Connecting 2 routers via 56K CSU/DSU's?
All, Does anyone know if I can connect my 2-2524's via their 4-wire 56K CSU/DSU's? I know I can connect them via the 5-in-1 modules with a DB60 back-to-back cable, but I don't know if a 56K will connect to another 56K module. Thanks, Bob _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Connecting 2 routers via 56K CSU/DSU's?
Thanks Jack. Do you know, or does anyone for that matter, for sure that this works? I currently only have 1 56K CSU/DSU module and would like to purchase another, though I want to be sure it works prior to purchasing. Thanks again, Bob ""Jack Yu"" <[EMAIL PROTECTED]> wrote in message 969daj$e10$[EMAIL PROTECTED]">news:969daj$e10$[EMAIL PROTECTED]... > Bob, > > 1-2, 7-8, then you are all set. > One more thing, you probably want to configure one side as clock internal, > the other as line. > > HTH > Jack > > > ""Bob Timmons"" <[EMAIL PROTECTED]> wrote in message > 969cre$bd0$[EMAIL PROTECTED]">news:969cre$bd0$[EMAIL PROTECTED]... > > All, > > > > Does anyone know if I can connect my 2-2524's via their 4-wire 56K > > CSU/DSU's? I know I can connect them via the 5-in-1 modules with a DB60 > > back-to-back cable, but I don't know if a 56K will connect to another 56K > > module. > > > > Thanks, > > Bob > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Connecting 2 routers via 56K CSU/DSU's?
Doh. Never mind. Someone pointed me to: http://www.cisco.com/warp/public/471/75.html#command Thanks again, Bob ""Bob Timmons"" <[EMAIL PROTECTED]> wrote in message 969h6n$50m$[EMAIL PROTECTED]">news:969h6n$50m$[EMAIL PROTECTED]... > Thanks Jack. Do you know, or does anyone for that matter, for sure that > this works? I > currently only have 1 56K CSU/DSU module and would like to purchase > another, though > I want to be sure it works prior to purchasing. > > Thanks again, > Bob > > ""Jack Yu"" <[EMAIL PROTECTED]> wrote in message > 969daj$e10$[EMAIL PROTECTED]">news:969daj$e10$[EMAIL PROTECTED]... > > Bob, > > > > 1-2, 7-8, then you are all set. > > One more thing, you probably want to configure one side as clock internal, > > the other as line. > > > > HTH > > Jack > > > > > > ""Bob Timmons"" <[EMAIL PROTECTED]> wrote in message > > 969cre$bd0$[EMAIL PROTECTED]">news:969cre$bd0$[EMAIL PROTECTED]... > > > All, > > > > > > Does anyone know if I can connect my 2-2524's via their 4-wire 56K > > > CSU/DSU's? I know I can connect them via the 5-in-1 modules with a DB60 > > > back-to-back cable, but I don't know if a 56K will connect to another > 56K > > > module. > > > > > > Thanks, > > > Bob > > > > > > > > > _ > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Any freeware TACACS and/or RADIUS servers out there for NT?
I've been trying to find something like this. Seems there are a couple of RADIUS servers, but few TACACS and I can't find anything that's freeware or reasonable shareware (Hey, it's for a lab for cryin out loud). Help? Anyone? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ??Fw: need clarification: ip unnumbered in routing tables
Check out http://www.cisco.com/warp/public/701/20.html "Priscilla Oppenheimer" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > At 02:15 PM 2/26/01, nobody wrote: > >Is the below a dumb question? > > No. > > > >Nobody replied. Can somebody enlighten me? ;-) > > > >p. > > > >- Original Message - > >From: "nobody" <[EMAIL PROTECTED]> > >To: <[EMAIL PROTECTED]> > >Sent: Friday, February 23, 2001 2:07 PM > >Subject: need clarification: ip unnumbered in routing tables > > > > > > > just need to verify my thinking: > > > > > > example: serial line (PPP) connection between routers A and B using ip > > > unnumbered. > > > > > > router A: > > > e0=192.168.1.1/24 > > > s0=192.168.3.1/24 > > > Why does s0 have an address if it's unnumbered? > > > > > > > routing table for A: > > > c192.168.1.0/24is directly connected, ethernet0 > > > r192.168.2.0/24[120/1] via 192.168.3.2, 00:00:05, serial0 > > > s* 0.0.0.0/0 is directly connected, serial0 > > > > > > router B: > > > e0=192.168.2.1/24 > > > s0=192.168.3.2/24 > > > > > > routing table B: > > > r192.168.1.0/24[120/1] via 192.168.3.2, 00:00:06, serial0 > > > c192.168.2.0/24is directly connected, ethernet0 > > > s* 0.0.0.0/0 is directly connected, serial0 > > > > > > i thought that the routing table should reflect the ethernet ip address of > > > the remote router on local serial interface? > > It will reflect the next hop, unless it really is unnumbered, but it > appears to be numbered. What am I missing? > > Priscilla > > >i don't see it here. is it an > > > error or is it me? > > > > > > thanx, > > > > > > p. > > > > > > >_ > >FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > Priscilla Oppenheimer > http://www.priscilla.com > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Backup for CAT 3500 switches
Hmm.. try this: http://bobtimmons.home.mindspring.com/bin/wrnet.zip I don't remember where I found it, but it's freeware. Here's part of the TXT file that comes with it: "WrNet is a Windows command line utility that will instruct a Cisco router to save its running-config to a TFTP server using SNMP. WrNet can be combined with the Windows NT Scheduler service to automate the backups of Cisco router configurations." Let us know if this works for you. Bob ""Thomas"" <[EMAIL PROTECTED]> wrote in message 981fcj$bju$[EMAIL PROTECTED]">news:981fcj$bju$[EMAIL PROTECTED]... > Hi All - I wonder if there is any option on the Catalyst 3548XL switches > that allows you to dump the configuration of the switch to the TFTP server > periodly? I am trying to automate the backup process for your 3548XLs. > Thanks in advance! > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Hardware Req's
16MB of Flash is nice, but I don't believe required for a lab. You can get virtually any IOS image on 8MB of flash by using a compression utility. Personally, I'd recommend 8MB Flash and 16MB RAM. The RAM is cheaper and if you're running any kind of Enterprise IOS or one that does Firewall, etc, you'll need the RAM. I don't know why they'd recommend 16Flash/8Ram. If you have a 12MB Flash image, chances are, you'll need more than 8MB RAM to run it. The 12.1.7 IOS that has IP/IPX/AT for the 25xx series is 9MB. You can probably compress this to about 4-5MB for the Flash. The largest IOS I could find on CCO was 16,158,604. I compressed that down to 7,249,938. That would fit nicely on 8MB of Flash and would definitely require 16MB RAM. HTH Bob > Can someone tell me the minimum hardware requirements for IOS 12.x with > ip/ipx/at routing on a 2501? im looking to buy a couple routers for a home > lab but i dont know what is the minumum that i should get. Cisco site says > "recommended" 16mb flash and 8 dram, but for a home lab would it still work > on a 8/8? > > Justin > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Hardware Req's
Oh, I guess I should mention that using a compression utility could potentially cause problems in production environments. Use your best judgement. I only use it for lab purposes. If you're in a production environment, have the company shell out the dough-ray-me for the extra flash if required. Bob http://bobtimmons.home.mindspring.com/bin/mzmaker.exe Please note that this utility only runs on a "DOS compatible" platform (no MACs, no UNIX, etc.) Also, please note that the flash images it produces will run only on 68000-series Cisco routers (eg. 3000, 2500, older 4000 and 7000, etc). It will *not* work with RISC router processors. If you wish to test the images this utility produces *BEFORE* copying those images into flash memory, simply install a TFTP server and have the IOS image downloaded by TFTP on bootup. This will provide a means to test the compressed flash image. > Can someone tell me the minimum hardware requirements for IOS 12.x with > ip/ipx/at routing on a 2501? im looking to buy a couple routers for a home > lab but i dont know what is the minumum that i should get. Cisco site says > "recommended" 16mb flash and 8 dram, but for a home lab would it still work > on a 8/8? > > Justin > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DCE to DTE no CSU/DSUs
If you're using a back-to-back cable, the DCE will ALWAYS be the router with the DCE side of the cable. If you're doing frame-relay, and using 1 router to be the frame-relay switch, you'd typically use the DCE side of the back-to-back on the frame-switch for all routers connected to the frame-relay switch. You would then set your desired clock rate on each serial interface. ""sanjay"" <[EMAIL PROTECTED]> wrote in message 96ibeu$3f1$[EMAIL PROTECTED]">news:96ibeu$3f1$[EMAIL PROTECTED]... > On the frame-relay switch router, just make sure you specify "frame-relay > intf-type dce" command. On point to point serial connection between 2 > routers, you will need to setup clock rate on one of the routers. Which ever > router you put the clock rate, it becomes the DCE. > > > ""CiScO"" <[EMAIL PROTECTED]> wrote in message > 96i57s$bpl$[EMAIL PROTECTED]">news:96i57s$bpl$[EMAIL PROTECTED]... > > Do I need to config the serial as a DCE or does it automatically become a > > DCE when I specify a clock rate? > > > > Will this type of connection work even if I'm not running Frame Relay, for > > instance setting up OSPF single area or multiple area, using ppp encap? > > > > Thanks! > > > > > > ""John Neiberger"" <[EMAIL PROTECTED]> wrote in message > > sa8c04a1.091@fsutil01">news:sa8c04a1.091@fsutil01... > > > Each serial link needs to have some sort of clocking at the physical > > > layer, regardless of your choice of datalink layer protocol. In > > > addition, each serial link is entirely separate from the others and can > > > have differing clockrates. > > > > > > Be sure that you set your clockrate on the DCE side only. The DTE side > > > does not need to be specified because it is, by definition, listening to > > > the clock from the DCE. > > > > > > >>> "." <[EMAIL PROTECTED]> 2/15/01 4:09:37 PM >>> > > > DCE to DTE no CSU/DSUs > > > > > > If I connect my routers via serial interfaces using a crossover serial > > > cable > > > , do I need to set a clock rate even if I'm running fame relay? If I do > > > need > > > to use a clock rate do all the routers need to be set for the same > > > clock > > > rate? > > > > > > Thanks! > > > > > > > > > _ > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > > > > > > _ > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Certification Zone
I've never had to deal with their customer support, but that aside, the money is worth it. The whitepapers, labs & exams are top-notch, I haven't seen its equal. You can get a free whitepaper each month, so you can check them out ahead of time, but the archives are what's worth the money. > >www.certificationzone.com > > > >What is your opinion about this company? I talked to some witch named Cindy > >or Jenny that must have been the MC at the last "Witches R US" convention. > >If their services aren't any better than their manners, I don't want to > >waste my money. > > Well, my neopagan heritage requires me to say that I have dated some > rather pleasant witches. But that's probably not what you meant. > > Without further information, I don't know what to say. I don't myself > deal with customer service on a day-to-day basis, but I can certainly > put you in touch with people that do. > > > > >Thank you in advance for your feedback. > > > >John Huston > -- > "What Problem are you trying to solve?" > ***send Cisco questions to the list, so all can benefit -- not > directly to me*** > > Howard C. Berkowitz [EMAIL PROTECTED] > Technical Director, CertificationZone.com > Senior Mgr. IP Protocols & Algorithms, Advanced Technology Investments, > NortelNetworks (for ID only) but Cisco stockholder! > "retired" Certified Cisco Systems Instructor (CID) #93005 > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Up a backup line
Of course! See: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/dial_ c/dcdbaks.htm search this article for "Dial Backup Service When the Primary Line Goes Down Example" HTH ""Paco"" <[EMAIL PROTECTED]> wrote in message 99fj6r$lk9$[EMAIL PROTECTED]">news:99fj6r$lk9$[EMAIL PROTECTED]... > Hi all: > > It´s possible that a router 1720 detect that the serial line is down and > dial up a ISDN connction? and when the seriel line up again, down the bri? > > Thanks > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cannot see the Serial Interface at all..
I have the same router, same T1 card. Is this a new unit, was it ever working? When I do a "show int", I get the following output Serial0 is up, line protocol is up(This is my T1) Hardware is HD64570 with FT1 CSU/DSU Serial1 is administratively down, line protocol is down(This is empty) Hardware is HD64570 "Show controller" give me: HD unit 0, idb = 0xB8FB8, driver structure at 0xBE268 (T1 card) buffer size 1524 HD unit 0, Integrated FT1 CSU/DSU module HD unit 1, idb = 0xC3018, driver structure at 0xC82C8(Empty) buffer size 1524 HD unit 1, No module present I'd say that if you don't 'see' the hardware in these statements, you'd probably want to call TAC. Not much we can do here for bad hardware. Bob > I have a Cisco 2524 with an removable T1 card while cisco is booting it > says service-module check passed but when i see the interfaces it just has > the Ethernet NO serial interface at all... > > tried removing/replacing no luck > > Any help greatly appreciated. > > Thanks > Satish > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Blocking Napster and Aol on Pix config/Setting up Tacus or Radius
Kevin, While the port-blocking access-lists will work for most users, many users and applications will know to use alternate ports to gain connectivity. AIM, for example, uses port 5190 by default, though you can simply change it to port 80, if so desired. Same thing for Napster. The best, and maybe only, solution is to block the url or the IP range the servers are in. We're blocking the IP range for Napster (don't recall what it is off the top of my head) and it works like a charm. We currently do not block AIM, but you can probably simply block login.oscar.aol.com. As far as RADIUS & TACACS, you'll probably have a hard time finding a shareware/freeware version of TACACS for NT, though RADIUS seems to be somewhat more available. Cisco has their ACS product, which does TACACS & RADIUS, and runs on NT/2000. It's real easy to setup (about 30 mins from setup.exe to TACACS logins). I'd check the search engines for 'shareware &/or freeware RADIUS'. If you really want TACACS, and are on a budget, you might want to check out some of the freeware Linux versions, there are many. Of course, you'd need to setup a Linux box. HTH Bob > Before I ask this question I would like to give something back, below is the > config to block aim and napster: > > access-list acl_out deny tcp any any eq 5190 > access-list acl_out deny tcp any any eq 8875 > access-list acl_out deny tcp any any eq > access-list acl_out deny tcp any any eq 6699 > access-list acl_out deny tcp any any eq > access-group acl_out in interface inside > access-list acl_out permit tcp any any > access-list acl_out permit ip any any > > > Now I would like to setup a Tacus+ or Radius Server on My network I have a > widows 2000 domain and I am unsure of how to do this. Please advise. > > TIA, > > Kevin > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Mzmaker
How much RAM do you have on this router? If the uncompressed IOS is greater than 8MB, you need 16MB of RAM. Remember, when you compress an IOS image it will uncompress into RAM when booting. If you have 16MB of RAM, maybe try re-compressing the original IOS image. > I have a 2514 w/ 8Mb flash. When I used mzmaker to compress IOS 12 that is > 10MB it worked fine. However, after writing the .mz file to flash and > starting up the router it keeps looping "Error : memory requirements exceed > available memory > Memory required : 0x00AF99A0 > > Exception: Software forced crash at 0x111E (PC)" > > and giving this error. Does this not work since on a 2500 series router > the IOS runs in the flash and not ram? Thanks. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: access list rearrange? [7:861]
Maybe he was referring to the access-list vs access-group statements? The access-list statements are entered first, but in the 'sh run', it shows them after the access-group statements. I've never seen a router rearrange an access-list. He's right, though, about the implicit permit/deny. I checked the errata at the Sybex site, nothing there for that page, though. > Hi, > > I don't think the IOS reorders access-lists after all what if it was > required in the order it is. eg deny some addresses then permit any. > > Teunis > Hobart, Tasmania > Australia > > > On Monday, April 16, 2001 at 08:45:39 PM, Scott Meyer wrote: > > > I was reading Sybex's old ACRC book. One of the study questions, as well as > > a tip in the chapter indicate that the IOS will reorder an access list to > > make more sense. > > > > For example, an access list entered as: > > access-list 1 deny 172.16.20.0 0.0.0.255 > > access-list 1 deny 172.16.30.0 0.0.0.255 > > access-list 1 permit 172.16.40.0 0.0.0.255 > > > > would be re-ordered as : > > access-list 1 permit 172.16.40.0 0.0.0.255 > > access-list 1 deny 172.16.20.0 0.0.0.255 > > access-list 1 deny 172.16.30.0 0.0.0.255 > > > > I played around a bit and could not confirm this. show ip access list > showed > > the access-list exactly as I entered it. > > I had always thought that IOS would never re-arrange the list, no matter > how > > stupid it was entered. > > > > Am I on crack or is the book wrong? > > > > Scott Meyer > > [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > -- > www.tasmail.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=870&t=861 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CiscoSecure ACS [7:1125]
Looks like a lot was chopped. The url is http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur _c/scprt2/sctacac.htm#xtocid2173216 (hopefully, it won't chop again) > _c/scprt2/sctacac.htm#xtocid2173216 > > watch the wrap! > > Enable TACACS to Use a Specific IP Address > You can designate a fixed source IP address for all outgoing TACACS packets. > The feature enables TACACS to use the IP address of a specified interface > for all outgoing TACACS packets. This is especially useful if the router has > many interfaces, and you want to make sure that all TACACS packets from a > particular router have the same IP address. > > Command: ip tacacs source-interface subinterface-name > > > -Original Message- > From: Ken Yeo [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, April 18, 2001 1:10 PM > To: [EMAIL PROTECTED] > Subject: CiscoSecure ACS [7:1125] > > > Anyone has experience with CiscoSecure ACS? > > I have a question: > > Under Network Configuration/Network Access Server Ip address, which > internet's ip address you use for the field? I tried loopback, and all > physical interfaces. Only the interface sending packet back to ACS server > work. > > There must be a better way, if not there will be no redundancy, what if the > link goes down? > > Please advice, > > Thanks, > Ken > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1154&t=1125 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IOS for Home Lab [7:1531]
Now Chuck, was that said with your tongue firmly planted in your cheek? Or am I reading into this? ""Chuck Larrieu"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > For no particular reason I've decided to move my routers onto various > flavors of 12.x > > Chuck > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of RamG > Sent: Sunday, April 22, 2001 9:21 AM > To: [EMAIL PROTECTED] > Subject: IOS for Home Lab [7:1531] > > I have home lab of 7 routers with 16RAM/16FLASH. Which ios should I install > on these routers to practice each and every ccie lab scenarios. > > Thanks / RamG > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1664&t=1531 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help with frame-relay [7:2204]
The answer is probably in the archives, check them when you get a chance. Meanwhile, you'll want to check these things: do you have the 'frame-relay switching' global command? you need to have the lmi-type set 'frame-relay lmi-type [ansi|cisco|q933a]' (that should be the same on both routers, stick with cisco for starters) You have to specify which is DTE & DCE. One side of the cable should be DCE, the other DTE. (ie 'frame-relay intf-type dce'). On the DCE side, you need to specify a clock rate 'clock rate 64000' I don't think you NEED to specify a DLCI for back to back, but in order to do so, 'frame-relay interface-dlci [DLCI #]' HTH Bob > ive been dying now for two days trying to get frame relay going between 2 > 2501 routers. > > I have tried everything i know to do, and looked at 900 different places and > i must just be missing something. > > can anyone give me the exact steps to configure this. > > I have 2 2501 routers connected together with v.35 cable. > > i can get PPP and HDLC working fine but frame-relay just doesnt want to work > for me. > > im also running ios 12.1(7) enterprise if that helps. > > -- > Justin M. Clark > MCSE 4.0, MCSE 2000 > CCNA, CCDA > [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2212&t=2204 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: www.r1r2.com free via Internet telnet [7:3536]
www.r1r2.com is their website, but you should telnet to r1r2.com. I just tried it and got no response. Their site may be down or something, usually it works. You need to check the website first for login name & password, then you can telnet. > - Original Message - > From: ""ccnawan"" > Newsgroups: groupstudy.associate > Sent: Saturday, April 28, 2001 3:47 PM > Subject: www.r1r2.com free via Internet telnet [1:3536] > > > > Bob this address is correct? It does not respond? > > > > > --- Bob Timmons wrote: > > > > > > Check out www.r1r2.com, they have > > either 1 or 2 routers > > > > for free via Internet telnet. > follow > > the directions on http://www.groupstudy.com/list/Associates.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2405&t=3536 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DTE interface on Frame Relay switch [7:4256]
Absolutely. Go to www.groupstudy.com and search the archives. There's a lot of pertinent information there regarding back-to-back configurations. Generally, you'd connect the DCE side of the cable (it should be labeled) to the FrameSwitch and the DTEs to the 'spokes' > Hi All - I have two 2501 routers. One of them is set as a Frame Relay > switch. I wonder if I can set a serial port of this router to be DTE > interface and assign an IP address to it, so that I can ping this interface > from the other router (using back-to-back crossover serial cable). Thanks. > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4263&t=4256 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame relay and dropped packets... [7:4529]
Just a couple quick questions. Have you cleared the counters on both sides? How long after clearing the counters is it taking for the 500,000 packet difference to materialize? Do you have any other remote branches going to this interface? > Hi all, > > We have reason to believe we are experiencing Dropped packets > between us and our remote branch. What I need > Is proof, so I can go to my manager and say, "here, look at this". He > believes just because he looks at the router and does a "show frame pvc" and > the Dropped Pkts statistic is 0, that there are no packets being dropped. > Logical Assumption, but I've been told that just isn't the case. Let me > throw this out to the groupForget about the FECN's, BECN's and the DE > pkts...If you were to telnet to both routers and look at the statistics of > the point-to-point DLCI and compare the Output pkts on one end to the Input > pkts on the other end, and if you see a discrepancy of 500,000correct me > if I'm wrong here, but wouldn't that symbolize Dropped packets??? Thanks! > > > -Rizzo > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4535&t=4529 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: F-T1 Serial Interfaces, configuring [7:5139]
I know it can be done using the FT1 on the 2524's (http://www.cisco.com/warp/public/471/75.html) I'm not sure this goes for all FT1's, though. > Anyone know off the top of thier head if it's possible to configure F-t1 > interfaces back to back? I have a "cross-over" cable where I hook up the TX > from one end to the RX of the other and vice verse, but this is unlike High > speed serial interfaces where you set a clock rate on one side, drop a > couple addresses, throw up HDLC encapsulation and you are off and running. > > Any ideas? > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=5142&t=5139 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: F-T1 Serial Interfaces, configuring [7:5139]
I'm using the 4-wire 56K CSU's, rather than the T1's, but otherwise the same. The T1's give you slightly more options (encoding, timeslots, etc). I'm also simply using a Cisco rollover cable (same cable you use for Console port). It works great. > I doing it with a pair of wic-1dsu-t1. Using a T1 crossover cable that i > got from pacificcable.com > > Neil Schneider > > > ""Tony Mesias"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Anyone know off the top of thier head if it's possible to configure F-t1 > > interfaces back to back? I have a "cross-over" cable where I hook up the > TX > > from one end to the RX of the other and vice verse, but this is unlike > High > > speed serial interfaces where you set a clock rate on one side, drop a > > couple addresses, throw up HDLC encapsulation and you are off and running. > > > > Any ideas? > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=5153&t=5139 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AUX-to-CON [7:39039]
Yes, you can. It's reverse telnet. You can daisy chain multiple routers CON to AUX and reverse telnet to them all. It gets confusing if you don't label things well. See: http://www.tek-tips.com/gfaqs.cfm/lev2/8/lev3/58/spid/557/sfid/1312 or search cisco.com for 'reverse telnet' > Greetings, > > is it possible to connect two routers using aux and con connections? > one router aux and the other con. > > ThanksNabil Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39044&t=39039 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Controlling utilization on switch port [7:39038]
I imagine it may depend on the switch. On the 3500's (or I guess any switch with IOS), you can specify the bandwidth command on any interface, but I've never tried it and don't know how well it works. SWITCH1(config)#int fast 0/13 SWITCH1(config-if)#bandwidth ? Bandwidth in kilobits > Greetings all, > > Is there a trick or a way to control utilization on a switch port? > Assuming we want the user to use only 5 MB instead of 10. No special > requirement at this time, just curious. > > Thanks..Nabil Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39045&t=39038 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Real world OSPF design dilemma (Longish) [7:16341]
Greetings all, We're converting our 3Com router world to Cisco soon and I have a question regarding the OSPF design. I'm including a link to a JPG in case anyone wants to add their 2 cents. You can see it at: http://members.tripod.com/~bobtimmons/network-1.jpg This is a somewhat simplistic view of our network and the IP's aren't real, but I'm hoping it makes sense regardless. We currently have a full T1 to a frame cloud and our other 2 main buildings are off of that cloud as well, one is 1M, the other is the balance of the T. Both of the remote sites are pointing to the 1 PVC at our main site. My question is, would this OSPF network work? I know the OBAZ, (One Big Area Zero - Wow! My first acronym! - Hey Howard, feel free to use that one), is frowned upon, but that's how my boss wants it, because that's how it is now. Not good logic, but I have to follow orders sometimes. A note: We have other sites off of the main site (Site 1) in another Frame Cloud. It shouldn't affect what we're doing here, though. Also, I didn't include the IPX networks on the Ethernet ports. That's not a real issue right now. Specifically, I'm unsure about using the Loopbacks. We're going to use them for our DLSW (not pictured) links. What I'm unsure about is, can I use these addresses, as given, with their masks, and distribute them via OSPF and have it work? If I'm completely off here, please feel free to let me know. I'm including the proposed configs (snipped) Thanks! Site1 - hostname Site1 ! ip subnet-zero ! dlsw local-peer peer-id 10.10.0.1 dlsw remote-peer 0 frame-relay interface Serial5/0.1 200 dlsw remote-peer 0 frame-relay interface Serial5/0.2 300 ! ipx routing 0002.4a8c.xxx1 ! interface Loopback0 ip address 10.10.0.1 255.255.255.255 no ip directed-broadcast ! interface FastEthernet1/0 ip address 10.10.1.1 255.255.255.0 no ip redirects no ip directed-broadcast ip ospf network broadcast ip ospf dead-interval 60 full-duplex ipx network 1 encapsulation SAP ! interface Serial5/0 no ip address no ip directed-broadcast encapsulation frame-relay IETF no ip mroute-cache no fair-queue frame-relay interface-dlci 100 ! interface Serial5/0.1 multipoint description Frame-Relay to Site2 (DLCI 200) Circuit# 2 ip address 10.10.10.2 255.255.255.252 no ip directed-broadcast ipx network B no arp frame-relay no frame-relay inverse-arp ! interface Serial5/0.2 multipoint description Frame-Relay to Site3 (DLCI 300) Circuit# 3 ip address 10.10.10.6 255.255.255.252 no ip directed-broadcast ipx network C no arp frame-relay no frame-relay inverse-arp ! router ospf 1 network 10.10.0.1 0.0.0.0 area 0.0.0.0 network 10.10.10.1 0.0.0.0 area 0.0.0.0 network 10.10.10.5 0.0.0.0 area 0.0.0.0 network 10.10.1.1 0.0.0.0 area 0.0.0.0 ! ip classless ip default-network 0.0.0.0 no ip http server Site 2 - hostname Site2 ! ip subnet-zero ! dlsw local-peer peer-id 10.10.0.2 dlsw remote-peer 0 frame-relay interface Serial5/0 100 ! ipx routing 0002.4a8c.xxx2 ! interface Loopback0 ip address 10.10.0.2 255.255.255.255 no ip directed-broadcast ! interface FastEthernet1/0 ip address 10.10.2.1 255.255.255.0 no ip redirects no ip directed-broadcast ip ospf network broadcast ip ospf dead-interval 60 full-duplex ipx network 2 encapsulation SAP ! interface Serial5/0 description Frame-Relay to Site1 (DLCI 100) Circuit# 2 ip address 10.10.10.2 255.255.255.252 no ip directed-broadcast encapsulation frame-relay IETF no ip mroute-cache no fair-queue frame-relay interface-dlci 200 ipx network B no arp frame-relay no frame-relay inverse-arp ! router ospf 1 network 10.10.0.2 0.0.0.0 area 0.0.0.0 network 10.10.10.2 0.0.0.0 area 0.0.0.0 network 10.10.2.1 0.0.0.0 area 0.0.0.0 ! ip classless ip default-network 0.0.0.0 no ip http server Site 3 - hostname Site3 ! ip subnet-zero ! dlsw local-peer peer-id 10.10.0.3 dlsw remote-peer 0 frame-relay interface Serial5/0 100 ! ipx routing 0002.4a8c.xxx3 ! interface Loopback0 ip address 10.10.0.3 255.255.255.255 no ip directed-broadcast ! interface FastEthernet1/0 ip address 10.10.3.1 255.255.255.0 no ip redirects no ip directed-broadcast ip ospf network broadcast ip ospf dead-interval 60 full-duplex ipx network 3 encapsulation SAP ! interface Serial5/0 description Frame-Relay to Site 1 (DLCI 100) Circuit# 3 ip address 10.10.10.3 255.255.255.252 no ip directed-broadcast encapsulation frame-relay IETF no ip mroute-cache no fair-queue frame-relay interface-dlci 300 ipx network C no arp frame-relay no frame-relay inverse-arp ! router ospf 1 network 10.10.0.3 0.0.0.0 area 0.0.0.0 network 10.10.10.6 0.0.0.0 area 0.0.0.0 network 10.10.3.1 0.0.0.0 area 0.0.0.0 ! ip classless ip default-network 0.0.0.0 no ip http server Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16341&t=16341 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report
Re: Real world OSPF design dilemma (Longish) [7:16341]
Thanks for the input. We did the upgrade this weekend and all went well. Bob > I should have limited that to one big area vs one big area 0. I'm all for > single areas when they suit, but I agree that using a non zero area can have > some benefits. > > *** REPLY SEPARATOR *** > > On 8/17/2001 at 10:24 AM Howard C. Berkowitz wrote: > > >>I'm not sure where you got the idea that one big area zero is a bad > >thing? > > > >Me, as one example. > > > >But let me make an important distinction, borrowing from George Orwell > > > > Four legs good One big area not necessarily bad > > Two legs bad One big area zero bad > > > >If you have a moderate number of routers without any obvious > >hierarchy, a single area can make perfectly good sense. I do > >recommend, however, numbering that area ANYTHING but 0.0.0.0. > > > >You don't need your first area to be 0.0.0.0. But if later company > >growth, mergers/acquisitions/divestitures, etc., mean that hierarchy > >becomes appropriate, your second area MUST be 0.0.0.0, and the third, > >etc., are nonzero. > >If you start by numbering all the routers in the One Big Area in > >0.0.0.0, that means that you will need to renumber the network > >statements when you grow. Making the One Big Area 0.0.0.1 won't hurt > >anything and will make things much more flexible with respect to > >future requirements. > > > >Incidentally, in a multivendor conversion like this, be sure to > >specify area numbers and router IDs explicitly and in four-octet > >format -- in other words, area 0.0.0.1, not area 1. Not all vendors > >interpret area numbers in the same way -- Bay RS, in some versions, > >would convert "area 1" to "area 1.0.0.0." 3Com's default router ID, > >on some platforms, was derived through some strange algorithm based > >on part of an interface MAC address. > > > >See other comments inline. > > > >> > >>In this case, I would highly recommend it. This is a pretty small network > >>and I really don't see the benefit of adding hierarchy to it from a > >>multi-area perspective. Keep in mind that the more you segment an OSPF > >area > >>into sub-areas, the more link state qualities you forego. I'd go with > >your > >>boss on this one. > >> > >>Pete > >> > >> > >>*** REPLY SEPARATOR *** > >> > >>On 8/17/2001 at 12:17 AM Bob Timmons wrote: > >> > >>>Greetings all, > >>> > >>>We're converting our 3Com router world to Cisco soon and I have a > >question > >>>regarding the OSPF design. I'm including a link to a JPG in case anyone > >>>wants to add their 2 cents. You can see it at: > >>> > >>>http://members.tripod.com/~bobtimmons/network-1.jpg > >>> > >>>This is a somewhat simplistic view of our network and the IP's aren't > >real, > >>>but I'm hoping it makes sense regardless. We currently have a full T1 > >to a > >>>frame cloud and our other 2 main buildings are off of that cloud as well, > >>>one is 1M, the other is the balance of the T. Both of the remote sites > >are > >>>pointing to the 1 PVC at our main site. My question is, would this OSPF > >>>network work? I know the OBAZ, (One Big Area Zero - Wow! My first > >>>acronym! - Hey Howard, feel free to use that one), is frowned upon, but > >>>that's how my boss wants it, because that's how it is now. Not good > >logic, > >>>but I have to follow orders sometimes. > >>> > >>>A note: We have other sites off of the main site (Site 1) in another > >Frame > >>>Cloud. It shouldn't affect what we're doing here, though. > >>> > >>>Also, I didn't include the IPX networks on the Ethernet ports. That's > >not > >>>a > >>>real issue right now. > >>> > >>>Specifically, I'm unsure about using the Loopbacks. We're going to use > >>>them > >>>for our DLSW (not pictured) links. What I'm unsure about is, can I use > >>>these addresses, as given, with their masks, and distribute them via OSPF > >>>and have it work? > > > > > >Yes, you can distribute loopbacks just fine. > > > >> > > >>>If I'm completely off here, please feel free to let me know. > >>> > >>>I'm including the proposed configs (snipped) > >>> > >>>Thanks! > >>> > >>> > >> >Site1 - Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16534&t=16341 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: support for CAR [7:16531]
Check out www.cisco.com/go/fn for the Feature Navigator at Cisco. (e.g. v12.0(5)t will run on a 2500 with 4MB RAM & 8MB Flash and it runs CAR.) > HI ALL > > anyone knows what version of IOS , router platform and > minimum flash memor or DRAM able to support CAR in > cisco IOS s/w > > > any input will be greatly appreciated > > > regards, > suaveguru > > __ > Do You Yahoo!? > Make international calls for as low as $.04/minute with Yahoo! Messenger > http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16536&t=16531 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Frame-Relay problem - 3Com to Cisco (long) [7:32307]
We're switching our routers from 3Com to Cisco and we're having trouble at one of our sites. We've got a hub-and-spoke configuration from our central site to 4 other sites. 3 of the sites come up when we switch the hardware to Cisco (simply moving the CSU from the 3Com router to the Cisco router), the 4th does not. I'm including the Central Site config and 2 of the remotes (Site 1 comes up, Site 2 does not). We've changed out the router (including the serial ports), csu, serial cable, rj45's, everything. It's not a hardware problem. We changed the CSU on the central site, just to see if it would help. No go. Please let me know if you see something weird. I've replaced the DLCI #'s with letters, but they match up (i.e. if it's ABC in site 1, it matches to ABC in central site). I didn't include configs for sites 3 & 4, but they're identical with the exception of the DLCI's and IP's. (and they work as well). Something I had thought about... this site is in Canada and we're in the US as well as the other 3 sites. Would there be any caveats regarding international connections? Again, everything works when connected to the 3Com equipment, it's only when we connect up the Cisco's that site 1 fails. Thanks for any input. Bob -- Site 1 (This site works fine) Current configuration: ! version 12.0 ip subnet-zero interface Serial0/0 ip address x.x.53.26 255.255.255.252 no ip directed-broadcast encapsulation frame-relay ip ospf network point-to-point ip ospf dead-interval 60 no ip mroute-cache no fair-queue frame-relay interface-dlci ABC -- Site 2 (This site does not come up) Current configuration: ! version 12.0 ip subnet-zero interface Serial0/0 ip address x.x.53.2 255.255.255.252 no ip directed-broadcast encapsulation frame-relay ip ospf network point-to-point ip ospf dead-interval 60 no ip mroute-cache no fair-queue frame-relay interface-dlci XYZ -- Central Site Current configuration: version 12.0 ip subnet-zero interface Serial5/1 no ip address no ip directed-broadcast encapsulation frame-relay ip ospf dead-interval 60 ! interface Serial5/1.1 point-to-point ip address x.x.53.17 255.255.255.252 no ip directed-broadcast ip ospf network point-to-point ip ospf dead-interval 60 ipx network 92 frame-relay interface-dlci GHI ! interface Serial5/1.2 point-to-point ip address x.x.53.21 255.255.255.252 no ip directed-broadcast ip ospf network point-to-point ip ospf dead-interval 60 ipx network 54B frame-relay interface-dlci DEF ! interface Serial5/1.3 point-to-point bandwidth 64000 ip address x.x.53.1 255.255.255.252 no ip directed-broadcast ip ospf network point-to-point ip ospf dead-interval 60 frame-relay interface-dlci XYZ ! interface Serial5/1.4 point-to-point bandwidth 64000 ip address x.x.53.25 255.255.255.252 no ip directed-broadcast ip ospf network point-to-point ip ospf dead-interval 60 frame-relay interface-dlci ABC -- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32307&t=32307 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame-Relay problem - 3Com to Cisco (long) [7:32307]
On S5/1 I get UP/UP. On S5/1.4, I get UP/UP on our side and UP/UP on the remote side. On S5/1.3 I get Down/Down on our side and Up/Down on their side. > What do you mean, specifically? Does the line protocol never come up? > Does the line protocol come up yet OSPF adjacencies do not form? Does > the physical interface even come up? > > Thanks, > John > > >>> "Bob Timmons" 1/17/02 9:22:54 AM >>> > We're switching our routers from 3Com to Cisco and we're having > trouble at one of our sites. We've got a hub-and-spoke configuration > from our central site to 4 other sites. 3 of the sites come up when > we switch the hardware to Cisco (simply moving the CSU from the 3Com > router to the Cisco router), the 4th does not. I'm including the > Central Site config and 2 of the remotes (Site 1 comes up, Site 2 does > not). > > We've changed out the router (including the serial ports), csu, serial > cable, rj45's, everything. It's not a hardware problem. We changed > the CSU on the central site, just to see if it would help. No go. > > Please let me know if you see something weird. > > I've replaced the DLCI #'s with letters, but they match up (i.e. if > it's ABC in site 1, it matches to ABC in central site). I didn't > include configs for sites 3 & 4, but they're identical with the > exception of the DLCI's and IP's. (and they work as well). > > Something I had thought about... this site is in Canada and we're in > the US as well as the other 3 sites. Would there be any caveats > regarding international connections? Again, everything works when > connected to the 3Com equipment, it's only when we connect up the > Cisco's that site 1 fails. > > Thanks for any input. > > Bob > > -- > Site 1 (This site works fine) > > Current configuration: > ! > version 12.0 > > ip subnet-zero > > interface Serial0/0 > ip address x.x.53.26 255.255.255.252 > no ip directed-broadcast > encapsulation frame-relay > ip ospf network point-to-point > ip ospf dead-interval 60 > no ip mroute-cache > no fair-queue > frame-relay interface-dlci ABC > -- > Site 2 (This site does not come up) > > Current configuration: > ! > version 12.0 > > ip subnet-zero > > interface Serial0/0 > ip address x.x.53.2 255.255.255.252 > no ip directed-broadcast > encapsulation frame-relay > ip ospf network point-to-point > ip ospf dead-interval 60 > no ip mroute-cache > no fair-queue > frame-relay interface-dlci XYZ > -- > Central Site > > Current configuration: > version 12.0 > > ip subnet-zero > > interface Serial5/1 > no ip address > no ip directed-broadcast > encapsulation frame-relay > ip ospf dead-interval 60 > ! > interface Serial5/1.1 point-to-point > ip address x.x.53.17 255.255.255.252 > no ip directed-broadcast > ip ospf network point-to-point > ip ospf dead-interval 60 > ipx network 92 > frame-relay interface-dlci GHI > ! > interface Serial5/1.2 point-to-point > ip address x.x.53.21 255.255.255.252 > no ip directed-broadcast > ip ospf network point-to-point > ip ospf dead-interval 60 > ipx network 54B > frame-relay interface-dlci DEF > ! > interface Serial5/1.3 point-to-point > bandwidth 64000 > ip address x.x.53.1 255.255.255.252 > no ip directed-broadcast > ip ospf network point-to-point > ip ospf dead-interval 60 > frame-relay interface-dlci XYZ > ! > interface Serial5/1.4 point-to-point > bandwidth 64000 > ip address x.x.53.25 255.255.255.252 > no ip directed-broadcast > ip ospf network point-to-point > ip ospf dead-interval 60 > frame-relay interface-dlci ABC > -- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32319&t=32307 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame-Relay problem - 3Com to Cisco (long) [7:32307]
Thanks everyone for all the input... We're doing another test today at 4pm (EST) so I'll get more info and I'll try using different lmi-types. I seem to remember trying ansi, but I'll give it another go and I'll document all of the show frame map/pvc/etc in case it doesn't work again. Am I correct in assuming that the LMI is set only at the interface level and the subinterfaces will get it from the interface? > Bob,, > > > You need to verify the LMI on the Canadian end...Cisco uses Strata > (surprise) and Bell Canada uses Ansi or Annex A or Ddepends on where > you are...I use to manage a network with several sites in the northland and > we ran into this consistently. You can have different types of LMI in your > network and it runs fine. > > Terry Vore > > > > > > > > > > > > > > > > > > > > > > > > At 11:22 AM 1/17/2002 -0500, you wrote: > >[EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32344&t=32307 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame-Relay problem - 3Com to Cisco (long) [7:32307]
Ok, success! Well, it turns out, we had a bad CSU. Strange thing, though. It worked ok on the 3Com equipment and last time we did testing, we put the CSU on the Cisco and it didn't work. We put it back on the 3Com and it worked fine. This time, we couldn't get it to work on the Cisco, tried putting it back and it died. We configured (yet) another CSU and up it came. I guess you can never try enough hardware sometimes. Thanks for all the input. It's much appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32402&t=32307 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Splitting up outbound traffic for BGP [7:32983]
Hey all, got a question, but first, the situation... We've got 2 T1's in our NYC location that go to 2 different ISPs. We've moved these Ts off of their respective Cisco 2500's and onto a single Cisco 7206vxr. This is now our 'outside internet' router. The ethernet interface goes to the Checkpoint unix box and the other side of the unix box goes to the internal network. The internal network is using a 10.x.x.x/22 range (2000 addresses). We'd like to perform some load-sharing using BGP. We've obtained an AS number and are getting full routes from both providers. Outbound BGP seems to work fine. Depending on site, it takes differnet paths. Inbound, however, is dominated by one T only. We're using PAT at the firewall to perform address translation. The firewall only has 1 valid 'Internet' IP address. It's my understanding that this is why all inbound traffic is using only 1 provider, as opposed to both. I'd like to either have 2 valid internet IP addresses at the firewall (which I'm not sure is even possible) or perform the PAT at the router and maybe use access-lists to split up the traffic. I guess the question is, what is the best practice when doing this? I'm sure that we're not the only company that wants to do something like this. Do either of my solutions sound feasible? thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32983&t=32983 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Splitting up outbound traffic for BGP [7:32983]
I think I may have gotten this working after all. I added a second IP address to the unix box and then split up the /22 range to 2 /23 ranges and PAT'd that way. I'm seeing the rxload & txloads leveling off now. I'll keep you posted. Thanks for the input. > Load sharing on incoming traffic can be difficult to achieve. It's > affected by many different factors, most of which are beyond your > control. > > Would it be possible to see a sanitized version of your BGP-related > config on that router? > > To figure out why incoming traffic is behaving the way it is, you need > to take a good look at the BGP path selection process. You might simply > find that most of the people accessing your site are customers of one of > your ISPs so that is the best path. Or, your prefixes might be getting > filtered in ways you wouldn't expect and that can affect incoming > traffic flows. Depending on the actual problem there are a couple of > things you can do. > > If possible, please send your config so we can figure out the best way > to alleviate the problem. > > John > > >>> "Bob Timmons" 1/23/02 12:26:00 PM >>> > Hey all, got a question, but first, the situation... > > We've got 2 T1's in our NYC location that go to 2 different ISPs. > We've > moved these Ts off of their respective Cisco 2500's and onto a single > Cisco > 7206vxr. This is now our 'outside internet' router. The ethernet > interface > goes to the Checkpoint unix box and the other side of the unix box goes > to > the internal network. The internal network is using a 10.x.x.x/22 > range > (2000 addresses). We'd like to perform some load-sharing using BGP. > We've > obtained an AS number and are getting full routes from both providers. > Outbound BGP seems to work fine. Depending on site, it takes > differnet > paths. Inbound, however, is dominated by one T only. We're using PAT > at > the firewall to perform address translation. The firewall only has 1 > valid > 'Internet' IP address. It's my understanding that this is why all > inbound > traffic is using only 1 provider, as opposed to both. I'd like to > either > have 2 valid internet IP addresses at the firewall (which I'm not sure > is > even possible) or perform the PAT at the router and maybe use > access-lists > to split up the traffic. I guess the question is, what is the best > practice > when doing this? I'm sure that we're not the only company that wants > to do > something like this. Do either of my solutions sound feasible? > > thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32993&t=32983 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Wild Card Mask Puzzle - fun in the sun
I concur. Originally, I got the 0.0.0.24, but someone said something about wildcard vs subnet masking, I did my math and voila! Looks right on paper, but I don't currently have a router to try it on. - Original Message - From: "Nigel Taylor" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; "John Neiberger" <[EMAIL PROTECTED]>; "Chuck Larrieu" <[EMAIL PROTECTED]> Cc: "Bryant Andrews" <[EMAIL PROTECTED]> Sent: Tuesday, July 04, 2000 1:56 AM Subject: Re: Wild Card Mask Puzzle - fun in the sun > Well, in light of everyone jumping in there I taught I might do the same. > Here what fell out of this simple mind. > > access-list xx permit x.x.x.1 0.0.0.230 - ask me how I got this? > > Man, I was thinking now I'm all screwed up... I can't wait to see the > answer, could my answer be right... > > Chuck/Mike "free the rest of us" please... > > Nigel. > > > - Original Message - > From: Chuck Larrieu <[EMAIL PROTECTED]> > To: John Neiberger <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Tuesday, July 04, 2000 5:29 AM > Subject: RE: Wild Card Mask Puzzle - fun in the sun > > > > I'm not human tonight. > > > > A paraphrase from Marlowe's soliloquy in The Little Sister, by Raymond > > Chandler. > > > > This, by the way, is why it takes me so damn long to master these Cisco > > things. I keep getting distracted by my liberal arts educational > background. > > > > Chuck > > > > PS and I am not commenting on right or wrong because 1) let's see some > more > > response and 2) it's not my puzzle anyway. Mike otta get the credit and > have > > the fun of judging. :-> > > > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > John > > Neiberger > > Sent: Monday, July 03, 2000 8:59 PM > > To: [EMAIL PROTECTED] > > Subject: Re: Wild Card Mask Puzzle - fun in the sun > > > > Ok, I'll bite. My official guess is: > > > > access-list xx permit ip x.x.x.1 0.0.0.24 > > > > If I'm correct, I'll post how I did it later...right now I'm still > > wondering... :-) > > > > Chuck, you're mean...just plain mean! > > > > Good luck all! > > > > John Neiberger > > > > > > > > > > > Come on, everyone. Where are you folks on this one? All you CCNA > > candidates. > > > Show us your stuff. All you ACRC students - give it a try. I can't > > believe > > > we haven't had a go round about this one. > > > > > > For the record, I have already filed my answer privately. It is a fun > > > puzzle, and one that will demonstrate your thinking skills. > > > > > > Who knows the answer? How do you know you're right > > > > > > Chuck > > > > > > > > > Puzzle posed by Mike Williams: > > > > > > Make a (single line) access-list that will only allow traffic from > > addresses > > > matching the following model: > > > > > > x.x.x.1 > > > x.x.x.9 > > > x.x.x.17 > > > x.x.x.25 > > > > > > It's along the same lines as the question you posed, but a little more > > > challenging since you only want those 4 addresses to pass through. > > =) > > > > > > > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > > > Michael L. Williams > > > Sent: Wednesday, June 28, 2000 7:27 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: ACL Question > > > > > > My newsgroup reader "claims" to have posted my response to this when it > > was > > > first asked. And for the record, I did have the correct answer and > > > explanation too =P. So instead of posting yet another explanation on > how > > to > > > filter odd/even IP addresses, I'll post a similar but different > question: > > > > > > Make a (single line) access-list that will only allow traffic from > > addresses > > > matching the following model: > > > > > > x.x.x.1 > > > x.x.x.9 > > > x.x.x.17 > > > x.x.x.25 > > > > > > It's along the same lines as the question you posed, but a little more > > > challenging since you only want those 4 addresses to pass through. > > =) > > > > > > If you want the answer without me posting it to the whole group (to > keep > > > things fun), feel free to e-mail me and I'll reply via e-mail with the > > > answer. > > > > > > Mike W. > > > > > > > > > "Raymond Everson (Rainman)" <[EMAIL PROTECTED]> wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > *Still* haven't figured this one out: > > > > > > > > Create an IP ACL, in as few lines as possible of course, which > permits > > > > only even-numbered IP addresses. > > > > > > > > Ideas? > > > > > > > > Rainman > > > > > > > > ___ > > > > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > > > > FAQ, list archives, and subscription info: http://www.groupstudy.com > > > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > > --- > > > > > > > > > ___ > > > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html >
Priority queueing and IMA interfaces [7:41893]
Greetings all, I ran into a small snag and was wondering if anyone else has seen the same. We've upgraded our connection to our parent company from a single T1 (1.5M) to 4 T1's (6MB) using the IMA cards in our 7206. We were previously using the regular serial interfaces and CSU/DSUs. We were also using priority-queueing to limit FTP traffic between the 2 sites. Apparently, priority-queueing does not work on IMA interfaces. Cisco recommended class-based weighted fair queueing, but I'm interested in what you people would recommend. This particular 7206 is a 'border-type' router. We're using OSPF as our IGP and they're using EIGRP. This router runs EIGRP and we run static to it from another 7206. Would it be possible to use the priority-queueing on the FastEthernet interface of the 'border' router? Assuming it did work, would it work in both directions? My fear is that it would queue only on the FastE, not on the IMA. Not sure how that would work. Bob Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41893&t=41893 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic - inauspicious beginning [7:45592]
I must concur. This sounds like the most logical answer. > Perhaps the "Allow Break Sequence" bit was disabled from a previous > change in the confreg setting!?!? > > If this was the case, you had to pop the top of your "Frame Switch" > router and do temp. jumper change that resets the config register > settings back to factory defaults. > > I'll be interested to know what the answer was :) > > Have a great weekend to all! > > Mark > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Chuck > Sent: Saturday, June 01, 2002 1:32 PM > To: [EMAIL PROTECTED] > Subject: Off Topic - inauspicious beginning [7:45592] > > 183 days and counting. like the Flying Dutchman, I'll pass the Lab > if... > nope - better not make that threat. you never can tell.. > > actually, the gods of the Lab have already started with me. > > I haven't had the routers on in quite a few weeks. Been busy at work. > Had > some big projects to keep me out of my own lab for a while. > > So I have a customer network that I need to clean up a few things on. I > set > up a model in my own lab, cable everything up to emulate the customer's > situation, and begin. First step - configure the frame relay switch. > > try to get into enable mode. Keep getting asked for a password. Rats! > What > is the enable password? I try the usual suspects, and come up empty. > > no problem. I'll just do a quick password recovery. I do a search on > CCO, > quickly locate the procedure, and begin... > > power off. power on. control break. no luck - the router just boots as > normal. > > hhm I've done recoveries before. no biggie. why am I having > the > problem? > > Now I know the smart guys among you will tell me it's because I use > hyper > terminal. so I close HT, and load up my copy of Tera Term. repeat the > power > off power on sequence, try alt b, and no luck. the router loads as > usual. > > now I'm panicking. I have been trying this via my term server. I go > directly > into the router, replacing the term server cable with a direct > connection. > > still no luck. alt b with Tera term, control break with hyper term. the > router still loads as normal. > > Well, I've figured out the problem. I've gotten into the router. I'm > happily > working on my customer simulation. the frame switch is configured as I > wish. > > the question to all of you - what was the problem? what was the > solution? > > regards > > Chuck > December 2 - 183 days and counting > the gods of the Lab permitting ;-> Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=45620&t=45592 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: All this talk about IDS.... [7:46690]
Check out the SANS site Specifically: http://www.sans.org/newlook/resources/IDFAQ/snort.htm Let us know how you fare... I, for one, would be interested. > As for #3 all the info you need is at www.snort.org. > > -Original Message- > From: Maximus > To: [EMAIL PROTECTED] > Sent: 6/15/02 12:16 PM > Subject: All this talk about IDS [7:46690] > > I've decided to take the plunge. > > 1.Has anyone ever successfully installed Snort on a 2000 box? > > 2.I downloaded Snort 1.8.6 and WinPcap. Dunno why I pulled down > Winpcap, > but I did. > > 3.Either way I'm just a newbie to Snort(IDS) and can't find a down > and > dirty guide to get started... > > Any help would be appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46699&t=46690 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: serial interface down/down or up/down [7:47101]
I can't say I've ever seen a down/up condition. Up/Down perhaps. I'm sure there are exceptions, but it's my belief that the router doesn't care about encoding, but rather a layer-1 connection to the dce/dte device. If the router can 'talk' to the device on the other end of the cable, you should get an up/x condition, where x would depend on the csu/dsu condition of the line. I don't have a csu handy, otherwise I'd check that right now. I can do that tomorrow morning (10:30 pm est here), but you may have an answer prior to that... > Hi Priscilla, > > I have actually had this scenario (multiple times), but due to the Telco's > misconfiguration. > Specifically we were expecting b8zs/esf. Unfortunately I can't confirm > which was configured incorrectly, but I can confirm that going through > all of the different combinations available at the router you will > get all combinations on the serial interface (up/up, down/up and down/down). > > I can also confirm, you will not establish connectivity, regardless. I > believe > either b8zs/esf or sf/ami are the only valid combinations. At least that is > all I've > ever worked with. > > Hope this helps, > -TV > > > ""Priscilla Oppenheimer"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi Group Study, > > > > While writing some questions for a practice test, I found myself > > questioning what I thought was the right answer. Here's the scenario: > > > > A Cisco router serial interface is correctly connected with a good V.35 > > cable to the data port on the DSU side of a CSU/DSU. The CSU/DSU has been > > misconfigured for the framing method (SF instead of ESF). The framing > > doesn't match what the provider is using. (The question refers to a > CSU/DSU > > that is external to the router, not one that is built into the router.) > > > > Will the Cisco router serial interface be down/down or up/down? > > > > And, would the answer be any different if the question has to do with > > misconfiguring the encoding (AMI versus B8ZS)? > > > > If you have real-world experience with this, that would help. I have read > > the Cisco documentation and the troubleshooting charts, etc. > > > > Thanks > > > > Priscilla > > > > > > > > Priscilla Oppenheimer > > http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47110&t=47101 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: serial interface down/down or up/down [7:47101]
Ok, I have a backup frame relay that I can test on. Here's my findings: I have an Excalibur ISX5311 connected to a 7206VXR. We have a full T to the frame using ESF framing. The line is up/up. I modified the framing to D4 (there appears to be no SF?), and checked the line. It went down/down. I was surprised. I expected up/down. It was showing DCD & DTS were down. I then put my framing back and changed the linecode. We use B8ZS, so I changed to AMI. The line then started flapping up/up to down/down. Again, when in down/down it was showing DCT & DTS down. Anything else I should test? > would somebody just change some settings on an external CSU/DSU and report > the results? Who cares if it's a production network? It's getting towards > midnight, it'll only take a couple of minutes, and the suits are all asleep! > ;-> > > > ""John Neiberger"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > This isn't quite true. For example, a DCE router interface will be > > down/down if DTR is not raised by the DTE device. I see this quite > > often at work and faulty cabling is generally not the culprit. It's > > almost always bad hardware in the DTE. > > > > John > > > > Michael L. Williams wrote: > > > According to CCIE exam materials, the *only* time the serial will show > > > down/down is when there is NO serial cable or a bad serial cable > connected. > > > So even if you have a misconfigured framing method, you should at least > see > > > up/down. > > > > > > Mike W. > > > > > > "Bob Timmons" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > >>I can't say I've ever seen a down/up condition. Up/Down perhaps. > > >> > > >>I'm sure there are exceptions, but it's my belief that the router > doesn't > > >>care about encoding, but rather a layer-1 connection to the dce/dte > > > > > > device. > > > > > >>If the router can 'talk' to the device on the other end of the cable, > you > > >>should get an up/x condition, where x would depend on the csu/dsu > > > > > > condition > > > > > >>of the line. > > >> > > >>I don't have a csu handy, otherwise I'd check that right now. I can do > > > > > > that > > > > > >>tomorrow morning (10:30 pm est here), but you may have an answer prior > to > > >>that... > > >> > > >> > > >> > > >>>Hi Priscilla, > > >>> > > >>>I have actually had this scenario (multiple times), but due to the > > >> > > > Telco's > > > > > >>>misconfiguration. > > >>>Specifically we were expecting b8zs/esf. Unfortunately I can't confirm > > >>>which was configured incorrectly, but I can confirm that going through > > >>>all of the different combinations available at the router you will > > >>>get all combinations on the serial interface (up/up, down/up and > > >> > > >>down/down). > > >> > > >>>I can also confirm, you will not establish connectivity, regardless. I > > >>>believe > > >>>either b8zs/esf or sf/ami are the only valid combinations. At least > that > > >> > > >>is > > >> > > >>>all I've > > >>>ever worked with. > > >>> > > >>>Hope this helps, > > >>>-TV > > >>> > > >>> > > >>>""Priscilla Oppenheimer"" wrote in message > > >>>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > >>> > > >>>>Hi Group Study, > > >>>> > > >>>>While writing some questions for a practice test, I found myself > > >>>>questioning what I thought was the right answer. Here's the scenario: > > >>>> > > >>>>A Cisco router serial interface is correctly connected with a good > > >>> > > > V.35 > > > > > >>>>cable to the data port on the DSU side of a CSU/DSU. The CSU/DSU has > > >>> > > >>been > > >> > > >>>>misconfigured for the framing method (SF instead of ESF). The framing > > >>>>doesn't match what the provider is using. (The question refers to a > > >>> > > >>>CSU/DSU > > >>> > > >>>>that is external to the router, not one that is built into the > > >>> > > > router.) > > > > > >>>>Will the Cisco router serial interface be down/down or up/down? > > >>>> > > >>>>And, would the answer be any different if the question has to do with > > >>>>misconfiguring the encoding (AMI versus B8ZS)? > > >>>> > > >>>>If you have real-world experience with this, that would help. I have > > >>> > > >>read > > >> > > >>>>the Cisco documentation and the troubleshooting charts, etc. > > >>>> > > >>>>Thanks > > >>>> > > >>>>Priscilla > > >>>> > > >>>> > > >>>> > > >>>>Priscilla Oppenheimer > > >>>>http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47131&t=47101 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
Don't know if you know about this or not, but NetStumbler is a good freeware (begware) app for finding those rogue wireless apps that you might not know about. Check them out at: http://www.netstumbler.org/ > What about restricting DHCP based on MAC Address. > Problem is a lot more administration. > > --- Patrick Donlon wrote: > > I've just found a wireless LAN set up by someone in > > the building, I found it > > by chance when I was checking something with a > > colleague from another dept. > > The WLAN has zero security which is not a surprise > > and lets the user into > > the main LAN in the site with a DHCP address served > > up too! Does anyone have > > any tips on preventing users and dept's who don't > > think about security from > > plugging whatever they like into the network, > > > > Cheers > > > > Pat > > > > > > > > -- > > > > email me on : [EMAIL PROTECTED] > > [EMAIL PROTECTED] > > > > > > > __ > Do You Yahoo!? > Yahoo! - Official partner of 2002 FIFA World Cup > http://fifaworldcup.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47294&t=47287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 3Com Switch [7:20980]
Found this on 3com's site: - SolutionID: 2.0.76269083.3278305 Title: SuperStack II Switch 3300 - How to recover lost password on a 1100/3300 switch? Goal How to recover lost password on a 1100/3300 switch? Fact 3C16980 Fact 3C16980A Fact SuperStack II Switch 3300 Fact SuperStack II Switch 3300 Fact SuperStack II Switch 1100 Fact default password Symptom lost password Cause The password was changed and now the switch cannot be accessed. Fix The default password for the "admin" account is no password (just press enter when prompted for the password). If you can not access the switch try the security account using "security" as login and "security" as password. As soon as you gain access to the switch modify the admin account and re-login as administrator. You should avoid to access as security for administrative tasks. If you still have no access to the switch, please, contact 3Com to RMA the unit. - > Hi > > I have a 3Com Switch 3300 - 24 Port Superstack II that unfortunately I dont > know the password. > > Maybe somebody can give advice in how to do a password recovery /hack the > device? > > I have not been able to find in the 3Com site documentation for this > purpose. > > Thanks > > Sil Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20984&t=20980 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written: access lists [7:21726]
You're right. I'm guessing it's another case of a poorly-worded question. The only ways I know of to show an interface and its access-list is to "show ip int" or whatever, or "show ipx int e0" or whatever protocol you're using. The other is to "show run". > Dear Professional, > > I encountered this question while studying. It goes like this: > > Which command would display interfaces with applied access lists? > > A- show access-lists > B- show ip access lists > C- show ip access-lists > D- show access lists > > The correct answer is supposed to be A. I tried this on my router but it > does not show to which interfaces the access list is applied. What you > thinks? > > > Thanks > > Lw Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21732&t=21726 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF Router ID and IP Addresses [7:24003]
Alternatively, you can use the 'router-id x.x.x.x' command to force a router ID http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/n p1_r/1rospf.htm#xtocid2457225 Though I find it easier to use a single loopback for the OSPF process. > Robert, > > If your trying to find out what the RID will be on that box, try doing a "sh > ip ospf" and it should tell you. That aside. In your config, since you > don't have any loopbacks (as you stated you know those ip's will be selected > first as the RID) it'll take the highest ip of active interfaces (whether or > not they're in the ospf domain). So in your example, it'll start at the > first octet and choose the highest. That being 193.221.200.1 > > I think it's safe to make up a little list. > > 1) Highest IP of any loopback on the box > 2) highest ip of any interface (in ospf or not) > > Tim > > > > -Original Message- > > From: Thompson, Robert D [SMTP:[EMAIL PROTECTED]] > > Sent: Wednesday, October 24, 2001 6:50 AM > > To: [EMAIL PROTECTED] > > Subject: OSPF Router ID and IP Addresses [7:24003] > > > > Hi All, > > > > Can anybody clear something up for me. > > > > In OSPF when selecting the Router ID, what Interface will OSPF choose as > > the > > Router ID on this particular router. For example > > > > Interface Ethernet 0 > > IP address 10.1.1.1 255.0.0.0 > > > > Interface Ethernet 1 > > IP address 172.16.100.1 255.255.0.0 > > > > Interface Ethernet 2 > > IP address 193.221.200.1 255.255.255.0 > > > > rest of config not listed for this discussion and IP address structure > > made > > up for the discussion > > > > > > (in this case I won't use a loopback interface, purely to discuss Router > > ID > > and IP address considerations) > > > > I understand its the highest IP address that will win, in this case will > > it > > be 10.1.1.1? or will it be 193.221.200.1 > > > > I will appreciate any comments > > > > Cheers > > > > Rob Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24010&t=24003 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 3548 [7:24048]
The 3548's have the TAR function built in. tar /x tftp://171.68.206.171//tftp/c3500XL-c3h2s-mz-120.5.2-XU.tar flash: See: http://www.cisco.com/warp/public/473/36.shtml#Example1 for specifics. > Your best solution is to tftp up the tar ball with the IOS and HTML. > > Having to tftp each individual file is not my idea of fun. > > David C Prall [EMAIL PROTECTED] http://dcp.dcptech.com > - Original Message - > From: "Chris Sweeting" > To: > Sent: Wednesday, October 24, 2001 3:45 PM > Subject: 3548 [7:24048] > > > > I have 2 3548s one with the Html dir and the other 3548 HTML directory > was > > deleted. What is the most efficient way to get the files from HTMl > > directory from the first switch to the second. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24192&t=24048 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Auch, not following you :( [7:47856]
If your current config looks like this: enable configure terminal hostname Lab-Whatever enable password cisco enable secret class you'd then simply add service password-encryption Then, when you look at your config (show run), you'd see: Current configuration: ! version (whatever version) service password-encryption ! hostname Lab-Whatever ! enable secret 5 $7$kLH9$AA8J7fx1Ajq4.YigDEJXJ/ enable password 7 05085604131A2555 Or something like this. > Isn't enable password just the older form of enable > secret? > > Enable secret works over enable password. So if you > have an enable secret you do not need an enable > password. > > > --- Morgan Hansen wrote: > > Hi and thanx for all the input guys! > > > > 99 out of a 100 of you managed to give me this > > answer: > > > > service password-encrytion > > > > Therefore i gather it must be correct:-) Still, > > (feeling kinda dumb now, > > but?) I guess youre gonna have to give it to me like > > a 2 year old :( > > > > What I was wondering is: > > > > Im used to start a configuration like this: > > > > enable > > configure terminal > > hostname Lab-Whatever > > enable password cisco > > enable secret class > > etc > > etc > > etc > > > > Today someone told me, that I could expand the third > > line here (enable > > password cisco) and make it encrypted(?) > > If this is correct, what would this command look > > like? (Please, think of > > me as a 1 year old ok ;) > > > > Best, > > Morgan Hansen > > mailto:[EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47864&t=47856 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Specify DNS on a Router ... [7:48009]
ip name-server x.x.x.x > Hi all ... > > Quick easy question to you all ... can and how do you specify what DNS > server to use on a router ??? > > Regards > > Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48012&t=48009 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Class C summarization question [7:48367]
Firstly, 2 to the power of 4 is 16 (2x2x2x2). Secondly, regarding Carl's post, would the answer be 14? I'm not sure the subnet-zero comes into play with CIDR. I was under the impression it was only relevant to subnetting as opposed to summarizing. Does anyone know for sure? > I say 8. 2 to the power of 4 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48393&t=48367 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MAC address in router ARP table [7:48377]
clear arp-cache > Is rebooting the only solution? I am thinking of any other possible > method... > > -Original Message- > From: Carl Timm > To: [EMAIL PROTECTED] > Sent: 09/07/2002 2:13 PM > Subject: RE: MAC address in router ARP table [7:48377] > > Are you practicing in the lab? If so, just reboot the router. If not, > let me > know. > > Carl Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48394&t=48377 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Class C summarization question [7:48367]
If the choices are either 8 or 16, I'd definitely go with 16. 192.168.0.0/20 would be (for example): 192.168.0.1 to 192.168.15.254 Which is 16 total subnets. > One of the choices in the question was 16but 14 was not a choice. Could > it be that since 14 was not a choice that 8 was the closest thing since 16 > is possibly wrong because of the 0 subnet? This seems a little off the wall > to me butsometimes those cisco questions are off the wall. Dain. > > ""Bob Timmons"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Firstly, 2 to the power of 4 is 16 (2x2x2x2). > > > > Secondly, regarding Carl's post, would the answer be 14? I'm not sure the > > subnet-zero comes into play with CIDR. I was under the impression it was > > only relevant to subnetting as opposed to summarizing. Does anyone know > for > > sure? > > > > > I say 8. 2 to the power of 4 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48404&t=48367 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2 T1's to our provider [7:49039]
Why not use BGP? If both lines are to the same provider, it should be a no-brainer (relatively speaking of course). Are you using these T1's for failover/backups or for expanding bandwidth? BGP should help in either case. The 2600 should be sufficient and I don't think you'd need to have the the full BGP tables on your router if you're going to the same provider. Also, you could get away with a private ASN so there wouldn't be any cost to you. Now I've never done this, I've only done the BGP with T1's to different providers, which is considerably more difficult, IMHO. > Hi Kevin, > > We were in the same scenario in which you have described. The way I choose > to do is keep it simple and efficient and cost effective. We have dual PTP > connections on a Cisco 2650 with CEF, default routes, and per packet load > sharing. I can max out the t1's and it barely taxes the router resources and > on top of this I have about a 20 line access control list filtering traffic. > =) This router is a workhorse and I'm in love it. The 2650 uses a faster > memory and cpu than the 2621 but I think the 2621 would work. > > Hope this helps you in some way, > > Scott > > -Original Message- > From: W. Kevin Hunt [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 17, 2002 10:22 AM > To: [EMAIL PROTECTED] > Subject: 2 T1's to our provider [7:49039] > > We are upgrading to 2 T1's to our provider, Fractional DS3 is prohibitively > expensive in our rural area. > Has anyone done any speed comparisons on using round robin style static > routes > (i.e. 2 default routes w/ same cost) versus EIGRP's load balanceing versus > running MLPPP on the Serial interfaces? We're currently using a 2621 but > are > open to "bigger" routers. > > > > Kevin Hunt > CCNP, MCSE, MCT, Linux+ SME Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49114&t=49039 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP Full/Partial tables question [7:50382]
Hey all, I've got a problem. We're running a 7206vxr as our Internet router in NYC. It has 256MB of RAM and uses 2 T1's, each one to a different provider. We're using BGP to help 'load-share' and receiving full routes from each provider. The company needs this router for another use and has replaced it with a 3640. The issue is, the 3640 maxes out at 128MB of RAM and BGP is running out of memory. I've contacted each of my providers, UUNet & Digex (or Worldcom & Intermedia). UUNet sucessfully changed the policy to 'partial routes', so I'm now receiving about 49k routes from UUNet, down from about 110k routes. Digex, on the other hand, cannot seem to help me. Each time we've tried to modify the policy (on their side), I get only 1 route (according to the show ip bgp summary command) and it, basically, breaks. The 'show ip bgp summary' outputs both before & after are as follows: sho ip bgp summ BGP router identifier (w.x.y.z), local AS number 22791 BGP table version is 3769794, main routing table version 3769794 111999 network entries and 161920 paths using 16693023 bytes of memory 29127 BGP path attribute entries using 1748340 bytes of memory 25111 BGP AS-PATH entries using 642872 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP activity 190176/121829 prefixes, 1019863/857943 paths, scan interval 15 secs NeighborVAS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 157.130.248.37 4 701 489287 488922 376979400 04:44:4349974 206.181.62.29 4 2548 1331896 252164 376979400 6d09h 111944 sho ip bgp summ BGP router identifier (w.x.y.z), local AS number 22791 BGP table version is 49976, main routing table version 49976 49973 network entries and 49972 paths using 6646373 bytes of memory 9237 BGP path attribute entries using 554340 bytes of memory 7881 BGP AS-PATH entries using 196336 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP activity 240151/233844 prefixes, 1069845/1019873 paths, scan interval 15 secs NeighborVAS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd (snip) 4 701 508340 4889384997600 00:01:0249969 (snip) 4 2548 1331909 2693044997600 00:01:031 What problem am I trying to solve? How can I load-share the two T1's with or without BGP? We've got about 500 users in NYC that use these pipes for their Internet connectivity. We're supposed to upgrade to a fractional T3, but, as anyone who has worked in a corporate environment can attest, it doesn't happen overnight, nevermind the telco portion. My outbound load sharing is being done by my firewall. We've split the 2 /22 networks into 8 /24 networks and are sending 4 /24's to each T1. any help would be appreciated Bob Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50382&t=50382 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
