RE: show spanning-tree command and the port number [7:42239]
Automajically!!! other than that I don't know. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tony Chen Sent: Monday, April 22, 2002 1:58 PM To: [EMAIL PROTECTED] Subject: RE: show spanning-tree command and the port number [7:42239] Bill, Thanks for the input, but how does int fa0/1 got translated into 13, and int fa0/2 got translated to 14 and so on. Tony >>> "Bill Carter" 04/22/02 01:27PM >>> I believe 13 is the ifindex number. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tony Chen Sent: Monday, April 22, 2002 11:19 AM To: [EMAIL PROTECTED] Subject: show spanning-tree command and the port number [7:42239] The following is the captured output of command "show spanning-tree fa0/1" on catalyst 2900XL. What is the relationship between interface fa0/1 and port 13? Where does this number port 13 come from? 2900XL#show spanning-tree interface fastEthernet 0/1 Interface Fa0/1 (port 13) in Spanning tree 1 is FORWARDING Port path cost 19, Port priority 128 Designated root has priority 8192, address 0010.0db1.7800 Designated bridge has priority 32768, address 0050.8039.ec40 Designated port is 13, path cost 19 Timers: message age 0, forward delay 0, hold 0 BPDU: sent 2105, received 1 The port is in the portfast mode Tony *** This message is a private communication. If you are not the intended recipient, please do not read, copy, or use it, and do not disclose it to others. Please notify the sender of the delivery error by replying to this message, and then delete it from your system. Thank you. - Visit http://www.ballfoundation.org for our latest news. *** This message is a private communication. If you are not the intended recipient, please do not read, copy, or use it, and do not disclose it to others. Please notify the sender of the delivery error by replying to this message, and then delete it from your system. Thank you. - Visit http://www.ballfoundation.org for our latest news. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42258&t=42239 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: show spanning-tree command and the port number [7:42239]
I believe 13 is the ifindex number. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tony Chen Sent: Monday, April 22, 2002 11:19 AM To: [EMAIL PROTECTED] Subject: show spanning-tree command and the port number [7:42239] The following is the captured output of command "show spanning-tree fa0/1" on catalyst 2900XL. What is the relationship between interface fa0/1 and port 13? Where does this number port 13 come from? 2900XL#show spanning-tree interface fastEthernet 0/1 Interface Fa0/1 (port 13) in Spanning tree 1 is FORWARDING Port path cost 19, Port priority 128 Designated root has priority 8192, address 0010.0db1.7800 Designated bridge has priority 32768, address 0050.8039.ec40 Designated port is 13, path cost 19 Timers: message age 0, forward delay 0, hold 0 BPDU: sent 2105, received 1 The port is in the portfast mode Tony *** This message is a private communication. If you are not the intended recipient, please do not read, copy, or use it, and do not disclose it to others. Please notify the sender of the delivery error by replying to this message, and then delete it from your system. Thank you. - Visit http://www.ballfoundation.org for our latest news. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42247&t=42239 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF vs EIGRP [7:41613]
I currently manage a Large network (300) routers running OSPF and IPX. When I first got here the network was Proteon routers. The routers were severely limited in memory. Think 2500's with 8Mb RAM. We had a Cisco 5500 w/ RSM in the core and started to replace the Proteons with Bay ASN. So we had a Proteon/Cisco/Bay OSPF network. The only vendor compatibility problems were Proteon vs. everything else. The Bay's and Cisco's worked together fine. The IPX network is very large. 900 routes and 3500 SAP's. The Bay couldn't handle it. Honestly they were underspec'd (done before I got here). So the customer decided to replace the Bay with Cisco. We now have 2 7206VXR's in the core and 300+ 2600's in the remotes with about 20 3600's in regional centers. I like OSPF because or all the built in tweaks with different areas etc. I know of a much larger network here locally running BGP and EIGRP. You can do lot's with EIGRP in terms of different AS's and summarization. They have done some innovative things with the network and it works very well. In essence they have made an EIGRP network look and behave like an OSPF network. I would also look at IS-IS. It is a clean, neat protocol. I know many who aren't in the SP area are scared of IS-IS but it is a great protocol. Think OSPF without the Area 0 concept. You create different Areas of L1 routers and tie them together with L1/L2 routers. The primary problem in any large network is memory consumption on the routers. If all the routers must maintain full routing tables you can eat up a lot of memory. Whether you go OSPF, EIGRP, or IS-IS, you need to segment the network into logical summarization boundaries. I would draw out your network from a layer-2 perspective, find the logical boundaries for summarization, and then see what works for a routing protocol. In a poorly designed large network it doesn't matter if you are running OSPF, EIGRP, or IS-IS. Have I done a good job of not answering your question??? Email me if you want to discuss this further. Bill Carter CCIE 5022 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Madory Douglas C 1Lt 603 ACS/LGC Sent: Tuesday, April 16, 2002 10:21 AM To: [EMAIL PROTECTED] Subject: OSPF vs EIGRP [7:41613] What experiences have people had in setting up and maintaining OSPF vs EIGRP on a large network? I'm aware of the proprietary implications of EIGRP and the basic differences in design of the protocols - how they are _supposed_ to work, but, in practice, would you say one is more stable / dependable / manageable than the other? Also, what about OSPF between Cisco and non-Cisco products? Do they always work together like they're supposed to? If you have some first-hand experience with this, I'd really like to hear about it. Thanks, Doug. Douglas Madory,1st Lt Flt CC, C4I Systems 603 ACS / LGC UVA '99 WAHOOWA! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41620&t=41613 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Multi Vlan and cat4006 sup3 [7:41571]
Sup3 is IP only right nowCome One Cisco at least get the IPX on there. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Cisco Breaker Sent: Tuesday, April 16, 2002 9:04 AM To: [EMAIL PROTECTED] Subject: Re: Multi Vlan and cat4006 sup3 [7:41571] Can you configure Appletalk routing between VLAN's on cat4006sup3? Best regards, ""MADMAN"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I just got a supIII installed in the lab a couple days ago and I don't > see any multi vlan options aside from a trunk: > > C4006SUPIII(config-if)#switchport ? > accessSet access mode characteristics of the interface > host Set port host > mode Set trunking mode of the interface > nonegotiate Device will not engage in negotiation protocol on this > interface > private-vlan Set the private VLAN host association or promiscuous > mapping > trunk Set trunking characteristics of the interface > > > C4006SUPIII(config-if)#switchport acc > C4006SUPIII(config-if)#switchport access ? > vlan Set VLAN when interface is in access mode > > As far as appletalk is concerned yes you need a appletalke capable > router or bridge it. > > Dave > > As > > Cisco Breaker wrote: > > > > Hi All, > > > > Our customer wants to buy cat 4006 with sup3. But they use Appletalk. As I > > know the sup3 IOS doesnt support Appletalk routing yet, so I have to put a > > router for that, am I right? > > > > And also is it possible to assign the server's port into 2 vlans. If I > can > > put the server's port which is on the switch to 2 Vlans (multi Vlan) it > will > > be OK but is it possible? > > > > Any help will be appreciated. > > > > Best regards, > > > > Cisco Breaker > -- > David Madland > Sr. Network Engineer > CCIE# 2016 > Qwest Communications Int. Inc. > [EMAIL PROTECTED] > 612-664-3367 > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41614&t=41571 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IOS Documentation [7:41577]
I have done this. In a large network CiscoWorks 2000 Resource Manager Essentials is invaluable. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tim Champion Sent: Tuesday, April 16, 2002 5:40 AM To: [EMAIL PROTECTED] Subject: IOS Documentation [7:41577] I have recently been asked to document the various IOS images used within our network to be used as a baseline. Has anyone had experience in putting together this kind of document? Many thanks in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41600&t=41577 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco work2000 [7:40325]
Its giving you that message because you can't install CiscoWorks 2000 on a PDC or a BDC. It must be installed on either a WinNT or Win2K server that is not a PDC or a BDC. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 03, 2002 8:03 AM To: [EMAIL PROTECTED] Subject: Cisco work2000 [7:40325] Hi all I have Cisco Works 2000 ,I tried to install it on a PDC with 2000 platform , the program which is called CD-ONE refused to be installed giving me a message saying the CD-ONE cannot complete the installation because of the following reasons - This is not Nt Workstation or NT server - This is a PDC/BDC I am really confused why its giving me this message help please Ismail Al-shelh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40351&t=40325 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: pix question [7:39560]
show access-l -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 27, 2002 7:05 AM To: [EMAIL PROTECTED] Subject: pix question [7:39560] whats the equivelent of show access-list on the pix George Gittins Internet Systems Manager Weslaco, Tx 78599 Phone (956)9696557 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39635&t=39560 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN Switch - Teleos [7:39556]
Teltone is ok, easy config. Sometimes can be flaky but reboots fix it. I found it is better to shutdown the bri interface. make configuration changes the no shut. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 26, 2002 12:43 PM To: [EMAIL PROTECTED] Subject: ISDN Switch - Teleos [7:39556] Does anyone know of a good ISDN simulator ? I have a co-worker who bought a Teleos Switch, but documentation is not easy obtainable and it appears a complex device. Since the Teleos switch is not a sim, but an actual ISDN switch I don't know anyone who has ever used it. If you have any information on the Teleos products or a ISDN sim please respond to this note. I am in the process of putting a CCIE lab together and the ISDN switch/sim appears to be the hardest component to find. Thanks Derrick Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39611&t=39556 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem in x.25 connection [7:39596]
Last time I saw this the clock rate command was missing from the Cisco interface config. The tech said the config was good. I looked through it and saw it missing. Don't know if he forgot or it disappeared. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of dovelet Sent: Wednesday, March 27, 2002 7:20 AM To: [EMAIL PROTECTED] Subject: Problem in x.25 connection [7:39596] Hi all, I have a problem in x.25 connection and I hope someone can help me. I have a Cisco 2501 router connected to a x.25 device. When I connected a Cisco V.35 DCE cable (Cisco generated clock signal [64k]) to that x.25 device, the serial 0 is up but the line protocol is down. All the x.25 parameters of the Cisco router and the x.25 device are same. When I start the "debug x25 all" and "debug lapb", I got the follow debug messages: --- 1d2h: Serial0: LAPB T1 SABMSENT 1143506 2 1d2h: Serial0: LAPB O SABMSENT (2) SABM P 1d2h: Serial0: LAPB T1 SABMSENT 1143509 3 1d2h: Serial0: LAPB O SABMSENT (2) SABM P However, when I connect a Black Box NULL modem box between them (Cisco cable changed to V.35 DTE cable), the link protocol was up and connection can be establish. I got the following debug messages: 2d04h: Serial0: LAPB O SABMSENT (2) SABM P 2d04h: Serial0: LAPB I SABMSENT (2) UA F 2d04h: Serial0: X.25 O R/Inactive Restart (5) 8 lci 0 2d04h: Cause 0, Diag 0 (DTE originated/No additional information) 2d04h: Serial0: LAPB O CONNECT (7) IFRAME 0 0 2d04h: Serial0: LAPB I CONNECT (7) IFRAME 0 0 2d04h: Serial0: X.25 I R2 Restart (5) 8 lci 0 2d04h: Cause 7, Diag 0 (Network operational/No additional information) 2d04h: Serial0: LAPB I CONNECT (2) RR (R) 1 2d04h: Serial0: LAPB O CONNECT (2) RR (R) 1 *Mar 3 04:47:58: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up - FYI, the Black Box NULL modem box is a electronic device which will generate clock signal [64k] All the configuration of Cisco router and the x.25 device were unchange, so I think it is not related to x.25 configuration. Anyone has idea? Regards, Dovelet Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39607&t=39596 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Bridging and HSRP [7:39525]
It relates to DECnet using the mac address of the interface to derive the DECnet address. You need to configure DECnet, then HSRP using standby use-bia. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, March 26, 2002 8:26 AM To: [EMAIL PROTECTED] Subject: Bridging and HSRP [7:39525] Greetings all, I've a 6509 with 2 sups and MSFCs, running hsrp between both MSFCs. Routing 5 vlans, two of those 5 vlan are also bridging decnet. When I've the standby interface up, users can't get out, if I shutdown the standby interface all is good. According to Cisco I've to enable "standby use-bia" feature to prevent this problem. Have you guys seen this before, and what causes this problem? Just looking for some education and solutions. Thanks..Nabil - Hope I made my problem clear! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39531&t=39525 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Upgrade to RME 3.3 [7:39056]
I did the upgrade sort of. We got a new server to run it on. I did a fresh install of 3.3 on the new Win2k server. I then imported from a file to old inventory list. I has to manually import IOS and CatOS images. 3.3 is definitely an improvement. I just received word from TAC that 3.4 should be out April/May. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Richard Tufaro Sent: Thursday, March 21, 2002 12:02 PM To: [EMAIL PROTECTED] Subject: Upgrade to RME 3.3 [7:39056] Hey been browsing around, and wondered if anyone took the leap to version 3.3 of RME with CiscoWorks 2K. We are using CiscoWorks 2K with RME 2.2 and I wanted to know if anyone could share an experience. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39074&t=39056 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Flapping [7:38822]
shutting down the interface doesn't work when testing backup interface. The router is pretty smart and can tell the difference between Admin down and down. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Matthew Meiers Sent: Tuesday, March 19, 2002 12:06 PM To: [EMAIL PROTECTED] Subject: RE: Flapping [7:38822] Just use the shutdown command -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of PING Sent: Tuesday, March 19, 2002 11:12 AM To: [EMAIL PROTECTED] Subject: Flapping [7:38822] I am looking for some tool which can generate hardware line flaps. I have been doing this by going into the lab and manually jiggling the interface cable at various intervals and watching the debug output on the console. I was wondering if there were any tools that would help me do this in a smarter way? Nadeem Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38844&t=38822 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Flapping [7:38822]
Screwdriver, wrench, hammer do they cable need to work afterwards. Sorry, couldn't help it.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of PING Sent: Tuesday, March 19, 2002 11:12 AM To: [EMAIL PROTECTED] Subject: Flapping [7:38822] I am looking for some tool which can generate hardware line flaps. I have been doing this by going into the lab and manually jiggling the interface cable at various intervals and watching the debug output on the console. I was wondering if there were any tools that would help me do this in a smarter way? Nadeem Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38831&t=38822 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco IOS for 3524 switch [7:37544]
That software version is fine. I run it on 200 Cat 3500XL's and 2900XL's. Sounds like you are have a duplex mismatch problem. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of sam sneed Sent: Thursday, March 07, 2002 11:19 AM To: [EMAIL PROTECTED] Subject: Cisco IOS for 3524 switch [7:37544] I am having strange problems with a Cisco Switch. Any devcie a pug into it, switch hub whatever is really slow. I noticed the IOS is IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5.2)XU, MAINTENANCE INTERIM SOFTWARE on a sh ver , what does MAINTENANCE INTERIM SOFTWARE mean? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37550&t=37544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: pix HW upgrade in failover config [7:36812]
This works well. follow these steps for adding hardware. Failover doesn't work if hardware configurations are different. You should 1. power down the primary 2. Install card in primary 2. power down secondary 3. power up primary 4. install card in secondary 5. power up secondary Here is the tricky part. I had installed additional Ethernet card. The PIX renumbered the ports so my config was invalid. I had to basically enable all of the ports and plug them in to a switch one at a time so I could identify which port corresponded to which interface. ugly! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Patrick Ramsey Sent: Thursday, February 28, 2002 10:48 AM To: [EMAIL PROTECTED] Subject: pix HW upgrade in failover config [7:36812] Hey list, Anybody ever used failover on the pix to upgrade hardware with minimal downtime? I'm wondering what exactly is goign to happen. I want to take the secondary offline, insert a gig module, then bring it back onlinewill the difference in hardware cause issues with the config sync? I then want to bring the primary down and insert a gig module (or vice versa) Maybe I should bring the primary down first so when I bring it back up, at least I will have one working firewall...? anybody? -Patrick > Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. ("WellStar") and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36829&t=36812 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TWO ISP AND ONE FAILURE [7:36371]
HSRP on the Ethernet Interfaces of your 2 routers. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Yassel Omar Izquierdo Souchay Sent: Monday, February 25, 2002 9:11 AM To: [EMAIL PROTECTED] Subject: TWO ISP AND ONE FAILURE [7:36371] Hello i have a frecuent porblem with one of my isp, i have two cisco routers and each one to different isp. Frequentily i have to change the gateway of one of my servers, because one isp is failure. I want to know if with one of BGP, OSPF, RIP, NAT or other protocol i could do the change automatically to the other active isp. It happening me right now. And when i have to do that i have to reset one of my servers.. :S. Is a costs operatrion its a mail server. So if somebody knows how to resolve between routers with different isp each one, how to route accross the other good gateway. Thnx in advance Yassl Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36385&t=36371 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco web product catalog [7:33926]
the = means it is included in a product, like software on a router or a blade on a switch. Don't know why -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Muthuraja Ayyanar Sent: Thursday, January 31, 2002 1:34 PM To: [EMAIL PROTECTED] Subject: Cisco web product catalog [7:33926] Hi All , In the Cisco web site product catalog there are two identical entry for each and every part # / description, namely the first one without = sign and the second one with = sign.What exactly id the differnence between those two ?? For instance for 3620 IOS IP has the following two entries ?? Cisco 3620 Series IOS IP S362C-12104 Cisco 3620 Series IOS IP S362C-12104= Thanks, Muthu Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33962&t=33926 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE benefits [7:33872]
If the device in question has Smartnet, a CCIE can automatically go to Level 2 live handoff. They assume you have done the basic trouble shooting and CCO research. Not sure if CCIE gets free TAC support if there is no smartnet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Joe Carr Sent: Thursday, January 31, 2002 10:39 AM To: [EMAIL PROTECTED] Subject: Fw: CCIE benefits [7:33872] - Original Message - From: Joe Carr To: [EMAIL PROTECTED] Sent: Thursday, January 31, 2002 10:26 AM Subject: CCIE benefits Does anyone know if a CCIE gets free TAC support? OR what other benefits does a CCIE receive Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33886&t=33872 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Internet Router? [7:33639]
The highest I have seen was around 20% when I did a clear bgp ne * Great boxes and the Ethernet interface is 100MB -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hire, Ejay Sent: Wednesday, January 30, 2002 1:02 PM To: [EMAIL PROTECTED] Subject: RE: Internet Router? [7:33639] Have you checked the utilization on those 2650's? I'd bet it's never gotten above 15%. The 2650's can handle a lot more than 1 t-1's worth of traffic. -Ejay -Original Message- From: Bill Carter [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 30, 2002 12:24 PM To: [EMAIL PROTECTED] Subject: RE: Internet Router? [7:33639] The 3640 will work for you. I would definitely max out the RAM. Some others have commented about not needing full BGP route tables. My customers have been very happy with partial tables as described in the following CCO link. I have also had customers use 2 2650's, 1 T-1 per connection box, HSRP on the Ethernet port and run IBGP between each other for optimal routing. I then configured them with the below link. http://www.cisco.com/warp/customer/459/41.shtml -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Scott Nawalaniec Sent: Tuesday, January 29, 2002 10:45 PM To: [EMAIL PROTECTED] Subject: Internet Router? [7:33639] Hello Everybody, I just want to run this by everyone for their input from experience. Scenario: I'm looking for a Cisco router that will be providing Internet connectivity running BGP and that will be able to handle the capacity of 2 PTP T1's to the Internet. I know minimum RAM will have to be 64mbs for BGP routes. I just want to know what people have tried that does and doesn't work. My choice would be a 3640 for future T1 expandability and/or a HSSI port. Thank you for the input. Scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33754&t=33639 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FW: [INFOCON] - UNIRAS Briefing - 23/02 - Cisco - CatOS [7:33727]
I have been happy with 6.3(4). I would want to hold off on the 7.1(1). No experience with it, but it seems on the Cats early revisions can sometimes be flaky. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tay Chee Yong Sent: Wednesday, January 30, 2002 8:00 AM To: [EMAIL PROTECTED] Subject: Re: FW: [INFOCON] - UNIRAS Briefing - 23/02 - Cisco - CatOS [7:33684] Hi, Someone has any idea which CatOS for Cat6k is a stable release? I am currently using Release 6.1(1d), and I need to upgrade it. I am also looking at Release 7.1(1) with SSH support. Any advise from the experts out there?? Thanks Regards, Cheeyong At 08:48 AM 1/30/02 -0500, Hire, Ejay wrote: >-BEGIN PGP SIGNED MESSAGE- > >- - - > >UNIRAS (UK Govt CERT) Briefing Notice - 23/02 dated 30.01.02 Time: 09:32 > UNIRAS is part of NISCC(National Infrastructure Security Co-ordination >Centre) >- - - > > UNIRAS material is also available from its website at www.uniras.gov.uk >and > Information about NISCC is available from www.niscc.gov.uk >- - - > > >Title >= >Cisco CatOS Telnet Buffer Vulnerability > >Detail >== > >- -BEGIN PGP SIGNED MESSAGE- > >Cisco Security Advisory: Cisco CatOS Telnet Buffer Vulnerability > > >Revision 1.0 > >For Public Release 2002 January 29 at 1500 UTC > >- - --- - >--- > >Summary >- - --- >Some Cisco Catalyst switches, running certain CatOS based software releases, >have a vulnerability wherein a buffer overflow in the telnet option handling >can cause the telnet daemon to crash and result in a switch reload. This >vulnerability can be exploited to initiate a denial of service (DoS) attack. > >This vulnerability is documented as Cisco bug ID CSCdw19195. There are >workarounds available to mitigate the vulnerability. > >This advisory will be posted at http://www.cisco.com/warp/public/707/ >catos-telrcv-vuln-pub.shtml . > >Affected Products >- - - >Cisco's various Catalyst family of switches run CatOS-based releases or >IOS-based releases. IOS-based releases are not vulnerable. > >The following Cisco Catalyst Switches are vulnerable : > > * Catalyst 6000 series > * Catalyst 5000 series > * Catalyst 4000 series > * Catalyst 2948G > * Catalyst 2900 > >For the switches above, the following CatOS based switch software revisions >are >vulnerable. > >+-- - >--+ >| | Release 4 | Release 5 | Release 6 | Release 7 >| >| | code base | code base | code base | code base >| >|---+---+---+--+--- - >--| >| Catalyst 6000 | Not | earlier than | earlier than | earlier >than | >| series| Applicable |5.5(13)|6.3(4)|7.1(2) >| >|---+---+---+--+--- - >--| >| Catalyst 5000 | earlier than | earlier than | earlier than | Not >| >| series| 4.5(13a)|5.5(13)|6.3(4)| Applicable >| >|---+---+---+--+--- - >--| >| Catalyst 4000 | All releases | earlier than | earlier than | earlier >than | >| series| |5.5(13)|6.3(4)|7.1(2) >| >+-- - >--+ > >To determine your software revision, type show version at the command line >prompt. > >Not Affected Products >- - - >The following Cisco Catalyst Switches are not vulnerable : > > * Catalyst 8500 series > * Catalyst 4800 series > * Catalyst 4200 series > * Catalyst 3900 series > * Catalyst 3550 series > * Catalyst 3500 XL series > * Catalyst 4840G > * Catalyst 4908G-l3 > * Catalyst 2948G-l3 > * Catalyst 2950 > * Catalyst 2900 XL > * Catalyst 2900 LRE XL > * Catalyst 2820 > * Catalyst 1900 > >No other Cisco product is currently known to be affected by this >vulnerability. > >Details >- - --- >Some Cisco Catalyst switches, running certain CatOS-based software releases, >have a vulnerability wherein a buffer overflow in the telnet option handling >can cause the telnet daemon to crash and result in a switch reload. This >vulnerability can be exploited to initiate a denial of service (DoS) attack. >Once the switch has reloaded, it is still vulnerable and the attack can be >repeated as long as the switch is IP reachable on port 23 and has not been >upgraded to a fixed version of CatOS switch software. > >This vulnera
RE: Errors on Ethernet Ports on 6500?!?!?! [7:32853]
I have been seeing a lot of problems with 3COM NIC's If the switch is forced 100/full and the NIC is auto we get a lot of errors, if NIC is forced 100/Full errors go away. If Switch and 3Com NIC left to auto switch will come up 100/full and NIC 100/half. You have to make sure the NIC is also forced. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael Williams Sent: Tuesday, January 22, 2002 1:41 PM To: [EMAIL PROTECTED] Subject: Errors on Ethernet Ports on 6500?!?!?! [7:32853] This is wild stuff, so I thought I'd run it by GroupStudy to see if anyone had seen this before or knew what caused it. We're currently migrating connections from a 5513+RSM to a new 6509+Sup2/MSFC2. There were three ethernet connections, that upon being moved from the 5500 to the 6500, starting showing input errors and CRC errors. When these connections were moved, the port on the 6500 was configured identically to the same port on the 5500 as far as speed, duplex, VLAN assignment, and spanning tree settings. These same devices (same patch cables and all) created no errors on the 5500 whatsoever. Here's the kicker: When we went back and changed the port speed/duplex to "auto" on the 6500, it negociated the same speed/duplex settings we had forced, but now there were no more errors. (i.e. a server set for 100-Full, that was plugged into a switchport on the 5500 forced to 100-Full was fine, but plugged into a port on the 6500 forced to 100-Full caused errors, and plugged into the exact same 6500 port set for "auto" speed/duplex had no errors.) Any ideas on why letting the switch detect settings caused no errors while forcing it to those same settings causes errors? Thanks, Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33725&t=32853 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Looking for V.35 Cables [7:33619]
I just got a catalogue from www.l-m.com that has Cisco cables for a good price. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kwame Sent: Tuesday, January 29, 2002 4:55 PM To: [EMAIL PROTECTED] Subject: Looking for V.35 Cables [7:33619] Looking for a couple of V.35 Cables for back to back router connection from a 7513 to 2511. Anyone? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33722&t=33619 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Internet Router? [7:33639]
The 3640 will work for you. I would definitely max out the RAM. Some others have commented about not needing full BGP route tables. My customers have been very happy with partial tables as described in the following CCO link. I have also had customers use 2 2650's, 1 T-1 per connection box, HSRP on the Ethernet port and run IBGP between each other for optimal routing. I then configured them with the below link. http://www.cisco.com/warp/customer/459/41.shtml -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Scott Nawalaniec Sent: Tuesday, January 29, 2002 10:45 PM To: [EMAIL PROTECTED] Subject: Internet Router? [7:33639] Hello Everybody, I just want to run this by everyone for their input from experience. Scenario: I'm looking for a Cisco router that will be providing Internet connectivity running BGP and that will be able to handle the capacity of 2 PTP T1's to the Internet. I know minimum RAM will have to be 64mbs for BGP routes. I just want to know what people have tried that does and doesn't work. My choice would be a 3640 for future T1 expandability and/or a HSSI port. Thank you for the input. Scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33721&t=33639 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco AVVID vs. 3Com [7:33705]
My company is a Cisco Voice partner and a 3Com Voice Partner. The office I work out of uses the 3Com NBX for about 20 phones. It works, no real complaints. Some of the earlier versions of code were pretty bad. Downsides, NBX has 1 hard drive, if it goes we are down. No way to backup. 3Com may be providing a new solution, I'm not sure??? Here is our position when selling to a customers. If they are a small office (0-30 phones), with no need for VoIP connecting different offices, 3Com is probably the best choice. Cost is a lot less than Cisco solution for same customer and customer wants basic features (voice-mail, auto-attendant, call-park, call-transfer, speaker phone). For customers with larger offices (40+ phones), the potential for VoIP with branch offices we go Cisco. We end up selling Cisco to 95% of our customers. In-line powered phones is a big advantage. Power outlets at the desk are usually filled, it's nice to avoid power strips at every desk. I see 3Com has a price advantage and Cisco has a Technology advantage. Support from Cisco is excellent. Lots of time the problem people have with the Cisco solution is the complexity. Cisco VoIP can work in many different environments, 3Com is more positioned for the standard/simple small office. Don't forget data integration with IP phone system. XML applications to the phone are a very good thing. Some applications on the phones our customers like are phone directories, time-clock sign-in/sign-out (for hourly staff). You have to look at the survivability of the company. 3Com has problems turning a profit. Networkers hate 3Com NICs, 3Com has exited the core switching market. They now sell NICs (most professionals hate them), modems (commodity), low end switches (commodity), home broadband routers (Cable/DSL commodity), and a low end phone system. How long will this model work Will they dump the NBX in the next 12 months??? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Stull, Cory Sent: Wednesday, January 30, 2002 9:48 AM To: [EMAIL PROTECTED] Subject: OT: Cisco AVVID vs. 3Com [7:33705] Does anyone have any working experience or good opinions on Cisco's IP Telephony solution compared to 3Com? I'm trying to make a buying decision and right now am very up in the air. 3Com has a nice and more cost effective solution that even would allow me to (coming soon) be able to use my existing legacy Lucent/Nortel phones with their NBX system. But 3Com doesn't have IP to the phone yet and they seem to have some proprietary voice over ethernet... Their inline power is also consisting of power patch panels or the power coupler.. not pretty. Any comments? Thanks Cory Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33720&t=33705 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2924XL and Blue Screen of Death: Resolved [7:33203]
It would be a great help to have Intel NIC's as the built in NIC an Dell's! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of juno vtv Sent: Friday, January 25, 2002 5:16 PM To: [EMAIL PROTECTED] Subject: Re: 2924XL and Blue Screen of Death: Resolved [7:33203] That's interesting, I work at Intel and we test our nics and drivers here in the lab all day. I would be willing to help out anyone who are having problems with their Intel nics. John, what version of the Novell client are you using? -junovtv Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33427&t=33203 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2924XL and Blue Screen of Death: Resolved [7:33203]
When I ran into the problem with 3Com NIC's in new Dell, the solution was to download a driver/maintenance disk from either Dell or 3Com, and make it bootable. We then went into the hardware configuration of the NIC and disabled power management and WakeOnLan. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steven A. Ridder Sent: Friday, January 25, 2002 10:14 AM To: [EMAIL PROTECTED] Subject: Re: 2924XL and Blue Screen of Death: Resolved [7:33203] I meant 3c905b's are nice. I think the 509's are old ISA cards. ""Steven A. Ridder"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Those DELL's with the 3com nic's have so many problems! There's a thread > over in comp.dcom.sys.cisco with someone else having problems with the same > PC's and NIC's. > > Usually the 3c509's are OK. I remember the 3C509B's as being rock-solid. > How fast are the PC's booting to beat portfast? Or are the NIC's some sort > of boot on lan client, where the NIC get's taken over before the OS even > loads. Maybe someone can disable the wake on lan feature if those DELL's > have it, because otherwise I can't imagine a NIC caring about network > connectivity before the OS kernel wakes up and takes over the NIC anyways. > > > ""John Neiberger"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Well, sort of resolved. This turned out to be a known issue with Dell > > machines, specifically machines using a 3COM 3C905C NIC. They expect > > the network to be available almost immediately upon bootup and can't > > handle the delay caused by spanning tree. In some cases, even portfast > > did not reduce the time sufficiently. > > > > So, watch out for those 3COM NICs! > > > > John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33210&t=33203 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2924XL and Blue Screen of Death: Resolved [7:33203]
I wonder if these cards would have problems with 3Com switches -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Neiberger Sent: Friday, January 25, 2002 9:58 AM To: [EMAIL PROTECTED] Subject: 2924XL and Blue Screen of Death: Resolved [7:33203] Well, sort of resolved. This turned out to be a known issue with Dell machines, specifically machines using a 3COM 3C905C NIC. They expect the network to be available almost immediately upon bootup and can't handle the delay caused by spanning tree. In some cases, even portfast did not reduce the time sufficiently. So, watch out for those 3COM NICs! John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33211&t=33203 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: help with outbound statement [7:33085]
access-group outbound in interface inside -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 24, 2002 2:32 PM To: [EMAIL PROTECTED] Subject: FW: help with outbound statement [7:33085] i inputed this command , access-list outbound deny ip 10.3.0.0 255.255.0.0 216.136.131.71 255.255.255.255 do i have to apply it to an interface? > >outbound 1 deny 10.3.0.0 255.255.0.0 216.136.131.71 255.255.255.255 Which version of PIX code are you running? 5.x syntax would be: access-list outbound deny ip 10.3.0.0 255.255.0.0 216.136.131.71 255.255.255.255 >which would say network everything on network 10.3.0.0 can go to >216.136.131.71 >i get an error >so i cant even apply it to the inside interface yet I'd also ask you to reconsider naming your access list 'outbound' if you're applying it to the 'inside' interface - I did the same thing, but it can be VERY confusing. Wait until you accidentally apply it to the 'outside' interface - deleting the existing access list... Berry Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33120&t=33085 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CiscoWorks 2000: Campus Manager can't connect to ANI Server [7:33084]
I had the same problem. Never got it resolved until I reinstalled NT and Ciscoworks 2K/Campus Manager. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dandi Darsana Sent: Thursday, January 24, 2002 5:34 AM To: [EMAIL PROTECTED] Subject: CiscoWorks 2000: Campus Manager can't connect to ANI Server [7:33061] Dear all, I have problem with my Ciscoworks 2000. It running under Windows NT ver.4, Service Pack 6. Everytime I try to run Campus Manager, I always get error message: "Cannot connect to ANI Server." I have checked and rechecked the settings in ANI Server. Everything seemed OK. The ANI Server status is "Running but busy flag set." I have also checked the ANIServer.log file. I see the status is idle. Actually I have tried to reinstall the CiscoWorks 2000, and I also install it into 2 different Windows NT machines. But I always get the same problem. I also install Resource Manager Essentials, Device Fault Manager, Device Manager, Content Flow Monitor, etc, into the same machines with no problem at all. Thank you very much for your help. Best Regards, Dandi Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33084&t=33084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Splitting up outbound traffic for BGP [7:32983]
You are having a problem with how your network is being announced to the Internet. The Internet as a whole has 1 preferred path back to your network. Check with some route-servers to verify this (see below). You could try as-path prepending toward the provider who all you inbound traffic is coming from. telnet to these hosts for router servers. sho ip bgp x.x.x.0 will tell you about the path to get to your network. route-views.oregon-ix.net ner-routes.bbnplanet.net route-server.cerf.net route-server.ip.att.net route-server.cbbtier3.att.net route-server.gblx.net route-server.as5388.net route-server.exodus.net route-server-ap.exodus.net route-server-eu.exodus.net route-server.colt.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bob Timmons Sent: Wednesday, January 23, 2002 1:26 PM To: [EMAIL PROTECTED] Subject: Splitting up outbound traffic for BGP [7:32983] Hey all, got a question, but first, the situation... We've got 2 T1's in our NYC location that go to 2 different ISPs. We've moved these Ts off of their respective Cisco 2500's and onto a single Cisco 7206vxr. This is now our 'outside internet' router. The ethernet interface goes to the Checkpoint unix box and the other side of the unix box goes to the internal network. The internal network is using a 10.x.x.x/22 range (2000 addresses). We'd like to perform some load-sharing using BGP. We've obtained an AS number and are getting full routes from both providers. Outbound BGP seems to work fine. Depending on site, it takes differnet paths. Inbound, however, is dominated by one T only. We're using PAT at the firewall to perform address translation. The firewall only has 1 valid 'Internet' IP address. It's my understanding that this is why all inbound traffic is using only 1 provider, as opposed to both. I'd like to either have 2 valid internet IP addresses at the firewall (which I'm not sure is even possible) or perform the PAT at the router and maybe use access-lists to split up the traffic. I guess the question is, what is the best practice when doing this? I'm sure that we're not the only company that wants to do something like this. Do either of my solutions sound feasible? thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33000&t=32983 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 6509 roaming disconnects part2 [7:32449]
You should also look at set option debounce and set port debounce. These commands were added to deal with NIC vendors (3Com) who were staying from the IEEE Ethernet standards. Basically electrical signals from the NIC would go link up/down/up/down and the switch would see it as the card going up and down (silly Cisco!!). Debounce tweaks the tolerances for these NICs so Cisco will once again play nice with 3Com. As an additional note to my bashing 3Com...2 customers recently purchased hundreds of new PC's (Manufacture name withheld) which came with built in 3Com NICs. Not a single PC will auto-negotiate properly. The cards all go to 100-Half and the Switch 100-Full. When the switch is forced to 100-Full the PC's still go 100-Half. One customer was replacing Compaqs with Intel cards that auto-negotiated correctly 95% of the time. Will 3Com go bankrupt within 12 months? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Daniel Cotts Sent: Friday, January 18, 2002 3:08 PM To: [EMAIL PROTECTED] Subject: RE: 6509 roaming disconnects part2 [7:32449] >From "Cisco LAN Switching" by Clark and Hamilton pages 262-3, 271-3 see the discussion of PortFast and disabling Port Aggregation Protocol. On CCO look for a command "set port host" that should change several parameters in one shot. "The set port host command sets channel mode to off, enables spanning-tree portfast, and sets trunk mode to off. Only an end station can accept this configuration." That should eliminate your logging messages. It should speed reconnection in the case of a disconnect. You have already indicated that speed and duplex are hard coded on the switch and (I hope) the NIC as well. I cannot comment on the reason for the initial disconnect. Sorry about the politics - > -Original Message- > From: Puckette, Larry (TIFPC) [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 18, 2002 9:10 AM > To: [EMAIL PROTECTED] > Subject: 6509 roaming disconnects part2 [7:32449] > > > Hello again group. I have another question to propose to you. > But first an > updated history of the issue at hand. We have a 6509 that > serves as the core > to a server farm that has both NT and Unix boxes on it. In > the beginning > there were infrequent link drops between servers and the > switch that had no > pattern to isolate a card or VLAN, etc... and then > frequency increased to > be a constant problem. Sniffer information gave very little > to hang our hat > on, with 99% of it's findings being 2 messages. Too many > retransmissions TCP > and octets/s: current value 932,384. High Threshold=500,000. > An example of > the logging buffer on the switch's interesting messages were; > IPPS6509> (enable) show logging buffer > 2002 Jan 16 02:15:44 %PAGP-5-PORTFROMSTP:Port 8/23 left > bridge port 8/23 > 2002 Jan 16 02:15:49 %PAGP-5-PORTTOSTP:Port 8/22 joined > bridge port 8/22 > 2002 Jan 16 02:15:49 %PAGP-5-PORTFROMSTP:Port 6/23 left > bridge port 6/23 > 2002 Jan 16 02:15:50 %SPANTREE-6-PORTFWD: Port 8/22 state in VLAN 172 > changed to forwarding > 2002 Jan 16 02:16:01 %PAGP-5-PORTTOSTP:Port 8/23 joined > bridge port 8/23 > 2002 Jan 16 02:16:02 %SPANTREE-6-PORTFWD: Port 8/23 state in VLAN 172 > changed to forwarding > 2002 Jan 16 02:16:06 %PAGP-5-PORTTOSTP:Port 6/23 joined > bridge port 6/23 > 2002 Jan 16 02:16:07 %SPANTREE-6-PORTFWD: Port 6/23 state in VLAN 172 > changed to forwarding > 2002 Jan 16 03:41:28 %PAGP-5-PORTFROMSTP:Port 8/17 left > bridge port 8/17 > 2002 Jan 16 03:41:29 %PAGP-5-PORTFROMSTP:Port 7/16 left > bridge port 7/16 > 2002 Jan 16 03:41:35 %SYS-6-CFG_CHG:Global block changed by > SNMP/216.141.33.71/ > 2002 Jan 16 03:41:47 %PAGP-5-PORTTOSTP:Port 8/17 joined > bridge port 8/17 > 2002 Jan 16 03:41:47 %PAGP-5-PORTTOSTP:Port 7/16 joined > bridge port 7/16 > 2002 Jan 16 03:41:48 %SPANTREE-6-PORTFWD: Port 7/16 state in VLAN 172 > changed to forwarding > 2002 Jan 16 03:41:48 %SPANTREE-6-PORTFWD: Port 8/17 state in VLAN 172 > changed to forwarding > 2002 Jan 16 03:44:27 %PAGP-5-PORTFROMSTP:Port 8/17 left > bridge port 8/17 > 2002 Jan 16 03:44:43 %PAGP-5-PORTTOSTP:Port 8/17 joined > bridge port 8/17 > 2002 Jan 16 03:44:44 %SPANTREE-6-PORTFWD: Port 8/17 state in VLAN 172 > changed to forwarding > > but these had no consistency over time as to what port or > group of ports > were experiencing this. > > some interesting 'show tech' information was; > udp: > 0 incomplete headers > 0 bad data length fields > 2 bad checksums > 20839 socket overflows > 108568195 no such ports > > tcp: 111664 completely duplicate packets (6407 bytes) > 29 keepalive timeouts > > Ok, if you're still with me... It was dictated that we > REPLACE the switch by > the customer but of course Cisco did not go for that and we > did a scheduled > reboot on the switch and all problems have cleared. Now the > customer wants a > bi-monthly reboot of this switch scheduled to prevent the problem from > occ
RE: Static route load balancing? [7:31715]
If the static routes have the save metric, the router will load balance traffic it sends out according to the routes. I don't like this option because if one path goes down every other packet will fail. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Cisco Breaker Sent: Saturday, January 12, 2002 6:05 AM To: [EMAIL PROTECTED] Subject: Static route loacd balancing? [7:31715] Hi all, My customer wants load balancing solution to a branch office. He heard that it can be done with static routes, but as I know load balancing can't be done by deploying static routes. Any help about this? Can it be done or how effective will it be? Best regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31750&t=31715 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Frame-Relay Question [7:31395]
No. The CSU still runs with the T-1 configuration. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of James Sent: Wednesday, January 09, 2002 9:55 AM To: [EMAIL PROTECTED] Subject: Frame-Relay Question [7:31395] Hello, This might be a simple/rehashed question. I appreciate any feedback from anyone who can comment on this.. If you were to order a higher guaranteed rate /port speed on an existing frame-relay connection, for example a t1 frame-relay, will there be any configurations needed on the router or CSU ? Assuming straight on Frame-Relay config. Any info is greatly appreciated.. Thanks __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31408&t=31395 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco security books [7:31393]
"Managing Cisco Network Security" is good and worth the money. Haven't read the other book yet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 09, 2002 9:39 AM To: [EMAIL PROTECTED] Subject: Cisco security books [7:31393] Does anyone have input on good overall Cisco security books? I saw two books on Cisco's website called "Designing Network Security" and "Managing Cisco Network Security". Anyone have an opinion on these? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31406&t=31393 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT - to security experts - what's the best IDS? [7:30867]
I have been impressed with SNORT. Runs on a Linux box. BTW its free. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, January 04, 2002 9:10 AM To: [EMAIL PROTECTED] Subject: RE: OT - to security experts - what's the best IDS? [7:30867] Snort seems to always come up when people talk about IDS, and it's free. Defining it as 'best' is definitely open for debate, but if price is you're primary concern, it's definitely a contender. -Original Message- From: nrf [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 03, 2002 6:47 PM To: [EMAIL PROTECTED] Subject: OT - to security experts - what's the best IDS? [7:30867] Hello all: I am directing this question to security experts. Who makes the best IDS system? Cisco with NetRanger? Realsecure with ISS? Network Associates Cybersafe? Something else? I leave the precise definition of 'best' up to you. But it should include things like flexibility, reliability, lots of features, ease of use, and of course price. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30943&t=30867 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: cisco aironet question [7:30926]
No. You need clear line of sight. The Aironet will cook the leaves. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steven A. Ridder Sent: Friday, January 04, 2002 9:11 AM To: [EMAIL PROTECTED] Subject: cisco aironet question [7:30926] Will two Cisco Aironet Wireless Access points work through trees? The two buildings are only 305m apart, but there are trees in between the two buildings. In winter there are no leaves on the trees, so they have line of sight, but with leaves in the spring and summer, will it still work? Can the signal go through the trees? -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30942&t=30926 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: can't ping 'through' router..help? [7:29724]
Your segment with PC's is private addresses. The ISP is not routing them. You need to eenable NAT to get to the Internet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 19, 2001 8:35 PM To: [EMAIL PROTECTED] Subject: can't ping 'through' router..help? [7:29724] hi...i have a question regarding router configuration. i'm trying to set up a 2621 router but am running into a problem, i can't ping through the router (ie, no traffic going through the thing). i can ping from the 2621 to a dsl router, and from the 2621 to a pc i've set up on the lan, but i can't get traffic from the internet (dsl1) to the pc, and vice versa. i've enabled a default route out, as well as rip? i'm kind of new at this so any help would be...well, helpful. here's my config: ! hostname myrouter ! enable secret X enable password X ! ip name-server 207.155.183.72 ! ip subnet-zero ip domain-lookup ip routing ! interface FastEthernet 0/0 no shutdown description will be connected to Internet(dsl 2)-not connected ip address 66.89.59.194 255.255.255.192 no ip directed-broadcast no ip mroute-cache keepalive 10 ! interface FastEthernet 0/1 no shutdown description connected to ethernet ip address 192.168.2.1 255.255.255.0 no ip directed-broadcast no ip mroute-cache keepalive 10 ! interface Ethernet 1/0 no shutdown description connected to Internet (dsl1) ip address 168.103.127.153 255.255.255.248 no ip directed-broadcast no ip mroute-cache keepalive 10 ! router rip version 2 network 66.0.0.0 network 192.168.2.0 passive-interface Ethernet 1/0 no auto-summary ! ! ip classless ! ! IP Static Routes ip route 0.0.0.0 0.0.0.0 Ethernet 1/0 no ip http server snmp-server community public RO no snmp-server location no snmp-server contact ! line console 0 exec-timeout 0 0 login transport input none ! line vty 0 4 login ! thanks in advance... pete Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29777&t=29724 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How to disable NAT in Cisco PIX? [7:29641]
As I said earlier TAC suggests using the static (inside, outside) 129.174.1.0 129.174.1.0 instead of nat (inside) 0 0 0 I found in real world the nat 0 can be very unstable. My problems were with 5.X and 6.X. nat 0 stopped working after 10 minutes even after multiple reboots. static has worked for 6 months without a single failure. Maybe the problem is having the NAT command and the static command at the same time. They are telling the PIX to do the same thing twice. I now I get annoyed when my wife tells me to do the same thing twice. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 19, 2001 1:56 PM To: [EMAIL PROTECTED] Subject: RE: How to disable NAT in Cisco PIX? [7:29641] Hello David, I think your config should work, too. But here are a few suggestions nevertheless: 1. use "nat (inside) 0 0 0" instead of "nat (inside) 0 129.174.1.0 255.255.255.0" 2. delete "static (inside, outside) 129.174.1.0 129.174.1.0", it's not really needed. 3. Like Ejay said, do a traceroute. You mentioned that "connectivity is fine", does that mean pings and traces work, just not http? Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29706&t=29641 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: how to disable NAT in PIX firewall (both insid [7:29408]
TAC warned me that NAT 0 isn't really stable. They suggest using static. Assume 192.168.10.X is a Public address. static (inside,outside) 192.168.10.0 192.168.10.0 netmask 255.255.255.0 0 0 this does the same thing as NAT 0 plus is more stable. when I was doing NAT 0 for a customer is keep failing after 10 minutes. Static worked like a charm. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jon Tucker Sent: Tuesday, December 18, 2001 8:03 PM To: [EMAIL PROTECTED] Subject: RE: how to disable NAT in PIX firewall (both insid [7:29408] using the NAT 0 command will allow the inside systems to go through the PIX unaltered. - Jon -Original Message- From: Michael J. Doherty [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 11:56 AM To: [EMAIL PROTECTED] Subject: Re: how to disable NAT in PIX firewall (both insid [7:29408] Since the PIX is a native NAT device, built around it, subsistent on it, you cannot turn it off and allow the PIX to function in its correct manner. The example that you mention (VPNs) is a special scenario. Once VPN clients are authenticated by the PIX, they are treated as if they exist on the inside of the PIX, therefore we have to disable NAT to allow the VPN tunnel to work properly. If NAT is setup according to the Best Practices, your inside hosts will be able to see ALL external hosts while shielding them from being seen by the outside hosts (the fact that they are using the NAT translation is what accomplishes this). The fact that you are using Publ;ished IP addresses for your hosts is a moot point (it is also not a recommendation in Best Practices). Therefore, you still need to correctly setup the NAT statements, in the manner illustrated by Cisco's website, in order to make the PIX function appropriately. - Original Message - From: "David Tran" To: Sent: Monday, December 17, 2001 16:13 Subject: how to disable NAT in PIX firewall (both inside an [7:29303] > Hi Everyone, > > I am having problem setting up a network in this scenario > > with my PIX515-UR firewall running version 6.1(1) with pdm > > version 1.1(2). > > I have a network with REGISTERED IP addresses. The > > "inside" interface of the PIX is on the 129.174.1.0/24 > > network with IP address of 129.174.1.254. The "outside" > > interface of the PIX is on the 66.61.46.0/24 network with > > IP address of 66.61.46.120. The "inside" interface has > > a security level of 100 and the "outside" interface has > > security level of 0. On the "inside" internal network, I > > have 10 workstations range from 129.174.1.1-10. These > > workstations have the default gateway point to the > > "inside" interface of the PIX. > > I understand that for machines from the "inside" > > network to access the Internet, the command "nat" > > and global must be used. However, since I all of my > > machines have valid (aka registered IP addresses), I > > want to disabe NAT completely. For, example, > > I want machine 129.174.1.1 to be able to browse and > > ping any machines on the Internet. At the same time, > > I don't want users from the Internet to be able to access > > any of the workstations on the "inside" interface. I have > > been searching for documentation on Cisco website > > but it seems likemost of the example have to do with NAT > > enable. There are a few examples that will disable NAT > > but it is relatedto VPN which is something I don't want. > > Furthermore, most of the examples fill with errors and > > pretty worthless (for PIX anyway). If anyone has done > > this before, let me know. I also include a copy of the config. > > Thanks. > > David > > PIX Version 6.1(1) > > nameif ethernet0 outside security0 > > nameif ethernet1 inside security100 > > nameif ethernet2 dmz security50 > > enable password sdfkjfdjjdfjksdf encrypted > > passwd sdfjksdfkjsdfjksjf encrypted > > hostname ciscopix > > fixup protocol ftp 21 > > fixup protocol http 80 > > fixup protocol h323 1720 > > fixup protocol rsh 514 > > fixup protocol rtsp 554 > > fixup protocol smtp 25 > > fixup protocol sqlnet 1521 > > fixup protocol sip 5060 > > fixup protocol skinny 2000 > > names > > access-list no-nat-list permit ip any any > > access-list no-nat-list permit icmp any any > > pager lines 24 > > interface ethernet0 auto > > interface ethernet1 auto > > interface ethernet2 auto > > mtu outside 1500 > > mtu inside 1500 > > mtu dmz 1500 > > ip address outside 66.61.46.120 255.255.255.0 > > ip address inside 129.174.1.254 255.255.255.0 > > ip address dmz 127.0.0.1 255.255.255.255 > > ip audit info action alarm > > ip audit attack action alarm > > no failover > > failover timeout 0:00:00 > > failover poll 15 > > failover ip address outside 0.0.0.0 > > failover ip address inside 0.0.0.0 > > failover ip address dmz 0.0.0.0 > > pdm history enable > > arp timeout 14400 > > nat (inside) 0 129.174.1.0 255.255.255.0 > > static (inside, outside) 129.174.1.0 129.174.1.0 > > conduit permit ip any any >
RE: Proper dress for CCIE lab? [7:29524]
I will give $5 to anyone who wears a Santa suit, stuffing and beard included, to the lab in December and passes Pictures required for verification!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Brown Sent: Tuesday, December 18, 2001 4:14 PM To: [EMAIL PROTECTED] Subject: RE: Proper dress for CCIE lab? [7:29524] They also reduce the amount of oxygen in the lab to simulate networking at high altitudes. The proctors stand over your shoulders and scream in your ear just like a military boot camp. You aren't allowed to use the show run command and must type everything exactly right the first time. Seriously You can wear whatever you like. I've worn shorts with a t-shirt and I've noticed candidates in sandals. Just be comfortable. -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:00 PM To: [EMAIL PROTECTED] Subject: Proper dress for CCIE lab? [7:29524] Is it true that you have to be dressed in a suit for the CCIE lab? Do them mark mannerisms, speech and dress? I have some old Novell guys telling me horror stories of the Novel Instructor Program. Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29547&t=29524 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Error Msg on Cat 2980G [7:29489]
I am getting an error message on a Cat 2980G and CCO isn't much help %SYS-4-P2_WARN: 1/invalid traffic from multicast source address 55:55:55:55:55:55 on port 3/34 port 3/34 is a dot1q trunk to a Cat 6500 When I receive this message I look on the 2980G and the 6500 and this address is not in the CAM tables. Were is this coming from? Should I worry about it? I don't have any of the devices listed below that typically generate this. Here is what I found on CCO: %SYS-4-P2_WARN: 1/Invalid traffic from multicast source address Problem: The switch is generating "Invalid traffic from multicast source address" messages. Platform: Catalyst 4000 family switches The following is an example of the syslog output you will see when this error occurs: %SYS-4-P2_WARN: 1/Invalid traffic from multicast source address 81:00:01:00:00:00 on port 2/1 %SYS-4-P2_WARN: 1/Invalid traffic from multicast source address 81:00:01:01:00:00 on port 2/1 The "Invalid traffic from multicast source address" syslog message is generated when the switch receives packets with a multicast MAC address as the source MAC. Using a broadcast or multicast MAC address as the source MAC for a frame is not standards-compliant behavior. However, the switch still forwards traffic sourced from a multicast MAC address. The syslog message indicates the multicast MAC address in the source MAC field of the frame, and the port on which the traffic was received. The workaround is to try to identify the end station that is generating frames with a multicast source MAC address. Typically, such frames are transmitted from a traffic generator (for example, SmartBits) or third party devices that share a multicast MAC address (for example, load balancing firewall or server products). http://www.cisco.com/warp/public/473/34.shtml#4000_ERRORS ^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^- Bill Carter CCIE 5022 "To accomplish great things, we must not only act, but also dream; not only plan, but also believe. -Anatole France ^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29489&t=29489 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: X.28 to ip conversion [7:29456]
You are talking about XOT. X.25 over TCP. Try here: http://www.cisco.com/warp/public/116/x25_pad_xot.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of amarjeet singh Sent: Tuesday, December 18, 2001 1:25 AM To: [EMAIL PROTECTED] Subject: X.28 to ip conversion [7:29456] Dear Group, I have a requirement which is mentioned below:- The link is like this.. .. Kiosk -->R1--->Modem > IP cloud.--->IP host The kiosk has got a RS232 port which is connected to my router (R1) Ethernet port (via RS232 to RJ45 cable). On the serial interface of router modem is connected & it is dialing to an IP network & reaching to a host which runs on IP. The kiosk is sending me X.28 packets from its RS232 port to my Ethernet port of R1. My question is how do I make conversion from X.28 to IP so that my Ethernet port will understand. Finally these packets will be sent to the IP host in IP format only. Or what solution do I implement for the same. Earlier I tried with serial to IP converter hardware device (between kiosk & R1) Now I want to do it without this hardware. Any suggestions... Thanx in Advance.. Sonu Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29485&t=29456 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Mask in L3 Packet [7:29182]
2 different networks ??? Actually network 1 would encompass network 2. Host A would thinks Host B is on the same segment as Host A is. If Host A and Host B were separated by a router, Host A would not be able to talk to Host B (not counting the fact that the 2 hosts have the same IP address). The address range of Network 1 is 172.16.0.1 to 172.16.255.254. The address range of network 2 is 172.16.2.1-172.16.2.254. This is not a valid network configuration. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, December 14, 2001 1:07 PM To: [EMAIL PROTECTED] Subject: Re: Mask in L3 Packet [7:29182] Say I have 2 networks: Network 1. 172.16.x.x/16 and Network 2. 172.16.2.x/24 We all agree that they are two different networks, right? Now if Host A on Network 1 is 172.16.2.1/16 and Host B is on Network 2 is 172.16.2.1/24, How does the host know that the second host is on a different network? Are they differnt addresses because of the mask, or are they considered the same address regardless of mask, and therefore illegal? I understand ANDing on the local host. It's just if 2 hosts had the same numbers, only marked differently by the mask, are they the same or not? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29239&t=29182 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: hidden commands [7:29189]
http://www.elemental.net/~lf/undoc/ http://www.nthelp.com/cisco_undoc.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Keny Sent: Friday, December 14, 2001 7:55 AM To: [EMAIL PROTECTED] Subject: hidden commands [7:29189] Hi I know this has been posted here before but anyhow does any one have any hidden commands they what to share. Thanks Jim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29200&t=29189 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF or EIGRP [7:28966]
I second that. We have been on a 2 year 3 boss mission to ditch IPX for 300 servers!!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Thursday, December 13, 2001 10:04 AM To: [EMAIL PROTECTED] Subject: Re: OSPF or EIGRP [7:28966] Concerning the novell case, it's a non-trivial task to migrate to a native ip environment, enough so that it discourages even the people who ignore the overwhelming power of corporate inertia and attempt to ditch ipx. "Howard C. Berkowitz" @groupstudy.com on 12/12/2001 08:13:44 PM Please respond to "Howard C. Berkowitz" Sent by: [EMAIL PROTECTED] To: [EMAIL PROTECTED] cc:(bcc: Kevin Cullimore) Subject: Re: OSPF or EIGRP [7:28966] >I hear that argument a lot, "if you never plan to use another >vendor...". It's really quite specious as it's not at all difficult to >cutover from routing EIGRP to OSPF or vis versa if the need arises. > > Not only are Cisco's multi protocol, they are multi routing protocol >routers. To convert simply enable both protocols. Once they are both up >and running get rid of routing protocol that fell from your favor, >wallah, done. > >MHO Dave True, but unless you already have a legacy desktop routing protocol base, how likely is it to need the Appletalk and Novell capabilities, now that both those upper layer suites are native IP? > >Patrick Ramsey wrote: >> >> IMHO, EIGRP is the better of the two. But it's also IMHO that one should >> never stray from the standards. If you know without a doubt that no matter >> what happens, you will stay a cisco shop, then eigrp offers more >> functionallity. Remember also cisco suggests 50 routers in one area, so >> proper planning needs to be done for your edge routers and core routers. >> >> -Patrick >> >> Or you can say screw it and use static routes! : ) >> >> >>> "Mears, Rob" 12/12/01 03:54PM >>> >> Hi all, >> >> We are in the middle of building out a new ATM network for the Core and on >> the outside we are going to be running about 80 3640 or 2600. We are in a >> big debate about the routing protocol, we are currently EIGRP. >> >> I have collected lots of info off Cisco's Web site about the two but wanted >> to hear it from the Engineers in the trenches. >> What's your take on it? If it were you what would you run (EIGRP, OSPF) and >> why? >> >> Thanks >> Rob >-- >David Madland >Sr. Network Engineer >CCIE# 2016 >Qwest Communications Int. Inc. >[EMAIL PROTECTED] >612-664-3367 > >"Emotion should reflect reason not guide it" This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29096&t=28966 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: telnet session timeout [7:29028]
Are you telneting to the vty ports or are you reverse telneting from a terminal server to the console port. If so you need exec-timeout 0 0 on con 0. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Bond Sent: Wednesday, December 12, 2001 10:33 PM To: [EMAIL PROTECTED] Subject: telnet session timeout [7:29028] Hello, I added "exec-timeout 0 0" under line vty 0 4, hoping that I won't get timeout when telnetting to a router. Is this the right command? It doesn't work on my routers. Thanks in advance. Jim __ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29076&t=29028 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access Lists [7:28927]
Yes. You are allowing anyone coming from 165.5.0.0 to go anywhere and denying from anywhere to anywhere. Not knowing you IP structure I would say. access-list 110 permit ip x.x.x.0 0.0.0.255 (IP range assigned to dial-in) 165.5.0.0 0.0.255.255 (IP range of your internal network) access-list 110 deny ip any any -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of J. Johnson Sent: Wednesday, December 12, 2001 1:24 PM To: [EMAIL PROTECTED] Subject: Access Lists [7:28927] We have a Cisco 5300 Dial-up. We want to allow everyone to get to our network when they dial in. We do not want everyone to get on the internet when they dial-in. This is what my access list look like access-list 110 permit ip 165.5.0.0 0.0.255.255 any access-list 110 deny ip any any Everyone can get to our network and get on the internet with the above list. Can you see anything wrong? Thanks. Jill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28987&t=28927 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ADMIN to be a CCIE? [7:28911]
y I think. Here is a little scenario, I studied for and passed the BCRAN in a week. I studied and passsed the BCSN in 2 weeks. I read the switching book by karen webb (she is terrible, IMHO) 3 times then took the test 2 weeks later. The CIT I plan on spending a month on it. Then I was gonna take the CID which I really planned on taking my time on. Because a friend of mine failed it twice and design test are always harder. -Original Message- From: Bill Carter [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 12, 2001 2:49 PM To: Joshua Barnes Subject: RE: ADMIN to be a CCIE? [7:28911] Yes you can do it. You need some of the books that are talked about here and tons of rack time. Start with the Caslow book. CCO is an excellent reference. Have you passed the CCIE written yet? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Joshua Barnes Sent: Wednesday, December 12, 2001 11:49 AM To: [EMAIL PROTECTED] Subject: ADMIN to be a CCIE? [7:28911] I am an internal admin, I am planning on the CCIE certification, but I dont go out on cisco calls. My company has a lab specifically for our 2 CCIEs but is that enough to get the cert. I would like to belive that I can do anything I set my mind to, but I would also like to set realistic goals. I have cisco certs already and have found them relativley easy to come by but again, it comes down to that whole realistic goals approach. Please hand me your thoughts, dont worry aout discouraging me, only I can do that! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28985&t=28911 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Clear counters command [7:28850]
yes clear counters [Enter] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bob Perez Sent: Tuesday, December 11, 2001 10:45 AM To: [EMAIL PROTECTED] Subject: Clear counters command [7:28850] Does anyone know if you can use a clear counters command from the CLI on a Cat 3548XL to clear multiple int's at one shot? EX: clear counters fa0/1:48 ?? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28861&t=28850 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP and memory allocation errros [7:28819]
Madman is right. In the absence of more memory this should help. http://www.cisco.com/warp/customer/459/41.shtml -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Patrick Donlon Sent: Tuesday, December 11, 2001 2:54 AM To: [EMAIL PROTECTED] Subject: BGP and memory allocation errros [7:28819] Hi All I have a problem with a router running BGP. I have two 7204vxr's running BGP connecting to two different service providers, I upgraded the IOS of one the routers with version 12.1(5)T10 (IP PLUS IPSEC 3DES) and the boot image, it ran for a week with no problems. I upgraded the other router with the same images and as got memory allocation errors when it established adjacency with the BGP neighbours, see the output below. I'm no BGP expert and I believe there is enough memory in the router, so any suggestions will be appreciated Regards Pat *Nov 25 15:55:29: %BGP-5-ADJCHANGE: neighbor *.*.*.* Up *Nov 25 15:55:31: %BGP-5-ADJCHANGE: neighbor *.*.*.* Up *Nov 25 15:55:41: %BGP-5-ADJCHANGE: neighbor *.*.*.* Up *Nov 25 15:56:07: %SYS-2-MALLOCFAIL: Memory allocation of 65496 bytes failed from 0x606BE0F4, pool Processor, alignment 0 -Process= "BGP Router", ipl= 0, pid= 118 -Traceback= 606C1450 606C38B0 606BE0FC 606BE8F0 6082D330 6082D578 6082EA84 609FA5EC 609FB2B8 61476248 609FB35C 609D61F0 606B7DA4 606B7D90 *Nov 25 15:56:08: %BGP-5-ADJCHANGE: neighbor *.*.*.* Down No memory *Nov 25 15:56:08: %BGP-5-ADJCHANGE: neighbor *.*.*.* Down No memory *Nov 25 15:56:08: %BGP-5-ADJCHANGE: neighbor *.*.*.*Down No memory *Nov 25 15:56:11: %BGP-3-NOTIFICATION: sent to neighbor *.*.*.* 3/1 (update malformed) 0 bytes *Nov 25 15:56:37: %BGP-5-ADJCHANGE: neighbor *.*.*.* Up *Nov 25 15:56:37: %BGP-5-ADJCHANGE: neighbor *.*.*.* Up *Nov 25 15:56:51: %BGP-5-ADJCHANGE: neighbor *.*.*.* Up Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28846&t=28819 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX no client connectivity [7:28625]
First on the PIX try clear xlate On the router clear arp * You have an access-list acl_ping but it is not applied. To apply an access-list you need access-group acl_ping in interface outside but there is an implied deny all at the end of the access-list. If you had the access-list applied then removed it, you will need to do the clear xlate. Everything else looks good. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Pierre-Alex J. Guanel Sent: Monday, December 10, 2001 2:23 PM To: [EMAIL PROTECTED] Subject: PIX no client connectivity [7:28625] >From a client (inside) I can ping the inside interface of the PIX . >From a client (outside) I can ping the outside interface of the PIX. However no (inside) client manages to ping or do any sort of traffic with hosts outside the PIX. Do you spot where my problem is? Thank you!!! BTECHPIX# sh config : Saved : PIX Version 5.1(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password encrypted passwd encrypted hostname BTECHPIX fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 names access-list acl_ping permit icmp any any pager lines 24 logging on no logging timestamp no logging standby no logging console no logging monitor no logging buffered no logging trap no logging history logging facility 20 logging queue 512 interface ethernet0 auto interface ethernet1 auto mtu outside 1500 mtu inside 1500 ip address outside 209.152.115.123 255.255.255.0 ip address inside 192.168.3.1 255.255.255.0 no failover failover timeout 0:00:00 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 arp timeout 14400 global (outside) 1 209.152.115.125 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 route outside 0.0.0.0 0.0.0.0 209.152.115.1 1 timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00 timeout rpc 0:10:00 h323 0:05:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable isakmp identity hostname . Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28749&t=28625 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Catalyst Layer 2 question [7:28710]
Yes that is true. A layer 3 device is needed to route between subnets. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Christian Fredrickson Sent: Monday, December 10, 2001 12:38 PM To: [EMAIL PROTECTED] Subject: Catalyst Layer 2 question [7:28710] Is it true that you must have a Layer 3 switch in order subnet an IP class and have the subnets communicate? I was told that a Layer 3 switch or a router must be used on my network if I am to subnet my address space and have the different subnets be able to communicate. It has been a long time since I have done this and I don't recall. Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28732&t=28710 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RIP routing (2 router lab) newbie [7:28327]
Sorry, wanted to add some information about OSPF behaiour and secondary addresses. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 10, 2001 11:52 AM To: [EMAIL PROTECTED] Subject: RE: RIP routing (2 router lab) newbie [7:28327] Just wanted to add the same behavior with OSPF. If 2 routers are on the same Ethernet segment and a router has a secondary address and the other router's primary address is the same subnet as the secondary, OSPF will not form an adjacency. Also by default ospf will not advertise secondary addresses. This is about the only good time to use redistribute connected. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Logan, Harold Sent: Monday, December 10, 2001 10:56 AM To: [EMAIL PROTECTED] Subject: RE: RIP routing (2 router lab) newbie [7:28327] Interesting... thanks for the explanation Chuck. Hal > -Original Message- > From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] > Sent: Monday, December 10, 2001 12:32 AM > To: [EMAIL PROTECTED] > Subject: RE: RIP routing (2 router lab) newbie [7:28327] > > > I spent a bit more time looking into this one than it may be > worth. But my > look did reinforce some points made in this thread and in > another thread > started by John Neiberger and researched so ably by Nigel > Taylor - that is, > the nature and behaviour of secondary addresses. > > Sorry I am unable to document everything I did here. It would take me > writing a Jeff Doyle type chapter on RIP to get it all out > and explained, > with screen shots etc. > > To put things in terms of how I observed them: > > In the case of RIP, by default, advertisements are sent out > an interface > using the primary address of that interface as the source address. > > if another router on the segment is using and address that is > not on the > same subnet as the primary, that router will see messages like this: > > 01:46:25: RIP: ignored v1 update from bad source 172.29.101.1 > on TokenRing0 > 01:46:30: RIP: ignored v1 update from bad source 172.29.101.2 > on TokenRing0 > 01:46:35: RIP: sending v1 update to 255.255.255.255 via TokenRing0 > (172.29.103.7) > > 103.1 was secondary address on my R1, 103.7 the address of my > R3 You can see > the error referring to 101.1 and 102.1 ( the address of > another router on > the segment ) > > I threw in a no ip split-horizon command on the interface of > my R1, and lo > and behold, it started sourcing rip packets from 101.1, 102.1 > and 103.1 and > all my RIP routes propagated > > from CCO: > > Note If any router on a network segment uses a secondary > address, all > other routers on that same segment must also use a secondary > address from > the same network or subnet. > > > some of us already commented about issues with secondary > routes among the > various routing protocols. the point being that using > secondary addresses > can be tricky, and is probably not a good idea for newbies > just trying to > learn the basics. if you want to see how things work, use > loopbacks. with > secondary addresses, it is to easy to end up fighting with > some complex > issues beyond a beginner's understanding. in fact, there are > some advanced > students who find this topic complex and mysterious. > > best wishes. > > Chuck > > BTW, one of the implications of this study was a walk down > memory lance. A > guy named Bob Vance who used to hang here a lot and who was > the progenitor > of a number of interesting discussions once postulated that > all stations on > a segment will see the all F's broadcast, even if their layer three > addresses are different ( i.e. seconday's ) the output above > is something of > a proof of that supposition. The router saw the RIP packets with the > destination address of 255.255.255.255 ( MAC .. > ), processed the > packet, saw the source address as being on a different subnet > ( even though > on the same segment ) and rejected the packet. Interesting. > Especially in > that all subnets were part of the same Class B network. > > > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Logan, Harold > Sent: Friday, December 07, 2001 6:21 AM > To: [EMAIL PROTECTED] > Subject: RE: RIP routing (2 router lab) newbie [7:28327] > > > It looks like Anil wants to get RIP to advertise the 193.9.200.0 > network. A secondary address may work on one of the interfaces, but it > would need to be on a different subnet. Notice from the > config, he gave > the secondary address the same IP as the primary addy. No > matter what he > does with the 193.9.200.0 network, those two routers will > always show it > as being "Directly Connected" instead of learned through RIP; > DC routes > have an administrative distance of 0, whereas RIP has an AD of 120. In > the routing table, the router is only going o show the route with the > best (lowest) distance. He could add a loopback on a > different subnet
RE: Redistribution and Filtering [7:28699]
Depends...No its not necessary, but what if one misconfigured router starts advertising lots of bogus networks. It could flood routers on the other side of the redistribution. What if you are redistributing 10.x.x.x network into a 172.16.x.x network and an a router on the 172.16.X.X gets misconfigured and starts advertising 10.x.x.x networks and they get redistributed into the correct 10.x.x.x network. So no it is not necessary in the lab or the real world, but it is good practice. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Neiberger Sent: Monday, December 10, 2001 12:19 PM To: [EMAIL PROTECTED] Subject: RE: Redistribution and Filtering [7:28699] But is it ever necessary if you're only using a single router to do the redistribution? >>> "Bill Carter" 12/10/01 10:55:23 AM >>> Yes it is overkill. Yes it is good practice to use either route-maps or distribute lists. Control is better. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of William Lijewski Sent: Monday, December 10, 2001 10:57 AM To: [EMAIL PROTECTED] Subject: Redistribution and Filtering [7:28699] I have a basic question, kind of... When you redistribute between routing protocols, should you ALWAYS use a route-map? If there are no loops is it still recommended/required? I have been doing it but I want to know if its overkill. Thanks, Bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28722&t=28699 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Redistribution and Filtering [7:28699]
Yes it is overkill. Yes it is good practice to use either route-maps or distribute lists. Control is better. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of William Lijewski Sent: Monday, December 10, 2001 10:57 AM To: [EMAIL PROTECTED] Subject: Redistribution and Filtering [7:28699] I have a basic question, kind of... When you redistribute between routing protocols, should you ALWAYS use a route-map? If there are no loops is it still recommended/required? I have been doing it but I want to know if its overkill. Thanks, Bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28703&t=28699 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RIP routing (2 router lab) newbie [7:28327]
Just wanted to add the same behavior with OSPF. If 2 routers are on the same Ethernet segment and a router has a secondary address and the other router's primary address is the same subnet as the secondary, OSPF will not form an adjacency. Also by default ospf will not advertise secondary addresses. This is about the only good time to use redistribute connected. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Logan, Harold Sent: Monday, December 10, 2001 10:56 AM To: [EMAIL PROTECTED] Subject: RE: RIP routing (2 router lab) newbie [7:28327] Interesting... thanks for the explanation Chuck. Hal > -Original Message- > From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] > Sent: Monday, December 10, 2001 12:32 AM > To: [EMAIL PROTECTED] > Subject: RE: RIP routing (2 router lab) newbie [7:28327] > > > I spent a bit more time looking into this one than it may be > worth. But my > look did reinforce some points made in this thread and in > another thread > started by John Neiberger and researched so ably by Nigel > Taylor - that is, > the nature and behaviour of secondary addresses. > > Sorry I am unable to document everything I did here. It would take me > writing a Jeff Doyle type chapter on RIP to get it all out > and explained, > with screen shots etc. > > To put things in terms of how I observed them: > > In the case of RIP, by default, advertisements are sent out > an interface > using the primary address of that interface as the source address. > > if another router on the segment is using and address that is > not on the > same subnet as the primary, that router will see messages like this: > > 01:46:25: RIP: ignored v1 update from bad source 172.29.101.1 > on TokenRing0 > 01:46:30: RIP: ignored v1 update from bad source 172.29.101.2 > on TokenRing0 > 01:46:35: RIP: sending v1 update to 255.255.255.255 via TokenRing0 > (172.29.103.7) > > 103.1 was secondary address on my R1, 103.7 the address of my > R3 You can see > the error referring to 101.1 and 102.1 ( the address of > another router on > the segment ) > > I threw in a no ip split-horizon command on the interface of > my R1, and lo > and behold, it started sourcing rip packets from 101.1, 102.1 > and 103.1 and > all my RIP routes propagated > > from CCO: > > Note If any router on a network segment uses a secondary > address, all > other routers on that same segment must also use a secondary > address from > the same network or subnet. > > > some of us already commented about issues with secondary > routes among the > various routing protocols. the point being that using > secondary addresses > can be tricky, and is probably not a good idea for newbies > just trying to > learn the basics. if you want to see how things work, use > loopbacks. with > secondary addresses, it is to easy to end up fighting with > some complex > issues beyond a beginner's understanding. in fact, there are > some advanced > students who find this topic complex and mysterious. > > best wishes. > > Chuck > > BTW, one of the implications of this study was a walk down > memory lance. A > guy named Bob Vance who used to hang here a lot and who was > the progenitor > of a number of interesting discussions once postulated that > all stations on > a segment will see the all F's broadcast, even if their layer three > addresses are different ( i.e. seconday's ) the output above > is something of > a proof of that supposition. The router saw the RIP packets with the > destination address of 255.255.255.255 ( MAC .. > ), processed the > packet, saw the source address as being on a different subnet > ( even though > on the same segment ) and rejected the packet. Interesting. > Especially in > that all subnets were part of the same Class B network. > > > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Logan, Harold > Sent: Friday, December 07, 2001 6:21 AM > To: [EMAIL PROTECTED] > Subject: RE: RIP routing (2 router lab) newbie [7:28327] > > > It looks like Anil wants to get RIP to advertise the 193.9.200.0 > network. A secondary address may work on one of the interfaces, but it > would need to be on a different subnet. Notice from the > config, he gave > the secondary address the same IP as the primary addy. No > matter what he > does with the 193.9.200.0 network, those two routers will > always show it > as being "Directly Connected" instead of learned through RIP; > DC routes > have an administrative distance of 0, whereas RIP has an AD of 120. In > the routing table, the router is only going o show the route with the > best (lowest) distance. He could add a loopback on a > different subnet on > one of the routers, then add network statements for that subnet, and > then he would see that network learned via RIP on the opposite router. > Likewise Anil, if you had a 3rd router connecting to one of your two > routers by the BRI port, that 3rd router would learn of the > 19
RE: Completely OT: StarWars [7:28204]
I don't want anyone to break the NDA, but is this on the CCIE lab?? The trick is, you would have to use service compress-config ip route 1.1.1.0 255.255.255.0 R2D2 ip route 2.2.2.0 255.255.255.0 C3PO Router bgp 4 neighbor 1.1.1.1 remote-as 5 neighbor 1.1.1.1 ebgp-multihop GalaxyFarFarAway Router ospf 1 redistribute static subnets subgalaxies -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sasa Milic Sent: Wednesday, December 05, 2001 11:51 AM To: [EMAIL PROTECTED] Subject: Completely OT: StarWars [7:28204] StarWars episode IV in text mode: telnet to towel.blinkenlights.nl Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28214&t=28204 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Completely OT: StarWars [7:28204]
Someone has way ttoo mmuuucchhh iiimm ttt hhhnnddd sss. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sasa Milic Sent: Wednesday, December 05, 2001 11:51 AM To: [EMAIL PROTECTED] Subject: Completely OT: StarWars [7:28204] StarWars episode IV in text mode: telnet to towel.blinkenlights.nl Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28212&t=28204 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Hi [7:28107]
This is a new virus going around. note the file gone.scr -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Aderion Brewer Sent: Tuesday, December 04, 2001 2:11 PM To: [EMAIL PROTECTED] Subject: Hi [7:28107] How are you ? When I saw this screen saver, I immediately thought about you I am in a harry, I promise you will love it! [GroupStudy.com removed an attachment of type application/octet-stream which had a name of gone.scr] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28113&t=28107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX [7:28083]
Set the default gateway of the host to the router. The router should handle this function. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of BASSOLE Rock Sent: Tuesday, December 04, 2001 11:04 AM To: [EMAIL PROTECTED] Subject: PIX [7:28083] Hi group, I'am using a PIX with 2 interfaces (inside and outside). -Security level for the inside interface is 100. -Security level for the outside interface is 0. Is it possible to use the PIX to route a specific host installed on the outside interface towards another subnet (still on the outside interface)? Will the packet be droped because the host is on the outside interface? Regards, Rock BASSOLE Til: +33 (0) 1 45 96 22 03 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28095&t=28083 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP question [7:27879]
It may work, but in real world redistributing from IGP to BGP is very bad practice. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Stephane LITKOWSKI Sent: Friday, November 30, 2001 3:23 PM To: [EMAIL PROTECTED] Subject: Re: BGP question [7:27879] You need to announce all your local subnets : - by using the network command, u can announce all subnets already placed in the routing table by an IGP - by redistributing your IGP on BGP using the "redistribute " command in "router bgp" config mode I see some OSPF routes in your routing table, so you can use network command to announce all subnets : (config)# router bgp 200 (config-router)# network 192.168.1.0 mask 255.255.255.0 (config-router)# network 192.168.2.0 mask 255.255.255.0 (config-router)# network 192.168.3.0 mask 255.255.255.0 u don't need to announce the peering link ... or use redistribution (not recommended by Cisco in BSCN book, but it works) : (config)# router bgp 200 (config-router)# redistribute ospf hope it helps -- Stephane LITKOWSKI Student in a french computer science school EPITA Telecom & Network specialization CCNA + BCMSN EMail : [EMAIL PROTECTED] ""Stephen C"" a icrit dans le message news: [EMAIL PROTECTED] > When configuring BGP on a "singlehome" net, everything I read says the basic > config commands are ... for S 0\0 to S 0\0 (200.200.1.1 to 200.200.1.2) > wire 200.200.1.0 > Router-A(config)#router bgp [as#] > Router-A(config-router)#network [subnet#] > Router-A(config-router)#neighbor [subnet#] remote-as [as#] > now filling in the blanks > Router-A(config)#router bgp [200] > Router-A(config-router)#network [200.200.1.0] > Router-A(config-router)#neighbor [200.200.1.1] remote-as [100] > unless I configure RIP on the same wire I get nothing. No mention of RIP in > any > of the books I reference. I config RIP and get a "from show ip route" this > C200.200.1.0/24 is directly connected, Serial1 > R200.200.100.0/24 [120/1] via 200.200.1.1, 00:00:14, Serial1 > [120/1] via 200.200.2.1, 00:00:14, Serial0 > C200.200.2.0/24 is directly connected, Serial0 > C192.168.1.0/24 is directly connected, Ethernet0 > O192.168.2.0/24 [110/74] via 192.168.1.2, 01:54:20, Ethernet0 > O E2 192.168.3.0/24 [110/20] via 192.168.1.2, 01:54:20, Ethernet0 > Not showing bgp on the connections > > the Show ip bgp yields . > Router-A#show ip bgp > BGP table version is 3, local router ID is 200.200.2.2 > Status codes: s suppressed, d damped, h history, * valid, > best, i - > internal > Origin codes: i - IGP, e - EGP, ? - incomplete > >Network Next HopMetric LocPrf Weight Path > * 200.200.1.0 200.200.2.1 0 0 100 i > * 200.200.1.1 0 0 100 i > > *> 0.0.0.0 0 32768 i Where > did I pick up the Static/Default paths from > > * 200.200.2.0 200.200.2.1 0 0 100 i > * 200.200.1.1 0 0 100 i > *> 0.0.0.0 0 32768 i Where > did I pick up the Static/Default paths from Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27887&t=27879 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP question [7:27879]
You have to have IP connectivity to your neighbor before BGP will work. Static routes will get you the same thing as RIP. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Stephen C Sent: Friday, November 30, 2001 2:37 PM To: [EMAIL PROTECTED] Subject: BGP question [7:27879] When configuring BGP on a "singlehome" net, everything I read says the basic config commands are ... for S 0\0 to S 0\0 (200.200.1.1 to 200.200.1.2) wire 200.200.1.0 Router-A(config)#router bgp [as#] Router-A(config-router)#network [subnet#] Router-A(config-router)#neighbor [subnet#] remote-as [as#] now filling in the blanks Router-A(config)#router bgp [200] Router-A(config-router)#network [200.200.1.0] Router-A(config-router)#neighbor [200.200.1.1] remote-as [100] unless I configure RIP on the same wire I get nothing. No mention of RIP in any of the books I reference. I config RIP and get a "from show ip route" this C200.200.1.0/24 is directly connected, Serial1 R200.200.100.0/24 [120/1] via 200.200.1.1, 00:00:14, Serial1 [120/1] via 200.200.2.1, 00:00:14, Serial0 C200.200.2.0/24 is directly connected, Serial0 C192.168.1.0/24 is directly connected, Ethernet0 O192.168.2.0/24 [110/74] via 192.168.1.2, 01:54:20, Ethernet0 O E2 192.168.3.0/24 [110/20] via 192.168.1.2, 01:54:20, Ethernet0 Not showing bgp on the connections the Show ip bgp yields . Router-A#show ip bgp BGP table version is 3, local router ID is 200.200.2.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next HopMetric LocPrf Weight Path * 200.200.1.0 200.200.2.1 0 0 100 i * 200.200.1.1 0 0 100 i *> 0.0.0.0 0 32768 i Where did I pick up the Static/Default paths from * 200.200.2.0 200.200.2.1 0 0 100 i * 200.200.1.1 0 0 100 i *> 0.0.0.0 0 32768 i Where did I pick up the Static/Default paths from Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27883&t=27879 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Dual Homing Novell Servers to 2 Cat 6500's [7:27690]
We are installing 2 6500's in the core. We want the Novell servers to have Gig connections to each 6500. How is this configured on the server end. I assume each card has unique IP's? Will the server get confused with 2 IP's on the same subnet? The 6500's have the MSFC2 card and is running HSRP. What are your experiences with dual homing like this? ^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^- Bill Carter CCIE 5022 "To accomplish great things, we must not only act, but also dream; not only plan, but also believe. -Anatole France ^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27690&t=27690 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 4006 [7:27472]
Yes, with a Layer 3 blade. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of William Sent: Tuesday, November 27, 2001 10:23 AM To: [EMAIL PROTECTED] Subject: 4006 [7:27472] dear all, can the 4006 run on layer 3? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27486&t=27472 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: accessing remote router [7:27060]
If you have it enabled, you can http to the router and set the enable password. Otherwise call someone at the site -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hansraj Patil Sent: Wednesday, November 21, 2001 2:18 PM To: [EMAIL PROTECTED] Subject: accessing remote router [7:27060] Hello Everyone: I have remote router which has telnet password set but there is no enable mode password. I can telnet successfully & enter user mode but if I try to enter enable mode it gives error. router_1>enable % No password set Is there any way to access this router remotely without setting enable password on router? Thanks -hansraj Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27068&t=27060 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pinging spree [7:26268]
access-list 101 deny icmp any x.y.z.0 0.0.0.255 echo (from anywhere to your IP subnet) access-list 101 permit ip any any int s0 (your interface facing the Internet) ip access-group 101 in no ip unreachables no ip directed-broadcast -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Charles Lomotey Sent: Wednesday, November 14, 2001 1:01 PM To: [EMAIL PROTECTED] Subject: Pinging spree [7:26268] Hi, We are an ISP. We have everyone on a pinging spree pinging our backbone router to check their connection. How do I disable that ethernet interface to stop responding to ping requests (ICMP i suppose) Charles ___ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26280&t=26268 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Broadcast suppression on the Cat6k [7:26180]
I have worked with it on 5500's. Customer is a large Novell shop and would periodically have some interesting broadcast storms. Usually a print server and a tech's PC would get into some kind of argument. Works good. I set the limits ~20%-30%. Low enough to stop any device from getting to excited, yet high enough for a Novell client to boot up and yell "gimmie a server, gimmie a server, gimmie a server, gimmie a server, gimmie a server, gimmie a server," good luck, send me anymore question about it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Duchin Sent: Tuesday, November 13, 2001 9:11 PM To: [EMAIL PROTECTED] Subject: Broadcast suppression on the Cat6k [7:26180] Anyone mess with this feature... recommendations? Thanks, Jeff Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26187&t=26180 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NetWare Core Protocol over TCP [7:26131]
A customer of mine is preparing for a conversion from Netware IPX to IP only. Total network is 350+ servers. 98% are Netware 5.1. On Netware 5.1, when 2 servers can communicate through IP they will use IP for all communications. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Priscilla Oppenheimer Sent: Tuesday, November 13, 2001 1:07 PM To: [EMAIL PROTECTED] Subject: NetWare Core Protocol over TCP [7:26131] I am interested to know how many people use NetWare Core Protocol (NCP) over TCP. Like Howard, I didn't think this was the normal way of handling a migration from IPX to IP, although it certainly makes sense. So, a survey: can people on the list let us know if they use this? Note: I'm not criticizing Kevin, just gathering information. Regarding PEP, I did some research too. I couldn't find any proof that the transport-like part of NCP was based on PEP, which I thought disappeared, but it does make sense. The service provided by PEP is essentially the same as the service that NCP provides in its "integrated transport" level, to use Howard's great terminology. I would love to get a Sniffer trace of NCP over TCP. I have a rather old version of Sniffer but a brand new version of EtherPeek. Also I know NCP really well so I might recognize some stuff even if the decoder doesn't. The packet you sent before is just the TCP SYN. Do you have something later in the session with some NCP data? Could you send me (not the list) an attachment of a cleaned up trace file? I'll acknowledge you in my new book! ;-) THANKS. Priscilla At 12:26 AM 11/13/01, [EMAIL PROTECTED] wrote: >5.0 with an unmanageably large number of service pack applications. > >I believe the NWIP encapsulation as a preferred means of exchanging packets >idea was buried with version 4. NW 5 servers may be installed with support >for either or both protocol stacks. > >There exist various modules centering around the acronym cmd which >allegedly facilitate hybrid environments slated to migrate to ip only. It's >possible that servers thus configured encapsulate ipx within ip, but I'm >far too undermotivated to ascertain the validity of that guess. > >I suppose that Novell has been fairly successful at obscuring the original >meaning of PEP: many hits on general web searches turn up some documents on >programmatically generating & sending ipx packets in the name of fine-tuing >network diagnostic tools such as DOOM. Seaching Novell leads you to >conclude that it refers to their Professional Education Program. > > > > > >"Howard C. Berkowitz" @groupstudy.com on 11/12/2001 06:22:40 >PM > >Please respond to "Howard C. Berkowitz" > >Sent by: [EMAIL PROTECTED] > >To: [EMAIL PROTECTED] >cc:(bcc: Kevin Cullimore) >Subject: RE: What frame format used by TCP/IP? [7:25924] > > > >In contrast to the IPX-based implementation described below, packet > >captures seem to reveal that NCP DOES rely on a transport layer when using > >IP as a network layer mechanism. > >What version of NetWare? It's my understanding that 5.x is native >TCP/IP with encapsulated IPX available for backwards compatibility. > >Incidentally, older IPX-based NCP had an integrated transport >function, not SPX but something called PEP. > > > > > Flags:0x00 > > Status: 0x00 > > Packet Length:66 > > Timestamp:19:09:38.677828 03/12/2001 > >Ethernet Header > > Destination: 00:90:7F:0F:0B:D5 > > Source: 00:10:A4:F5:5A:66 > > Protocol Type:0x0800 IP > >IP Header - Internet Protocol Datagram > > Version: 4 > > Header Length:5 (20 bytes) > > Precedence: 0 > > Type of Service: % > > Unused: %0 > > Total Length: 48 > > Identifier: 14671 > > Fragmentation Flags: %010 Do Not Fragment > > Fragment Offset: 0 (0 bytes) > > Time To Live: 128 > > IP Type: 0x06 TCP > > Header Checksum: 0xF3B3 > > Source IP Address:210.225.86.53 > > Dest. IP Address: xxx.xxx.xxx.x xxx.xx.xx.xxx > > No Internet Datagram Options > >TCP - Transport Control Protocol > > Source Port: 2583 > > Destination Port: 524 NCP > > Sequence Number: 1273813107 > > Ack Number: 0 > > Offset: 7 > > Reserved: %00 > > Code: %10 > > Synch Sequence > > Window: 16384 > > Checksum: 0x44D7 > > Urgent Pointer: 0 > > TCP Options: > > Option Type:2 Maximum Segment Size > > Length: 4 > > MSS:1460 > > Option Type:1 No Operation > > Option Type:1 No Operation > > Option Type:4 > > Length: 2 > > Opt Value: > > TCP Data Area:No more data. > >Frame Check Sequence: 0x04007C00 > > > > Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26
RE: Switch Question [7:25704]
Etherchannel make the link 1 logical connection. Therefore, one STP interface. If one link fails it becomes a single connection, so you are still up. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of DAGENHARDT Frank Sent: Thursday, November 08, 2001 1:04 PM To: [EMAIL PROTECTED] Subject: Switch Question [7:25704] I have dual Gigabit trunk links connecting my two Catalyst 4003 switches. My STP type is IEEE. If I configure those two links as Etherchannel will one of those links still be blocked by STP? Or will the Etherchannel trunk be viewed by STP as only one link. Is there any disadvantage to doing this instead of letting it be blocked by STP for redundancy. Thanks Frank Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=25709&t=25704 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 7206 VXR???? [7:24692]
Yes, Its a very good router. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Raul De La Garza III Sent: Tuesday, October 30, 2001 2:19 PM To: [EMAIL PROTECTED] Subject: 7206 VXR [7:24692] Has anyone had any experience with a Cisco product called the 7206 VXR router? Raul De La Garza III CCDP NNCSS MCSE CNE "Rome has spoken; the cause is finished." -St. Augustine (354-430) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24704&t=24692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN and IPX [7:24641]
The config is correct, although you need to find out what IPX encapsulation is. Probably 802.2. I would put the commands in this way; interface vlan 2 ip address .. ipx network 101 encapsulation sap interface vlan 3 ip address ipx network 102 encapsulation sap -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Cisco Breaker Sent: Tuesday, October 30, 2001 6:09 AM To: [EMAIL PROTECTED] Subject: VLAN and IPX [7:24641] Hi all, I have a customer that uses both Novell and NT. We upgraded their LAN with 6500 and 3500 switches. Now we will implement VLANs. I know how to configure VLAN for IP but never done it with IPX. I red the docs on cisco but I have a question on my mind. As I know the customer only give a network IPX number to the server and clients get their Network numbers from the server. If I put the server on a different VLAN will the router give a network number to clients or will I have to show the way to clients to reach the server. My guess is this interface vlan 2 ip address .. ipx network 101 (this is the network where the server is) interface vlan 3 ip address ipx network 102 (this is the network where clients will be) If I configure my router like this will clients able to find the server or what should I do? Best regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24653&t=24641 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Working for a consulting company [7:3676]
I liked the travel more than my wife. I was flying home Friday afternoon and flying out Sunday afternoon. That was 4 years ago and I still haven't used the free Frequent Flyer ticket I earned. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, October 26, 2001 11:07 AM To: [EMAIL PROTECTED] Subject: RE: Working for a consulting company [7:3676] Seems like a pretty interesting job, that explains my bordom, here in the office, i wish i could find a consulting job with 80% travel. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, October 26, 2001 8:07 AM To: [EMAIL PROTECTED] Subject: RE: Working for a consulting company [7:3676] I have been in the networking business for 7 years and have worked at both consulting companies and in-house at businesses. I prefer consulting. I travel at most 1 every 3 months and usually 1 night/2day. I work for a Chicago based company, but I am in Springfield, IL, the State Capitol. I have been at the same customer for 3 years. When I need a break I call me boss and say "find me a project" and I go to Chicago for a couple of days. This works really well keeping me up to date on new technology. At a previous company, the boss walked in one day and said "You are going on the road for a major bank. I was gone 3-4 weeks a month in some places like South Dakota, Nebraska, Montana. This project lasted 4 months, when it was over we were laid off. I still prefer consulting, because I get more exposure to new technology. When I worked for non-consulting companies, I tended to install things and then watch it run for 6 months. I got real bored. When interviewing with consulting companies find out what they expect for travel. Somewhere like Chicago you could work 100% of the time in the greater Chicago area. Other times you will be flying around the company. What do you want? What do they expect?? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of David John Sent: Friday, October 26, 2001 4:17 AM To: [EMAIL PROTECTED] Subject: Working for a consulting company [3:3676] Hi Group, I have a MCSE, CCDA and CCNP and will finish my CCDP within a month. I am considering working for a consulting company and I would like some one to tell me a little about the daily life of an engineer working with a consulting company. What should I expect to be doing on a daily basis? do I have to go to customer sites often? do I have to travel a lot? Will I have a lab available for testing and practice? Will I get more experience working with customer or with a consulting company? Thanks David John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24268&t=3676 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Working for a consulting company [7:3676]
I have been in the networking business for 7 years and have worked at both consulting companies and in-house at businesses. I prefer consulting. I travel at most 1 every 3 months and usually 1 night/2day. I work for a Chicago based company, but I am in Springfield, IL, the State Capitol. I have been at the same customer for 3 years. When I need a break I call me boss and say "find me a project" and I go to Chicago for a couple of days. This works really well keeping me up to date on new technology. At a previous company, the boss walked in one day and said "You are going on the road for a major bank. I was gone 3-4 weeks a month in some places like South Dakota, Nebraska, Montana. This project lasted 4 months, when it was over we were laid off. I still prefer consulting, because I get more exposure to new technology. When I worked for non-consulting companies, I tended to install things and then watch it run for 6 months. I got real bored. When interviewing with consulting companies find out what they expect for travel. Somewhere like Chicago you could work 100% of the time in the greater Chicago area. Other times you will be flying around the company. What do you want? What do they expect?? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of David John Sent: Friday, October 26, 2001 4:17 AM To: [EMAIL PROTECTED] Subject: Working for a consulting company [3:3676] Hi Group, I have a MCSE, CCDA and CCNP and will finish my CCDP within a month. I am considering working for a consulting company and I would like some one to tell me a little about the daily life of an engineer working with a consulting company. What should I expect to be doing on a daily basis? do I have to go to customer sites often? do I have to travel a lot? Will I have a lab available for testing and practice? Will I get more experience working with customer or with a consulting company? Thanks David John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24251&t=3676 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: which is the best [7:23902]
With EIGRP you can implement areas similar to OSPF or ISIS. You would want to keep subnets with in the same EIGRP "area". Just configure routers with different EIGRP #'s and send summary updates into the different areas. I know a very very very large network doing this. ^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^- Bill Carter CCIE 5022 "To accomplish great things, we must not only act, but also dream; not only plan, but also believe. -Anatole France ^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kim Edward B Sent: Tuesday, October 23, 2001 3:06 PM To: [EMAIL PROTECTED] Subject: RE: which is the best [7:23902] If it is cisco only environment, I would prefer EIGRP. Less CPU and Memory requirement (which means less expensive routers in some cases and also more free CPU and Memory for the routers). Also I believe they have better convergence time than OSPF. As Mr. Lupi mentioned, while OSPF's metric is based on bandwidth, the EIGRP can be based on (bandwidth, delay and also MTU, load, reliability as necessary). For example, if you have F/R of 512K and 256K, OSPF will use the 512K. You could make it to use the 256K to load balance by the bandwidth statement but it won't be really true load balancing. EIGRP can via variance and other ways. Con is the proprietary Routing protocol. In the future if you acquire non cisco network, you could still use the redistribution. So if you have only cisco network, I would prefer EIGRP. Lastly, OSPF's more hierarchical design than EIGRP(OSPF areas, stubby, total and not so stubby, etc) can scale better in bigger network, but for the given router numbers (50), EIGRP fits better in my opinion. I don't know what I'm trying to say here... For the given condition, I would go with EIGRP, but if you are planning to expand and also possibly acquire non-cisco routers OSPF might be better. Sorry for the confusion. My .02 cents. Ed -Original Message- From: Lupi, Guy [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 23, 2001 11:21 AM To: [EMAIL PROTECTED] Subject: RE: which is the best [7:23902] I prefer OSPF, only because if you decide to put a device that is not a Cisco on the network you don't have to run 2 routing protocols. Your decision would have to be based on your needs also, EIGRP has a couple of features that OSPF does not that you may want, such as load balancing across links that do not have equal metrics. Guy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 23, 2001 10:53 AM To: [EMAIL PROTECTED] Subject: which is the best [7:23902] In a medium (50 routers) cisco only environment which routing protocol would be prefered ... EIGRP or OSPF ? What are the pros and cons ? Thanks Dave * DISCLAIMER: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23962&t=23902 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: vendor connection [7:23360]
I would send all external connections through the Firewall. ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tom Richs Sent: Thursday, October 18, 2001 9:29 AM To: [EMAIL PROTECTED] Subject: vendor connection [7:23360] Typically if you're a company that has may 5 to 7 vendors that you need to connect to, in terms of the WAN connetion, what is the best approach: - have these vendor WAN connections come in thru a WAN router and then have the WAN router go thru a firewall to get to your corporate LAN or - have these vendor WAN connections connected directly connected to your usual WAN router for and just use access-lists to filter things instead of a firewall. or another idea ? Thanks. Tom _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23372&t=23360 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Inputs on syslog server reqd... [7:22168]
You might want to look at Cisco Resource Manager Essentials. It has a good syslog tool that lets you look and messages broken down by either severity level or device. http://www.cisco.com/warp/public/cc/pd/wr2k/rsmn/ ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ramu Perumal Sent: Friday, October 05, 2001 8:37 AM To: [EMAIL PROTECTED] Subject: Inputs on syslog server reqd... [7:22168] Hi all, I have a requirement to monitor all the cisco devices(switches, routers, IGX, PIX etc) in my network...I need to install a Syslog server to log all events from all the boxes...Can I install a single syslog server and log events for all the devices... need ur expert comments Thanks in advance Ramu __ Do You Yahoo!? NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=22219&t=22168 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Multihomed full routes on a 3640? [7:22269]
Here is a trick I learned. I couldn't believe how many prefixes I learned with a /25-/30. Most of these also had /16 or /24 which covered the larger prefixes. I wanted limit the number of prefixes will prefixes longer than /24. router bgp AS# neighbor X.X.X.X prefix-list NoSmall in ! ! ip prefix-list NoSmall seq 10 permit 0.0.0.0/0 le 24 then clear ip bgp X.X.X.X soft in ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Neiberger Sent: Friday, October 05, 2001 4:20 PM To: [EMAIL PROTECTED] Subject: OT: Multihomed full routes on a 3640? [7:22269] Yes, I am the King of the Off Topic Post lately. I apologize. I've checked the archives and I didn't see anything recent on this. Besides, what I did find was a bunch of disagreements and I wasn't able to come to a conclusion. Here's the situation: We are multihomed to two providers using a 3640 with 128MB of RAM. Earlier today I was taking customer routes from both (37,000 and 8,500 respectively.) I had 87MB of RAM free so I thought I'd allow the second provider to send me full routes. After changing that I still have 57MB of RAM free. So, an increase of 96,000 routes only decreased my available RAM by around 30MB. Now I'm considering allowing the other provider who is already sending 37,000 routes to send a full table, as well. Am I asking for trouble by accepting full routes from two providers with this setup? It seems to me that adding another 70k routes from the first provider would only use up another 20MB of RAM or so, leaving about 30MB to play with. Would you agree that this is enough wiggle room or should I leave it alone now and play it safe? Thanks, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=22279&t=22269 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Way OT but pretty funny.... [7:21210]
Violent Femmes "Why can't I get..Just one Screw?" -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Neiberger Sent: Wednesday, September 26, 2001 3:30 PM To: [EMAIL PROTECTED] Subject: Way OT but pretty funny [7:21210] Sorry, this really struck me as funny and I didn't have anyone else to share it with.I'm hoping that this--while not hilarious--will give someone a few laughs. The humor should be apparent. http://accessories.us.dell.com/sna/productdetail.asp?Sku=97580&customer_id=1 9&spagenum=5&page=dellitems.asp&icompatid=108891&docid=6158 Long link, sorry Regards, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21224&t=21210 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Catalyst 4000 Configuration [7:20996]
same. ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ray Smith Sent: Tuesday, September 25, 2001 9:22 AM To: [EMAIL PROTECTED] Subject: Catalyst 4000 Configuration [7:20996] Guys, Is there a difference with configuring the Catalyst 4000 as oppose to a Catalyst 5000? Is the operating system the same or even similar? Ray _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21001&t=20996 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cute IPX addresses compiled [7:20864]
D00BE ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Monday, September 24, 2001 6:36 AM To: [EMAIL PROTECTED] Subject: Re: Cute IPX addresses compiled [7:20864] In a message dated 9/23/01 10:11:27 PM Central Daylight Time, [EMAIL PROTECTED] writes: << Subj: Cute IPX addresses compiled [7:20864] Date: 9/23/01 10:11:27 PM Central Daylight Time From: [EMAIL PROTECTED] (Dennis Laganiere) Sender:[EMAIL PROTECTED] Reply-to: [EMAIL PROTECTED] (Dennis Laganiere) To:[EMAIL PROTECTED] Dennis, How about the obvious one:CC1E Rob H. NP, DP, blah,blah,blah... I compiled all the cute IPX network names people sent me and am providing them here for future reference. I know we don't see much IPX anymore, but it's still fun to reminisce about our youth... 1DEA (idea), 82FA57 (ate too fast), ACE5, AD, AD0 , AD0BE, B00B00, B0D1CE (bodice), B0D1ED (bodied), BA5EBA11, BABEFACE, BAD, BAD1DEA (bad idea), BADBABE, BADBEEF, BADC0FEE, BADDAD, BE, BEAD, BEAD0FF, BEBAD, BED, BEE, BEEFFEED, C0DEDEAD, CAB, CAD, DEAD, DEADBEEF, DEAF, DEAF0AF, F005BABE , F00D, FA11, FACE, FAD0, FADE, FEED and of course, the scourge of the technology world DECAF. Hope this is as much fun for you guys as it is for me... Thanks all... --- Dennis Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20915&t=20864 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Can some PIX expert please respond.... [7:20858]
I believe this is a bug. I have the same issue with 6.0(1) Not sure if 6.1(1) fixed it. ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Urooj's Hi-speed Internet Sent: Sunday, September 23, 2001 8:06 PM To: [EMAIL PROTECTED] Subject: OT: Can some PIX expert please respond [7:20858] Hi Folks, I am trying to get timestamps alongwith my 'syslog' output by using the PIX command "logging timestamps". However, even with this command, whenever I do a "show syslog", I fail to see any timestamps logged. Am I missing something ??? How can I append timestamps with the "syslog messages". Or timestamps cannot be appended in "show syslog" when I use the command "logging buffered debugging" & "logging timestamps", i.e. when I use the internal buffer of PIX to log syslog messages ? Can someone please advise me. Thanks. Aziz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20914&t=20858 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Which testing site is better? Halifax or RTP [7:20904]
I thought Halifax was a great place to test. The town is beautiful and relaxing. Great seafood and our Canadian friends know how to make a good Beer. When there go to the waterfront area have a nice C$12.00 Lobster dinner and visit the Titanic museum. Oh ya, no complaints about the testing facility. Can't stress enough the importance of the laid back atmosphere in Halifax. You don't want to be stressed out before you arrive at the Testing center. ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 24, 2001 10:30 AM To: [EMAIL PROTECTED] Subject: Which testing site is better? Halifax or RTP [7:20904] Hi everyone, this is my fist post. I just signed up for Halifax for May 27th, 2002. Which testing site do you preffer, Halifax or RTP? Thanks, Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20916&t=20904 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Serious advice needed from CCIE [7:19800]
Get a 5500 instead. ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dan Faulk Sent: Thursday, September 13, 2001 11:23 AM To: [EMAIL PROTECTED] Subject: Serious advice needed from CCIE [7:19800] Looking to add a switch to the lab and this product line is giving me fits. Looks like the switch of choice for the CCIE rack is the 6500. Of course this is far and away outside my price range. Any suggestions please? Thanks Dan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19804&t=19800 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: spid and ldn numbers [7:19752]
ldn number. Just like a telephone number. ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Lists Wizard Sent: Thursday, September 13, 2001 8:31 AM To: [EMAIL PROTECTED] Subject: spid and ldn numbers [7:19752] Hi Group, I am realy confused about spid and ldn numbers. Which one will a remote user use to dial into my isdn router? Thanks Lw __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19770&t=19752 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: how to make a router firewall? [7:18268]
He also has a BGP config that is real good. ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sam Deckert Sent: Monday, September 10, 2001 11:09 AM To: [EMAIL PROTECTED] Subject: Re: how to make a router firewall? [7:18268] Thanks for that link Bill - it rocks! Sam. - Original Message - From: "Bill Carter" To: Sent: Tuesday, September 11, 2001 1:23 AM Subject: RE: how to make a router firewall? [7:18268] > Rob Thomas has done some good work on this. > > http://www.cymru.com/~robt/Docs/Articles/secure-ios-template.html > > ^-^-^-^-^-^-^-^-^-^-^ > Bill Carter > CCIE 5022 > ^-^-^-^-^-^-^-^-^-^-^ > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > William Gragido > Sent: Wednesday, September 05, 2001 1:01 PM > To: [EMAIL PROTECTED] > Subject: RE: how to make a router firewall? [7:18268] > > > The firewall IOS is quite good however, if you do not wish to utilize it you > can simply create ACLs that reflect your desires accordingly. ACLs are in > laymans terms, the low brow fire wall rule set so have at it! > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Jim Bond > Sent: Sunday, September 02, 2001 8:57 PM > To: [EMAIL PROTECTED] > Subject: how to make a router firewall? [7:18268] > > > Hello, > > I'm trying to make a 1720 router as firewall. What IOS > should I use? What ACLs should I put in the router? My > understanding on firewall is to allow outgoing traffic > and block incoming traffic unless it's originated from > inside, is it correct? > > Thanks in advance. > > Jim > > __ > Do You Yahoo!? > Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger > http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19292&t=18268 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: how to make a router firewall? [7:18268]
Rob Thomas has done some good work on this. http://www.cymru.com/~robt/Docs/Articles/secure-ios-template.html ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of William Gragido Sent: Wednesday, September 05, 2001 1:01 PM To: [EMAIL PROTECTED] Subject: RE: how to make a router firewall? [7:18268] The firewall IOS is quite good however, if you do not wish to utilize it you can simply create ACLs that reflect your desires accordingly. ACLs are in laymans terms, the low brow fire wall rule set so have at it! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Bond Sent: Sunday, September 02, 2001 8:57 PM To: [EMAIL PROTECTED] Subject: how to make a router firewall? [7:18268] Hello, I'm trying to make a 1720 router as firewall. What IOS should I use? What ACLs should I put in the router? My understanding on firewall is to allow outgoing traffic and block incoming traffic unless it's originated from inside, is it correct? Thanks in advance. Jim __ Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19274&t=18268 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: EIGRP Network wild card bits [7:18827]
I had heard that this feature was added to special IOS version distributed to a couple a SP's. Glad to see it finally making it to mainstream. ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Copabano Sent: Thursday, September 06, 2001 11:16 AM To: [EMAIL PROTECTED] Subject: EIGRP Network wild card bits [7:18827] To all, I ran into something rather odd. In configuring a set of routers I found that in version 12.0.(5)T1 you can add wild card bits to the network statement in EIGRP. Other routers running a slightly older revision only allow the "network". Is this something new in EIGRP to control which interfaces "talk" EIGRP instead of controlling this function with a "distribute list"?? Or do I have a Friday load. Your comments?? __ Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18851&t=18827 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Load Sharing vs Load Balance [7:18821]
Now for those famous words"It depends." In the most basic setup you could have two ISP connections. Use ip default-network command to establish default routes to both providers. This would give you either per-packet or per-destination load balancing for outbound traffic. Inbound traffic would be dependent on the Internet Route table of the ISPs. Technically you could ask both ISP's to announce reachability to your network. Real world, your IP subnet block probably belongs to a larger subnet block of your ISP's so the providers may not want this to happen. Here is what we have done for our customers. We have the customer acquire a BGP AS number and IP subnet (www.arin.net). You have to talk to the ISP's about running BGP with them. I think it is better to have 1 router per ISP (3620 full of DRAM. Your routers will announce reachability for you network to both providers. Both routers accept full BGP routes and your routers run iBGP. Set up HSRP on the Ethernet Interfaces (tracking the serial interfaces) facing your LAN (usually outside int of Firewall). A Crossover Ethernet cable connects the second Ethernet interface on the routers for the iBGP link. With this configuration all traffic coming from you LAN will enter the same router. Depending on the route tables, internal traffic will enter the HSRP router and then either exit to the Internet or jump to the other router then exit. Inbound traffic is harder to control. AS-prepending can be used to make one path look less desirable than the other. You will probably never get 50% inbound traffic into router A and 50% in router B. Alternative... You may want to ask an ISP for 2 Internet connections coming from 2 different POPs. This will give you some redundancy and save you the hassle of the BGP stuff. If you go with a larger provider (Qwest, ATT, Sprint, etc.) The redundancy will be fine. Let me know if you have more questions. ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE #5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of DBates Sent: Thursday, September 06, 2001 10:59 AM To: [EMAIL PROTECTED] Subject: Load Sharing vs Load Balance [7:18821] Can any one tell me the difference between load sharing and load balancing ? I would like my company to use two different ISP connections and load balance between the two. Is this a case for BGP Thanks, Dennis Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18844&t=18821 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Recertification [7:18687]
I used Large-Scale IP Network Solutions, Raza and Turner ISBN:1-57870-084-1 I think the CCIE Professional Development series books are good Recert Study tools. Be warned, the recerts are not easy tests. ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Wayne & Therese Lawson Sent: Wednesday, September 05, 2001 4:01 PM To: [EMAIL PROTECTED] Subject: CCIE Recertification [7:18687] Hello - I'm attempting my 1st CCIE recert - I was wondering what resources people on the forum have used and been successful with. Thanks! - Wayne CCIE # 5244 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18793&t=18687 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Version IOS for "Code Red" Nbar [7:18637]
I am trying to configure NBAR for the "Code Red" fix. I have a 2600. I want IOS to support FW/IDS. I have tried it with 12.1(5)T7 and T10. Each time I enter the command: match protocol http url "*default.ida*" The router reboots. Are any of you using NBAR with FW/IDS?? What version works??? ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18637&t=18637 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP unnumbered [7:18250]
The Loopback Interface is useful in OSPF, BGP, for network management. If a loopback will have 2-3 uses anyway, why not throw in ip unnumbered. If someone is dead set against loopback, you could use interface serial 0/0 ip unnumbered interface ethernet 0/0 ip address 10.1.1.1 255.255.255.0 no keepalive The Ethernet interface would always be up!! ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael L. Williams Sent: Tuesday, September 04, 2001 5:49 PM To: [EMAIL PROTECTED] Subject: Re: IP unnumbered [7:18250] Dave, I agree totally with your statement, however, I don't understand why you say that if you use ip unnumbered pointing to a LoopBack interface that nullifies the point of using unnumbered (to save IPs). You can still use a single IP address on a LoopBack not waste more by putting separate IPs on each p-t-p link.. Mike W. "MADMAN" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Brett gives a good example that will work just fine but I would not > recommend using IP unnumbered. With RFC 1918 you have more IP addesses > than your going to need so no problems with using registered addresses > on p-to-p links. troubleshooting also becomes trickier but if you > insist on using them then use a loopback interface, but then a primary > argument is shot, burning IP addreses. > > Dave > > Brett Hairbottle wrote: > > > > Hi > > > > Instead of using a "numbered link" you can use ip unnumbered to connect > > sites. > > Example: > > > > Router A: > > interface fastethernet 0 > > ip address 10.100.2.1 255.255.255.0 > > interface serial 0 > > ip unnumbered fasthethernet 0 > > > > Router B: > > interface fastethernet 0 > > ip address 10.100.31 255.255.255.0 > > interface serial 0 > > ip unnumbered fasthethernet 0 > > > > now instead of assigning a ip address to each serial port you can use the > ip > > unnumbered command > > > > Brett Hairbottle > > Network Administrator > > CCNA > > - Original Message - > > From: "sami natour" > > To: > > Sent: Sunday, September 02, 2001 10:33 PM > > Subject: IP unnumbered [7:18250] > > > > > Hello everybody, > > > I know how to cinfigure IP unumbered but I do not know > > > any practical scenario that I make use of this > > > feature.Any body has specific scanrios where I can > > > use ip unnumbered . > > > > > > Regards , > > > sami > > > > > > > > > __ > > > Do You Yahoo!? > > > Get email alerts & NEW webcam video instant messaging with Yahoo! > > Messenger > > > http://im.yahoo.com > -- > David Madland > Sr. Network Engineer > CCIE# 2016 > Qwest Communications Int. Inc. > [EMAIL PROTECTED] > 612-664-3367 > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18604&t=18250 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX - NAT 0 problems this weekend [7:18471]
Last week I talked with some TAC engineers about running NAT 0 on a PIX. This weekend I upgraded a customers site by placing Web servers in a DMZ. For various reasons, I did not want to privately address the web servers and use static translations. Some TAC engineers said there are ongoing discussions about whether to use NAT 0 or Static translations to the real addresses. During our cutover I learned what they were talking about...;> This involved a PIX 515 running 5.3(1). 10:15pm - nat (DMZ) 0 0 0. I threw in the command, moved to my PC on the outside segment, typed in http://X.X.X.10. Viola!! Up came my web page. Done, I'm ready to head for the hotel!!! But first, the client ordered take out (Free Dinner!!) and it was time to eat. Had some pretty good Vietnamese food while discussing how smooth everything went... 10:45pm - After dinner. From my PC I try to hit the web page. DDOOOHH!!! No web page!!! Try some pings (Access-list allowed ping for the time-being), nothing. A show xlate reveals there is no xlating going on :~ Piece of #$@&. Can I get some water, dinner was hot!! 11:15pm - Using my keen sense of recall, I try the TAC suggestion of static (DMZ,outside) X.X.X.0 X.X.X.0 255.255.255.128. From outside try the web page, viola!!! works. 11:45pm - Start packing the bag, ask the customer to try. DDOOO!!! No web page. Walk from customer desk to Computer room, shut door, let explicatives fly (for 5 minutes) 12:01am - Its tomorrow gggrrr!! Call TAC, ticktickticktick. 12:50am - Finally hear from TAC. 3 day weekend, everyone is doing upgrades tonight. Oohhh the glamourous life of a consultant!!! TAC says config is right, do some dinking around, it works!!! 1:45am - Pack the bags, ask the customer to try..(you guessed it) DDD!!! stopped working!!!@#$@@#! Enough of this @#$%. http://www.cisco.com/kobayashi/sw-center/sw-ciscosecure.shtml 2:00am - Start upgrading..Since the customer has so wisely chosen the failover bundle we get to upgrade 2X. 2:30am - PIX's are rebooted after upgrade, test the web pages. Excellent! Pack the bags, ask customer to test...Everything works..Time to go home.. Moral of the story. NAT when you can, but if you can't, static (DMZ,outside) X.X.X.0 X.X.X.0 255.255.255.128 is better than nat (DMZ) 0 0 0 and PIX code 6.0(1) is much better than 5.3(1) ps. TAC support was excellent. I don't intend for this to be derogatory against TAC. ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18471&t=18471 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX static command and em_limit - SYN attack [7:17994]
I am installing a PIX. In the static commands the last switch is for the limit on embryonic connects. static (DMZ,outside) X.X.X.15 192.168.1.13 netmask 255.255.255.255 0 0 <--- Every sample configuration I have seen leaves this value at 0. I hate to bring logic into this but, logic tells me that I would want to put a limit on embryonic sessions to protect against SYN attacks. What is a reasonable limit to put on this balancing security and availability? 20, 100, 500? What value do you use in real world implementations??? >From CCO: watch the wrap. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config/com mands.htm#xtocid1006867 The embryonic connection limit. An embryonic connection is one that has started but not yet completed. Set this limit to prevent attack by a flood of embryonic connections. The default is 0, which means unlimited connections ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17994&t=17994 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Passed Written [7:17466]
^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 29, 2001 9:03 AM To: [EMAIL PROTECTED] Subject: RE: Passed Written [7:17466] another helpful url is http://www.cisco.com/search ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 29, 2001 8:27 AM To: [EMAIL PROTECTED] Subject: RE: Passed Written [7:17466] whats the web site. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Christopher Supino Sent: Tuesday, August 28, 2001 6:35 PM To: [EMAIL PROTECTED] Subject: RE: Passed Written [7:17466] ASET is Cisco's CCIE mentoring program for resellers. They help you thru the certification process, and will even allow you some rack time once you have PAID for a lab. Sounds good, I was just wondering if anyone on the list had been through it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Allison Dan Sent: Tuesday, August 28, 2001 8:21 PM To: [EMAIL PROTECTED] Subject: RE: Passed Written [7:17466] Congratulations. I've been studying for it. Plan on taking it soon. What is the ASET program? Dan Allison CCNP, MCSE, CNE Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17683&t=17466 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Passed Written [7:17466]
^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 29, 2001 9:03 AM To: [EMAIL PROTECTED] Subject: RE: Passed Written [7:17466] another helpful url is http://www.cisco.com/search ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 29, 2001 8:27 AM To: [EMAIL PROTECTED] Subject: RE: Passed Written [7:17466] whats the web site. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Christopher Supino Sent: Tuesday, August 28, 2001 6:35 PM To: [EMAIL PROTECTED] Subject: RE: Passed Written [7:17466] ASET is Cisco's CCIE mentoring program for resellers. They help you thru the certification process, and will even allow you some rack time once you have PAID for a lab. Sounds good, I was just wondering if anyone on the list had been through it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Allison Dan Sent: Tuesday, August 28, 2001 8:21 PM To: [EMAIL PROTECTED] Subject: RE: Passed Written [7:17466] Congratulations. I've been studying for it. Plan on taking it soon. What is the ASET program? Dan Allison CCNP, MCSE, CNE Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17682&t=17466 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Passed Written [7:17466]
another helpful url is http://www.cisco.com/search ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 29, 2001 8:27 AM To: [EMAIL PROTECTED] Subject: RE: Passed Written [7:17466] whats the web site. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Christopher Supino Sent: Tuesday, August 28, 2001 6:35 PM To: [EMAIL PROTECTED] Subject: RE: Passed Written [7:17466] ASET is Cisco's CCIE mentoring program for resellers. They help you thru the certification process, and will even allow you some rack time once you have PAID for a lab. Sounds good, I was just wondering if anyone on the list had been through it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Allison Dan Sent: Tuesday, August 28, 2001 8:21 PM To: [EMAIL PROTECTED] Subject: RE: Passed Written [7:17466] Congratulations. I've been studying for it. Plan on taking it soon. What is the ASET program? Dan Allison CCNP, MCSE, CNE Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17673&t=17466 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: cisco 2503 [7:17663]
yes. http://www.cisco.com/warp/customer/793/access_dial/ip_nego.html ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of ofalt andy Sent: Wednesday, August 29, 2001 8:22 AM To: [EMAIL PROTECTED] Subject: cisco 2503 [7:17663] Can an ISDN Cisco 2503 with IOS 10.2 be configured to dial into an ISP that does not assign static IPs on its ISDN dial-in lines? You do not know the next hop router and the ISDN box on the ISPs end may or may not be a Cisco. Andy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17674&t=17663 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Logging debug messages [7:17107]
There is a bug when logging synchronous is used on the vty or console ports. I hit this issue also. ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Patrick Donlon Sent: Friday, August 24, 2001 7:18 AM To: [EMAIL PROTECTED] Subject: Logging debug messages [7:17107] I'm having a strange problem with a 2600 running 12.2(1a), after a short period of time (30 to 60 mins) the router will stop logging messages to the vty lines with terminal monitor. I can perform a show logging history and see the last message in the history but nothing is display as it happens, some details below have a look and if anyone can see what's wrong let me know, cheers Pat #sh logging Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns) Console logging: level debugging, 152 messages logged Monitor logging: level debugging, 233 messages logged Logging to: vty66(0) Buffer logging: disabled Logging Exception size (4096 bytes) Trap logging: level informational, 19 message lines logged #sh logging history Syslog History Table:1 maximum table entries, saving level warnings or higher 16 messages ignored, 0 dropped, 0 recursion drops 4 table entries flushed SNMP notifications not enabled entry number 5 : PARSER-3-BADSUBCMD Unrecognized subcommand 0 in exec command 'test crypto isa x.x.x.x x.x.x.x desmd5 ' timestamp: 699958 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17108&t=17107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Which Cisco router for SOHO/HOME Use ? [7:16583]
2524's are good because of the number of interfaces you get. do the 2524 come with interface cards?? If no interface cards come with it all you get is a 1 port Ethernet router. http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/cis2500/2524/ boa/boaovr.htm ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Wojtek Zlobicki Sent: Monday, August 20, 2001 3:23 PM To: [EMAIL PROTECTED] Subject: Which Cisco router for SOHO/HOME Use ? [7:16583] What router would one want to purchase for mostly home use (I will want to put together a CCNP/CCIE Lab in the future but for now, I would just like a Cisco router for my home network My choices for now are 1605R 1720/1750 2524 26XX ? Is there any reason why the 1605 would not be enough ? I see a number of 2524's on EBay , are the a nice router for home ? I would prefer to spend as little as possible of course but am willing to spend a little more for a better router. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16597&t=16583 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: To CSU/DSU or not to CSU/DSU [7:16368]
The WAN CSU/DSU is covered under smartnet!! ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Jones Sent: Friday, August 17, 2001 8:45 AM To: [EMAIL PROTECTED] Subject: To CSU/DSU or not to CSU/DSU [7:16368] Should I have the telecom people install a CSU/DSU or can I only use the WAN CSU/DSU module on a 1720 router? Also, what is the differences in using the two options. Thanks, xw _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16374&t=16368 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]