RE: term no mon command [7:33658]
There are 4 places logging information is sent; via the monitor, the console, SNMP, and a buffer. Each logging destination can be likened to 4 different views. In each view you can control the amount or severity of the logging information (debug, informational, notification, warn, errors, alerts, critical, emergencies). When you enable a view to have a certain logging level, it enables all higher logging level messages as well to be outputted to the view. When you plug a terminal into the console port with an async cable this is called the console view (line con 0). The command 'logging console ' controls the severity of logging information sent to the console. You can totally disable all logging to the console with the command 'no logging console'. When you telnet to an active interface on the router this is called the monitor view (line vty 0 4 and line aux 0). The command 'logging monitor ' controls the severity of logging information sent to the monitor. By default, you need to type 'terminal monitor' to actually activate this view when you telnet. You can totally disable all logging to the monitor with the command 'no logging monitor'. When you configure the router to output logging information to a syslog server with 'logging ' this is called the buffered view. The command 'logging trap ' controls the severity of logging information sent to the buffer. You can totally disable all logging to the console with the command 'no logging trap'. When you configure the router to output logging information to a SNMP network management station with 'snmp-server host ' this is called the SNMP view. The command 'logging history ' controls the severity of logging information sent via SNMP. You can totally disable all logging via SNMP with the command 'no logging history '. Note: For the SNMP view you must explicitly disallow the logging severity level. If you need more information on the use of all of the logging levels and what information is actually printed at each level take a look at the troubleshooting commands guide http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/fun_r /frprt3/frtroubl.htm (watch the line wrap) Good Luck! WAYNE BAETY, MCSE, A1C, USAF Network Systems Trainer -Original Message- From: Stuart Laubstein [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 30, 2002 5:12 PM To: [EMAIL PROTECTED] Subject: term no mon command [7:33658] I have a 3620 and I have to work on the console port but I am swamped with messages every few seconds as people try to log in via the pri. I used the term no mon command but it doesnt work--I still get connect messages etc. Does anyone have an idea where these message come from and how I can shut them off. We are using 12.0(7) XK1 Early Deployment release. thanks stuart Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33672t=33658 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: Transport Input Telnet and Terminal Servers [7:33511]
On Cisco routers, the asynchronous ports by default are set to send traffic with the TxD (transmit data) pin when activated by a protocol. As soon as input is received on the RxD (receive data) pin, the router engages an Exec process. I only said this to get a point of reference going. This is the natural forward direction of communication flow. It's more useful to think of this process by assuming the Cisco router is set up only to receive traffic and then engaging an exec process to handle the traffic. The reverse direction is to INITIATE communication by binding the asynchronous ports to some sort of transport protocol. This 'transport protocol' could be any communication capable protocol. Instead of waiting for an exec process starting because traffic was received on the RxD pins, the router is set up to activate an exec process as soon as a transport protocol is initiated by a user. In the case of the tcp transport protocol the router is set up to initiate communication whenever a tcp socket (tcp port 2000 + line number for telnet in Ascii mode) is established from any active IP address on the router. It would bring up the async line and send what ever data tcp sends over the async line. Telnet is a method as well as an application that manages the tcp protocol stream from the user perspective. It resides totally within the data portion of a tcp segment. Telnet is active on a tcp stream whenever you use the telnet application or any application that communicates with such a protocol. Take a look at RFC 854-856 for a more involved study of telnet. WAYNE BAETY, MCSE, A1C, USAF Network Systems Trainer -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 30, 2002 6:15 AM To: [EMAIL PROTECTED] Subject: RE: RE: Transport Input Telnet and Terminal Servers [7:33511] That makes sense except for the fact that the telnet protocol is *not* running on the console link! It's called reverse telnet but that doesn't describe the protocol that is actually on the link itself. That's why it's curious to me why I would have to permit telnet for it to work. I blame you for getting me on this thread in the first place! :-) But I'd really like to find an answer. On Tue, 29 Jan 2002, Ouellette, Tim ([EMAIL PROTECTED]) wrote: Are you still going on about this *grin* Sure feels weird being call the someone in your earlier comment of I was in a discussion with someone this weekend regarding terminal server configuration. Hehhehe. The conclusion I came up with is as followings. Let's say your on a router and you ping your ethernet interface. The pings actually goes out on the wire and loops back to test your own interface (obviously loopbacks are different). But I would think that in the concept of a telnet, the reverse telnet goes out on the wire to the far end and then loops back establishing a connection? Also, as an FYI, when a do a transport input all on my terminal server, it substitues transport input LAT MOP TELNET blah blah for me. So the telnet is actually a subset of the ALL parameter.? Did that make any sense or do I need more coffee? Tim -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 9:59 PM To: [EMAIL PROTECTED] Subject: Re: RE: Transport Input Telnet and Terminal Servers [7:33511] I think, as is often the case, I wasn't clear enough. Let me try to restate the issue another way. When you connect a terminal server to a console port, the telnet protocol is not operating on that link. That link is a simple async serial terminal session. Because of that, I don't understand why transport input telnet works: the input is *not* telnet, it's async serial! If you telnet to a terminal server and from there do a reverse telnet to a device, your actual telnet session--and I'm being very specific here--stops at the terminal server. The protocol being carried on the async line is *not* telnet. Does that make more sense? Okay, back to the coffee for me... Thanks, John On Mon, 28 Jan 2002, Daniel Cotts ([EMAIL PROTECTED]) wrote: all works because telnet is a subset of all - it is included without being specifically named. Do a show line to determine the mapping of line numbers to ports - then do a show line 1 or whatever. Lots more output! Look on the line that starts Allowed transports We are used to configuring terminal servers with ip host mapping a name to an ip and port. A more bare bones implementation would have us telnet 2002 or whatever port we wished to reach. Try that. -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 4:28 PM To: [EMAIL PROTECTED] Subject: Transport Input Telnet and Terminal Servers [7:33511]
RE: Totally OT : Was there a man on the moon ? [7:33465]
Because there aren't any stories of balls hitting airplanes in China. WAYNE BAETY, MCSE, A1C, USAF Network Systems Trainer -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 29, 2002 5:21 AM To: [EMAIL PROTECTED] Subject: RE: Totally OT : Was there a man on the moon ? [7:33465] How about this one: My theory is that there is no gravity. Everything is growing with the same speed. You can't see it or meassure it, because everything, even your ruler, is growing with the same speed. The light speed is also growing, so the speed of light is actually getting faster, but you don't know it. When you drop a ball and it hits the floor and bounces back up, it's actually keeping its position, but the earth and everything on it and around it are growing, so the floor is actually hitting the ball and not the other way around. Prove me wrong :-) Ole ~~~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 1:45 PM To: [EMAIL PROTECTED] Subject: Re: Totally OT : Was there a man on the moon ? [7:33465] Tell your friends it called faith. It's a belief in something without being able to prove or disprove it. And if they don't believe it, then that's their prerogative. (Although, with the correct amount of cash, you can get there and see for yourself, unlike proving the existence of a greater being/deity). Ole Drews Jensen is right, why do they even believe the moon exists. Or that the earth is round or that we revolve around the sun and not vice-versa. The best bet in getting a telescope to see the stuff on the moon is to get a satellite to orbit the moon, like the ones we have in orbit in earth that can take 1 m pictures. It's do-able and reasonably cheap in term of space exploration. sam sneed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Or are you really someone that didn't believe the hippy down the steet when he told you not to mix acid with the mushrooms he sold you Ole Drews Jensen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Is the moon really there, or is it an optical illusion created by former pyramid residents now living on the planet Fryslak waiting to transmogrify our world into a big bowl of risepudding? Am I really here, or am I a lonely router misconfigured with an A.I. image? Ole ~~~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: Patrick Ramsey [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 1:09 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Totally OT : Was there a man on the moon ? [7:33465] Is the flag really there. hhh Inquiring minds want to know! Ole Drews Jensen 01/28/02 01:45PM Just a thought... If they did not land on the moon - who placed the american flag there? Ole ~~~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: Phil Barker [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 12:15 PM To: [EMAIL PROTECTED] Subject: Totally OT : Was there a man on the moon ? [7:33465] Sorry for this waste of b/w but I have two discening friends who keep insisting that man never went to the moon, instead it was a big stage act. The shadows are in the wrong place blah, blah, blah. Unfortunately they cannot expand on the shadow theory since they don't understand it themselves. They just Want to believe in an American etc conspiracy. G. My initial defence that Man has landed on the moon was based on the fact that Russia didn't make any complaints which I'm sure they would have done. This has been unfortunately dismissed by the same argument i.e propaganda, America etc would not allow the reporting of such info-. Okay, now I need Physics to help. My hunch is that the radio signal of the
RE: Fefault route for eigrp? [7:31592]
EIGRP understands ip default-network, in fact it's the basis of a very important function in the configuration of EIGRP: default route filtering. 'ip default-network' is a classful command. If you use it with prefixes longer than a classful boundary, you must have the prefix as well as the classful boundary of the prefix known in the topology table of the routing protocol in question. You must then also configure the class boundary with the 'ip default-network' along with the more specific prefix you really mean to advertise as the default network. Just because a route is in the routing table, doesn't mean its in the routing protocol topology table. This is why a static to 0.0.0.0 must be redistributed into EIGRP in someway, in order to use 'ip default-network 0.0.0.0'. To EIGRP, a route to 0.0.0.0 looks like any other class A network. Which brings me to another point... Do you really want a default network to 0.0.0.0 floating around your EIGRP domain. The default-network command is an enhancement to default routing allowing you to flag any network, not just 0.0.0.0 as a default. Reconsider your network topology and take a look at http://www.cisco.com/warp/public/105/default.html You could have just put ip default-network 'network of serial interface' and a default route would have went all through your EIGRP routing domain. (Except routers configured to filter the route from being a default. See 'default-information in/out/allowed' under the 'router eigrp ') WAYNE BAETY, MCSE, A1C, USAF Network Systems Trainer -Original Message- From: Cisco Nuts [mailto:[EMAIL PROTECTED]] Sent: Friday, January 11, 2002 10:39 AM To: [EMAIL PROTECTED] Subject: RE: Fefault route for eigrp? [7:31592] You are absolutely right, my friend. I bumped into this tech-note from cco and it says the same..I tried it and found out that this is the only way for EIGRP to work!! Very strange!! I have BGP running on the router along with EIGRP and also a default route of 0.0.0.0 pointing to my outbound serial. Then after redistributing this static under eigrp, all other routers inside my network can get to outside networks learned via BGP..I wonder why IGRP understands the ip default route but not EIGRP...Anyone has any ideas on this?? Thank you for your help. :-) From: s vermill Reply-To: s vermill To: [EMAIL PROTECTED] Subject: RE: Fefault route for eigrp? [7:31592] Date: Thu, 10 Jan 2002 19:37:07 -0500 EIGRP behaves a little differently than all of the other protocols. You first have to define a static 'ip route 0.0.0.0 0.0.0.0 x.x.x.x' and then add a 'network 0.0.0.0' to your EIGRP config. I think you have to 'redistribute static' as well. It will not propogate a default as a result of the 'default-network' command. Regards _ Chat with friends online, try MSN Messenger: http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31622t=31592 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DHCP coonection on Cisco Router [7:31559]
Also make sure you get IOS 12.1+. client side DHCP (i.e. 'ip address dhcp') isn't supported until then. It's only part of Easy IP Phase 2 WAYNE BAETY, MCSE, A1C, USAF Network Systems Trainer -Original Message- From: Jim Bond [mailto:[EMAIL PROTECTED]] Sent: Friday, January 11, 2002 4:20 AM To: [EMAIL PROTECTED] Subject: Re: DHCP coonection on Cisco Router [7:31559] Regarding your secondary IP, if you use NAT, this will not work because you can't put both ip nat inside and ip nat outside under 1 ethernet interface. A cheaper router will be a 1605, I guess. Jim --- Steven A. Ridder wrote: 2514 supports 2 eth ints. or you may be able to get two cheap 2501's and string them together via serial. I've always wanted to try secondary addressing on 1 interface. The main would get it's IP via DHCP, and the secondary address would be the private IP. Always wanted to know if this would work. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31623t=31559 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Frame relay map 0.0.0.0 question, please help! CCIE lab is [7:31624]
Use frame-relay map statements on B and C pointing to each other but using the same DLCI as set to router A. If you want the router to bind multicasts/broadcast addresses to the DLCI circuit don't forget the 'broadcast' keyword (a common mistake) otherwise OSPF will not be able to encapsulate and send it's hello packets preventing adjacency. You can use inverse arp ('frame-relay interface-dlci x') for the connections to A (inverse-arp is inherently point to point). However, you must use 'frame-relay map' statements for the connections from B to C and C to B. Mixing inverse-arp and manual map statements is ok as long as you completely understand the issues involved. A 102 | 103 / \ 201 / X \ 301 B --/-\-- C Router B Interface s0 Ip address 1.1.1.2 255.255.255.248 Frame-relay interface-dlci 201 Frame-relay map ip 1.1.1.3 201 broadcast Router C Interface s0 Ip address 1.1.1.3 255.255.255.248 Frame-relay interface-dlci 301 Frame-relay map ip 1.1.1.2 301 broadcast Router A Interface s0 Ip address 1.1.1.1 255.255.255.248 Frame-relay interface-dlci 102 Frame-relay interface-dlci 103 WAYNE BAETY, MCSE, A1C, USAF Network Systems Trainer P.S. Don't laugh at my graphic ;) -Original Message- From: EA Louie [mailto:[EMAIL PROTECTED]] Sent: Friday, January 11, 2002 4:12 AM To: [EMAIL PROTECTED] Subject: Re: Frame relay map 0.0.0.0 question, please help! CCIE lab is [7:31575] Did you change the Hub router's ospf priority so It will become DR? And change The spoke routers' ospf priority to 0 so it will never attempt to become DR or bdr? And also, if you have NOT issued the command clear frame inarp (12.1 and above) or clear frame-inarp (12.0 and below), the map statements will remain until you reload the routers. That will need to be done on router B and router C. Routers B and C do not form adjacencies with each other in this topology *unless* you make use of the full mesh, which you've been instructed *not* to do. They both form adjacencies with Router A. That's why you add a map statement to each Router B and Router C to point them to each other via their respective DLCI's to Router A, unless you're explicitly told not to do that. (Which is whole different can of worms) My strategy is shut off inverse arp, clear frame inarp, get the map statements into the config, write the config, and reload. You may wish to reschedule your Feb lab date if you're at this point with OSPF and frame relay a month or so away from your lab. It only gets more complex than this, and this concept, while not elementary, is 'core' to your success in the lab exam. -Original Message- From: Wilson, Christian [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 12:23 PM To: [EMAIL PROTECTED] Subject: Frame relay map 0.0.0.0 question, please help! CCIE lab is Feb [7:31555] I have a frame switch configured for full mesh connectivity over a 3 node frame relay cloud. Router A and router B cannot use subinterfaces. Router B and router C can only use thier dlci that connects them to Router A, not the dlci that connects them to each other. Because the frame switch is set up as a full mesh, I have disabled inverse arp on router A, B, and C and have used frame relay map commands with the broadcast parameter on each router. I am able to ping every router just fine using router A as a hub. Then I need to enable ospf between all of them. I used the neighbor x.x.x.x command to enable ospf, but the two spoke routers, B and C, only form adj with router A, they can not form adj with each other. When I debug ip ospf adj, I see that routers B and C are sending their poll-intervals? to 0.0.0.0. When I issued a sh frame relay map command, I saw the following entires: sh fram map Serial0/0 (up): ip 0.0.0.0 dlci 503(0x1F7,0x7C70) broadcast, CISCO, status defined, inactive Serial0/0 (up): ip 0.0.0.0 dlci 502(0x1F6,0x7C60) broadcast, CISCO, status defined, inactive Serial0/0 (up): ip 140.4.1.2 dlci 503(0x1F7,0x7C70), static, broadcast, CISCO, status defined, inactive Serial0/0 (up): ip 140.4.1.3 dlci 503(0x1F7,0x7C70), static, broadcast, CISCO, status defined, inactive I can not seem to loose the frame maps to 0.0.0.0. They do not show themselves as being learned dynamically or statically. What do they mean? How do I get rid of them? How did they get in there? I can not form adj, please help!! _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31624t=31624
RE: Spanning Tree Protocol [7:26538]
Here's a little treat for paying attention to this thread. Memorize this chart... 1 8 2 4 3 C 4 2 5 A 6 6 7 E 8 1 9 9 A 5 B D C 3 D B E 7 F F And here's why... Let's take 2 for example. In binary, it is written B'0010'. On systems that reverse the order of the bits (for reasons that will be explained later), it is written B'0100', which could be read as 4 in decimal, depending on how you read it. The problem with this is that we would still need a point of reference for how to read the binary digits so that we can compute their hexadecimal equivalents. Can you think of any other areas in life where this could also be a problem? How about written language? In some parts of the world, people read right to left instead of left to right, like how you are reading this now. This ambiguity wasn't saved, unfortunately, from computers. The single most important thing to understand a computer protocol is first knowing its bit-wise orientation. The second most important thing to understand a protocol is knowing its byte-wise orientation. If you haven't guessed already, there are systems that not only reverse the order of bits, but reverse the order of the bytes as well. This is why 4 and 2 are palindromatic. If I align 4 and 2 as we as English readers would align them, they would simply be x'42' (in binary this would be B'0100 0010'). But there are computer systems that align these digits in reverse, placing the highest order (most significant), that is to say, the digit that represents the greatest change in value, last. They come up with x'24' as the same representation of binary digits. They believe, what is written last, is in fact what we would call the 10s column in decimal. It would be like writing 17 (seventeen) and having someone else read 71 (seventy-one). However, those same systems that reverse the order of the bytes reverse the order of the bits as well. If I would reverse the order of the bits in x'2' (in binary, B'0010') it would be read as x'4' (in binary, B'0100'). So, If we read them in on a computer that reverses the order of the digits _and_ reverses the order of the bytes, we would read them in as x'42', exactly how we read them on a system that doesn't, hence, a palindrome. If I would write a low level device driver that reads in SAPs and dishes them out to the corresponding protocol stack, I wouldn't need to know what the value of a particular SAP would be on a system that reverses the order of bits and bytes if I pick 2 values that are always going to be read the same. There are other palindromatic sequences that can be found in the chart above. There are even single digit palindromes. Exercise 1: What are they, and how many are there in total? The chart above helps you to immediately know how a digit would be computed in hexadecimal if read on a computer that reverses bits and bytes. This would be useful for computing how a Ethernet multicast address differs from a token ring multicast address. Exercise 2: how is an Ethernet address of 0100.5E00.0001 (IP 224.0.0.1) read in on a token ring machine? Is the IP address still read the same? WAYNE BAETY, MCSE, A1C, USAF Network Systems Trainer -Original Message- From: Carroll Kong [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 20, 2001 8:52 AM To: [EMAIL PROTECTED] Subject: RE: Spanning Tree Protocol [7:26538] This is a computer architecture topic and it has been a while for me, so please feel free to correct me. Basically, it is how multibyte values are stored in a particular computer architecture. For instance, in big endian, the last byte, has the most significant byte, and in little endian the last byte, has the least significant byte. Given that a byte is 8 bits. Given an integer 64932 (2 bytes) This converts to 1101 1010 0100 in binary. In a little endian architecture, the data would be stored like 1101 1010 0100 One machine would store this value from left to right and the other would store it from right to left. In a big endian architecture, the data would be stored like 1010 0100 1101 Needless to say, this has caused much pain in the world. It is purely a big religious war as to which is better. Also, one might quickly add well if this is true, wouldn't all socket programming be borked?!? No. They force you to convert back to network form vs host form. I believe network form is big endian, but not that it matters. Everyone converts it to this form in C (or any other language) before it hits the network, so there is still cross OS compatibility. Now, looking at 42, it seems to be this in binary alone it is 101010, but in a byte, it would look liks 0010 1010
Policy routing BGP Neighbor relationships [7:27976]
Is it me or does BGP not allow you to form a peering session unless you have a route to the host in the routing table, no matter what. It closes connected sessions even if I have policy route data forwarding configured and even if traffic is forwarding correctly. Is there some knob I'm forgetting about (other than using a static classful route to null0)? My little diagram... 178.24.1.1/32 204.22.10.1/32 Lo Lo || R6 R7 || S0 S0 192.1.1/24 (.3) (.1) a. No static routes entered on R6 or R7 b. BGP peers w/ loopback addresses Here's 11.3 (R7) forgetting that it can reach the 12.0 router via policy (debug output on R7) 3d05h: BGP: 178.24.1.1 remote close, state CLOSEWAIT 3d05h: BGP: 178.24.1.1 closing (This message repeated indefinitely) 3d05h: BGP: 178.24.1.1 multihop open delayed 10112ms (no route) 3d05h: BGP: 178.24.1.1 multihop open delayed 12784ms (no route) (traffic is forwarding!) r7#ping 178.24.1.1 Sending 5, 100-byte ICMP Echos to 178.24.1.1, timeout is 2 seconds: ! r7#config t r7(config)#ip route 178.24.1.1 255.255.255.255 192.1.1.3[Ctl-Z] [a few seconds later] (debug output on R7) 3d05h: BGP: 178.24.1.1 open active, local address 204.22.10.1 r7#config t r7(config)#no ip route 178.24.1.1 255.255.255.255 192.1.1.3[Ctl-Z] [a few seconds later] (debug output on R7) 3d07h: BGP: 178.24.1.1 multihop open delayed 17648ms (no route) grrr. (configs below) Thanks for looking this over. WAYNE BAETY, MCSE, A1C, USAF Network Systems Trainer ROUTER 6 CONFIG version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname r6 ! logging buffered warnings logging console warnings enable password cisco ! username cisco password 0 cisco ! ! ! ! ip subnet-zero ! ! ! process-max-time 200 ! interface Loopback0 ip address 178.24.1.1 255.255.255.255 no ip directed-broadcast ! interface Ethernet0 ip address 10.0.0.6 255.255.255.0 secondary ip address 6.6.6.6 255.255.255.0 no ip directed-broadcast ! interface Serial0 no ip address no ip directed-broadcast encapsulation frame-relay no ip mroute-cache no fair-queue clockrate 25 cdp enable frame-relay lmi-type cisco ! interface Serial0.1 point-to-point ip address 10.255.1.2 255.255.255.252 no ip directed-broadcast ip nat inside frame-relay interface-dlci 601 ! interface Serial0.2 point-to-point ip address 192.1.1.3 255.255.255.0 no ip directed-broadcast ip nat outside ip policy route-map ebgp-rehop frame-relay interface-dlci 607 ! interface Serial1 no ip address no ip directed-broadcast shutdown ! router bgp 300 network 178.24.0.0 neighbor 204.22.10.1 remote-as 100 neighbor 204.22.10.1 ebgp-multihop 2 neighbor 204.22.10.1 update-source Loopback0 ! ip local policy route-map ebgp-rehop ip nat pool dynamic-net-pool 178.24.16.1 178.24.191.254 prefix-length 16 ip nat inside source list 1 pool dynamic-net-pool ip nat inside source static 178.24.3.13 10.253.1.1 ip classless no ip http server ! access-list 1 permit 10.0.0.0 0.255.255.255 access-list 101 permit tcp any host 204.22.10.1 eq bgp access-list 101 permit icmp any host 204.22.10.1 echo access-list 101 permit icmp any host 204.22.10.1 echo-reply route-map ebgp-rehop permit 10 match ip address 101 set ip default next-hop 192.1.1.1 ! ! line con 0 exec-timeout 0 0 logging synchronous transport input none line aux 0 line vty 0 4 exec-timeout 0 0 logging synchronous login local monitor END ROUTER 6 CONFIG ROUTER 7 CONFIG version 11.3 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname r7 ! enable password cisco ! username cisco password 0 cisco ip subnet-zero ip nat pool dynamic-net-pool 204.22.10.16 204.22.10.191 prefix-length 24 ip nat inside source list 1 pool dynamic-net-pool ip nat inside source static 204.22.10.13 20.255.1.5 ! ! interface Loopback0 ip address 204.22.10.1 255.255.255.255 ! interface Ethernet0 ip address 10.0.0.7 255.255.255.0 secondary ip address 7.7.7.7 255.255.255.0 ! interface Serial0 no ip address encapsulation frame-relay no ip mroute-cache no fair-queue clockrate 25 frame-relay lmi-type cisco ! interface Serial0.1 point-to-point ip address 20.255.1.2 255.255.255.252 ip nat inside no arp frame-relay frame-relay interface-dlci 705 ! interface Serial0.2 point-to-point ip address 192.1.1.1 255.255.255.0 ip nat outside frame-relay interface-dlci 706 ! interface Serial1 no ip address
RE: 2 Line Hit Scenarios... [7:25928]
of the reasons for the dreaded routing loop is brought about by the fact that a host could for some reason or another somehow not receive a poison update, and start a count-to-infinity war. This means that RIP messages are inherently unreliable and not acknowledged. Erred RIP frames are just 'silently discarded'. The silence is because there is no provision in the protocol made for acknowledgement and recovery. Here's a list of cases where a router or bridge would retransmit instead of the end host. BISYNC - YES X.21 - YES SDLC - YES The various LAPs (LAPB, LAPF, etc.) - YES? Cisco HDLC - NO!! (remember it's Cisco's own variety of HDLC) PPP - NO Frame Rely - NO Ethernet - NO Token Ring - NO FDDI - NO LLC1 - NO LLC2 - NO, unless you're using DLSw or RSRB with Local ACK LLC3 - who cares? ;-), but I think the answer is YES Ethernet causes some confusion for people because a data-link-layer interface monitors for collisions while sending and retransmitting if one occurs. I don't think this fits into the same category as we're dealing with in this question, but the neophytes think it does, so it's worth addressing. I consider sending without collisions a basic part of Media Access Control, analogous to getting the token on Token Ring. It's not the same as monitoring for an ACK and retransmitting if you don't get one, which Ethernet NEVER does. I thought of this, but then I was thinking that maybe the line hit doesn't trip the collision detect circuitry, in most cases it won't. Maybe the gremlin feels conniving today and feels like letting Ethernet believe the transmission was a success. This is true more often than not. This is an extremely easy Networking 101 question where I come from. It's really frustrating that it results in so much confusion. Networking 101, but not Networking 303, which is why I included a paragraph of disclaimer somewhere in the middle. Priscilla I welcome discussions like this on this group. I wish there were more of them. Now the really good stuff comes out. Thanks, Priscilla. Wayne At 11:21 PM 11/12/01, Baety Wayne A1C 18 CS/SCBX wrote: Line hits are caused by physical disturbances, electronic influences on the transmission medium. The question draws attention to the serial connection between B1 and B2, and a possible difference between Ethernet connections. Ethernet makes no provision for physical layer protocol retransmission in the face of erred communications. An explanation follows. There are different physical layer protocol entities for Ethernet, notably MLT-3 for fast Ethernet, Manchester for Ethernet, etc. These are actual protocols for transferring bit streams over a common medium and only serve to perform line encoding. When an error presents itself, most often these errors register as invalid code signals to the distant end, which somehow gets translated into a data signal, forcibly in the case of Ethernet. After this process is complete the bit streams are compacted and provisioned into 8-bit boundaries and are passed up to the data link layer. At this point, the communication enters the prevue of a central processing unit. The OS controlling the CPU would naturally do a CRC function on the received data stream and extract the CRC that was computed by the sending node, and do a comparison of the two. Actual implementations could vary. This in essence is an overview of Ethernet Technology. The important thing to remember is that there is not a protocol function that occurs at the point the bit streams are sent from the hardware to the main CPU (channel access functions are handled in hardware on a NIC). All communication is accepted carte blanche, and naturally so. Ethernet is primarily a LAN technology were error prone communications (caused by EMI or other naturally occurring phenomenon) is tightly controlled and minimized. In serial communication technology there is such a protocol function because there is a higher chance of their being electromagnetic influences, propagation delay, etc. In serial communications at the point that the bit streams are decoded into logical binary words (that 8 bit provisioning scheme aforementioned). There is a protocol function implemented to control the actual reception and healthiness of the bit streams. HDLC is the default protocol for Cisco Routers, but there are other notables. Such as Bi-Sync, SDLC, LAPB, PPP, etc. In some of these protocols there are provisions for the retransmission of frames when errors are detected, channel multiplexing, stream windowing as well as frame sequencing and acknowledgements. Why this long answer? Remember the question draws attention to the physical layer when 'line hits' are mentioned. Further clues were given when the only difference mentioned was a change in physical composition. It's up to you to decide if the test maker in this instance is testing to see if you know all of this, judged by the overall difficulty
RE: 2 Line Hit Scenarios... [7:25928]
Line hits are caused by physical disturbances, electronic influences on the transmission medium. The question draws attention to the serial connection between B1 and B2, and a possible difference between Ethernet connections. Ethernet makes no provision for physical layer protocol retransmission in the face of erred communications. An explanation follows. There are different physical layer protocol entities for Ethernet, notably MLT-3 for fast Ethernet, Manchester for Ethernet, etc. These are actual protocols for transferring bit streams over a common medium and only serve to perform line encoding. When an error presents itself, most often these errors register as invalid code signals to the distant end, which somehow gets translated into a data signal, forcibly in the case of Ethernet. After this process is complete the bit streams are compacted and provisioned into 8-bit boundaries and are passed up to the data link layer. At this point, the communication enters the prevue of a central processing unit. The OS controlling the CPU would naturally do a CRC function on the received data stream and extract the CRC that was computed by the sending node, and do a comparison of the two. Actual implementations could vary. This in essence is an overview of Ethernet Technology. The important thing to remember is that there is not a protocol function that occurs at the point the bit streams are sent from the hardware to the main CPU (channel access functions are handled in hardware on a NIC). All communication is accepted carte blanche, and naturally so. Ethernet is primarily a LAN technology were error prone communications (caused by EMI or other naturally occurring phenomenon) is tightly controlled and minimized. In serial communication technology there is such a protocol function because there is a higher chance of their being electromagnetic influences, propagation delay, etc. In serial communications at the point that the bit streams are decoded into logical binary words (that 8 bit provisioning scheme aforementioned). There is a protocol function implemented to control the actual reception and healthiness of the bit streams. HDLC is the default protocol for Cisco Routers, but there are other notables. Such as Bi-Sync, SDLC, LAPB, PPP, etc. In some of these protocols there are provisions for the retransmission of frames when errors are detected, channel multiplexing, stream windowing as well as frame sequencing and acknowledgements. Why this long answer? Remember the question draws attention to the physical layer when 'line hits' are mentioned. Further clues were given when the only difference mentioned was a change in physical composition. It's up to you to decide if the test maker in this instance is testing to see if you know all of this, judged by the overall difficulty of the exam. To answer your question if there is a line hit between B1 and B2, B1 will always retransmit. In most serial encapsulations method, the frame never clears the buffers on B1 until B2 acknowledges reception to B1. There was an effort to add this amount of reliability to Ethernet and Token Ring environments, hence LLC which is a spin off of sorts of HDLC for serial communications. With LLC there are actually 3 different modes of communication. Type 1 is the normal mode that you would normally see in modern networking environments (Type 2 is more usual for Token Ring). Type 2 is modeled after communication qualities that serial communications need to overcome. Type 3 is not commonly used. To be succinct, it is like slapping a serial protocol over Ethernet or Token Ring. When Ethernet is behaving like a serial interface it will buffer, acknowledge and retransmit erred frames just like a serial interface (In that case, each intermediate device is responsible for retransmitting any frames with errors). Like everything else in life, the true answer depends on what you are doing. To be safe, let me point out that all of this nonsense usually is spoken of in the books as residing at the Data Link layer. I believe the test question may also be trying to confuse you with what are the responsibilities of the Transport layer (TCP to be exact). But what if you aren't even using TCP, What if you are using UDP over IP over Ethernet? There is clearly no retransmission effort going on here. All confusing isn't it? Don't worry in time you'll sort it all out. Cheers and Good Luck, WAYNE BAETY, MCSE, A1C, USAF Network Systems Trainer -Original Message- From: Todd Carswell [mailto:[EMAIL PROTECTED]] Sent: Monday, November 12, 2001 11:09 PM To: [EMAIL PROTECTED] Subject: 2 Line Hit Scenarios... [7:25928] Here's the setup for my 2 questions... PCA---B1---B2PCB Bridge 1 and Bridge 2 are running Transparent Bridging between them. Question 1: There's a SERIAL connection between B1 and B2. B1 and B2 are configured for transparent bridging. If
RE: BGP question [7:25130]
Useful if you're using private AS addressing (AS 64512-65535) and you want your customer routes to appear as if they originated from your AS... I would have used a NO_EXPORT community on the routes being advertised from the AS and simply just advertised the address space that I own. It's rarely useful to advertise your own address space with a differing AS number. It's also more advised to keep advertising the correct AS in cases where this situation would occur, e.g., a dual-homed customer. However, to satisfy the question you can use BGP aggregation on R3 which was specifically designed for this purpose... router bgp 64512 aggregate-address 200.200.200.1 255.255.255.0 summary-only as-set You should only use a set-community conferderation route map when you have complex business rules that you need implemented. WAYNE BAETY, MCSE, A1C, USAF Network Systems Trainer -Original Message- From: news [mailto:[EMAIL PROTECTED]] Sent: Monday, November 05, 2001 2:53 AM To: [EMAIL PROTECTED] Subject: Re: BGP question [7:25130] Hi what I am trying to achieve is as follow AS 100 is connected to AS 200. AS 200 is connected to AS 300 AS 100 has route from AS 300. So the AS-PATH List is: 200, 300, i The task is: AS 100 should see all the route from AS 300 as if they came from AS 100 directly the path will look like 200, i Faisal Chuck Larrieu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... interesting question. a seach among the command references and configuration guides on CCO yields nothing under 12.1, but under 12.2 states this command was introduced in 12.0(4.4)S and that in 12.0(5)T the address family configuration mode was added. I copied this stuff out of CCO, but it is not making sense to me at the moment. I can find no reference to the command and function in Parkhurst, which carries a 2001 copyright but no telling when the contents were locked down for publishing. In re-reading this thread and the documentation below, I'm still a bit unclear as to what is being accomplished here. Telling a neighbor you are AS X when you are really AS Y ?? I'm working on some BGP scenarios now, so I'll try to add this to the list and report back. Chuck -- stuff from CCO: The next example shows how the route map named set-community is applied to the outbound updates to neighbor 171.69.232.50 and the local-as community attribute is used to filter the routes. The routes that pass access list 1 have the special community attribute value local-as. The remaining routes are advertised normally. This special community value automatically prevents the advertisement of those routes by the BGP speakers outside autonomous system 200. router bgp 65000 network 1.0.0.0 route-map set-community bgp confederation identifier 200 bgp confederation peers 65001 neighbor 171.69.232.50 remote-as 100 neighbor 171.69.233.2 remote-as 65001 ! route-map set-community permit 10 set community local-as neighbor local-as To allow customization of the autonomous system number for external Border Gateway Protocol (eBGP) peer groupings, use the neighbor local-as command in address family or router configuration mode. To disable this function, use the no form of this command. Command History Release Modification 12.0(4.4)S This command was introduced. 12.0(5)T Address family configuration mode was added. Usage Guidelines Each BGP peer or peer group can be made to have a local autonomous system value for the purpose of peering. In the case of peer groups, the local autonomous system value is valid for all peers in the peer group. This feature cannot be customized for individual peers in a peer group. If this command is configured, you cannot use the local BGP autonomous system number or the autonomous system number of the remote peer. This command is valid only if the peer is a true eBGP peer. This feature does not work for two peers in different subautonomous systems in a confederation. Examples The following address family configuration example shows the customization of neighbor 172.20.1.1 configured to have an autonomous system number of 300 for the purpose of peering: router bgp 109 address-family ipv4 multicast network 172.20.0.0 neighbor 172.20.1.1 local-as 300 The following router configuration example shows the customization of neighbor 172.20.1.1 configured to have autonomous system number of 300 for the purpose of peering: router bgp 109 network 172.20.0.0 neighbor 172.20.1.1 local-as 300 end of stuff from CCO - adam lee wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... What version of IOS is that command in? I am using 12.0(9) and it's not in there. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of news Sent: Saturday, November 03, 2001 12:23 PM To: [EMAIL PROTECTED] Subject: Re: BGP question [7:25130]
RE: Weirdness with OSPF--IGRP and Default Routes [7:25216]
His pings are definetly going to the loopback on Router B (R4) and are probably being load balanced over the 0/0 [!.!.!.]. Use ip default-network and point it out the interface you really want traffic to go to by default. If you don't want R4 to use the default, then apply a static default on all your other routers. Otherwise you run the risk of load balancing through the loopback (?). I'm not near any routers atm so I can not verify this. Ip default-network 152.1.3.0 WAYNE BAETY, MCSE, A1C, USAF Network Systems Trainer -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Monday, November 05, 2001 8:09 AM To: [EMAIL PROTECTED] Subject: Re: Weirdness with OSPF--IGRP and Default Routes [7:25216] John, it occurs to me that the other possibility is that your pings are getting out, but not getting back. On the surface, it would appear that is not the case because in part one of your scenario, you can successfully ping. However, it is possible that in doing what you did in setting up the default network, you broke something else such that the return route does not exist? just because you can see me, it does not automatically follow that I can see you. what do traceroutes reveal about where the breakdown occurs? How about an extended ping, using a different interface as the source address? Chuck John Neiberger wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You're reading it correctly. The real problem isn't with router C. Using either of the methods I tried it learns a default route from B. The real problem is that as soon as I add a default-network command to router B (so that it originates a default to C) default routing breaks. Others keep pointing out that having a loopback address as a default network creates a blackhole. In this case I'm using a dummy network that does not exist elsewhere so it won't create a black hole. In fact, when ip packet debugging is turned on the packets are unroutable. This makes no sense to me since a quad-zero default exists in the routing table. With ip classless nothing should be unroutable. Very weird. I must be missing something... You think this is weird, though, you ought to see the lab setup I'm using to test this. At the moment I have six routers running a combination of IS-IS, BGP, OSPF, and IGRP. :-) I'm a glutton for punishment! Regards, John On Sun, 4 Nov 2001 11:52:26 -0500, Chuck Larrieu wrote: | if I am not mistaken, the default network has to be learned via IGRP, and | cannot be a connected interface. If I am reading your outputs correctly, | your default network is a connected interface. | | am I misreading which router is the source of the pings? | | Chuck | | | John Neiberger wrote in message | [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... | I posted this to the ccie list as well. I'm hoping someone has run across | this before. | | I'll start with the original scenario that worked so I can show you where | I | began before I show you what I'm trying to accomplish now. There are | three | relevant routers here: | | A(ospf)B(rip)-C | | A originates a default route to B and I use default-information originate | in | the RIP config to pass 0.0.0.0/0 to C. This works well. Then I took RIP | away and tried this with IGRP and ip default-network. | | This took some tweaking before I could get B to originate default route | to | C with IGRP. Is it just me or did Cisco seem to make this very | user-unfriendly?? Unbelievable. This is *so* easy with other protocols. | Anyway... | | In the first scenario, B has a single gateway of last resort: 0.0.0.0/0 | via | router A. Beautiful. In the second scenario I end up with two candidate | GOLRs but neither is picked and routing breaks! | | This makes *zero* sense to me. If ip classless is configured and still | have 0.0.0.0/0 in my routing table then B should route all packets with | unknown destinations to A, right?? Well, it's not working and I can | consistently recreate it. | | If I remove the ip default-network statement routing works but then C has | no | default route. | | What could be wrong here? For grins, I'll paste in some command output to | show you what I mean. R4 is Router B in the above scenario. | | Gateway of last resort is 152.1.3.2 to network 0.0.0.0 | | 152.1.0.0/16 is variably subnetted, 2 subnets, 2 masks | O IA152.1.1.0/25 [110/74] via 152.1.3.2, 05:19:53, Serial0 | C 152.1.3.0/30 is directly connected, Serial0 | 130.1.0.0/16 is variably subnetted, 9 subnets, 2 masks | I 130.1.3.0/24 [100/1188] via 130.1.4.2, 00:00:28, TokenRing0 | I 130.1.2.0/24 [100/1188] via 130.1.4.2, 00:00:28, TokenRing0 | I 130.1.1.0/24 [100/1188] via 130.1.4.2, 00:00:28, TokenRing0 | O
RE: What do you cats do for motivation? [7:24549]
Ever make a puzzle? Ever since a kid I used to be fascinated by puzzles. First you find the corners and edges and work your way in, was a trick I used to use. I believe it still applies to learning about all of this stuff. If you find yourself unmotivated, then go out and buy a 50 piece puzzle and work your way up to 1000 pieces or even 5000 pieces. Mix this in with your studying time. The goal of course is to condition your mind to complexity, and accomplishment. This is similar to reading first the marketing literature about a networking topic, and then, working your way up to the approved standards, RFCs, etc. Start out light... You can't solve a puzzle w/o the corners. WAYNE BAETY, MCSE, A1C, USAF Network Systems Trainer -Original Message- From: Ouellette, Tim [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 30, 2001 4:52 AM To: [EMAIL PROTECTED] Subject: What do you cats do for motivation? [7:24549] Man O Man. I'm finding it super-tough to stay motivated with all of this super-duper-heavy-geeky CCIE studying that I have to do. How do you guys keep your mind focused and your eyes straight ahead? I find it really easy to answer my phone on a friday night and talk to my buddies, next thing you know i'm at the local pub forgetting my name. I've got soo many books to ready, and soo man labs that I want to do. The light at the end of the tunnel isn't even close to being visable and it's tough. Can anyone help? btw, anyone used any audio tapes/cd's to listen to cisco type stuff during the commute to work? I was thinking about doing something like that but I think hearing my own voice speak would be enough to drive me insane. Any thoughtS? Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=24597t=24549 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MAC address and VLANs [7:23950]
As well as it should when you're transferring 100's of megabytes of data; it's not exactly like downloading a web page. That's where CAR rears its ugly face, no? WAYNE BAETY, MCSE, A1C, USAF Network Systems Trainer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, October 26, 2001 1:52 AM To: [EMAIL PROTECTED] Subject: Re: MAC address and VLANs [7:23950] I couldn't agree more on this issue, Jeff. Norton's Ghost is Notorius for hogging much of the backplane bandwidth on CAT5500s during a unicast TCP session. John Squeo Technical Specialist Papa John's Corporation (502) 261-4035 jeffrey wang cc: Sent by: Subject: Re: MAC address and VLANs [7:23950] nobody@groupst udy.com 10/25/01 12:08 PM Please respond to jeffrey wang Not only VLAN helped solving broadcast problem, but also helped unicast problem. I used to run into problem with some UDP application on a pretty large flat network. When some 100M/full-duplex start talking, 10M workstations were freeze. Sniffer showed me that caused by a unicast storm. Eventually, I learned that if a unicast is sent while switch didn't have or forgot its destination's MAC, it flood. No 100M workstation been affected, but all 10's died. couple second later, it calmed down. (switches started to know where the destination's MAC). However, it happened again and again. VLAN helps first to restrict problem in ONE VLAN, second prevent the switches don't have the VLAN from being affected. Priscilla Oppenheimer wrote: The multi-VLAN feature that Leigh Anne mentioned might solve your problem. The Cisco switch port could be associated with two VLANs that way. You didn't say which switch you have, and this feature may not be available on all Cisco switches, though. Assuming that you don't want to upgrade the little switch to one that does 802.1Q or ISL, another somewhat radical fix to the problem might be to not use VLANs. My philosophy is that once VLANs get to the point of causing more problems then they fix, I eliminate them. ;-) One of the main things VLANs were supposed to fix was excessive broadcasts causing too many CPU interruptions on numerous workstations in a large, flat, switched network. Lately I have taken to making the controversial statement that this problem doesn't exist on many modern networks. These days workstations have amazingly fast CPUs. They are not bogged down by processing broadcasts. Also, as we eliminate older desktop protocols such as AppleTalk and IPX, what is still sending broadcasts? An ARP here or there is not a big problem. And ARPs don't actually happen that often. A PC keeps the data-link-layer address of its default gateway and other communication partners for a long time. Also, a lot of PC NICs used to be stupid about multicasts and interrupt the CPU for irrelevant multicasts for which the PC was not registered to listen. I bet that bug has been fixed by now. VLANs have other benefits (security, dividing up management and administrative domains, etc.) But if broadcasts are the issue, one should ask: Which protocol send broadcasts and how often? How fast are the CPUs? And that is my latest harangue against my least favorite LAN technology (VLANs!) Priscilla At 09:52 AM 10/24/01, NetEng wrote: Thanks for the replies. The two MAC addresses would come from the two PC's in an office. The would both connect in to a hub and then the hub would uplink to the cisco switch. I need one pc in VLAN1 and one pc in VLAN2, from what you and Dennis stated this will not work. I appreciate the comments though. Collin Leigh Anne Chisholm wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Actually, that's not correct. The original specification for VLANs from what I understand mandates that only one VLAN can be assigned to a port, but manufacturers such as 3COM decided to do otherwise and support multiple VLANs per port. Cisco responded by creating (on certain switches such as the Catalyst 2900XL) an administrator to configure a port to be a member of more than one VLAN at a time when using a membership mode known as Multi-VLAN. A Multi-VLAN port can belong to up to 250 VLANs; the actual number of VLANs to which the port can belong depends on the capability of the switch itself. Although the concept is similar, this membership mode is different than trunking. The caveat to this feature is that the Multi-VLAN membership mode cannot be configured on a switch if one or more ports on the switch have been configured to trunk. For more information on this feature, search Cisco's website using the keyword phrase switchport multi. As for answering NetEng's
RE: MAC address and VLANs [7:23950]
Oops, I forgot to complete that thought Hence, the second most important reason for routingdrum roll Traffic Policing. Is this the start of another Dave's Top Ten? Essentially, large flat networks probably also have no internal security and no internal traffic cops. Now that's ugly. -Original Message- From: Baety Wayne A1C 18 CS/SCBX Sent: Friday, October 26, 2001 11:14 AM To: '[EMAIL PROTECTED]' Cc: '[EMAIL PROTECTED]' Subject: RE: MAC address and VLANs [7:23950] As well as it should when you're transferring 100's of megabytes of data; it's not exactly like downloading a web page. That's where CAR rears its ugly face, no? WAYNE BAETY, MCSE, A1C, USAF Network Systems Trainer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, October 26, 2001 1:52 AM To: [EMAIL PROTECTED] Subject: Re: MAC address and VLANs [7:23950] I couldn't agree more on this issue, Jeff. Norton's Ghost is Notorius for hogging much of the backplane bandwidth on CAT5500s during a unicast TCP session. John Squeo Technical Specialist Papa John's Corporation (502) 261-4035 jeffrey wang cc: Sent by: Subject: Re: MAC address and VLANs [7:23950] nobody@groupst udy.com 10/25/01 12:08 PM Please respond to jeffrey wang Not only VLAN helped solving broadcast problem, but also helped unicast problem. I used to run into problem with some UDP application on a pretty large flat network. When some 100M/full-duplex start talking, 10M workstations were freeze. Sniffer showed me that caused by a unicast storm. Eventually, I learned that if a unicast is sent while switch didn't have or forgot its destination's MAC, it flood. No 100M workstation been affected, but all 10's died. couple second later, it calmed down. (switches started to know where the destination's MAC). However, it happened again and again. VLAN helps first to restrict problem in ONE VLAN, second prevent the switches don't have the VLAN from being affected. Priscilla Oppenheimer wrote: The multi-VLAN feature that Leigh Anne mentioned might solve your problem. The Cisco switch port could be associated with two VLANs that way. You didn't say which switch you have, and this feature may not be available on all Cisco switches, though. Assuming that you don't want to upgrade the little switch to one that does 802.1Q or ISL, another somewhat radical fix to the problem might be to not use VLANs. My philosophy is that once VLANs get to the point of causing more problems then they fix, I eliminate them. ;-) One of the main things VLANs were supposed to fix was excessive broadcasts causing too many CPU interruptions on numerous workstations in a large, flat, switched network. Lately I have taken to making the controversial statement that this problem doesn't exist on many modern networks. These days workstations have amazingly fast CPUs. They are not bogged down by processing broadcasts. Also, as we eliminate older desktop protocols such as AppleTalk and IPX, what is still sending broadcasts? An ARP here or there is not a big problem. And ARPs don't actually happen that often. A PC keeps the data-link-layer address of its default gateway and other communication partners for a long time. Also, a lot of PC NICs used to be stupid about multicasts and interrupt the CPU for irrelevant multicasts for which the PC was not registered to listen. I bet that bug has been fixed by now. VLANs have other benefits (security, dividing up management and administrative domains, etc.) But if broadcasts are the issue, one should ask: Which protocol send broadcasts and how often? How fast are the CPUs? And that is my latest harangue against my least favorite LAN technology (VLANs!) Priscilla At 09:52 AM 10/24/01, NetEng wrote: Thanks for the replies. The two MAC addresses would come from the two PC's in an office. The would both connect in to a hub and then the hub would uplink to the cisco switch. I need one pc in VLAN1 and one pc in VLAN2, from what you and Dennis stated this will not work. I appreciate the comments though. Collin Leigh Anne Chisholm wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Actually, that's not correct. The original specification for VLANs from what I understand mandates that only one VLAN can be assigned to a port, but manufacturers such as 3COM decided to do otherwise and support multiple VLANs per port. Cisco responded by creating (on certain switches such as the Catalyst 2900XL) an administrator to configure a port to be a member of more than one VLAN at a time when using a membership mode known as Multi-VLAN. A Multi-VLAN port can belong to up to 250 VLANs; the actual
RE: Password recovery when console it hosed [7:17743]
You said they download from a TFTP? well snoop the Ethernet packets and look for what file they are requesting. store that file on your ftp server and just add a config file with the same name and... config-register 0x2102 or confreg 0x2102 or better yet make it boot into rom mode Some times the trees are better to look at than the forest ;-} Wayne -Original Message- From: Adam Luy [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 30, 2001 5:37 AM To: [EMAIL PROTECTED] Subject: Password recovery when console it hosed [7:17743] Hey everybody, I have a couple of 3102 routers at home that I can not get into. The console ports have been set to some strange setting I can not seem to figure out. I've tried what seems to be an endless combination of speeds, parity, stop bits, data bits, etc..., but still get garbled data out the console. I have other 3102s in my lab, so I know I've got good cables and all that. Plus, if I have a TFTP server going when I power them up they will download IOS from it, so I know they are working, just can't get into the damn console! Is there anyway to manually/physically clear NVRAM so the console is set back to 9600,n,8,1? Help! -Adam Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=17822t=17743 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Yet another silly CCIE lab prep question [7:17716]
Id also add a NP-2T (2 Port Serial Network Processor Module) to that 4000 so that you can practice a point-to-point and point-to-multipoint OSPF over frame relay scenario. Using the 4000 as a Frame Relay Switch. These NPMs sell for about 100-200 on Ebay. If you get a NP-4T (4 Port Serial Network Processor Module) you've just turned that 4000 in to 2 Routers, ideally. It then can double as a Frame Relay Switch and still have 2 Serial ports and what ever Ethernet ports left over to do some other nice config scenarios. The NP-4T sell for about 300-400 on Ebay and only require the cable types that come with the 25XX anyway. If you get the NP-2T then you'll need 4 60pin/dte to 50pin/dce cables (These sell for about 35 new/used on ebay and about 80 used elsewhere). Adding a Frame Relay Switch to your lab setup is a great way to connect all those 25XX together and still have a lot of fluidity in lab scenario cable-ups. Wayne -Original Message- From: EA Louie [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 30, 2001 5:10 AM To: [EMAIL PROTECTED] Subject: Re: Yet another silly CCIE lab prep question [7:17716] Nah, that's a great setup John. You have 5 routers there, and a possible 6th with the 4000. Start looking at fatkid.com and his smaller labs (400 and below), and see how well you line up with those (we're forever substituting Ethernet for Token Ring and vice-versa in my partner's lab setups to make due with our equipment on those labs) The 2522 is a great frame relay switch and can double as a 1E/2T/1BRI router... 2513 give you SR/TLB You can add some NPs to your 4000 (I'd suggest the NP-2E and NP-2R) You'll need a bunch of DTE/DCE cables (mostly 60-pin variety...and a couple of 60-pin to 50-pin for the NP-2T in the 4000) If trunking is only worth one or two points on the exam, it's worth knowing but not sweating - just think sub-interfaces on the router, and know the encapsulation commands on the router and switch interfaces I'd be a bit more concerned with flash/DRAM - 12.1 Enterprise requires 16/16, and you could use mzmaker if you have 8/16, but we've run into a few problems with that lately (routers crashing because of MALLOC problems) - Original Message - From: John Neiberger To: Sent: Wednesday, August 29, 2001 11:41 AM Subject: Yet another silly CCIE lab prep question [7:17716] I apologize in advance for posting this. I know we get a couple of these a week, it seems, but I don't want to leave any bases uncovered. Here is what it looks like I'm going to end up with at home: (2) 2501 2504 2513 2522 4000 (with two serial interfaces) Catalyst 1200 (yes, that's right, I said a 1200!!) Token Ring MAU Blackbox switch (instead of 2509 or 2511) I'm hoping that the 1200 will be able to handle most of the switching chores. It can't do ISL trunking and it's only low speed, but I get experience with that kind of stuff at work. I won't be able to do etherchannel, but I don't have any routers or other switches so that's not relevant here. I still plan on getting a day or two of lab time up at University of Colorado at $500/day. I also may get in a day or two at the local Cisco office (keep your fingers crossed). For my home lab, though, if I manage to find some lab scenarios to study with that only use a few routers, have I already shot myself in the foot? Will I *need* to get more or will this suffice? I will also be getting an ISDN simulator but that's going to have to wait for a few months. Any advice? Thanks! John _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=17981t=17716 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BPDUs [7:17607]
BPDUs are sent out multicasted using an Ethernet multicast address of 01-80-C2-XX-XX-XX and a SAP of 42 (bridging SAP). They are sourced from what ever private mac address pool the vendor chooses. e.g. (Ethernet SAP) Dest Source Ln DSAP SSAP CNTL INFOPAD FCS 0180C200 0010E7123456 26 42 42 03[BPDU] Since BPDUs (both TCN and Configs) are always 35 Bytes long add 3 for the SAP Header to get a total length of 38 (hex 0x26) for Length 40 for SNAP, although I do not believe there is a SNAP formation for BPDUs. Perhaps Frame Relay bridging? By simply looking at the destination address you should be able to determine that it is in fact a multicast address by looking at the the second nibble in the first octet. If it is odd (1,3,5,7,9,B,D,F) it is a multicast address. Interconnections: Routers, Bridges, and Switches by Radia Perlman is suggested reading. Ref: RFC 1700 Wayne -Original Message- From: Christopher Supino [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 29, 2001 10:04 AM To: [EMAIL PROTECTED] Subject: BPDUs [7:17607] All , I came across this question while studying: How are BPDU's propagated amongst switches? Broadcast, multicast, or unicast? Anyone have an explanation? Christopher Supino CCNP, CCDP, MCSE, CNA5, ASE Senior System Engineer Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=17804t=17607 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Logging traffic [7:17559]
I would add the syn predicate to cut down on logging traffic. This will only log the first TCP segment, but it will still contain the source IP address, Time of Day, etc. access-list 101 permit tcp any any lt 100 syn log Since syslog traffic is sent on the data link in human readable form I would use an IPSec tunnel, or a standalone Ethernet interface to actually handle the traffic. Logging data can be very sensitive. Wayne -Original Message- From: Tony van Ree [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 30, 2001 8:39 AM To: [EMAIL PROTECTED] Subject: Re: Logging traffic [7:17559] Hi, Depends on what your are really trying to achieve. If you have plenty of head room in your router you could just add stuuf to an access-list and send the list to a syslog. Cheap nasty but a good way to solve issues. access-list 101 permit icmp any any log access-list 101 permit tcp any any lt 100 log access-list 101 permit tcp any any gt 99 log access-list 101 permit udp any any lt 100 log access-list 101 permit udp any any gt 99 log The trick is to put the port numbers in (lt 100 etc) this will then tell you what address/port is talking to address/port. If you put this at the end of an existing access-list in place of the permit ip any any you should get what you need. On a busy link however this generates heaps of information but it is a nice way to find what you don't want on your network BE AWARE OF ANY PRIVACY ISSUES THAT MIGHT ARISE DOING THIS SORT OF STUFF. Just a thought, Teunis, Hobart, Tasmania Australia On Tuesday, August 28, 2001 at 03:03:47 PM, cisco skin wrote: Here's what I want to do: Log all traffic (source/destination ip address/port #) from a specific subnet (our HQ) to see what's passing through our external router, and where they're going. Any suggestions? Thanks, Jeff -- www.tasmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=17806t=17559 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Work-related ACL problem [7:17695]
Is 167.216.138.4 a proxy server? is there another proxy server in the midst perhaps using another tcp port number? Proxy servers usually use 8080 but I've seen some (Squid, a Unix Proxy Server) for example at other port ids. Keep in mind that there are anonymous proxy services out there that aren't using standard port numbers and your users can still use those. But lets take proxies out of the equation for a moment. As soon as you use a deny rule you prohibit any further processing for the predicates the deny rule uses. So put your permits first in the greedy-eye format, that is place your unrestricted largest permitted access first. permit ip any 172.0.0.0 0.255.255.255 permit tcp any host 2.2.2.2 eq www deny tcp any any eq www Wayne -Original Message- From: Wilson, Bradley [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 30, 2001 1:04 AM To: [EMAIL PROTECTED] Subject: Work-related ACL problem [7:17695] Okay gang, this one's work-related so don't feel obligated to help. ;-) I think it's an interesting thought problem though: The Problem I'm Trying To Solve: allow access to a particular website (2.2.2.2) from users on a particular subnet. Do NOT allow them to access any *other* website. Allow them to access other resources within your internal network (172.0.0.0). Here's the ACL I came up with: access-list 101 permit ip any host 167.216.138.4 access-list 101 deny tcp any eq www any access-list 101 permit ip any 172.0.0.0 0.255.255.255 access-list 101 permit ip any any This list was created on an MSFC card running in a 6509 chassis, and has been applied to interface Vlan1 inbound (I tried outbound as well just for kicks). The (unintended) result is that users can access both the target website, as well as other websites on the Internet. Any ideas? Bradley J. Wilson CCNP CCDP MCSE NNCSS CNX MCT CTT EDS/Boston Scientific Account (508) 650-8739 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=17810t=17695 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: I HAVE QUESTION How can i know who conn to my rout [7:17608]
logging 1.2.3.5 logging buffered 1 debugging logging trap debugging access-list 101 permit tcp any host 1.2.3.4 eq 23 syn log access-list 101 permit ip any any interface fast0/0 ip access-group 101 in This config snippet will log all port 23 connects to host 1.2.3.4 which should be an interface on your local router. You'll have to make a rule to match and log each interface on your router for this to match all possible paths to your router. The logging global config command sends syslog messages to a syslog server (There are daemons for WinNT). You can set up a crontab on a Unix server to grep the syslog for IPACCESSLOGP and mail this output to yourself for a more complete solution. In Windows a Windows Scripting Host script, or Perl for Windows script can be created to the same effect. Caveats: Input access lists break certain flow enhancement features in certain routers, I'd suggest you fully research the impact an input access list will have on your router before implementing this. Every interface on your router would need to have the first rule in the above access list changed to its respective network layer address (1.2.3.4) in this case. Wayne -Original Message- From: Bolton, Travis [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 29, 2001 7:33 AM To: [EMAIL PROTECTED] Subject: RE: I HAVE QUESTION How can i know who conn to my rout [7:17585] Show arp will show you all the IP's on the router with their MAC addresses. Hope this is what you want. -Original Message- From: PHIMHONGKONG [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 28, 2001 5:14 PM To: [EMAIL PROTECTED] Subject: Re: I HAVE QUESTION How can i know who conn to my rout [7:17581] but those command is only show you a telnet session or soem one currently log in router i would like to kow the command like show all ip connecting to the router Thanks all Shojayi Joe wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Try a router show sessions show sessions is the command Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=17608t=17608 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Boson Test Question [7:16895]
Very Slimy question, but... A (MAC) is never used to choose the DR. If two routers are configured with the same priority Then C (Priority) is not used to choose the DR, if they do not have the same priority then D (IP address) is not use to choose the DR. In either case C, and D are not true in every situation. Only answer B is true in every situation. It is true even we are only considering point-to-point links, because the question specifically asks for the cases in which a DR IS chosen. Wayne -Original Message- From: Wright, Jeremy [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 23, 2001 6:42 AM To: [EMAIL PROTECTED] Subject: Boson Test Question [7:16895] In OSPF, the DR is chosen by A. MAC B. Hello Protocol C. Priority D. IP I chose C but Boson says B. Obviously I have read a 1000 times that the DR is elected by highest priority, so is Boson wrong here or am I mis-interpreting the way the question is worded (typical Cisco).. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16914t=16895 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Quick CCIE Written Question [7:16891]
Even with no IP classless the longest match rule still applies and the longest match for a destination is always chosen, regardless of the administrative distance of the learning protocol. The reason for this is to avoid global routing loops. This has been clearly stated in rfcs, even before things like 'administrative distance' were invented. When two networks are being advertised to the same router, the router must ALWAYS use the more precise of the two networks to make its forwarding decision. This rule may or may not be a crutch, but its still the rule. However, this rule is usually applied at the end of the routing decision in Cisco Routers anyway. Things like, NAT and Policy Routing preempt this decision. It's entirely possible to policy route to a destination, only to have that destination referred back simply because the longest match rule has been violated. Playing with fire if you ask me. Wayne -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 23, 2001 6:10 AM To: [EMAIL PROTECTED] Subject: Re: Quick CCIE Written Question [7:16891] Yes, the presence of 'no ip classless' (or ip clueless as I like to call it) can have an effect. For the purposes of our discussion I was assuming ip classless. Assuming 'no ip classless' needlessly muddies the waters, in my opinion. However, point taken. We all should be aware of the difference in classfull and classless lookups. then, always use classless routing and forget out about it. ;-) John John Nenye 8/22/01 2:05:23 PM John, Considering the question ip forwarding varies if you are deling with classful or classless addressing. check this link from cisco out http://www.cisco.com/warp/public/105/21.html - Original Message - From: John Neiberger To: Sent: Wednesday, August 22, 2001 12:37 PM Subject: RE: Quick CCIE Written Question [7:16797] Assume the following prefixes available in your routing table (taken from original example): 10.1.1.0/28 OSPF 10.1.0.0/24 EIGRP 10.1.1.0/26 Static All three would be entered into the table since they have different mask lengths. If a packet destined for 10.1.1.1 were to hit the router, which route would it choose? The /28 would be used because it is the matching prefix with the longest mask length. To the person who contends that the /26 would be chosen, can you explain your reasoning? Regards, John Fomes Iain 8/22/01 10:10:13 AM The most specific route- mask wise. Easy peasy lemon squeezy. Ask me another Bamber. -Original Message- From: Teresa Presutto [SMTP:[EMAIL PROTECTED]] Sent: 22 August 2001 16:50 To: [EMAIL PROTECTED] Subject: Re: Quick CCIE Written Question [7:16797] I bet 1$ on the static /26 Teresa - Original Message - From: Peter Slow To: [EMAIL PROTECTED] Sent: Wednesday, August 22, 2001 5:16 PM Subject: RE: Quick CCIE Written Question [7:16797] you're wrong. the /28 will be chosen. -humboldt -Original Message- From: Ednilson Rosa [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 10:51 AM To: [EMAIL PROTECTED] Subject: Re: Quick CCIE Written Question [7:16797] In this case, if you want to communicate with the host 10.1.1.1, for instance, the route chosen will be the static... Regards, Ednilson Rosa - Original Message - From: Wright, Jeremy To: Sent: Wednesday, August 22, 2001 11:17 AM Subject: RE: Quick CCIE Written Question [7:16797] So for example, if you have the following 10.1.1.0/28 OSPF 10.1.0.0/24 EIGRP 10.1.1.0/26 Static Which route will be chosen? Thanks for the help. -Original Message- From: McCallum, Robert [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 8:32 AM To: 'Wright, Jeremy'; [EMAIL PROTECTED] Subject: RE: Quick CCIE Written Question [7:16797] In a nut shell yes and no. i.e. Admin distance is the winner by means that the lower the admin distance the better, so a route learned from EIGRP will get into the routing table despite having a longer match route which was learned from say OSPF. BUT if you have two routes learned from the same admin distance then the longest match ALWAYS wins. Basically once the route is in the routing table then the longest match is the outmost winner. -Original Message- From: Wright, Jeremy [mailto:[EMAIL PROTECTED]] Sent: 22 August 2001 14:19 To: [EMAIL PROTECTED] Subject: Quick CCIE Written Question [7:16797] Does the longest match rule always override administrative distance?? [EMAIL PROTECTED] * DISCLAIMER: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use
RE: Avoiding IP conflicts in a MULTI-VLAN environment [7:16470]
If your critical servers are in there own subnet/VLAN, this is a natural barrier to even a misconfigured static. A client pc can't speak to a router not on its own subnet, therefore is forced to maintain any topology you devise. (i.e. the answer is strict addressing rules, and hierarchical designing) However there still isn't a good way to limit someone from using the address of the gateway statically and creating a mess. One solution I came up with is to write a custom application to send an arp probe every so often. If any MAC (both cases of the term) other than your router responds to the arp, have that port shut down via SNMP or a telnet script on your switch. Depending on your topology this may affect only 1 or possibly several client machines, but at least the whole VLAN will not be blocked out of the zone. It depends on your resolve, but truly anything can be accomplished with computers. Don't take NO for an answer. WAYNE A. BAETY, A1C, MCSE, USAF 18th Communications Squadron/SCBX 632-6211 -Original Message- From: dan snyder [mailto:[EMAIL PROTECTED]] Sent: Monday, August 20, 2001 10:23 AM To: [EMAIL PROTECTED] Subject: Re: Avoiding IP conflicts in a MULTI-VLAN environment [7:16470] as long as there are others that have the ability to connect workstations or servers to your network, the potential is there for address conflicts. we eliminate these by the users requesting addresses and to have server (or workstation) patched into the network. it is more work initially, but in the long run creates audit trails and prevents unauthorized ip address assignments. good luck. From: Kevin Wigle Reply-To: Kevin Wigle To: [EMAIL PROTECTED] Subject: Re: Avoiding IP conflicts in a MULTI-VLAN environment [7:16470] Date: Sat, 18 Aug 2001 17:26:36 -0400 It depends on the kind of environment you have and how much control you have - that is to say, do people who break the rules get in trouble or just get their hands slapped? (or nothing) Anyway, DHCP will definitely fix this problem but only if users don't change the IP configuration on their PCs from DHCP to static. I once worked in an environment that consisted of 10 floors of engineers. We got IP conflicts all the time because people didn't want to go through the process of asking for an address - especially if they thought they needed it only for a little while to test something out. At the time we were using static addressing which was handed out by a bootp server Once we installed switches and HP Openview and implemented DHCP, we could track down the offenders fairly quickly and then yank their connection (or shut the port) and wait for the phone to ring. After awhile, the engineers finally figured out that we could catch them and things cooled down. Also, because the DHCP pools had enough addresses to handle temporary requirements. I haven't heard about the issue about greater ARP version. Usually whoever has the address first wins and the second PC to attempt the address loses. Usually an error is reported back on the second PC with the MAC address of the PC that has the address already - which can be traced. Good user policies that are enforced and DHCP should prevent IP conflict problems. Kevin Wigle - Original Message - From: Hamid Ali Asgari To: Sent: Saturday, 18 August, 2001 15:22 Subject: Avoiding IP conflicts in a MULTI-VLAN environment [7:16470] Hi group I am setting up a network with some NT4 servers, a Catalyst 2948 switch , and a 7204 VXR router and some access servers. The network consists of 7 VLANs, and all the servers and routers are on multi-VLAN or TRUNK interfaces on the switch. The LAN consists of many computers with different operating systems such as UNIX, LINUX and Win2k. Lots of computers that will be connected to this LAN are laptops so I can't implement PORT SECURITY on the Catalyst. The problem is that I want to prevent my clients to make IP Conflicts in my network. Correct me if I am wrong, but someone had told me that when an IP conflict occurs , the computer with the greater ARP version wins (or something like that !), so the RED HAT 7.1 LINUX operating systems would take down my NT servers. Any ideas or soloutions how I could prevent these conflicts? Thanks in advance Hamid - Do You Yahoo!? Make international calls for as low as $0.04/minute with Yahoo! Messenger. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16626t=16470 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP Alarms? [7:15148]
I think the correct way to use this command is to set the upper threshold to an absurdly high amount based on a calculation of your memory capability. And the warning threshold to an amount that you start to turn in your grave, if you had one. If it gets to to the upper threshold level you have bigger problems to worry about than a loss of a peer session. (Fried NPMs w/ barbecue sauce anyone?) my .01 (I'm a cheapo) Wayne -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 08, 2001 7:59 AM To: [EMAIL PROTECTED] Subject: Re: BGP Alarms? [7:15148] You're absolutely correct! :-) I did not RTFM, and I soon discovered that I should have. But, I just removed that statement since it really wasn't necessary. I was just playing around and got burned.As you can tell, I still have not RTFM about that particular command since I did not know there was a warning-only keyword. The moral of the story? RTFM!! ;-) (Can you tell I love that acronym?) John dre 8/7/01 4:34:20 PM maybe you forgot to RTFM and missed that warning-only part. Check it again ; Of course, it may have been a good thing if you were to get the entirety of the IPv4 prefixes as /32's from your peer. I bet you wouldn't like that. I think I'd rather have the session go down. -dre John Neiberger wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... When I tried this method, there was a time when our provider accidentally sent too many prefixes and it hit the maximum limit which shutdown the session. I had to manually restart the session, and I wouldn't consider that to be a good thing. My $.02 John dre 8/7/01 1:37:17 PM neighbor maximum-prefix http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_r /iprprt2/1rdbgp.htm#xtocid142343 -dre Chris wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I was told that there is a criteria to set BGP alarms so that when the routing table reaches a certain number of routes, you get notification, does anyone know the answer to this question Thanks Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=15196t=15148 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CID test question [7:15131]
If you look at this question one way, one Answer sticks out like a swore thumb. When deciding on a particular routing protocol (one vs. another) What protocol considerations for routing are most likely to be made? A) resource utilization (Does the impact to a router's resource utililization for a particular protocol significant. i.e. OSPF is resource intensive during SPF calculations) b) address flexibility (Is address flexibility significant in protocol selection. i.e. RIPv1 allows no flexibility in address assignment beyond initially choosing a default subnet mask used throughout The contingent domain) c) convergence time (Does the impact on how fast a protocol views the entire network consistently at all points of routing decision significant in protocol selection. EIGRP has extremely fast convergence characteristics in the face of redundant links and ) d) bandwidth utilization (Does the impact on how well one routing protocol vs another manages available bandwidth for forwarding traffic significant in routing protocol selection? i.e. Does one routing protocol forward traffic faster than another?) in that case choice d is more a switching method design choice, I'd bet there are other questions on this test dealing with switching methods, therefore this question acts as a primer for those. Of course, if I was taking this test I would have wanted to click all the answers, but since I know test makers always put a All above at the end for the questions they want answered in that fashion, I would have been this critical in deciding the answers. In test taking, repeat the question, (or questionize the statement) for each answer and usually you'll see the light 8) IMHO Wayne -Original Message- From: Stephen Skinner [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 08, 2001 2:41 AM To: [EMAIL PROTECTED] Subject: CID test question [7:15131] howdy... do you chaps agree or disagreei personally think it should be ABD indetify the considerations for routing protocol selection A) resource utilization b) address Flexibilty c) convergence time d) bandwidth utilization it says A,B,C i say A,C,D.your thought please steve _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=15200t=15131 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Written [7:9091]
Blah, the second edition is just fine. You did know there was a second edition right? If for any other reason, its a good study aid to know what to study. Coupled with the internet its invaluable (always verify what you read anyway w/ RFCs, Company White papers, Standards documents, etc.) He's a very enlightened fellow Mr. Giles, but has a tendency to ramble. For instance, you'll be talking about a topic in the application layer, and within the same paragraph he's encapsulated himself all the way down to the LLC sublayer. -Original Message- From: Dennis H [mailto:[EMAIL PROTECTED]] Sent: Friday, June 22, 2001 4:12 AM To: [EMAIL PROTECTED] Subject: Re: CCIE Written [7:9091] I would scrap the Guiles book... it's crap and full of errors... Ken Browne wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello. I'm getting ready for my CCIE written examination on the 26th of June. I've recently gotten my NP and DP, and I'm studying for the CCIE written by reading the entire book of All-In-One CCIE Study guide by Roosevelt Giles. After I read the book, I'm going to take Boson tests and any other test or questions I can to prepare. Any other suggestions? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12433t=9091 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: how to check statistics on a single nat entry [7:748]
Well, Since ip nat is accomplished through the use of access lists, you can log the rule hits/misses or view the statics on the number of matches with the _show access-lists_. Logging can be used to analyze traffic going through your access lists (and thus, nat'ed) so that you can obtain more specific information. I wouldn't recommend logging all your filters, but picking one that you are curious about and logging that. I don't believe there is an IOS command to show the statistics of a particular rule beyond the amount of times it was matched. Since 11.3 logging can be used with standard access lists as well as extended access lists. Example: (1) addresses you: _access-list 1 permit 192.168.100.0 0.0.0.255 log_ want nat'ed (2) addresses to : _ip nat pool nsub100 1.1.1.2 1.1.1.254 prefix 24_ which you nat (3) linking the : _ip nat inside source list 1 pool nsub100_ two together (3) Translates packets from interfaces marked as inside (inside initiates the NAT translation) that match rule (1), their respective ip source address, to a random address (one that is available) in the range specified in (2) (3) Also works in the opposite direction. It translates packets from interfaces marked as outside, their respective ip destination address that fits in the range specified in (2), and that was setup as a translation as outlined above, until the NAT translation timeout timer expires. This part is first routed and then NATed. Which means, if the destination address isn't configured on an interface on the router, it will be looked up in the routing table and will bypass NAT entirely. If the destination address is configured on an interface it will then be passed to the NAT engine for processing. This "feature" could be exploited (i mean used) to offload NAT processing to multiple routers (by dividing (2) into subnets and using a routing process). In either case, coming in or going out, permitted or denied the results are logged (and sent to the console) From EXEC mode: _show access-lists 1_ OUTPUT: access-list 1 permit 192.168.100.0 0.0.0.255 log (3 matches) This will show you the configured access rules for 1 and the number of times each rule was matched (rudimentary statistics) with logging information going to the console (more elaborate statistics). I hope I've answered your question, and perhaps enlightened you on the innerworkings of NAT a little bit more ;-) (Of course you will need the requisite IOS feature pack loaded for any of this to work) ciao Wayne A. Baety, A1C, USAF, MCSE Network Operations Support, Kadena AB [EMAIL PROTECTED] -Original Message- From: Adam Wang [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 21, 2001 7:20 AM To: [EMAIL PROTECTED] Subject: how to check statistics on a single nat entry Hi group How would I check statistics on a single nat entry show ip nat statistics will give me the whole picture, not individual entries. Thanks Adam Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=748t=748 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]