VOIP on remote racks question [7:33040]

[Bob Bob]

Hi All,
I was thinking about renting time on remote racks such as ccbootcamp to
learn voice but how do you actually check and see if it works
and if it is dialing correctly?

I am not sure if the lab subscription people get direction on this already
but I was curious.  On some I heard that you can reverse
telnet into the modem itself and run commands to initiate the call, but
is this how ccbootcamp and other remote racks are all setup?  I did not
see any modems listed on the diagram.

thanks


_
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33040&t=33040
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

640-604 Switching [7:58384]

[bob bob]

Anyone interested on trading study questions .. I have a new pdf file for
routing...  looking for a pdf for switching


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58384&t=58384
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCDA and appletalk help please

[Bob]

I will be writing the CCDA exam next week, and was wondering if there is any
material on AppleTalk on it. I have been studying quite a bit and found that
AppleTalk is widely covered, mind you this was the same for CCNA, and I
found no questions regarding AppleTalk on the CCNA. Can anyone please answer
this question for me?

Thanks very much.


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX question***************

[Bob]

Hello:


The PIX allows by default, everything going from a higher security level,
(Inside=100, DMZ=50, Outside=0), to a lower security. Unless you have
changed
this then your outbound packets are probably fine but when that one external
address tries to respond to the internal address on a high port# it can't.
If this is the case make sure you have a conduit allowing access from the
external address to the internal address on whatever port the application
requires.

Regards
Bob G




Evan Francen <[EMAIL PROTECTED]> wrote in message
E580CB8FBC72D211A94A00A0C9B57292020A503C@EXCHANGE_SERVER">news:E580CB8FBC72D211A94A00A0C9B57292020A503C@EXCHANGE_SERVER...
> Use an outbound access-list.
>
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v44/pix44cfg/p
> ix44cfg.htm
>
> Hope this helps,
> Evan Francen
>
> -Original Message-
> From: Peter Gray [mailto:[EMAIL PROTECTED]]
> Sent: Friday, October 20, 2000 5:13 PM
> To: [EMAIL PROTECTED]
> Subject: PIX question***
>
>
> In the PIX firewall I have to allow one internal address to access one
> external address on a specific port. I am using  PIX Ver 4.4. And the
> outbound statement only allows either source or destination. Is there any
> way I can do it..?
> Thanks
> _
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> Share information about yourself, create your own public profile at
> http://profiles.msn.com.
>
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: P.I.X

[Bob]

Actually 5.1(x) and up don't fit on a floppy, you need rawrite.exe, the
file, 'bh511.bin' and the image file. Run the rawrite utility and specify
the file as
bh511.bin, this will create a temp image with tftp capabilities. Insert the
disk, reboot and follow the directions to tftp the image onto the pix.

Regards
Bob G

"Gareth Hinton" <[EMAIL PROTECTED]> wrote in message
8t153s$et0$[EMAIL PROTECTED]">news:8t153s$et0$[EMAIL PROTECTED]...
> John,
>
> Go to CCO software centre, download the rawrite executable along with the
> image required.
> Run rawrite from DOS and it walks you through it - creates a boot floppy
> with the image on.
>
> Cheers,
>
> Gaz
> "John D.C." <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Dear all,
> >
> > I need information about how to upgrade S/W PIX Firewall 515 form ver
> 5.1(2)
> > to 5.2(3).
> >
> > Thank's
> >
> > J.D.C.
> >
> > 
> > Get free email and a permanent address at http://www.netaddress.com/?N=1
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Help with Frame Relay over DTE/DCE cable

[Bob]

I am trying to configure Frame Relay over a DTE/DCE cable, but even with a
clock rate set on the DCE side, and frame relay switching configured on one
of the routers, and the int on the switch configured as a interf-type DCE, I
am still always getting it to go up for a second on reload, but then it
drops again right away, and the line protocol goes down. can someone please
help me with this?

Thanks

Rob





___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Multihoming BGP with two seperate ISP's via single router that [7:19328]

[Bob]

Hello,

I am multihoming BGP with two seperate ISP's via single router that is
connected to a PIX.
When I shutdown the one of my serial ports to one of the ISP's you can
see the BGP table
removing paths. All trace's show that the router starts routing to the
ISP
that is still active, but all the workstations on the inside of the pix
interface can no
longer route. I've read where the PIX Firewall does not support the use
of BGP, and that I
could use RIP between them. Does anyone have an example of this
configuration? My searches
on this subject within Cisco's knowledgebase have not been very
successfull. Or if you can
think of another solution for my setup, please let me know.

Thank you,




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=19328&t=19328
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Passed Switching Exam

[Bob Johnson]

Sorry for the spam but I got 923 yesterday
But have to say that this was the worst test I've taken for ambiguous
questions that made little sense
Though I must have got a few right

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 25, 2001 6:45 AM
To: Fred Danson; [EMAIL PROTECTED]
Subject: RE: Passed Switching Exam


I was going to stay out of this, but it is getting weird... I scored a 912
at the beginning of the month sorry for ruining the Stats ;-)

Tim

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> gustavo_spadaro
> Sent: Thursday, January 25, 2001 7:46 PM
> To: Fred Danson; [EMAIL PROTECTED]
> Subject: Re: Passed Switching Exam
>
>
> Me too.
>  I just took the exam last week and got 857
>
> - Original Message -
> From: "Fred Danson" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, January 25, 2001 5:30 AM
> Subject: Re: Passed Switching Exam
>
>
> > You got 857 on that exam too?? I just took the exam last week
> and got 857.
> > Also one of the other guys in my CCNP class also got 857. Has anyone out
> > there not scored 857 on this exam?? :)
> >
> >
> > >From: Helena <[EMAIL PROTECTED]>
> > >Reply-To: Helena <[EMAIL PROTECTED]>
> > >To: <[EMAIL PROTECTED]>
> > >Subject: Passed Switching Exam
> > >Date: Thu, 25 Jan 2001 09:08:46 +1000 (EST)
> > >
> > >Hi everyone,
> > >
> > >Last week I sat the Switching exam and passed.  I didn't find
> it as easy
> > >some people said, and only got 857.  But I'm happy I passed anyway :o)
> > >There were some straightforward questions, but some really hard ones as
> > >well, which the answers I thought weren't in the book
> (CiscoPress) I was
> > >reading.  They also asked heaps of questions on LED lights
> which I didnt'
> > >know.  I have a problem with timing myself though, having done my three
> > >CCNP
> > >
> > >Helena
> > >
> > >_
> > >FAQ, list archives, and subscription info:
> > >http://www.groupstudy.com/list/cisco.html
> > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> > _
> > Get your FREE download of MSN Explorer at http://explorer.msn.com
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: redundant NICs

[Bob Vance]

What I really want is one NIC, the "active" one, connected to Switch-A.
The other NIC, "standby", is hooked to switch-B.
If Switch-A fails (or the NIC fails), the software on the NT server
notices that there is a loss of connectivity on this NIC.  Then the
"standby" NIC takes over with the same IP (doing a Gratuitous ARP to
inform local-net devices of the change) and now traffic is going thru
Switch-B
Client PCs will never know (we'll have redundant switches and paths
in the core).  If an edge switch is lost, then those PCs will lose
connectivity, of course, unless manual patching is done.


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: Windows NT/2000 Discussion List
[mailto:[EMAIL PROTECTED]]On Behalf Of Ali
Sent: Thursday, January 25, 2001 1:53 PM
To: [EMAIL PROTECTED]
Subject: Re: redundant NICs


They way you do it is you install two Intel nics and there is a software
that's loaded into your tray by your clock. u go into the Intel software
and
you can group those two or more nics to together. they will operate on
the
same ip and be redundant and give you more throughput.

-Original Message-
From: Windows NT/2000 Discussion List
[mailto:[EMAIL PROTECTED]]On Behalf Of Bob Vance
Sent: Thursday, January 25, 2001 5:25 AM
To: [EMAIL PROTECTED]
Subject: Re: redundant NICs


Thanks, Denis.
Someone else (off the list) mentioned "Intel", as well.
So, is the standby/failover simply built into the driver or is there
some kind of higher-level code that must also be installed?
Does Intel's site give good enough info on this product?

-
Tks| <mailto:[EMAIL PROTECTED]>
BV | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: Denis A. Baldwin [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 24, 2001 4:53 PM
To: [EMAIL PROTECTED]
Subject: RE: redundant NICs


Intel makes a product like this.  We use several of them on our networks
and
they work great.  It's called Intel PRO 100+ Dual Port Server NIC.

Denis

Denis A. Baldwin - A+ / MCP / I-Net+ / Network+
Network Administrator, CAE INC.
810-231-9546, ext. 229




-Original Message-----
From: Windows NT/2000 Discussion List
[mailto:[EMAIL PROTECTED]]On Behalf Of Bob Vance
Sent: Wednesday, January 24, 2001 4:16 PM
To: [EMAIL PROTECTED]
Subject: redundant NICs


Does NT (4 or 2k) support, or is there some product support for, having
2 NICs in a failover, high-availability mode on one box.
E.g., for HP-UX Unix, HP has a product called MC/ServiceGuard which
includes this feature (among many others).  IP address is on one NIC
while the other NIC is in "standby" mode.  If network connectivity is
lost on primary NIC (either card failure or network/switch problem),
the IP address moves to the other NIC.  A Gratuituos ARP is done so
that everyone that has the old ARP entry will clear it, and current
connections aren't even lost.  Of course, the paths from the NICs into
the network must be thru different switches to avoid single point of
failure loss at a switch.


-
Tks| <mailto:[EMAIL PROTECTED]>
BV | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=


--
The WINNT-L list is hosted on a Windows NT(TM) machine running L-Soft
international's LISTSERV(R) software.  For subscription/signoff info
and archives, see http://peach.ease.lsoft.com/archives/winnt-l.html .


--
The WINNT-L list is hosted on a Windows NT(TM) machine running L-Soft
international's LISTSERV(R) software.  For subscription/signoff info
and archives, see http://peach.ease.lsoft.com/archives/winnt-l.html .


--
The WINNT-L list is hosted on a Windows NT(TM) machine running L-Soft
international's LISTSERV(R) software.  For subscription/signoff info
and archives, see http://peach.ease.lsoft.com/archives/winnt-l.html .

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Docs CD - where is it?

[Bob Vance]

Has Cisco discontinued the Docs CD?
   (I used to get one quarterly as part of the consultant program --
I still have access to the Web site and the online doco there.
   )
If not, how do you get it?

-
Tks        | 
BV     | 
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=




_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: redundant NICs - theory question

[Bob Vance]

I finally found some info at Intel that discusses it a little.
The product looks really good.
As Allen (and others -- thanks) said, Automatic Load Balancing and
Failover -- just what I wanted.
The Intel site is missing low-level technical details, though, which
I'd like to have.

E.g., I notice that the load balancing is on output only (when
connecting to ports on separate switches or without FEC) -- only the
"primary" NIC is used on input, but no technical reason was given.

This implies that only the "primary" NIC responds to ARP requests, at
least until the standby takes over after a primary link failure.

But, I'm wondering why this is so.
Let's suppose that there are redundant paths thru the switching fabric
and that the 2 NICs in the NT server are connected to 2 different
switches.

ISTM that if both NICs responded to ARP requests that you could achieve
some load sharing on the input side, as well.  When a client makes an
ARP request, both NICs see it and respond.  Client uses first one it
sees.  Some clients would get Mac-A, others Mac-B, so input could flow
in on both NICs.
Now, this would require some driver code to handle this, but I don't see
why this is any more technically difficult than doing the outbound
balancing.

I must be missing something simple (like the last time :), but I'm tired
of thinking about it, so I thought that I'd just ask ;>)


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: Allen May [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 25, 2001 3:35 PM
To: Bob Vance
Subject: Re: redundant NICs


That's what the Intel Adapter Teaming does.  Very kewl software.  It
detects
when connectivity goes down and will fail over to the other nic if
either
the switch or nic slot fails.  You can also set them up where they are
both
live and sharing bandwidth and if one fails the other takes all of the
traffic as well.  I think intel.com has all the documentation there.
I've
used it before and didn't have any problems with it.

- Original Message -
From: "Bob Vance" <[EMAIL PROTECTED]>
To: "CISCO_GroupStudy List (E-mail)" <[EMAIL PROTECTED]>
Sent: Thursday, January 25, 2001 1:49 PM
Subject: RE: redundant NICs


> What I really want is one NIC, the "active" one, connected to
Switch-A.
> The other NIC, "standby", is hooked to switch-B.
> If Switch-A fails (or the NIC fails), the software on the NT server
> notices that there is a loss of connectivity on this NIC.  Then the
> "standby" NIC takes over with the same IP (doing a Gratuitous ARP to
> inform local-net devices of the change) and now traffic is going thru
> Switch-B
> Client PCs will never know (we'll have redundant switches and paths
> in the core).  If an edge switch is lost, then those PCs will lose
> connectivity, of course, unless manual patching is done.
>
>
> -
> Tks | <mailto:[EMAIL PROTECTED]>
> BV | <mailto:[EMAIL PROTECTED]>
> Sr. Technical Consultant, SBM, A Gates/Arrow Co.
> Vox 770-623-3430 11455 Lakefield Dr.
> Fax 770-623-3429 Duluth, GA 30097-1511
> =
>
>
>
>
>
> -Original Message-
> From: Windows NT/2000 Discussion List
> [mailto:[EMAIL PROTECTED]]On Behalf Of Ali
> Sent: Thursday, January 25, 2001 1:53 PM
> To: [EMAIL PROTECTED]
> Subject: Re: redundant NICs
>
>
> They way you do it is you install two Intel nics and there is a
software
> that's loaded into your tray by your clock. u go into the Intel
software
> and
> you can group those two or more nics to together. they will operate on
> the
> same ip and be redundant and give you more throughput.
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Subnet question

[Bob Vance]

My contrarian $.02 :)

>Typically the first and last subnet are not used,

This might be true, but

>toss out 176 and 191,

is a non-sequitur :)

The 0 and -1 subnet restriction only apply to classful considerations.

We're already out of classful thinking here, because we were given a
non-/16 block (a /20) out of the Class B network, 172.16.0.0, and are
extending the prefix 4 bits to /24.

The only subnet addresses that would be considered problematic in our
general area would be 172.16.0.0/24 and 172.16.255.0/24 (classful
subnets 0 and -1).
Of course, neither of those prefixes fall within the block that we were
given, so it's not *our* problem :)

>this leaves 177 through 190, each with a 24 bit mask.

Thus, *all* "subnets" 172.16.[176-191].0/24 are valid.
I.e., no host or router would object to being given an address

172.16.176.1/24
or  172.16.191.1/24

and 172.16.191.255/24

would not be an all-subnets broadcast (just a simple directed
broadcast).

Thus, if additional choices had been:

G)    172.16.191.0/24
H)    172.16.176.0/24

Then the answer would have been

C, F, G, H

-
Tks        | 
BV     | 
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Ed Moss
Sent: Saturday, January 27, 2001 10:50 PM
To: [EMAIL PROTECTED]
Subject: Re: Subnet question


The 20 bit prefix extends four bits into the third octet (176).
176 in binary is 1011, so with the mask the address ends at 1011.
You want to use the next four bits for subnetting (last four 0's)
This gives the range of 1011 (176) through 1011 (191)
providing 16 subnets with 256 addresses in each subnet.
Typically the first and last subnet are not used, toss out 176 and 191,
this leaves 177 through 190, each with a 24 bit mask. (We started with
20 bits, and we added four bits for our own subnets).

Looking at the possible answers, the following fall in this range.
 C) 172.16.183.0/24
 F) 172.16.190.0/24

Ed

ORIGINAL:

Can anyone please explain to me how to derive the answer of this
question?

A company has been assigned a subnet of 172.16.176.0/20, and wants the
next four available bits to create 14 subents, each containing an equal
number of hosts.  Which of the following could represent one of these
subnets?

A)    172.16.255.0/24
B)    172.16.193.0/24
C)    172.16.183.0/24
D)    172.16.16.0/24
E)    172.16.0.0/24
F)    172.16.190.0/24

Answer is C and F


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: redundant NICs

[Bob Vance]

>Why do they believe that a redundant NIC will provide them any
>redundancy?
>to Quote Howard. "what problem are they trying to solve" with this
>scenario.

Well, maybe I'm missing something.>)

It's actually *my* idea.

They already are spending beaucoups ducats for a redundant switch mesh
and have several NT servers.
I say,
"Look. If a switch goes down, then *all* the NT servers
 connected to it will lose network connectivity.  A cheap
 answer to that would be to add an Intel NIC to each NT server
 and connect it to a *different* switch.  The ALB/failover
 stuff will keep connectivity to those servers.
"
What am I missing?
Of course, it the server goes down ...

-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=====


-Original Message-
From: Bob Vance [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 25, 2001 1:50 PM
To: CISCO_GroupStudy List (E-mail)
Subject: RE: redundant NICs


What I really want is one NIC, the "active" one, connected to Switch-A.
The other NIC, "standby", is hooked to switch-B.
If Switch-A fails (or the NIC fails), the software on the NT server
notices that there is a loss of connectivity on this NIC.  Then the
"standby" NIC takes over with the same IP (doing a Gratuitous ARP to
inform local-net devices of the change) and now traffic is going thru
Switch-B
Client PCs will never know (we'll have redundant switches and paths
in the core).  If an edge switch is lost, then those PCs will lose
connectivity, of course, unless manual patching is done.


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=


-Original Message-
From: Windows NT/2000 Discussion List
[mailto:[EMAIL PROTECTED]]On Behalf Of Ali
Sent: Thursday, January 25, 2001 1:53 PM
To: [EMAIL PROTECTED]
Subject: Re: redundant NICs


They way you do it is you install two Intel nics and there is a software
that's loaded into your tray by your clock. u go into the Intel software
and
you can group those two or more nics to together. they will operate on
the
same ip and be redundant and give you more throughput.

-Original Message-
From: Windows NT/2000 Discussion List
[mailto:[EMAIL PROTECTED]]On Behalf Of Bob Vance
Sent: Thursday, January 25, 2001 5:25 AM
To: [EMAIL PROTECTED]
Subject: Re: redundant NICs


Thanks, Denis.
Someone else (off the list) mentioned "Intel", as well.
So, is the standby/failover simply built into the driver or is there
some kind of higher-level code that must also be installed?
Does Intel's site give good enough info on this product?

-
Tks| <mailto:[EMAIL PROTECTED]>
BV | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=


-Original Message-
From: Denis A. Baldwin [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 24, 2001 4:53 PM
To: [EMAIL PROTECTED]
Subject: RE: redundant NICs


Intel makes a product like this.  We use several of them on our networks
and
they work great.  It's called Intel PRO 100+ Dual Port Server NIC.

Denis

Denis A. Baldwin - A+ / MCP / I-Net+ / Network+
Network Administrator, CAE INC.
810-231-9546, ext. 229


-Original Message-
From: Windows NT/2000 Discussion List
[mailto:[EMAIL PROTECTED]]On Behalf Of Bob Vance
Sent: Wednesday, January 24, 2001 4:16 PM
To: [EMAIL PROTECTED]
Subject: redundant NICs


Does NT (4 or 2k) support, or is there some product support for, having
2 NICs in a failover, high-availability mode on one box.
E.g., for HP-UX Unix, HP has a product called MC/ServiceGuard which
includes this feature (among many others).  IP address is on one NIC
while the other NIC is in "standby" mode.  If network connectivity is
lost on primary NIC (either card failure or network/switch problem),
the IP address moves to the other NIC.  A Gratuituos ARP is done so
that everyone that has the old ARP entry will clear it, and current
connections aren't even lost.  Of course, the paths from the NICs into
the network must be thru different switches to avoid single point of
failure loss at a switch.


-
Tks| <mailto:[EMAIL PROTEC

RE: AIX route add

[Bob Vance]

add route to network 10 out the 10 interface and then default
out the other

route add net 10.0.0.0 netmask 255.0.0.0 10.1.1.1   1

route add net default 192.168.1.11

The above are HP-UX specific so make your AIX changes.
As to making it permanent -- I know nuttin' 'bout AIX, but you
*could* put in startup scripts (HP-UX has a network config file that
gets parsed during startup).

-
Tks        | 
BV     | 
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, January 29, 2001 12:24 PM
To: [EMAIL PROTECTED]
Subject: OT: AIX route add


Okay, way off topic, as far as Unix configs might apply to Cisco, but at
least it's about network-layer stuff.

On an AIX box, how can I add static route statements, directing traffic
to a
specific interface?  And, once added, can I make them applicable after
an
IPL/reboot?

My Problem:  An AIX server is connected to two LANs, with NIC0 connected
to
10.1.1.0/24, and NIC1 connected to 192.168.1.0/24.  These LANs are
connected
to each other via routing at the core, but a layer 8 protocol demands
"quicker access" by connecting both networks.

I'd prefer not to run a routing protocol that might affect neighboring
routers and create more traffic on the links (and open the whole STP
can-o-worms).  I want traffic destined for 10.1.1.0/24 (or 10.0.0.0/8)
to
transit NIC0, and all other traffic (see Howard's email for the proper
term)
to exit via NIC1.

One of my colleague, trying very hard to be the Unix gooroo, suggested
configuring routed or gated -- but I suspect he doesn't really know WTF
he's
talking about, since further questioning of configs and routing effects
resulted in a blank stare.

-jon-

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Zero for a host address

[Bob Vance]

Believe it or not, I did once see (a bug) where the OS didn't allow a
zero in a byte of the host portion of the IP address, even though the
*total* host portion was not zero!! (I can't remember which OS, though
-- I'm thinking an early HP-UX, but possibly Windoze).

E.g., something like,
10.10.10.10 / 16   was valid
but 10.10.10.0 / 16   was *invalid* !

However, this was just in assigning the address -- i.e., it wouldn't
even let me assign it to the interface.


I don't see how this could affect you, though.

>I believe that the problem lies with the zero being used as a third
>octet

ACLs don't have any intelligence.
They don't care about broadcast addresses, subnet masks, DOS or hack
attacks, or anything -- just simple bit matching.
The only intelligence involved is in the ACL's creator :)

Thus

access-list 1  permit  host 10.130.0.24
  ...
ip access-group 1 in

should allow in *only* traffic from that host (assuming that there *is*
any) -- of course that may not be what you *really* want ;>)
The ACL doesn't care about any value of any byte in that address -- he
only matches bits (of course, in this case, the statement told him to
*care* about *every* bit, however :)

More specifically,

access-list 101  permit tcp  10.130.0.24  0.0.0.0 any eq telnet
access-list 101  deny   ip   10.130.0.0   0.143.255.255  any
access-list 101  permit ip   any any

would
  permit telnet in from that host,
  deny all other ip traffic from the 10.128.0.0 /12 subnet
  permit all other traffic

Of course, it all depends on the details of what you're trying to do.

What's the exact problem?
Is it that *no* traffic is blocked or is it that that host is blocked,
even though you think that you've let it thru?
Let's see the ACLs.

-
Tks        | 
BV     | 
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Randy Witt
Sent: Wednesday, January 31, 2001 8:58 AM
To: <
Subject: Zero for a host address


Have an issue, hope many of you don't feel this is too off topic.  Many
of =
you have helped me in the past with certification questions, perhaps you
=
can assist with this one as well.

I am trying to establish a connection to the City of Greenville's
network. =
 What should be a simple connection is giving me fits.

I'm currently using 2 Cisco 1601 routers, routing RIPv2.  From my
network =
to the city's, I pass through a total of 5 routers (2 our mine, 3 belong
=
to the city).  Currently I can communicate with each router and vice
versa =
via Telnet or ping.  However, the city of Greenville's network has the =
following IP address 10.128.0.0/12 (or 255.240.0.0).  The interface =
attached to the city of Greenville's network is 10.130.0.1/12.
Everything =
within this network has  3'd octet of zero. =20

Originally, from his network he could not ping us, however I could ping
=
him (him being the net admin using a PC with an address of
10.130.0.24/12).=
  I added a default route on one of my Cisco's pointing back to his =
network and that problem went away.  Now I'm trying to add an ACL on our
=
router blocking all but Telnet traffic coming from a host on his network
=
to a host within our network.  In testing I can get the ACL's to work
for =
every system except one on the 10.128.0.0 subnet.  By work I mean on the
=
networks in between my network and the city's I can setup ICMP or Telnet
=
ACL's permitting traffic and they can get in.  This was done for testing
=
purposes only.  My goal is to lock everyone out but the host w/ an IP =
address of 10.130.0.24/12.

I believe that the problem lies with the zero being used as a third
octet =
.  However I've seen Cisco documentation using zero's as host addresses.
=
I'm a bit confused for I've found plenty of documentation stating that =
zero's in the network/subnet address aren't recommended, however I can =
find nothing stating zero's in the "host" portion aren't recommended.

Any ideas?  Has anyone come across a problem like this before?

Simple answer would be to tell the city of Greenville to remove the zero
=
in the third octet and replace it with a one or higher.  The answer from
=
them is that it would be too much trouble.  This is their default
gateway =
for over 450 machines.  So I'm looking for help to see if there's
anything =
else I can try.

Thanks for any and all advice,
rtw






Have an issue, hope many of you don't feel this is too
off
topic.  Many of you have helped me in the past with certification
questions, perhaps you can assist with this one as well.
 
I am trying to establish a connection to the City of
Greenville's network.  What should be a simple connection is giving
me
fits.
 
I'm currently us

RE: Ethernet switching

[Bob Vance]

Before an ARP is done, however, the PC would see if the other host is
on the same subnet.  If not, it would look for a route to the other's
network.
In the case of /24 mask, they are on different subnets, so no ARP would
be done.

However, IIRC, there is a trick that can work, at least on PCs -- if
both PCs have their default route set to their own interface IP address,
then the ARP *is* done and they can talk.
Someone else'll remember the details better than I.



-
Tks        | 
BV     | 
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Sheahan, Ryan
Sent: Wednesday, January 31, 2001 11:24 AM
To: 'Fowler, Joey '; '[EMAIL PROTECTED] '
Subject: RE: Ethernet switching


These are my thoughts,

If the switch was right out of the box, the stations could ping each
other
no matter what subnet mask you were using.  The reason being, they are
located in the same broadcast domain, vlan1.  This is the default vlan
for
all switched ports at this time.  The first station would arp for the
other,
it would get a response because they are on the same layer 2 broadcast
domain and they could speak directly using the switch.

Switches by default with no mls, are layer two devices.  They have no
concept of IP.  They make decision based on layer 2 MAC addresses and
the
ports they are connected to.  If these stations were in different vlans,
the
situation would change.  You then have created two broadcast domains and
in
order for the devices to talk, a router or mls entry would be needed.

Someone please correct me if I am wrong.




-Original Message-
From: Fowler, Joey
To: [EMAIL PROTECTED]
Sent: 1/31/01 10:52 AM
Subject: RE: Ethernet switching

Depends on the subnet mask you are using, for instance

142.102.3.1 with a subnet mask of 255.255.0.0
142.102.2.1 also with a subnet of 255.255.0.0

The 2.1 and 3.1 would be on the same subnet, however if you have a
different
subnet mask I don't think it would work.

Joey

-Original Message-
From: alexs [mailto:[EMAIL PROTECTED]]
Sent: Saturday, September 09, 2000 7:42 AM
To: [EMAIL PROTECTED]
Subject: Ethernet switching


Hello everyone,

I have a question that probably will sound silly but here it is:
Suppose that you take a new 2924 out of the box and you plug in two
PC's.
You assign address, for example, 142.102.2.1 to the first one and
142.102.3.1 to the second one.There is not any router in this small
network.142.102.2.1 tries to ping 142.102.3.1.The question is: will
142.102.2.1 get a reply and why?
Thanks
alexs


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: NT Routing Problems

[Bob Vance]

In order to talk (e.g., 'ping'), the sender must have a route to the
receiver *and* the receiver must have a route back to the sender (for
the replies!!) :)

If you are on 1.x and have a route to 2.0

route -p add 192.168.2.0 mask 255.255.255.0 192.168.1.3 metric 1

then your packets can get *to* any 2.x box.
*But*, that 2.x box, *itself*, must have route to the 192.168.1.0/24
network (or at least its default route must lead toward someone that
has such a route).
The reason that you can ping 2.3 is because that box *does* have route to
1.0 -- his own NIC, 192.168.1.3, on that network !!

You conveniently left out the routing tables from any 2.x box :)

Let's suppose that the 2.x boxes are defaulting to the other NT box,
192.168.2.2.
Then on *that* NT box, add a specific route back to 1.0.

route -p add 192.168.1.0 mask 255.255.255.0 192.168.2.3 metric 1

It should then work (even though it would be more efficient for each 2.x
box to have that route, itself).

---
Tks  |  [EMAIL PROTECTED]
BV   |  [EMAIL PROTECTED]
Sr. Tech. Consultant,SBM
Vox 770-623-3430 11455 Lakefield Dr.
Fax 770-623-3429 Duluth, GA 30097-1511
===

-Original Message-
From: Windows NT/2000 Discussion List
[mailto:[EMAIL PROTECTED]]On Behalf Of Clark, Pete
Sent: Thursday, February 01, 2001 2:08 PM
To: [EMAIL PROTECTED]
Subject: Re: NT Routing Problems


I believe that your gateway setting for the .2.0 network is misconfigured.

You have:
192.168.2.0 255.255.255.0   192.168.2.2 192.168.2.3

>From your description, it should be:
192.168.2.0 255.255.255.0   192.168.2.3 192.168.2.3

- Pete Clark

> -Original Message-
> From: Scott Daves [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, February 01, 2001 12:00 PM
> To: [EMAIL PROTECTED]
> Subject: NT Routing Problems
>
>
> Hi all - pardon the "brief" background ... have a subnet
> routing problem,
> here's my configuration.  I have two separate networks A & B
> - the primary
> server in each lan has two NICs, one of which is connected up
> to a cable
> modem to the internet.  I am not only routing but providing
> NAT also.  The
> two networks are 192.168.1.0 and 192.168.2.0.  I also have another NT
> server (.1.3) that was providing DHCP, File & Print Sharing
> for my A lan.
> I have since tackled converting my B lan to DHCP also, so I
> installed a
> second NIC (.2.3) in my NT DHCP server, created a new scope and it's
> working great.  I then decided I wanted to route between
> networks up so I
> could administer remotely from my workstation.  So I added
> some default
> routes for each network to my common NT box ... see below.
>
> Destination Netmask Gateway Interface
> 0.0.0.0 0.0.0.0 192.168.1.2 192.168.1.3
> 192.168.1.0 255.255.255.0   192.168.1.3 192.168.1.3
> 192.168.1.3 255.255.255.255 127.0.0.1   127.0.0.1
> 192.168.1.255   255.255.255.255 192.168.1.3 192.168.1.3
> 192.168.2.0 255.255.255.0   192.168.2.2 192.168.2.3
> 192.168.2.3 255.255.255.255 127.0.0.1   127.0.0.1
> 192.168.2.255   255.255.255.255 192.168.2.3 192.168.2.3
>
> From my A lan primary server (.1.2), I send all traffic destined to
> the .2.0 subnet to the common NT server (.1.3), otherwise all
> traffic goes
> out to the cable modem gateway and to the internet.
>
> From my NT DHCP Server, I can ping anybody on either network - no
> problems.  However, from my .1.x workstation I can ping to
>   .1.3   The NIC in the NT Server on my network
>   .2.3   The other NIC in the same NT server
> but not to any other .2.x addresses, to include my server.  I
> feel it must
> be a simple routing issue on my common NT box but it is
> eluding me.  The
> fact I can ping the other network's NIC in the NT box confuses me - it
> indicates to me that I am successfully sending .2.0 traffic
> to that box but
> that that box isn't properly routing then on.
>
> And yes, I have Enable IP Forwarding checked and have loaded
> RIP.  Could
> RIP be overriding my static routes?  Are both needed?
>
> HELP!?!?
>
> TIA
>
> Scott

--
The WINNT-L list is hosted on a Windows NT(TM) machine running L-Soft
international's LISTSERV(R) software.  For subscription/signoff info
and archives, see http://peach.ease.lsoft.com/archives/winnt-l.html .

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Ethernet switching

[Bob Vance]

>a station doesn't send an ARP for a station not on its subnet. 
>(There are workarounds to this, such as not configuring a default
>gateway

I don't believe that this is correct.
If there is no route, default or better, to the other (sub)network, then
you'll get something like 

"network unreachable"
or
"host unreachable"



>or making the default gateway your own address.)

This is the trick that I was talking about -- more specifically, adding
a route to the *particular* (sub)network of the other node, rather than
the disruptive default route.
... and I've actually used it, but, I never thought too deeply about how
it works.

I (the PC with default-to-self) still have to get the packet to the
other node, whose destination IP address is on another IP subnet (even
though we're "on the same wire").

So, ISTM, I have 2 choices:

   1: put the packet out as a local MAC broadcast
or
   2. Do an ARP for the other IP address, even though it's not in my
  logical IP (sub)network.

   (I'm certainly *not* going to ARP for own address (which is now the
default gateway).
   )
Either choice is non-normal (or, at least, non-familiar :) behavior, so
I'm wondering whether this is defined somewhere in an RFC?
Actually, is this trick discussed *anywhere* ?

OTOH, maybe I'm just being dense and it's not a "trick" at all, but
dunangme if I can figger out how it works :|



---
Tks  |  [EMAIL PROTECTED]
BV   |  [EMAIL PROTECTED]
Sr. Tech. Consultant,SBM
Vox 770-623-3430 11455 Lakefield Dr.
Fax 770-623-3429 Duluth, GA 30097-1511
===

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Priscilla Oppenheimer
Sent: Wednesday, January 31, 2001 8:48 PM
To: [EMAIL PROTECTED]
Subject: RE: Ethernet switching


At 04:32 PM 1/31/01, Fred Danson wrote:
>Ok, now from my understanding, each port on a switch is its own collision
>domain. As far as broadcast domains go, if a switch is not setup for
>multiple VLANs, then everything on the switch is considered to be in the
>same broadcast domain, no matter what is running at layer 3.

You are right. The original reply that brought collision domains into the 
picture muddied the waters.

You make an important point about broadcasting. I think people forget that 
all devices on a switched network (regardless of IP subnetting or other 
layer-3 issues) hear each other's broadcasts, unless VLANs are configured.

The other thing that was missing, though, (as many people have mentioned), 
was that a station doesn't send an ARP for a station not on its subnet. 
(There are workarounds to this, such as not configuring a default gateway 
or making the default gateway your own address.)

Priscilla



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Require a jury's opinion as to the correctness.

[Bob Vance]

When you copy to NVRAM or TFTP, the only reason to so is so that
you've saved the current, running config in case the system goes down.
After all, if the system never went down, you'd not need a config in
NVRAM :)

Thus it does *not* merge, in that direction -- it makes an exact *copy*.



---
Tks  |  [EMAIL PROTECTED]
BV   |  [EMAIL PROTECTED]
Sr. Tech. Consultant,SBM
Vox 770-623-3430 11455 Lakefield Dr.
Fax 770-623-3429 Duluth, GA 30097-1511
===

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Reel, JohnX
Sent: Thursday, February 01, 2001 3:51 PM
To: [EMAIL PROTECTED]
Subject: Require a jury's opinion as to the correctness.


Hello Group,

I have pulled this information from two different CNNA books to prepair for
my test... basically my study notes.  One book arrees with this information
and the second book disagrees.   I leave it to a jury of many to resolve or
provide some new insight.

The information that is in conflict is whether the "merge" and 'replace'
statements are correct.
===

- show running-config or write term
[not required on switches as NVRAM automatically updated]
- show startup-config or show config
- erase startup-config or write erase
- copy running-config tftp
[router prompts for information; cmd not used for switches]
- copy nvram tftp:///filename.cfg
[cmd does not prompt for information

--mergereplace  ---
|ram |<>|nvram|
--  ---
 /\   /\
 merge \ / replace
  \   /
   \ /
\   /
 \ replace     replace /
  \>| tftp |<-/
  
Note: "ram" is only one that is "merge"
===


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: loadbalancing with NIC's

[Bob Vance]

> Otherwise, the 802.1D spanning tree algorithm will block more
>than one card;

I don't think that this is correct (yikes !! :)
If the server is not acting as a bridge how could the two connections
matter, vis-a-vis STP.

In fact, Intel touts just a solution with their NIC "teaming" concept,
without FEC (although they also support that).  They support their
2-port adapters as well as separate adapters -- in fact, IIRC, they
don't even have to be the same speed !.  In their solution, though, the
load balancing is on output only, implying that the "primary" NIC is the
only one that answers ARPs.  The "teaming" also supports automatic
failover upon NIC port failure.

This relates to a scenario I described a short while back, the only
difference being that the 2 ports on the (NT) server were connected
to different switches (which addresses your concern about the single
point of failure at the switch).

I had raised a question as to why both NICs couldn't answer and get some
kind of load balancing on the input, as well.  I got no response from
the list.  But, upon reflection, I'm thinking that devices seeing the
ARP reply are supposed to clear or update their cache if they have a
different MAC cached (I'm too lazy to go look at the RFC).  Thus there
could be a wholotta ARPing going on.

Comments?



-
Tks        | 
BV     | 
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Howard C. Berkowitz
Sent: Friday, February 09, 2001 4:02 PM
To: [EMAIL PROTECTED]
Subject: Re: loadbalancing with NIC's


>We are planning to connect a server with a single   NIC that supports
>faultolerance , redudndancy and load balancing.  How does a C6509 treat
a
>Nic that is connected to two of its ports (same vlans)
>Mo Durrani


Multiple Fast EtherChannel aware NICs can load-share on the same
VLAN.  Otherwise, the 802.1D spanning tree algorithm will block more
than one card; you will get failover but no load distribution.

By putting them into different VLANs, you can get load-sharing,
assuming, of course, that the higher layers know how to distribute
the load.   The ideal situation is that your clients could be
configured with primary and secondary server addresses.

At some point, you need to consider, in your fault tolerance model,
what to do if either the server or the 6509 itself fails.  Frankly,
I'd consider isolated NIC failures less likely than either of these
cases. Other people may have different experience.

If you are going to have different NICs, do consider running them to
different wire closets, or otherwise maximizing cable plant
diversity. Never underestimate the power of a less than clueful
wiring technician.

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: loadbalancing with NIC's

[Bob Vance]

>But, upon reflection, I'm thinking that devices seeing the
>ARP reply are supposed to clear or update their cache if they have a
>different MAC cached (I'm too lazy to go look at the RFC).

Actually, this makes no sense -- the ARP reply isn't a broadcast :|

So I wonder why it wouldn't work for both NICs to reply.

What happens when a requestor sees two replies to an ARP request ?
Does he accept the first and drop the second?
Accept the first, use it for his original IP packet, then update his ARP
cache with the second reply and subsequent packets use the second
MAC address?


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bob Vance
Sent: Friday, February 09, 2001 5:27 PM
To: CISCO_GroupStudy List (E-mail)
Subject: RE: loadbalancing with NIC's


> Otherwise, the 802.1D spanning tree algorithm will block more
>than one card;

I don't think that this is correct (yikes !! :)
If the server is not acting as a bridge how could the two connections
matter, vis-a-vis STP.

In fact, Intel touts just a solution with their NIC "teaming" concept,
without FEC (although they also support that).  They support their
2-port adapters as well as separate adapters -- in fact, IIRC, they
don't even have to be the same speed !.  In their solution, though, the
load balancing is on output only, implying that the "primary" NIC is the
only one that answers ARPs.  The "teaming" also supports automatic
failover upon NIC port failure.

This relates to a scenario I described a short while back, the only
difference being that the 2 ports on the (NT) server were connected
to different switches (which addresses your concern about the single
point of failure at the switch).

I had raised a question as to why both NICs couldn't answer and get some
kind of load balancing on the input, as well.  I got no response from
the list.  But, upon reflection, I'm thinking that devices seeing the
ARP reply are supposed to clear or update their cache if they have a
different MAC cached (I'm too lazy to go look at the RFC).  Thus there
could be a wholotta ARPing going on.

Comments?



-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Howard C. Berkowitz
Sent: Friday, February 09, 2001 4:02 PM
To: [EMAIL PROTECTED]
Subject: Re: loadbalancing with NIC's


>We are planning to connect a server with a single   NIC that supports
>faultolerance , redudndancy and load balancing.  How does a C6509 treat
a
>Nic that is connected to two of its ports (same vlans)
>Mo Durrani


Multiple Fast EtherChannel aware NICs can load-share on the same
VLAN.  Otherwise, the 802.1D spanning tree algorithm will block more
than one card; you will get failover but no load distribution.

By putting them into different VLANs, you can get load-sharing,
assuming, of course, that the higher layers know how to distribute
the load.   The ideal situation is that your clients could be
configured with primary and secondary server addresses.

At some point, you need to consider, in your fault tolerance model,
what to do if either the server or the 6509 itself fails.  Frankly,
I'd consider isolated NIC failures less likely than either of these
cases. Other people may have different experience.

If you are going to have different NICs, do consider running them to
different wire closets, or otherwise maximizing cable plant
diversity. Never underestimate the power of a less than clueful
wiring technician.

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: A inquiry about ARP behavior, vendors, and differences

[Bob Vance]

>because sometimes removing the default
>gateway didn't cause a problem.

That's interesting.  I've never run across an OS implementation like
that (that I know of :), but I've been pretty much limited to Windoze
and various Unices.  Can you remember some specific examples.

Now that I think about it, though, I believe that I *do* vaguely
remember configuring some kind of network device that asked something
like "ARP for addresses?" -- and maybe it was "ARP for non-local
addresses?".  I would guess that I said "No", not really knowing what
it was asking and always using a default route :)

I know that Windoze does *not* default to ARP for non-local, as RAJ just
also showed, but it *does* support the "route-to-self".
Linux behaves the same way.

-
Tks        | 
BV     | 
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Priscilla Oppenheimer
Sent: Saturday, February 10, 2001 6:20 PM
To: [EMAIL PROTECTED]
Subject: Re: A inquiry about ARP behavior, vendors, and differences


At 05:35 PM 2/10/01, Raj Singh wrote:
>NOTE: Long email / question ... regarding ARP and Proxy ARP behavior
with
>different vendors OS.
>
>A inquiry about ARP behavior, vendors, and differences.
>
>Does the way a host machine behave during the ARP process differ
amongst
>different OS manufacturers, in relationship to when Proxy ARP can be
>implement and when it can't be.

Yes. You would have to do some testing to determine which ones ARP for
non-local stations and which don't. (It sounds like you already did some
testing.) When I used to teach the CIT class, one of the "bugs" we
inserted
was to remove the default gateway in the PC. The goal was to make it
impossible for the PC to reach non-local stations. We also had to insert
"no proxy arp" in the router config, because sometimes removing the
default
gateway didn't cause a problem. We were at the mercy of whatever TCP/IP
implementation happened to be on the PC. Different vendors, different
OSs,
different versions worked differently.

One other trick is to set the default gateway to the station's own
address.
For some strange reason, on some OSs this causes the station to ARP for
non-local addresses.

Priscilla




>This inquiry should not be mistaken with "is proxy ARP a good idea or
bad
>idea" question. I just want to find some behavior facts out. Thanks.
>
>Given the following situation:
>
>  ClientA   ClientB
>   |  |
>||
>  |
>  |
>  X
>  {ROUTER}
>  Y
>   |
>   |
>|-|
> |
>  ClientC
>
>Settings:
>
>ClientA: 192.168.12.5 /24
>ClientB: 192.168.12.6 /24
>ClientC: 192.168.20.101 /24
>
>Interface X on Router: 192.168.12.1 /24
>Interface Y on Router: 192.168.20.1 /24
>Proxy ARP enabled on both router interfaces
>
>None of the clients have been configured with a default gateway
setting.
>
>The operating systems are Windows 98. (Though if you prefer you can say
it
>is NT 4.0)
>
>The basic statement that I have a question about:
>
>According to Jeff Doyle's Routing TCP/IP vol. 1, book on page 69-70 in
>quotes below -
>
>"... For example, a host 192.168.12.5/24 needs to send a packet to
>192.168.20.101/24, but is not configured with default gateway
information
>and therefore does no know how to reach a router. It may issue an ARP
>request for 192.168.20.101; the local router, receiving the request and
>knowing how to reach network 192.168.20.0, will issue an ARP reply with
it's
>own data link identifier in the hardware address field. In effect, the
>router has tricked the local host into thinking that the router's
interface
>is the interface of 192.168.20.101. All packets destined for that
address
>will be send to the router. ..."
>
>The question itself:
>
>The question I have with this is that under a Windows environment at
least
>in my experience, The decision making process is as follows when trying
to d
>o an address resolution (ARP Request).
>
>Sender looks at it's own IP address and Subnet Mask compares it to the
>target machines IP address to determine if on the same subnetwork. If
it is
>so . an ARP request is issued. But if the Sender's IP address and the
Target
>'s IP address are not part of the same subnetwork . the sending machine
>looks for it's default gateway and does an ARP request for it.
>
>Thus the problem is . if there is no default gateway setup for the
sender .
>It won't even attempt to do an ARP request . it will IMMEDIATELY say .
>Destination host unreachable.
>
>Demonstration 1:
>
>ClientA: 192.168.12.5 /24 PINGSClientC: 192.168.20.101 /24
>
>Notice in the PING results below, where Client A pinging Client C

RE: A inquiry about ARP behavior, vendors, and differences

[Bob Vance]

Actually, rather than "route-to-self", as I used in my other post, I
would be more correct to say "route-to-interface".
When the IP stack sees that the default route is the interface, it
ARPs for non-addresses as well as local.


>would it behave the same way if the default gateway was set to a
>loopback address of 127.x.x.x also

Pointing to 127.0.0.1 would not be the same as pointing to an interface.
It means more "me, myself, and I".

-
Tks        | 
BV     | 
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Raj Singh
Sent: Saturday, February 10, 2001 6:28 PM
To: [EMAIL PROTECTED]
Subject: Re: A inquiry about ARP behavior, vendors, and differences


Thanks for confirming my suspicions, though one question on the  part
about
setting the default gateway on a host to point to it's own ip address
...
would it behave the same way if the default gateway was set to a
loopback
address of 127.x.x.x also. Or did that change the behavior ?

Thanks again.

- raj

"Priscilla Oppenheimer" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> At 05:35 PM 2/10/01, Raj Singh wrote:
> >NOTE: Long email / question ... regarding ARP and Proxy ARP behavior
with
> >different vendors OS.
> >
> >A inquiry about ARP behavior, vendors, and differences.
> >
> >Does the way a host machine behave during the ARP process differ
amongst
> >different OS manufacturers, in relationship to when Proxy ARP can be
> >implement and when it can't be.
>
> Yes. You would have to do some testing to determine which ones ARP for
> non-local stations and which don't. (It sounds like you already did
some
> testing.) When I used to teach the CIT class, one of the "bugs" we
inserted
> was to remove the default gateway in the PC. The goal was to make it
> impossible for the PC to reach non-local stations. We also had to
insert
> "no proxy arp" in the router config, because sometimes removing the
default
> gateway didn't cause a problem. We were at the mercy of whatever
TCP/IP
> implementation happened to be on the PC. Different vendors, different
OSs,
> different versions worked differently.
>
> One other trick is to set the default gateway to the station's own
address.
> For some strange reason, on some OSs this causes the station to ARP
for
> non-local addresses.
>
> Priscilla
>
>
>
>
> >This inquiry should not be mistaken with "is proxy ARP a good idea or
bad
> >idea" question. I just want to find some behavior facts out. Thanks.
> >
> >Given the following situation:
> >
> >  ClientA   ClientB
> >   |  |
> >||
> >  |
> >  |
> >  X
> >  {ROUTER}
> >  Y
> >   |
> >   |
> >|-|
> > |
> >  ClientC
> >
> >Settings:
> >
> >ClientA: 192.168.12.5 /24
> >ClientB: 192.168.12.6 /24
> >ClientC: 192.168.20.101 /24
> >
> >Interface X on Router: 192.168.12.1 /24
> >Interface Y on Router: 192.168.20.1 /24
> >Proxy ARP enabled on both router interfaces
> >
> >None of the clients have been configured with a default gateway
setting.
> >
> >The operating systems are Windows 98. (Though if you prefer you can
say
it
> >is NT 4.0)
> >
> >The basic statement that I have a question about:
> >
> >According to Jeff Doyle's Routing TCP/IP vol. 1, book on page 69-70
in
> >quotes below -
> >
> >"... For example, a host 192.168.12.5/24 needs to send a packet to
> >192.168.20.101/24, but is not configured with default gateway
information
> >and therefore does no know how to reach a router. It may issue an ARP
> >request for 192.168.20.101; the local router, receiving the request
and
> >knowing how to reach network 192.168.20.0, will issue an ARP reply
with
it's
> >own data link identifier in the hardware address field. In effect,
the
> >router has tricked the local host into thinking that the router's
interface
> >is the interface of 192.168.20.101. All packets destined for that
address
> >will be send to the router. ..."
> >
> >The question itself:
> >
> >The question I have with this is that under a Windows environment at
least
> >in my experience, The decision making process is as follows when
trying
to d
> >o an address resolution (ARP Request).
> >
> >Sender looks at it's own IP address and Subnet Mask compares it to
the
> >target machines IP address to determine if on the same subnetwork. If
it
is
> >so . an ARP request is issued. But if the Sender's IP address and the
Target
> >'s IP address are not part of the same subnetwork . the sending
machine
> >looks for it's default gateway and does an ARP request for it.
> >
> >Thus the problem is . if there is no default gateway setup for the
sender

RE: loadbalancing with NIC's

[Bob Vance]

Thanks, Howard.
(at least this means that my posts *are* being seen on the list :)


>Loadsharing and failover aren't always the same problem, although
>they often are related.

Right.  Originally, I was just looking for a failover solution and found
that Intel supported *both* "Automatic Load Balancing" *and* failover
-- out of the box, so to speak (note the term "Balancing" vs. "sharing"
:)

HP supports failover, but not sharing (except with aggregation, like
FEC), so this was an unexpected bonus.


-
Tks        | 
BV     | 
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]]
Sent: Sunday, February 11, 2001 9:27 AM
To: [EMAIL PROTECTED]
Subject: RE: loadbalancing with NIC's


>Howard,
>Did you see either of my posts on this issue.
>I think that they hit the list, but I heard nary a peep.  In fact, this
>has happened on my last few posts to the list -- I see them, but *no*
>one responds.  I'm starting to get paranoid :)


My fault.  I was just somewhat swamped and wanted time to think about
your reply.

Credit where credit is due -- feel free to post this directly to the
list.

>
>
>>  Otherwise, the 802.1D spanning tree algorithm will block more
>>than one card;
>
>I don't think that this is correct (yikes !! :)
>If the server is not acting as a bridge how could the two connections
>matter, vis-a-vis STP.

I suppose I was thinking more of the server acting as a bridge.  If
it does so, it has the potential to autodetect a spanning tree
failure.

Other than a vague suspicion that somewhere, somehow, some servers
will screw up their ARP tables this way, I can't see any objection.
Not being a server person, I don't have detailed familiarity with the
Intel teaming approach, but your description doesn't cause me to
relax about the possibility of ARP problems.

It's funny, but in many of my internal discussions with primarily
optical networking folks, "Ethernet" and "bridging" get ignored a lot
with the hype of "Ethernet everywhere."  Questions about broadcast
propagation, ARP, etc., get blank looks.
>.
>
>This relates to a scenario I described a short while back,
>  [which I never got a response to]
>the only
>difference being that the 2 ports on the (NT) server were connected
>to different switches (which addresses your concern about the single
>point of failure at the switch).
>
>I had raised a question as to why both NICs couldn't answer and get
some
>kind of load balancing on the input, as well.  I got no response from
>the list.  But, upon reflection, I'm thinking that devices seeing the
>ARP reply are supposed to clear or update their cache if they have a
>different MAC cached (I'm too lazy to go look at the RFC).  Thus there
>could be a wholotta ARPing going on.

There's a grand question:  when does load balancing actually buy you
anything and where should it be applied?  My intuition tells me that
for the ordinary sorts of servers, it is unlikely to buy much in
performance.  If you are concerned with throughput on the server
interface(s), going to faster connectivity -- FastEtherchannel,
Gigabit Ethernet, etc., may help more than independent interfaces in
the same subnet.  Most servers are going to max out at 200-300 Mbps
of traffic from a network; it would be rare to find one that actually
could use 400-1000 Mbps.

Loadsharing and failover aren't always the same problem, although
they often are related.

>
>...
>Actually, this makes no sense -- the ARP reply isn't a broadcast :|
>
>So I wonder why it wouldn't work for both NICs to reply.
>
>What happens when a requestor sees two replies to an ARP request ?
>Does he accept the first and drop the second?
>Accept the first, use it for his original IP packet, then update his
ARP
>cache with the second reply and subsequent packets use the second
>MAC address?


Without delving into the RFCs, I suspect it's implementation dependent.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: loadbalancing with NIC's

[Bob Vance]

Interesting.

Intel supports load balancing ("adapter teaming"), but it says that it
only does so on output, implying that only the "primary" adapter
responds to ARP requests (until a failure, when the "secondary" takes
over all functions, providing for failover as well as load sharing).

I had earlier posted a question as to why the Intel would work this way,
wondering why both NICs couldn't respond to ARPs.  I hadn't thought
about the NICs alternating in ARP responses, which, it seems, would also
work -- and make more sense.

-
Tks        | 
BV     | 
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Kenneth
Sent: Sunday, February 11, 2001 8:53 AM
To: [EMAIL PROTECTED]
Subject: Re: loadbalancing with NIC's


The 6509 will see it as 2 separate MAC addresses. Based on my
conversation
with Ipmetrics engineer (i think it was them) the way it functions is
this:

Server A has ip 192.168.1.5

The NIC that is capable of loadbalancing maintains two unique MAC
addresses.

Everytime a client generates an arp request, it gives out MAC Address 1
When Another client generates an arp request, it gives out MAC address 2
It does this by doing a round-robin

Based on this, incoming requests are done via static load-balancing,
meaning, there is a static mapping of client-MAC to server-MAC. In case
of a
large network, statistically, this will provide an equal load on both
ports.

The switch will not use STP to block ports since there are two different
MAC
address on two different ports.

Hope this helps!

Kenneth Lorenzo

Moahzam Durrani <[EMAIL PROTECTED]> wrote in message
ED49D16A9BE4D41189C000104B2E399864C08D@sj-exchange">news:ED49D16A9BE4D41189C000104B2E399864C08D@sj-exchange...
>
> We are planning to connect a server with a single   NIC that supports
> faultolerance , redudndancy and load balancing.  How does a C6509
treat a
> Nic that is connected to two of its ports (same vlans)
> Mo Durrani
> IS&T
> WYSE\EDS
> phone:408-473 1246
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

In the market to buy routers

[Billy Bob]

Hello,
If anyone out there has spare equipment or looking to unload their lab, I am
looking to setup my home lab in the near future.  I am in the market for
25xx or 26xx routers and 19xx or 29xx switch.

Thanks,
BB


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Connecting 2 routers via 56K CSU/DSU's?

[Bob Timmons]

All,

Does anyone know if I can connect my 2-2524's via their 4-wire 56K
CSU/DSU's?  I know I can connect them via the 5-in-1 modules with a DB60
back-to-back cable, but I don't know if a 56K will connect to another 56K
module.

Thanks,
Bob


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Connecting 2 routers via 56K CSU/DSU's?

[Bob Timmons]

Thanks Jack.  Do you know, or does anyone for that matter, for sure that
this works?  I
currently only  have 1 56K CSU/DSU module and would like to purchase
another, though
I want to be sure it works prior to purchasing.

Thanks again,
Bob

""Jack Yu"" <[EMAIL PROTECTED]> wrote in message
969daj$e10$[EMAIL PROTECTED]">news:969daj$e10$[EMAIL PROTECTED]...
> Bob,
>
> 1-2, 7-8, then you are all set.
> One more thing, you probably want to configure one side as clock internal,
> the other as line.
>
> HTH
> Jack
>
>
> ""Bob Timmons"" <[EMAIL PROTECTED]> wrote in message
> 969cre$bd0$[EMAIL PROTECTED]">news:969cre$bd0$[EMAIL PROTECTED]...
> > All,
> >
> > Does anyone know if I can connect my 2-2524's via their 4-wire 56K
> > CSU/DSU's?  I know I can connect them via the 5-in-1 modules with a DB60
> > back-to-back cable, but I don't know if a 56K will connect to another
56K
> > module.
> >
> > Thanks,
> > Bob
> >
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Connecting 2 routers via 56K CSU/DSU's?

[Bob Timmons]

Doh.

Never mind.  Someone pointed me to:
http://www.cisco.com/warp/public/471/75.html#command

Thanks again,
Bob

""Bob Timmons"" <[EMAIL PROTECTED]> wrote in message
969h6n$50m$[EMAIL PROTECTED]">news:969h6n$50m$[EMAIL PROTECTED]...
> Thanks Jack.  Do you know, or does anyone for that matter, for sure that
> this works?  I
> currently only  have 1 56K CSU/DSU module and would like to purchase
> another, though
> I want to be sure it works prior to purchasing.
>
> Thanks again,
> Bob
>
> ""Jack Yu"" <[EMAIL PROTECTED]> wrote in message
> 969daj$e10$[EMAIL PROTECTED]">news:969daj$e10$[EMAIL PROTECTED]...
> > Bob,
> >
> > 1-2, 7-8, then you are all set.
> > One more thing, you probably want to configure one side as clock
internal,
> > the other as line.
> >
> > HTH
> > Jack
> >
> >
> > ""Bob Timmons"" <[EMAIL PROTECTED]> wrote in message
> > 969cre$bd0$[EMAIL PROTECTED]">news:969cre$bd0$[EMAIL PROTECTED]...
> > > All,
> > >
> > > Does anyone know if I can connect my 2-2524's via their 4-wire 56K
> > > CSU/DSU's?  I know I can connect them via the 5-in-1 modules with a
DB60
> > > back-to-back cable, but I don't know if a 56K will connect to another
> 56K
> > > module.
> > >
> > > Thanks,
> > > Bob
> > >
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: environmental device

[Bob Johnson]

I've used the following which (a year or so ago) was the cheapest setup I
could find
>From APC get the following parts:

Triple expansion chassis (it's rack mountable)
SNMP card
Temp and Humidity Card (also has 4 inputs for switches)

Put the 2 cards into the chassis, configure the SNMP card (which also has
web and telnet abilities) and you have a system. You do not need anything
else (such as an APC UPS)... With the contact inputs you can monitor
everything from the closet doors to alarm outputs on other equipment...
I can't take credit for the system as I stumbled on a posting describing the
setup and tried it out...
Perhaps there is something cheaper on the market now but I couldn't find
anything a teay or so ago. I needed the contact inputs more than the temp
and humidity

Bob





-Original Message-
From: Jim Newton [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 12, 2001 10:43 AM
To: [EMAIL PROTECTED]
Subject: environmental device


I am looking for a device that will monitor environmental conditions in a
data center or LAN closet that is SNMP pollable.

Any leads would be appreciated

[EMAIL PROTECTED]

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Windows 2000 sniffer

[Bob Johnson]

EtherPeek 4.1 works on Win2K also. Coming from a Mac background I've always
been quite "snobbish" about Etherpeek. However I had a chance to play with
SnifferPro4.5 for a few days last week (a friend works at a place with a
much larger budget than I get) and have to say that it's decoders are better
than EtherPeek.

Now if only SnifferPro would show the packets as they capture them (someting
that it's predecessor NetXray had, I believe) I would be truly converted.
Seeing packets as them come on the wire (rather than having to stop to
decode them) has helped me with problems in the past

There is also a large price difference also Plus SnifferPro has hardware
capture devices for just about every transport possible.

Bob 




-Original Message-
From: Christopher Supino [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 12, 2001 10:12 AM
To: [EMAIL PROTECTED]
Subject: Windows 2000 sniffer


Can anyone recommend a good sniffer program for Windows 2000?
I am having problems attempting to run the NT version on 2000.


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Can someone interpret this please?

[Bob Johnson]

As far as I understand... (standard disclaimer)

The first number is the total CPU utilization...
The second number (after the /) is the total utilization that is being used
for interrupts. The difference between these 2 numbers is the amount the
router uses for the processes listed below the line. In your case almost
100% of the CPU usage is for interrupts (fast switching is something that
causes interrupts) and very little is being used for the various router
(proccess switching is done via a proccess) processes.

This is possibly good in the fact that all your traffic is being fast
switched but bad in the fact that the router is getting overloaded on
traffic at it's interfaces. The problem could be cuased by other things too
but without more info it's hard to say....



Bob

-Original Message-
From: Kevin Wigle [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 12, 2001 10:24 AM
To: cisco
Subject: Can someone interpret this please?


Dear group,

Investigating a router that is starting to loaded down.  When I do a sh proc
cpu I get 50% or cpu utilization but the stats don't seem to add up to 50%.

Is there another way to try and see where the 50% is coming from?

sh proc cpu
CPU utilization for five seconds: 44%/44%; one minute: 50%; five minutes:
52%
 PID  Runtime(ms)  Invoked  uSecs5Sec   1Min   5Min TTY Process
   1   43764   2491562 17   0.00%  0.00%  0.00%   0 Load Meter
   2 11636   3222   0.24%  0.05%  0.01%  66 Virtual Exec
   318930504   1542973  12268   0.00%  0.12%  0.11%   0 Check heaps
   4   0 1  0   0.00%  0.00%  0.00%   0 Chunk Manager
   51876  1047   1791   0.00%  0.00%  0.00%   0 Pool Manager
   6   0 2  0   0.00%  0.00%  0.00%   0 Timers
   7   0 2  0   0.00%  0.00%  0.00%   0 Serial Backgroun
   8   0 1  0   0.00%  0.00%  0.00%   0 OIR Handler
   9   22296414731 53   0.00%  0.00%  0.00%   0 Environmental mo
  10  218428427878510   0.00%  0.00%  0.00%   0 ARP Input
  11   0 2  0   0.00%  0.00%  0.00%   0 DDR Timers
  12   0 2  0   0.00%  0.00%  0.00%   0 Dialer event
  13   4 2   2000   0.00%  0.00%  0.00%   0 Entity MIB API
  14   0 1  0   0.00%  0.00%  0.00%   0 SERIAL A'detect
  15   0 1  0   0.00%  0.00%  0.00%   0 Critical Bkgnd
  16 1813952   1898284955   0.00%  0.01%  0.00%   0 Net Background
  17 280   401698   0.00%  0.00%  0.00%   0 Logger
  18  753540  12440407 60   0.00%  0.00%  0.00%   0 TTY Background
  19  890280  12440425 71   0.00%  0.00%  0.00%   0 Per-Second Jobs
  20   4 2   2000   0.00%  0.00%  0.00%   0 VNM DSPRM MAIN
  21  418788  12440411 33   0.00%  0.00%  0.00%   0 Partition Check
 PID  Runtime(ms)  Invoked  uSecs5Sec   1Min   5Min TTY Process
  22   0 1  0   0.00%  0.00%  0.00%   0 Net Input
  23   31676   2491564 12   0.00%  0.00%  0.00%   0 Compute load avg
  24 6663988207365  32136   0.00%  0.03%  0.00%   0 Per-minute Jobs
  25  271380   9070214 29   0.00%  0.00%  0.00%   0 NTP
  26   0 2  0   0.00%  0.00%  0.00%   0 ATM OAM Input
  27   0 2  0   0.00%  0.00%  0.00%   0 ATM OAM TIMER
  28  376484   3755446100   0.00%  0.00%  0.00%   0 ATM Periodic
  29   0 1  0   0.00%  0.00%  0.00%   0 ATM ARP INPUT
  3041599556  18711784   2223   0.16%  0.33%  0.32%   0 IP Input
  31  816012   1448197563   0.00%  0.00%  0.00%   0 CDP Protocol
  32   0 1  0   0.00%  0.00%  0.00%   0 Asy FS Helper
  33   4 1   4000   0.00%  0.00%  0.00%   0 PPP IP Add Route
  34 684 20737 32   0.00%  0.00%  0.00%   0 MOP Protocols
  35   0 1  0   0.00%  0.00%  0.00%   0 X.25 Encaps Mana
  36   0 1  0   0.00%  0.00%  0.00%   0 MPC Router Proce
  37 1579312207411   7614   0.00%  0.00%  0.00%   0 IP Background
  38 728  1317552   0.00%  0.00%  0.00%   0 SSCOP Input
  39 352   856411   0.00%  0.00%  0.00%   0 SSCOP Output
  40   36792210450174   0.00%  0.00%  0.00%   0 SSCOP Timer
  41 19659   3322   0.00%  0.00%  0.00%   0 ILMI Input
  42   0 1  0   0.00%  0.00%  0.00%   0 SNMP Timers
  43  518476167742   3090   0.00%  0.00%  0.00%   0 ILMI Request
 PID  Runtime(ms)  Invoked  uSecs5Sec   1Min   5Min TTY Process
  44   43616205621212   0.00%  0.00%  0.00%   0 ILMI Response
  45  610604   1171380521   0.00%  0.00%  0.00%   0 ILMI Timer Proce
  46  36 3  12000   0.00%  0.00%  0.00%   0 ATM PVC Discover
  47   0 2  0   0.00%  0.00%  0.00%   0 ATMSIG ILMI Time
  48  443584  12441294 35 

VLANs - 2 subnets, ARPing

[Bob Vance]

I was reviewing some old stuff and came across this one.

>The only exception to this is if you define the DG [default gateway]
for a
>device as its own IP.  In this case, the machine will issue an arp
request
>for all destinations. ...
>If the destination being arped for is on the same physical
>LAN/VLAN, it will see the arp request for its MAC,
>   but will ignore the request since it will recognize that the
>   requesting station is on a different IP subnet.
>   (I've done this in the lab, and this is what happens)


That's interesting, since I've done this to configure network devices
that
start with some funky, initial IP address like 192.0.0.192.
I simply (on my Win95 PC)
 . remove my DG
 . add new DG to my IP address
 . then I can connect to 192.0.0.192

There is no Proxy ARP going on.
I've also tested it on Linux and works the same way.

RFC826 does not mention any matching of addresses.
Further, how could it really know whether it were on a different
subnet? --
there is no subnet mask being passed in ARP packets.  The best it could
do
would be to make some kind of classful assumption, which would be bad.

So it seems to me that, if your device "ignore[ed] the request", then it
appears to have been an implementation bug.



-
Tks        | 
BV     | 
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Kent Hundley
Sent: Friday, July 21, 2000 2:55 PM
To: 'Karen E Young'; 'jeongwoo park'; [EMAIL PROTECTED]
Subject: RE:


Actually, the IP addresses matter very much.

It doesn't matter if you have 2 devices on the same LAN/VLAN, if their
IP
addresses are not in the same IP subnet, they will need a router to talk
to
each other.  For example, if you have a station with IP address 10.1.1.1
and
another station with IP address 192.168.1.1, those 2 devices would need
a
router to talk to each other.

When an IP device needs to reach another IP device, it makes a
determination
based on its IP address and its subnet mask as to whether or not the
other
device is on the same subnet it is on.  If it is, it will issue an arp
request.  If it is not, it will send the packets to its DG.

If you have contiguous subnet ranges, you could play some games with the
masks, but then all you are doing is putting your devices on the same
subnet
for an IP address/subnet mask perspective, which doesn't change the fact
that a device will only issue an arp for a destination that is on its
own
subnet.

The only exception to this is if you define the DG for a device as its
own
IP.  In this case, the machine will issue an arp request for all
destinations.  If the router has proxy-arp turned on, it will respond
with
its MAC address.  If the destination being arped for is on the same
physical
LAN/VLAN, it will see the arp request for its MAC, but will ignore the
request since it will recognize that the requesting station is on a
different IP subnet. (I've done this in the lab, and this is what
happens)

It would be possible to hard-code mappings in each devices arp table and
install static routes for each others subnet and get them to talk to one
another without an intervening router, but this is beyond the scope of
the
original question.

The bottom line is that under normal operating circumstances you need a
router for 2 IP devices that are not in the same IP subnet to talk to
one
another, regardless if they are physically on the same LAN/VLAN.

-Kent

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Karen E Young
Sent: Friday, July 21, 2000 6:57 AM
To: jeongwoo park; [EMAIL PROTECTED]
Subject: Re:


No, you don't need a router. A node is determined to be a member of a
VLAN
by their MAC address. Layer 2 rather than Layer 3 remember? The router
is
only needed to deal with packets destined for anything outside the VLAN.
The
IP addresses don't matter.

Karen E Young

*** REPLY SEPARATOR  ***

On 7/20/2000 at 2:53 PM jeongwoo park wrote:

:HI all
:I have a question.
:Cisco recommends that there be one-to-one relationship
:between ip subnets and Vlans.
:When the number of devices on a Vlan exceeds the
:number of host ip addresses per configured subnet,
:more than one subnet can exit on a Vlan.
:Having said that, my question;
:There are two subnets in a Vlan. Do we need a router
:to interconnect these two subnets?
:I know that we need a router to interconnect two
:different Vlans.
:
:Thanks.
:
:jeongwoo
:
:
:__
:Do You Yahoo!?
:Get Yahoo! Mail  Free email you can access from anywhere!
:http://mail.yahoo.com/
:
:___
:UPDATED Posting Guidelines: http://www.groupstudy.com

RE: NAT & HSRP Problem

[Bob Johnson]

Currently the IOS does not support NAT & HSRP operating together
It's not a bug as they do mention it somewhere on CCO (possibly in the NAT
FAQ)

There is both the problem with the standby router not knowing the NAT
translation table of the active router and the fact that NAT won't use the
virtual MAC address but uses the actual physical address

I've heard that they are working on a enhancement that should address both
issues. Hopefully it will be out in 12.2x.

Bob


-Original Message-
From: Jason Fletcher
To: [EMAIL PROTECTED]
Sent: 2/16/01 3:24 PM
Subject: Re: NAT & HSRP Problem

I don't think you can do this?  The standby router doesn't have the
translation table of the active router, so when the active router went
down
you will lose your connection.

Jason Fletcher

"Simon Watson" wrote in message ...
>Hi Guys
> 
>I've got 2 dual ethernet Cisco 1605 routers connected to each
other
via 2 cascaded hubs.Both sets of interfaces are set up for HSRP.(eth0 of
both routers are in one HSRP group & eth1 are in another HSRP
group). Both routers have also been set up to staically NAT a
device(which
will be called Test PC) on the local network which is connected to
eth
1 of the routers.Also tracking is set on both of the primary router's
interfaces to monitor the other interface.
> 
>Eth0 on both routers are connected to a Core router via a hub. In
normal operation, if  the test PC  sent
continous
PING's to a device hanging on the Core router, it's local IP address is
translated by the HSRP Primary router & routed towards the core
router
& all is well. On inspection of the Core routers ARP cache
shows
the translated IP address of test PC and the virtual MAC- address of the
primary (int eth0) HSRP router as expected.
> 
>However if the cable on eth1 of the Primary router is plugged out
to
invoke the Standby router to become  active the PING's seemed to be
not
getting through. On inspection of the 2 1600 routers the changover of
the
Standby router from standby to active has taken place, with the Primary
router now in a standby state.
> 
>However on inspecting the ARP cache of the core router, instead of
seeing the translated IP address of the test PC with the virtual MAC
address, the translated IP address was seen with the REAL hardware
address
of the now standby interface on the primary router, thus causing the
PING's
not to work.
> 
>I've tried this with another set of routers & the same thing
happened. Has Cisco got a bug with HSRP being configured with a router
when
NAT is also configued. Plase let me know your thoughts on this
matter.
> 
>Thanks
>Simon CCNPGet Your Private, Free E-mail
from
MSN Hotmail at http://www.hotmail.com">http://www.hotmail.com.
>
>_
>FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

HSRP and UDP forwarding.

[Bob Vance]

I was told this in another venue:

>It is the nature of HSRP. Both routers listen to broadcast traffic.
Both
>routers are configured as a DHCP and BOOTP relay agent in order to get
>redundancy. So all DHCP and BOOTP broadcast traffic is sent twice to
the
>central server.

Is there some reason for this to be true?
It does not seem right to me.

My understanding is that, normally, HSRP does not depend on multiple
routers in the group to forward traffic.  The HSRP group appears as one
router to the side where it is being redundant, with the primary router
forwarding all traffic.  The standby doesn't participate, except
possibly
on reply traffic

I think that you would agree that it is not normal nor good (maybe not
necessarily bad, but certainly not good :) for a router arbitrarily to
send duplicate packets onto a subnet and this is, in effect, what would
be happening here.

In single-group HSRP mode, I can see no reason for this to be
required --
I would think that it would be sufficient for the UDP forwarding simply
to follow the primary router.

Multi-group HSRP seems to present some other possibilities/problems that
I haven't explored in depth yet.  One point is that it would appear that
having MHSRP primary routers forwarding DHCP (at least the broadcasts)
would require extraordinary configuration on the DHCP server.  For
example, if the clients are in the same subnet, then which default
gateway should it send to the client?  Thus, MHSRP *with* DHCP
forwarding
would seem to require, practically, multiple subnets and broadcast
domains -- i.e., VLANs.

Comments?

-
Tks        | 
BV     | 
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=




_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: HSRP and UDP forwarding.

[Bob Vance]

Thanks, Erick.
It seems that you have basically said,
   "Yes, UDP forwarding is not part of HSRP."

But you also apparently agree that there is no technical reason why this
must be true :)


>Maybe they need to add a feature, like standby helper or something so
>when HSRP is being used it will only forward UDP broadcast traffic on
>the device that has the HSRP IP active.
>Example: if such a feature existed, then you wouldn't use ip-helper on
>HSRP interfaces - you would use standby-helper if you just wanted UDP
>forwarded on device with active HSRP IP address.

ISTM that it would be easy to simply add a command like

   [no] standby-helper

Everything else, including "ip-helper" is the same, and this flag simply
tells a router in standby or monitor mode not to forward, but when in
primary mode to do so.

I guess the effort is not worth the gain.  UDP's being an unreliable and
connection-less transport requires the protocols to be robust enough to
handle the duplicate packets.

The problem arising from this duplicate forwarding with DHCP occurs when
the 2nd DHCPDISCOVER is delayed enough so that the client has already
received its lease and IP address in response to the 1st DHCPDISCOVER.
When the server sees the 2nd DHCPDISCOVER, it will try to give the same
address again.  But, prior to doing so, it MAY (RFC2131) ping the
address to see whether it's in use.  Well, the client will respond,
because it just got the IP address :)  The server will then try to give
another IP address and abandon the first lease.

Of course, that's a contrived and highly unlikely case -- the packet
would probably never be delayed that long, but it just came to my mind
when thinking about this.


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: Erick B. [mailto:[EMAIL PROTECTED]]
Sent: Sunday, February 18, 2001 5:43 PM
To: Bob Vance; CISCO_GroupStudy List (E-mail)
Subject: Re: HSRP and UDP forwarding.


Look at this way. HSRP (and VRRP) share a virtual IP
address among the devices participating. Hosts point
their default-gateway to this Virtual IP address. This
allows the hosts to still forward traffic when the
primary router/switch interface goes down and the
standby router/switch changes over to active. This is
the function of HSRP/VRRP - to provide a shared IP
address among multiple interfaces on the same network.

If the interface is in standby mode for HSRP then the
standby IP address isn't active on this interface, but
the primary IP is active and ip-helper, routing, and
all other IP features you have configured are active
unless the interface is down, etc.

Currently, there isn't a way to stop ip-helper from
forwarding when the HSRP address is in standby mode
since ip-helper isn't part of HSRP. Maybe they need to
add a feature, like standby helper or something so
when HSRP is being used it will only forward UDP
broadcast traffic on the device that has the HSRP IP
active. Example: if such a feature existed, then you
wouldn't use ip-helper on HSRP interfaces - you would
use standby-helper if you just wanted UDP forwarded on
device with active HSRP IP address.

The only way to get around forwarding UDP broadcasts
from both routers would to remove the ip-helper from
one of the interfaces. The problem here is when the
other interface goes down you're not going to forward
the UDP broadcasts anymore. The other solution would
to be make the DHCP server local so ip-helper wasn't
needed.

If you search on cisco.com for HSRP and IP-helper
you'll get a document on UDP Flooding which involves
bridge-groups and using spanning-tree to block.

Erick

--- Bob Vance <[EMAIL PROTECTED]> wrote:
> I was told this in another venue:
>
> >It is the nature of HSRP. Both routers listen to
> broadcast traffic.
> Both
> >routers are configured as a DHCP and BOOTP relay
> agent in order to get
> >redundancy. So all DHCP and BOOTP broadcast traffic
> is sent twice to
> the
> >central server.
>
> Is there some reason for this to be true?
> It does not seem right to me.
>
> My understanding is that, normally, HSRP does not
> depend on multiple
> routers in the group to forward traffic.  The HSRP
> group appears as one
> router to the side where it is being redundant, with
> the primary router
> forwarding all traffic.  The standby doesn't
> participate, except
> possibly
> on reply traffic
>
> I think that you would agree that it is not normal
> nor good (maybe not
> necessarily bad, but certainly not good :) for a
> router arbit

RE: Creating Multiple Interfaces on an Ethernet Port

[Bob Vance]

I would swear that I read that "secondary" was eventually going away
and the sub-interfaces would replace it.

Am I dreaming?

-
Tks        | 
BV     | 
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Priscilla Oppenheimer
Sent: Monday, February 19, 2001 10:33 PM
To: [EMAIL PROTECTED]
Subject: Re: Creating Multiple Interfaces on an Ethernet Port


At 04:47 PM 2/19/01, Chris Wornell wrote:
>Hello,
>
>I've found out you can't create multiple interfaces on an ethernet port
>apparently.  I was wondering why this is exactly?  I know you can
accomplish
>the same on serial lines using pvc's but it seems odd you can't do it
on
>ethernet.

Why do you want to create multiple interfaces on your Ethernet port?
Ethernet was designed as a connectionless, packet-switched shared
network.
Serial links, on the other hand, are more often used for
connection-oriented virtual circuits. Subinterfaces let you associate a
single physical link with multiple virtual circuits.

>   I know there are ethernet only networks and the ip secondary
>command doesn't seem right compared to creating a new interface.

Sure there are Ethernet-only networks. Each physical Ethernet port on a
router is usually associated with an IP subnet. If you happen to have
two
IP subnets on the LAN to which a physical port is attached, you could
use a
secondary IP address as a workaround to this problem. Traffic between
subnets would still go through the router usually.

If you're using your Ethernet port as a "trunk port," and you use ISL or
802.1q VLAN encapsulation, then you can configure subinterfaces. In this
case, subinterfaces let you associate a single physical link with
multiple
VLANs. Inter-Switch Link (ISL) and IEEE 802.1q maintain VLAN
identification
information as traffic travels between connected switches.

Maybe you can give us a better idea of what you are trying to accomplish
and we can provide more tailored information, but I hope this info was
somewhat useful.

Priscilla



>Chris Wornell
>Technical Support
>MM Internet http://mminternet.com
>888-654-4971
>CCNA, CCDA, CSE
>
>_
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Priscilla Oppenheimer
http://www.priscilla.com

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Reverse DNS

[Bob Vance]

It's a good idea to have reverse entries for forward names that are
visible to the Internet -- some mail servers do a reverse lookup to
"verify" that you are valid and won't receive your mail without the
reverse lookup.

Typically, your ISP will be authoritative for the zone from which your
IP space is allocated (although not always).
But, I think that it's better for you to be the master for both the
forward and reverse zones, and let the ISP be slave (secondary) for
both.

If you have an entire /24 block of addresses, then they would just
delegate that entire zone to you.

If you have a partial Class C (/n where n>24), then the ISP will
remain authoritative for the full zone, but there are several ways that
they can give you control.

One way is for them to delegate to you a sub-zone of the full reverse
zone and then put CNAMEs pointing into the new sub-zone for which you
will be authoritative -- you put the 'real" PTRs in this new sub-zone.

IMHO, better is for them simply to replace their current PTR records
with CNAME records pointing to names into your current *forward* zone.
You would then insert PTR records with those names into your current
forward zone and then you can change them at will.
Two benefits to this method are:
  . there are no new zones nor NS records
  . your forward "A" records and the corresponding reverse PTR
records are right in the same zone.

The ISP would normally have the PTRs thusly:

$ORIGIN zz.yy.xx.in-addr.arpa.
   ...
num   IN  PTR  name.in.your.domain.

But every time you make a change, the ISP has to get involved.
In the second method I described above, the ISP replaces that record
thusly:


$ORIGIN zz.yy.xx.in-addr.arpa.
   ...
;;del;; num   IN  PTR  name.in.your.domain.
num  IN  CNAME  num.in.you.domain.

Then, in your forward zone you simply add the "real" PTRs:

$ORIGIN in.your.domain.
   ...
name  IN  A  num.xx.yy.zz
num   IN PTR name
   ...




-
Tks        | 
BV     | 
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Roan, Wayne
Sent: Tuesday, February 20, 2001 5:18 PM
To: '[EMAIL PROTECTED]'
Subject: Reverse DNS


Group,

Question, if you are maintaining the DNS zones for your domains, do
you need reverse zones with entries for each of your domains the
Internet
needs to get to?  Let's say your ISP is providing secondary DNS for you,
will they host reverse DNS for you? or do you still need to provide for
reverse DNS regardless?

Thanks,

Wayne

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Reverse DNS

[Bob Vance]

I should clarify that the ISP will add CNAMEs for the *entire* partial
IP range assigned to you, regardless of whether you have a matching PTR
record -- you add/modify the PTRs as needed.
Then the ISP will never have to make another change.

Suppose you have 1.2.3.16/28.
Then the ISP's reverse will look like:

$ORIGIN 3.2.1.in-addr.arpa.
   ...
16  IN  CNAME  16.in.your.domain.
17  IN  CNAME  17.in.your.domain.
   ...
31  IN  CNAME  31.in.your.domain.

Of course, he'll probably really use a single line in his config:

$GENERATE 16-31  $ CNAME  $.in.your.domain.

(or maybe  17-30  :)


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bob Vance
Sent: Tuesday, February 20, 2001 7:39 PM
To: CISCO_GroupStudy List (E-mail)
Subject: RE: Reverse DNS


It's a good idea to have reverse entries for forward names that are
visible to the Internet -- some mail servers do a reverse lookup to
"verify" that you are valid and won't receive your mail without the
reverse lookup.

Typically, your ISP will be authoritative for the zone from which your
IP space is allocated (although not always).
But, I think that it's better for you to be the master for both the
forward and reverse zones, and let the ISP be slave (secondary) for
both.

If you have an entire /24 block of addresses, then they would just
delegate that entire zone to you.

If you have a partial Class C (/n where n>24), then the ISP will
remain authoritative for the full zone, but there are several ways that
they can give you control.

One way is for them to delegate to you a sub-zone of the full reverse
zone and then put CNAMEs pointing into the new sub-zone for which you
will be authoritative -- you put the 'real" PTRs in this new sub-zone.

IMHO, better is for them simply to replace their current PTR records
with CNAME records pointing to names into your current *forward* zone.
You would then insert PTR records with those names into your current
forward zone and then you can change them at will.
Two benefits to this method are:
  . there are no new zones nor NS records
  . your forward "A" records and the corresponding reverse PTR
records are right in the same zone.

The ISP would normally have the PTRs thusly:

$ORIGIN zz.yy.xx.in-addr.arpa.
   ...
num   IN  PTR  name.in.your.domain.

But every time you make a change, the ISP has to get involved.
In the second method I described above, the ISP replaces that record
thusly:


$ORIGIN zz.yy.xx.in-addr.arpa.
   ...
;;del;; num   IN  PTR  name.in.your.domain.
num  IN  CNAME  num.in.you.domain.

Then, in your forward zone you simply add the "real" PTRs:

$ORIGIN in.your.domain.
   ...
name  IN  A  num.xx.yy.zz
num   IN PTR name
   ...




-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Roan, Wayne
Sent: Tuesday, February 20, 2001 5:18 PM
To: '[EMAIL PROTECTED]'
Subject: Reverse DNS


Group,

Question, if you are maintaining the DNS zones for your domains, do
you need reverse zones with entries for each of your domains the
Internet
needs to get to?  Let's say your ISP is providing secondary DNS for you,
will they host reverse DNS for you? or do you still need to provide for
reverse DNS regardless?

Thanks,

Wayne

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Any freeware TACACS and/or RADIUS servers out there for NT?

[Bob Timmons]

I've been trying to find something like this.  Seems there are a couple of
RADIUS servers, but few TACACS and I can't find anything that's freeware or
reasonable shareware (Hey, it's for a lab for cryin out loud).  Help?
Anyone?


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Dial-Up Experts... (completely off topic but I can't help it)

[Bob Johnson]

I didn't get to play at the high stakes tables (where the PDP-11 people sit)
but I do fondly recall the happy feeling of getting my SYM-1 talking to a
KIM-1 via serial connection.

The SYM-1 was really funky for it's time as it had a quasi video out that
would display a line of text on a oscilliscope's screen...
These computers came out after the boxes with all the paddle switches
(Altair8080) but before video was a "standard" item

Actually with the other thread about age I am starting to feel old..
Sniff


Bob


-Original Message-
From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 26, 2001 10:31 AM
To: [EMAIL PROTECTED]
Subject: RE: Dial-Up Experts...


I'll see your VIC-20 to Trash-80, and raise you PDP-8 to PDP-11.

>OMG, but I'd really be impressed if you connected a VIC-20 up to a TRS-80.
>
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>Sent: Sunday, February 25, 2001 10:01 AM
>To: Circusnuts
>Cc: [EMAIL PROTECTED]
>Subject: RE: Dial-Up Experts...
>
>
>I've done this with two modems and two computers... not trying to show my
>age but I connected a Kaypro 2X and a Commodore 128 through their
respective
>modems at 300 baud ;-) Pretty big feat back then...
>
>Tim
>
>>  -Original Message-
>>  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>>  Circusnuts
>>  Sent: Sunday, February 25, 2001 3:50 PM
>>  To: [EMAIL PROTECTED]
>>  Subject: Dial-Up Experts...
>>
>>
>>  Hey All- is there a way to simulate dial-up without going through the =
>>  Telco (i.e. point to point, using no dial tone).  I'm practicing CCIE =
>>  labs & have a few with dial scenario.  I wondered it I could do a call =
>>  back without tying up two phone lines, say a modem off of my 2509 =
>>  connected to another modem @ Aux of another router.
>>
>>  Any advice would be greatly appreciated...
>>
>>  Thanks
>  > Phil

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ??Fw: need clarification: ip unnumbered in routing tables

[Bob Timmons]

Check out http://www.cisco.com/warp/public/701/20.html

"Priscilla Oppenheimer" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> At 02:15 PM 2/26/01, nobody wrote:
> >Is the below a dumb question?
>
> No.
>
>
> >Nobody replied. Can somebody enlighten me?   ;-)
> >
> >p.
> >
> >- Original Message -
> >From: "nobody" <[EMAIL PROTECTED]>
> >To: <[EMAIL PROTECTED]>
> >Sent: Friday, February 23, 2001 2:07 PM
> >Subject: need clarification: ip unnumbered in routing tables
> >
> >
> > > just need to verify my thinking:
> > >
> > > example: serial line (PPP) connection between routers A and B using ip
> > > unnumbered.
> > >
> > > router A:
> > > e0=192.168.1.1/24
> > > s0=192.168.3.1/24
>
>
> Why does s0 have an address if it's unnumbered?
>
> > >
> > > routing table for A:
> > > c192.168.1.0/24is directly connected, ethernet0
> > > r192.168.2.0/24[120/1] via 192.168.3.2, 00:00:05, serial0
> > > s*  0.0.0.0/0  is directly connected, serial0
> > >
> > > router B:
> > > e0=192.168.2.1/24
> > > s0=192.168.3.2/24
> > >
> > > routing table B:
> > > r192.168.1.0/24[120/1] via 192.168.3.2, 00:00:06, serial0
> > > c192.168.2.0/24is directly connected, ethernet0
> > > s*  0.0.0.0/0  is directly connected, serial0
> > >
> > > i thought that the routing table should reflect the ethernet ip
address of
> > > the remote router on local serial interface?
>
> It will reflect the next hop, unless it really is unnumbered, but it
> appears to be numbered. What am I missing?
>
> Priscilla
>
> >i don't see it here. is it an
> > > error or is it me?
> > >
> > > thanx,
> > >
> > > p.
> > >
> >
> >_
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
> 
>
> Priscilla Oppenheimer
> http://www.priscilla.com
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: wildcard in access-list

[Bob Vance]

>Why?

Less processing.
Elegance :)
Cleverness :)
More documentation ~%[

I love that sort of stuff --
hmm, I guess this means that you wouldn't hire me, eh, Howard?


-
Tks        | 
BV     | 
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Howard C. Berkowitz
Sent: Saturday, March 03, 2001 1:31 PM
To: [EMAIL PROTECTED]
Subject: Re: wildcard in access-list


>I have two parts of a large network, the first part using 141.120.0.0
>thru 141.120.7.255 and the second part using 141.120.128.0 thru
>141.120.135.255. At the router connecting to Internet I want access
from
>outside limited only to these subnets and not to other addresses used.
I
>know that the following will work for TCP:
>
>access-list 101 tcp permit any 141.120.0.0 0.0.7.255
>access-list 101 tcp permit any 141.120.128.0 0.0.7.255
>
>I want to condesnse this to a single statement as follows:
>
>access-list 101 tcp permit any 141.120.0.0 0.0.135.255


Why?

Or, to put in other terms, how would you like to find that access
list statement in an undocumented configuration you've just been
asked to troubleshoot?

A good rule of thumb:  suspect any mask octet that doesn't have
contiguous bits,
unless you are EXACTLY sure why it's being done:

   Subnet   Wildcard
   --   
  255   0
  254   1
  252   3
  248   7
  240  15
  224  31
  192  63
  128 127
0 255

>
>Will this work?
>For example 141.120.9.2 should not be allowed.
>In binary 141.120.9.2 is 10001101.0000.1001.0010.
>
>My understanding of the steps of how the access-list works is :
>
>1) perform a NOT the mask, which gives in binary
>   ..0000.
>2) perform an AND between this and the IP address, which gives in
binary
>   10001101.0000.1000.
>3) compare the result with the original IP address in the access-list
>   the comparison fails
>4) if successful, allow, otherwise drop.
>   so the packet is dropped.
>
>Is the above correct?
>I don't have a lab to test this. I would appreciate any help. Thanks.
>
>Nelluri

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: wildcard in access-list

[Bob Vance]

Let's see...
You don't care whether bit 16 (or is that 17 :?) is a 0 or a 1, right?
Then the wildcard bit can be 1 :)

A general statement would be:
If you have two otherwise identical ACL statements with
addresses that differ only in one bit position, then you
can combine the ACLs into one with the mask having that
bit position set to 1 (don't care).
You can then iterate the above for more consolidation.



>3) compare the result with the original IP address in the access-list

The actual logical compare that must be done is:

  Do the care bits of the ACL address
  match the care bits of the processed address.

(obviously :)

So, technically, the ACL address must also be ANDed with the mask
complement, in case the ACL address, as entered, doesn't have all the
don't-care bits set to 0.  Of course, this would only be done once, at
initialization, and the value stored.

IIRC, at least stating at some IOS version level, this is being done
automatically for you by IOS when it stores the ACL in the
configuration.  Thus, if you typed:

  access-list 101 tcp permit any 141.120.128.0 0.0.135.255

it would actually show up via a  'sh run'  as

  access-list 101 tcp permit any 141.120.0.0 0.0.135.255

I'm not sure about this, though --
I'm sure that someone else will confirm/debunk it.



> the comparison fails

Still correct :)



-
Tks        | 
BV     | 
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Nelluri Reddy
Sent: Saturday, March 03, 2001 12:56 PM
To: [EMAIL PROTECTED]
Subject: wildcard in access-list


I have two parts of a large network, the first part using 141.120.0.0
thru 141.120.7.255 and the second part using 141.120.128.0 thru
141.120.135.255. At the router connecting to Internet I want access from
outside limited only to these subnets and not to other addresses used. I
know that the following will work for TCP:

access-list 101 tcp permit any 141.120.0.0 0.0.7.255
access-list 101 tcp permit any 141.120.128.0 0.0.7.255

I want to condesnse this to a single statement as follows:

access-list 101 tcp permit any 141.120.0.0 0.0.135.255

Will this work?
For example 141.120.9.2 should not be allowed.
In binary 141.120.9.2 is 10001101.0000.1001.0010.

My understanding of the steps of how the access-list works is :

1) perform a NOT the mask, which gives in binary
  ..0000.
2) perform an AND between this and the IP address, which gives in binary
  10001101.0000.1000.
3) compare the result with the original IP address in the access-list
  the comparison fails
4) if successful, allow, otherwise drop.
  so the packet is dropped.

Is the above correct?
I don't have a lab to test this. I would appreciate any help. Thanks.

Nelluri

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: wildcard in access-list

[Bob Vance]

>>hmm, I guess this means that you wouldn't hire me, eh, Howard?

>Well, can you phrase this as "full employment for consultants?"

All seriousness aside, I actually meant as an employee -- not as a
consultant :)


> With a tired, triumphant,
>  yet demented look, he announced: "Yes, it is obvious."

LOL.
You've been eavesdropping on some of my math sessions with my children,
haven't
you.  I've learned more about the foundations of arithmetic since I had
kids than I
did studying math in school :)


>There is a poorly documented corollary of Murphy's Law that establishes
>that idiots inherit the work of the clever.

Right.
But I would assume that that doesn't mean that you are deprecating
cleverness,
per se (after all, cleverness is the Aunt of invention) but, maybe just
want to
leave cleverness where it belongs -- in the lab :)


I tend to go for the clever first and, then, after proving that it
works, start to
worry about the potential obfuscation (not to mention the phone calls)
and change to
a more "self-documenting" route.

So, one moment I might code the single ACL;
the next I would change it to the "self-documenting" two-statement ACL.

   (In fact, I would agree that you could easily argue that the second
is the more
elegant since it kills two birds with one stone:
 functionality
and no   extra documentation  :)
   )


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Howard C. Berkowitz
Sent: Sunday, March 04, 2001 11:35 AM
To: [EMAIL PROTECTED]
Subject: RE: wildcard in access-list


>  >Why?

To which Bob Vance responded,

>
>Less processing.

  CPU power is cheaper than brainpower, downtime through errors,
etc.

>Elegance :)

  I've always regarded an elegant solution as one that is necessary
  and sufficient for all criteria. Maintainability is a criterion.

  A professor, in his* Tuesday class, droned on "it is obvious that
XXX
  is ZZZ."

  A student responded, "Professor, are you sure it is obvious?"

  A look of professorial alarm. "Class dismissed."

  On Thursday, the class returned to find their professor still at
the
  board, fairly obviously unwashed and unshaven since Tuesday,
perhaps
  nourished only by incessant cups of coffee.  With a tired,
triumphant,
  yet demented look, he announced: "Yes, it is obvious."

* choice of pronoun gender deliberate.  This is a guy thing**,  the
academic version of refusing to ask for directions.
** a female professor, however, might want to share the experience of
confusion.

>Cleverness :)

  There is a poorly documented corollary of Murphy's Law that
establishes
  that idiots inherit the work of the clever.

  Military organizations have much folklore about this.  In working
with
  US Navy personnel, I learned the valid distinctions between
idiot-proofing
  and sailor-proofing.  Or, as it is said, the five most dangerous
things
  in the Canadian Navy:
 -- Ordinary Seamen saying: "I learned this in Boot Camp"
 -- Petty Officers saying "Trust me, sir"
 -- Sublieutenants saying "Based on my experience"
 -- Lieutenants saying "I was just thinking"
 -- Chiefs saying "Watch this [output traffic from male cow]"

>More documentation ~%[
>
>I love that sort of stuff --


>hmm, I guess this means that you wouldn't hire me, eh, Howard?

Well, can you phrase this as "full employment for consultants?"

In all fairness, there is a regrettable Cisco tendency to teach and
test for obscurity.

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Backup for CAT 3500 switches

[Bob Timmons]

Hmm.. try this:

http://bobtimmons.home.mindspring.com/bin/wrnet.zip

I don't remember where I found it, but it's freeware.  Here's part of the
TXT file that comes with it:

"WrNet is a Windows command line utility that will instruct a
Cisco router to save its running-config to a TFTP server
using SNMP.

WrNet can be combined with the Windows NT Scheduler service to
automate the backups of Cisco router configurations."


Let us know if this works for you.

Bob

""Thomas"" <[EMAIL PROTECTED]> wrote in message
981fcj$bju$[EMAIL PROTECTED]">news:981fcj$bju$[EMAIL PROTECTED]...
> Hi All - I wonder if there is any option on the Catalyst 3548XL switches
> that allows you to dump the configuration of the switch to the TFTP server
> periodly?  I am trying to automate the backup process for your 3548XLs.
> Thanks in advance!
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Hardware Req's

[Bob Timmons]

16MB of Flash is nice, but I don't believe required for a lab.  You can get
virtually any IOS image on 8MB of flash by using a compression utility.
Personally, I'd recommend 8MB Flash and 16MB RAM.  The RAM is
cheaper and if you're running any kind of Enterprise IOS or one that does
Firewall, etc, you'll need the RAM.  I don't know why they'd recommend
16Flash/8Ram.  If you have a 12MB Flash image, chances are, you'll need
more than 8MB RAM to run it.  The 12.1.7 IOS that has IP/IPX/AT for the
25xx series is 9MB.  You can probably compress this to about 4-5MB for the
Flash.  The largest IOS I could find on CCO was 16,158,604.  I compressed
that down to 7,249,938.  That would fit nicely on 8MB of Flash and would
definitely require 16MB RAM.

HTH

Bob

> Can someone tell me the minimum hardware requirements for IOS 12.x with
> ip/ipx/at routing on a 2501?  im looking to buy a couple routers for a
home
> lab but i dont know what is the minumum that i should get.  Cisco site
says
> "recommended" 16mb flash and 8 dram, but for a home lab would it still
work
> on a 8/8?
>
> Justin
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Hardware Req's

[Bob Timmons]

Oh,

I guess I should mention that using a compression utility could potentially
cause
problems in production environments.  Use your best judgement.  I only use
it
for lab purposes.  If you're in a production environment, have the company
shell
out the dough-ray-me for the extra flash if required.

Bob

http://bobtimmons.home.mindspring.com/bin/mzmaker.exe

Please note that this utility only runs on a "DOS compatible" platform (no
MACs, no UNIX, etc.)  Also, please note that the flash images it produces
will run only on 68000-series Cisco routers (eg. 3000, 2500, older 4000 and
7000, etc).  It will *not* work with RISC router processors.

If you wish to test the images this utility produces *BEFORE* copying those
images into flash memory, simply install a TFTP server and have the IOS
image downloaded by TFTP on bootup. This will provide a means to test the
compressed flash image.


> Can someone tell me the minimum hardware requirements for IOS 12.x with
> ip/ipx/at routing on a 2501?  im looking to buy a couple routers for a
home
> lab but i dont know what is the minumum that i should get.  Cisco site
says
> "recommended" 16mb flash and 8 dram, but for a home lab would it still
work
> on a 8/8?
>
> Justin
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DCE to DTE no CSU/DSUs

[Bob Timmons]

If you're using a back-to-back cable, the DCE will ALWAYS be the router with
the DCE side
of the cable.  If you're doing frame-relay, and using 1 router to be the
frame-relay switch, you'd
typically use the DCE side of the back-to-back on the frame-switch for all
routers connected
to the frame-relay switch.  You would then set your desired clock rate on
each serial interface.

""sanjay"" <[EMAIL PROTECTED]> wrote in message
96ibeu$3f1$[EMAIL PROTECTED]">news:96ibeu$3f1$[EMAIL PROTECTED]...
> On the frame-relay switch router, just make sure you specify "frame-relay
> intf-type dce" command. On point to point serial connection between 2
> routers, you will need to setup clock rate on one of the routers. Which
ever
> router you put the clock rate, it becomes the DCE.
>
>
> ""CiScO"" <[EMAIL PROTECTED]> wrote in message
> 96i57s$bpl$[EMAIL PROTECTED]">news:96i57s$bpl$[EMAIL PROTECTED]...
> > Do I need to config the serial as a DCE or does it automatically become
a
> > DCE when I specify a clock rate?
> >
> > Will this type of connection work even if I'm not running Frame Relay,
for
> > instance setting up OSPF single area or multiple area, using ppp encap?
> >
> > Thanks!
> >
> >
> > ""John Neiberger"" <[EMAIL PROTECTED]> wrote in message
> > sa8c04a1.091@fsutil01">news:sa8c04a1.091@fsutil01...
> > > Each serial link needs to have some sort of clocking at the physical
> > > layer, regardless of your choice of datalink layer protocol.  In
> > > addition, each serial link is entirely separate from the others and
can
> > > have differing clockrates.
> > >
> > > Be sure that you set your clockrate on the DCE side only.  The DTE
side
> > > does not need to be specified because it is, by definition, listening
to
> > > the clock from the DCE.
> > >
> > > >>> "." <[EMAIL PROTECTED]> 2/15/01 4:09:37 PM >>>
> > > DCE to DTE no CSU/DSUs
> > >
> > > If I connect my routers via serial interfaces using a crossover serial
> > > cable
> > > , do I need to set a clock rate even if I'm running fame relay? If I
do
> > > need
> > > to use a clock rate do all the routers need to be set for the same
> > > clock
> > > rate?
> > >
> > > Thanks!
> > >
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> > >
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Discontiguous networks

[Bob Vance]

>The binary mask for last octet would be 1010.

Actually, it's worse than that!!

1010  =  128 + 32  = 160, not 148  :|

148 = 128 + 20 = 128 + 16 +4  = 1001 0100

I'll let you fill the rest in :)


-
Tks        | 
BV     | 
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
John Neiberger
Sent: Thursday, March 15, 2001 12:41 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: Discontiguous networks


ouch!  Please do not attempt this at home.  Heck, please do not attempt
this anywhere!  :-)

The binary mask for last octet would be 1010. If you assume the use
of subnet zero, your host address go from 1 to 31, then skip to 64-94.
The next subnet in binary is 0010 so the network address is
192.10.3.32 and host address are 33-63 and 95-126.  This is painful,
it's making my head hurt

Okay then, the next subnet in binary is 1000, or .128 in decimal,
and your host addresses are 129-159 and 192-223.  The final subnet is
1010, or .148 and the host addresses are 149-180 and 224-254.

I think.  That is really painful to think through and I was interrupted
multiple times while trying to write this.  Please forgive me if these
numbers aren't correct.

And always remember:  Friends don't let friends use discontiguous
subnet masks!

>>> "Arthur Simplina" <[EMAIL PROTECTED]> 3/15/01 10:04:17 AM >>>
I know that there was an earlier posting and a very good explanation on

this. So, kindly bear with me.

I am trying to figure out the subnets (and hosts) for this address:

192.10.3.0 with subnet mask 255.255.255.148.

I am asking this out of curiosity and to learn how to go about this.

Thanks for any help.

Arthur


_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Discontiguous networks

[Bob Vance]

>it was with two mask bits.

I think that Howard would say that it was a 2-bit mask  :)



-
Tks        | 
BV     | 
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 15, 2001 2:25 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Discontiguous networks


Oops!  I knew I should have learned how to add at some point in my life!
 :-)

I'm glad you caught that.  The calculations I made were bad enough as
it was with two mask bits.  I'm not going to do it again with three!

Thanks,
John


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Sample CCNA test question..bogus?

[Bob Vance]

"D" is the only possible answer to give on a test, since it's pretty
clear what the tester meant :)

I guess the question could have been worded:

  "Given the Class B network 172.16.0.0, using a prefix length
   of 19, which of the following is a valid address?
  "

Or much more simply and clearly:

Q. Which one of the following is a valid host address?

a. 172.16.32.0 /19

b. 172.16.64.0 /19

c. 172.16.63.255 /19

d. 172.16.80.255 /19



-
Tks        | 
BV     | 
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Adam Hickey
Sent: Thursday, March 15, 2001 1:40 PM
To: Lowell Sharrah; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: Sample CCNA test question..bogus?


Amen!

Thank You
Adam Hickey
Cable & Wireless
Network Engineer, IOPS
[EMAIL PROTECTED]
___
"And One!"

- Original Message -
From: "Lowell Sharrah" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, March 15, 2001 10:10 AM
Subject: Re: Sample CCNA test question..bogus?


> this is assuming vlsm.  when you have a class network with varibale
bits
in the subnet mask that is different than the default subnet mask, you
have
multiple subnets and multiple host on each subnet.  This question is
telling
us that there are 3 bits as subnet bits (since the default for class B
networks is 16) and the remaining 13 are host bits.  This arnagement
(172.16.0.0/19) calculates out to be more than one subnet and answer d
falls
in one of the valid subnet ranges.  If thew question was worded
differently
with a particular subnet such as 172.16.30.x/19, then it would not be
true.
>
> >>> "John Neiberger" <[EMAIL PROTECTED]> 03/15/01 12:04PM
>>>
> How could the wording be correct?  172.16.80.255 is a host address in
> 172.16.64.0/19, *not* 172.16.0.0/19.   There is no correct answer
> provided to that specific question as worded. I agree that it is
trying
> to be a trick question, but it fails because of poor wording or a
typo.
> Perhaps one of the answers should have been 172.16.15.255 or something
> like that.  That would have been tricky yet also correct given the
> question that was being asked.
>
> John
>
> >>> "Arthur Simplina" <[EMAIL PROTECTED]> 3/15/01 9:51:53 AM >>>
> I think the trick part of question here is that the answer d.
> 172.16.80.255
> seems like a broadcast address because of the 255 (all 1's in the last
>
> octec.) So now the test taker faces the dilemna of choosing between
two
>
> subnetwork addressess and two "broadcast" addresses.
>
> Cisco would want to know if you really know subnetting. Hence, the
> wording
> of the question (which to my opinion is still correct).
>
> Arthur
>
>
> >From: "John Neiberger" <[EMAIL PROTECTED]>
> >Reply-To: "John Neiberger" <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: Re: Sample CCNA test question..bogus?
> >Date: Thu, 15 Mar 2001 09:19:53 -0700
> >
> >I think I'll side with those who say there is no correct answer, but
> >there is an answer that's closer to being correct than the others.
> :-)
> >
> >The question is asking for a valid host in the 172.16.0.0/19 range.
> >Answer D is not in that range!  It is in the 172.16.64.0/19 network.
> >Valid host addresses in the 172.16.0.0/19 range are:
> >
> >172.16.0.1 through 172.16.31.254
> >
> >I would agree that by making a subtle adjustment to the question,
> >answer D is the only answer possible.  Given a /19 prefix length, the
> >only possible host address given in the answers is D, which forces us
> to
> >change the question to fit the answer.
> >
> >This just appears to be a poorly worded question that not only allows
> >you to figure out the most-correct answer eventually but also forces
> you
> >to deduce what the actual question is in the first place.In
> other
> >words, it's a typical Cisco test question!
> >
> >Regards,
> >John
> >
> > >>> "Arthur Simplina" <[EMAIL PROTECTED]> 3/15/01 8:46:27 AM
> >>>
> >d. 172.16.80.255
> >
> >This belongs to subnet 172.16.64.0 with host range of 172.16.64.1 -
> >172.16.95.254.
> >
> >Arthur
> >
> >
> > >From: "Bruce" <[EMAIL PROTECTED]>
> > >Reply-To: "Bruce" <[EMAIL PROTECTED]>
> > >To: [EMAIL PROTECTED]
> > >Subject: Sample CCNA test question..bogus?
> > >Date: Thu, 15 Mar 2001 15:11:07 +1100
> > >
> > >Q. Which one of the following is a valid host using the address of
> > >172.16.0.0 /19?
> > >
> > >a. 172.16.32.0
> > >
> > >b. 172.16.64.0
> > >
> > >c. 172.16.63.255
> > >
> > >d. 172.16.80.255
> > >

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct

Re: Certification Zone

[Bob Timmons]

I've never had to deal with their customer support, but that aside, the
money is
worth it.  The whitepapers, labs & exams are top-notch, I haven't seen its
equal.
You can get a free whitepaper each month, so you can check them out ahead
of time, but the archives are what's worth the money.

> >www.certificationzone.com
> >
> >What is your opinion about this company?  I talked to some witch named
Cindy
> >or Jenny that must have been the MC at the last "Witches R US"
convention.
> >If their services aren't any better than their manners, I don't want to
> >waste my money.
>
> Well, my neopagan heritage requires me to say that I have dated some
> rather pleasant witches.  But that's probably not what you meant.
>
> Without further information, I don't know what to say. I don't myself
> deal with customer service on a day-to-day basis, but I can certainly
> put you in touch with people that do.
>
> >
> >Thank you in advance for your feedback.
> >
> >John Huston
> --
> "What Problem are you trying to solve?"
> ***send Cisco questions to the list, so all can benefit -- not
> directly to me***
>
> Howard C. Berkowitz  [EMAIL PROTECTED]
> Technical Director, CertificationZone.com
> Senior Mgr. IP Protocols & Algorithms, Advanced Technology Investments,
> NortelNetworks (for ID only) but Cisco stockholder!
> "retired" Certified Cisco Systems Instructor (CID) #93005
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: bri flapping with demand cirquit/igrp redistribution

[Bob Boone]

Yes i do have passive BRI on IGRP, and also, the way it is done now, it
restricts ALL networks, if you look at the access-list 15 it has one
statement and then explisit deny all.
still not working.

- Original Message -
From: "Jay Chandradas" <[EMAIL PROTECTED]>
To: "Netguy" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Friday, March 16, 2001 12:22 PM
Subject: Re: bri flapping with demand cirquit/igrp redistribution


> 1. DO u have a passive interface on bri0 under router IGRP
>
> 2. I wud do this way !! when u r redisributing into OSPG .. allow only the
> IGRP networks ( including the network conneted with is running IGRP )
>
> Jay
>
> when u r redistributing into
> - Original Message -
> From: "Netguy" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Friday, March 16, 2001 12:01 PM
> Subject: bri flapping with demand cirquit/igrp redistribution
>
>
> > > Hello all you happy people.
> > > Router A has ospf/igrp mutual redistribution and bri
> > > int dialing elsewhere with demand circuit. it keeps
> > > flapping.
> > > i followed someone's advice and created a route/map
> > > filter to filter out bri network from igrp
> > > redistributing back into ospf.
> > > what the hell am i doing wrong? i know its a big
> > > thing
> > > that lots of people had problems with.
> > > here's the key configs:
> > > interface BRI0/0
> > >  ip address 173.5.8.1 255.255.255.252
> > >  encapsulation ppp
> > >  ip ospf demand-circuit
> > >  dialer idle-timeout 15
> > >  dialer map ip 173.5.8.2 name R5 broadcast 8667007
> > >  dialer map ip 173.5.8.2 name R5 broadcast 8667008
> > >  dialer load-threshold 128 outbound
> > >  dialer-group 1
> > >  isdn switch-type basic-dms100
> > >  isdn spid1 9258667005
> > >  isdn spid2 9258667006
> > >  ppp authentication chap
> > >  ppp chap hostname CCIE
> > >  ppp multilink
> > >
> > >
> > > router ospf 1
> > >  log-adjacency-changes
> > >  area 0 authentication message-digest
> > >  area 0 range 173.5.1.0 255.255.255.0
> > >  summary-address 173.5.10.0 255.255.255.0
> > >  redistribute igrp 100 metric 100 subnets route-map
> > > stuff
> > >  network 1.1.1.0 0.0.0.3 area 0
> > >  network 173.5.1.0 0.0.0.15 area 0
> > >  network 173.5.7.0 0.0.0.7 area 3
> > >  network 173.5.8.0 0.0.0.3 area 3
> > >  network 173.5.10.0 0.0.0.127 area 3
> > >  network 173.5.17.0 0.0.0.255 area 0
> > > access-list 15 permit 173.5.8.0 0.0.0.3 log
> > > route-map stuff deny 5
> > >  match ip address 15
> > > !
> > > route-map stuff permit 10
> > >  set tag 4
> > >
> > > __
> > > Do You Yahoo!?
> > > Get email at your own domain with Yahoo! Mail.
> > > http://personal.mail.yahoo.com/
> >
> >
> > __
> > Do You Yahoo!?
> > Get email at your own domain with Yahoo! Mail.
> > http://personal.mail.yahoo.com/
> >
> > ___
> > To unsubscribe from the CCIELAB list, send a message to
> > [EMAIL PROTECTED] with the body containing:
> > unsubscribe ccielab


_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: bri flapping with demand cirquit/igrp redistribution

[Bob Boone]

did that, still doesn't work. i'm tagging on going out to IGRP and then
blocking that tag from coming back into OSPF. still bri is flapping. what
the hell? i thought we worked this problem out in groupstudy!
HELP!
- Original Message -
From: "Jay Chandradas" <[EMAIL PROTECTED]>
To: "Netguy" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Friday, March 16, 2001 12:22 PM
Subject: Re: bri flapping with demand cirquit/igrp redistribution


> 1. DO u have a passive interface on bri0 under router IGRP
>
> 2. I wud do this way !! when u r redisributing into OSPG .. allow only the
> IGRP networks ( including the network conneted with is running IGRP )
>
> Jay
>
> when u r redistributing into
> - Original Message -
> From: "Netguy" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Friday, March 16, 2001 12:01 PM
> Subject: bri flapping with demand cirquit/igrp redistribution
>
>
> > > Hello all you happy people.
> > > Router A has ospf/igrp mutual redistribution and bri
> > > int dialing elsewhere with demand circuit. it keeps
> > > flapping.
> > > i followed someone's advice and created a route/map
> > > filter to filter out bri network from igrp
> > > redistributing back into ospf.
> > > what the hell am i doing wrong? i know its a big
> > > thing
> > > that lots of people had problems with.
> > > here's the key configs:
> > > interface BRI0/0
> > >  ip address 173.5.8.1 255.255.255.252
> > >  encapsulation ppp
> > >  ip ospf demand-circuit
> > >  dialer idle-timeout 15
> > >  dialer map ip 173.5.8.2 name R5 broadcast 8667007
> > >  dialer map ip 173.5.8.2 name R5 broadcast 8667008
> > >  dialer load-threshold 128 outbound
> > >  dialer-group 1
> > >  isdn switch-type basic-dms100
> > >  isdn spid1 9258667005
> > >  isdn spid2 9258667006
> > >  ppp authentication chap
> > >  ppp chap hostname CCIE
> > >  ppp multilink
> > >
> > >
> > > router ospf 1
> > >  log-adjacency-changes
> > >  area 0 authentication message-digest
> > >  area 0 range 173.5.1.0 255.255.255.0
> > >  summary-address 173.5.10.0 255.255.255.0
> > >  redistribute igrp 100 metric 100 subnets route-map
> > > stuff
> > >  network 1.1.1.0 0.0.0.3 area 0
> > >  network 173.5.1.0 0.0.0.15 area 0
> > >  network 173.5.7.0 0.0.0.7 area 3
> > >  network 173.5.8.0 0.0.0.3 area 3
> > >  network 173.5.10.0 0.0.0.127 area 3
> > >  network 173.5.17.0 0.0.0.255 area 0
> > > access-list 15 permit 173.5.8.0 0.0.0.3 log
> > > route-map stuff deny 5
> > >  match ip address 15
> > > !
> > > route-map stuff permit 10
> > >  set tag 4
> > >
> > > __
> > > Do You Yahoo!?
> > > Get email at your own domain with Yahoo! Mail.
> > > http://personal.mail.yahoo.com/
> >
> >
> > __
> > Do You Yahoo!?
> > Get email at your own domain with Yahoo! Mail.
> > http://personal.mail.yahoo.com/
> >
> > ___
> > To unsubscribe from the CCIELAB list, send a message to
> > [EMAIL PROTECTED] with the body containing:
> > unsubscribe ccielab
>
> ___
> To unsubscribe from the CCIELAB list, send a message to
> [EMAIL PROTECTED] with the body containing:
> unsubscribe ccielab


_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BSCN

[Bob Perez]

I just recently failed the BSCN test and I have a question.  How do you find
the CIR of a Pipe that has Ex: 2 64 and 1 128 PVC's?  Would it be the least
PVC times the # of PVC's or what would be the answer.  Any help would be
apprecited.  Thanks.


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

exam prep

[Bob Perez]

Does anyone have any Exam prep tests that they would like to exchange for?
I would like the BSCN from Beachfront quizzer if possible.  I have BSCN and
BCMSN from Mcse2be.com, and would like to exchange with anyone if they have
another exam prep for the BSCN.


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BGP Update Message Contents?

[Bob Hunter]

Hi,

I haven't had a chance to run this through a sniffer yet to examine the
packets, but am wondering if someone could help me understand the
rfc1771 reference to BGP update messages. When a BGP update messages is
sent describing a route, are several update messages sent, each with a
singular path attribute flag, and attribute type code, or does one
update message contain all of the path attributes, and codes within one
segment?
The rfc1771 seams to read plural by stating variable length sequence of
path attributes.

Thank you for your assistance.


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OSPF Demand-Circuit External Routes

[Bob Henry]

All,

I have a question in regardds to using the 
ospf demand-circuit.

If you are using ospf demand circuit across an ISDN
line and do not want it to dial when external routes
that were redistributed into OSPF flap how is this
done?

Thanks,
Jack

__
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE LAB Groupstudy list

[Bob Snyder]

Paul Borghese <[EMAIL PROTECTED]> wrote in message
003501c05d56$a37b20a0$[EMAIL PROTECTED]">news:003501c05d56$a37b20a0$[EMAIL PROTECTED]...

> Please if anyone has any ideas...

Which is consuming the bandwidth?  Mail? Web? News?

If it's mail, you may be able to do something like vger.kernel.org does,
where you farm out the mail to volunteer servers   e.g., all mail for
.org gets sent to server A, all mail for .us, .ar, .id gets sent to server
B

That way your server is sending out one message for each delegated domain,
and they handle a portion of the load

Bob
CCNP, CCDP, MCSE+I, Sun Solaris Certified Admin


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: 100BaseT Between Buildings

[Sites, Bob]

I would definately look at the Aironet wireless bridges that Cisco sells, if
you have line of site?  I have installed 2 at work and am about to install 8
more.  They do everything that is advertised so far.  I have had no problems
with them. Feel free to email me directly if you have any questions. Please
do your research on the Cisco web page first.  Everything you need, user
mainuals and all, are there for you. 

-Original Message-
From: Elias Aggelidis [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 05, 2000 3:13 AM
To: Hartnell, George; [EMAIL PROTECTED]
Subject: Re: 100BaseT Between Buildings


You can find some laser links that can support 100 Mbps - 622 Mbps
The only thing that required is optical View.

If this solution seems to you to expensive you c an try the aironet 340
product
.
It gives 10 Mbps with small cost .

Regards
Elias

- Original Message -
From: "Hartnell, George" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, December 05, 2000 3:20 AM
Subject: RE: 100BaseT Between Buildings


> Not with copper.  Single mode fiber with LX modules work for me.  You can
> buy 100Mb/sec cu to single mode fiber media converters.  I don't think you
> can 'get there from here' with multimode fiber, or, as aforementioned,
> copper.
>
> Oddly enough, it seemed (to me) that gigabit LX gbic modules for some
> catalyst switches are just as inexpensive as the media converter lash-up.
> One-hundred meg ethernet is also less challenging to 'sniff' for problems.
>
> Probably you will want to run single-mode anyway; keeping future scale-up
> options open.  Strandage?  Spares are handy. Phones too?  Look at copper
> hybrid cable for cu-T1 or extra fiber stands for T1/DS1 PBX phone
switches.
>
> Or, why not wireless?  If you're line-of-site, there are some 100Mb/s
> solutions out there.
>
> Best, G.
>
> -Original Message-
> From: Rossetti, Stan [mailto:[EMAIL PROTECTED]]
> Sent: Monday, December 04, 2000 3:10 PM
> To: '[EMAIL PROTECTED]'
> Subject: 100BaseT Between Buildings
>
>
> Does anyone know of a way to implement 100BaseT between 2 buildings that
are
> ?  (~ 4100 feet) of a mile apart?  I think the distance limitation per
> segment is 200 meters.
>
>
>
>
> Thanks
>
> Stan Rossetti
>
> Russia Services Group
> Voice:  (256) 544-5031
> Email:  [EMAIL PROTECTED]
> Beeper:  544-5031 pin 0112
>
> CCDA, CCNA, CCSE
>
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

why is routing needed with VLANs

[Bob Vance]

OK.
I must be brain dead, today.
   (and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
and, yes, I know, "What's so special about 'today' "?
   )
As far I can understand it so far, about the only benefit that I see
from VLANs is reducing the size of broadcast domains.

Suppose that I have a switch in the closet with one big flat address
space (well, it couldn't be that big with only one switch, now, could
it ?>).  Then someone says,
  "You know, we're getting a lot of blah-blah broadcast traffic.
   Let's VLAN.
  "
OK, fine.  We VLAN and put whatever services in each VLAN that are
required to handle the broadcasts (e.g., DHCP service).  So, now the
switch doesn't send broadcasts outside a particular VLAN.

But, what's so magic about a VLAN that the switch also decides not to
send unicasts outside a VLAN.   Before the VLANs, the switch maintained
a MAC table and knew which port to go out to get to any unicast address
in the entire space.  So, why can't it continue to do that after we
arbitrarily implement some constraint on broadcast addresses?
It seems to me that the same, exact MAC table, with an additional VLAN
field would not require that restriction.  If it's a broadcast, send the
packet only out ports with a VLAN-id that matches the source port's
VLAN-id.  If it's a unicast, handle it just like we used to.


Similarly, even if we have 5 switches, I just don't see the requirement
that we (as switch-code designers) must block unicasts and resort to a
routing requirement.

Even with 500 switches ... well, let's not get ridiculous :)


I feel that there is a simple point that I've overlooked, so I will
continue to RTFM while I await your responses.>)


-
Tks        | 
BV     | 
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=




_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: why is routing needed with VLANs - ARP?

[Bob Vance]

What I'm saying is that, before we implement VLANs, we have a flat
address space, with obviously, no routing.
Now, suppose that I arbitrarily decide not to forward broadcasts out
ports 6-10 through some IOS command.
Everything will still work quite happily (except anything relying on
those broadcasts, of course).
...
Ooops.   I think that I just saw the answer.

One of those broadcast thingys is lil' ole ARP.
So, how does a client find the IP address of a destination if the
destination is outside the VLAN?

It's funny that this wasn't pointed out in any of my VLAN reading
(admittedly limited to ICND coursebook and Caslow).
It just arbitrarily says unicasts are blocked or routing is
required without giving a reason.

Oh, well.


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bob Vance
Sent: Tuesday, January 16, 2001 11:35 AM
To: CISCO_GroupStudy List (E-mail)
Subject: why is routing needed with VLANs


OK.
I must be brain dead, today.
   (and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
and, yes, I know, "What's so special about 'today' "?
   )
As far I can understand it so far, about the only benefit that I see
from VLANs is reducing the size of broadcast domains.

Suppose that I have a switch in the closet with one big flat address
space (well, it couldn't be that big with only one switch, now, could
it ?>).  Then someone says,
  "You know, we're getting a lot of blah-blah broadcast traffic.
   Let's VLAN.
  "
OK, fine.  We VLAN and put whatever services in each VLAN that are
required to handle the broadcasts (e.g., DHCP service).  So, now the
switch doesn't send broadcasts outside a particular VLAN.

But, what's so magic about a VLAN that the switch also decides not to
send unicasts outside a VLAN.   Before the VLANs, the switch maintained
a MAC table and knew which port to go out to get to any unicast address
in the entire space.  So, why can't it continue to do that after we
arbitrarily implement some constraint on broadcast addresses?
It seems to me that the same, exact MAC table, with an additional VLAN
field would not require that restriction.  If it's a broadcast, send the
packet only out ports with a VLAN-id that matches the source port's
VLAN-id.  If it's a unicast, handle it just like we used to.


Similarly, even if we have 5 switches, I just don't see the requirement
that we (as switch-code designers) must block unicasts and resort to a
routing requirement.

Even with 500 switches ... well, let's not get ridiculous :)


I feel that there is a simple point that I've overlooked, so I will
continue to RTFM while I await your responses.>)


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=




_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: why is routing needed with VLANs

[Bob Vance]

Thanks.

>A VLAN is, by definition, a separate subnet.

Well, not by any definition that I've yet read :)

But, I was essentially asking *why* it has to be a different subnet.
That is not discussed anywhere that I've read.
But, anyway, as I posted, I think that the answer is ARP.
If ARP broadcast is not forwarded then we'll not be able to find the MAC
address of a destination IP outside our own VLAN (at least not without
Proxy ARP -- and we've just introduced a router, again !!!


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 16, 2001 12:48 PM
To: Bob Vance; [EMAIL PROTECTED]
Subject: Re: why is routing needed with VLANs


A VLAN is, by definition, a separate subnet.  If you decided to separate
a
single LAN into two VLANs, you'll have to change your addressing scheme.
Once you've done that, you have to route to get from one subnet to the
other.  I don't even like the term "VLAN".  The very term seems to cause
a
lot of conceptual problems.

For example, let's say you have one LAN and you decide to create a new
VLAN
for a total of two VLANs.  This is absolutely no different than having
two
normal LANs on different ports on a router: you have two separate IP
subnets
and you must route to get from one to the other.  The only difference is
that you can use trunking to pass data for both subnets down the same
wire,
and you can then let a switch split that traffic up and send it to the
correct ports.

Imagine the router with two separate ethernet interfaces, each in its
own
subnet, and these are connected to two separate switches.  There is no
topological difference between that scenario and a router doing ISL or
802.1q trunking to a switch that is configured for two VLANs.  The
requirements for connectivity are the same:  you must have a router to
get
from one subnet to the other.  Even though they are physically on the
same
switch, topologically speaking they are on different networks.

I hope this makes sense.  I had three people stop by my cube to talk and
I
had three phone calls while trying to write this.  :-)

Regards,
John

>  OK.
>  I must be brain dead, today.
> (and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
>  and, yes, I know, "What's so special about 'today' "?
> )
>  As far I can understand it so far, about the only benefit that I see
>  from VLANs is reducing the size of broadcast domains.
>
>  Suppose that I have a switch in the closet with one big flat address
>  space (well, it couldn't be that big with only one switch, now, could
>  it ?>).  Then someone says,
>"You know, we're getting a lot of blah-blah broadcast traffic.
> Let's VLAN.
>"
>  OK, fine.  We VLAN and put whatever services in each VLAN that are
>  required to handle the broadcasts (e.g., DHCP service).  So, now the
>  switch doesn't send broadcasts outside a particular VLAN.
>
>  But, what's so magic about a VLAN that the switch also decides not to
>  send unicasts outside a VLAN.   Before the VLANs, the switch
maintained
>  a MAC table and knew which port to go out to get to any unicast
address
>  in the entire space.  So, why can't it continue to do that after we
>  arbitrarily implement some constraint on broadcast addresses?
>  It seems to me that the same, exact MAC table, with an additional
VLAN
>  field would not require that restriction.  If it's a broadcast, send
the
>  packet only out ports with a VLAN-id that matches the source port's
>  VLAN-id.  If it's a unicast, handle it just like we used to.
>
>
>  Similarly, even if we have 5 switches, I just don't see the
requirement
>  that we (as switch-code designers) must block unicasts and resort to
a
>  routing requirement.
>
>  Even with 500 switches ... well, let's not get ridiculous :)
>
>
>  I feel that there is a simple point that I've overlooked, so I will
>  continue to RTFM while I await your responses.>)
>
>
>  -
>  Tks??? ??? | <mailto:[EMAIL PROTECTED]>
>  BV???  | <mailto:[EMAIL PROTECTED]>
>  Sr. Technical?Consultant,? SBM, A Gates/Arrow Co.
>  Vox 770-623-3430???11455 Lakefield Dr.
>  Fax 770-623-3429?? Duluth, GA 30097-1511
>  =
>
>
>
>
>  _
>  FAQ, list arch

RE: why is routing needed with VLANs - ARP? - follow-up

[Bob Vance]

I think that Peter Van Oene hit the nail on the head (and confirmed my
conclusion :) , so I thought that I'd share a couple of his thoughts.

   " ...  More specifically, which applications can work in a unicast
only
world?  Do you intend on statically mapping all your IP to MAC
relationships on node by node basis since ARP no longer works as a
discovery mechanism?

Thinking about this stuff leads to the understanding that
broadcasting
is a fundamental communication tool in today's networks and one
cannot
eliminate its use without creating a major disturbance.

Your understanding of VLAN'ing as a very simple technology is on the
money however.  Its simply a way to create two broadcast domains
where
there was previously one without additional replication of hardware
and
cabling.
   "

You know, it seems that broadcasting is a lot like friction --

We spend a lot of time trying to reduce it, but we can't live without it
!


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bob Vance
Sent: Tuesday, January 16, 2001 12:50 PM
To: CISCO_GroupStudy List (E-mail)
Subject: RE: why is routing needed with VLANs - ARP?


What I'm saying is that, before we implement VLANs, we have a flat
address space, with obviously, no routing.
Now, suppose that I arbitrarily decide not to forward broadcasts out
ports 6-10 through some IOS command.
Everything will still work quite happily (except anything relying on
those broadcasts, of course).
...
Ooops.   I think that I just saw the answer.

One of those broadcast thingys is lil' ole ARP.
So, how does a client find the IP address of a destination if the
destination is outside the VLAN?

It's funny that this wasn't pointed out in any of my VLAN reading
(admittedly limited to ICND coursebook and Caslow).
It just arbitrarily says unicasts are blocked or routing is
required without giving a reason.

Oh, well.


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bob Vance
Sent: Tuesday, January 16, 2001 11:35 AM
To: CISCO_GroupStudy List (E-mail)
Subject: why is routing needed with VLANs


OK.
I must be brain dead, today.
   (and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
and, yes, I know, "What's so special about 'today' "?
   )
As far I can understand it so far, about the only benefit that I see
from VLANs is reducing the size of broadcast domains.

Suppose that I have a switch in the closet with one big flat address
space (well, it couldn't be that big with only one switch, now, could
it ?>).  Then someone says,
  "You know, we're getting a lot of blah-blah broadcast traffic.
   Let's VLAN.
  "
OK, fine.  We VLAN and put whatever services in each VLAN that are
required to handle the broadcasts (e.g., DHCP service).  So, now the
switch doesn't send broadcasts outside a particular VLAN.

But, what's so magic about a VLAN that the switch also decides not to
send unicasts outside a VLAN.   Before the VLANs, the switch maintained
a MAC table and knew which port to go out to get to any unicast address
in the entire space.  So, why can't it continue to do that after we
arbitrarily implement some constraint on broadcast addresses?
It seems to me that the same, exact MAC table, with an additional VLAN
field would not require that restriction.  If it's a broadcast, send the
packet only out ports with a VLAN-id that matches the source port's
VLAN-id.  If it's a unicast, handle it just like we used to.


Similarly, even if we have 5 switches, I just don't see the requirement
that we (as switch-code designers) must block unicasts and resort to a
routing requirement.

Even with 500 switches ... well, let's not get ridiculous :)


I feel that there is a simple point that I've overlooked, so I will
continue to RTFM while I await your responses.>)


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
===

RE: why is routing needed with VLANs - ARP? - follow-up

[Bob Vance]

I think that Peter Van Oene hit the nail on the head (and confirmed my
conclusion :) , so I thought that I'd share a couple of his thoughts.

   " ...  More specifically, which applications can work in a unicast
only
world?  Do you intend on statically mapping all your IP to MAC
relationships on node by node basis since ARP no longer works as a
discovery mechanism?

Thinking about this stuff leads to the understanding that
broadcasting
is a fundamental communication tool in today's networks and one
cannot
eliminate its use without creating a major disturbance.

Your understanding of VLAN'ing as a very simple technology is on the
money however.  Its simply a way to create two broadcast domains
where
there was previously one without additional replication of hardware
and
cabling.
   "

You know, it seems that broadcasting is a lot like friction --

We spend a lot of time trying to reduce it  ...
but we can't live without it !


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bob Vance
Sent: Tuesday, January 16, 2001 12:50 PM
To: CISCO_GroupStudy List (E-mail)
Subject: RE: why is routing needed with VLANs - ARP?


What I'm saying is that, before we implement VLANs, we have a flat
address space, with obviously, no routing.
Now, suppose that I arbitrarily decide not to forward broadcasts out
ports 6-10 through some IOS command.
Everything will still work quite happily (except anything relying on
those broadcasts, of course).
...
Ooops.   I think that I just saw the answer.

One of those broadcast thingys is lil' ole ARP.
So, how does a client find the IP address of a destination if the
destination is outside the VLAN?

It's funny that this wasn't pointed out in any of my VLAN reading
(admittedly limited to ICND coursebook and Caslow).
It just arbitrarily says unicasts are blocked or routing is
required without giving a reason.

Oh, well.


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bob Vance
Sent: Tuesday, January 16, 2001 11:35 AM
To: CISCO_GroupStudy List (E-mail)
Subject: why is routing needed with VLANs


OK.
I must be brain dead, today.
   (and, yes, Chuck, I *have* had my morning dose of Diet Coke :)
and, yes, I know, "What's so special about 'today' "?
   )
As far I can understand it so far, about the only benefit that I see
from VLANs is reducing the size of broadcast domains.

Suppose that I have a switch in the closet with one big flat address
space (well, it couldn't be that big with only one switch, now, could
it ?>).  Then someone says,
  "You know, we're getting a lot of blah-blah broadcast traffic.
   Let's VLAN.
  "
OK, fine.  We VLAN and put whatever services in each VLAN that are
required to handle the broadcasts (e.g., DHCP service).  So, now the
switch doesn't send broadcasts outside a particular VLAN.

But, what's so magic about a VLAN that the switch also decides not to
send unicasts outside a VLAN.   Before the VLANs, the switch maintained
a MAC table and knew which port to go out to get to any unicast address
in the entire space.  So, why can't it continue to do that after we
arbitrarily implement some constraint on broadcast addresses?
It seems to me that the same, exact MAC table, with an additional VLAN
field would not require that restriction.  If it's a broadcast, send the
packet only out ports with a VLAN-id that matches the source port's
VLAN-id.  If it's a unicast, handle it just like we used to.


Similarly, even if we have 5 switches, I just don't see the requirement
that we (as switch-code designers) must block unicasts and resort to a
routing requirement.

Even with 500 switches ... well, let's not get ridiculous :)


I feel that there is a simple point that I've overlooked, so I will
continue to RTFM while I await your responses.>)


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
===

RE: Connecting 3640s

[Bob Johnson]

Are you using a T-1 x-over cable to connect the 2 T-1 cards?
You need a cable with pins 1-2 crossed to pins 4-5, pins 4-5 corssed to pins
1-2...
Are the line coding settings the same on each?





-Original Message-
From: Sampy Ren [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 17, 2001 8:23 AM
To: [EMAIL PROTECTED]
Subject: Connecting 3640s


I am trying to connect two 3640's back to back through
their WIC1-DSU-T1 cards.  On one iam defining Clcok
source internal and in the other clock source line. 
the status is up down.  Encapsulation : HDLC.

Any idea what could be the problem?

Regards/Sampath.



__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: why is routing needed with VLANs

[Bob Vance]

And, I suppose (more idle speculation, Bob??) ...

If you had two sets of devices and no need for communication between
those sets, you could theoretically create 2 VLANs with addresses all
within the same subnet (ignoring any possible restrictions in a
particular piece of switch code).

Even then, you *would* be able even to talk TCP/IP between those VLANs,
if unicasts were forwarded by the switch outside the VLAN (and you were
willing to create manual, permanent ARP entries where needed) --
but, they're not.  BTW, is this a CISCO-specific implementation
or are there VLAN RFCs that prescribe necessary behavior.


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Peter Van Oene
Sent: Wednesday, January 17, 2001 12:26 PM
To: [EMAIL PROTECTED]
Subject: RE: why is routing needed with VLANs


Just for clarity, VLAN's are a layer 2 concept and IP is of course a
layer 3 (please do not start with the "but what layer is arp again" :)

Despite subnets and VLAN's generally happening on a 1:1 basis in a lot
of theoretical and practical discussions, the two concepts are totally
unrelated and altogether unaware of each others presence.  An IP host
will not detect a node is on another VLAN and hence send to the gateway,
it will detect a node is on another subnet.  It doesn' t really care if
the node is in the same broadcast domain or halfway around the world, if
its not on the network, its sent via the gateway.  This is very strict
behavior.  Nodes on different IP subnets do not communicate directly in
any case without the use of an intermediary, layer 3 device.

VLANs as a concept are of trivial complexity.  VLAN membership,
particularly dynamic membership along with protocols like 802.1q, ISL,
PVST etc that leverage and support VLANs do offer some element of
challenge and opportunity for best practise designs.

I just felt that the line between VLANs (broadcast domains) and IP
subnets was getting somewhat blurry when it really shouldn't be.


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Multicast: Router and Switch locations

[Bob Johnson]

In a simple setup like (where you are not actually routing multicast traffic
but would like CGMP to control multicast traffic at the switch check out:

http://www.cisco.com/warp/customer/473/38.html

It can be done as long as you have 1 router interface in the VLAN. The
secret is to not enable multicast routing at a global level but enable PIM
on the interface. This will then allow CGMP packets to be sent from the
router to the switches. The switches will then not pass multicast groups to
any port that has not received IGMP packets requesting such groups

Another choice would be to use IGMP snooping if your switch supports it...

You don't need a router for multicasting if everything is in a single
broadcast domain The multicast server will  just spit out data, the
clients will receive it... The clients will send IGMP requests but since
everything is in a single VLAN they are not needed


-Original Message-
From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 17, 2001 11:38 AM
To: '[EMAIL PROTECTED]'
Subject: Multicast: Router and Switch locations


Currently reading about Multicast, which I have not any experience with yet.

If you have a small simple LAN with 1 fileserver, 10 workstations and 1
router to the Internet:


INTERNET---[router]---[switch]---[fileserver & 10 workstations]


In order for that fileserver to send multicast data to participating
workstations without changing the topology, I would have to setup the router
with IGMP and CGMP, so the workstation could tell the router that it joined
a group, and the router could then inform the switch with CGMP about that
workstation. The fileserver would now send multicast data and the switch
would know which interface(s) to forward it out to.

Since the server and every workstation has their own connection to the
switch (and hence has their own individual collision domain), would I be
right in assuming that it would not improve the situation to add an
additional router to act like a filter between the switch and the server?


INTERNET---[router]---[switch]---[10 workstations]
 |
  [router2]
 |
 [fileserver]


Also, will we see multicasting work without a router or an rsm but only with
a switch in the future (I know that switches don't understand IGMP)?

Thanks,

Ole


 Ole Drews Jensen
 Systems Network Manager
 CCNA, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
 http://www.oledrews.com/ccnp

 NEED A JOB ???
 http://www.oledrews.com/job



_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: why is routing needed with VLANs

[Bob Vance]

Right.  It all depends on how the tables are managed and the particular
code implementing VLAN.  The ICND book specifically says unicasts are
*not* forwarded outside of the VLAN, so I conclude that my little
scenario obviously wouldn't work on a CISCO.

But, if the MAC tables *were* VLAN-commingled and forwarding outside
VLAN were permitted, it seems that it *could* work on a single switch.

E.g., if I, in VLAN2, send a packet with a destination MAC in VLAN3,
the switch *could* see which port the target MAC is on and forward it.
Now, if the target MAC weren't in the table at all, then it might
forward only out VLAN2 ports, so I couldn't initiate a conversation
until the switch actually learned which port this particular target is
on.  But if the switch *did* forward unknown-destination-MAC packets to
*all* unknown ports, even VLAN3, then 

Now, let's think about the above scenario with multiple switches and
trunking.

No.  Let's not ;>)



-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Peter Van Oene
Sent: Wednesday, January 17, 2001 3:59 PM
To: [EMAIL PROTECTED]
Subject: RE: why is routing needed with VLANs


In my experience, there exist some bridge table variations from vendor
to vendor that might impact on your unicast forwarding idea.  I'm not
positive what Cisco does and maybe someone can comment, but I have seen
many implementations that build separate MAC - Interface tables per
VLAN, thus fully isolation traffic from one VLAN to the other(s).

In theory, VLAN technology should involve complete separation of traffic
from VLAN to VLAN and not simply isolation of all 1's broadcasts.  I
expect this is exactly the case in most vendors implementations but
never really tried to verify it.  Keep in mind that again, VLAN
technology was not solely designed for IP networks.

To you point below, the 802.1d compliant switch is a layer 2 device and
does not decode layer 3 headers and thus it doesn't matter what
addresses (be they IP or otherwise) you assign to whatever devices you
chose to attach to it.  As far as documentation goes, I haven't seen
much outside of 802.1q document ion which exists I believe as a subset
of a revised 802.1d spec out of the IEEE.  The basic functionality to me
isn't reflective of something one would need a document for, given RFC's
and such are designed to enable multi vendor inter operability among
other things.

-pete


*** REPLY SEPARATOR  ***

On 1/17/2001 at 1:33 PM Bob Vance wrote:

>And, I suppose (more idle speculation, Bob??) ...
>
>If you had two sets of devices and no need for communication between
>those sets, you could theoretically create 2 VLANs with addresses all
>within the same subnet (ignoring any possible restrictions in a
>particular piece of switch code).
>
>Even then, you *would* be able even to talk TCP/IP between those VLANs,
>if unicasts were forwarded by the switch outside the VLAN (and you were
>willing to create manual, permanent ARP entries where needed) --
>but, they're not.  BTW, is this a CISCO-specific implementation
>or are there VLAN RFCs that prescribe necessary behavior.
>
>
>-
>Tks        | <mailto:[EMAIL PROTECTED]>
>BV     | <mailto:[EMAIL PROTECTED]>
>Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
>Vox 770-623-3430   11455 Lakefield Dr.
>Fax 770-623-3429   Duluth, GA 30097-1511
>=
>
>
>
>
>
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>Peter Van Oene
>Sent: Wednesday, January 17, 2001 12:26 PM
>To: [EMAIL PROTECTED]
>Subject: RE: why is routing needed with VLANs
>
>
>Just for clarity, VLAN's are a layer 2 concept and IP is of course a
>layer 3 (please do not start with the "but what layer is arp again" :)
>
>Despite subnets and VLAN's generally happening on a 1:1 basis in a lot
>of theoretical and practical discussions, the two concepts are totally
>unrelated and altogether unaware of each others presence.  An IP host
>will not detect a node is on another VLAN and hence send to the
gateway,
>it will detect a node is on another subnet.  It doesn' t really care if
>the node is in the same broadcast domain or halfway around the world,
if
>its not on the network, its sent via the gateway.  This is very strict
>behavior.  Nodes on different IP subnets

RE: why is routing needed with VLANs - ARP?

[Bob Vance]

>What is the traditional
>way of moving 1 packet from a lan segment to
>another that doesnt share the same broadcast
>domain? (i.e. Not just connected by a bridge or
>layer 2 switch)
>Answer: Routing.

I know that you're speaking practically, but,
it's not evident, a priori, that
   " moving 1 packet from a lan segment to another
 that doesn't share the same broadcast domain ..
   "
*requires* routing.  And, in fact, it *doesn't* (at least in the sense
of IP routing.  Let's not get too far into the semantics of the word
"routing" ;>).

The whole point of my noodling, was "*Why* do we need the router."
It would certainly be a lot cheaper (cost and process) if we didn't
need one.


The answer is that limiting broadcasts limits practical communication
at the IP level because of IP address discovery (forgetting about all
other protocols), as you point out.  But, I contend that this is a
practical consideration, not theoretical.

For example, we *could*, of course, still have the possibility of
entering static ARP entries into two clients on different VLANs pointing
to each other in the same flat address space.
Then *if* the switch commingled VLAN MAC addresses *and* forwarded
inter-VLAN unicasts, *then* the 2 clients *could* talk.

In fact, it seems that if there were some kind of server process in each
VLAN that handled various broadcast requests, then the scenario *could*
work, generally, without a router.
Of course, we've just introduced another box/process, so what has been
gained ?>)

I dunno.  Just seems to me that the text books ought to point this out
and make the router requirement clearer.  Then, again, maybe I'm the
only one that didn't see the issue right away :)

This may be all just angels dancing on a pin, but thinking about the
why always makes me learn more.

One of my aphorisms is;

"If you learn the *why* of something, you'll never
 forget the *how* of it.
"

Oh, boy.  My kids, eyes are a-rollin', again :)


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-----Original Message-
From: Baety Wayne A1C 18 CS/SCBD [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 19, 2001 6:11 AM
To: 'Bob Vance'
Cc: CISCO_GroupStudy List (E-mail)
Subject: RE: why is routing needed with VLANs - ARP?


Because VLANs are what they are, virtual lans,
in other words many lan segments (self contained
broadcast domains).  We're trying to accomplish
something in software, which was traditionally
implemented physically.

The Question 2 you is...  What is the traditional
way of moving 1 packet from a lan segment to
another that doesnt share the same broadcast
domain? (i.e. Not just connected by a bridge or
layer 2 switch)

Answer: Routing.

Clients don't find IP address of other clients in
different broadcast domains.  To them, they simply
don't exist.  Only the common Router between them exists.
(Layer 2 is completely Ignorant of Layer 3). They only
ARP the IP address of the Router. Or should I say RARP.
They're usually configured with the gw IP already.

Wayne

-Original Message-
From: Bob Vance [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 17, 2001 2:50 AM
To: CISCO_GroupStudy List (E-mail)
Subject: RE: why is routing needed with VLANs - ARP?


What I'm saying is that, before we implement VLANs, we have a flat
address space, with obviously, no routing.
Now, suppose that I arbitrarily decide not to forward broadcasts out
ports 6-10 through some IOS command.
Everything will still work quite happily (except anything relying on
those broadcasts, of course).
...
Ooops.   I think that I just saw the answer.

One of those broadcast thingys is lil' ole ARP.
So, how does a client find the IP address of a destination if the
destination is outside the VLAN?

It's funny that this wasn't pointed out in any of my VLAN reading
(admittedly limited to ICND coursebook and Caslow).
It just arbitrarily says unicasts are blocked or routing is
required without giving a reason.

Oh, well.


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bob Vance
Sent: Tuesday, January 16, 2001 11:35 AM
To: CISCO_GroupStudy List (E-mail)
Subject: why is routing needed with VLANs


OK.
I mus

RE: Remote Telnet access via dial-up

[Bob Johnson]

I have to agree...
Security concerns (in my opinion) can get toned down (and from the original
post it would seem to be a pretty small hole) when you have a business
affecting issue...
Allowing TAC engineers access to the equipment can dramatically lessen done
time
Like any other issue, there is always a trade off in security and
convenience
Unfortunately I've had many TAC cases involving IOS bugs that could not have
been solved via normal "secure" methods...

Bob Johnson

-Original Message-
From: James Haynes [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 19, 2001 9:07 AM
To: [EMAIL PROTECTED]
Subject: Re: Remote Telnet access via dial-up


Irregardless of the security implications this was still pretty cool. Thx
for the information. it may come in handy one day.


"John Nemeth" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> On Jun 10, 11:13am, Priscilla Oppenheimer wrote:
>
>  Yes.  I would have the head of anybody that tried that stunt.  At
> the very least, he should have been using ssh.  However, even that
> would have been dicey.
>
>  As far as the lack of an analogue phone line, that problem is
> easily solved (depending on your point of view) by using CDPD (Cellular
> D? Packet Data).  I have a friend in Canada that has a CDPD modem in
> his laptop.  The service is $50/month for unlimited usage from Telus
> Mobility.  It doesn't matter where he is, his laptop is always
> on-line.  Add an ethernet card in the second PCMCIA slot, and you've
> got a roaming router that could create a back door into any network.
>
> }-- End of excerpt from Priscilla Oppenheimer
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How to configure bind with less than a block of ip's?

[Bob Vance]

It's helpful to realize that there's really nothing different between a
"forward" zone and a "reverse" zone.

The former *generally* contains A (address records) and latter
*generally* contains PTR records, but, both zones can and do carry other
record types (SOA and NS, obviously, but CNAMEs, etc., also) -- it's
all just DNS data.

The magic is in what the DNS clients do when they request a lookup.
Viz.:

To get an IP address, when presented with a "name", a DNS client does an
"A"-record lookup on the name given, and this causes the nameserver to
look in what we call the "forward zone" for an "A" record, but it's only
because that's what the client asked for.  E.g., when a client asks for
"a.b.c.com", the server ultimately looks in his "b.c.com" zone data and
we happen to call this the "forward zone".

But, when trying to look up a *name*, when presented with an IP address,
say "a.b.c.d", (which we call "reverse" lookup)
   (e.g., an 'rlogin' server trying to find out the name of the
client machine from which the login is occurring so that he,
the 'rlogin' server, can check that name in the ".rhosts" file
   ),
the DNS client (which is the 'rlogin' server code in this example :)
requests a lookup for a "PTR" record, "d.c.b.a.in-addr.arpa." .
   (Note that the above is generally hidden in library calls, e.g.,
gethostbyname and gethostbyaddr on Unix.
   )


All of that should pretty well be known, even by a newbie.


But, two major, non-obvious-to-the-newbie things, I think, that help
clear up the non-octet-reverse delegation are:

 1. valid CNAMEs can point to records *outside* the current zone
 foo.bar.com. IN A 1.2.3.4
 fubar.bar.com. CNAME yyy.yahoo.com.

 2. PTRs can have CNAMEs as well !
 4.3.2.1.in-addr.arpa.  IN  PTR  foo.bar.com.
 5.3.2.1.in-addr.arpa.  CNAME  fandoo.bar.com.
 6.3.2.1.in-addr.arpa.  CNAME  6.subxx.3.2.1.in-addr.arpa.
   (where fandoo.bar.com. and 6.subxx.3.2.1.in-addr.arpa.
would be PTR records in the bar.com and
subxx.3.2.1.in-addr.arpa zones, respectively.
   )

Your ISP is generally authoritative for the class C from which he has
parsimoniously given you a few addresses.
So he can handle the reverse PTRs for you -- if he wants to!!

If you are hosting your DNS, even though your ISP's kindly agreed to be
a secondary for your "forward" domain, he's not gonna want to be
bothered changing or adding PTR records while you can't decide on a good
name for one of your boxes.  So you really want to handle the reverse
yourself.  However, the ISP doesn't want to delegate to you the *whole*
class C in-addr.arpa domain (since there are other clients therein :).
However, he *can* delegate a *sub-domain* of the class C
in-addr.arpa to you, (since he's authoritative for the parent).

Then he can put CNAMEs in his parent pointing to the PTRs in
the sub-domain he delegated to you!

So, he is still authoritative for 3.2.1.in-addr.arpa, but has delegated
to you, say "hoohah.3.2.1.in-addr.arpa", which is a valid sub-domain of
"3.2.1.in-addr.arpa" .

Then he has
  1.3.2.1.in-addr.arpa.  CNAME  1.hoohah.3.2.1.in-addr.arpa.
 ...
  6.3.2.1.in-addr.arpa.  CNAME  6.hoohah.3.2.1.in-addr.arpa.

(or
  1CNAME  1.hoohah.3.2.1.in-addr.arpa.
 ...
  6CNAME  6.hoohah.3.2.1.in-addr.arpa.
since the ORIGIN, ".hoohah.3.2.1.in-addr.arpa. " will be appended to
those non-dot-terminated names.
And, probably done with a
  $GENERATE 1-6 $  CNAME $.hoohah.3.2.1.in-addr.arpa.
)

You are authoritative for "hoohah.3.2.1.in-addr.arpa" (since the ISP
delegated it to you) and in the zone master file for that domain, you
have:
  1.hoohah.3.2.1.in-addr.arpa.IN  PTR  www.bar.com.
  4.hoohah.3.2.1.in-addr.arpa.IN  PTR  foo.bar.com.
(or
  1IN  PTR  www.bar.com.
  4IN  PTR  foo.bar.com.
)
or whatever.
It doesn't really matter that you don't have the other records.

When a DNS client wants to do a reverse lookup on 1.2.3.4, he will
do a PTR request for 4.3.2.1.in-addr.arpa.
It will be found that the ISP is authoritative for 3.2.1.in-addr.arpa
and he will be queried for 4.3.2.1.in-addr.arpa.
But the CNAME will point to 4.hoohah.3.2.1.in-addr.arpa for which
you are authoritative and you'll be queried for it and will return
"foo.bar.com".
Voila!

Of course, the ISP will probably not call the sub-domain "hoohah", but
"0-7" or "sub-0-7" or "subnet-0" or "0/29" or something more meaningful.


I'm sure that the gurus will find and fill holes in the above, but
it should clarify things for you a bit.


-
Tks        | 
BV     | 
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Alexandra
Sent: Friday, January 19, 2001 9:50

CCNA 2 and subnets

[Bob Vance]

Sorry for the lame question, but I gotta know :|

We know that subnet -1 (all ones) is valid to config in IOS and that 0
is OK with

ip subnet-zero.

For purposes of CCNA 2, do we assume that subnet 0 and -1 are valid,
vs. CCNA 1 (where they were not) for questions like,
   "How many subnets can we have with this mask?
   "
?
Does the test make it clear in preliminary text?

The archives seem to have conflicting answers.

The Cisco Press ICND book (McQuerry, 1-57870-111-2) doesn't address the
issue head on, but simply shows tables with (2^(n-1))-2 subnets.

The Cisco Press 640-507 Cert Guide (Odom, 0-7357-0971-8) clearly says
that 2^(n-1) is correct and yet points out that 0 is only valid with
"ip subnet-zero" !

Does anyone know the *definitive* answer for CCNA 2.0 ?


-
Tks        | 
BV     | 
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=




_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNA 2 and subnets

[Bob Vance]

Yarrggh!
Of course, that's

   (2^n)   (*not*   2^(n-1) )

Maybe there *is* something to that aspartame story ;>)

-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bob Vance
Sent: Monday, January 22, 2001 10:35 PM
To: CISCO_GroupStudy List (E-mail)
Subject: CCNA 2 and subnets


Sorry for the lame question, but I gotta know :|

We know that subnet -1 (all ones) is valid to config in IOS and that 0
is OK with

ip subnet-zero.

For purposes of CCNA 2, do we assume that subnet 0 and -1 are valid,
vs. CCNA 1 (where they were not) for questions like,
   "How many subnets can we have with this mask?
   "
?
Does the test make it clear in preliminary text?

The archives seem to have conflicting answers.

The Cisco Press ICND book (McQuerry, 1-57870-111-2) doesn't address the
issue head on, but simply shows tables with (2^(n-1))-2 subnets.

The Cisco Press 640-507 Cert Guide (Odom, 0-7357-0971-8) clearly says
that 2^(n-1) is correct and yet points out that 0 is only valid with
"ip subnet-zero" !

Does anyone know the *definitive* answer for CCNA 2.0 ?


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: But isn't that the routers job???

[Bob Vance]

LOL.
You're right, it *is* an interesting way to phrase it.

>"... doing route lookups for every packet that comes in the router."
>Correct me if I'm wrong but isn't that what a routers supposed to do???

Actually, metaphysically speaking, I'd say, "No!"
The router's main job is to send the packet to the next hop in the best
path to the destination.  So, "doing route lookups" is not his *job*,
but if that's what he has to do, then it happens as a by product.  If he
can do his job without a route-table lookup, then so much the better,
freeing him up to handle other packets that do need a lookup, or
maintain the route table in a timely manner -- or make that new pot of
coffee.

Maybe,
   "... the RP is free to use valuable CPU time on more important
things than doing route-table lookups for packets that don't
need a lookup; like doing lookups for packets that *do* need
a lookup :)
   "


-
Tks        | 
BV     | 
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, January 22, 2001 11:05 PM
To: [EMAIL PROTECTED]
Subject: But isn't that the routers job???


Hey Group,
 Me again. I'm reading for my CIT and am at the section where it
goes
into detail of the various switching methods in the router (i.e.,
silicon,
CEF, autonomous, etc.) I understand how all this works and understand
how the
SP takes a lot of the stress away from the RP and this is good because
your
avoiding bogging the RP/CPU down. I have a problem with these statements
though and want some clarification...

Taken form the book (Lammle's CIT p. 173):

 "This is just another reason why switching is such a good practice.
Why
burden the RP with every packet if it's not necessary? By using
switching
methods, the RP is free to use valuable CPU time on more important
things
than doing route lookups for every packet that comes in the router."

Correct me if I'm wrong but isn't that what a routers supposed to do???
What
else does the RP have to do that is more important than ROUTING? I may
be
overanalyzing this but it just seems that he's saying that the RP has
better
things to do like make coffee, rather than route.

Basically, could somebody give me a list of some other things the RP/CPU
has
to do other than route lookups...(I know there are access-lists and
other CPU
things here, I just would like a solid list to remember). Thanks team,

Mark Zabludovsky ~ CCNA, CCDA, 3/4-NP
[EMAIL PROTECTED]

 "Even if I knew I had only 1 more week to live, I would still
schedule
my CCIE lab. I would just have to work a little harder I guess. After
all,
without any goals in life, I'm dead already."
   ~Mark
Zabludovsky~

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNA 2 and subnets

[Bob Vance]

Thanks.
I think that I pretty well understand the technical aspects.
I know that I can use subnet -1 and subnet 0 in a Cisco environment
(with "ip subnet-zero").

My question was of a practical nature:

   Does the CCNA 2.0 certification test assume that we can use 0 and -1
   or does it assume that we cannot.

E.g., if encountered on the CCNA 2.0 cert test, what is the answer to
the following question:

   Given the Class C network, 192.168.1.0, what mask is needed to
   provide for 7 subnets?

The "real" answer (in the sense of what could be configured on the Cisco
routers and irrespective of any restrictions that hosts on those subnets
might have) would be 255.255.255.224, even without "ip subnet-zero".

The CCNA 1.0 answer would have been

255.255.255.240

What is the answer expected by CCNA 2.0 ? (Or maybe they scrupulously
avoid those particular questions :)

And, as I said, the ICND book still subtracts 2.

-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Brian Lodwick
Sent: Tuesday, January 23, 2001 1:17 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: CCNA 2 and subnets


Bob,
  Howard answered this question for me a while back so I'll try to
answer it
for you now. This question is probobaly more in depth than you realize,
but
the question comes down to why did they used to say the equation for
finding
the amount of valid subnets is 2^#of hosts -2? And why now do we not -2?
Well the short answer is -we used to use Classfull addressing. With
classfull the reason we used the -2 was because it was a bad idea to use
the
all 0's or all 1's subnets(highly discouraged is I believe the
terminology)When an all 0's subnet update was sent to a classfull router
it
would not be able to decipher it from the entire network. This is
because in
clasfull the masks aren't sent with the updates therefore when the
classfull
mask is placed on say 192.168.0.0/28 it would change it to /24 because
again
the mask wasn't sent. Which would end up causing some issues obviously.
The
other one was the all 1's subnets. I'll just make an example. If you
think
along the same lines as the all 0's. Again in a classfull environment a
broadcast for a particular subnet would be interpreted as a broadcast
for
the entire network. 192.168.0.255/28 has different meaning than
192.168.0.255/24.
3Coms website has the best explaination I have found The article is
called:
Understanding IP addressing: Everything You Ever Wanted To Know by Chuck
Semeria.
Cisco, Microsoft, and the RFC's seem to dance around the topic.

>>>Brian


>From: "Bob Vance" <[EMAIL PROTECTED]>
>Reply-To: "Bob Vance" <[EMAIL PROTECTED]>
>To: "CISCO_GroupStudy List \(E-mail\)" <[EMAIL PROTECTED]>
>Subject: RE: CCNA 2 and subnets
>Date: Tue, 23 Jan 2001 08:24:37 -0500
>
>Yarrggh!
>Of course, that's
>
>(2^n)   (*not*   2^(n-1) )
>
>Maybe there *is* something to that aspartame story ;>)
>
>-
>Tks        | <mailto:[EMAIL PROTECTED]>
>BV     | <mailto:[EMAIL PROTECTED]>
>Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
>Vox 770-623-3430   11455 Lakefield Dr.
>Fax 770-623-3429   Duluth, GA 30097-1511
>=
>
>
>
>
>
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>Bob Vance
>Sent: Monday, January 22, 2001 10:35 PM
>To: CISCO_GroupStudy List (E-mail)
>Subject: CCNA 2 and subnets
>
>
>Sorry for the lame question, but I gotta know :|
>
>We know that subnet -1 (all ones) is valid to config in IOS and that 0
>is OK with
>
> ip subnet-zero.
>
>For purposes of CCNA 2, do we assume that subnet 0 and -1 are valid,
>vs. CCNA 1 (where they were not) for questions like,
>"How many subnets can we have with this mask?
>"
>?
>Does the test make it clear in preliminary text?
>
>The archives seem to have conflicting answers.
>
>The Cisco Press ICND book (McQuerry, 1-57870-111-2) doesn't address the
>issue head on, but simply shows tables with (2^(n-1))-2 subnets.
>
>The Cisco Press 640-507 Cert Guide (Odom, 0-7357-0971-8) clearly says
>that 2^(n-1) is correct and yet points out that 0 is only valid with
>"ip subne

OT - Ascom Router Info Needed

[Bob Johnson]

I've come across an abandoned (one of the few perks of working in wire
closets) Ascom Timeplex "Time/LAN Access Router"...
It works but I neeed to find some documenation for it ( at least to reset
the configs)...
It has 2 AUI ports so should be a fine addition to the home lab (though
divorce is mentioned everytime I come home with a new "find")...
Anyone have any info on reseting the device or a place to get documentation?

The maker no longer supports it so hopefully someone has docs laying
around.

Thanks

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNA 2 and subnets - Yikes

[Bob Vance]

Yikes !!!

>For CCNA 2.0 exam x^2 -1 is the correct answer.

So, you're saying that subnet -1 (all ones) is assumed to be allowed
(which is true for Cisco routers), and subnet 0 is *not*, in the absence
an explicit "ip subnet-zero".

That's worse than I thought (or better, since it's correct ;>) !!!


-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Gopinath Pulyankote
Sent: Tuesday, January 23, 2001 6:01 PM
To: [EMAIL PROTECTED]
Subject: Re: CCNA 2 and subnets


For CCNA 2.0 exam x^2 -1 is the correct answer. I did get a question on
the
similar lines & I answered it based on this, it must be correct since I
got
a 100% for that topic.


""Bob Vance"" <[EMAIL PROTECTED]> wrote in message
002d01c08573$2af4e680$[EMAIL PROTECTED]">news:002d01c08573$2af4e680$[EMAIL PROTECTED]...
> Thanks.
> I think that I pretty well understand the technical aspects.
> I know that I can use subnet -1 and subnet 0 in a Cisco environment
> (with "ip subnet-zero").
>
> My question was of a practical nature:
>
>Does the CCNA 2.0 certification test assume that we can use 0
and -1
>or does it assume that we cannot.
>
> E.g., if encountered on the CCNA 2.0 cert test, what is the answer to
> the following question:
>
>Given the Class C network, 192.168.1.0, what mask is needed to
>provide for 7 subnets?
>
> The "real" answer (in the sense of what could be configured on the
Cisco
> routers and irrespective of any restrictions that hosts on those
subnets
> might have) would be 255.255.255.224, even without "ip subnet-zero".
>
> The CCNA 1.0 answer would have been
>
> 255.255.255.240
>
> What is the answer expected by CCNA 2.0 ? (Or maybe they scrupulously
> avoid those particular questions :)
>
> And, as I said, the ICND book still subtracts 2.
>
> -
> Tks | <mailto:[EMAIL PROTECTED]>
> BV | <mailto:[EMAIL PROTECTED]>
> Sr. Technical Consultant, SBM, A Gates/Arrow Co.
> Vox 770-623-3430 11455 Lakefield Dr.
> Fax 770-623-3429 Duluth, GA 30097-1511
> =
>
>
>
>
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Brian Lodwick
> Sent: Tuesday, January 23, 2001 1:17 PM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: RE: CCNA 2 and subnets
>
>
> Bob,
>   Howard answered this question for me a while back so I'll try to
> answer it
> for you now. This question is probobaly more in depth than you
realize,
> but
> the question comes down to why did they used to say the equation for
> finding
> the amount of valid subnets is 2^#of hosts -2? And why now do we
not -2?
> Well the short answer is -we used to use Classfull addressing. With
> classfull the reason we used the -2 was because it was a bad idea to
use
> the
> all 0's or all 1's subnets(highly discouraged is I believe the
> terminology)When an all 0's subnet update was sent to a classfull
router
> it
> would not be able to decipher it from the entire network. This is
> because in
> clasfull the masks aren't sent with the updates therefore when the
> classfull
> mask is placed on say 192.168.0.0/28 it would change it to /24 because
> again
> the mask wasn't sent. Which would end up causing some issues
obviously.
> The
> other one was the all 1's subnets. I'll just make an example. If you
> think
> along the same lines as the all 0's. Again in a classfull environment
a
> broadcast for a particular subnet would be interpreted as a broadcast
> for
> the entire network. 192.168.0.255/28 has different meaning than
> 192.168.0.255/24.
> 3Coms website has the best explaination I have found The article is
> called:
> Understanding IP addressing: Everything You Ever Wanted To Know by
Chuck
> Semeria.
> Cisco, Microsoft, and the RFC's seem to dance around the topic.
>
> >>>Brian
>
>
> >From: "Bob Vance" <[EMAIL PROTECTED]>
> >Reply-To: "Bob Vance" <[EMAIL PROTECTED]>
> >To: "CISCO_GroupStudy List \(E-mail\)" <[EMAIL PROTECTED]>
> >Subject: RE: CCNA 2 and subnets
> >Date: Tue, 23 Jan 2001 08:24:37 -0500
> >
> >Yarrggh!
> >Of course, that's

OT (sort of) TAC Horror Stories

[Bob Johnson]

Just curious about other peoples experiences with TAC on products "gone
bad"...

1) Get call while almost in bed at 9:30 PM
2) 3548XL GigE interface goes down...
3) Restart and power cycle switch to no avail..
4) Swap out GBIC and fiber patch with no more luck...
5) Call TAC, luckily equipment is on 7x24x4 SmartNet..
6) Actually get new switch in 3.5 hours delivered to site..
7) While configuring notice fan does not work...
8) Install anyways and call TAC again (luckly unit was near HVAC vent)...
9) TAC agrees to send another unit but have to wait till next afternoon..
10) Replacement arrives but half it's ports don't enable after boot (the
LEDs stay sort of yellow)
11) TAC agrees to send another but it will take (this was on a Friday) till
Monday...
12) Get replacement..
13) Pull out of box and hear a serious rattle (must be atleast two parts
loose in chassis)
14) TAC agrees to send another unit but need 3 days to find one...
15) Unit finally shows up and actually works (and didn't rattle)

I was lucky as the first unit worked (though it's fan did not) and did not
over heat (mainly due to it's location)... Had there been cooling problems I
would have yanked a fan off one of the other units (though as the part was
not a "service item" TAC did not support such creativeness)..
Just curious as to what anyone elses TAC horror stories have been like?

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT (sort of) TAC Horror Stories (Best to change the title to SmartNet QA horror stories))

[Bob Johnson]

As pointed out by many, the problem was not so much with TAC than with the
SmartNet spares system. I consider the whole program under the umbrella of
TAC (considering the amount we pay for SmartNet) hoever the TAC staff
themselves have always been extremely respnosive and dependable

In this case is was bad QA by Smartnet. I consider receiving 3 defective
replacement units (covered under a 7x24x4 Onsite Smartnet contract) over a 1
week period a "horror story" but I perhaps should not be blaming TAC...

Bob

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Recent Posts

[Bob Wilson]

You know, the very civil and collegial tone of the comp.dcom.sys.cisco list
is a really good model to follow.  They get occasional dumb questions, mine
among them, and dumb questions that could have been answered by a little
RTFM, and then there are liberal arts types like myself who tend to go on
and on and all of us generally get courteous answers or no answers which
means that somebody's practicing "If you can't say something nice."
Anyway, thanks Lifelong Learner for your appeal for courteous professional
dealings with each other.  I second the motion.

Bob W.
New CCNA/CCDA


- Original Message -
From: Lifelong Learner <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, September 13, 2000 2:00 PM
Subject: Recent Posts


> It seems to me that there has been a marked increase in the percentage of
> flames and other venom-laden posts recently (see threads about visas,
'cisco
> switches', etc.).  This list is a great resource, but trying to read
through
> and understand the volume of daily posts can be difficult under ideal
> conditions.  When the the good information gets buried within dozens of
> messages that are the equivalent of electronic spit, I find it difficult
to
> get through the list without skipping many posts.  I guess what I am
trying
> to say is that if we can collectively keep the flames to a minimu, we can
> all get more out of the list.
>
> (Proceed with flaming me
> _
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> Share information about yourself, create your own public profile at
> http://profiles.msn.com.
>
> **NOTE: New CCNA/CCDA List has been formed. For more information go to
> http://www.groupstudy.com/list/Associates.html
> _
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Zone Delegation/Reverse Delegation

[Bob Vance]

The reverse delegation is done by whomever has been delegated authority
for the parent of the reverse domain, just like for the forward
domains.
E.g., whoever has authority for xxx.yyy (yyy.xxx.in-addr.arpa domain)
will delegate authority for any xxx.yyy.nnn.
After all,
nnn.yyy.xxx.in-addr.arpa
is simply a sub-domain of
yyy.xxx.in-addr.arpa
just like
foo.bar.com
is a sub-domain of
bar.com.
Once you have authority for a domain, you can delegate sub-domains
at your whim.
Typically, your ISP would have authority for your reverse parent.
If the ISP is hosting your DNS, then they would retain authority
for both the forward and the reverse domains.
You say that *you* created a sub-domain.  That means that you have the
ability to change the zone data on their server.  But you cannot
arbitrarily start using a new range of IP addresses.  You have been
assigned a range of IPs by your ISP, and you must stay within that
range.  Thus, whoever is authoritative for that range would have to
add the PTR records for your host.  Most likely it's the ISP, and it
would seem that you should also have the ability to set up the reverse
PTRs yourself.


-
Tks        | 
BV     | 
Senior Tech. Consultant,   SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Benny Leong (HTHK - Senior Engineer II - iServices Development, NNSD)
Sent: Monday, September 18, 2000 1:55 AM
To: '[EMAIL PROTECTED]'
Subject: FW: Zone Delegation/Reverse Delegation


It seems that I cannot post message.  This is to re-send the same mail
message.

I have 2 T1 connected to 2 separate ISPs.   The DNS is being hosted on one
ISP.  Now, I have created a subdomain.  Is the zone delegation done at the
ISP and the reverse delegation done at the APNIC ?

**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Zone Delegation/Reverse Delegation

[Bob Vance]

Did you ever get this reply?

-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=





-Original Message-----
From: Bob Vance
Sent: Tuesday, September 19, 2000 12:00 AM
To: clst
Cc: Benny Leong (HTHK - Senior Engineer II - iServices Development,
NNSD)
Subject: RE: Zone Delegation/Reverse Delegation


If the ISP is authoritative for "bar.com", then you cannot create the
sub-domain "foo.bar.com".  The administrator of whichever system is
authoritative for "bar.com" would create it and delegate authority for
it to your local DNS host.


>I don't understand why the DNS delegation is done by ISP but the
>reverse delegation is done by APNIC.

That's just the way delegation works.  Only the authority for a
domain can create a sub-domain of that domain (reverse domains are
valid domains just like "forward" ones are) and then, possibly,
delegate authority for it to some other nameserver.

Perhaps looking at the details will help:

I am "ns1.bar.com" and am the primary (the source data files for the
zone are most likely on me) nameserver for bar.com.
Here is the data for bar.com (the authority for this zone was delegated
to me by the authority for ".com"):

$ORIGIN bar.com.
@IN SOA ..
 IN NS ns1.bar.com. ; these records match
 IN NS ns.xyz.isp.com.  ; the records in .com
ns1  IN A  206.222.111.11   ; that delegate bar.com to me
www  IN A  206.222.111.17
ftp  IN A  206.222.111.18
$ORIGIN foo.bar.com.  ; here is a sub-domain that I create
pluto   IN A  206.222.166.31  ; but I'm still the authority for it
goofy   IN A  206.222.166.31  ; so I create the records and maintain
donald  IN A  206.222.166.31  ; the zone data for it

At some point there are just too many hosts and too much work to
maintain the sub-domain data, so I decide to *delegate* authority
to another server in our company and let them do the work.

The sub-domain data changes thusly:

$ORIGIN foo.bar.com.  ; here is a sub-domain that I create
IN NS pluto   ; but "pluto" will be the authority for it
pluto   IN A  206.222.166.31  ;  the appearance of the NS record is the
  ; delegation and this is known as a
  ; "zone cut"

Now, "pluto" can be the primary nameserver for foo.bar.com and have zone
data for it.


OK.
The *same* hold true for the reverse delegation.
If "ns1.bar.com" is to be authoritative for
111.222.206.in-addr.arpa
then whoever is authoritative for
222.206.in-addr.arpa
would have a zone cut at
111.222.206.in-addr.arpa
and delegate authority for it to "ns1.bar.com"

$ORIGIN 111.222.206.in-addr.arpa   ; here is the sub-domain
IN NS ns1.bar.com  ; and I'm now the authority

Normally, you ISP would be authoritative for 111.222.206.in-addr.arpa,
but maybe not.  In any case, only that authority can delegate
authority for 111.222.206.in-addr.arpa to you.

Talk to your ISP about this -- they should be able to tell you whom to
contact to get the reverse sub-domain delegated to you.




-
Tks        | <mailto:[EMAIL PROTECTED]>
BV     | <mailto:[EMAIL PROTECTED]>
Senior Tech. Consultant,   SBM, A Gates/Arrow Co.
Vox 770-623-3430   11455 Lakefield Dr.
Fax 770-623-3429   Duluth, GA 30097-1511
=

-Original Message-
From: Benny Leong (HTHK - Senior Engineer II - iServices Development,
NNSD) [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 18, 2000 10:29 PM
To: 'Bob Vance'
Subject: RE: Zone Delegation/Reverse Delegation


Hi Bob,

I need further explanation from you :

The DNS of the domain, bar.com, is hosted by an ISP.
We have applied a range of IP address and AS# from APNIC.
We have created our sub-domain, say, foo.bar.com.   The DNS server of
this
subdomain is hosted by ourselves.

I don't understand why the DNS delegation is done by ISP but the reverse
delegation is done by APNIC.

Regards, Benny

--
From:  Bob Vance [SMTP:[EMAIL PROTECTED]]
Sent:  Monday, September 18, 2000 8:41 PM
To:  CISCO_GroupStudy List (E-mail)
Cc:  'Benny Leong (HTHK - Senior Engineer II - iServices
Development, NNSD)'
Subject:  RE: Zone Delegation/Reverse Delegation

The reverse delegation is done by whomever has been delegated
authority
for the parent of the reverse domain, just like for the forward
domains.
E.g., whoever has authority for xxx.yyy (yyy.xxx.in-addr.arpa
do

Re: personal firewall

[Bob Watson]

Netscreen 5's are realatively inexpensive and support fully functional NAT

about the size of a mini hub.

Bob Watson
CCNA

Jim Bond wrote:

> Hello,
>
> Any recommendation on a good hardware personal
> firewall? I'm looking for a not too expansive, easy to
> configure, can support NAT one.
>
> Thanks in advance.
>
> Jim
>
> __
> Do You Yahoo!?
> Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free!
> http://photos.yahoo.com/
>
> **NOTE: New CCNA/CCDA List has been formed. For more information go to
> http://www.groupstudy.com/list/Associates.html
> _
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

7206vxr From ATM to Frame????

[Bob Watson]

Our company Is currently ordering a ds3 ATM pipe for our Home Office
Backbone to connect several of our  Frame Relay Sites though it.  Does
anyone have experiance configuring the ATM interface to map Frame relay
endpoints?
If so sample configs would be helpfull.
or cisco links I have not found reference configs on the web site to
date.

Bob Watson
CCNA

**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Home lab

[Bob Edmonds]

Does anybody know of any good place to purchase a home lab to study for the
ccnp series of tests?  Any information would be much appreciated.


**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Home lab

[Bob Edmonds]

Thanks for all the great suggestions eveyone!!! I'm sure they'll be helpful.


**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: Ethernet Trivia

[Bob Edmonds]

I'm going to have to say that the answer to that is: The one that transmitts
first!  The question never said that they were transmitting at the same time
and/or on the same physical segment.

> >Let's say we have a 10Mbps and 100Mbps interface.  Both transmit the same
> >sized
> >frame over the same type of media and over the same distance and neither
> >experience
> >a collision.  Which will get to the destination first?
> >
> >
> >**NOTE: New CCNA/CCDA List has been formed. For more information go to
> >http://www.groupstudy.com/list/Associates.html
> >_
> >UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> >FAQ, list archives, and subscription info: http://www.groupstudy.com
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> Share information about yourself, create your own public profile at
> http://profiles.msn.com.
>
> **NOTE: New CCNA/CCDA List has been formed. For more information go to
> http://www.groupstudy.com/list/Associates.html
> _
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: Ethernet Trivia

[Bob Ferguson]

Frank wrote:
> 
> Let's say we have a 10Mbps and 100Mbps interface.  Both transmit the same
> sized
> frame over the same type of media and over the same distance and neither
> experience
> a collision.  Which will get to the destination first?

The one on the 100MB interface.  

Hint:  "Serialization delay"

-- 
Jay Hennigan  -  Network Administration  -  [EMAIL PROTECTED] 
NetLojix Communications, Inc.  NASDAQ: NETX  -  http://www.netlojix.com/
WestNet:  Connecting you to the planet.  805 884-6323

**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Groupstudy port 25 refusing connections...

[Bob Ferguson]

Paul,

I've got mail queued since yesterday.  Trying the newsfeed.  

-Jay

**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: Ethernet Trivia

[Bob Ferguson]

Nnanna Obuba wrote:
> 
> Let's say we have a 2 lane and a 5 lane road, 2 cars
> travel at the same speed over those roads,and neither
> experiences traffic, which will do 100 miles first?

Not exactly.

You're standing at the city limit sign entering Switchville. 

The lead cars of two 512-car motorcades arrive at the same instant on 
parallel one-lane roads.  Both motorcades are bumper-to-bumper,
traveling 
at the same speed.

On motorcade Tenbit, each car is exactly ten times as long as the cars 
of motorcade Hundredbit.  

Which motorcade will be "in town" (the last car has crossed the city 
limit sign) first? 

This is due to "serialization delay".  With any serial data stream, and 
Ethernet is a serial data stream even though it doesn't use a "Serial" 
interface, there is a fixed amount of time allocated to each bit of 
information.  On 10-base-(whatever) Ethernet, it's 100 nanoseconds per
bit (1/10,000,000 second).  With 100-base-(whatever), it's 10
nanoseconds
per bit.  With T-1, it's 648 nanoseconds per bit.  

Even though both frames travel over the wire (or fiber, or microwave) at 
the speed of light in whatever medium is used, for the frame to "arrive"
you have to take into account the length of time it takes for the bits
to
clock in, one by one, until the entire frame has arrived. 

> --- Frank <[EMAIL PROTECTED]> wrote:
> > Let's say we have a 10Mbps and 100Mbps interface. 
> > Both transmit the same
> > sized
> > frame over the same type of media and over the same
> > distance and neither
> > experience
> > a collision.  Which will get to the destination
> > first?

-- 
Jay Hennigan  -  Network Administration  -  [EMAIL PROTECTED] 
NetLojix Communications, Inc.  NASDAQ: NETX  -  http://www.netlojix.com/
WestNet:  Connecting you to the planet.  805 884-6323

**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

List change?

[Sites, Bob]

Has something changed with the list? Prior to yesterday I was getting 100+
emails overnight that awaited me in the morning. The last two days I've only
received 40 or so over night? Is something wrong with the list or has
comething changed?

Bob Sites, CCNA
System Engineer

**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ATM question

[Bob Watson]

Will the cisco 7206vxr support FRF.5 Frame Relay-ATM Interworking
function, which enables Frame Relay voice or data traffic to be
encapsulated in ATM cells.

If so does this mean I could map Frame pvc's within the atm ds3
interface on the router to talk to frame sites of mine?

On the satellite end will the telco provider give me the frame traffic
in ATM format and simply not de-encapsulate their ATM cells when
distributing traffic to my 7206?





**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: TCN BPDU confusion

[Bob Watson]

In my experience you would always want to turn portfast on in end point
segments especially those simply connected to workstations and servers
since they shouldn't be participating in creating ne type of bridging loop
issues
"Rampley, Jim" wrote:
 
I'm reading the Cisco LAN switching
book (great book)!  I've got a question about topology change notification
BPDU's.  If you have a port on a switch that is NOT using portfast
with say a workstation or server connected.  When that port comes
up spanning tree will run.  My question is once it goes into the forwarding
state will a TCN BPDU be sent?  There are three rules that say when
a TCN BPDU will be sent.  The rule that I think applies is "When a
port is put in the forwarding state and the bridge has at least one designated
port."
I realize most of the time you would
want to use portfast in this situation since you don't want to be running
spanning tree while the machine is trying to booting up.  I just didn't
realize you would actually be saving traffic on your network and also the
effects of having to flush the CAM quicker.  Someone could actually
tweak the STP timers down so they wouldn't have to use portfast, but you
could have a flood of TCN BPDU's every morning.
Jim
 
***
WARNING: All e-mail sent to and from this address
will be received or
otherwise recorded by the A.G. Edwards corporate
e-mail system and is
subject to archival, monitoring or review by, and/or
disclosure to,
someone other than the recipient.
***

Re: CISCO SWITCH

[Bob Watson]

3524xl series has some redundancy functions to it if you are refering to
backbone failover problems.  ie using 2 gbic cards to different backbone
connections and such.

Also has the router IOS built in which has it's own pro's and con's associated
to it.

Pushkar Shirolkar wrote:

> hi,
>
> i have a requirement that says that i need to have a redundant cisco switch
> .. i.e. there is a LAN and the if the switch fails .. the other switch
> should take over. this is possible in the cisco 6000 series of switches ...
> but is there some lower end solution .. that costs less and also my
> requirement of ports on the switch is also less ... say about 24 ports ...
> is there any product available which does so .. in 3500 or 2900 series ?
> like using ISL (inter-switch link) .. but for the lower end switches ...
>
> Please reply ASAP
>
> thanx
> Pushkar
>
> **NOTE: New CCNA/CCDA List has been formed. For more information go to
> http://www.groupstudy.com/list/Associates.html
> _
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: WHIZZ KIDS WHO HAVE THE CCIE number

[Bob Edmonds]

I got my CCNA in July and I will be turning 19 on October 31, 2000.  I don't
feel that I missed out one bit on my child hood.  I've been to more parties
than I care to remember and had laughs that I wish I could remember.  I got
started in A+ when I was 16 and it appealed to me.  It was interesting and
made me look smart when I could fix others computers.  I then began to
wander about the internet and how it work.  When I turned 17 I enrolled in
the Cisco Network Academey.  I then fell in love with networking!  I did a
review for ciscopress' Exam Gear software, and the erata that you see on
their page is all mine (many more minor mistakes)!  They paid me well for
it, I requested no money but just free books.  I got the CCNP Library 1.0,
BCMSN, (old) ACRC, CCDA, DCN, and CID(9 books in all).  And when the box of
books came I found a check for $500.00 inside as well (nice compensation).

Now I'm working toward my CCNP along with a full course load here at the
University of Toledo, where I'm studying Computer Science and Engineering
Technology.  Well all I'm saying is that it interests me and I still have
time for a girlfriend and other social activities.

Bob Edmonds


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Aironet Wireless

[Sites, Bob]

Question, I have a set of Cisco Aironet wireless bridges that I am
connecting two bldgs with. They are only about 100yds apart. As part of the
bridge diagnostics I can look at "radio strength, which is at 100%", and the
"radio quality, which fluctuates between 40-60%."  Is there anything I can
do to improve the "quality" of the signal. Everything seems to be working
fine, but I can't stop thinking that the quality could be improved in some
way? Anyone from Cisco have advise on this? 

Bob Sites
System Engineer, CCNA   

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OSPF Totally Stubby Areas and area default-cost

[Bob Hunter]

 Hi,
 I'm confused on the subject of totally stubby areas, and the command "area
default-cost". From what I'm reading, one of the qualifications of a totally
stubby area is that if multiple exits (ABRs) exist, routing to outside the
area does not have to take an optimal path. Does this mean that each router
within the area picks the closest ABR as the gateway to everything outside
the area, and that there is no way to control the default route? If so, does
that imply that the area default-cost is used for incoming routes? Would
incoming routes even exits if the area was a totally stubby area?

 I would very much appreciate it if someone would please set me straight.

 Thank you.

Bob Hunter, CCNA, CNE



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF Totally Stubby Areas and area default-cost

[Bob Hunter]

 Raul, thanks for your reply,
 "Routing to the outside world could take a sub-optimal path in reaching the
destination by going out of the area via an
exit point which is farther to the destination than other exit points"

 Does this mean that cost metrics do not come into play within stub areas?
If so, why is there a command to assign an ABR with a default cost? I don't
doubt it; I just don't understand the reasoning.

 Appreciate replies.  Thank you, Bob

--
>



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]