tftp can be installed on any PC on any OS say windows,and that the tftp server would acquire the ip address of the PC.Can anyone please give a detailed process of the installation and integration in a network, plus how to install the ip fearure pack. I'ld appreciate any input. thanx chika __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13376t=13203 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco Press Vs Sybex Which Way Forward === [7:13243]
I use both -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Sunday, July 22, 2001 6:37 PM To: [EMAIL PROTECTED] Subject:Re: Cisco Press Vs Sybex Which Way Forward === [7:13243] At 03:07 PM 7/22/01, hal9001 wrote: Howard In some of the advertising blurb I've seen they suggest that the same Cisco Press men/women/whatever have a hand in writing the questions in the pool. Cisco Press authors do not have access to the test questions/answers. Where did you see this advertising blurb? Can you give us a URL? Cisco Press publishes many types of books. The ones that say edited by are the course materials ported to book format. They are usually a very good fit to the test. The study guides are original work, (often by CCSIs), to help you pass the test. Some of these are very good also. Then there are other books that are not certification books at all. Top-Down Network Design, for example, is not a certification book. For historical reasons (people at Cisco turned my earlier work into DCN and CCDA), it happens to be a good fit, which is nice, but not intentional. Cisco Press is not part of Cisco, by the way. But they are in bed together. Cisco makes money (a piddling amount, I would guess), on the classes that are ported to book format. For the other books, the piddling royalties go to the author. Cisco has the right to use the materials we wrote (I wish I hadn't signed that contract!:-) I have been shocked to discover whole paragraphs that I wrote in the Cisco Networking Academy materials for example, with no recognition. Regarding the actual question of Cisco Press versus Sybex: as others have said, it's a matter of style. Cisco Press requires an academic, detailed style. Humor is discouraged. Sybex is much more laid-back. If I were in a hurry to learn something, I might go with Sybex. It's a lot less words to wade through!? ;-) Priscilla Whether it is spin or not the suggestion is that if you buy a Cisco Press book you buy part of the family jewels. I can't see Cisco missing a profit if they have a hand in the publishing. Surely Cisco Press is sanctioned by Cisco purely by reason of the name, could you see them doing a second best for their own publishers. However the books are quite high brow when compared to Sybex or Syngress. I suggest that if you have the cash that Syngress to Sybex, Sybex to Cisco is about right as it covers a gentle learning curve. My tuppence worth. Karl - Original Message - From: Howard C. Berkowitz To: Sent: Sunday, July 22, 2001 5:23 PM Subject: Re: Cisco Press Vs Sybex Which Way Forward === [7:13243] Oletu Hosea Godswill CCNP, CCNA. wrote, Todd Lammle would do us in the networking field a lot of good if he go and get his CCNP. He can't be writing CCDA, CCNP and CCIE books gear towards the exam proper, without passing through the examination process. Good, he might be a good writer and also might have some wealth of experience. But you would agree with me that, the exams are different scenerio from the day to day hands-on job and it is a different ball game from one having experience. Many who boast of tons of years of experience can go in for these exams and still fail it. Let Todd Lammle at be patience and only write books for which he is certified, by this he will gain more popularity. I like his books for their simpilicity and easy of understanding, but what am against is that do not use that to shield me from difficult and complex areas the exam would be bordered on. I disagree. I'm an inactive CCSI, under the old school certification rules. While I direct CertificationZone's content, I have no intention of getting further Cisco certifications. This is for a couple of reasons, and, without speaking for Todd, might very well be his reasons. Cisco's lawyers are extremely aggressive at pursuing what they consider even the appearance of NDA violations. I can't be accused of violating the confidentiality of a test I've never taken. Second, I take the viewpoint that I am preparing materials that first help the student understand the test content, and second deal with test mechanics. The world is full of examples of people that are extremely effective teachers of subjects that they either never practiced or no longer currently practice. I think you'll find that most sports coaches with a significant winning record were not Hall of Fame in their sports. Most protocol developers are not CCIEs. Some very good obstetricians are men. The best collegiate fencer I knew was at a time when women could not compete, so she became her team coach. I believe it's more important to have a thorough understanding of the principles of the test than the test mechanics. On this list and elsewhere, including open Cisco sources, there is a lot of material Am sorry, not against Todd Lammle in any sense, I
RE: what's wrong with CCIE today? [7:13151]
Sean Not everyone can know everything about all Networking and OS's. You obviously know how your network runs, but is it documented?, and if so, is the documentation in a coherent library format? Sounds to me like this important information may not have passed on during your network turnover to these CCIEs. If you had planed ahead, you would have hired the people with a skill set that matches your business need. Yes, there may be CCIEs that can't do anything but Cisco products, but the assumption that everyone has your exact, and (by the sound of it) diverse skill set. I never would have turned my network over to a group without making sure they had the required skill set, or at least access to a large skill set base. Clarify before you flame! BTW, I'm not a CCIE, and may never be one. (only Cisco VARs benefit in my opinion) -Original Message- From: Sean Young [mailto:[EMAIL PROTECTED]] Sent: Friday, July 20, 2001 4:15 PM To: [EMAIL PROTECTED] Subject:what's wrong with CCIE today? [7:13151] What's wrong with CCIEs today? I know that I am making a general assumptions; however,this is the second time that it has happend to the company that I work for. We have several tacacs servers that use to authenticate users. These tacacs servers are running on a combination of Linux and Solaris platforms. While I was away at the Networker Conference, one of our tacacs servers (solaris) die due to hardware failure and the amazingly the tacacs process on the Linux die. Because of this, everyone has to login to the routers and switches via local account. We hire these CCIEs to maintain the network while I am away for a few weeks. None of these CCIEs have any background with tacacs servers running on Unix platforms. As to our problems, the simple to do is just to restart the tacacs process byfirst: killall tac_plus and second /usr/sbin/tac_plus -C /etc/tacacs/tac_plus.cfg but these CCIEs guys have absolutely no clues. Furthermore, they don't even know how to use editing in Unix (i.e vi or emacs) and ended up screwing up my tacacs configuration files. We have a few employees that need tacacs account but these CCIEs guys have no clues how to addnew users to a configuration file which if anyone has done tacacs on the unix platform know that you just modify the configuration file tac_plus.conf and restart tacacs process. These CCIE guys say that they come from a windows environment so they don't have too much with Unix platforms. I also notice that a lot of CCIEs these days lack the Unix skills that are required for the Service Providers environment. Most don't even know how to tunnel X-application through Secure Shell (SSH). I still remember those days when Cisco Engineers are very well verse in both unix and routers skills. I long for those days again. Comments anyone? Get your FREE download of MSN Explorer at http://explorer.msn.com Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13155t=13151 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Large Collisions on Vlan1 [7:12961]
Vlan1 is a logical interface. It will clear with a reload. Remember, VLAN1 is all ports on the VLAN, so if you have 4 or 5 ports in VLAN1 connected to, say, 24 port hubs, the VLAN collision count will be high. Remember, that a switch running full duplex will have NO collisions, and a duplex mismatch will show late collisions if the switch is half and the other side is full, and CRC errors if the switch is full, and the other side is half. Don't worry about collisions on the VLAN, worry about collisions on the physical interfaces. -Original Message- From: Kwame [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 19, 2001 2:37 PM To: [EMAIL PROTECTED] Subject:Re: Large Collisions on Vlan1 [7:12961] The counters won't clear. I used the ff command: CLEAR COUNTERS VLAN1 I'm still seeing the same number of collisions on vlan1. Here's my trunk configuration. What am I missing? 6509:interface fa2/10 no ip address duplex full switchport switchport trunk encapsulation isl switchport trunk allowed vlan 1,206,207,1002-1005 switchport mode trunk ! 2905:interface FastEthernet0/1 duplex full speed 100 switchport trunk allowed vlan 1,206,207,1002-1005 switchport mode trunk spanning-tree portfast ! Hire, Ejay wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You need to clear the counters and establish a time frame for this. 19 million collisions isn't a lot in a well loaded switch that has been up for a long time. If you clear the counters and the number increases quickly, you may have a speed or duplex issue or a bad cable. You said this was an ISL trunk so you should manually set both ends at 100 mbps (or 1000mbps if you've got the special card for the 2924 and a good port on the 6500) and also manually set the link to full duplex. -Original Message- From: Kwame [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 19, 2001 12:25 PM To: [EMAIL PROTECTED] Subject: Large Collisions on Vlan1 [7:12961] What does it mean when the sh int vlan1 output shows large collisions? For example on a 2924 XL with an ISL trunk to a 6509 I go the ff output upon issuing the SH INT VLAN1 command: 0 output errors, 19108404 collisions, 0 interface resets Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13020t=12961 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: About CCNA WAN (640-410) [7:12737]
I printed copies of every install guide and technology brief from Cisco on ATM, and their Switches and Shelves. I found it enough to pass. The CCNP scares me though (I'll need a lot more experience) :) -Original Message- From: ljingyu [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 17, 2001 5:52 PM To: [EMAIL PROTECTED] Subject:About CCNA WAN (640-410) [7:12737] Hi, Who can give me some suggestion about the CCNA WAN Switching (#640-410) Exam.The only material I have is 'Installing Cisco WAN Switches (ICWS) Version 2.0' from Cisco and Boson Software Specialization Demo version 3.88.What materials should I use to study for the exam? What is the passing score? How can I get the futher referenced materials. And How much I should pay for the certification exam. Thanks.Any comments would be greatly appreciated. Looking forward to hearing from you. -- Jingyu, Li ACE,CCNA Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12832t=12737 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: EIGRP on NBMA of Frame Relay - help! [7:12834]
SPLIT HORIZON A router will NOT advertise a route out the same interface it received it in on. Try sub-interfaces. Excerpt from Cisco http://www.cisco.com/univercd/cc/td/doc/product/software/ssr83/rpc_r/53992.h tm#xtocid2008062 Enabling and Disabling Split Horizon for IP Networks Normally, routers that are connected to broadcast-type IP networks and that use distance vector routing protocols employ the split horizon mechanism to prevent routing loops. Split horizon blocks information about routes from being advertised by a router out any interface from which that information originated. This behavior usually optimizes communications among multiple routers, particularly when links are broken. However, with nonbroadcast networks such as frame relay and SMDS, situations can arise for which this behavior is less than ideal. Use the no ip split-horizon interface subcommand to disable the split horizon mechanism. ip split-horizon no ip split-horizon For all interfaces except those for which either frame relay or SMDS encapsulation is enabled, the default condition for this command is ip split-horizon; in other words, the split horizon feature is active. If the interface configuration includes either the encapsulation frame-relay or encapsulation smds commands, the default is for split horizon to be disabled. Split horizon is not disabled by default for interfaces using any of the X.25 encapsulations. Note For networks that include links over X.25 PSNs, the neighbor interface subcommand can be used to defeat the split horizon feature. You can as an alternative explicitly specify the no ip split-horizon command in your configuration. However, if you do so, you must similarly disable split horizon for all routers in any relevant multicast groups on that network. If split horizon has been disabled on an interface and you wish to enable it, use the ip split-horizon interface subcommand to restore the split horizon mechanism. Note In general, Cisco recommends against changing the state of the default for this interface subcommand unless you are certain that your application requires doing so to properly advertise routes. Remember that if split horizon is disabled on a serial interface (and that interface is attached to a packet-switched network), you must disable split horizon for all routers in any relevant multicast groups on that network. Example: The following illustrates a simple example of disabling split horizon on a serial link. In this example, the serial link is connected to an X.25 network. interface serial 0 encapsulation x25 no ip split-horizon Example of Implicit Split Horizon Conditions A typical situation in which the no ip split-horizon command would be useful is illustrated in Figure 14-10a. This figure depicts two IP subnets that are both accessible via a serial interface on Router C (connected to frame relay network). In this example, the serial interface on Router C accommodates one of the subnets via the assignment of a secondary IP address. The Ethernet interfaces for Router A, Router B, and Router C (connected to IP networks 12.13.50.0, 10.20.40.0, and 20.155.120.0) all have split horizon enabled by default, while the serial interfaces connected to networks 128.125.1.0 and 131.108.1.0 all have split horizon disabled by default. The partial interface configuration specifications for each router that follow Figure 1-11 illustrate that the ip split-horizon interface subcommand is not explicitly configured under normal conditions for any of the interfaces. In this example, split horizon must be disabled in order for network 128.125.1.0 to be advertised into network 131.108.1.0, and vice versa. These subnets overlap at Router C, interface S0. If split horizon were enabled on serial interface S0, it would not advertise a route back into the frame relay network for either of these subnets. -Original Message- From: Thomas [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 18, 2001 10:19 AM To: [EMAIL PROTECTED] Subject:EIGRP on NBMA of Frame Relay - help! [7:12834] Hi All, I have a hub-and-spoke topology with 3 routers. Router A acts as a hub router with pure dynamic multipoint on the Frame Relay network (NBMA). Router B and router C are spoke ones with no static mapping. The three router running EIGRP protocol with the same Autonomous System number. Problem: On router A, I can see all LAN/WAN subnets on router B and C learning through EIGRP. However, on router B (the spoke) I cannot see the subnets of router C (the other spoke of the hub), which it supposes to learn throught EIGRP. Vice versa, router C cannot see routes to subnets on router B. What's the problem with this picture? Any solution for this? The IP scheme for the 3 routers as follow. By the way, I turned off the auto-summary on EIGRP Router A: WAN IP = 192.168.1.1255.255.255.248 LAN IP = 10.1.1.1255.255.0.0 Router B:WAN IP = 192.168.1.2
RE: Question on Cat5k [7:12836]
The router should be able to run 10Mbs. The Switching technology doesn't care about the port speed -Original Message- From: Munoz, Michael [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 18, 2001 10:29 AM To: [EMAIL PROTECTED] Subject:Question on Cat5k [7:12836] I am looking to purchase a Catalyst switch for my department to play with. I have found the deal from Optsys with Cat5k Sup1 and WS-X5010 Blade but am wondering about the capabilities of the switch.. Apparently the WS-X5010 is 24pt 10MBS as mentioned to me by Brad.. Assuming that I have a router with FastEthernet capabilities to run ISL, would the switch be able to handle this since the blade is not able to run 100mbs? I just want to make a good purchase for our lab.. At this time, we do not have any catalyst equipment. Thanks all for your help! Mike Munoz Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12839t=12836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: WIC to WIC Connection [7:12668]
If it is just a serial port, you'll need a DCE, and DTE v.35 or something similar. If it is a T1 rj45 WIC, cross pins 1-4 2-5 4-1 5-2. -Original Message- From: Chris Headings [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 17, 2001 9:30 AM To: [EMAIL PROTECTED] Subject:RE: WIC to WIC Connection [7:12668] Just a standard CAT5 cross-over Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12684t=12668 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3500 xl switch problem [7:12705]
Is the IP address you assigned to the switch in the network for your other VLAN? Think of the switch as a host that is built into the hub of your network. It must be on a VLAN to be accessible, and it must have an IP on the network it is a member of. Otherwise, it's like setting up a router on your network, taking it across town to a customers site, and wondering why it didn't work when you plugged in. It worked fine on your networkBut, Oh oops, you forgot to change the IP. As for console access, that has nothing to do with the IP address, or VLAN assignment. If you can't get in through the console, is it due to a bad pwd? Hmmm My $.02 (on sale now for only $99.99) -Original Message- From: Angel [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 17, 2001 12:33 PM To: [EMAIL PROTECTED] Subject:3500 xl switch problem [7:12705] Hello Everyone! I changed the management VLAN of a 3500 switch thorugh the browser-based cisco cluster management suite (CMS). By default the switch IP address belongs to the management VLAN which is VLAN 1. Only one vLan can be adminstratively active at the same time. By changing to a newly created vlan I have lost the chance to manage the default vlan. can't no longer console or access via the assigned IP address. Thanks in advance if anyone knows anything about this! Angel Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12716t=12705 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: still problems with wic-2a/s on a 3640 [7:12726]
Sounds like the NM is not compatible Excerpt From Cisco http://www.cisco.com/univercd/cc/td/doc/pcat/sewn__y2.htm Hardware Specifications The WIC-2T and WIC-A/S are supported on the Cisco 3600 (on the NM-1FE2W, NM-2FE-2W, NM-2W, and the NM-1FE1R2W network modules), 2600 and 1720 series. -Original Message- From: No Data [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 17, 2001 2:47 PM To: [EMAIL PROTECTED] Subject:still problems with wic-2a/s on a 3640 [7:12726] Is there a specific network module that a wic-2a/s needs to go into to be recognized on a 3640. Ive tried every version IOS that says it work, verified the operation of the wic-2a/s in a 1720, and verified my network module with a wic-1t. The network module that I have is a an NM-1E2W. Do I need a different module for the wic-2a/s Ben PS, debugging assembly takes way longer than debugging C. __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12729t=12726 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Off Topic: DNS issue !!! [7:12448]
I've seen this error with the Microsoft DNS caching servers and some Internet Unix boxes. Seems to be a DNS compatibility issue. Here is the Scenario. You have a Microsoft DNS server that your exchange server uses? If so, try adding another Internet DNS server to the Exchange server's DNS server search order. Thank You, Michael Ayers Network Engineer OneNeck IT Services (480) 539-2203 (800) 272-3077 -Original Message- From: Raees Ahmed Shaikh [mailto:[EMAIL PROTECTED]] Sent: Sunday, July 15, 2001 10:50 PM To: [EMAIL PROTECTED] Subject:Off Topic: DNS issue !!! [7:12448] Dear Friends, I am facing a very strange problem with our Mailing System Exchange5.5sp4. The issue is that we are not able to send email message to some of the sites on the internet. Most of the other popular sites , you can say 90% of the sites are reachable by our email clients. But when the clients try to send message to those few site, they get and Non-Delivery-Report saying that the mail could not be delivered. Strange enough that email address is reachable through yahoo, hotmail and other sites. I have checked our router for any access-list blocking but I am sure nothing is of that sort, no access-lists are controlling those addresses. Our ISP from whom we are connected to the internet is also able to reach that sites. But we using the ISP's DNS servers for name resolution cannot connect to those particular hosts. One strange behavior though, when I tried to trace route a website add, for that particular mail host, I is taking more than 15 hops and then declared unreachable by our Static Router, No Dynamic protocol is running between us and our ISP, we are using default route. Any help or insights would be valuable and really be appreciated. I know this has nothing to do with Cisco, but the fact is Applications, and User Usability is driving the Technology. so this mail is not so uncommon for a Cisco SE. Thanks and Regards, S. Raees [GroupStudy.com removed an attachment of type image/jpeg which had a name of Glacier Bkgrd.jpg] Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12503t=12448 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 0x21042 instead of 0x2142 [7:12534]
Try this: 2104 and 2102 should look the same, but 1042 would get you 1200 baud. Try setting your console to 1200 and see if it works Michael -Original Message- From: Richard Bosire [mailto:[EMAIL PROTECTED]] Sent: Monday, July 16, 2001 12:59 PM To: [EMAIL PROTECTED] Subject:0x21042 instead of 0x2142 [7:12534] Hellos' I have a cisco 1601 router which I entered confreg 0x21042 instead of 0x2142 during password recovery. Now, when i reboot the router I am getting CCC on the console !!! Anyone come across this before cheers ./bosire -- ___ +$;%+$;'+$;%+$;'+$;%+$;'+$;%+$;'+$;%+$;'+$;%+$ richard bosire ccn[ap], ccd[ap], ccs[ae] Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12543t=12534 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access List problem. [7:12525]
The first 3 conditions definitely don't overlap, so the deny is all you need, but the next 2 lines kind of overlap, and using only the deny statement (line 5) would block traffic that the prior permit statement (line 4) would have allowed. The only way to get rid of one of the lines is to see if there is a real weird wildcard mask that could do a deny that looks like the permit and deny together, but I can't see it right off. DON'T DELETE LINE 4! The remaining deny statement would deny all traffic from 172.22.x.y to hosts 64-128 on the 192.168.18 network. Line 4 would have allowed the hosts from 172.22.0-31.x to all of the 192.168.18.x network. These conditions overlap and need to be there separately. access-list 101 permit ip host 172.22.30.6 10.0.0.0 0.255.255.255 Someone sent me this and I just can't figure it out. I've been staring at it and trying things since last week. Any ideas? Jeff Doyle says this access-list can be rewritten with 3 lines and still provide the same functionality. Let me know if you guys figure out: access-list 101 permit ip 172.22.30.6 0.0.0.0 10.0.0.0 0.255.255.255 access-list 101 permit ip 172.22.30.95 0.0.0.0 10.11.12.0 0.0.0.255 access-list 101 deny ip 172.22.30.0 0.0.0.255 192.168.18.27 0.0.0.0 access-list 101 permit ip 172.22.0.0 0.0.31.255 192.168.18.0 0.0.0.255 access-list 101 deny ip 172.22.0.0 0.0.255.255 192.168.18.64 0.0.0.63 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 Have fun... Thank You, Robert Fowler Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12550t=12525 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Having problem with NAT and Static NAT [7:12287]
I use nat on about 15 routers in a customer DMZ. What does your pool look like? And what does your route map look like? Here is an example of one interface Ethernet0/0 ip address 172.20.4.7 255.255.255.0 ip directed-broadcast ip nat inside no cdp enable ! interface Ethernet0/1 ip address 172.24.7.5 255.255.255.0 ip access-group 102 in ip directed-broadcast no ip proxy-arp ip nat outside ip nat pool dot12pat 172.24.7.250 172.24.7.250 netmask 255.255.255.0 ip nat pool dot10pat 172.24.7.100 172.24.7.100 netmask 255.255.255.0 ip nat pool dotxpat 172.24.7.99 172.24.7.99 netmask 255.255.255.0 ip nat inside source list 2 pool dot10pat overload ip nat inside source list 3 pool dotxpat overload ip nat inside source list 4 pool dot12pat overload ip nat inside source static 172.20.12.51 172.24.7.118 ip nat inside source static 172.20.4.115 172.24.7.119 ip nat inside source static 172.20.4.190 172.24.7.106 access-list 2 permit 172.20.10.0 0.0.0.255 access-list 3 permit 172.20.1.0 0.0.0.255 access-list 3 permit 172.20.11.0 0.0.0.255 access-list 3 permit 172.20.10.0 0.0.0.255 access-list 3 permit 172.20.4.0 0.0.0.255 access-list 4 permit 172.20.12.0 0.0.0.255 Thank You, Michael Ayers Network Engineer OneNeck IT Services (480) 539-2203 (800) 272-3077 -Original Message- From: Leonardo Borda [mailto:[EMAIL PROTECTED]] Sent: Friday, July 13, 2001 9:07 AM To: [EMAIL PROTECTED] Subject:Having problem with NAT and Static NAT [7:12287] Hello People: Actually I am using dynamic NAT to allow my intranet users access the internet. The problem is when a configure a static NAT from external Ip to the internal IP, It does not work. But the funny thing is it does not work only to a specific IP. Take a look at my configuration. I really do not know why!!! ! ip nat pool BRASIL netmask 255.255.255.192 ip nat inside source route-map nonat pool BRASIL overload ip na ! when i put that configuration it does not work! ip nat inside source static 192.168.25.5 If I change this to ip nat inside source static 192.168.25.10 It works! The default gateway is correct from theirs thanks! Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12291t=12287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN implementation [7:12063]
I'd recommend a 3620 in the head office, with 2611's @ the remote sites. You need extra RAM, flash, and IP+56 feature set. As to the configs, there are plenty of examples @ Cisco.com. I found a LOT of info on VPN. You just have to be diligent and dig. Michael -Original Message- From: Tony Medeiros [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 11:06 PM To: [EMAIL PROTECTED] Subject:Re: VPN implementation [7:12063] Lets see, You want a free VPN design complete with bill of materials, Reasons backing up this design so you can present it to you customer. And design of integration of said solution into your customers existing network, again for free. And you want it ASAP GEZE (Sorry everybody, This post got to me, At least he said Kindly) - Original Message - From: Ranjit Sabherwal To: Sent: Wednesday, July 11, 2001 10:28 PM Subject: VPN implementation [7:12063] My customer wants to implement VPN over Internet between 4 offices, namely; Delhi, Chennai, Bangalore and Bombay. He wants a very very secured network. I want to know as to what all things are required for secured implementation of VPN and why. In other words, i want a full VPN solution. The customer wants that there should be proper tunneling between its offices so that the data is secured.What all VPN devices are required and where should they be installed(Consider that Delhi is the head office) Kindly enlighten me on this issue ASAP as i have to give the solution as early as possible. I went through the Cisco site also but failed to arrive at a solution. Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12147t=12063 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPX Network addresses [7:11990]
Elmer, Novell just randomly picks numbers, probably a function of the hardware's SN, and maybe Date Time. Point is, I would prefer to use a coherent scheme for net ID's, and would be removing any Frame types I'm not using. If you ever add another Novell server, you MUST make sure that the new server is set with these hardware ID's. The best way to understand this is to read the Cisco material for CCNA on IPX sub interfaces. It explains that each frame type must be a separate network, and if you have older systems running Novell_ether(802.3...No LLC) and newer ones running SAP (802.3+802.2LLC) on the same segment, you can have the router route between sub-interfaces by encapsulating 2 sub-ifs, one with novell_ether, and the other with sap. You do have to specify the network ID's per sub-if. Thank You, Michael Ayers Network Engineer OneNeck IT Services (480) 539-2203 (800) 272-3077 -Original Message- From: Elmer Deloso [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 5:41 AM To: [EMAIL PROTECTED] Subject:RE: IPX Network addresses [7:11990] Thanks for all the responses. This is the only IPX speaking box on the wire and the first NW5.1 server to be brought up. I understand that it supports and automatically loads all IPX frame types by default if IPX is chosen along with the default and preferred IP protocol. From the replies it seems that each frame type would belong to a DIFFERENT IPX network? Or is it just DIFFERENT WAYS of writing out IPX network addresses depending on the frame type used? Again, thanks for the enlightenment. Elmer -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 4:29 PM To: [EMAIL PROTECTED] Subject: RE: IPX Network addresses [7:11990] Interesting. Why would it generate network numbers, though? Shouldn't network numbers be manually configured? Priscilla At 04:11 PM 7/11/01, Patricia Leeb-Hart wrote: I finally feel qualified to comment on a question on this list (having worked with NetWare for the past 6 years) The addresses you're seeing are generated automatically. What's happening here is that the new server has every single Ethernet frame type loaded, and as a result is using different IPX network number for every frame type. New 3.x and 4.x servers will do this if you perform an install using all the defaults. You need to run INSTALL (or NWCONFIG if 5.x), edit the AUTOEXEC.NCF and remove all BIND statements referencing frame types you don't want to use. Ethernet_II is preferred. NetWare 5.x is more restrained and tries to use IP only. Ayers, Michael 07/11/01 12:12PM Those were either auto generated, or picked up from reading frames on the wire. -Original Message- From: Elmer Deloso [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 11:31 AM To: [EMAIL PROTECTED] Subject:IPX Network addresses [7:11990] hi, group. I just noticed that after installing NetWare server, it gave me this info regarding types of IPX frames: Frame type Network address Ethernet_802.2 3D410DCD Ethernet_802.3 1E0F4F9E Ethernet_SNAP FF994BB0 Ethernet_II D393B805 For the IPX gurus in the group, can someone tell me if there is some type of logic as to how the network address is translated from the type of frame used? Just to answer my curiosity. Thank you. Priscilla Oppenheimer http://www.priscilla.com Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12153t=11990 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: connecting T1 modules [7:12139]
Look up the pinout of each rj45 I think it's a roll cable, but you need to connect TX to RX and Visa Versa. Make sure you set up clocking one external and one internal -Original Message- From: anthony moore [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 8:13 AM To: [EMAIL PROTECTED] Subject:connecting T1 modules [7:12139] Anyone know what kind of cable to use to connect two T1 modules? I have a 2525 with the Fractional/full T1 module(RJ45) and a 2621 with the WIC-1DSU-T1 module(RJ45). What kind of cable can I use to connect these momdules? Thanks Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12155t=12139 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX/w/WIN2k VPN3000 client problem [7:12181]
I'm having a problem. I'm running a PIX520 (5.3) with multiple VPNGROUPs. I have a client installed on a WIN2k machine. The machine was using a group that didn't split tunnel. I changed the group to a group that does, and now I get a failed to negotiate error AFTER THE LOGON and the Your link is now secure error. I have cleared IPSEC SA and ISAKMP SA. I even went as far as deleting the MAPS. The Client has been removed and re-installed. I'm thinking the problem is either something embedded somewhere in the WIN2k, or an association to the peer IP in the PIX, but I have successfully changed the group on other win 9x machines without a problem after the SA timed out, and the Dynamic Maps cleared. This is a production PIX, but do I get a reboot approved to try to clear old info out of memory, or do I go after the client and see if the problem lies there? Any input appreciated. Thank you, Michael Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12181t=12181 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP routing? [7:11848]
I recommend the McGraw Hill book also -Original Message- From: Robert Kimble [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 10, 2001 5:59 PM To: [EMAIL PROTECTED] Subject:CCNP routing? [7:11848] I am about to start studying for the CCNP routing exam. I've just bought the Cisco press CCNP routing book. I was wondering if anyone could recommend some other study materials? I was thinking about the BSCN. Any advice? Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=11957t=11848 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TCP Ack [7:11703]
OK, See if I have it here. The receive window is a buffer. It is specified in bytes. During the 3 way handshake, each side tells the other it's buffer size. This is the start of our flow control. During the 3 way handshake, Each side also specifies a sequence number. The other will reply with an ACK requesting THE NEXT sequence number it expects from the sender.. As data is transferred, the sender sets a retransmit timer for each segment sent out. As the recipient receives segments, it sets a delayed ACK timer ( A recipient is not told to use a window size by the sender. Each side has its own receive window size, based on its own buffer space. It used to be that a recipient ACKed when it had received the number of bytes in its receive window. But that caused problems. So we now have slow start and congestion avoidance enhancements, which I think is what you are describing below. This is good. I didn't realize this.. Be careful not to confuse send windows (which are based on the other side's receive window), receive windows, and the newer congestion windows. According to RFC 2001, the increase in the number of segments the sender sends provides an exponential growth, although it is not exactly exponential because the receiver may delay its ACKs, typically sending one ACK for every two segments that it receives. Other than that, the RFC doesn't say when to send ACKs, which is why the original poster asked the question. It's a good question. You're correct, and I should be more careful with my terminology segments are what TCP deals with I'm wondering how you could get away with writing an RFC that doesn't specify something as critical as sending ACKs =) I think you mean bytes. He certainly didn't see that many packets without an ACK! Plus TCP sequences and ACKs bytes, not packets. My numbers (32768, 65536, etc) were just made up for sake of example but your statement confuses me ACKs bytes? Since this is all TCP, and the segments are what receive the sequence numbers, wouldn't TCP send an ACK saying I've received sequence (or up to sequence) number ? Why would the ACK acknowledge the actual number of bytes? I've read RFC 2001 and it's cool I need to read it closer and get a better understanding of slow start, congestion avoidance, fast retransmit, and fast recovery Mike W. Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=11960t=11703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Dead 2501 - further update [7:11865]
Excerpt from a Cisco page http://www.cisco.com/univercd/cc/td/doc/product/software/ssr921/rn_rt921/670 85.htm Cisco 2500 Console Ports Cisco router console ports do not support software (XON/XOFF) or hardware (RTS/CTS) flow control. However, on all routers except the Cisco 2500 series, the console port is wired to connect RTS and CTS. This means that a terminal using hardware flow control sees CTS in response to asserting RTS, and communication between the terminal and the router works properly. On the Cisco 2500 series, this is not possible. The result is one-way-only communication between the terminal and the Cisco 2500 console port: you will be able to see output from the router on the terminal, but you cannot type anything in. The workaround is to disable hardware flow control on the terminal or to strap the CTS high. -Original Message- From: Eugene Nine [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 7:17 AM To: [EMAIL PROTECTED] Subject:Re: Dead 2501 - further update [7:11865] Its a hyperterm thing, play with the connection settings, emulation and such and it should start working. I've seen where Hyperterm is set to auto and it detects the emulation wrong and I have also seen where hyperterm is set correctly and is doesn't work unless set to auto. At very least download the free hyperterm upgrade, or better yet find a better term program (at leat thats what everyone says, I try not to rely on other programs since you can't take anything with you to a CCIE lab you might was well learn on the minimum) Eugene Dennis Laganiere wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I hooked it up to my terminal server and it works regardless of the HyperTerm settings. Since that's the only way I ever use it, I guess it's a difference that makes no difference, so no harm no foul... I still would like to know why... Is it a ROM version or something? If anybody knows, please pass it along. And again, thank you Mr. Jensen for for fixing my problem... --- Dennis -Original Message- From: Dennis Laganiere To: 'Ole Drews Jensen '; Dennis Laganiere; '[EMAIL PROTECTED] ' Sent: 7/10/2001 8:21 PM Subject: RE: Dead 2501 [7:11865] That did it. I made a new HyperTerminal session with none instead of hardware and it worked great. I hacked the password, but didn't see anything strange in the config. I went ahead and cleared the config and rebooted; same thing. If anybody knows why this happens, I'd be curious to know; but in the mean time, thanks Mr. Jensen, you're my guru of the day... :-) --- Dennis -Original Message- From: Ole Drews Jensen To: 'Dennis Laganiere'; [EMAIL PROTECTED] Sent: 7/10/2001 8:02 PM Subject: RE: Dead 2501 [7:11865] Yes, I have seen that some routers has to have NONE in flow control instead of HARDWARE. I have four routers, but in order for me to talk with all four via my console cable, I have to configure my Hyper Terminal with 9600,N,8,1,NONE. If I set it to 9600,N,8,1,HARDWARE, I can only talk with three of them (?). Also, be sure to connect it to the CONSOLE port and not the AUX. Hth, Ole Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] http://www.oledrews.com/ccnp NEED A JOB ??? http://www.oledrews.com/job -Original Message- From: Dennis Laganiere [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 10, 2001 10:05 PM To: [EMAIL PROTECTED] Subject: Dead 2501 [7:11865] I just got a 2501 off of ebay and it seems to boot up OK, but it won't accept any commands from the keyboard. The console speed is right, otherwise I wouldn't be able to see the boot process. I was able to issue a control-break and it started at the prompt, but even there, no keyboard. I hooked up another router to the console cable to make sure it wasn't the PC, but that router worked fine. Any ideas? --- Dennis Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=11963t=11865 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: line speed [7:11911]
The only way is to MUX 2 T1s together (if you are referring to trying to get router port speed from T1 technology). 2 T1's = 3MB. A 2Mb router port on each end will be the limiting factor, and the 2 t1's will only see 2Mb of traffic. Thank You, Michael Ayers Network Engineer OneNeck IT Services (480) 539-2203 (800) 272-3077 -Original Message- From: Burnham, Chris [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 4:51 AM To: [EMAIL PROTECTED] Subject:line speed [7:11911] It seem my earleir question either confused everyone or basically didn't interest anyone. To put it in a nutshell.This is what I need to find out. Cisco state that a Synchronous Serial interface, eg. a WIC-1T will run up to 2.048 mbps HOW can you get this line speed to a Synch serial interface ?? eg. n x 64, e1 etc I need to know ASAP Chris Burnham, Systems Engineer, Delphis Consulting Plc. Tel: +(44) 020 7916 0200 Mob: +(44) 07799403576 [EMAIL PROTECTED] This e-mail and any files transmitted with it are intended solely for the addressee and are confidential. They may also be legally privileged. Copyright in them is reserved by Delphis Consulting PLC [Delphis] and they must not be disclosed to, or used by, anyone other than the addressee. If you have received this e-mail and any accompanying files in error, you may not copy, publish or use them in any way and you should delete them from your system and notify us immediately.E-mails are not secure. Delphis does not accept responsibility for changes to e-mails that occur after they have been sent. Any opinions expressed in this e-mail may be personal to the author and may not necessarily reflect the opinions of Delphis. Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=11965t=11911 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: line speed [7:11911]
Yes, but I have a few customers where the bought two T1's Multiplexed, and got their 2 Mbps. I am currently converting them over to 2 2600's on each end. This will allow me to use HSRP and load balance the lines. -Original Message- From: Schneider, Matt [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 9:43 AM To: 'Ayers, Michael' Subject:RE: line speed [7:11911] 2.028mb is for an e1 or European T1 which has 32 timeslots 32x64=2.048 -Original Message- From: Ayers, Michael [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 12:44 PM To: [EMAIL PROTECTED] Subject: RE: line speed [7:11911] The only way is to MUX 2 T1s together (if you are referring to trying to get router port speed from T1 technology). 2 T1's = 3MB. A 2Mb router port on each end will be the limiting factor, and the 2 t1's will only see 2Mb of traffic. Thank You, Michael Ayers Network Engineer OneNeck IT Services (480) 539-2203 (800) 272-3077 -Original Message- From: Burnham, Chris [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 4:51 AM To: [EMAIL PROTECTED] Subject:line speed [7:11911] It seem my earleir question either confused everyone or basically didn't interest anyone. To put it in a nutshell.This is what I need to find out. Cisco state that a Synchronous Serial interface, eg. a WIC-1T will run up to 2.048 mbps HOW can you get this line speed to a Synch serial interface ?? eg. n x 64, e1 etc I need to know ASAP Chris Burnham, Systems Engineer, Delphis Consulting Plc. Tel: +(44) 020 7916 0200 Mob: +(44) 07799403576 [EMAIL PROTECTED] This e-mail and any files transmitted with it are intended solely for the addressee and are confidential. They may also be legally privileged. Copyright in them is reserved by Delphis Consulting PLC [Delphis] and they must not be disclosed to, or used by, anyone other than the addressee. If you have received this e-mail and any accompanying files in error, you may not copy, publish or use them in any way and you should delete them from your system and notify us immediately.E-mails are not secure. Delphis does not accept responsibility for changes to e-mails that occur after they have been sent. Any opinions expressed in this e-mail may be personal to the author and may not necessarily reflect the opinions of Delphis. Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=11970t=11911 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TCP Ack [7:11703]
OK I'm reposting because my original got cut off. See if I have it here. The receive window is a buffer. It is specified in bytes. During the 3 way handshake, each side tells the other it's buffer size. This is the start of our flow control. During the 3 way handshake, Each side also specifies a sequence number. The other will reply with an ACK requesting THE NEXT sequence number it expects from the sender.. As data is transferred, the sender sets a retransmit timer for each segment sent out. As the recipient receives segments, it sets a delayed ACK timer ( its own receive window size, based on its own buffer space. It used to be that a recipient ACKed when it had received the number of bytes in its receive window. But that caused problems. So we now have slow start and congestion avoidance enhancements, which I think is what you are describing below. This is good. I didn't realize this.. Be careful not to confuse send windows (which are based on the other side's receive window), receive windows, and the newer congestion windows. According to RFC 2001, the increase in the number of segments the sender sends provides an exponential growth, although it is not exactly exponential because the receiver may delay its ACKs, typically sending one ACK for every two segments that it receives. Other than that, the RFC doesn't say when to send ACKs, which is why the original poster asked the question. It's a good question. You're correct, and I should be more careful with my terminology segments are what TCP deals with I'm wondering how you could get away with writing an RFC that doesn't specify something as critical as sending ACKs =) I think you mean bytes. He certainly didn't see that many packets without an ACK! Plus TCP sequences and ACKs bytes, not packets. My numbers (32768, 65536, etc) were just made up for sake of example but your statement confuses me ACKs bytes? Since this is all TCP, and the segments are what receive the sequence numbers, wouldn't TCP send an ACK saying I've received sequence (or up to sequence) number ? Why would the ACK acknowledge the actual number of bytes? I've read RFC 2001 and it's cool I need to read it closer and get a better understanding of slow start, congestion avoidance, fast retransmit, and fast recovery Mike W. Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=11980t=11703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPX Network addresses [7:11990]
Those were either auto generated, or picked up from reading frames on the wire. -Original Message- From: Elmer Deloso [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 11:31 AM To: [EMAIL PROTECTED] Subject:IPX Network addresses [7:11990] hi, group. I just noticed that after installing NetWare server, it gave me this info regarding types of IPX frames: Frame type Network address Ethernet_802.2 3D410DCD Ethernet_802.3 1E0F4F9E Ethernet_SNAP FF994BB0 Ethernet_II D393B805 For the IPX gurus in the group, can someone tell me if there is some type of logic as to how the network address is translated from the type of frame used? Just to answer my curiosity. Thank you. Elmer Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12006t=11990 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: line speed [7:11911]
Sorry for the confusion. The question was originally how to get enough DS0's for the speed. In Europe, this is not a problem. In the US you would need 2 T1's. A DSU MUX can take 2 t1's (3Mbps) and make a V.35 out of them, but that is not effective use of 2 T1's (The port handles only 2Mbps). Also, if you MUX 2 T1's, and one fails, the whole circuit goes down. If you split the t1's over 2 ports, you gain redundancy. This is a detraction from the question of how to get 2Mbps from a WIC-1T. You can't from a single T1! The port can handle an E1, or you can use a DTC to DCE cable @ 2 Mbps. -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 10:31 AM To: [EMAIL PROTECTED] Subject:RE: line speed [7:11911] I'm really having trouble following this thread.I haven't even figured out what your issue is yet. It seems that we jumped from serial interface line speeds to multiplexing T-1s. Now, it sounds like you're going to place each T-1 on a separate 2600, so why does it matter what the port speed maximum is anyway? I just read the original post and I can't figure out what you're asking. Are you asking how to get a single interface to clock at 2.048Mbps? And if you're running T-1, why would this even be an issue since T-1 runs at 1.544Mbps? A DTE interface connected to a CSU/DSU will derive its clock from the DCE. If you connect a 2600 to a T-1, the clock rate will be 1.544Mbps and no manual configuration is necessary on the router to achieve this. Are you asking if you could multiplex two T-1s onto a single serial interface running at 3.088Mbps? Have I completely missed the point? Help me out here, I'm lost. ;-) John Ayers, Michael 7/11/01 11:08:17 AM Yes, but I have a few customers where the bought two T1's Multiplexed, and got their 2 Mbps. I am currently converting them over to 2 2600's on each end. This will allow me to use HSRP and load balance the lines. -Original Message- From: Schneider, Matt [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 9:43 AM To: 'Ayers, Michael' Subject:RE: line speed [7:11911] 2.028mb is for an e1 or European T1 which has 32 timeslots 32x64=2.048 -Original Message- From: Ayers, Michael [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 12:44 PM To: [EMAIL PROTECTED] Subject: RE: line speed [7:11911] The only way is to MUX 2 T1s together (if you are referring to trying to get router port speed from T1 technology). 2 T1's = 3MB. A 2Mb router port on each end will be the limiting factor, and the 2 t1's will only see 2Mb of traffic. Thank You, Michael Ayers Network Engineer OneNeck IT Services (480) 539-2203 (800) 272-3077 -Original Message- From: Burnham, Chris [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 4:51 AM To: [EMAIL PROTECTED] Subject:line speed [7:11911] It seem my earleir question either confused everyone or basically didn't interest anyone. To put it in a nutshell.This is what I need to find out. Cisco state that a Synchronous Serial interface, eg. a WIC-1T will run up to 2.048 mbps HOW can you get this line speed to a Synch serial interface ?? eg. n x 64, e1 etc I need to know ASAP Chris Burnham, Systems Engineer, Delphis Consulting Plc. Tel: +(44) 020 7916 0200 Mob: +(44) 07799403576 [EMAIL PROTECTED] This e-mail and any files transmitted with it are intended solely for the addressee and are confidential. They may also be legally privileged. Copyright in them is reserved by Delphis Consulting PLC [Delphis] and they must not be disclosed to, or used by, anyone other than the addressee. If you have received this e-mail and any accompanying files in error, you may not copy, publish or use them in any way and you should delete them from your system and notify us immediately.E-mails are not secure. Delphis does not accept responsibility for changes to e-mails that occur after they have been sent. Any opinions expressed in this e-mail may be personal to the author and may not necessarily reflect the opinions of Delphis. Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Privileged/Confidential Information may be contained in this message
RE: Pix not routing for Frame Spokes [7:11860]
Not only that, but the PIX doesn't return traffic out the same interface it received it in on. -Original Message- From: Tony Medeiros [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 1:33 AM To: [EMAIL PROTECTED] Subject:Re: Pix not routing for Frame Spokes [7:11860] PIX's ( and most firewalls except checkpoint and netscreen I think) Will NOT send ICMP redirects. Newer versions of the PIX OS might let you configure it, I am not sure. I haven't played with the newer versions lately. Your options are have the host's default gateway point at a real router and put a default static route in the router pointing at the PIX. Or, put in network routes via a login script on all the hosts (ugly solution if you ask me). Firewalls are not routers. Even though they do some router fuctions. Tony M. #6172 - Original Message - From: trammer To: Sent: Tuesday, July 10, 2001 9:26 PM Subject: Pix not routing for Frame Spokes [7:11860] Don't let the subject mislead you in my intention but here is my situation if anyone would like to take a look. I've got multiple locations connected via frame coming into a 2610 @ 10.1.1.5: 10.2.0.0 10.3.0.0 10.4.0.0 10.5.0.0 10.6.0.0 10.7.0.0 The 2610's default route is to 10.1.1.1 which is obviously on the 10.1.0.0 segment in the HQ through a pix to the internet. The clients at HQ, whos gateway is 10.1.1.1 need to occasionally access the spokes so I added static routes in the Pix for each of the spokes. I am a firm beleiver in Cisco's products being a specific task oriented device (ie. pixfirewall, 3015 VPN) and not to be used for anything different. I know the PIX is not designed to be a router but in this case I need get some input from others as to why the PIX is not bouncing requests for the spokes out the 2610 like a quote unquote regular router would. What happens is the PIX can ping to say for example the 10.1.1.17 which is a Domain Controller in that site. But if I ping from a client or the DC in HQ no luck. This is with the gateway of 10.1.1.1 assigned to the DC and or client. Also, when I do a show ip route I see only the outside and the inside IP addresses. Here is the config minus the Public's IP's and security info. The only NAT pool is through a PAT and an access list is applied on the outside interface to filter inbound traffic. Maybe I had a brainfart on something suggestions are appreciated: 0300-PIX-01# sh conf : Saved : PIX Version 6.0(1) nameif ethernet0 outside security0 nameif ethernet1 inside security100 hostname 0300-PIX-01 fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names access-list 100 pager lines 24 logging on interface ethernet0 auto interface ethernet1 auto mtu outside 1500 mtu inside 1500 ip address outside ip address inside 10.1.1.1 255.255.0.0 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 nat (inside) 1 10.0.0.0 0.0.0.0 0 0 static (inside,outside) tcp static (inside,outside) tcp access-group 100 in interface outside route outside 0.0.0.0 0.0.0.0 1 route inside 10.2.0.0 255.255.0.0 10.1.1.5 1 route inside 10.3.0.0 255.255.0.0 10.1.1.5 1 route inside 10.4.0.0 255.255.0.0 10.1.1.5 1 route inside 10.5.0.0 255.255.0.0 10.1.1.5 1 route inside 10.6.0.0 255.255.0.0 10.1.1.5 1 route inside 10.7.0.0 255.255.0.0 10.1.1.5 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable no sysopt route dnat telnet 0.0.0.0 0.0.0.0 inside telnet timeout 5 ssh timeout 5 terminal width 80 0300-PIX-01# Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=11969t=11860 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TCP Ack [7:11703]
OK, last try on my post The receive window is a buffer. It is specified in bytes. During the 3 way handshake, each side tells the other it's buffer size. This is the start of our flow control. During the 3 way handshake, Each side also specifies a sequence number. The other will reply with an ACK requesting THE NEXT sequence number it expects from the sender.. As data is transferred, the sender sets a retransmit timer for each segment sent out. As the recipient receives segments, it sets a delayed ACK timer (OK I'm reposting because my original got cut off. See if I have it here. The receive window is a buffer. It is specified in bytes. During the 3 way handshake, each side tells the other it's buffer size. This is the start of our flow control. During the 3 way handshake, Each side also specifies a sequence number. The other will reply with an ACK requesting THE NEXT sequence number it expects from the sender.. As data is transferred, the sender sets a retransmit timer for each segment sent out. As the recipient receives segments, it sets a delayed ACK timer Yes. You got it. Follow it through with what happens as data is transmitted, acked, retransmitted possibly, as window sizes shrink and expand, etc. Priscilla ( its own receive window size, based on its own buffer space. It used to be that a recipient ACKed when it had received the number of bytes in its receive window. But that caused problems. So we now have slow start and congestion avoidance enhancements, which I think is what you are describing below. This is good. I didn't realize this.. Be careful not to confuse send windows (which are based on the other side's receive window), receive windows, and the newer congestion windows. According to RFC 2001, the increase in the number of segments the sender sends provides an exponential growth, although it is not exactly exponential because the receiver may delay its ACKs, typically sending one ACK for every two segments that it receives. Other than that, the RFC doesn't say when to send ACKs, which is why the original poster asked the question. It's a good question. You're correct, and I should be more careful with my terminology segments are what TCP deals with I'm wondering how you could get away with writing an RFC that doesn't specify something as critical as sending ACKs =) I think you mean bytes. He certainly didn't see that many packets without an ACK! Plus TCP sequences and ACKs bytes, not packets. My numbers (32768, 65536, etc) were just made up for sake of example but your statement confuses me ACKs bytes? Since this is all TCP, and the segments are what receive the sequence numbers, wouldn't TCP send an ACK saying I've received sequence (or up to sequence) number ? Why would the ACK acknowledge the actual number of bytes? I've read RFC 2001 and it's cool I need to read it closer and get a better understanding of slow start, congestion avoidance, fast retransmit, and fast recovery Mike W. Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Priscilla Oppenheimer http://www.priscilla.com Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12025t=11703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access-list Question [7:12043]
Tis is true, why check 2 access lists in either direction? One inbound One outbound They can be the same, but they usually are different, each tuned to manage the traffic flowing in the direction applied. Why make a router check lines inbound that only match outbound traffic? -Original Message- From: Washington Rico [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 5:13 PM To: [EMAIL PROTECTED] Subject:Access-list Question [7:12043] Is it true that you can have only one access-list per direction per interface. If so the below configuration be correct or incorrect. Thank you for your input. interface BRI0/0:1 description Connection Segment bandwidth 64 ip address X.X.X.X 255.255.255.240 ip access-group 100 in ip access-group 100 out no ip directed-broadcast encapsulation ppp no keepalive no cdp enable _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12045t=12043 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
