RE: show spanning-tree command and the port number [7:42239]

[Bill Carter]

Automajically!!! other than that I don't know.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Tony Chen
Sent: Monday, April 22, 2002 1:58 PM
To: [EMAIL PROTECTED]
Subject: RE: show spanning-tree command and the port number [7:42239]


Bill,

Thanks for the input, but how does int fa0/1 got translated into 13, and int
fa0/2 got translated to 14 and so on.

Tony

>>> "Bill Carter"  04/22/02 01:27PM >>>
I believe 13 is the ifindex number.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Tony Chen
Sent: Monday, April 22, 2002 11:19 AM
To: [EMAIL PROTECTED]
Subject: show spanning-tree command and the port number [7:42239]


The following is the captured output of command "show spanning-tree fa0/1"
on catalyst 2900XL.
What is the relationship between interface fa0/1 and port 13?  Where does
this number port 13 come from?




2900XL#show spanning-tree interface fastEthernet 0/1
Interface Fa0/1 (port 13) in Spanning tree 1 is FORWARDING
   Port path cost 19, Port priority 128
   Designated root has priority 8192, address 0010.0db1.7800
   Designated bridge has priority 32768, address 0050.8039.ec40
   Designated port is 13, path cost 19
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 2105, received 1
   The port is in the portfast mode


Tony



***
This message is a private communication.  If you are not the intended
recipient, please do not read, copy, or use it, and do not disclose it
to others.  Please notify the sender of the delivery error by replying
to this message, and then delete it from your system.  Thank you.


-
Visit http://www.ballfoundation.org for our latest news.
***
This message is a private communication.  If you are not the intended
recipient, please do not read, copy, or use it, and do not disclose it
to others.  Please notify the sender of the delivery error by replying
to this message, and then delete it from your system.  Thank you.


-
Visit http://www.ballfoundation.org for our latest news.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42258&t=42239
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: show spanning-tree command and the port number [7:42239]

[Bill Carter]

I believe 13 is the ifindex number.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Tony Chen
Sent: Monday, April 22, 2002 11:19 AM
To: [EMAIL PROTECTED]
Subject: show spanning-tree command and the port number [7:42239]


The following is the captured output of command "show spanning-tree fa0/1"
on catalyst 2900XL.
What is the relationship between interface fa0/1 and port 13?  Where does
this number port 13 come from?




2900XL#show spanning-tree interface fastEthernet 0/1
Interface Fa0/1 (port 13) in Spanning tree 1 is FORWARDING
   Port path cost 19, Port priority 128
   Designated root has priority 8192, address 0010.0db1.7800
   Designated bridge has priority 32768, address 0050.8039.ec40
   Designated port is 13, path cost 19
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 2105, received 1
   The port is in the portfast mode


Tony



***
This message is a private communication.  If you are not the intended
recipient, please do not read, copy, or use it, and do not disclose it
to others.  Please notify the sender of the delivery error by replying
to this message, and then delete it from your system.  Thank you.


-
Visit http://www.ballfoundation.org for our latest news.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42247&t=42239
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OSPF vs EIGRP [7:41613]

[Bill Carter]

I currently manage a Large network (300) routers running OSPF and IPX.  When
I first got here the network was Proteon routers.  The routers were severely
limited in memory.  Think 2500's with 8Mb RAM. We had a Cisco 5500 w/ RSM in
the core and started to replace the Proteons with Bay ASN.  So we had a
Proteon/Cisco/Bay OSPF network.  The only vendor compatibility problems were
Proteon vs. everything else.  The Bay's and Cisco's worked together fine.
The IPX network is very large.  900 routes and 3500 SAP's.  The Bay couldn't
handle it.  Honestly they were underspec'd (done before I got here).  So the
customer decided to replace the Bay with Cisco.  We now have 2 7206VXR's in
the core and 300+ 2600's in the remotes with about 20 3600's in regional
centers.  I like OSPF because or all the built in tweaks with different
areas etc.

I know of a much larger network here locally running BGP and EIGRP.  You can
do lot's with EIGRP in terms of different AS's and summarization.  They have
done some innovative things with the network and it works very well.  In
essence they have made an EIGRP network look and behave like an OSPF
network.

I would also look at IS-IS.  It is a clean, neat protocol.  I know many who
aren't in the SP area are scared of IS-IS but it is a great protocol.  Think
OSPF without the Area 0 concept.  You create different Areas of L1 routers
and tie them together with L1/L2 routers.

The primary problem in any large network is memory consumption on the
routers.  If all the routers must maintain full routing tables you can eat
up a lot of memory.  Whether you go OSPF, EIGRP, or IS-IS, you need to
segment the network into logical summarization boundaries.  I would draw out
your network from a layer-2 perspective, find the logical boundaries for
summarization, and then see what works for a routing protocol.  In a poorly
designed large network it doesn't matter if you are running OSPF, EIGRP, or
IS-IS.

Have I done a good job of not answering your question???  Email me if you
want to discuss this further.

Bill Carter
CCIE 5022


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Madory Douglas C 1Lt 603 ACS/LGC
Sent: Tuesday, April 16, 2002 10:21 AM
To: [EMAIL PROTECTED]
Subject: OSPF vs EIGRP [7:41613]


What experiences have people had in setting up and maintaining OSPF vs EIGRP
on a large network?

I'm aware of the proprietary implications of EIGRP and the basic differences
in design of the protocols - how they are _supposed_ to work, but, in
practice, would you say one is more stable / dependable / manageable than
the other?

Also, what about OSPF between Cisco and non-Cisco products? Do they always
work together like they're supposed to?

If you have some first-hand experience with this, I'd really like to hear
about it.

Thanks,
Doug.


 Douglas Madory,1st Lt
 Flt CC, C4I Systems
 603 ACS / LGC
 UVA '99 WAHOOWA!





Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=41620&t=41613
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Multi Vlan and cat4006 sup3 [7:41571]

[Bill Carter]

Sup3 is IP only right nowCome One Cisco at least get the IPX on there.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Cisco Breaker
Sent: Tuesday, April 16, 2002 9:04 AM
To: [EMAIL PROTECTED]
Subject: Re: Multi Vlan and cat4006 sup3 [7:41571]


Can you configure Appletalk routing between VLAN's on cat4006sup3?

Best regards,


""MADMAN""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I just got a supIII installed in the lab a couple days ago and I don't
> see any multi vlan options aside from a trunk:
>
> C4006SUPIII(config-if)#switchport ?
>   accessSet access mode characteristics of the interface
>   host  Set port host
>   mode  Set trunking mode of the interface
>   nonegotiate   Device will not engage in negotiation protocol on this
> interface
>   private-vlan  Set the private VLAN host association or promiscuous
> mapping
>   trunk Set trunking characteristics of the interface
>
>
> C4006SUPIII(config-if)#switchport acc
> C4006SUPIII(config-if)#switchport access ?
>   vlan  Set VLAN when interface is in access mode
>
>   As far as appletalk is concerned yes you need a appletalke capable
> router or bridge it.
>
>   Dave
>
>   As
>
> Cisco Breaker wrote:
> >
> > Hi All,
> >
> > Our customer wants to buy cat 4006 with sup3. But they use Appletalk. As
I
> > know the sup3 IOS doesnt support Appletalk routing yet, so I have to put
a
> > router for that, am I right?
> >
> >  And also is it possible to assign the server's port  into 2 vlans. If I
> can
> > put the server's port which is on the switch to 2 Vlans (multi Vlan) it
> will
> > be OK but is it possible?
> >
> > Any help will be appreciated.
> >
> > Best regards,
> >
> > Cisco Breaker
> --
> David Madland
> Sr. Network Engineer
> CCIE# 2016
> Qwest Communications Int. Inc.
> [EMAIL PROTECTED]
> 612-664-3367
>
> "Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=41614&t=41571
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IOS Documentation [7:41577]

[Bill Carter]

I have done this.  In a large network CiscoWorks 2000 Resource Manager
Essentials is invaluable.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Tim Champion
Sent: Tuesday, April 16, 2002 5:40 AM
To: [EMAIL PROTECTED]
Subject: IOS Documentation [7:41577]


I have recently been asked to document the various IOS images used within
our network to be used as a baseline. Has anyone had experience in putting
together this kind of document?
Many thanks in advance




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=41600&t=41577
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco work2000 [7:40325]

[Bill Carter]

Its giving you that message because you can't install CiscoWorks 2000 on a
PDC or a BDC.  It must be installed on either a WinNT or Win2K server that
is not a PDC or a BDC.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 03, 2002 8:03 AM
To: [EMAIL PROTECTED]
Subject: Cisco work2000 [7:40325]


Hi all

I have Cisco Works 2000 ,I tried to install it on a PDC with 2000 platform ,
the program which is called CD-ONE refused to be installed giving me a
message saying


the CD-ONE cannot complete the installation because of the following reasons

-  This is not Nt Workstation or NT server
-  This is a PDC/BDC

I am really confused why its giving me this message
help please

Ismail Al-shelh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=40351&t=40325
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: pix question [7:39560]

[Bill Carter]

show access-l

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 27, 2002 7:05 AM
To: [EMAIL PROTECTED]
Subject: pix question [7:39560]


whats the equivelent of show access-list on the pix

George Gittins
Internet Systems Manager
Weslaco, Tx 78599
Phone (956)9696557




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=39635&t=39560
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN Switch - Teleos [7:39556]

[Bill Carter]

Teltone is ok, easy config.  Sometimes can be flaky but reboots fix it.  I
found it is better to shutdown the bri interface.  make configuration
changes the no shut.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 26, 2002 12:43 PM
To: [EMAIL PROTECTED]
Subject: ISDN Switch - Teleos [7:39556]


Does anyone know of a good ISDN simulator ? I have a co-worker who bought a
Teleos Switch, but documentation is not easy obtainable and it appears a
complex device. Since the Teleos switch is not a sim, but an actual ISDN
switch I don't know anyone who has ever used it.

If you have any information on the Teleos products or a ISDN sim please
respond to this note. I am in the process of putting a CCIE lab together and
the ISDN switch/sim appears to be the hardest component to find.

Thanks

Derrick




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=39611&t=39556
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Problem in x.25 connection [7:39596]

[Bill Carter]

Last time I saw this the clock rate command was missing from the Cisco
interface config.  The tech said the config was good.  I looked through it
and saw it missing.  Don't know if he forgot or it disappeared.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
dovelet
Sent: Wednesday, March 27, 2002 7:20 AM
To: [EMAIL PROTECTED]
Subject: Problem in x.25 connection [7:39596]


Hi all,

I have a problem in x.25 connection and I hope someone can help me. I have a
Cisco 2501 router connected to a x.25 device. When I connected a Cisco V.35
DCE cable (Cisco generated clock signal [64k]) to that x.25 device, the
serial 0 is up but the line protocol is down. All the x.25 parameters of the
Cisco router and the x.25 device are same. When I start the "debug x25 all"
and "debug lapb", I got the follow debug messages:

---
1d2h: Serial0: LAPB T1 SABMSENT 1143506 2
1d2h: Serial0: LAPB O SABMSENT (2) SABM P
1d2h: Serial0: LAPB T1 SABMSENT 1143509 3
1d2h: Serial0: LAPB O SABMSENT (2) SABM P


However, when I connect a Black Box NULL modem box between them (Cisco cable
changed to V.35 DTE cable), the link protocol was up and connection can be
establish. I got the following debug messages:


2d04h: Serial0: LAPB O SABMSENT (2) SABM P
2d04h: Serial0: LAPB I SABMSENT (2) UA F
2d04h: Serial0: X.25 O R/Inactive Restart (5) 8 lci 0
2d04h:   Cause 0, Diag 0 (DTE originated/No additional information)
2d04h: Serial0: LAPB O CONNECT (7) IFRAME 0 0
2d04h: Serial0: LAPB I CONNECT (7) IFRAME 0 0
2d04h: Serial0: X.25 I R2 Restart (5) 8 lci 0
2d04h:   Cause 7, Diag 0 (Network operational/No additional information)
2d04h: Serial0: LAPB I CONNECT (2) RR (R) 1
2d04h: Serial0: LAPB O CONNECT (2) RR (R) 1
*Mar  3 04:47:58: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0,
changed state to up

-

FYI, the Black Box NULL modem box is a electronic device which will generate
clock signal [64k]

All the configuration of Cisco router and the x.25 device were unchange, so
I think it is not related to x.25 configuration. Anyone has idea?

Regards,
Dovelet




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=39607&t=39596
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Bridging and HSRP [7:39525]

[Bill Carter]

It relates to DECnet using the mac address of the interface to derive the
DECnet address.  You need to configure DECnet, then HSRP using standby
use-bia.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, March 26, 2002 8:26 AM
To: [EMAIL PROTECTED]
Subject: Bridging and HSRP [7:39525]


Greetings all,

I've a 6509 with 2 sups and MSFCs, running hsrp between both MSFCs.
Routing 5 vlans, two of those 5 vlan are also bridging decnet.  When
I've the standby interface up, users can't get out, if I shutdown the
standby interface all is good.  According to Cisco I've to enable
"standby use-bia" feature to prevent this problem.

Have you guys seen this before, and what causes this problem?  Just
looking for some education and solutions.


Thanks..Nabil - Hope I made my problem clear!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=39531&t=39525
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Upgrade to RME 3.3 [7:39056]

[Bill Carter]

I did the upgrade sort of.  We got a new server to run it on.  I did a fresh
install of 3.3 on the new Win2k server.  I then imported from a file to old
inventory list.  I has to manually import IOS and CatOS images.  3.3 is
definitely an improvement.  I just received word from TAC that 3.4 should be
out April/May.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Richard Tufaro
Sent: Thursday, March 21, 2002 12:02 PM
To: [EMAIL PROTECTED]
Subject: Upgrade to RME 3.3 [7:39056]


Hey been browsing around, and wondered if anyone took the leap to version
3.3 of RME with CiscoWorks 2K. We are using CiscoWorks 2K with RME 2.2 and I
wanted to know if anyone could share an experience. Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=39074&t=39056
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Flapping [7:38822]

[Bill Carter]

shutting down the interface doesn't work when testing backup interface.  The
router is pretty smart and can tell the difference between Admin down and
down.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Matthew Meiers
Sent: Tuesday, March 19, 2002 12:06 PM
To: [EMAIL PROTECTED]
Subject: RE: Flapping [7:38822]


Just use the shutdown command

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
PING
Sent: Tuesday, March 19, 2002 11:12 AM
To: [EMAIL PROTECTED]
Subject: Flapping [7:38822]

I am looking for some tool which can generate hardware line flaps.  I
have been doing this by going into the lab and manually jiggling the
interface cable at various intervals and watching the debug output on
the console.
I was wondering if there were any tools that would help me do this in a
smarter way?

Nadeem




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=38844&t=38822
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Flapping [7:38822]

[Bill Carter]

Screwdriver, wrench, hammer  do they cable need to work afterwards.

Sorry, couldn't help it..

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
PING
Sent: Tuesday, March 19, 2002 11:12 AM
To: [EMAIL PROTECTED]
Subject: Flapping [7:38822]


I am looking for some tool which can generate hardware line flaps.  I
have been doing this by going into the lab and manually jiggling the
interface cable at various intervals and watching the debug output on
the console.
I was wondering if there were any tools that would help me do this in a
smarter way?

Nadeem




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=38831&t=38822
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco IOS for 3524 switch [7:37544]

[Bill Carter]

That software version is fine.  I run it on 200 Cat 3500XL's and 2900XL's.
Sounds like you are have a duplex mismatch problem.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
sam sneed
Sent: Thursday, March 07, 2002 11:19 AM
To: [EMAIL PROTECTED]
Subject: Cisco IOS for 3524 switch [7:37544]


I am having strange problems with a Cisco Switch. Any devcie a pug into it,
switch hub whatever is really slow. I noticed the IOS is IOS (tm) C3500XL
Software (C3500XL-C3H2S-M), Version 12.0(5.2)XU, MAINTENANCE INTERIM
SOFTWARE

on a sh ver , what does MAINTENANCE INTERIM SOFTWARE
 mean?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37550&t=37544
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: pix HW upgrade in failover config [7:36812]

[Bill Carter]

This works well.  follow these steps for adding hardware.  Failover doesn't
work if hardware configurations are different.  You should
1. power down the primary
2. Install card in primary
2. power down secondary
3. power up primary
4. install card in secondary
5. power up secondary

Here is the tricky part.  I had installed additional Ethernet card.  The PIX
renumbered the ports so my config was invalid.  I had to basically enable
all of the ports and plug them in to a switch one at a time so I could
identify which port corresponded to which interface.  ugly!

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Patrick Ramsey
Sent: Thursday, February 28, 2002 10:48 AM
To: [EMAIL PROTECTED]
Subject: pix HW upgrade in failover config [7:36812]


Hey list,

Anybody ever used failover on the pix to upgrade hardware with minimal
downtime?  I'm wondering what exactly is goign to happen.  I want to take
the secondary offline, insert a gig module, then bring it back
onlinewill the difference in hardware cause issues with the config
sync?  I then want to bring the primary down and insert a gig module (or
vice versa)  Maybe I should bring the primary down first so when I bring it
back up, at least I will have one working firewall...?  anybody?

-Patrick


>  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. ("WellStar") and is intended only for the individual or entity to whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36829&t=36812
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: TWO ISP AND ONE FAILURE [7:36371]

[Bill Carter]

HSRP on the Ethernet Interfaces of your 2 routers.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Yassel Omar Izquierdo Souchay
Sent: Monday, February 25, 2002 9:11 AM
To: [EMAIL PROTECTED]
Subject: TWO ISP AND ONE FAILURE [7:36371]


Hello i have a frecuent porblem with one of my isp, i have two cisco routers
and each one to different isp. Frequentily i have to change the gateway of
one of my servers, because one isp is failure.
I want to know if with one of BGP, OSPF, RIP, NAT or other protocol i could
do the change automatically to the other active isp.
It happening me right now. And when i have to do that i have to reset one of
my servers.. :S. Is a costs operatrion its a mail server.
So if somebody knows how to resolve between routers with different isp each
one, how to route accross the other good gateway.

Thnx in advance
Yassl




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36385&t=36371
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco web product catalog [7:33926]

[Bill Carter]

the = means it is included in a product, like software on a router or a
blade on a switch.

Don't know why

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Muthuraja Ayyanar
Sent: Thursday, January 31, 2002 1:34 PM
To: [EMAIL PROTECTED]
Subject: Cisco web product catalog [7:33926]


Hi All ,

In the Cisco web site product catalog there are two identical entry for each
and every part # / description, namely the first one without = sign and the
second one with = sign.What exactly id the differnence between those two ??

For instance for 3620 IOS IP has the following two entries ??

Cisco 3620 Series IOS IP S362C-12104
Cisco 3620 Series IOS IP S362C-12104=
Thanks,
Muthu




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33962&t=33926
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE benefits [7:33872]

[Bill Carter]

If the device in question has Smartnet, a CCIE can automatically go to Level
2 live handoff.  They assume you have done the basic trouble shooting and
CCO research.  Not sure if CCIE gets free TAC support if there is no
smartnet.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Joe Carr
Sent: Thursday, January 31, 2002 10:39 AM
To: [EMAIL PROTECTED]
Subject: Fw: CCIE benefits [7:33872]


- Original Message -
From: Joe Carr
To: [EMAIL PROTECTED]
Sent: Thursday, January 31, 2002 10:26 AM
Subject: CCIE benefits


Does anyone know if a CCIE gets free TAC support? OR what other benefits
does
a CCIE receive




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33886&t=33872
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Internet Router? [7:33639]

[Bill Carter]

The highest I have seen was around 20% when I did a clear bgp ne *

Great boxes and the Ethernet interface is 100MB

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Hire, Ejay
Sent: Wednesday, January 30, 2002 1:02 PM
To: [EMAIL PROTECTED]
Subject: RE: Internet Router? [7:33639]


Have you checked the utilization on those 2650's?  I'd bet it's never gotten
above 15%.  The 2650's can handle a lot more than 1 t-1's worth of traffic.

-Ejay

-Original Message-
From: Bill Carter [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 30, 2002 12:24 PM
To: [EMAIL PROTECTED]
Subject: RE: Internet Router? [7:33639]


The 3640 will work for you.  I would definitely max out the RAM.  Some
others have commented about not needing full BGP route tables.  My customers
have been very happy with partial tables as described in the following CCO
link.  I have also had customers use 2 2650's, 1 T-1 per connection box,
HSRP on the Ethernet port and run IBGP between each other for optimal
routing.  I then configured them with the below link.

http://www.cisco.com/warp/customer/459/41.shtml

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Scott Nawalaniec
Sent: Tuesday, January 29, 2002 10:45 PM
To: [EMAIL PROTECTED]
Subject: Internet Router? [7:33639]


Hello Everybody,

I just want to run this by everyone for their input from experience.

Scenario:
I'm looking for a Cisco router that will be providing Internet connectivity
running BGP and that will be able to handle the capacity of 2 PTP T1's to
the Internet. I know minimum RAM will have to be 64mbs for BGP routes. I
just want to know what people have tried that does and doesn't work.

My choice would be a 3640 for future T1 expandability and/or a HSSI port.

Thank you for the input.

Scott




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33754&t=33639
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: FW: [INFOCON] - UNIRAS Briefing - 23/02 - Cisco - CatOS [7:33727]

[Bill Carter]

I have been happy with 6.3(4).  I would want to hold off on the 7.1(1).  No
experience with it, but it seems on the Cats early revisions can sometimes
be flaky.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Tay Chee Yong
Sent: Wednesday, January 30, 2002 8:00 AM
To: [EMAIL PROTECTED]
Subject: Re: FW: [INFOCON] - UNIRAS Briefing - 23/02 - Cisco - CatOS
[7:33684]


Hi,

Someone has any idea  which CatOS for Cat6k is a stable release? I am
currently using Release 6.1(1d), and I need to upgrade it. I am also
looking at Release 7.1(1) with SSH support. Any advise from the experts out
there??
Thanks

Regards,
Cheeyong

At 08:48 AM 1/30/02 -0500, Hire, Ejay wrote:
>-BEGIN PGP SIGNED MESSAGE-
>
>- -
-
>
>UNIRAS (UK Govt CERT) Briefing Notice - 23/02 dated 30.01.02  Time:
09:32
>  UNIRAS is part of NISCC(National Infrastructure Security Co-ordination
>Centre)
>- -
-
>
>   UNIRAS material is also available from its website at www.uniras.gov.uk
>and
>  Information about NISCC is available from www.niscc.gov.uk
>- -
-
>
>
>Title
>=
>Cisco CatOS Telnet Buffer Vulnerability
>
>Detail
>==
>
>- -BEGIN PGP SIGNED MESSAGE-
>
>Cisco Security Advisory: Cisco CatOS Telnet Buffer Vulnerability
>
>
>Revision 1.0
>
>For Public Release 2002 January 29 at 1500 UTC
>
>- - ---
-
>---
>
>Summary
>- - ---
>Some Cisco Catalyst switches, running certain CatOS based software
releases,
>have a vulnerability wherein a buffer overflow in the telnet option
handling
>can cause the telnet daemon to crash and result in a switch reload. This
>vulnerability can be exploited to initiate a denial of service (DoS)
attack.
>
>This vulnerability is documented as Cisco bug ID CSCdw19195. There are
>workarounds available to mitigate the vulnerability.
>
>This advisory will be posted at http://www.cisco.com/warp/public/707/
>catos-telrcv-vuln-pub.shtml .
>
>Affected Products
>- - -
>Cisco's various Catalyst family of switches run CatOS-based releases or
>IOS-based releases. IOS-based releases are not vulnerable.
>
>The following Cisco Catalyst Switches are vulnerable :
>
>   * Catalyst 6000 series
>   * Catalyst 5000 series
>   * Catalyst 4000 series
>   * Catalyst 2948G
>   * Catalyst 2900
>
>For the switches above, the following CatOS based switch software revisions
>are
>vulnerable.
>
>+--
-
>--+
>|   |   Release 4   |   Release 5   |  Release 6   |  Release 7
>|
>|   |   code base   |   code base   |  code base   |  code base
>|
>|---+---+---+--+---
-
>--|
>| Catalyst 6000 |  Not  | earlier than  | earlier than | earlier
>than |
>| series|  Applicable   |5.5(13)|6.3(4)|7.1(2)
>|
>|---+---+---+--+---
-
>--|
>| Catalyst 5000 | earlier than  | earlier than  | earlier than | Not
>|
>| series|   4.5(13a)|5.5(13)|6.3(4)|
Applicable
>|
>|---+---+---+--+---
-
>--|
>| Catalyst 4000 | All releases  | earlier than  | earlier than | earlier
>than |
>| series|   |5.5(13)|6.3(4)|7.1(2)
>|
>+--
-
>--+
>
>To determine your software revision, type show version at the command line
>prompt.
>
>Not Affected Products
>- - -
>The following Cisco Catalyst Switches are not vulnerable :
>
>   * Catalyst 8500 series
>   * Catalyst 4800 series
>   * Catalyst 4200 series
>   * Catalyst 3900 series
>   * Catalyst 3550 series
>   * Catalyst 3500 XL series
>   * Catalyst 4840G
>   * Catalyst 4908G-l3
>   * Catalyst 2948G-l3
>   * Catalyst 2950
>   * Catalyst 2900 XL
>   * Catalyst 2900 LRE XL
>   * Catalyst 2820
>   * Catalyst 1900
>
>No other Cisco product is currently known to be affected by this
>vulnerability.
>
>Details
>- - ---
>Some Cisco Catalyst switches, running certain CatOS-based software
releases,
>have a vulnerability wherein a buffer overflow in the telnet option
handling
>can cause the telnet daemon to crash and result in a switch reload. This
>vulnerability can be exploited to initiate a denial of service (DoS)
attack.
>Once the switch has reloaded, it is still vulnerable and the attack can be
>repeated as long as the switch is IP reachable on port 23 and has not been
>upgraded to a fixed version of CatOS switch software.
>
>This vulnera

RE: Errors on Ethernet Ports on 6500?!?!?! [7:32853]

[Bill Carter]

I have been seeing a lot of problems with 3COM NIC's  If the switch is
forced 100/full and the NIC is auto we get a lot of errors, if NIC is forced
100/Full errors go away.  If Switch and 3Com NIC left to auto switch will
come up 100/full and NIC 100/half.

You have to make sure the NIC is also forced.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Michael Williams
Sent: Tuesday, January 22, 2002 1:41 PM
To: [EMAIL PROTECTED]
Subject: Errors on Ethernet Ports on 6500?!?!?! [7:32853]


This is wild stuff, so I thought I'd run it by GroupStudy to see if anyone
had seen this before or knew what caused it.

We're currently migrating connections from a 5513+RSM to a new
6509+Sup2/MSFC2.  There were three ethernet connections, that upon being
moved from the 5500 to the 6500, starting showing input errors and CRC
errors.  When these connections were moved, the port on the 6500 was
configured identically to the same port on the 5500 as far as speed, duplex,
VLAN assignment, and spanning tree settings.

These same devices (same patch cables and all) created no errors on the 5500
whatsoever.

Here's the kicker:  When we went back and changed the port speed/duplex to
"auto" on the 6500, it negociated the same speed/duplex settings we had
forced, but now there were no more errors.  (i.e. a server set for 100-Full,
that was plugged into a switchport on the 5500 forced to 100-Full was fine,
but plugged into a port on the 6500 forced to 100-Full caused errors, and
plugged into the exact same 6500 port set for "auto" speed/duplex had no
errors.)

Any ideas on why letting the switch detect settings caused no errors while
forcing it to those same settings causes errors?

Thanks,
Mike W.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33725&t=32853
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Looking for V.35 Cables [7:33619]

[Bill Carter]

I just got a catalogue from www.l-m.com that has Cisco cables for a good
price.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Kwame
Sent: Tuesday, January 29, 2002 4:55 PM
To: [EMAIL PROTECTED]
Subject: Looking for V.35 Cables [7:33619]


Looking for a couple of V.35 Cables for back to back router connection from
a 7513 to 2511. Anyone?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33722&t=33619
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Internet Router? [7:33639]

[Bill Carter]

The 3640 will work for you.  I would definitely max out the RAM.  Some
others have commented about not needing full BGP route tables.  My customers
have been very happy with partial tables as described in the following CCO
link.  I have also had customers use 2 2650's, 1 T-1 per connection box,
HSRP on the Ethernet port and run IBGP between each other for optimal
routing.  I then configured them with the below link.

http://www.cisco.com/warp/customer/459/41.shtml

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Scott Nawalaniec
Sent: Tuesday, January 29, 2002 10:45 PM
To: [EMAIL PROTECTED]
Subject: Internet Router? [7:33639]


Hello Everybody,

I just want to run this by everyone for their input from experience.

Scenario:
I'm looking for a Cisco router that will be providing Internet connectivity
running BGP and that will be able to handle the capacity of 2 PTP T1's to
the Internet. I know minimum RAM will have to be 64mbs for BGP routes. I
just want to know what people have tried that does and doesn't work.

My choice would be a 3640 for future T1 expandability and/or a HSSI port.

Thank you for the input.

Scott




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33721&t=33639
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco AVVID vs. 3Com [7:33705]

[Bill Carter]

My company is a Cisco Voice partner and a 3Com Voice Partner.  The office I
work out of uses the 3Com NBX for about 20 phones.  It works, no real
complaints.  Some of the earlier versions of code were pretty bad.
Downsides, NBX has 1 hard drive, if it goes we are down. No way to backup.
3Com may be providing a new solution, I'm not sure???

Here is our position when selling to a customers.  If they are a small
office (0-30 phones), with no need for VoIP connecting different offices,
3Com is probably the best choice.  Cost is a lot less than Cisco solution
for same customer and customer wants basic features (voice-mail,
auto-attendant, call-park, call-transfer, speaker phone).

For customers with larger offices (40+ phones), the potential for VoIP with
branch offices we go Cisco.  We end up selling Cisco to 95% of our
customers.  In-line powered phones is a big advantage.  Power outlets at the
desk are usually filled, it's nice to avoid power strips at every desk.

I see 3Com has a price advantage and Cisco has a Technology advantage.
Support from Cisco is excellent.  Lots of time the problem people have with
the Cisco solution is the complexity.  Cisco VoIP can work in many different
environments, 3Com is more positioned for the standard/simple small office.
Don't forget data integration with IP phone system.  XML applications to the
phone are a very good thing.  Some applications on the phones our customers
like are phone directories, time-clock sign-in/sign-out (for hourly staff).

You have to look at the survivability of the company.  3Com has problems
turning a profit.  Networkers hate 3Com NICs, 3Com has exited the core
switching market.  They now sell NICs (most professionals hate them), modems
(commodity), low end switches (commodity), home broadband routers (Cable/DSL
commodity), and a low end phone system.  How long will this model work
Will they dump the NBX in the next 12 months???

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Stull, Cory
Sent: Wednesday, January 30, 2002 9:48 AM
To: [EMAIL PROTECTED]
Subject: OT: Cisco AVVID vs. 3Com [7:33705]


Does anyone have any working experience or good opinions on Cisco's IP
Telephony solution compared to 3Com?  I'm trying to make a buying decision
and right now am very up in the air.  3Com has a nice and more cost
effective solution that even would allow me to (coming soon) be able to use
my existing legacy Lucent/Nortel phones with their NBX system.  But 3Com
doesn't have IP to the phone yet and they seem to have some proprietary
voice over ethernet...  Their inline power is also consisting of power patch
panels or the power coupler..  not pretty.

Any comments?

Thanks
Cory




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33720&t=33705
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2924XL and Blue Screen of Death: Resolved [7:33203]

[Bill Carter]

It would be a great help to have Intel NIC's as the built in NIC an
Dell's!

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
juno vtv
Sent: Friday, January 25, 2002 5:16 PM
To: [EMAIL PROTECTED]
Subject: Re: 2924XL and Blue Screen of Death: Resolved [7:33203]


That's interesting, I work at Intel and we test our nics and drivers here in
the lab all day.  I would be willing to help out anyone who are having
problems with their Intel nics.

John, what version of the Novell client are you using?

-junovtv




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33427&t=33203
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2924XL and Blue Screen of Death: Resolved [7:33203]

[Bill Carter]

When I ran into the problem with 3Com NIC's in new Dell, the solution was to
download a driver/maintenance disk from either Dell or 3Com, and make it
bootable.  We then went into the hardware configuration of the NIC and
disabled power management and WakeOnLan.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Steven A. Ridder
Sent: Friday, January 25, 2002 10:14 AM
To: [EMAIL PROTECTED]
Subject: Re: 2924XL and Blue Screen of Death: Resolved [7:33203]


I meant 3c905b's are nice.  I think the 509's are old ISA cards.
""Steven A. Ridder""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Those DELL's with the 3com nic's have so many problems!  There's a thread
> over in comp.dcom.sys.cisco with someone else having problems with the
same
> PC's and NIC's.
>
> Usually the 3c509's are OK.  I remember the 3C509B's as being rock-solid.
> How fast are the PC's booting to beat portfast?  Or are the NIC's some
sort
> of boot on lan client, where the NIC get's taken over before the OS even
> loads.  Maybe someone can disable the wake on lan feature if those DELL's
> have it, because otherwise I can't imagine a NIC caring about network
> connectivity before the OS kernel wakes up and takes over the NIC anyways.
>
>
> ""John Neiberger""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Well, sort of resolved.  This turned out to be a known issue with Dell
> > machines, specifically machines using a 3COM 3C905C NIC.  They expect
> > the network to be available almost immediately upon bootup and can't
> > handle the delay caused by spanning tree.  In some cases, even portfast
> > did not reduce the time sufficiently.
> >
> > So, watch out for those 3COM NICs!
> >
> > John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33210&t=33203
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2924XL and Blue Screen of Death: Resolved [7:33203]

[Bill Carter]

I wonder if these cards would have problems with 3Com switches

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
John Neiberger
Sent: Friday, January 25, 2002 9:58 AM
To: [EMAIL PROTECTED]
Subject: 2924XL and Blue Screen of Death: Resolved [7:33203]


Well, sort of resolved.  This turned out to be a known issue with Dell
machines, specifically machines using a 3COM 3C905C NIC.  They expect
the network to be available almost immediately upon bootup and can't
handle the delay caused by spanning tree.  In some cases, even portfast
did not reduce the time sufficiently.

So, watch out for those 3COM NICs!

John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33211&t=33203
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: help with outbound statement [7:33085]

[Bill Carter]

access-group outbound in interface inside

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 24, 2002 2:32 PM
To: [EMAIL PROTECTED]
Subject: FW: help with outbound statement [7:33085]


i inputed this command ,
access-list outbound deny ip 10.3.0.0 255.255.0.0 216.136.131.71
255.255.255.255
do i have to apply it to an interface?

>
>outbound 1 deny 10.3.0.0 255.255.0.0   216.136.131.71 255.255.255.255

Which version of PIX code are you running?

5.x syntax would be:

access-list outbound deny ip 10.3.0.0 255.255.0.0 216.136.131.71
255.255.255.255



>which would say network everything on network 10.3.0.0  can go to
>216.136.131.71
>i get an error
>so i cant even apply it to the inside interface yet

I'd also ask you to reconsider naming your access list 'outbound' if you're
applying it to the 'inside' interface - I did the same thing, but it can be
VERY confusing.  Wait until you accidentally apply it to the 'outside'
interface - deleting the existing access list...

Berry




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33120&t=33085
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CiscoWorks 2000: Campus Manager can't connect to ANI Server [7:33084]

[Bill Carter]

I had the same problem.  Never got it resolved until I reinstalled NT and
Ciscoworks 2K/Campus Manager.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Dandi Darsana
Sent: Thursday, January 24, 2002 5:34 AM
To: [EMAIL PROTECTED]
Subject: CiscoWorks 2000: Campus Manager can't connect to ANI Server
[7:33061]


Dear all,

I have problem with my Ciscoworks 2000. It running under Windows NT ver.4,
Service Pack 6. Everytime I try to run Campus Manager, I always get error
message:
"Cannot connect to ANI Server."
I have checked and rechecked the settings in ANI Server. Everything seemed
OK. The ANI Server status is "Running but busy flag set."
I have also checked the ANIServer.log file. I see the status is idle.
Actually I have tried to reinstall the CiscoWorks 2000, and I also install
it into 2 different Windows NT machines. But I always get the same problem.
I also install Resource Manager Essentials, Device Fault Manager, Device
Manager, Content Flow Monitor, etc, into the same machines with no problem
at all.
Thank you very much for your help.

Best Regards,
Dandi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33084&t=33084
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Splitting up outbound traffic for BGP [7:32983]

[Bill Carter]

You are having a problem with how your network is being announced to the
Internet.  The Internet as a whole has 1 preferred path back to your
network.  Check with some route-servers to verify this (see below).  You
could try as-path prepending toward the provider who all you inbound traffic
is coming from.

telnet to these hosts for router servers.  sho ip bgp x.x.x.0 will tell you
about the path to get to your network.

route-views.oregon-ix.net
ner-routes.bbnplanet.net
route-server.cerf.net
route-server.ip.att.net
route-server.cbbtier3.att.net
route-server.gblx.net
route-server.as5388.net
route-server.exodus.net
route-server-ap.exodus.net
route-server-eu.exodus.net
route-server.colt.net

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bob Timmons
Sent: Wednesday, January 23, 2002 1:26 PM
To: [EMAIL PROTECTED]
Subject: Splitting up outbound traffic for BGP [7:32983]


Hey all, got a question, but first, the situation...

We've got 2 T1's in our NYC location that go to 2 different ISPs.  We've
moved these Ts off of their respective Cisco 2500's and onto a single Cisco
7206vxr.  This is now our 'outside internet' router.  The ethernet interface
goes to the Checkpoint unix box and the other side of the unix box goes to
the internal network.  The internal network is using a 10.x.x.x/22 range
(2000 addresses).  We'd like to perform some load-sharing using BGP.  We've
obtained an AS number and are getting full routes from both providers.
Outbound BGP seems to work fine.  Depending on site, it takes differnet
paths.  Inbound, however, is dominated by one T only.  We're using PAT at
the firewall to perform address translation.  The firewall only has 1 valid
'Internet' IP address.  It's my understanding that this is why all inbound
traffic is using only 1 provider, as opposed to both.  I'd like to either
have 2 valid internet IP addresses at the firewall (which I'm not sure is
even possible) or perform the PAT at the router and maybe use access-lists
to split up the traffic.  I guess the question is, what is the best practice
when doing this?  I'm sure that we're not the only company that wants to do
something like this.  Do either of my solutions sound feasible?

thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33000&t=32983
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 6509 roaming disconnects part2 [7:32449]

[Bill Carter]

You should also look at set option debounce and set port debounce.  These
commands were added to deal with NIC vendors (3Com) who were staying from
the IEEE Ethernet standards.  Basically electrical signals from the NIC
would go link up/down/up/down and the switch would see it as the card going
up and down (silly Cisco!!).  Debounce tweaks the tolerances for these NICs
so Cisco will once again play nice with 3Com.

As an additional note to my bashing 3Com...2 customers recently purchased
hundreds of new PC's (Manufacture name withheld) which came with built in
3Com NICs.  Not a single PC will auto-negotiate properly.  The cards all go
to 100-Half and the Switch 100-Full.  When the switch is forced to 100-Full
the PC's still go 100-Half.  One customer was replacing Compaqs with Intel
cards that auto-negotiated correctly 95% of the time.

Will 3Com go bankrupt within 12 months?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Daniel Cotts
Sent: Friday, January 18, 2002 3:08 PM
To: [EMAIL PROTECTED]
Subject: RE: 6509 roaming disconnects part2 [7:32449]


>From "Cisco LAN Switching" by Clark and Hamilton pages 262-3, 271-3 see the
discussion of PortFast and disabling Port Aggregation Protocol. On CCO look
for a command "set port host" that should change several parameters in one
shot. "The set port host command sets channel mode to off, enables
spanning-tree portfast, and sets trunk mode to off. Only an end station can
accept this configuration."
That should eliminate your logging messages. It should speed reconnection in
the case of a disconnect. You have already indicated that speed and duplex
are hard coded on the switch and (I hope) the NIC as well. I cannot comment
on the reason for the initial disconnect.
Sorry about the politics -

> -Original Message-
> From: Puckette, Larry (TIFPC) [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 18, 2002 9:10 AM
> To: [EMAIL PROTECTED]
> Subject: 6509 roaming disconnects part2 [7:32449]
>
>
> Hello again group. I have another question to propose to you.
> But first an
> updated history of the issue at hand. We have a 6509 that
> serves as the core
> to a server farm that has both NT and Unix boxes on it. In
> the beginning
> there were infrequent link drops between servers and the
> switch that had no
> pattern to isolate a card or VLAN, etc...   and then
> frequency increased to
> be a constant problem. Sniffer information gave very little
> to hang our hat
> on, with 99% of it's findings being 2 messages. Too many
> retransmissions TCP
> and octets/s: current value 932,384. High Threshold=500,000.
> An example of
> the logging buffer on the switch's interesting messages were;
> IPPS6509> (enable) show logging buffer
> 2002 Jan 16 02:15:44 %PAGP-5-PORTFROMSTP:Port 8/23 left
> bridge port 8/23
> 2002 Jan 16 02:15:49 %PAGP-5-PORTTOSTP:Port 8/22 joined
> bridge port 8/22
> 2002 Jan 16 02:15:49 %PAGP-5-PORTFROMSTP:Port 6/23 left
> bridge port 6/23
> 2002 Jan 16 02:15:50 %SPANTREE-6-PORTFWD: Port 8/22 state in VLAN 172
> changed to forwarding
> 2002 Jan 16 02:16:01 %PAGP-5-PORTTOSTP:Port 8/23 joined
> bridge port 8/23
> 2002 Jan 16 02:16:02 %SPANTREE-6-PORTFWD: Port 8/23 state in VLAN 172
> changed to forwarding
> 2002 Jan 16 02:16:06 %PAGP-5-PORTTOSTP:Port 6/23 joined
> bridge port 6/23
> 2002 Jan 16 02:16:07 %SPANTREE-6-PORTFWD: Port 6/23 state in VLAN 172
> changed to forwarding
> 2002 Jan 16 03:41:28 %PAGP-5-PORTFROMSTP:Port 8/17 left
> bridge port 8/17
> 2002 Jan 16 03:41:29 %PAGP-5-PORTFROMSTP:Port 7/16 left
> bridge port 7/16
> 2002 Jan 16 03:41:35 %SYS-6-CFG_CHG:Global block changed by
> SNMP/216.141.33.71/
> 2002 Jan 16 03:41:47 %PAGP-5-PORTTOSTP:Port 8/17 joined
> bridge port 8/17
> 2002 Jan 16 03:41:47 %PAGP-5-PORTTOSTP:Port 7/16 joined
> bridge port 7/16
> 2002 Jan 16 03:41:48 %SPANTREE-6-PORTFWD: Port 7/16 state in VLAN 172
> changed to forwarding
> 2002 Jan 16 03:41:48 %SPANTREE-6-PORTFWD: Port 8/17 state in VLAN 172
> changed to forwarding
> 2002 Jan 16 03:44:27 %PAGP-5-PORTFROMSTP:Port 8/17 left
> bridge port 8/17
> 2002 Jan 16 03:44:43 %PAGP-5-PORTTOSTP:Port 8/17 joined
> bridge port 8/17
> 2002 Jan 16 03:44:44 %SPANTREE-6-PORTFWD: Port 8/17 state in VLAN 172
> changed to forwarding
>
> but these had no consistency over time as to what port or
> group of ports
> were experiencing this.
>
> some interesting 'show tech' information was;
> udp:
> 0 incomplete headers
> 0 bad data length fields
> 2 bad checksums
> 20839 socket overflows
> 108568195 no such ports
>
> tcp: 111664 completely duplicate packets (6407 bytes)
> 29 keepalive timeouts
>
> Ok, if you're still with me... It was dictated that we
> REPLACE the switch by
> the customer but of course Cisco did not go for that and we
> did a scheduled
> reboot on the switch and all problems have cleared. Now the
> customer wants a
> bi-monthly reboot of this switch scheduled to prevent the problem from
> occ

RE: Static route load balancing? [7:31715]

[Bill Carter]

If the static routes have the save metric, the router will load balance
traffic it sends out according to the routes.  I don't like this option
because if one path goes down every other packet will fail.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Cisco Breaker
Sent: Saturday, January 12, 2002 6:05 AM
To: [EMAIL PROTECTED]
Subject: Static route loacd balancing? [7:31715]


Hi all,

My customer wants load balancing solution to a branch office. He heard that
it can be done with static routes, but as I know load balancing can't be
done by deploying static routes. Any help about this? Can it be done or how
effective will it be?

Best regards,




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=31750&t=31715
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Frame-Relay Question [7:31395]

[Bill Carter]

No.  The CSU still runs with the T-1 configuration.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
James
Sent: Wednesday, January 09, 2002 9:55 AM
To: [EMAIL PROTECTED]
Subject: Frame-Relay Question [7:31395]


Hello,

This might be a simple/rehashed question. I appreciate
any feedback from anyone who can comment on this..
If you were to order a higher guaranteed rate /port
speed on an existing frame-relay connection, for
example a t1 frame-relay, will there be any
configurations needed on the router or CSU ? Assuming
straight on Frame-Relay config. Any info is greatly
appreciated..

Thanks

__
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=31408&t=31395
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco security books [7:31393]

[Bill Carter]

"Managing Cisco
Network Security" is good and worth the money.  Haven't read the other book
yet.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 09, 2002 9:39 AM
To: [EMAIL PROTECTED]
Subject: Cisco security books [7:31393]


Does anyone have input on good overall Cisco security books? I saw two books
on Cisco's website called "Designing Network Security" and "Managing Cisco
Network Security". Anyone have an opinion on these? Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=31406&t=31393
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT - to security experts - what's the best IDS? [7:30867]

[Bill Carter]

I have been impressed with SNORT.  Runs on a Linux box.  BTW its free.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 04, 2002 9:10 AM
To: [EMAIL PROTECTED]
Subject: RE: OT - to security experts - what's the best IDS? [7:30867]


Snort seems to always come up when people talk about IDS, and it's free.
Defining it as 'best' is definitely open for debate, but if price is you're
primary concern, it's definitely a contender.

-Original Message-
From: nrf [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 03, 2002 6:47 PM
To: [EMAIL PROTECTED]
Subject: OT - to security experts - what's the best IDS? [7:30867]


Hello all:

I am directing this question to security experts.

Who makes the best IDS system?  Cisco with NetRanger?  Realsecure with ISS?
Network Associates Cybersafe?  Something else?

I leave the precise definition of 'best' up to you.  But it should include
things like flexibility, reliability, lots of features, ease of use, and of
course price.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=30943&t=30867
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: cisco aironet question [7:30926]

[Bill Carter]

No.  You need clear line of sight.  The Aironet will cook the leaves.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Steven A. Ridder
Sent: Friday, January 04, 2002 9:11 AM
To: [EMAIL PROTECTED]
Subject: cisco aironet question [7:30926]


Will two Cisco Aironet Wireless Access points work through trees?  The two
buildings are only 305m apart, but there are trees in between the two
buildings.  In winter there are no leaves on the trees, so they have line of
sight, but with leaves in the spring and summer, will it still work?

Can the signal go through the trees?

--
RFC 1149 Compliant.


FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=30942&t=30926
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: can't ping 'through' router..help? [7:29724]

[Bill Carter]

Your segment with PC's is private addresses.  The ISP is not routing them.
You need to eenable NAT to get to the Internet.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 19, 2001 8:35 PM
To: [EMAIL PROTECTED]
Subject: can't ping 'through' router..help? [7:29724]


hi...i have a question regarding router configuration.  i'm trying to set up
a 2621 router but am running into a problem, i can't ping through the router
(ie, no traffic going through the thing).  i can ping from the 2621 to a dsl
router, and from the 2621 to a pc i've set up on the lan, but i can't get
traffic from the internet (dsl1) to the pc, and vice versa.  i've enabled a
default route out, as well as rip?  i'm kind of new at this so any help
would be...well, helpful.  here's my config:

!
hostname myrouter
!
enable secret X
enable password X
!
ip name-server 207.155.183.72
!
ip subnet-zero
ip domain-lookup
ip routing
!
interface FastEthernet 0/0
no shutdown
description will be connected to Internet(dsl 2)-not connected
ip address 66.89.59.194 255.255.255.192
no ip directed-broadcast
no ip mroute-cache
keepalive 10
!
interface FastEthernet 0/1
no shutdown
description connected to ethernet
ip address 192.168.2.1 255.255.255.0
no ip directed-broadcast
no ip mroute-cache
keepalive 10
!
interface Ethernet 1/0
no shutdown
description connected to Internet (dsl1)
ip address 168.103.127.153 255.255.255.248
no ip directed-broadcast
no ip mroute-cache
keepalive 10
!
router rip
version 2
network 66.0.0.0
network 192.168.2.0
passive-interface Ethernet 1/0
no auto-summary
!
!
ip classless
!
! IP Static Routes
ip route 0.0.0.0 0.0.0.0 Ethernet 1/0
no ip http server
snmp-server community public RO
no snmp-server location
no snmp-server contact
!
line console 0
exec-timeout 0 0
login
transport input none
!
line vty 0 4
login
!

thanks in advance...
pete




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29777&t=29724
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How to disable NAT in Cisco PIX? [7:29641]

[Bill Carter]

As I said earlier TAC suggests using the
static (inside, outside) 129.174.1.0 129.174.1.0

instead of
nat (inside) 0 0 0

I found in real world the nat 0 can be very unstable.  My problems were with
5.X and 6.X.  nat 0 stopped working after 10 minutes even after multiple
reboots.  static has worked for 6 months without a single failure.

Maybe the problem is having the NAT command and the static command at the
same time. They are telling the PIX to do the same thing twice.  I now I get
annoyed when my wife tells me to do the same thing twice.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 19, 2001 1:56 PM
To: [EMAIL PROTECTED]
Subject: RE: How to disable NAT in Cisco PIX? [7:29641]


Hello David,

I think your config should work, too. But here are a few suggestions
nevertheless:

1. use "nat (inside) 0 0 0" instead of "nat (inside) 0 129.174.1.0
255.255.255.0"
2. delete "static (inside, outside) 129.174.1.0 129.174.1.0", it's not
really needed.
3. Like Ejay said, do a traceroute. You mentioned that "connectivity is
fine", does that mean pings and traces work, just not http?

Alex




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29706&t=29641
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: how to disable NAT in PIX firewall (both insid [7:29408]

[Bill Carter]

TAC warned me that NAT 0 isn't really stable.  They suggest using static.
Assume 192.168.10.X is a Public address.

static (inside,outside) 192.168.10.0 192.168.10.0 netmask 255.255.255.0 0 0

this does the same thing as NAT 0 plus is more stable.  when I was doing NAT
0 for a customer is keep failing after 10 minutes.  Static worked like a
charm.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jon Tucker
Sent: Tuesday, December 18, 2001 8:03 PM
To: [EMAIL PROTECTED]
Subject: RE: how to disable NAT in PIX firewall (both insid [7:29408]


using the NAT 0 command will allow the inside systems to go through the PIX
unaltered.

- Jon

-Original Message-
From: Michael J. Doherty [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 18, 2001 11:56 AM
To: [EMAIL PROTECTED]
Subject: Re: how to disable NAT in PIX firewall (both insid [7:29408]


Since the PIX is a native NAT device, built around it, subsistent on it, you
cannot turn it off and allow the PIX to function in its correct manner.

The example that you mention (VPNs) is a special scenario.  Once VPN clients
are authenticated by the PIX, they are treated as if they exist on the
inside of the PIX, therefore we have to disable NAT to allow the VPN tunnel
to work properly.

If NAT is setup according to the Best Practices, your inside hosts will be
able to see ALL external hosts while shielding them from being seen by the
outside hosts (the fact that they are using the NAT translation is what
accomplishes this).  The fact that you are using Publ;ished IP addresses for
your hosts is a moot point (it is also not a recommendation in Best
Practices).  Therefore, you still need to correctly setup the NAT
statements, in the manner illustrated by Cisco's website, in order to make
the PIX function appropriately.


- Original Message -
From: "David Tran"
To:
Sent: Monday, December 17, 2001 16:13
Subject: how to disable NAT in PIX firewall (both inside an [7:29303]


> Hi Everyone,
>
> I am having problem setting up a network in this scenario
>
> with my PIX515-UR firewall running version 6.1(1) with pdm
>
> version 1.1(2).
>
> I have a network with REGISTERED IP addresses. The
>
> "inside" interface of the PIX is on the 129.174.1.0/24
>
> network with IP address of 129.174.1.254. The "outside"
>
> interface of the PIX is on the 66.61.46.0/24 network with
>
> IP address of 66.61.46.120. The "inside" interface has
>
> a security level of 100 and the "outside" interface has
>
> security level of 0. On the "inside" internal network, I
>
> have 10 workstations range from 129.174.1.1-10. These
>
> workstations have the default gateway point to the
>
> "inside" interface of the PIX.
>
> I understand that for machines from the "inside"
>
> network to access the Internet, the command "nat"
>
> and global must be used. However, since I all of my
>
> machines have valid (aka registered IP addresses), I
>
> want to disabe NAT completely. For, example,
>
> I want machine 129.174.1.1 to be able to browse and
>
> ping any machines on the Internet. At the same time,
>
> I don't want users from the Internet to be able to access
>
> any of the workstations on the "inside" interface. I have
>
> been searching for documentation on Cisco website
>
> but it seems likemost of the example have to do with NAT
>
> enable. There are a few examples that will disable NAT
>
> but it is relatedto VPN which is something I don't want.
>
> Furthermore, most of the examples fill with errors and
>
> pretty worthless (for PIX anyway). If anyone has done
>
> this before, let me know. I also include a copy of the config.
>
> Thanks.
>
> David
>
> PIX Version 6.1(1)
>
> nameif ethernet0 outside security0
>
> nameif ethernet1 inside security100
>
> nameif ethernet2 dmz security50
>
> enable password sdfkjfdjjdfjksdf encrypted
>
> passwd sdfjksdfkjsdfjksjf encrypted
>
> hostname ciscopix
>
> fixup protocol ftp 21
>
> fixup protocol http 80
>
> fixup protocol h323 1720
>
> fixup protocol rsh 514
>
> fixup protocol rtsp 554
>
> fixup protocol smtp 25
>
> fixup protocol sqlnet 1521
>
> fixup protocol sip 5060
>
> fixup protocol skinny 2000
>
> names
>
> access-list no-nat-list permit ip any any
>
> access-list no-nat-list permit icmp any any
>
> pager lines 24
>
> interface ethernet0 auto
>
> interface ethernet1 auto
>
> interface ethernet2 auto
>
> mtu outside 1500
>
> mtu inside 1500
>
> mtu dmz 1500
>
> ip address outside 66.61.46.120 255.255.255.0
>
> ip address inside 129.174.1.254 255.255.255.0
>
> ip address dmz 127.0.0.1 255.255.255.255
>
> ip audit info action alarm
>
> ip audit attack action alarm
>
> no failover
>
> failover timeout 0:00:00
>
> failover poll 15
>
> failover ip address outside 0.0.0.0
>
> failover ip address inside 0.0.0.0
>
> failover ip address dmz 0.0.0.0
>
> pdm history enable
>
> arp timeout 14400
>
> nat (inside) 0 129.174.1.0 255.255.255.0
>
> static (inside, outside) 129.174.1.0 129.174.1.0
>
> conduit permit ip any any
>

RE: Proper dress for CCIE lab? [7:29524]

[Bill Carter]

I will give $5 to anyone who wears a Santa suit, stuffing and beard
included, to the lab in December and passes

Pictures required for verification!!

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jim Brown
Sent: Tuesday, December 18, 2001 4:14 PM
To: [EMAIL PROTECTED]
Subject: RE: Proper dress for CCIE lab? [7:29524]


They also reduce the amount of oxygen in the lab to simulate networking at
high altitudes. The proctors stand over your shoulders and scream in your
ear just like a military boot camp. You aren't allowed to use the show run
command and must type everything exactly right the first time.

Seriously You can wear whatever you like. I've worn shorts with a
t-shirt and I've noticed candidates in sandals. Just be comfortable.

-Original Message-
From: Steven A. Ridder [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 18, 2001 3:00 PM
To: [EMAIL PROTECTED]
Subject: Proper dress for CCIE lab? [7:29524]


Is it true that you have to be dressed in a suit for the CCIE lab?  Do them
mark mannerisms, speech and dress?  I have some old Novell guys telling me
horror stories of the Novel Instructor Program.

Steve




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29547&t=29524
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Error Msg on Cat 2980G [7:29489]

[Bill Carter]

I am getting an error message on a Cat 2980G and CCO isn't much help

%SYS-4-P2_WARN: 1/invalid traffic from multicast source address
55:55:55:55:55:55 on port 3/34

port 3/34 is a dot1q trunk to a Cat 6500

When I receive this message I look on the 2980G and the 6500 and this
address is not in the CAM tables.  Were is this coming from?  Should I worry
about it?  I don't have any of the devices listed below that typically
generate this.

Here is what I found on CCO:

%SYS-4-P2_WARN: 1/Invalid traffic from multicast source address
Problem: The switch is generating "Invalid traffic from multicast source
address" messages.
Platform: Catalyst 4000 family switches
The following is an example of the syslog output you will see when this
error occurs:
%SYS-4-P2_WARN: 1/Invalid traffic from multicast source address
81:00:01:00:00:00 on port 2/1
%SYS-4-P2_WARN: 1/Invalid traffic from multicast source address
81:00:01:01:00:00 on port 2/1
The "Invalid traffic from multicast source address" syslog message is
generated when the switch receives packets with a multicast MAC address as
the source MAC. Using a broadcast or multicast MAC address as the source MAC
for a frame is not standards-compliant behavior. However, the switch still
forwards traffic sourced from a multicast MAC address.
The syslog message indicates the multicast MAC address in the source MAC
field of the frame, and the port on which the traffic was received.
The workaround is to try to identify the end station that is generating
frames with a multicast source MAC address. Typically, such frames are
transmitted from a traffic generator (for example, SmartBits) or third party
devices that share a multicast MAC address (for example, load balancing
firewall or server products).

http://www.cisco.com/warp/public/473/34.shtml#4000_ERRORS

^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-
Bill Carter
CCIE 5022
"To accomplish great things, we must not only act,
but also dream; not only plan, but also believe.
-Anatole France
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29489&t=29489
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: X.28 to ip conversion [7:29456]

[Bill Carter]

You are talking about XOT.  X.25 over TCP.  Try here:

http://www.cisco.com/warp/public/116/x25_pad_xot.html

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
amarjeet singh
Sent: Tuesday, December 18, 2001 1:25 AM
To: [EMAIL PROTECTED]
Subject: X.28 to ip conversion [7:29456]


Dear Group,
   I have a requirement which is mentioned below:-

The link is like this.. .. Kiosk -->R1--->Modem > IP cloud.--->IP
host

The kiosk has got a RS232 port which is connected to my router (R1) Ethernet
port (via RS232 to RJ45 cable). On the serial interface of router modem is
connected & it is dialing to an IP network & reaching to a host which runs
on IP. The kiosk is sending me X.28 packets from its RS232 port to my
Ethernet port of R1.

My question is how do I make conversion from X.28 to IP so that my Ethernet
port will understand. Finally these packets will be sent to the IP host in
IP format only. Or what solution do I implement for the same.
Earlier I tried with serial to IP converter hardware device (between kiosk &
R1) Now I want to do it without this hardware. Any suggestions...

Thanx in Advance..


Sonu




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29485&t=29456
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Mask in L3 Packet [7:29182]

[Bill Carter]

2 different networks ??? Actually network 1 would encompass network 2.  Host
A would thinks Host B is on the same segment as Host A is.

If Host A and Host B were separated by a router, Host A would not be able to
talk to Host B (not counting the fact that the 2 hosts have the same IP
address).  The address range of Network 1 is 172.16.0.1 to 172.16.255.254.
The address range of network 2 is 172.16.2.1-172.16.2.254.

This is not a valid network configuration.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 14, 2001 1:07 PM
To: [EMAIL PROTECTED]
Subject: Re: Mask in L3 Packet [7:29182]


Say I have 2 networks:

Network 1.  172.16.x.x/16
and
Network 2.  172.16.2.x/24

We all agree that they are two different networks, right?

Now if Host A on
Network 1 is 172.16.2.1/16

and

Host B is on Network 2 is 172.16.2.1/24,

How does the host know that the second host is on a different network?  Are
they differnt addresses because of the mask, or are they considered the same
address regardless of mask, and therefore illegal?  I understand ANDing on
the local host.  It's just if 2 hosts had the same numbers, only marked
differently by the mask, are they the same or not?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29239&t=29182
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: hidden commands [7:29189]

[Bill Carter]

http://www.elemental.net/~lf/undoc/

http://www.nthelp.com/cisco_undoc.htm



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jim Keny
Sent: Friday, December 14, 2001 7:55 AM
To: [EMAIL PROTECTED]
Subject: hidden commands [7:29189]


Hi

I know this has been posted here before but anyhow does any one have any
hidden commands they what to share.

Thanks

Jim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29200&t=29189
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OSPF or EIGRP [7:28966]

[Bill Carter]

I second that.  We have been on a 2 year 3 boss mission to ditch IPX for 300
servers!!!

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, December 13, 2001 10:04 AM
To: [EMAIL PROTECTED]
Subject: Re: OSPF or EIGRP [7:28966]


Concerning the novell case, it's a non-trivial task to migrate to a native
ip environment, enough so that it discourages even the people who ignore
the overwhelming power of corporate inertia and attempt to ditch ipx.




"Howard C. Berkowitz" @groupstudy.com on 12/12/2001 08:13:44
PM

Please respond to "Howard C. Berkowitz"

Sent by:  [EMAIL PROTECTED]

To:   [EMAIL PROTECTED]
cc:(bcc: Kevin Cullimore)
Subject:  Re: OSPF or EIGRP [7:28966]


>I hear that argument a lot, "if you never plan to use another
>vendor...".  It's really quite specious as it's not at all difficult to
>cutover from routing EIGRP to OSPF or vis versa if the need arises.
>
>   Not only are Cisco's multi protocol, they are multi routing protocol
>routers. To convert simply enable both protocols.  Once they are both up
>and running get rid of routing protocol that fell from your favor,
>wallah, done.
>
>MHO Dave


True, but unless you already have a legacy desktop routing protocol
base, how likely is it to need the Appletalk and Novell capabilities,
now that both those upper layer suites are native IP?

>
>Patrick Ramsey wrote:
>>
>>  IMHO, EIGRP is the better of the two.  But it's also IMHO that one
should
>>  never stray from the standards.  If you know without a doubt that no
matter
>>  what happens, you will stay a cisco shop, then eigrp offers more
>>  functionallity.  Remember also cisco suggests 50 routers in one area,
so
>>  proper planning needs to be done for your edge routers and core
routers.
>>
>>  -Patrick
>>
>>  Or you can say screw it and use static routes!  : )
>>
>>  >>> "Mears, Rob"  12/12/01 03:54PM >>>
>>  Hi all,
>>
>>  We are in the middle of building out a new ATM network for the Core and
on
>>  the outside we are going to be running about 80 3640 or 2600.  We are
in
a
>>  big debate about the routing protocol, we are currently EIGRP.
>>
>>  I have collected lots of info off Cisco's Web site about the two but
wanted
>>  to hear it from the Engineers in the trenches.
>>  What's your take on it? If it were you what would you run (EIGRP, OSPF)
and
>>  why?
>>
>>  Thanks
>>  Rob
>--
>David Madland
>Sr. Network Engineer
>CCIE# 2016
>Qwest Communications Int. Inc.
>[EMAIL PROTECTED]
>612-664-3367
>
>"Emotion should reflect reason not guide it"

This message may contain confidential and/or privileged
information.  If you are not the addressee or authorized to
receive this for the addressee, you must not use, copy,
disclose or take any action based on this message or any
information herein.  If you have received this message in
error, please advise the sender immediately by reply e-mail
and delete this message.  Thank you for your cooperation.





Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29096&t=28966
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: telnet session timeout [7:29028]

[Bill Carter]

Are you telneting to the vty ports or are you reverse telneting from a
terminal server to the console port.  If so you need exec-timeout 0 0  on
con 0.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jim Bond
Sent: Wednesday, December 12, 2001 10:33 PM
To: [EMAIL PROTECTED]
Subject: telnet session timeout [7:29028]


Hello,

I added "exec-timeout 0 0" under line vty 0 4, hoping
that I won't get timeout when telnetting to a router.
Is this the right command? It doesn't work on my
routers.

Thanks in advance.

Jim

__
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29076&t=29028
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Access Lists [7:28927]

[Bill Carter]

Yes.  You are allowing anyone coming from 165.5.0.0 to go anywhere and
denying from anywhere to anywhere.

Not knowing you IP structure I would say.

access-list 110 permit ip x.x.x.0 0.0.0.255 (IP range assigned to dial-in)
165.5.0.0 0.0.255.255 (IP range of your internal network)
access-list 110 deny ip any any

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
J. Johnson
Sent: Wednesday, December 12, 2001 1:24 PM
To: [EMAIL PROTECTED]
Subject: Access Lists [7:28927]


We have a Cisco 5300 Dial-up.  We want to allow everyone to get to our
network when they dial in.  We do not want everyone to get on the internet
when they dial-in.  This is what my access list look like

access-list 110 permit ip  165.5.0.0 0.0.255.255 any
 access-list 110 deny ip any any

Everyone can get to our network and get on the internet with the above list.
Can you see anything wrong?

Thanks.

Jill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28987&t=28927
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ADMIN to be a CCIE? [7:28911]

[Bill Carter]

y I think.
Here is a little scenario, I studied for and passed the BCRAN in a week.
I studied and passsed the BCSN in 2 weeks. I read the switching book by
karen webb (she is terrible, IMHO) 3 times then took the test 2 weeks
later.  The CIT I plan on spending a month on it.  Then I was gonna take
the CID which I really planned on taking my time on. Because a friend of
mine failed it twice and design test are always harder.

-Original Message-
From: Bill Carter [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 12, 2001 2:49 PM
To: Joshua Barnes
Subject: RE: ADMIN to be a CCIE? [7:28911]

Yes you can do it.  You need some of the books that are talked about
here
and tons of rack time.  Start with the Caslow book.  CCO is an excellent
reference.  Have you passed the CCIE written yet?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Joshua Barnes
Sent: Wednesday, December 12, 2001 11:49 AM
To: [EMAIL PROTECTED]
Subject: ADMIN to be a CCIE? [7:28911]


I am an internal admin, I am planning on the CCIE certification, but I
dont go out on cisco calls.  My company has a lab specifically for our
2 CCIEs but is that enough to get the cert.  I would like to belive
that I can do anything I set my mind to, but I would also like to set
realistic goals. I have cisco certs already and have found them
relativley easy to come by but again, it comes down to that whole
realistic goals approach.  Please hand me your thoughts, dont worry
aout discouraging me, only I can do that!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28985&t=28911
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Clear counters command [7:28850]

[Bill Carter]

yes
clear counters [Enter]

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bob Perez
Sent: Tuesday, December 11, 2001 10:45 AM
To: [EMAIL PROTECTED]
Subject: Clear counters command [7:28850]


Does anyone know if you can use a clear counters command from the CLI on a
Cat 3548XL to clear multiple int's at one shot?
EX: clear counters fa0/1:48  ??  Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28861&t=28850
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP and memory allocation errros [7:28819]

[Bill Carter]

Madman is right.  In the absence of more memory this should help.

http://www.cisco.com/warp/customer/459/41.shtml

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Patrick Donlon
Sent: Tuesday, December 11, 2001 2:54 AM
To: [EMAIL PROTECTED]
Subject: BGP and memory allocation errros [7:28819]


Hi All

I have a problem with a router running BGP. I have two 7204vxr's running BGP
connecting to two different service providers, I upgraded the IOS of one the
routers with version 12.1(5)T10 (IP PLUS IPSEC 3DES) and the boot image, it
ran for a week with no problems. I upgraded the other router with the same
images and as got memory allocation errors when it established adjacency
with the BGP neighbours, see the output below. I'm no BGP expert and I
believe there is enough memory in the router, so any suggestions will be
appreciated

Regards

Pat

*Nov 25 15:55:29: %BGP-5-ADJCHANGE: neighbor *.*.*.* Up
*Nov 25 15:55:31: %BGP-5-ADJCHANGE: neighbor *.*.*.* Up
*Nov 25 15:55:41: %BGP-5-ADJCHANGE: neighbor *.*.*.* Up
*Nov 25 15:56:07: %SYS-2-MALLOCFAIL: Memory allocation of 65496 bytes failed
from

0x606BE0F4, pool Processor, alignment 0
-Process= "BGP Router", ipl= 0, pid= 118
-Traceback= 606C1450 606C38B0 606BE0FC 606BE8F0 6082D330 6082D578 6082EA84

609FA5EC 609FB2B8 61476248 609FB35C 609D61F0 606B7DA4 606B7D90
*Nov 25 15:56:08: %BGP-5-ADJCHANGE: neighbor *.*.*.* Down No memory
*Nov 25 15:56:08: %BGP-5-ADJCHANGE: neighbor *.*.*.* Down No memory
*Nov 25 15:56:08: %BGP-5-ADJCHANGE: neighbor *.*.*.*Down No memory
*Nov 25 15:56:11: %BGP-3-NOTIFICATION: sent to neighbor *.*.*.* 3/1 (update

malformed) 0 bytes
*Nov 25 15:56:37: %BGP-5-ADJCHANGE: neighbor *.*.*.* Up
*Nov 25 15:56:37: %BGP-5-ADJCHANGE: neighbor *.*.*.* Up
*Nov 25 15:56:51: %BGP-5-ADJCHANGE: neighbor *.*.*.* Up




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28846&t=28819
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX no client connectivity [7:28625]

[Bill Carter]

First on the PIX try clear xlate
On the router clear arp *

You have an access-list acl_ping but it is not applied.  To apply an
access-list you need access-group acl_ping in interface outside

but there is an implied deny all at the end of the access-list.

If you had the access-list applied then removed it, you will need to do the
clear xlate.

Everything else looks good.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Pierre-Alex J. Guanel
Sent: Monday, December 10, 2001 2:23 PM
To: [EMAIL PROTECTED]
Subject: PIX no client connectivity [7:28625]


>From a client (inside) I can ping the inside interface of the PIX .

>From a client (outside) I can ping the outside interface of the PIX.

However no (inside) client manages to ping or do any sort of traffic with
hosts outside the PIX.

Do you spot where my problem is?

Thank you!!!

BTECHPIX# sh config
: Saved
:
PIX Version 5.1(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password  encrypted
passwd  encrypted
hostname BTECHPIX
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
access-list acl_ping permit icmp any any
pager lines 24
logging on
no logging timestamp
no logging standby
no logging console
no logging monitor
no logging buffered
no logging trap
no logging history
logging facility 20
logging queue 512
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 209.152.115.123 255.255.255.0
ip address inside 192.168.3.1 255.255.255.0
no failover
failover timeout 0:00:00
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
arp timeout 14400
global (outside) 1 209.152.115.125
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 209.152.115.1 1
timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
isakmp identity hostname
.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28749&t=28625
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Catalyst Layer 2 question [7:28710]

[Bill Carter]

Yes that is true. A layer 3 device is needed to route between subnets.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Christian Fredrickson
Sent: Monday, December 10, 2001 12:38 PM
To: [EMAIL PROTECTED]
Subject: Catalyst Layer 2 question [7:28710]


Is it true that you must have a Layer 3 switch in order subnet an IP class
and have the subnets communicate? I was told that a Layer 3 switch or a
router must be used on my network if I am to subnet my address space and
have the different subnets be able to communicate. It has been a long time
since I have done this and I don't recall.

Chris




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28732&t=28710
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RIP routing (2 router lab) newbie [7:28327]

[Bill Carter]

Sorry, wanted to add some information about OSPF behaiour and secondary
addresses.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 10, 2001 11:52 AM
To: [EMAIL PROTECTED]
Subject: RE: RIP routing (2 router lab) newbie [7:28327]


Just wanted to add the same behavior with OSPF.  If 2 routers are on the
same Ethernet segment and a router has a secondary address and the other
router's primary address is the same subnet as the secondary, OSPF will not
form an adjacency.  Also by default ospf will not advertise secondary
addresses.  This is about the only good time to use redistribute connected.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Logan, Harold
Sent: Monday, December 10, 2001 10:56 AM
To: [EMAIL PROTECTED]
Subject: RE: RIP routing (2 router lab) newbie [7:28327]


Interesting... thanks for the explanation Chuck.

Hal


> -Original Message-
> From: Chuck Larrieu [mailto:[EMAIL PROTECTED]]
> Sent: Monday, December 10, 2001 12:32 AM
> To: [EMAIL PROTECTED]
> Subject: RE: RIP routing (2 router lab) newbie [7:28327]
>
>
> I spent a bit more time looking into this one than it may be
> worth. But my
> look did reinforce some points made in this thread and in
> another thread
> started by John Neiberger and researched so ably by Nigel
> Taylor - that is,
> the nature and behaviour of secondary addresses.
>
> Sorry I am unable to document everything I did here. It would take me
> writing a Jeff Doyle type chapter on RIP to get it all out
> and explained,
> with screen shots etc.
>
> To put things in terms of how I observed them:
>
> In the case of RIP, by default, advertisements are sent out
> an interface
> using  the primary address of that interface as the source address.
>
> if another router on the segment is using and address that is
> not on the
> same subnet as the primary, that router will see messages like this:
>
> 01:46:25: RIP: ignored v1 update from bad source 172.29.101.1
> on TokenRing0
> 01:46:30: RIP: ignored v1 update from bad source 172.29.101.2
> on TokenRing0
> 01:46:35: RIP: sending v1 update to 255.255.255.255 via TokenRing0
> (172.29.103.7)
>
> 103.1 was secondary address on my R1, 103.7 the address of my
> R3 You can see
> the error referring to 101.1 and 102.1 ( the address of
> another router on
> the segment )
>
> I threw in a no ip split-horizon command on the interface of
> my R1, and lo
> and behold, it started sourcing rip packets from 101.1, 102.1
> and 103.1 and
> all my RIP routes propagated
>
> from CCO:
>
> Note   If any router on a network segment uses a secondary
> address, all
> other routers on that same segment must also use a secondary
> address from
> the same network or subnet.
>
>
> some of us already commented about issues with secondary
> routes among the
> various routing protocols. the point being that using
> secondary addresses
> can be tricky, and is probably not a good idea for newbies
> just trying to
> learn the basics. if you want to see how things work, use
> loopbacks. with
> secondary addresses, it is to easy to end up fighting with
> some complex
> issues beyond a beginner's understanding. in fact, there are
> some advanced
> students who find this topic complex and mysterious.
>
> best wishes.
>
> Chuck
>
> BTW, one of the implications of this study was a walk down
> memory lance. A
> guy named Bob Vance who used to hang here a lot and who was
> the progenitor
> of a number of interesting discussions once postulated that
> all stations on
> a segment will see the all F's broadcast, even if their layer three
> addresses are different ( i.e. seconday's ) the output above
> is something of
> a proof of that supposition. The router saw the RIP packets with the
> destination address of 255.255.255.255 ( MAC ..
> ), processed the
> packet, saw the source address as being on a different subnet
> ( even though
> on the same segment ) and rejected the packet. Interesting.
> Especially in
> that all subnets were part of the same Class B network.
>
>
>
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Logan, Harold
> Sent: Friday, December 07, 2001 6:21 AM
> To: [EMAIL PROTECTED]
> Subject: RE: RIP routing (2 router lab) newbie [7:28327]
>
>
> It looks like Anil wants to get RIP to advertise the 193.9.200.0
> network. A secondary address may work on one of the interfaces, but it
> would need to be on a different subnet. Notice from the
> config, he gave
> the secondary address the same IP as the primary addy. No
> matter what he
> does with the 193.9.200.0 network, those two routers will
> always show it
> as being "Directly Connected" instead of learned through RIP;
> DC routes
> have an administrative distance of 0, whereas RIP has an AD of 120. In
> the routing table, the router is only going o show the route with the
> best (lowest) distance. He could add a loopback on a
> different subnet 

RE: Redistribution and Filtering [7:28699]

[Bill Carter]

Depends...No its not necessary,  but what if one misconfigured router starts
advertising lots of bogus networks.  It could flood routers on the other
side of the redistribution.  What if you are redistributing 10.x.x.x network
into a 172.16.x.x network and an a router on the 172.16.X.X gets
misconfigured and starts advertising 10.x.x.x networks and they get
redistributed into the correct 10.x.x.x network.

So no it is not necessary in the lab or the real world, but it is good
practice.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
John Neiberger
Sent: Monday, December 10, 2001 12:19 PM
To: [EMAIL PROTECTED]
Subject: RE: Redistribution and Filtering [7:28699]


But is it ever necessary if you're only using a single router to do the
redistribution?

>>> "Bill Carter"  12/10/01 10:55:23 AM >>>
Yes it is overkill.  Yes it is good practice to use either route-maps
or
distribute lists.  Control is better.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
William Lijewski
Sent: Monday, December 10, 2001 10:57 AM
To: [EMAIL PROTECTED]
Subject: Redistribution and Filtering [7:28699]


I have a basic question, kind of...

When you redistribute between routing protocols, should you ALWAYS use
a
route-map?  If there are no loops is it still recommended/required?  I
have
been doing it but I want to know if its overkill.

Thanks,
Bill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28722&t=28699
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Redistribution and Filtering [7:28699]

[Bill Carter]

Yes it is overkill.  Yes it is good practice to use either route-maps or
distribute lists.  Control is better.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
William Lijewski
Sent: Monday, December 10, 2001 10:57 AM
To: [EMAIL PROTECTED]
Subject: Redistribution and Filtering [7:28699]


I have a basic question, kind of...

When you redistribute between routing protocols, should you ALWAYS use a
route-map?  If there are no loops is it still recommended/required?  I have
been doing it but I want to know if its overkill.

Thanks,
Bill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28703&t=28699
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RIP routing (2 router lab) newbie [7:28327]

[Bill Carter]

Just wanted to add the same behavior with OSPF.  If 2 routers are on the
same Ethernet segment and a router has a secondary address and the other
router's primary address is the same subnet as the secondary, OSPF will not
form an adjacency.  Also by default ospf will not advertise secondary
addresses.  This is about the only good time to use redistribute connected.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Logan, Harold
Sent: Monday, December 10, 2001 10:56 AM
To: [EMAIL PROTECTED]
Subject: RE: RIP routing (2 router lab) newbie [7:28327]


Interesting... thanks for the explanation Chuck.

Hal


> -Original Message-
> From: Chuck Larrieu [mailto:[EMAIL PROTECTED]]
> Sent: Monday, December 10, 2001 12:32 AM
> To: [EMAIL PROTECTED]
> Subject: RE: RIP routing (2 router lab) newbie [7:28327]
>
>
> I spent a bit more time looking into this one than it may be
> worth. But my
> look did reinforce some points made in this thread and in
> another thread
> started by John Neiberger and researched so ably by Nigel
> Taylor - that is,
> the nature and behaviour of secondary addresses.
>
> Sorry I am unable to document everything I did here. It would take me
> writing a Jeff Doyle type chapter on RIP to get it all out
> and explained,
> with screen shots etc.
>
> To put things in terms of how I observed them:
>
> In the case of RIP, by default, advertisements are sent out
> an interface
> using  the primary address of that interface as the source address.
>
> if another router on the segment is using and address that is
> not on the
> same subnet as the primary, that router will see messages like this:
>
> 01:46:25: RIP: ignored v1 update from bad source 172.29.101.1
> on TokenRing0
> 01:46:30: RIP: ignored v1 update from bad source 172.29.101.2
> on TokenRing0
> 01:46:35: RIP: sending v1 update to 255.255.255.255 via TokenRing0
> (172.29.103.7)
>
> 103.1 was secondary address on my R1, 103.7 the address of my
> R3 You can see
> the error referring to 101.1 and 102.1 ( the address of
> another router on
> the segment )
>
> I threw in a no ip split-horizon command on the interface of
> my R1, and lo
> and behold, it started sourcing rip packets from 101.1, 102.1
> and 103.1 and
> all my RIP routes propagated
>
> from CCO:
>
> Note   If any router on a network segment uses a secondary
> address, all
> other routers on that same segment must also use a secondary
> address from
> the same network or subnet.
>
>
> some of us already commented about issues with secondary
> routes among the
> various routing protocols. the point being that using
> secondary addresses
> can be tricky, and is probably not a good idea for newbies
> just trying to
> learn the basics. if you want to see how things work, use
> loopbacks. with
> secondary addresses, it is to easy to end up fighting with
> some complex
> issues beyond a beginner's understanding. in fact, there are
> some advanced
> students who find this topic complex and mysterious.
>
> best wishes.
>
> Chuck
>
> BTW, one of the implications of this study was a walk down
> memory lance. A
> guy named Bob Vance who used to hang here a lot and who was
> the progenitor
> of a number of interesting discussions once postulated that
> all stations on
> a segment will see the all F's broadcast, even if their layer three
> addresses are different ( i.e. seconday's ) the output above
> is something of
> a proof of that supposition. The router saw the RIP packets with the
> destination address of 255.255.255.255 ( MAC ..
> ), processed the
> packet, saw the source address as being on a different subnet
> ( even though
> on the same segment ) and rejected the packet. Interesting.
> Especially in
> that all subnets were part of the same Class B network.
>
>
>
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Logan, Harold
> Sent: Friday, December 07, 2001 6:21 AM
> To: [EMAIL PROTECTED]
> Subject: RE: RIP routing (2 router lab) newbie [7:28327]
>
>
> It looks like Anil wants to get RIP to advertise the 193.9.200.0
> network. A secondary address may work on one of the interfaces, but it
> would need to be on a different subnet. Notice from the
> config, he gave
> the secondary address the same IP as the primary addy. No
> matter what he
> does with the 193.9.200.0 network, those two routers will
> always show it
> as being "Directly Connected" instead of learned through RIP;
> DC routes
> have an administrative distance of 0, whereas RIP has an AD of 120. In
> the routing table, the router is only going o show the route with the
> best (lowest) distance. He could add a loopback on a
> different subnet on
> one of the routers, then add network statements for that subnet, and
> then he would see that network learned via RIP on the opposite router.
> Likewise Anil, if you had a 3rd router connecting to one of your two
> routers by the BRI port, that 3rd router would learn of the
> 19

RE: Completely OT: StarWars [7:28204]

[Bill Carter]

I don't want anyone to break the NDA, but is this on the CCIE lab??  The
trick is, you would have to use

service compress-config

ip route 1.1.1.0 255.255.255.0 R2D2
ip route 2.2.2.0 255.255.255.0 C3PO

Router bgp 4
neighbor 1.1.1.1 remote-as 5
neighbor 1.1.1.1 ebgp-multihop GalaxyFarFarAway

Router ospf 1
redistribute static subnets subgalaxies


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Sasa Milic
Sent: Wednesday, December 05, 2001 11:51 AM
To: [EMAIL PROTECTED]
Subject: Completely OT: StarWars [7:28204]


StarWars episode IV in text mode:

 telnet to towel.blinkenlights.nl




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28214&t=28204
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Completely OT: StarWars [7:28204]

[Bill Carter]

Someone has
way
ttoo mmuuucchhh
iiimm 
ttt
hhhnnddd
sss.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Sasa Milic
Sent: Wednesday, December 05, 2001 11:51 AM
To: [EMAIL PROTECTED]
Subject: Completely OT: StarWars [7:28204]


StarWars episode IV in text mode:

 telnet to towel.blinkenlights.nl




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28212&t=28204
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Hi [7:28107]

[Bill Carter]

This is a new virus going around.  note the file gone.scr

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Aderion Brewer
Sent: Tuesday, December 04, 2001 2:11 PM
To: [EMAIL PROTECTED]
Subject: Hi [7:28107]


How are you ?
When I saw this screen saver, I immediately thought about you
I am in a harry, I promise you will love it!

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of gone.scr]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28113&t=28107
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX [7:28083]

[Bill Carter]

Set the default gateway of the host to the router.  The router should handle
this function.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
BASSOLE Rock
Sent: Tuesday, December 04, 2001 11:04 AM
To: [EMAIL PROTECTED]
Subject: PIX [7:28083]


Hi group,


I'am using a PIX with 2 interfaces (inside and outside).

-Security level for the inside interface is 100.
-Security level for the outside interface is 0.

Is it possible to use the PIX to route a specific host installed on the
outside interface towards another subnet (still on the outside interface)?

Will the packet be droped because the host is on the outside interface?

Regards,

Rock BASSOLE
Til: +33 (0) 1 45 96 22 03




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28095&t=28083
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP question [7:27879]

[Bill Carter]

It may work, but in real world redistributing from IGP to BGP is very bad
practice.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Stephane LITKOWSKI
Sent: Friday, November 30, 2001 3:23 PM
To: [EMAIL PROTECTED]
Subject: Re: BGP question [7:27879]


You need to announce all your local subnets :
- by using the network command, u can announce all subnets already placed in
the routing table by an IGP
- by redistributing your IGP on BGP using the "redistribute "
command in "router bgp" config mode

I see some OSPF routes in your routing table, so you can use network command
to announce all subnets :

(config)# router bgp 200
(config-router)# network 192.168.1.0 mask 255.255.255.0
(config-router)# network 192.168.2.0 mask 255.255.255.0
(config-router)# network 192.168.3.0 mask 255.255.255.0

u don't need to announce the peering link ...

or use redistribution (not recommended by Cisco in BSCN book, but it works)
:

(config)# router bgp 200
(config-router)# redistribute ospf


hope it helps


--
Stephane LITKOWSKI
Student in a french computer science school
EPITA Telecom & Network specialization
CCNA + BCMSN
EMail : [EMAIL PROTECTED]


""Stephen C""  a icrit dans le message news:
[EMAIL PROTECTED]
> When configuring BGP on a "singlehome" net, everything I read says the
basic
> config commands are ... for S 0\0 to S 0\0  (200.200.1.1 to 200.200.1.2)
> wire 200.200.1.0
> Router-A(config)#router bgp [as#]
> Router-A(config-router)#network [subnet#]
> Router-A(config-router)#neighbor [subnet#] remote-as [as#]
> now filling in the blanks
> Router-A(config)#router bgp [200]
> Router-A(config-router)#network [200.200.1.0]
> Router-A(config-router)#neighbor [200.200.1.1] remote-as [100]
> unless I configure RIP on the same wire I get nothing.  No mention of RIP
in
> any
> of the books I reference.  I config RIP and get a "from show ip route"
this
> C200.200.1.0/24 is directly connected, Serial1
> R200.200.100.0/24 [120/1] via 200.200.1.1, 00:00:14, Serial1
>   [120/1] via 200.200.2.1, 00:00:14, Serial0
> C200.200.2.0/24 is directly connected, Serial0
> C192.168.1.0/24 is directly connected, Ethernet0
> O192.168.2.0/24 [110/74] via 192.168.1.2, 01:54:20, Ethernet0
> O E2 192.168.3.0/24 [110/20] via 192.168.1.2, 01:54:20, Ethernet0
> Not showing bgp on the connections
>
> the Show ip bgp yields .
> Router-A#show ip bgp
> BGP table version is 3, local router ID is 200.200.2.2
> Status codes: s suppressed, d damped, h history, * valid, > best, i -
> internal
> Origin codes: i - IGP, e - EGP, ? - incomplete
>
>Network  Next HopMetric LocPrf Weight Path
> *  200.200.1.0  200.200.2.1  0 0 100 i
> *   200.200.1.1  0 0 100 i
>
> *>  0.0.0.0  0 32768 i  Where
> did I pick up the Static/Default paths from
>
> *  200.200.2.0  200.200.2.1  0 0 100 i
> *   200.200.1.1  0 0 100 i
> *>  0.0.0.0  0 32768 i  Where
> did I pick up the Static/Default paths from




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27887&t=27879
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP question [7:27879]

[Bill Carter]

You have to have IP connectivity to your neighbor before BGP will work.
Static routes will get you the same thing as RIP.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Stephen C
Sent: Friday, November 30, 2001 2:37 PM
To: [EMAIL PROTECTED]
Subject: BGP question [7:27879]


When configuring BGP on a "singlehome" net, everything I read says the basic
config commands are ... for S 0\0 to S 0\0  (200.200.1.1 to 200.200.1.2)
wire 200.200.1.0
Router-A(config)#router bgp [as#]
Router-A(config-router)#network [subnet#]
Router-A(config-router)#neighbor [subnet#] remote-as [as#]
now filling in the blanks
Router-A(config)#router bgp [200]
Router-A(config-router)#network [200.200.1.0]
Router-A(config-router)#neighbor [200.200.1.1] remote-as [100]
unless I configure RIP on the same wire I get nothing.  No mention of RIP in
any
of the books I reference.  I config RIP and get a "from show ip route" this
C200.200.1.0/24 is directly connected, Serial1
R200.200.100.0/24 [120/1] via 200.200.1.1, 00:00:14, Serial1
  [120/1] via 200.200.2.1, 00:00:14, Serial0
C200.200.2.0/24 is directly connected, Serial0
C192.168.1.0/24 is directly connected, Ethernet0
O192.168.2.0/24 [110/74] via 192.168.1.2, 01:54:20, Ethernet0
O E2 192.168.3.0/24 [110/20] via 192.168.1.2, 01:54:20, Ethernet0
Not showing bgp on the connections

the Show ip bgp yields .
Router-A#show ip bgp
BGP table version is 3, local router ID is 200.200.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network  Next HopMetric LocPrf Weight Path
*  200.200.1.0  200.200.2.1  0 0 100 i
*   200.200.1.1  0 0 100 i

*>  0.0.0.0  0 32768 i  Where
did I pick up the Static/Default paths from

*  200.200.2.0  200.200.2.1  0 0 100 i
*   200.200.1.1  0 0 100 i
*>  0.0.0.0  0 32768 i  Where
did I pick up the Static/Default paths from




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27883&t=27879
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Dual Homing Novell Servers to 2 Cat 6500's [7:27690]

[Bill Carter]

We are installing 2 6500's in the core.  We want the Novell servers to have
Gig connections to each 6500.  How is this configured on the server end.  I
assume each card has unique IP's?  Will the server get confused with 2 IP's
on the same subnet?  The 6500's have the MSFC2 card and is running HSRP.

What are your experiences with dual homing like this?

^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-
Bill Carter
CCIE 5022
"To accomplish great things, we must not only act,
but also dream; not only plan, but also believe.
-Anatole France
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27690&t=27690
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 4006 [7:27472]

[Bill Carter]

Yes, with a Layer 3 blade.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
William
Sent: Tuesday, November 27, 2001 10:23 AM
To: [EMAIL PROTECTED]
Subject: 4006 [7:27472]


dear all,

can the 4006 run on layer 3?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27486&t=27472
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: accessing remote router [7:27060]

[Bill Carter]

If you have it enabled, you can http to the router and set the enable
password.  Otherwise call someone at the site

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Hansraj Patil
Sent: Wednesday, November 21, 2001 2:18 PM
To: [EMAIL PROTECTED]
Subject: accessing remote router [7:27060]


Hello Everyone:


I have remote router which has telnet password set but there is no
enable mode password.
I can telnet successfully & enter user mode but if I try to enter enable
mode it gives error.

router_1>enable
% No password set



Is there any way to access this router remotely without setting enable
password on router?



Thanks
-hansraj




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27068&t=27060
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Pinging spree [7:26268]

[Bill Carter]

access-list 101 deny icmp any x.y.z.0 0.0.0.255 echo  (from anywhere to your
IP subnet)
access-list 101 permit ip any any
int s0 (your interface facing the Internet)
ip access-group 101 in
no ip unreachables
no ip directed-broadcast



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Charles Lomotey
Sent: Wednesday, November 14, 2001 1:01 PM
To: [EMAIL PROTECTED]
Subject: Pinging spree [7:26268]


Hi,

We are an ISP. We have everyone on a pinging spree pinging our backbone
router to check their connection. How do I disable that ethernet interface
to stop responding to ping requests (ICMP i suppose)

Charles





___
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=26280&t=26268
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Broadcast suppression on the Cat6k [7:26180]

[Bill Carter]

I have worked with it on 5500's.  Customer is a large Novell shop and would
periodically have some interesting broadcast storms. Usually a print server
and a tech's PC would get into some kind of argument.  Works good.  I set
the limits ~20%-30%.  Low enough to stop any device from getting to excited,
yet high enough for a Novell client to boot up and yell "gimmie a server,
gimmie a server, gimmie a server, gimmie a server, gimmie a server, gimmie a
server,"

good luck, send me anymore question about it.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jeff Duchin
Sent: Tuesday, November 13, 2001 9:11 PM
To: [EMAIL PROTECTED]
Subject: Broadcast suppression on the Cat6k [7:26180]


Anyone mess with this feature... recommendations?

Thanks,
Jeff




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=26187&t=26180
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: NetWare Core Protocol over TCP [7:26131]

[Bill Carter]

A customer of mine is preparing for a conversion from Netware IPX to IP
only.  Total network is 350+ servers. 98% are Netware 5.1.  On Netware 5.1,
when 2 servers can communicate through IP they will use IP for all
communications.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Priscilla Oppenheimer
Sent: Tuesday, November 13, 2001 1:07 PM
To: [EMAIL PROTECTED]
Subject: NetWare Core Protocol over TCP [7:26131]


I am interested to know how many people use NetWare Core Protocol (NCP)
over TCP. Like Howard, I didn't think this was the normal way of handling a
migration from IPX to IP, although it certainly makes sense.

So, a survey: can people on the list let us know if they use this?

Note: I'm not criticizing Kevin, just gathering information.

Regarding PEP, I did some research too. I couldn't find any proof that the
transport-like part of NCP was based on PEP, which I thought disappeared,
but it does make sense. The service provided by PEP is essentially the same
as the service that NCP provides in its "integrated transport" level, to
use Howard's great terminology.

I would love to get a Sniffer trace of NCP over TCP. I have a rather old
version of Sniffer but a brand new version of EtherPeek. Also I know NCP
really well so I might recognize some stuff even if the decoder doesn't.
The packet you sent before is just the TCP SYN. Do you have something later
in the session with some NCP data? Could you send me (not the list) an
attachment of a cleaned up trace file? I'll acknowledge you in my new
book!  ;-) THANKS.

Priscilla

At 12:26 AM 11/13/01, [EMAIL PROTECTED] wrote:
>5.0 with an unmanageably large number of service pack applications.
>
>I believe the NWIP encapsulation as a preferred means of exchanging packets
>idea was buried with version 4. NW 5 servers may be installed with support
>for either or both protocol stacks.
>
>There exist various modules centering around the acronym cmd which
>allegedly facilitate hybrid environments slated to migrate to ip only. It's
>possible that servers thus configured encapsulate ipx within ip, but I'm
>far too undermotivated to ascertain the validity of that guess.
>
>I suppose that Novell has been fairly successful at obscuring the original
>meaning of PEP: many hits on general web searches turn up some documents on
>programmatically generating & sending ipx packets in the name of fine-tuing
>network diagnostic tools such as DOOM. Seaching Novell leads you to
>conclude that it refers to their Professional Education Program.
>
>
>
>
>
>"Howard C. Berkowitz" @groupstudy.com on 11/12/2001 06:22:40
>PM
>
>Please respond to "Howard C. Berkowitz"
>
>Sent by:  [EMAIL PROTECTED]
>
>To:   [EMAIL PROTECTED]
>cc:(bcc: Kevin Cullimore)
>Subject:  RE: What frame format used by TCP/IP? [7:25924]
>
>
> >In contrast to the IPX-based implementation described below, packet
> >captures seem to reveal that NCP DOES rely on a transport layer when
using
> >IP as a network layer mechanism.
>
>What version of NetWare?  It's my understanding that 5.x is native
>TCP/IP with encapsulated IPX available for backwards compatibility.
>
>Incidentally, older IPX-based NCP had an integrated transport
>function, not SPX but something called PEP.
>
> >
> >   Flags:0x00
> >   Status:   0x00
> >   Packet Length:66
> >   Timestamp:19:09:38.677828 03/12/2001
> >Ethernet Header
> >   Destination:  00:90:7F:0F:0B:D5
> >   Source:   00:10:A4:F5:5A:66
> >   Protocol Type:0x0800  IP
> >IP Header - Internet Protocol Datagram
> >   Version:  4
> >   Header Length:5  (20  bytes)
> >   Precedence:   0
> >   Type of Service:  %
> >   Unused:   %0
> >   Total Length: 48
> >   Identifier:   14671
> >   Fragmentation Flags:  %010  Do Not Fragment
> >   Fragment Offset:  0  (0  bytes)
> >   Time To Live: 128
> >   IP Type:  0x06  TCP
> >   Header Checksum:  0xF3B3
> >   Source IP Address:210.225.86.53
> >   Dest. IP Address: xxx.xxx.xxx.x  xxx.xx.xx.xxx
> >   No Internet Datagram Options
> >TCP - Transport Control Protocol
> >   Source Port:  2583
> >   Destination Port: 524  NCP
> >   Sequence Number:  1273813107
> >   Ack Number:   0
> >   Offset:   7
> >   Reserved: %00
> >   Code: %10
> > Synch Sequence
> >   Window:   16384
> >   Checksum: 0x44D7
> >   Urgent Pointer:   0
> >   TCP Options:
> > Option Type:2  Maximum Segment Size
> > Length: 4
> > MSS:1460
> > Option Type:1  No Operation
> > Option Type:1  No Operation
> > Option Type:4
> > Length: 2
> > Opt Value:
> >   TCP Data Area:No more data.
> >Frame Check Sequence:  0x04007C00
> >
> >




Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=26

RE: Switch Question [7:25704]

[Bill Carter]

Etherchannel make the link 1 logical connection.  Therefore, one STP
interface.  If one link fails it becomes a single connection, so you are
still up.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
DAGENHARDT Frank
Sent: Thursday, November 08, 2001 1:04 PM
To: [EMAIL PROTECTED]
Subject: Switch Question [7:25704]


I have dual Gigabit trunk links connecting my two Catalyst 4003 switches. My
STP type is IEEE. If I configure those two links as Etherchannel will one of
those links still be blocked by STP? Or will the Etherchannel trunk be
viewed by STP as only one link. Is there any disadvantage to doing this
instead of letting it be blocked by STP for redundancy.

Thanks

Frank




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=25709&t=25704
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 7206 VXR???? [7:24692]

[Bill Carter]

Yes, Its a very good router.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Raul De La Garza III
Sent: Tuesday, October 30, 2001 2:19 PM
To: [EMAIL PROTECTED]
Subject: 7206 VXR [7:24692]


Has anyone had any experience with a Cisco product called the 7206 VXR
router?



Raul De La Garza III
CCDP NNCSS MCSE CNE

"Rome has spoken; the cause is finished."  -St. Augustine (354-430)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=24704&t=24692
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VLAN and IPX [7:24641]

[Bill Carter]

The config is correct, although you need to find out what IPX encapsulation
is.  Probably 802.2. I would put the commands in this way;

interface vlan 2
ip address ..
ipx network 101 encapsulation sap
interface vlan 3
ip address 
ipx network 102 encapsulation sap

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Cisco Breaker
Sent: Tuesday, October 30, 2001 6:09 AM
To: [EMAIL PROTECTED]
Subject: VLAN and IPX [7:24641]


Hi all,

I have a customer that uses both Novell and NT. We upgraded their LAN with
6500 and 3500 switches. Now we will implement VLANs. I know how to configure
VLAN for IP but never done it with IPX. I red the docs on cisco but I have a
question on my mind. As I know the customer only give a network IPX number
to the server and clients get their Network numbers from the server. If I
put the server on a different VLAN will the router give a network number to
clients or will I have to show the way to clients to reach the server.

My guess is this

interface vlan 2
ip address ..
ipx network 101 (this is the network where the server is)
interface vlan 3
ip address 
ipx network 102 (this is the network where clients will be)

If  I configure my router like this will clients able to find the server or
what should I do?

Best regards,




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=24653&t=24641
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Working for a consulting company [7:3676]

[Bill Carter]

I liked the travel more than my wife.  I was flying home Friday afternoon
and flying out Sunday afternoon.  That was 4 years ago and I still haven't
used the free Frequent Flyer ticket I earned.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, October 26, 2001 11:07 AM
To: [EMAIL PROTECTED]
Subject: RE: Working for a consulting company [7:3676]


Seems like a pretty interesting job, that explains my bordom, here in the
office,
i wish i could find a consulting job with 80% travel.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, October 26, 2001 8:07 AM
To: [EMAIL PROTECTED]
Subject: RE: Working for a consulting company [7:3676]


I have been in the networking business for 7 years and have worked at both
consulting companies and in-house at businesses.  I prefer consulting.  I
travel at most 1 every 3 months and usually 1 night/2day.  I work for a
Chicago based company, but I am in Springfield, IL, the State Capitol.  I
have been at the same customer for 3 years.  When I need a break I call me
boss and say "find me a project" and I go to Chicago for a couple of days.
This works really well keeping me up to date on new technology.

At a previous company, the boss walked in one day and said "You are going on
the road for a major bank.  I was gone 3-4 weeks a month in some places like
South Dakota, Nebraska, Montana.  This project lasted 4 months, when it was
over we were laid off.

I still prefer consulting, because I get more exposure to new technology.
When I worked for non-consulting companies, I tended to install things and
then watch it run for 6 months.  I got real bored.

When interviewing with consulting companies find out what they expect for
travel.  Somewhere like Chicago you could work 100% of the time in the
greater Chicago area.  Other times you will be flying around the company.
What do you want?  What do they expect??

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
David John
Sent: Friday, October 26, 2001 4:17 AM
To: [EMAIL PROTECTED]
Subject: Working for a consulting company [3:3676]


Hi Group,

I have a MCSE, CCDA and CCNP and will finish my CCDP within a month. I am
considering working for a consulting company and I would like some one to
tell me a little about the daily life of an engineer working with a
consulting company. What should I expect to be doing on a daily basis? do I
have to go to customer sites often? do I have to travel a lot? Will I have a
lab available for testing and practice?

Will I get more experience working with customer or with a consulting
company?

Thanks

David John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=24268&t=3676
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Working for a consulting company [7:3676]

[Bill Carter]

I have been in the networking business for 7 years and have worked at both
consulting companies and in-house at businesses.  I prefer consulting.  I
travel at most 1 every 3 months and usually 1 night/2day.  I work for a
Chicago based company, but I am in Springfield, IL, the State Capitol.  I
have been at the same customer for 3 years.  When I need a break I call me
boss and say "find me a project" and I go to Chicago for a couple of days.
This works really well keeping me up to date on new technology.

At a previous company, the boss walked in one day and said "You are going on
the road for a major bank.  I was gone 3-4 weeks a month in some places like
South Dakota, Nebraska, Montana.  This project lasted 4 months, when it was
over we were laid off.

I still prefer consulting, because I get more exposure to new technology.
When I worked for non-consulting companies, I tended to install things and
then watch it run for 6 months.  I got real bored.

When interviewing with consulting companies find out what they expect for
travel.  Somewhere like Chicago you could work 100% of the time in the
greater Chicago area.  Other times you will be flying around the company.
What do you want?  What do they expect??

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
David John
Sent: Friday, October 26, 2001 4:17 AM
To: [EMAIL PROTECTED]
Subject: Working for a consulting company [3:3676]


Hi Group,

I have a MCSE, CCDA and CCNP and will finish my CCDP within a month. I am
considering working for a consulting company and I would like some one to
tell me a little about the daily life of an engineer working with a
consulting company. What should I expect to be doing on a daily basis? do I
have to go to customer sites often? do I have to travel a lot? Will I have a
lab available for testing and practice?

Will I get more experience working with customer or with a consulting
company?

Thanks

David John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=24251&t=3676
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: which is the best [7:23902]

[Bill Carter]

With EIGRP you can implement areas similar to OSPF or ISIS.  You would want
to keep subnets with in the same EIGRP "area".  Just configure routers with
different EIGRP #'s and send summary updates into the different areas.

I know a very very very large network doing this.

^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-
Bill Carter
CCIE 5022
"To accomplish great things, we must not only act,
but also dream; not only plan, but also believe.
-Anatole France
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Kim Edward B
Sent: Tuesday, October 23, 2001 3:06 PM
To: [EMAIL PROTECTED]
Subject: RE: which is the best [7:23902]


If it is cisco only environment, I would prefer EIGRP.
Less CPU and Memory requirement (which means less expensive routers in some
cases and also more free CPU and Memory for the routers).
Also I believe they have better convergence time than OSPF.

As Mr. Lupi mentioned, while OSPF's metric is based on bandwidth, the EIGRP
can be based on (bandwidth, delay and also MTU, load, reliability as
necessary).
For example, if you have F/R of 512K and 256K, OSPF will use the 512K.  You
could make it to use the 256K to load balance by the bandwidth statement but
it won't be really true load balancing.  EIGRP can via variance and other
ways.

Con is the proprietary Routing protocol.  In the future if you acquire non
cisco network, you could still use the redistribution.  So if you have only
cisco network, I would prefer EIGRP.

Lastly, OSPF's more hierarchical design than EIGRP(OSPF areas, stubby, total
and not so stubby, etc) can scale better in bigger network, but for the
given router numbers (50), EIGRP fits better in my opinion.

I don't know what I'm trying to say here...
For the given condition, I would go with EIGRP, but if you are planning to
expand and also possibly acquire non-cisco routers OSPF might be better.

Sorry for the confusion.

My .02 cents.

Ed

-Original Message-
From: Lupi, Guy [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 23, 2001 11:21 AM
To: [EMAIL PROTECTED]
Subject: RE: which is the best [7:23902]

I prefer OSPF, only because if you decide to put a device that is not a
Cisco on the network you don't have to run 2 routing protocols.  Your
decision would have to be based on your needs also, EIGRP has a couple of
features that OSPF does not that you may want, such as load balancing across
links that do not have equal metrics.

Guy

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 23, 2001 10:53 AM
To: [EMAIL PROTECTED]
Subject: which is the best [7:23902]


In a medium (50  routers) cisco only environment which routing protocol
would be prefered ...
EIGRP or OSPF ?
What are the pros and cons ?

Thanks

Dave
*
DISCLAIMER:   The information contained in this e-mail may be confidential
and is intended solely for the use of the named addressee.  Access, copying
or re-use of the e-mail or any information contained therein by any other
person is not authorized.  If you are not the intended recipient please
notify us immediately by returning the e-mail to the originator.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=23962&t=23902
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: vendor connection [7:23360]

[Bill Carter]

I would send all external connections through the Firewall.

^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Tom Richs
Sent: Thursday, October 18, 2001 9:29 AM
To: [EMAIL PROTECTED]
Subject: vendor connection [7:23360]


Typically if you're a company that has may 5 to 7 vendors that you need to
connect to, in terms of the WAN connetion, what is the best approach:

- have these vendor WAN connections come in thru a WAN router and then have
the WAN router go thru a firewall to get to your corporate LAN

or

- have these vendor WAN connections connected directly connected to your
usual WAN router for and just use access-lists to filter things instead of a
firewall.

or

another idea ?

Thanks.

Tom

_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=23372&t=23360
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Inputs on syslog server reqd... [7:22168]

[Bill Carter]

You might want to look at Cisco Resource Manager Essentials.  It has a good
syslog tool that lets you look and messages broken down by either severity
level or device.

http://www.cisco.com/warp/public/cc/pd/wr2k/rsmn/

^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Ramu Perumal
Sent: Friday, October 05, 2001 8:37 AM
To: [EMAIL PROTECTED]
Subject: Inputs on syslog server reqd... [7:22168]


Hi all,

I have a requirement to monitor all the cisco
devices(switches, routers, IGX, PIX etc) in my
network...I need to install a Syslog server to log all
events from all the boxes...Can I install a single
syslog server and log events for all the devices...

need ur expert comments

Thanks in advance

Ramu

__
Do You Yahoo!?
NEW from Yahoo! GeoCities - quick and easy web site hosting, just
$8.95/month.
http://geocities.yahoo.com/ps/info1




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=22219&t=22168
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Multihomed full routes on a 3640? [7:22269]

[Bill Carter]

Here is a trick I learned.  I couldn't believe how many prefixes I learned
with a /25-/30.  Most of these also had /16 or /24 which covered the larger
prefixes.  I wanted limit the number of prefixes will prefixes longer than
/24.

router bgp AS#
neighbor X.X.X.X prefix-list NoSmall in
!
!
ip prefix-list NoSmall seq 10 permit 0.0.0.0/0 le 24

then
clear ip bgp X.X.X.X soft in

^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
John Neiberger
Sent: Friday, October 05, 2001 4:20 PM
To: [EMAIL PROTECTED]
Subject: OT: Multihomed full routes on a 3640? [7:22269]


Yes, I am the King of the Off Topic Post lately.  I apologize.  I've
checked the archives and I didn't see anything recent on this.  Besides,
what I did find was a bunch of disagreements and I wasn't able to come
to a conclusion.  Here's the situation:

We are multihomed to two providers using a 3640 with 128MB of RAM.
Earlier today I was taking customer routes from both (37,000 and 8,500
respectively.)  I had 87MB of RAM free so I thought I'd allow the second
provider to send me full routes.  After changing that I still have 57MB
of RAM free.

So, an increase of 96,000 routes only decreased my available RAM by
around 30MB.  Now I'm considering allowing the other provider who is
already sending 37,000 routes to send a full table, as well.

Am I asking for trouble by accepting full routes from two providers
with this setup?  It seems to me that adding another 70k routes from the
first provider would only use up another 20MB of RAM or so, leaving
about 30MB to play with.

Would you agree that this is enough wiggle room or should I leave it
alone now and play it safe?

Thanks,
John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=22279&t=22269
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Way OT but pretty funny.... [7:21210]

[Bill Carter]

Violent Femmes

"Why can't I get..Just one Screw?"


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
John Neiberger
Sent: Wednesday, September 26, 2001 3:30 PM
To: [EMAIL PROTECTED]
Subject: Way OT but pretty funny [7:21210]


Sorry, this really struck me as funny and I didn't have anyone else to
share it with.I'm hoping that this--while not hilarious--will
give someone a few laughs.  The humor should be apparent.

http://accessories.us.dell.com/sna/productdetail.asp?Sku=97580&customer_id=1
9&spagenum=5&page=dellitems.asp&icompatid=108891&docid=6158


Long link, sorry

Regards,
John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=21224&t=21210
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Catalyst 4000 Configuration [7:20996]

[Bill Carter]

same.

^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Ray Smith
Sent: Tuesday, September 25, 2001 9:22 AM
To: [EMAIL PROTECTED]
Subject: Catalyst 4000 Configuration [7:20996]


Guys,

Is there a difference with configuring the Catalyst 4000 as oppose to a
Catalyst 5000?  Is the operating system the same or even similar?



Ray

_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=21001&t=20996
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cute IPX addresses compiled [7:20864]

[Bill Carter]

D00BE

^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, September 24, 2001 6:36 AM
To: [EMAIL PROTECTED]
Subject: Re: Cute IPX addresses compiled [7:20864]


In a message dated 9/23/01 10:11:27 PM Central Daylight Time,
[EMAIL PROTECTED] writes:

<< Subj: Cute IPX addresses compiled [7:20864]
 Date:  9/23/01 10:11:27 PM Central Daylight Time
 From:  [EMAIL PROTECTED] (Dennis Laganiere)
 Sender:[EMAIL PROTECTED]
 Reply-to:  [EMAIL PROTECTED] (Dennis Laganiere)
 To:[EMAIL PROTECTED]


Dennis,
How about the obvious one:CC1E
Rob H. NP, DP, blah,blah,blah...




 I compiled all the cute IPX network names people sent me and am providing
 them here for future reference.  I know we don't see much IPX anymore, but
 it's still fun to reminisce about our youth...

 1DEA (idea), 82FA57 (ate too fast), ACE5, AD, AD0 , AD0BE, B00B00, B0D1CE
 (bodice), B0D1ED (bodied), BA5EBA11, BABEFACE, BAD, BAD1DEA (bad idea),
 BADBABE, BADBEEF, BADC0FEE, BADDAD, BE, BEAD, BEAD0FF, BEBAD, BED, BEE,
 BEEFFEED, C0DEDEAD, CAB, CAD, DEAD, DEADBEEF, DEAF, DEAF0AF, F005BABE ,
 F00D, FA11, FACE, FAD0, FADE, FEED and of course, the scourge of the
 technology world DECAF.

 Hope this is as much fun for you guys as it is for me...  Thanks all...

 --- Dennis




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=20915&t=20864
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Can some PIX expert please respond.... [7:20858]

[Bill Carter]

I believe this is a bug.  I have the same issue with 6.0(1)  Not sure if
6.1(1) fixed it.

^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Urooj's Hi-speed Internet
Sent: Sunday, September 23, 2001 8:06 PM
To: [EMAIL PROTECTED]
Subject: OT: Can some PIX expert please respond [7:20858]


Hi Folks,
I am trying to get timestamps alongwith my 'syslog' output by using the PIX
command "logging timestamps". However, even with this command, whenever I do
a "show syslog", I fail to see any timestamps logged. Am I missing something
???

How can I append timestamps with the "syslog messages". Or timestamps cannot
be appended in "show syslog" when I use the command "logging buffered
debugging" & "logging timestamps", i.e. when I use the internal buffer of
PIX to log syslog messages ?

Can someone please advise me. Thanks.

Aziz




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=20914&t=20858
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Which testing site is better? Halifax or RTP [7:20904]

[Bill Carter]

I thought Halifax was a great place to test.  The town is beautiful and
relaxing.  Great seafood and our Canadian friends know how to make a good
Beer.  When there go to the waterfront area have a nice C$12.00 Lobster
dinner and visit the Titanic museum.  Oh ya, no complaints about the testing
facility.

Can't stress enough the importance of the laid back atmosphere in Halifax.
You don't want to be stressed out before you arrive at the Testing center.

^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 10:30 AM
To: [EMAIL PROTECTED]
Subject: Which testing site is better? Halifax or RTP [7:20904]


Hi everyone, this is my fist post.

I just signed up for Halifax for May 27th, 2002. Which testing site do you
preffer, Halifax or RTP?

Thanks,
Alex




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=20916&t=20904
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Serious advice needed from CCIE [7:19800]

[Bill Carter]

Get a 5500 instead.

^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Dan Faulk
Sent: Thursday, September 13, 2001 11:23 AM
To: [EMAIL PROTECTED]
Subject: Serious advice needed from CCIE [7:19800]


Looking to add a switch to the lab and this product line is giving me fits.
Looks like the switch of choice for the CCIE rack is the 6500. Of course
this is far and away outside my price range. Any suggestions please?

Thanks
Dan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=19804&t=19800
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: spid and ldn numbers [7:19752]

[Bill Carter]

ldn number.  Just like a telephone number.

^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Lists Wizard
Sent: Thursday, September 13, 2001 8:31 AM
To: [EMAIL PROTECTED]
Subject: spid and ldn numbers [7:19752]


Hi Group,

I am realy confused about spid and ldn numbers. Which
one will a remote user use to dial into my isdn
router?


Thanks
Lw

__
Terrorist Attacks on U.S. - How can you help?
Donate cash, emergency relief information
http://dailynews.yahoo.com/fc/US/Emergency_Information/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=19770&t=19752
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: how to make a router firewall? [7:18268]

[Bill Carter]

He also has a BGP config that is real good.

^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Sam Deckert
Sent: Monday, September 10, 2001 11:09 AM
To: [EMAIL PROTECTED]
Subject: Re: how to make a router firewall? [7:18268]


Thanks for that link Bill - it rocks!

Sam.
- Original Message -
From: "Bill Carter"
To:
Sent: Tuesday, September 11, 2001 1:23 AM
Subject: RE: how to make a router firewall? [7:18268]


> Rob Thomas has done some good work on this.
>
>  http://www.cymru.com/~robt/Docs/Articles/secure-ios-template.html
>
> ^-^-^-^-^-^-^-^-^-^-^
> Bill Carter
> CCIE 5022
> ^-^-^-^-^-^-^-^-^-^-^
>
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> William Gragido
> Sent: Wednesday, September 05, 2001 1:01 PM
> To: [EMAIL PROTECTED]
> Subject: RE: how to make a router firewall? [7:18268]
>
>
> The firewall IOS is quite good however, if you do not wish to utilize it
you
> can simply create ACLs that reflect your desires accordingly.  ACLs are in
> laymans terms, the low brow fire wall rule set so have at it!
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Jim Bond
> Sent: Sunday, September 02, 2001 8:57 PM
> To: [EMAIL PROTECTED]
> Subject: how to make a router firewall? [7:18268]
>
>
> Hello,
>
> I'm trying to make a 1720 router as firewall. What IOS
> should I use? What ACLs should I put in the router? My
> understanding on firewall is to allow outgoing traffic
> and block incoming traffic unless it's originated from
> inside, is it correct?
>
> Thanks in advance.
>
> Jim
>
> __
> Do You Yahoo!?
> Get email alerts & NEW webcam video instant messaging with Yahoo!
Messenger
> http://im.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=19292&t=18268
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: how to make a router firewall? [7:18268]

[Bill Carter]

Rob Thomas has done some good work on this.

 http://www.cymru.com/~robt/Docs/Articles/secure-ios-template.html

^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
William Gragido
Sent: Wednesday, September 05, 2001 1:01 PM
To: [EMAIL PROTECTED]
Subject: RE: how to make a router firewall? [7:18268]


The firewall IOS is quite good however, if you do not wish to utilize it you
can simply create ACLs that reflect your desires accordingly.  ACLs are in
laymans terms, the low brow fire wall rule set so have at it!

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jim Bond
Sent: Sunday, September 02, 2001 8:57 PM
To: [EMAIL PROTECTED]
Subject: how to make a router firewall? [7:18268]


Hello,

I'm trying to make a 1720 router as firewall. What IOS
should I use? What ACLs should I put in the router? My
understanding on firewall is to allow outgoing traffic
and block incoming traffic unless it's originated from
inside, is it correct?

Thanks in advance.

Jim

__
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=19274&t=18268
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: EIGRP Network wild card bits [7:18827]

[Bill Carter]

I had heard that this feature was added to special IOS version distributed
to a couple a SP's.  Glad to see it finally making it to mainstream.

^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Copabano
Sent: Thursday, September 06, 2001 11:16 AM
To: [EMAIL PROTECTED]
Subject: EIGRP Network wild card bits [7:18827]


To all,

I ran into something rather odd. In configuring a set
of routers I found that in version 12.0.(5)T1 you can
add wild card bits to the network statement in EIGRP.
Other routers running a slightly older revision only
allow the "network". Is this something new in EIGRP to
control which interfaces "talk" EIGRP instead of
controlling this function with a "distribute list"??

Or do I have a Friday load.

Your comments??


__
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=18851&t=18827
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Load Sharing vs Load Balance [7:18821]

[Bill Carter]

Now for those famous words"It depends."

In the most basic setup you could have two ISP connections.  Use ip
default-network command to establish default routes to both providers.  This
would give you either per-packet or per-destination load balancing for
outbound traffic.  Inbound traffic would be dependent on the Internet Route
table of the ISPs.  Technically you could ask both ISP's to announce
reachability to your network.  Real world, your IP subnet block probably
belongs to a larger subnet block of your ISP's so the providers may not want
this to happen.

Here is what we have done for our customers.

We have the customer acquire a BGP AS number and IP subnet (www.arin.net).
You have to talk to the ISP's about running BGP with them.  I think it is
better to have 1 router per ISP (3620 full of DRAM.  Your routers will
announce reachability for you network to both providers.  Both routers
accept full BGP routes and your routers run iBGP.  Set up HSRP on the
Ethernet Interfaces (tracking the serial interfaces) facing your LAN
(usually outside int of Firewall). A Crossover Ethernet cable connects the
second Ethernet interface on the routers for the iBGP link.

With this configuration all traffic coming from you LAN will enter the same
router.  Depending on the route tables, internal traffic will enter the HSRP
router and then either exit to the Internet or jump to the other router then
exit.

Inbound traffic is harder to control.  AS-prepending can be used to make one
path look less desirable than the other.  You will probably never get 50%
inbound traffic into router A and 50% in router B.

Alternative...
You may want to ask an ISP for 2 Internet connections coming from 2
different POPs.  This will give you some redundancy and save you the hassle
of the BGP stuff.  If you go with a larger provider (Qwest, ATT, Sprint,
etc.)  The redundancy will be fine.

Let me know if you have more questions.

^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE #5022
^-^-^-^-^-^-^-^-^-^-^


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
DBates
Sent: Thursday, September 06, 2001 10:59 AM
To: [EMAIL PROTECTED]
Subject: Load Sharing vs Load Balance [7:18821]


Can any one tell me the difference between load sharing and load balancing
?

I would like my company to use two different ISP connections and load
balance between the two.

Is this a case for BGP 

Thanks,

Dennis




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=18844&t=18821
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Recertification [7:18687]

[Bill Carter]

I used Large-Scale IP Network Solutions, Raza and Turner
ISBN:1-57870-084-1

I think the CCIE Professional Development series books are good Recert Study
tools.

Be warned, the recerts are not easy tests.

^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Wayne & Therese Lawson
Sent: Wednesday, September 05, 2001 4:01 PM
To: [EMAIL PROTECTED]
Subject: CCIE Recertification [7:18687]


Hello - I'm attempting my 1st CCIE recert - I was wondering what
resources people on the forum have used and been successful with.

Thanks! - Wayne
CCIE # 5244




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=18793&t=18687
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Version IOS for "Code Red" Nbar [7:18637]

[Bill Carter]

I am trying to configure NBAR for the "Code Red" fix.  I have a 2600.  I
want IOS to support FW/IDS.  I have tried it with 12.1(5)T7 and T10.  Each
time I enter the command:

 match protocol http url "*default.ida*"

The router reboots.  Are any of you using NBAR with FW/IDS?? What version
works???



^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=18637&t=18637
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IP unnumbered [7:18250]

[Bill Carter]

The Loopback Interface is useful in OSPF, BGP, for network management.  If
a loopback will have 2-3 uses anyway, why not throw in ip unnumbered.

If someone is dead set against loopback, you could use

interface serial 0/0
ip unnumbered
interface ethernet 0/0
ip address 10.1.1.1 255.255.255.0
no keepalive

The Ethernet interface would always be up!!

^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Michael L. Williams
Sent: Tuesday, September 04, 2001 5:49 PM
To: [EMAIL PROTECTED]
Subject: Re: IP unnumbered [7:18250]


Dave,

I agree totally with your statement, however, I don't understand why you say
that if you use ip unnumbered pointing to a LoopBack interface that
nullifies the point of using unnumbered (to save IPs).  You can still use a
single IP address on a LoopBack not waste more by putting separate IPs on
each p-t-p link..

Mike W.

"MADMAN"  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Brett gives a good example that will work just fine but I would not
> recommend using IP unnumbered.  With RFC 1918 you have more IP addesses
> than your going to need so no problems with using registered addresses
> on p-to-p links.  troubleshooting also becomes trickier but if you
> insist on using them then use a loopback interface, but then a primary
> argument is shot, burning IP addreses.
>
>   Dave
>
> Brett Hairbottle wrote:
> >
> > Hi
> >
> > Instead of using a "numbered link" you can use ip unnumbered to connect
> > sites.
> > Example:
> >
> > Router A:
> > interface fastethernet 0
> > ip address 10.100.2.1 255.255.255.0
> > interface serial 0
> > ip unnumbered fasthethernet 0
> >
> > Router B:
> > interface fastethernet 0
> > ip address 10.100.31 255.255.255.0
> > interface serial 0
> > ip unnumbered fasthethernet 0
> >
> > now instead of assigning a ip address to each serial port you can use
the
> ip
> > unnumbered command
> >
> > Brett Hairbottle
> > Network Administrator
> > CCNA
> > - Original Message -
> > From: "sami natour"
> > To:
> > Sent: Sunday, September 02, 2001 10:33 PM
> > Subject: IP unnumbered [7:18250]
> >
> > > Hello everybody,
> > > I know how to cinfigure IP unumbered but I do not know
> > > any practical scenario that I make use of this
> > > feature.Any body has specific scanrios where  I can
> > > use ip unnumbered .
> > >
> > > Regards ,
> > > sami
> > >
> > >
> > > __
> > > Do You Yahoo!?
> > > Get email alerts & NEW webcam video instant messaging with Yahoo!
> > Messenger
> > > http://im.yahoo.com
> --
> David Madland
> Sr. Network Engineer
> CCIE# 2016
> Qwest Communications Int. Inc.
> [EMAIL PROTECTED]
> 612-664-3367
>
> "Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=18604&t=18250
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX - NAT 0 problems this weekend [7:18471]

[Bill Carter]

Last week I talked with some TAC engineers about running NAT 0 on a PIX.
This weekend I upgraded a customers site by placing Web servers in a DMZ.
For various reasons, I did not want to privately address the web servers and
use static translations.  Some TAC engineers said there are ongoing
discussions about whether to use NAT 0 or Static translations to the real
addresses.

During our cutover I learned what they were talking about...;>

This involved a PIX 515 running 5.3(1).

10:15pm -  nat (DMZ) 0 0 0.  I threw in the command, moved to my PC on the
outside segment, typed in http://X.X.X.10.  Viola!! Up came my web page.
Done, I'm ready to head for the hotel!!!   But first, the client ordered
take out (Free Dinner!!) and it was time to eat.  Had some pretty good
Vietnamese food while discussing how smooth everything went...

10:45pm - After dinner. From my PC I try to hit the web page. DDOOOHH!!!  No
web page!!!  Try some pings (Access-list allowed ping for the time-being),
nothing.   A show xlate reveals there is no xlating going on :~  Piece of
#$@&.  Can I get some water, dinner was hot!!

11:15pm - Using my keen sense of recall, I try the TAC suggestion of
static (DMZ,outside) X.X.X.0 X.X.X.0 255.255.255.128.  From outside try the
web page, viola!!! works.

11:45pm - Start packing the bag, ask the customer to try.  DDOOO!!! No
web page.  Walk from customer desk to Computer room, shut door, let
explicatives fly (for 5 minutes)

12:01am - Its tomorrow gggrrr!! Call TAC, ticktickticktick.

12:50am - Finally hear from TAC. 3 day weekend, everyone is doing upgrades
tonight.  Oohhh the glamourous life of a consultant!!!  TAC says config is
right, do some dinking around, it works!!!

1:45am - Pack the bags, ask the customer to try..(you guessed it)
DDD!!! stopped working!!!@#$@@#!   Enough of this @#$%.
http://www.cisco.com/kobayashi/sw-center/sw-ciscosecure.shtml

2:00am - Start upgrading..Since the customer has so wisely chosen the
failover bundle we get to upgrade 2X.

2:30am - PIX's are rebooted after upgrade, test the web pages.
Excellent! Pack the bags, ask customer to test...Everything works..Time
to go home..


Moral of the story.
NAT when you can, but if you can't,
static (DMZ,outside) X.X.X.0 X.X.X.0 255.255.255.128
is better than
nat (DMZ) 0 0 0
and
PIX code 6.0(1) is much better than 5.3(1)

ps.  TAC support was excellent.  I don't intend for this to be derogatory
against TAC.





^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=18471&t=18471
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX static command and em_limit - SYN attack [7:17994]

[Bill Carter]

I am installing a PIX.  In the static commands the last switch is for the
limit on embryonic connects.

static (DMZ,outside) X.X.X.15 192.168.1.13 netmask 255.255.255.255 0 0 <---

Every sample configuration I have seen leaves this value at 0.  I hate to
bring logic into this but, logic tells me that I would want to put a limit
on embryonic sessions to protect against SYN attacks.  What is a reasonable
limit to put on this balancing security and availability?  20, 100, 500?

What value do you use in real world implementations???


>From CCO: watch the wrap.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config/com
mands.htm#xtocid1006867

The embryonic connection limit. An embryonic connection is one that has
started but not yet completed. Set this limit to prevent attack by a flood
of embryonic connections. The default is 0, which means unlimited
connections


^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=17994&t=17994
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Passed Written [7:17466]

[Bill Carter]

^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 29, 2001 9:03 AM
To: [EMAIL PROTECTED]
Subject: RE: Passed Written [7:17466]


another helpful url is

http://www.cisco.com/search

^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 29, 2001 8:27 AM
To: [EMAIL PROTECTED]
Subject: RE: Passed Written [7:17466]


whats the web site.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Christopher Supino
Sent: Tuesday, August 28, 2001 6:35 PM
To: [EMAIL PROTECTED]
Subject: RE: Passed Written [7:17466]


ASET is Cisco's CCIE mentoring program for resellers. They help you thru the
certification process, and will even allow you some rack time once you have
PAID for a lab. Sounds good, I was just wondering if anyone on the list had
been through it.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Allison Dan
Sent: Tuesday, August 28, 2001 8:21 PM
To: [EMAIL PROTECTED]
Subject: RE: Passed Written [7:17466]


Congratulations.

I've been studying for it.  Plan on taking it soon.

What is the ASET program?


Dan Allison
CCNP, MCSE, CNE




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=17683&t=17466
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Passed Written [7:17466]

[Bill Carter]

^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 29, 2001 9:03 AM
To: [EMAIL PROTECTED]
Subject: RE: Passed Written [7:17466]


another helpful url is

http://www.cisco.com/search

^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 29, 2001 8:27 AM
To: [EMAIL PROTECTED]
Subject: RE: Passed Written [7:17466]


whats the web site.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Christopher Supino
Sent: Tuesday, August 28, 2001 6:35 PM
To: [EMAIL PROTECTED]
Subject: RE: Passed Written [7:17466]


ASET is Cisco's CCIE mentoring program for resellers. They help you thru the
certification process, and will even allow you some rack time once you have
PAID for a lab. Sounds good, I was just wondering if anyone on the list had
been through it.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Allison Dan
Sent: Tuesday, August 28, 2001 8:21 PM
To: [EMAIL PROTECTED]
Subject: RE: Passed Written [7:17466]


Congratulations.

I've been studying for it.  Plan on taking it soon.

What is the ASET program?


Dan Allison
CCNP, MCSE, CNE




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=17682&t=17466
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Passed Written [7:17466]

[Bill Carter]

another helpful url is

http://www.cisco.com/search

^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 29, 2001 8:27 AM
To: [EMAIL PROTECTED]
Subject: RE: Passed Written [7:17466]


whats the web site.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Christopher Supino
Sent: Tuesday, August 28, 2001 6:35 PM
To: [EMAIL PROTECTED]
Subject: RE: Passed Written [7:17466]


ASET is Cisco's CCIE mentoring program for resellers. They help you thru the
certification process, and will even allow you some rack time once you have
PAID for a lab. Sounds good, I was just wondering if anyone on the list had
been through it.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Allison Dan
Sent: Tuesday, August 28, 2001 8:21 PM
To: [EMAIL PROTECTED]
Subject: RE: Passed Written [7:17466]


Congratulations.

I've been studying for it.  Plan on taking it soon.

What is the ASET program?


Dan Allison
CCNP, MCSE, CNE




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=17673&t=17466
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: cisco 2503 [7:17663]

[Bill Carter]

yes.

http://www.cisco.com/warp/customer/793/access_dial/ip_nego.html

^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
ofalt andy
Sent: Wednesday, August 29, 2001 8:22 AM
To: [EMAIL PROTECTED]
Subject: cisco 2503 [7:17663]


Can an ISDN  Cisco 2503 with IOS 10.2 be configured to dial into an ISP
that does not assign static IPs on its ISDN dial-in lines?  You do not know
the next hop router and the ISDN  box on the ISPs end may or may not be a
Cisco.

Andy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=17674&t=17663
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Logging debug messages [7:17107]

[Bill Carter]

There is a bug when logging synchronous is used on the vty or console ports.

I hit this issue also.

^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Patrick Donlon
Sent: Friday, August 24, 2001 7:18 AM
To: [EMAIL PROTECTED]
Subject: Logging debug messages [7:17107]


I'm having a strange problem with a 2600 running 12.2(1a), after a short
period of time (30 to 60 mins) the router will stop logging messages to the
vty lines with terminal monitor. I can perform a show logging history and
see the last message in the history but nothing is display as it happens,
some details below have a look and if anyone can see what's wrong let me
know,

cheers Pat

 #sh logging
Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0
flushes, 0 overruns)
Console logging: level debugging, 152 messages logged
Monitor logging: level debugging, 233 messages logged
Logging to: vty66(0)
Buffer logging: disabled
Logging Exception size (4096 bytes)
Trap logging: level informational, 19 message lines logged

#sh logging history
Syslog History Table:1 maximum table entries,
saving level warnings or higher
 16 messages ignored, 0 dropped, 0 recursion drops
 4 table entries flushed
 SNMP notifications not enabled
   entry number 5 : PARSER-3-BADSUBCMD
Unrecognized subcommand 0 in exec command 'test crypto isa x.x.x.x
x.x.x.x desmd5 '
timestamp: 699958




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=17108&t=17107
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Which Cisco router for SOHO/HOME Use ? [7:16583]

[Bill Carter]

2524's are good because of the number of interfaces you get.  do the 2524
come with interface cards?? If no interface cards come with it all you get
is a 1 port Ethernet router.

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/cis2500/2524/
boa/boaovr.htm

^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Wojtek Zlobicki
Sent: Monday, August 20, 2001 3:23 PM
To: [EMAIL PROTECTED]
Subject: Which Cisco router for SOHO/HOME Use ? [7:16583]


What router would one want to purchase for mostly home use (I will want to
put together a CCNP/CCIE Lab in the future but for now, I would just like a
Cisco router for my home network   My choices for now are

1605R
1720/1750
2524
26XX ?

Is there any reason why the 1605 would not be enough ? I see a number of
2524's on EBay , are the a nice router for home ?  I would prefer to spend
as little as possible of course but am willing to spend a little more for a
better router.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=16597&t=16583
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: To CSU/DSU or not to CSU/DSU [7:16368]

[Bill Carter]

The WAN CSU/DSU is covered under smartnet!!

^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jim Jones
Sent: Friday, August 17, 2001 8:45 AM
To: [EMAIL PROTECTED]
Subject: To CSU/DSU or not to CSU/DSU [7:16368]


Should I have the telecom people install a CSU/DSU or can I only  use the
WAN CSU/DSU module on a 1720 router? Also, what is the differences in using
the two options.

Thanks,

xw

_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=16374&t=16368
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]