RE: 801 to the Internet
You could have your router get its IP address from your ISP dynamically (see partial config below). The key is the "ip address negotiated" command. This command is in the IP Plus feature set. Brian Dennis CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 ! ip nat inside source list 1 interface BRI0 overload isdn switch-type basic-5ess ! interface Ethernet0 ip address 172.16.1.1 255.255.255.0 ip nat inside ! interface BRI0 ip address negotiated ip nat outside encapsulation ppp dialer string 5551212 dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname MyISPUsername ppp chap password MyISPPassowrd ! ip route 0.0.0.0 0.0.0.0 BRI0 permanent access-list 1 permit any dialer-list 1 protocol ip permit ! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ricardo Ciganda Sent: Wednesday, January 31, 2001 6:43 AM To: [EMAIL PROTECTED] Subject: RE: 801 to the Internet Hi! You must put your global address on your BRI or dialer interface. Ricardo Ciganda CCNA, CCDA, Security Systems Engineer and Network Consultant BYTEMASTER, S.A. C/ Gran Capitan 2-4 4ª Planta Barcelona, SPAIN 08034 [EMAIL PROTECTED] Phone: (+34) 93-2520540 Fax:(+34) 93-2520541 Ask me I won't say no, how could I? The Smiths -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Enviado el: miércoles, 31 de enero de 2001 15:16 Para: [EMAIL PROTECTED] Asunto: 801 to the Internet Hi, I would like to connect to the Internet using my 801 router. Is there a way to accomplish this without having a fixed IP-address. I mean just as a normal PC connecting to the internet. Regards, Tarry -- Sent through GMX FreeMail - http://www.gmx.net _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DR Election
Brian, Can you forward the ospf configs for the R3, R5 and R6. Also the following commands from R3 and R5 "show ip ospf virtual-links" and a "show ip ospf" Thanks, Brian -Original Message- From: Brian Lodwick [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 01, 2001 7:28 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: DR Election Brian, I would like to see if you, or anyone on the list can assist me in getting this config to work correctly. Lab: I have 3 routers (2501's) 1 frame switch, ~hub and spoke topology backbone. 2 other routers (2501's) for my virtual-link. The backbone is configured with NBMA, and off of each backside is an (ethernet) broadcast area labeled 1, 2, and 3. Off of r5's ethernet is area 2. I have connected r3's ethernet to this segment, and the serial side of r3 is another area -area 4. I have setup the ethernet interface on the r3 a virtual link to r5 through that (ethernet segment) broadcast area. The problem is that r5 doesn't get routing information for area 4. All the other routers do receive routing information for area 4 through the virtual-link, and area 4 receives routing info for everything else. There seems to be a problem with the virtual-link setup. ___r5---area 2---r3---area 4 / area 1---r6--frameswitch \___r4---area 3 Now after reading over my message it looks like I need to include some configs. I'll get to the lab and copy some configs. I'll just throw this out there and see if anyone can see any mistakes that stick out. >>>Brian >From: "Brian Dennis" <[EMAIL PROTECTED]> >Reply-To: "Brian Dennis" <[EMAIL PROTECTED]> >To: "Brian Lodwick" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> >Subject: RE: DR Election >Date: Wed, 31 Jan 2001 13:13:11 -0800 > >Brian, >An OSPF virtual link is treated as an IP unnumbered point-to-point link. >There isn't a DR or BDR on an OSPF point-to-point link. > >Brian Dennis >CCIE #2210 (R&S)(ISP/Dial) >CCSI #98640 > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Brian Lodwick >Sent: Wednesday, January 31, 2001 12:40 PM >To: [EMAIL PROTECTED]; [EMAIL PROTECTED] >Subject: RE: DR Election > > >What about this configuration I can't get this to work right? >NBMA backbone area w/virtual-link punching through a broadcast area to the >backbone. Does the router off of the virtual link create an adjacency with >the DR/BDR on the backbone? > > >>>Brian > > > >From: "Howard C. Berkowitz" <[EMAIL PROTECTED]> > >Reply-To: "Howard C. Berkowitz" <[EMAIL PROTECTED]> > >To: [EMAIL PROTECTED] > >Subject: RE: DR Election > >Date: Wed, 31 Jan 2001 15:00:13 -0500 > > > > >What about Virtual-links too, aren't they considered a traffic type? > > > > > >I might be getting in trouble here answering off the top of my head, > >but IIRC they are treated as point-to-point links terminating in the > >router ID at each end. > > > > > > > >>>>Brian > > > > > > > > >>From: "Howard C. Berkowitz" <[EMAIL PROTECTED]> > > >>Reply-To: "Howard C. Berkowitz" <[EMAIL PROTECTED]> > > >>To: [EMAIL PROTECTED] > > >>Subject: RE: DR Election > > >>Date: Wed, 31 Jan 2001 12:19:07 -0500 > > >> > > >>>There are three main types on environments (I hope) > > >> > > >>Correct, but also let me add: > > >> > > >> Demand circuit > > >> > > >> > > >>> > > >>>Broadcast > > >>>Point-to-Point > > >>>NBMA (Non-Broadcast Multi-Access) > > >>> > > >>>Point to Point would not be a multi-access segment. The other two > >would. An > > >>>Example of Broadcast is Ethernet, while an example of NBMA would be > > >>>Frame-Relay. Following this logic ' DR and BDR concepts ' would not > >have to > > >>>be broadcast, only multi-access. Point to point creates an adjacency > >instead > > >>>of using DR's and BDR's. > > >>> > > >>>I hope the diagram below turns out, but the first one is point to > >point, so > > >>>information is exchanged directly, however in a multi-access > >environment > > >>>both other routers only exchange information with the DR so as not to > >have > > >>>to have
RE: route summarization in rip
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c /ipcprt2/1cdrip.htm#xtocid96248 Brian Dennis CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Adam Wang Sent: Thursday, February 01, 2001 1:39 PM To: [EMAIL PROTECTED] Subject: route summarization in rip Does anyone know if route summary is avaliable in rip (v1/v2) on the cisco router. I know it can be down in OSPF and EIGRP. Thanks Adam __ Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: need help with console connection
You should be typing "no exec-timeout" not "no exec". R8(config-line)#no exec? exec exec-banner exec-character-bits exec-timeout R8(config-line)#no exec-timeout Brian Dennis CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of IC Lee Sent: Monday, February 05, 2001 6:50 PM To: [EMAIL PROTECTED] Subject: Re: need help with console connnection Go to rom monitor mode by press ctrl+break. Change config register to 2142. so that it boot up ignoring NVRAM. then reboot change your startup config and save ""Sisqo"" <[EMAIL PROTECTED]> wrote in message 95nova$irp$[EMAIL PROTECTED]">news:95nova$irp$[EMAIL PROTECTED]... > on line console 0, I added the 'no exec time-out' command. thereafter, it > freeze then I couldn't do anything but power cycled the router. I can see > it reboot but still freezes on me with no keyboard input capability. This > is a 2501, my line connection is on it's console port. Before I did this, I > was able to have keyboard input. Any help would be appreciated. > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NM-1E2W Module
This should work. http://www.cisco.com/go/module Brian Dennis CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin Wigle Sent: Tuesday, February 06, 2001 10:10 AM To: Jon Wagner; 'Warrick FitzGerald'; [EMAIL PROTECTED] Subject: Re: NM-1E2W Module this is what I get: As this page was linked to Cisco CCO from another web site - Unknown referrer you should notify the [EMAIL PROTECTED] or similar responsible person for the content or search feature of that site, of the incorrect link to http://www.cisco.com/go/modules Kevin Wigle - Original Message - From: "Jon Wagner" <[EMAIL PROTECTED]> To: "'Warrick FitzGerald'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, February 06, 2001 12:17 PM Subject: RE: NM-1E2W Module > For a complete list of every module and it's requirements, you can find out > at > http://www.cisco.com/go/modules > > Every module is listed under 'solution finder' and it contains hardware & > software requirements for each module. > > -Original Message- > From: Kevin Wigle [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, February 06, 2001 11:55 AM > To: Evan Francen; 'Warrick FitzGerald'; [EMAIL PROTECTED] > Subject: Re: NM-1E2W Module > > > well I've been having a running commentary with Cisco for the last > few days about what is and what isn't supported on 2600s.. > > If all you need is an additional ethernet then the NM-1E= would do it. > > There is also a 4 port ethernet - NM-4E= (but pricey) > > Kevin Wigle > > > - Original Message - > From: "Evan Francen" <[EMAIL PROTECTED]> > To: "'Warrick FitzGerald'" <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]> > Sent: Tuesday, February 06, 2001 10:14 AM > Subject: RE: NM-1E2W Module > > > > The 2600 series routers do not support the NM-1E2W module. You can check > > the supported modules at > > http://www.cisco.com/univercd/cc/td/doc/pcat/2600.htm. > > > > HTH, > > Evan > > > > -Original Message- > > From: Warrick FitzGerald [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, February 06, 2001 9:03 AM > > To: [EMAIL PROTECTED] > > Subject: NM-1E2W Module > > > > > > Hi, > > > > I have a 2600 cisco router and would like to purchase another ethernet > > interface for the unit. I can find plety of NM-1E2W modules for sale, but > > the description next to the item always says that it is for a 3600 router, > > can anyone tell me if this module will work in a 2600 and if so how would > I > > have figured this out myself ? > > > > Thanks > > Warrick FitzGerald > > LiveTechnology International Inc. > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: not quite sure...
PPP can be reliable. http://www.cisco.com/univercd/cc/td/doc/product/software/ios112/112cg_cr/4rb ook/4rppp.htm#xtocid2891421 http://www.landfield.com/rfcs/rfc1663.html Brian Dennis CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Priscilla Oppenheimer Sent: Thursday, February 08, 2001 4:04 PM To: [EMAIL PROTECTED] Subject: RE: not quite sure... At 11:19 AM 2/8/01, Jeremy Dumoit wrote: >I actually think it depends on what encapsulation >is running accross the serial link. If you're using >HDLC then it's a connection oriented, reliable Cisco's HDLC is non-standard and is not connection-oriented. The router would not retransmit. The router also won't retransmit if it's PPP, Frame Relay, Ethernet, etc. etc etc. etc. >protocol... meaning if a packet is lost in transit >accross the serial link, the router will knw it when >it receives a response from the destination router. >It'll then resend the frame. If you're using a >datagram protocol, like ppp, however, it will rely on >the upper layer protocols to detect missing data.. > > >--- Brant Stevens <[EMAIL PROTECTED]> wrote: > > The question is if Router B and Router C are > > routing, or if they are > > bridging... If they are routing, then Router B > > would re-transmit a packet. > > If bridging is happening, then Host A would > > retransmit... > > > > Hope this helps... > > > > Brant I. Stevens > > Internetwork Solutions Engineer > > Thrupoint, Inc. > > 545 Fifth Avenue, 14th Floor > > New York, NY. 10017 > > 646-562-6540 > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of > > Dennis Laganiere > > Sent: Wednesday, February 07, 2001 11:32 PM > > To: '[EMAIL PROTECTED]' > > Subject: not quite sure... > > > > > > I've tried to diagram this question to make it > > clear... > > > > Host A is sending to Host D... > > > > A line error occurs on the serial link between > > Router-B and Router-C while > > passing a packet from Host-A to Host-B > > > > Devices - Host A-ROUTER B-ROUTER > > CHOST D > > Interfaces - (A1)(B1) (B2)(C1) > > (C2) (D1) > > > > What device would rebroadcast? > > > > I think that router-B (port B2) would realize an > > error had occured, and > > would resend, so the answer should be port B2, but > > I've been through all my > > books and can't find anything to confirm or deny my > > conclusion... > > > > Any thoughts? > > > > _ > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to > > [EMAIL PROTECTED] > > > > _ > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to >[EMAIL PROTECTED] > > >__ >Do You Yahoo!? >Get personalized email addresses from Yahoo! Mail - only $35 >a year! http://personal.mail.yahoo.com/ > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN CONFIG FOR DIALING UP ISP
This should work for you. Brian Dennis CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 version 12.0 ! isdn switch-type basic-dms100 ! ! interface Ethernet0 ip address 172.16.1.1 255.255.255.0 ip nat inside ! interface BRI0 ip address negotiated ip nat outside encapsulation ppp load-interval 30 dialer idle-timeout 600 dialer string 800555 dialer load-threshold 1 either dialer-group 1 isdn switch-type basic-dms100 isdn spid1 800555121201 isdn spid2 800555121301 no cdp enable ppp authentication chap callin ppp chap hostname YourISPUserName ppp chap password YourISPPassword ppp multilink ! ip nat inside source list 1 interface BRI0 overload ip classless ip route 0.0.0.0 0.0.0.0 BRI0 ! access-list 1 permit any dialer-list 1 protocol ip permit ! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of kaushal Bhatt Sent: Saturday, February 10, 2001 12:34 AM To: [EMAIL PROTECTED] Subject: ISDN CONFIG FOR DIALING UP ISP Hello, What should be the configuration for ISDN BRI interfacae and DDR, when I = have to dial-up ISP for getting connected to net, and the ISP will be = assigning the IP-address through DHCP ? Regards Kaushal Bhatt Systems Administrator Thermax Systems & Software Ltd www.thermaxsoftware.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: bgp questions
Sychonization only comes into play when a BGP route is learned from an iBGP peer. If you are the origniator of the route you must have an IGP route. Disabling synchonization won't affect the originator of the route. Brian Dennis CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ahmed Aden Sent: Wednesday, February 14, 2001 8:36 AM To: Rodgers Moore Cc: [EMAIL PROTECTED] Subject: Re: bgp questions Correct me if I'm wrong, but the only situation that bgp cares about IGP's synchronization is when bgp is explicitly configured to announce networks (i.e network x.x.x.x mask x.x.x.x) and it would have to check the igp to see if there is a valid route to that network. This can be overridden by 'no synchronization'. However, the default behavior is that bgp announces active (I'm not sure what activate means) routes (routes which are reachable via an IGP's routing table) to all configured bgp peers irrespective of whether they are an ibgp or ebgp peer. For this reason, I would select A. It's still very poorly worded, assuming 'activate' is not a typo. hope this helps On Wed, 14 Feb 2001, Rodgers Moore wrote: > Yuck, really bad question. No frame of reference, no nothin. What is a > activate route anyway? Active route? > > I think the key to answering this question is the question: when would BGP > not report an active route? When BGP and the IGP are not in sync, then an > active route would not be reported. > > I say "D" is the most likely suspect, although I would change BGP to EBGP. > > Rodgers Moore > > ""Howard C. Berkowitz"" <[EMAIL PROTECTED]> wrote in message > news:p05001900b6aff192dfe7@[63.216.127.98]... > > >I would choose D , correct me if I am wrong > > >--- David Tran <[EMAIL PROTECTED]> wrote: > > >> I have this question on my cisco prep exam > > >> fill-in-the-blank. Please = > > >> help. > > >> > > >> A BGP router reports all activate routes based from > > >> BGP __. This is = > > >> the default policy action for BGP routers. > > >> > > >> A. to all BGP peers > > >> B. to all IBGP peers > > >> C. to all EBGP peers > > >> D. and the IGP's configured on the router to all BGP > > >> peers > > >> > > >> I select choice a. Is it correct? > > >> > > >> David Tran > > > > [EMAIL PROTECTED] > > > > > > > > > > It's a poorly written question. If I was forced to pick, but I don't > > understand the first sentence. > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: bgp questions
Correct but also remember that it's only for routes received from iBGP peers not eBGP peers. There really is a lot of confusion about when to use or not use synchronization much less what routes it affects. I spend extra time in the Advanced BGP class that I teach ensuring that the students fully understand synchronization. Brian Dennis CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ahmed Aden Sent: Wednesday, February 14, 2001 9:54 AM To: Brian Dennis Cc: Rodgers Moore; [EMAIL PROTECTED] Subject: RE: bgp questions Thanks for the clarification. So with 'no synchronization' set, every peer who RECEIVES that route doesn't have to verify if there is an igp route to it, but the originator still checks before advertising it? On Wed, 14 Feb 2001, Brian Dennis wrote: > Sychonization only comes into play when a BGP route is learned from an iBGP > peer. If you are the origniator of the route you must have an IGP route. > Disabling synchonization won't affect the originator of the route. > > Brian Dennis > CCIE #2210 (R&S)(ISP/Dial) > CCSI #98640 > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Ahmed Aden > Sent: Wednesday, February 14, 2001 8:36 AM > To: Rodgers Moore > Cc: [EMAIL PROTECTED] > Subject: Re: bgp questions > > > > Correct me if I'm wrong, but the only situation that bgp cares about IGP's > synchronization > is when bgp is explicitly configured to announce networks (i.e network > x.x.x.x mask x.x.x.x) and it would have to check the igp to see if there > is a valid route to that network. This can be overridden by 'no > synchronization'. However, the default behavior is that bgp announces > active (I'm not sure what activate means) routes (routes which are > reachable via an IGP's routing table) to all configured bgp peers > irrespective of whether > they are an ibgp or ebgp peer. For this reason, I would select A. It's > still very poorly worded, assuming 'activate' is not a typo. > > hope this helps > > > On Wed, 14 Feb 2001, Rodgers Moore wrote: > > > Yuck, really bad question. No frame of reference, no nothin. What is a > > activate route anyway? Active route? > > > > I think the key to answering this question is the question: when would BGP > > not report an active route? When BGP and the IGP are not in sync, then an > > active route would not be reported. > > > > I say "D" is the most likely suspect, although I would change BGP to EBGP. > > > > Rodgers Moore > > > > ""Howard C. Berkowitz"" <[EMAIL PROTECTED]> wrote in message > > news:p05001900b6aff192dfe7@[63.216.127.98]... > > > >I would choose D , correct me if I am wrong > > > >--- David Tran <[EMAIL PROTECTED]> wrote: > > > >> I have this question on my cisco prep exam > > > >> fill-in-the-blank. Please = > > > >> help. > > > >> > > > >> A BGP router reports all activate routes based from > > > >> BGP __. This is = > > > >> the default policy action for BGP routers. > > > >> > > > >> A. to all BGP peers > > > >> B. to all IBGP peers > > > >> C. to all EBGP peers > > > >> D. and the IGP's configured on the router to all BGP > > > >> peers > > > >> > > > >> I select choice a. Is it correct? > > > >> > > > >> David Tran > > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > It's a poorly written question. If I was forced to pick, but I don't > > > understand the first sentence. > > > > > > _ > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Update-source in EBGP Sessions
The syntax of the command is that you put the neighbors ip address and the interface you want your BGP session to be sourced off of in the command. So if your neighbor is 200.100.50.25 and you wanted to source your BGP session off your loopback 0 interface you would enter the command like this: neighbor 200.100.50.25 update-source Loopback0 Also remember the multihop issue with eBGP neighbors. Brian Dennis CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Khalid Jiwani Sent: Wednesday, February 14, 2001 2:10 PM To: [EMAIL PROTECTED] Subject: Update-source in EBGP Sessions Hi everyone: If I am establishing an EBGP session with a remote router, what should be the ip address in the command " neighbor update-source" of remote peer ? my IP address or his own IP ? ( Remote neighbor is using me for transit) Thanks in Advance Khalid __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DB60 to RJ45 adapters?
They are a little expensive compared to generic DCE to DTE cables but you could use these and put them in a standard RJ45 patch panel. This would make swapping lab topologies around very easy. Brian Dennis CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dan Sent: Thursday, February 15, 2001 10:03 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: DB60 to RJ45 adapters? For $63.95 I'd skip the adapters and get the real deal. Dan Pontrelli Customer Installation Engineer - Verio NYC CCNP, MCSE, CNA - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, February 15, 2001 7:14 AM Subject: Re: DB60 to RJ45 adapters? > I found the adapters at... > WWW.CSDATA.COM > > > > > > This message was sent by Cosmiverse. > http://www.cosmiverse.com > Get Your Free Email Account Today! > Join us Today as a Digital Passenger aboard > Cosmic Voyage 2000 ( http://www.cosmicvoyage2000.com )! > > > > ___ To unsubscribe from the CCIELAB list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe ccielab _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Enabling SSH on a router
The following routers are also supported in 12.1(1)T or higher. Cisco 1700 series Cisco 2600 series Cisco 3600 series Cisco ubr920 series http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121 t/121t3/sshv1c.htm Brian Dennis CCIE #2210 (R&S) (ISP/Dial) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ed Moss Sent: Tuesday, January 23, 2001 10:48 AM To: [EMAIL PROTECTED] Subject: Re: Enabling SSH on a router I believe SSH is available on 7000 series routers and bigger. Ed _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Mzmaker [7:46]
Gareth, I use it to enable my 2500s to run the image from RAM as opposed to flash. The largest image I was able to get working with 16 megs of RAM in the router was about a 13 meg IOS image before compression. Anything larger than about 13 megs won't boot. I haven't tried it but theoretically you could run this image without any flash at all if you booted the image from a TFTP server. One of the drawbacks is that the router isn't left with a lot of memory to use for it's processes (see 'sho mem' below) so I wouldn't recommend using this in a production environment but in a lab environment it isn't usually an issue. Brian Dennis CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 [root@FW1 bdennis]# ls -l c2500* -rw-rw-r-- 1 bdennis bdennis 5861550 Apr 2 18:10 c2500-jos56i-l.120-4.T.Z -rw-rw-r-- 1 bdennis bdennis 12699926 Apr 2 14:06 c2500-jos56i-l.120-4.T.bin [root@FW1 bdennis]# R2#sho ver Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JOS56I-L), Version 12.0(4)T, RELEASE SOFTWARE (fc1) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Wed 28-Apr-99 21:02 by kpma Image text-base: 0x144C, data-base: 0x00B63958 ROM: System Bootstrap, Version 11.0(10c)XB1, PLATFORM SPECIFIC RELEASE SOFTWARE (fc1) BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c)XB1, PLATFORM SPECIFIC RELEASE SOFTWARE (fc1) R2 uptime is 21 hours, 46 minutes System restarted by reload System image file is "flash:c2500-jos56i-l.120-4.T.Z" cisco 2500 (68030) processor (revision L) with 14336K/2048K bytes of memory. Processor board ID 01486505, with hardware revision Bridging software. X.25 software, Version 3.0.0. SuperLAT software copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 1 Ethernet/IEEE 802.3 interface(s) 2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 R2#sho flash System flash directory: File Length Name/status 1 5861676 c2500-jos56i-l.120-4.T.Z [5861740 bytes used, 2526868 available, 8388608 total] 8192K bytes of processor board System flash (Read/Write) R2#sho mem Head Total(b)Used(b)Free(b) Lowest(b) Largest(b) ProcessorCE69FC11484201148420 0 0 0 I/OE020971521345176 751976 682724 722216 R2# -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Gareth Hinton Sent: Tuesday, April 10, 2001 4:34 AM To: [EMAIL PROTECTED] Subject: Re: Mzmaker [7:46] Can someone explain how this works then? Where does the image decompress to? The way I understood it, a compressed image which is stored in flash, decompresses to RAM, then runs from there. Could 2500's ever Run from RAM? Is this image dependant, I thought a router was either 'run from flash' or 'run from ram'. Can the IOS change that? I've used mz images plenty on other routers, but can't find a 2500 image that is not .bin. Any replies welcome - I'm off to look into it myself. Cheers, Gareth ""Circusnuts"" wrote in message 0f6c01c0c105$035e8fe0$[EMAIL PROTECTED]">news:0f6c01c0c105$035e8fe0$[EMAIL PROTECTED]... > Gareth- your half right. MZMaker is for the RUN from RAM routers, which is a > good portion of the images Cisco supports. I have used MZMaker exclusively in > the 2500's for the past 2 years (HOMELAB ONLY). It will not work on the new > 12.1 (2500 Series), run from FLASH images- as you suggest. I'm not sure if > you have upgraded a lot of routers, via the CCO... but a majority of the > images have the MZ designation in the IOS name. Cisco uses the very same > program to compress their images... > > Phil > > "Gareth Hinton" wrote in message > 9asrpa$is4$[EMAIL PROTECTED]">news:9asrpa$is4$[EMAIL PROTECTED]... > > Not convinced! > > I must admit I've never used Mzmaker, but surely it's only useful for 'Run > > from RAM' routers. > > Can it be used at all on a 2500? > > > > Gareth > > > > ""Bob Timmons"" wrote in message > > 9asg22$32a$[EMAIL PROTECTED]">news:9asg22$32a$[EMAIL PROTECTED]... > > > How much RAM do you have on this router? If the uncompressed IOS is > > greater > > > than 8MB, you need 16MB of RAM. Remember, when you compress an IOS image > > it > > > will uncompress into RAM when booting. If you have 16MB of RAM, maybe > try > > > re-compressing the original IOS image. > > > > > > > I have a 2514 w/ 8Mb flash. When I used mzmaker to compress IOS 12 > that > > > is > > > > 10MB it worked fine. However, after writing
RE: Reverse telnet [7:1328]
One easy solution would be to use aliases. So say you have: 1 for r1 2 for r2 3 for r4 4 for r5 You could alias 4 to 3 and 5 to 4. Access_Server-A#conf t Enter configuration commands, one per line. End with CNTL/Z. Access_Server-A(config)#alias exec 4 3 Access_Server-A(config)#alias exec 5 4 Just one of many ways. Brian Dennis CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of A.Strobel Sent: Thursday, April 19, 2001 7:27 PM To: [EMAIL PROTECTED] Subject: Reverse telnet [7:1328] When setting up reverse telnet, it is good to match the connection with the router number: 1 for r1 2 for r2 6 for r6 What is the trick to have connection 6 to go to r6 even if there is no r5? Tks. A. Strobel Get free email and a permanent address at http://www.amexmail.com/?A=1 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1329&t=1328 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DDR Problems [7:1521]
Albert, Your problem is with the dialer map. You're mapping to an address that you don't have a route to. Just because you configure a dialer map statement doesn't mean that you have a route to it. Your dialer interface is in one subnet and the address that you're mapping to is in another. You need to add: "ip route 10.130.0.2 255.255.255.255 BRI0" if you want to use that dialer map or you could put the other router's interface in the same subnet as your dialer interface (preferred). Brian Dennis CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Albert Lu Sent: Sunday, April 22, 2001 1:21 AM To: [EMAIL PROTECTED] Subject: DDR Problems [7:1521] Hello Group, I'm currently having problems with DDR, and was hoping someone could take a look at my config. I'm trying to get it to dial through my modem when any IP traffic are detected, but I've tried pinging many times with no result. I've also tried debug dialer to see if there is any thing going on, and it's giving me no results. Any help would be appreciated. Thanks Albert Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname BranchA ! enable secret 5 $1$yznA$yGDVg7d22bM1FvzAJveaP0 ! username CentralA password 0 cisco ! ! ! ! ip subnet-zero no ip domain-lookup ip host modem 2065 11.1.1.1 ! isdn switch-type basic-5ess isdn voice-call-failure 0 chat-script blah "" "atdt" OK ! ! ! interface Loopback69 ip address 11.1.1.1 255.255.255.0 no ip directed-broadcast ! interface FastEthernet0/0 ip address 10.218.0.1 255.255.255.0 no ip directed-broadcast duplex auto speed auto ! interface Serial0/0 no ip address no ip directed-broadcast no ip mroute-cache shutdown ! interface Serial0/1 no ip address no ip directed-broadcast shutdown ! interface BRI1/0 no ip address no ip directed-broadcast encapsulation ppp shutdown dialer idle-timeout 300 dialer-group 1 isdn switch-type basic-5ess ppp authentication chap ! interface BRI1/1 no ip address no ip directed-broadcast shutdown isdn switch-type basic-5ess ! interface BRI1/2 no ip address no ip directed-broadcast shutdown isdn switch-type basic-5ess ! interface BRI1/3 no ip address no ip directed-broadcast shutdown isdn switch-type basic-5ess ! interface Async65 no ip address no ip directed-broadcast encapsulation ppp keepalive 10 dialer in-band dialer rotary-group 0 async default routing async mode dedicated fair-queue 64 16 0 ! interface Dialer0 ip address 10.130.1.1 255.255.255.0 no ip directed-broadcast encapsulation ppp dialer in-band dialer wait-for-carrier-time 180 dialer map ip 10.130.0.2 name CentralA 0414184780 dialer map ip 255.255.255.255 name CentralA 0414184780 dialer-group 1 ppp authentication chap ! ip nat translation timeout never ip nat translation tcp-timeout never ip nat translation udp-timeout never ip nat translation finrst-timeout never ip nat translation syn-timeout never ip nat translation dns-timeout never ip nat translation icmp-timeout never ip classless ip route 10.115.0.0 255.255.255.0 10.130.0.2 no ip http server ! dialer-list 1 protocol ip permit ! line con 0 exec-timeout 0 0 transport input none line aux 0 login modem InOut transport input all transport output none stopbits 1 speed 115200 flowcontrol hardware line vty 0 4 password cisco login ! end FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1549&t=1521 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ECP1 or ACCP1,2,3 [7:1710]
Laurel, You are confusing the ECP1 class from Mentor Technologies with the ANEW classes from Global Knowledge. The ANEW classes are being retired and students that signed up for the ANEW classes are being switched over to the new ACPC classes. If you compare the ANEW class outlines with the ACPC 1, 2 and 3 outlines you'll see that there is a major difference in the course content which I'm sure the students being switched will appreciate and isn't leaving them high and dry. The ANEW classes use to also be part of the ACP program. The replacements classes are the ACPC 1, 2 and 3. Global Knowledge is offering an ACP program which consists of the ACPC 1, 2 and 3 plus a mock CCIE lab and mentoring. As the course developer and course director for the ACP classes and program I'll personally guarantee that no student will be left high and dry. If you or anyone has any questions or concerns about the classes or program feel free to call me at (925) 260-2724. Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 [EMAIL PROTECTED] 5G Networks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Laurel Jones Sent: Tuesday, April 24, 2001 9:08 AM To: [EMAIL PROTECTED] Subject: RE: ECP1 or ACCP1,2,3 [7:1710] I am looking at signing up for the APPC program which includes ACCP1, 2 3, a mock lab, mentoring, and remote lab access. However, I've been talking over the last week or so with the rep at Global Knowledge and I'm becoming a little leery of the program. He says they are discontinuing the ECP labs and replacing with the ACCP, but they are still in the midst of making changes and that he couldn't quote a firm price yet or even tell me exactly what would be included in the program. He said they are meeting on Wednesday of this week to go over the changes in the program and that he will get back to me after that. I've also heard some reports that Global has recently cancelled a lot of scheduled classes including the ECP labs because not enough students were signing up. I can understand their need to do this to stay profitable, but evidently it is leaving some students who have purchased the courses as a package deal like the APPC program kind of "high and dry." -Original Message- From: roger mcneace [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 24, 2001 7:48 AM To: [EMAIL PROTECTED] Subject: ECP1 or ACCP1,2,3 [7:1710] Has anyone attended the ECP1 or ACCP1,2,3 CCIE lab prep courses? What are your recommendations. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1749&t=1710 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ECP1 or ACCP1,2,3 [7:1710]
The ACPC classes are brand new and haven't been run for the public yet. The first public ACPC classes will be in June. I'm the course developer for the ACPC classes and can answer any questions you have about them. Feel free to call me at (925) 260-2724. Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 [EMAIL PROTECTED] 5G Networks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of roger mcneace Sent: Tuesday, April 24, 2001 7:48 AM To: [EMAIL PROTECTED] Subject: ECP1 or ACCP1,2,3 [7:1710] Has anyone attended the ECP1 or ACCP1,2,3 CCIE lab prep courses? What are your recommendations. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1753&t=1710 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How do you telnet into a specific vty port? [7:2005]
Put the particular vty you want to telnet to in a rotary group. Telnet to an IP address on the router but not to the default port of 23. Telnet to port 7000 + the rotary group number (i.e. telnet 1.1.1.1 7004). Brian Dennis CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 Access_Server-A(config)#line vty 4 Access_Server-A(config-line)#rotary ? Rotary group to add line to Access_Server-A(config-line)#rotary 4 Access_Server-A(config-line)#^Z Access_Server-A#telnet 1.1.1.1 7004 Trying 1.1.1.1, 7004 ... Open User Access Verification Username: root Password: Access_Server-A> -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dimitrije Sent: Wednesday, April 25, 2001 6:01 PM To: [EMAIL PROTECTED] Subject: How do you telnet into a specific vty port? [7:2005] How can one telnet into a specific vty port? I changed the password on vty 2 to allow one specific user access into my 1720. However, I can't telnet into vty 2 until their are active telnet sessions already established on vty 0 and 1. Note vty 2 corresponds to line 8 on this 1720. Also note that I am NOT trying to reverse telnet. Thanks for any help regards, Dimitrije FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2020&t=2005 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Integrated IS-IS [7:2664]
John, Cisco stated that ISO-CLNS has been dropped from the lab but they didn't say IS-IS was dropped. With all the new features added to IS-IS in 12.0S/T I wouldn't be surprised to see more of it. Anyways a CCIE should know IS-IS even if it wasn't on his/her lab. Don't limit your knowledge to just the topics covered in the CCIE lab. Hope I don't open a can of worms on this one 8) Brian Dennis CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > John Nwodo > Sent: Monday, April 30, 2001 5:49 PM > To: [EMAIL PROTECTED] > Subject: Integrated IS-IS [7:2664] > > > Do I need to study Integrated IS-IS for the routing & switching CCIE lab > exam ?? On the cisco website it says that ISO CLNS has been > dropped from the > lab, what exactly does this mean ? As you can tell from this post I am not > great on IS-IS yet..so any guidance needed. > > Thanks > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2684&t=2664 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN BRI up but does not ping [7:2712]
John,
It does need it. You need the dialer-group command under the interface even
if you don't define any interesting traffic in order for the router to send
traffic over the link. If you don't have a dialer-group defined you'll get
an encapsulation failed when you do a debug ip packet. I know this doesn't
make sense from what the Cisco documentation says.
Brian Dennis
CCIE #2210 (R&S)(ISP/Dial)
CCSI #98640
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Jaeheon Yoo
> Sent: Tuesday, May 01, 2001 3:25 PM
> To: [EMAIL PROTECTED]
> Subject: Re: ISDN BRI up but does not ping [7:2712]
>
>
> Hi, Jim
>
> My understanding is dialer-group statement does NOT block any packets
> while the connection is established up.
>
> What it does is;
>
> 1. define interesting traffic to initiate the call
> 2. reset the idle timers when interesting traffic is pass through
> established connection.
>
> Please correct me if I'm wrong.
>
> Regards,
> Jaeheon
>
>
> On 1 May 2001 18:14:48 -0400, [EMAIL PROTECTED] ("Jim Brown")
> wrote:
>
> >I scanned the message and noticed the configs at the bottom.
> >
> >You only applied a dialer-group on the dialing end. My testing and
> >observation determined that you need a dialer-group statement on
> the remote
> >end also.
> >
> >If you do not define any interesting traffic for the remote end
> it will not
> >send any packets back to the host that initiated the call.
> >
> >I always assumed you only needed to define interesting traffic
> to initiate a
> >call, so why would I need the dialer-group statement on the remote end?
> >
> >When initially goofing around with ISDN I noticed this behavior.
> I could not
> >find it documented anywhere. I just assumed if the connection is
> up why do I
> >need to define interesting traffic for the remote end. This
> drove me crazy
> >for a few hours.
> >
> >List, please correct me if I'm crazy. I noticed this behavior
> with 12.0 IOS.
> >
> >-Original Message-
> >From: Jaeheon Yoo [mailto:[EMAIL PROTECTED]]
> >Sent: Tuesday, May 01, 2001 3:57 PM
> >To: [EMAIL PROTECTED]
> >Subject: Re: ISDN BRI up but does not ping [7:2712]
> >
> >
> >Hi, Shoaib.
> >
> >First of all, you have to check if the ping packet is ever received by
> >the remote end, is it possible to "debug ip packet" at the remote end?
> >If it's not possible, check it at the center site with this.
> >
> >access-list 110 permit ip 130.1.1.0 0.0.0.255 130.1.1.0 0.0.0.255
> >debug ip packet detail 110
> >
> >If it's ever really sent to the remote end, then check if your isdn
> >interface of the remote end has any access-lists configured, which may
> >block return ping(echo reply) or any policy routing on that matter.
> >
> >From your post, I have found nothing wrong with ISDN configuration.
> >But one thing is missing at the remote end, you have to add
> >dialer-group command to reset idle timer when interesting packets are
> >passed. But I guess this is not directly related to your current
> >problem.
> >
> >Please let me know how you solved the problem, if it's done.
> >
> >Regards,
> >Jaeheon
> >
> >On 1 May 2001 14:43:19 -0400, [EMAIL PROTECTED] ("Shoaib Waqar")
> >wrote:
> >
> >>I have traced the route as well, the data is not
> >>passing across the ISDN link.
> >>
> >>I also have used extended ping, but it does not ping.
> >>
> >>Shoaib
> >>
> >>--- Albert Lu wrote:
> >>> Do you know whether data is going across the link at
> >>> all?
> >>>
> >>> Try a trace to the other side, and see what route
> >>> the packet takes.
> >>>
> >>>
> >>> Albert
> >>>
> >>> > -Original Message-
> >>> > From: Shoaib Waqar [mailto:[EMAIL PROTECTED]]
> >>> > Sent: Tuesday, 1 May 2001 10:15
> >>> > To: Albert lu
> >>> > Cc: [EMAIL PROTECTED]
> >>> > Subject: RE: ISDN BRI up but does not ping
> >>> [7:2712]
> >>> >
> >>> >
> >>> > Yes i also have used an access-list to prevent
> >>> eigrp
> >>> > to initiate call, and it dials on a ping event, as
> >>> > shown by the 'deb dialer events'
> >>> >
> >>> > shoaib
> >>> >
> >>> >
RE: RFC 1149 is in use [7:3244]
If you go into the CCIE lab and see a pigeon loft in your rack you're just out of luck I guess. I wonder what the config would look like for it. interface Pigeon 0/0 encapsulation feather ip address 172.16.1.1 255.255.255.0 foot-band id 47.0001...0001.00 source-bridge winged no ip pigeon-cache Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > sdonoho > Sent: Friday, May 04, 2001 3:06 PM > To: [EMAIL PROTECTED] > Subject: RE: RFC 1149 is in use [7:3244] > > > I hope RFC 1149 isn't covered in the CCIE lab exam! > > Scott Donoho CCNP > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > Sent: Friday, May 04, 2001 4:31 PM > > To: [EMAIL PROTECTED] > > Subject: OT: RFC 1149 is in use [7:3244] > > > > > > Hi All > > > > Checkout > > http://news.cnet.com/news/0-1003-200-5825807.html?tag=tp_pr > > > > RFC 1149 in a successful test! > > -- > > John Hardman CCNP MCSE > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3251&t=3244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Disable telnet port [7:3237]
If you put an access-class in on the vty lines that disables everything like Chuck recommended no one will be able to telnet in. Also a port scan will not show anything on port 23. So telnet would appear to be disabled. There just isn't a way to actually turn off the telnet process on a Cisco router. If you really want to stop the telnet process you could power off the router but this would stop all the processes 8-) Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Jacques Atlas > Sent: Friday, May 04, 2001 4:09 PM > To: [EMAIL PROTECTED] > Subject: RE: Disable telnet port [7:3237] > > > On Fri, 4 May 2001, Chuck Larrieu wrote: > > |There is no option "no service telnet" on the IOS I have available to me. > > :-) that was just an example of something that would be nice. > > |Your choice would then become an access-list denying telnet to > appropriate > |router interfaces. You can also apply access lists to the vty > ports to limit > |who can telnet in. nope, can't delete the vty lines either. > > acl's for all interfaces is way to complex. > > telnet is not an option. if you can stop the telnet daemon on a unix box > you should be able to do it on a cisco device, if it support another form > of transport. > > owell > > -- > jacques > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3256&t=3237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Disable telnet port [7:3237]
John, He was asking to disable the telnet process. This just disables port 23 for the vty lines like an access-class does. There is not way to disable the process itself. Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > john mcguinn > Sent: Friday, May 04, 2001 7:22 PM > To: [EMAIL PROTECTED] > Subject: Re: Disable telnet port [7:3237] > > > config t > line vty 0 4 > transport input none > > You have successfully disabled telnet port. > Jack > > - Original Message - > From: "Brian Dennis" > To: > Sent: Friday, May 04, 2001 7:21 PM > Subject: RE: Disable telnet port [7:3237] > > > > If you put an access-class in on the vty lines that disables everything > like > > Chuck recommended no one will be able to telnet in. Also a port > scan will > > not show anything on port 23. So telnet would appear to be disabled. > > > > There just isn't a way to actually turn off the telnet process > on a Cisco > > router. If you really want to stop the telnet process you could > power off > > the router but this would stop all the processes 8-) > > > > Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 > > 5G Networks, Inc. > > [EMAIL PROTECTED] > > (925) 260-2724 > > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > > Jacques Atlas > > > Sent: Friday, May 04, 2001 4:09 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: Disable telnet port [7:3237] > > > > > > > > > On Fri, 4 May 2001, Chuck Larrieu wrote: > > > > > > |There is no option "no service telnet" on the IOS I have available to > me. > > > > > > :-) that was just an example of something that would be nice. > > > > > > |Your choice would then become an access-list denying telnet to > > > appropriate > > > |router interfaces. You can also apply access lists to the vty > > > ports to limit > > > |who can telnet in. nope, can't delete the vty lines either. > > > > > > acl's for all interfaces is way to complex. > > > > > > telnet is not an option. if you can stop the telnet daemon on > a unix box > > > you should be able to do it on a cisco device, if it support another > form > > > of transport. > > > > > > owell > > > > > > -- > > > jacques > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3281&t=3237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Disable telnet port (Cisco Trivia) [7:3287]
Anyone know how to get to a Cisco router remotely that doesn't have an IP address configured on it? Going in through a console, aux or async line doesn't count. Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] 925) 260-2724 > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > EA Louie > Sent: Friday, May 04, 2001 9:00 PM > To: [EMAIL PROTECTED] > Subject: Re: Disable telnet port [7:3237] > > > If you have the right version of IOS, you can > transport input ssh > > and to answer Chuck's questions, there is a way to disable telnet and > everything else, > transport input none > > - Original Message - > From: Jacques Atlas > To: > Sent: Friday, May 04, 2001 3:12 PM > Subject: RE: Disable telnet port [7:3237] > > > > On Fri, 4 May 2001, Chuck Larrieu wrote: > > > > |By "telnet port" do you mean TCP port 23. Or do you mean the VTY's > > |themselves? > > | > > |If the latter, the most effective way is to require a login but set no > > |password. > > |Eg > > | > > |Line vty 0 4 > > |Login > > > > anyone know if you can _disable_ telnet to a cisco and only ssh ? > > > > something like "no service telnet" would be great > > > > -- > > jacques > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3287&t=3287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Disable telnet port (Cisco Trivia) [7:3289]
No it's not a bug or security hole. The object is to connect to a router remotely (i.e. over a WAN) that doesn't have an IP address configured. Brian > -Original Message- > From: Brian [mailto:[EMAIL PROTECTED]] > Sent: Friday, May 04, 2001 10:49 PM > To: Brian Dennis > Cc: [EMAIL PROTECTED] > Subject: RE: Disable telnet port (Cisco Trivia) [7:3287] > > > hmm, no ip, no console? > > Running other routing protocols? > > What are you trying to do? > > If its your router, you should know the ios version, some have known > weaknesses. > > Brian "Sonic" Whalen > Success = Preparation + Opportunity > > > On Sat, 5 May 2001, Brian Dennis wrote: > > > Anyone know how to get to a Cisco router remotely that doesn't > have an IP > > address configured on it? Going in through a console, aux or async line > > doesn't count. > > > > Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 > > 5G Networks, Inc. > > [EMAIL PROTECTED] > > 925) 260-2724 > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > > EA Louie > > > Sent: Friday, May 04, 2001 9:00 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: Disable telnet port [7:3237] > > > > > > > > > If you have the right version of IOS, you can > > > transport input ssh > > > > > > and to answer Chuck's questions, there is a way to disable telnet and > > > everything else, > > > transport input none > > > > > > - Original Message - > > > From: Jacques Atlas > > > To: > > > Sent: Friday, May 04, 2001 3:12 PM > > > Subject: RE: Disable telnet port [7:3237] > > > > > > > > > > On Fri, 4 May 2001, Chuck Larrieu wrote: > > > > > > > > |By "telnet port" do you mean TCP port 23. Or do you mean the VTY's > > > > |themselves? > > > > | > > > > |If the latter, the most effective way is to require a > login but set no > > > > |password. > > > > |Eg > > > > | > > > > |Line vty 0 4 > > > > |Login > > > > > > > > anyone know if you can _disable_ telnet to a cisco and only ssh ? > > > > > > > > something like "no service telnet" would be great > > > > > > > > -- > > > > jacques > > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3289&t=3289 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Disable telnet port (Cisco Trivia) [7:3287]
That's pretty good ElephantChild. An example using pad for X.25 and connecting using X.28 with the configs are below . This could be a "very" creative way to secure a router ;) Brian ** Example ** R1#pad Trying ...Open R2>exit [Connection to closed by foreign host] R1#x28 *call COM R2>exit CLR CONF *exit R1# * R1 * R1#wr t Building configuration... Current configuration: ! hostname R1 ! interface Serial1/2 encapsulation x25 x25 address clockrate 64000 ! end R1# * R2 * R2#wr t Building configuration... Current configuration: ! hostname R2 ! interface Serial0/0 encapsulation x25 dce x25 address ! end R2# > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > ElephantChild > Sent: Saturday, May 05, 2001 1:49 AM > To: [EMAIL PROTECTED] > Subject: RE: Disable telnet port (Cisco Trivia) [7:3287] > > > On Sat, 5 May 2001, Brian Dennis wrote: > > > Anyone know how to get to a Cisco router remotely that doesn't > have an IP > > address configured on it? Going in through a console, aux or async line > > doesn't count. > > Only things that comes to mind are X28 and Decnet. > > -- > "Someone approached me and asked me to teach a javascript course. I was > about to decline, saying that my complete ignorance of the subject made > me unsuitable, then I thought again, that maybe it doesn't, as driving > people away from it is a desirable outcome." --Me > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3313&t=3287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Disable telnet port [7:3237]
His intent was to "stop the telnet daemon" as he put it. You can not actually stop the "telnet" process on a router. Access-class and transport input none just stop access to the lines that it is applied to. It doesn't actually stop telnet as a process on the router. Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 > -Original Message- > From: John Starta [mailto:[EMAIL PROTECTED]] > Sent: Saturday, May 05, 2001 8:58 AM > To: Brian Dennis > Cc: [EMAIL PROTECTED] > Subject: RE: Disable telnet port [7:3237] > > > If the intent is to prevent connections TO the router via telnet adding > "transport input none" to the vty's will accomplish this. To > prevent telnet > connections FROM the router add "transport output none" to the vty's. Add > both and you have effectively disabled telnet on the router. > > weezer#192.168.0.30 > % Unknown command or computer name, or unable to find computer address > weezer#telnet 192.168.0.30 > % telnet connections not permitted from this terminal > > jas > > At 01:15 AM 5/5/01 -0400, Brian Dennis wrote: > >John, > >He was asking to disable the telnet process. This just disables > port 23 for > >the vty lines like an access-class does. There is not way to disable the > >process itself. > > > >Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 > >5G Networks, Inc. > >[EMAIL PROTECTED] > >(925) 260-2724 > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > > john mcguinn > > > Sent: Friday, May 04, 2001 7:22 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: Disable telnet port [7:3237] > > > > > > > > > config t > > > line vty 0 4 > > > transport input none > > > > > > You have successfully disabled telnet port. > > > Jack > > > > > > - Original Message - > > > From: "Brian Dennis" > > > To: > > > Sent: Friday, May 04, 2001 7:21 PM > > > Subject: RE: Disable telnet port [7:3237] > > > > > > > > > > If you put an access-class in on the vty lines that > disables everything > > > like > > > > Chuck recommended no one will be able to telnet in. Also a port > > > scan will > > > > not show anything on port 23. So telnet would appear to be disabled. > > > > > > > > There just isn't a way to actually turn off the telnet process > > > on a Cisco > > > > router. If you really want to stop the telnet process you could > > > power off > > > > the router but this would stop all the processes 8-) > > > > > > > > Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 > > > > 5G Networks, Inc. > > > > [EMAIL PROTECTED] > > > > (925) 260-2724 > > > > > > > > > > > > > -Original Message- > > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > > > Jacques Atlas > > > > Sent: Friday, May 04, 2001 4:09 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: RE: Disable telnet port [7:3237] > > > > > > > > > > > > On Fri, 4 May 2001, Chuck Larrieu wrote: > > > > > > > > |There is no option "no service telnet" on the IOS I have available to > > me. > > > > > > > > :-) that was just an example of something that would be nice. > > > > > > > > |Your choice would then become an access-list denying telnet to > > > > appropriate > > > > |router interfaces. You can also apply access lists to the vty > > > > ports to limit > > > > |who can telnet in. nope, can't delete the vty lines either. > > > > > > > > acl's for all interfaces is way to complex. > > > > > > > > telnet is not an option. if you can stop the telnet daemon on > > a unix box > > > > you should be able to do it on a cisco device, if it support another > > form > > > > of transport. > > > > > > > > owell > > > > > > > > -- > > > > jacques > > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3315&t=3237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RIPv2 vs. RIP [7:3404]
RIPv2 also supports discontinuous networks (no auto-summary) and the ability to do summarization (ip summary-address rip). Brian > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Chuck Larrieu > Sent: Sunday, May 06, 2001 9:05 PM > To: [EMAIL PROTECTED] > Subject: RE: RIPv2 vs. RIP [7:3404] > > > VLSM is the major one. RIPv2 also supports authentication. It's been a > while, and I forget the other ones. Well, a quick browse of RFC 2453 > indicates in general - that's it. RIPv2 uses the multicast address of > 224.0.0.9, rather than the broadcast address of 255.255.255.255 > > A RIPv2 router will respond to RIPv1 routers in the RIPv1 format. > > The max net diameter of 15 remains in effect for RIPv2 > > As long as you are careful with your addressing, in general you > should have > few problems. > > But you will need to study your existing network plan, and work > accordingly. > > HTH > > Chuck > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Thomas > Sent: Sunday, May 06, 2001 8:27 PM > To: [EMAIL PROTECTED] > Subject: RIPv2 vs. RIP [7:3404] > > Hi All - What's the main feature of RIPv2 over RIPv1, beside the > VLSM? I am > trying to migrate to RIPv2, but some devices only support RIPv1. Is there > any workaround to have RIPv2 and RIP compatable? Thanks all in advance! > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3414&t=3404 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RIPv2 vs. RIP [7:3404]
Chuck, It'll take the command but it doesn't disable summarization if you're only using RIPv1. >From CCO: RIP Version 1 always uses automatic summarization. If you are using RIP Version 2, you can turn off automatic summarization by specifying no auto-summary. Disable automatic summarization if you must perform routing between disconnected subnets. When automatic summarization is off, subnets are advertised. Brian > -Original Message- > From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] > Sent: Sunday, May 06, 2001 10:43 PM > To: Brian Dennis; [EMAIL PROTECTED] > Subject: RE: RIPv2 vs. RIP [7:3404] > > > Hhhm.. > > RIPv1 offers the command [no] auto-summary as well. Haven't > tried this one > out, but I will hazard a guess that it would be useful in situations where > one is subnetting a classful address, and did want the > advertisements to go > out at the classful boundary. For example, if connected to another RIPv1 > router which was using a different classful network, but > subnetted the same > way. > > i.e. E0 = 192.168.1.1/28, S0 = 192.168.1.17/28 and S1 = > 192.168.1.33/26 the > no auto command would prevent the advertisements from becoming > 192.168.1.0/24 > > don't have access to routers at the moment, but I am open to correction. > I'll maybe take a look tomorrow. I do recall a phenomenon like this when > working on an IGRP lab one time. I'll have to dig out my notes. > > Chuck > > > -Original Message- > From: Brian Dennis [mailto:[EMAIL PROTECTED]] > Sent: Sunday, May 06, 2001 9:46 PM > To: Chuck Larrieu; [EMAIL PROTECTED] > Subject: RE: RIPv2 vs. RIP [7:3404] > > > RIPv2 also supports discontinuous networks (no auto-summary) and > the ability > to do summarization (ip summary-address rip). > > Brian > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > Chuck Larrieu > > Sent: Sunday, May 06, 2001 9:05 PM > > To: [EMAIL PROTECTED] > > Subject: RE: RIPv2 vs. RIP [7:3404] > > > > > > VLSM is the major one. RIPv2 also supports authentication. It's been a > > while, and I forget the other ones. Well, a quick browse of RFC 2453 > > indicates in general - that's it. RIPv2 uses the multicast address of > > 224.0.0.9, rather than the broadcast address of 255.255.255.255 > > > > A RIPv2 router will respond to RIPv1 routers in the RIPv1 format. > > > > The max net diameter of 15 remains in effect for RIPv2 > > > > As long as you are careful with your addressing, in general you > > should have > > few problems. > > > > But you will need to study your existing network plan, and work > > accordingly. > > > > HTH > > > > Chuck > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Thomas > Sent: Sunday, May 06, 2001 8:27 PM > To: [EMAIL PROTECTED] > Subject: RIPv2 vs. RIP [7:3404] > > Hi All - What's the main feature of RIPv2 over RIPv1, beside the > VLSM? I am > trying to migrate to RIPv2, but some devices only support RIPv1. Is there > any workaround to have RIPv2 and RIP compatable? Thanks all in advance! > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3421&t=3404 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: cannot ping myself [7:3498]
You don't have a frame-relay map statement to yourself. If you want to ping yourself you need to add a map statement (i.e. frame-relay map ip 10.10.10.1 16). Brian > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > [EMAIL PROTECTED] > Sent: Monday, May 07, 2001 3:49 PM > To: [EMAIL PROTECTED] > Subject: cannot ping myself [7:3498] > > > #sh run > ... > ! > interface Serial1 > description Enlace al San Alfonso (BellSouth) > ip address 10.10.10.1 255.255.255.0 > no ip directed-broadcast > encapsulation frame-relay IETF > no fair-queue > frame-relay interface-dlci 16 > frame-relay lmi-type ansi > ! > ... > #ping 10.10.10.1 > > > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds: > . > Success rate is 0 percent (0/5) > > (pinging 10.10.10.1 from other box works, but by the own router doesn't) > > What can be happening? > > Thanks, > HoraPe > --- > Horacio J. Peqa > [EMAIL PROTECTED] > [EMAIL PROTECTED] > [EMAIL PROTECTED] > [EMAIL PROTECTED] > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3505&t=3498 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: cannot ping myself [7:3498]
You should be able to ping yourself on a LAN interface without any addition configuration (see below). As far as a WAN environment goes there is not too many reasons to ping yourself and it's a bad troubleshooting technique (pinging yourself that is). If you can ping the other side of the WAN link then it should be okay. You don't need to ping yourself after you ping the other side. In a WAN environment you send the echo request down the link and the other side bounces it back. You then answer it by sending an echo reply down the link and the other side bounces it back to you again. This is why pinging yourself on a WAN link takes twice as long as pinging the other side (see below). Brian * Ethernet * R2#sho ip int brie e0/0 Interface IP-Address OK? Method Status Protocol Ethernet0/0172.17.1.22 YES manual up up R2#ping 172.17.1.22 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.17.1.22, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms R2# Point to Point Serial *** R1#sho ip int brie s1 Interface IP-Address OK? Method Status Protocol Serial1161.61.62.1 YES NVRAM upup R1#ping 161.61.62.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 161.61.62.2, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/33/36 ms R1#ping 161.61.62.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 161.61.62.1, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 60/61/64 ms R1# > -Original Message- > From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] > Sent: Monday, May 07, 2001 4:49 PM > To: Brian Dennis; [EMAIL PROTECTED] > Subject: RE: cannot ping myself [7:3498] > > > Guys, my own experiments indicate that you can't ping yourself on an > ethernet interface either. > > But an extended ping sourcing from another interface works fine. > > Something else that is bothering me - why do you need to ping yourself? > There are plenty of tools that tell you if an interface is up, > and if it is > an ip interface. > > Sh int > Sh ip int > Sh ip int brief > > I generally think of ping as a test of routing, not a test of interfaces > being up. Is there another reason I'm missing? > > Chuck > > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Brian Dennis > Sent: Monday, May 07, 2001 4:34 PM > To: [EMAIL PROTECTED] > Subject: RE: cannot ping myself [7:3498] > > You don't have a frame-relay map statement to yourself. If you > want to ping > yourself you need to add a map statement (i.e. frame-relay map ip > 10.10.10.1 > 16). > > Brian > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > [EMAIL PROTECTED] > > Sent: Monday, May 07, 2001 3:49 PM > > To: [EMAIL PROTECTED] > > Subject: cannot ping myself [7:3498] > > > > > > #sh run > > ... > > ! > > interface Serial1 > > description Enlace al San Alfonso (BellSouth) > > ip address 10.10.10.1 255.255.255.0 > > no ip directed-broadcast > > encapsulation frame-relay IETF > > no fair-queue > > frame-relay interface-dlci 16 > > frame-relay lmi-type ansi > > ! > > ... > > #ping 10.10.10.1 > > > > > > Type escape sequence to abort. > > Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds: > > . > > Success rate is 0 percent (0/5) > > > > (pinging 10.10.10.1 from other box works, but by the own router doesn't) > > > > What can be happening? > > > > Thanks, > > HoraPe > > --- > > Horacio J. Peqa > > [EMAIL PROTECTED] > > [EMAIL PROTECTED] > > [EMAIL PROTECTED] > > [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3512&t=3498 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco HSRP Denial of Service Vulnerability [7:3534]
Configure two routers to run HSRP and deliberately misconfigure the authentication password. You might be surprised at the results. >From CCO: The authentication string is transmitted unencrypted in all HSRP messages. The same authentication string must be configured on all routers and access servers on a cable to ensure interoperation. Authentication mismatch prevents a device from learning the designated Hot Standby IP address and the Hot Standby timer values from other routers configured with HSRP. Authentication mismatch does not prevent protocol events such as one router taking over as the designated router. That last sentence says it all. Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Curtis Call > Sent: Monday, May 07, 2001 10:05 PM > To: [EMAIL PROTECTED] > Subject: RE: Cisco HSRP Denial of Service Vulnerability [7:3534] > > > In other words always use authentication. > > At 10:23 PM 5/7/01, you wrote: > > >>I guess I'm dense. The DOS does what? Makes it possible to advertise a > >false > > >>destination as the active HSRP address ? > > > >I guess by mulitcasting a higher priority HSPR packets, the receiving > >routers will assume secondary role thus no routers will be active. > > > >-Original Message- > >From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] > >Sent: Tuesday, May 08, 2001 11:29 AM > >To: Andy Low; [EMAIL PROTECTED] > >Subject: RE: Cisco HSRP Denial of Service Vulnerability [7:3534] > > > > > >Interesting > > > >"A problem in the Cisco Hot Standby Routing Protocol (HSRP) makes it > >possible to deny service to users of network resources. By > eavesdropping on > >HSRP management messages sent over the network, it is possible > to create a > >spoofed message that will reroute all network traffic to a particular > >system. By doing so, it is possible to prevent traffic from entering or > >leaving that network." > > > >I guess I'm dense. The DOS does what? Makes it possible to > advertise a false > >destination as the active HSRP address ? > > > >"This problem makes it possible for system local to the network to deny > >service to legitimate users of that network segment." > > > >In other words, your enemy is someone on the inside. Which is > where 80% of > >any network's vulnerabilities occur! > > > >Chuck > > > > > >-Original Message- > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Andy > >Low > >Sent: Monday, May 07, 2001 8:20 PM > >To: [EMAIL PROTECTED] > >Subject:Cisco HSRP Denial of Service Vulnerability [7:3534] > > > >Hi TAC, > > > >Anyone know of any solutions to the HSRP exploits? > > > >http://www.securityfocus.com/bid/2684 > > > >-andy- > >FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > >FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3565&t=3534 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco HSRP Denial of Service Vulnerability [7:3534]
It's not the best solution but if you're really worried you could create an access-list (see configs below). HSRP uses UDP port 1985 and the destination address is to all routers (224.0.0.2). Perfect solution? No. Better than nothing? Yes. Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 ! hostname R1 interface Ethernet 0 ip address 192.168.1.1 255.255.255.0 standby ip 192.168.1.254 standby authentication c!sc0b2b access-group 100 in ! access-list 100 permit udp host 192.168.1.2 eq 1985 host 224.0.0.2 eq 1985 access-list 100 deny udp any eq 1985 any eq 1985 access-list 100 permit ip any any ! hostname R2 ! interface Ethernet 0 ip address 192.168.1.2 255.255.255.0 standby ip 192.168.1.254 standby authentication c!sc0b2b access-group 100 in ! access-list 100 permit udp host 192.168.1.1 eq 1985 host 224.0.0.2 eq 1985 access-list 100 deny udp any eq 1985 any eq 1985 access-list 100 permit ip any any > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Jacques Atlas > Sent: Monday, May 07, 2001 11:10 PM > To: [EMAIL PROTECTED] > Subject: RE: Cisco HSRP Denial of Service Vulnerability [7:3534] > > > On Tue, 8 May 2001, Curtis Call wrote: > > |In other words always use authentication. > > i dont think the authentication in clear text is going to help, > the solution from the vendor is to run HSRP with IPSec. > > -- > jacques > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3566&t=3534 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco HSRP Denial of Service Vulnerability [7:3534]
Priscilla, It didn't take the "access-group 100 in" command on your router? Did you have "no service stupid mistake" on your router? Just kidding. I was doing it out of memory in a text editor. I've come to like making the config for a router in a text editor and just pasting it in. Come to think of it is there any other protocol besides IP 8) Brian > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Priscilla Oppenheimer > Sent: Tuesday, May 08, 2001 2:12 PM > To: [EMAIL PROTECTED] > Subject: RE: Cisco HSRP Denial of Service Vulnerability [7:3534] > > > I tried the HSRP access list from Brian (CCIE) and it works, (of > course. ;-) > > It was surprisingly easy to hack HSRP! :-[] I captured some HSRP packets > with EtherPeek and edited one to say the packet was from my PC > and that my > priority was higher than the two legitimate HSRP routers. I then > repeatedly > sent this packet, using the timer that the legitimate HSRP routers were > using. > > The standby HSRP stopped sending HSRP packets (not sure why?) The > previously active made itself standby. PCs on the LAN that were > set to use > the HSRP gateway address were unable to reach non-local stations. The DOS > worked, in other words. This is a lab network, by the way. > > I used the access list below to make sure the HSRP routers only accepted > from each other and it solved the problem. I meant to save the > HyperTerminal session and show you that the deny in the access list was > getting invoked, but I forgot to save it. > > Note one minor bug in configs below: > > It should say "ip access-group 100 in" (at least on my routers, > the ip was > required) > > Priscilla > > > > > At 03:54 AM 5/8/01, Brian Dennis wrote: > >It's not the best solution but if you're really worried you > could create an > >access-list (see configs below). HSRP uses UDP port 1985 and the > destination > >address is to all routers (224.0.0.2). Perfect solution? No. Better than > >nothing? Yes. > > > >Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 > >5G Networks, Inc. > >[EMAIL PROTECTED] > >(925) 260-2724 > > > >! > >hostname R1 > >interface Ethernet 0 > > ip address 192.168.1.1 255.255.255.0 > > standby ip 192.168.1.254 > > standby authentication c!sc0b2b > > access-group 100 in > >! > >access-list 100 permit udp host 192.168.1.2 eq 1985 host > 224.0.0.2 eq 1985 > >access-list 100 deny udp any eq 1985 any eq 1985 > >access-list 100 permit ip any any > > > > > >! > >hostname R2 > >! > >interface Ethernet 0 > > ip address 192.168.1.2 255.255.255.0 > > standby ip 192.168.1.254 > > standby authentication c!sc0b2b > > access-group 100 in > >! > >access-list 100 permit udp host 192.168.1.1 eq 1985 host > 224.0.0.2 eq 1985 > >access-list 100 deny udp any eq 1985 any eq 1985 > >access-list 100 permit ip any any > > > > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > > Jacques Atlas > > > Sent: Monday, May 07, 2001 11:10 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: Cisco HSRP Denial of Service Vulnerability [7:3534] > > > > > > > > > On Tue, 8 May 2001, Curtis Call wrote: > > > > > > |In other words always use authentication. > > > > > > i dont think the authentication in clear text is going to help, > > > the solution from the vendor is to run HSRP with IPSec. > > > > > > -- > > > jacques > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > Priscilla Oppenheimer > http://www.priscilla.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3695&t=3534 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Protocol Type 0x886F [7:3737]
It's a heartbeat frame for Windows NT Load Balancing Service. Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Andy Prima > Sent: Tuesday, May 08, 2001 9:47 PM > To: [EMAIL PROTECTED] > Subject: Protocol Type 0x886F [7:3737] > > > Dear all, > I need help on protocol type 0x886F. It seems that this kind of Ethernet > Broadcast is circling around my network and I do not have a clue what it > really is. > > TIA > andy > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3743&t=3737 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Scheduled reload [7:3869]
R1#reload ? LINEReason for reload at Reload at a specific time/date cancel Cancel pending reload in Reload after a time interval It can be very useful. Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Larry Ogun-Banjo > Sent: Wednesday, May 09, 2001 11:57 AM > To: [EMAIL PROTECTED] > Subject: Scheduled reload [7:3869] > > > Does anyone know if there is a command to boot/reload a router on a future > date > ie some type of scheduler? > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3886&t=3869 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE prep - review lab inventory and budget [7:3908]
Eugene, I don't think that your logic is correct. You think that just because companies aren't using something in the real world that Cisco is going to remove it from the lab. That's incorrect. A good CCIE should know Token-Ring because there is a lot of it still out there in the real world. Also if you don't know Token-Ring how are you going to learn DLSw+? Don't limit your CCIE studies to what you think is or isn't on the test. Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Eugene Nine > Sent: Wednesday, May 09, 2001 6:20 PM > To: [EMAIL PROTECTED] > Subject: Re: CCIE prep - review lab inventory and budget [7:3908] > > > So whats so special about the 3920? The only thing I see is Joken ring. > I'm just starting my CCNP so IE is realistically a year out. Do you think > with the rate companies are ditching joken ring gear it will > still be on the > test by then. Crapple talk has gone pretty much gone away. > Eugene > > ""Darren Crawford"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I've said it before and I'll say it again. Get yourself a > 3920. You will > > see > > in the lab. > > > > Darren > > > > At 07:24 PM 05/09/2001 -0400, Eugene Nine wrote: > > >Here's what I have so far: > > >2524 w/ 1 4 in one module > > >2516 > > >2507 > > >2 DTE cables and 1 DCE cable > > >all above for $1843 (bought it all in one purchase because I > had $1900 to > > >spend) > > >One 10U desktop rack $55 > > > > > >Next I'm thinking one of the access servers to setup the reverse telnet > > >deal. > > >Eugene > > > > > > > > >""Fred Danson"" wrote in message > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > >> I have a similar setup, here's what mine cost me (without shipping)- > > >> > > >> 2501- $550 > > >> 2502- $404 > > >> 2503- $630 > > >> 2504- $540 > > >> 2511- $900 > > >> 2523- $900 > > >> Cat1800 Token Switch- $300 > > >> 4000 w/2 ethernet, 1 token, 2 serial, 4 BRI- $1000 > > >> ISDN Simulator- $1800 > > >> > > >> Total- $7024 (without shipping) > > >> > > >> I bought all of my equipment from ebay. Where are you planning on > buying > > >> yours from? Also, why would you need 4 hubs when you have a > switch? You > > >> could easily make the switch act like a number of hubs by creating > VLANS. > > >> > > >> If you have any questions, feel free to email me. > > >> > > >> Fred > > >> > > >> >From: "EA Louie" > > >> >Reply-To: "EA Louie" > > >> >To: [EMAIL PROTECTED] > > >> >Subject: CCIE prep - review lab inventory and budget [7:3908] > > >> >Date: Wed, 9 May 2001 18:09:22 -0400 > > >> > > > >> >I'm getting ready (or in Texas, I'd be "a-fixin to git ready") to > build a > > >> >CCIE > > >> >lab prep setup, both for personal use and for the use of my local > > >> >studygroup. > > >> >Here's what I've identified - if I'm missing anything, please let me > > >know. > > >> > > > >> >Here's the strategy I'm going to take for the equipment: > > >> > > > >> >1-2511 --- console server (w/ octal cable) > > >> >1-2503 --- ISDN > > >> >1-2504 --- ISDN > > >> >1-2514 - dual eth > > >> >1-2515 - dual t/r > > >> >1-4000 w/NP-4T and NP-1E or NP-2E, and a BRI interface or > two if they > > >exist > > >> >(F/R switch) > > >> >1-2924-XL > > >> >teltone isdn simulator > > >> >3 token ring MAUs > > >> >3 token ring media filters > > >> >4 AUI-10BT transceivers > > >> >4 Ethernet hubs > > >> >6 60-pin DTE-DCE cables > > >> >a bunch of Cat5 cables > > >> >rack > > >> >rackmount kits (or shelves) > > >> >and a partridge in a pear tree ;-) > > >> > > > >
RE: Unable to Erase FLASH. [7:4065]
Elmer, I've seen your exact problem before and just upgraded the bootroms to fix the issue. Your bootrom version 5.2(5) is a little old (5 + 5.2(5) = 10.2(5) bootrom version) and may not support the particular 8 meg flash chip you are trying to install. Certain vendor's (i.e. Intel) 8 meg flash chips are supported in that version bootrom but some aren't (i.e. AMD). Check out www.cisco.com/warp/public/471/30.shtml . If you need to know how to get the bootroms and upgrade them just e-mail me back. It won't be the first time an old Coast Guardsman had to help out the Navy ;-) Good Luck! Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Deloso, Elmer G (WPNSTA Yorktown) > Sent: Thursday, May 10, 2001 12:59 PM > To: [EMAIL PROTECTED] > Subject: Unable to Erase FLASH. [7:4065] > > > hi, all. > i'm trying to upgrade a 16Mb FLASH in my 2516, but either the > RouterSoftware > Loader or doing copy tftp flash can't erase the existing Flash code. > Here's what I get... > Router(boot)#copy tftp flash > System flash directory: > No files in System flash > [0 bytes used, 16777216 available, 16777216 total] > Address or name of remote host [255.255.255.255]? 172.16.100.1 > Source file name? c2500-js-l.121-8.bin > Destination file name [c2500-js-l.121-8.bin]? > Accessing file 'c2500-js-l.121-8.bin' on 172.16.100.1... > Loading c2500-js-l.121-8.bin from 172.16.100.1 (via Ethernet0): ! [OK] > > Device needs erasure before copying new file > Erase flash device before writing? [confirm] > > Copy 'c2500-js-l.121-8.bin' from server > as 'c2500-js-l.121-8.bin' into Flash WITH erase? [yes/no]yes > Exception: Jump to zero at 0x537FC (PC) > > System Bootstrap, Version 5.2(5), RELEASE SOFTWARE > Copyright (c) 1986-1994 by cisco Systems > 2500 processor with 16384 Kbytes of main memory > > I am able to "copy flash tftp". > When the system boots/reboots i get this... > > ERR: Invalid chip id 0x80B5 (reversed = 0x1AD ) detected in System flash > Loading cisco2-2500 ... [timed out] > > Any help would be appreciated. > > Elmer Deloso > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4094&t=4065 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Congrats [7:4044]
Pete, Actually when I was at Cisco in '96 from what I remember employees had to get 80% on the written as opposed to the 65% the public had to get but I don't know if that's still the case today. For the lab, employees just had to get 80% which is the same as everyone else. Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Peter Van Oene > Sent: Thursday, May 10, 2001 3:37 PM > To: [EMAIL PROTECTED] > Subject: RE: Congrats [7:4044] > > > I don't believe this is accurate. Certainly Cisco employees are > expected to > reach the same score as everyone else on the lab and pre qualification for > CCIE. 10 or 15% would mean that you'd need 90-95% to pass the lab which > would make it pretty tough. I know that instructors (CCSI's) have to pass > the career certification exams with an elevated rate but hadn't heard that > practise extended elsewhere. > > Pete > > > *** REPLY SEPARATOR *** > > On 5/10/2001 at 5:58 PM Roger Sohn wrote: > > >I think most people don't understand that if you do work for Cisco, > >employees are required to score 10 or 15% higher than the regular passing > >score. And that also goes for the CCIE Lab exam as well as the > other CCxx > >tests. > > > >Cisco also only allows 2 free lab attempts, and anything after that you > >have > >to pay for the entire amount that everyone else pays. > > > >-Original Message- > >From: Q [mailto:[EMAIL PROTECTED]] > >Sent: Thursday, May 10, 2001 2:26 PM > >To: [EMAIL PROTECTED] > >Subject: Re: Congrats [7:4044] > > > > > >Gee that's kinda like working at Microsoft as a Windowz architech and > >getting your MCSE! How hard can that be? Send me the CCIE's work > resume out > >side of the lab of Cisco, then i'll be impressed..See if you can manage > >Riverstone and Nortel equipment as well.Well first you gotta survive > >the > >Cisco layoffs. Bummer...heh.. > > > >Q > > > >"Frank Kim" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > >> I'm proud of you. Go Vietnamese! I'm taking my lab this November > >> also. I hope I will be the second Vietnamese person who will send out > >> such good news to the group. > >> > >> -Frank > >> > >> > >> On Thu, 10 May 2001, DUNG H. LE wrote: > >> > >> > May 7-8, 2001 - RTP Lab facility > >> > > >> > This was attempt 2. I changed my study habits from attempt 1, and > >therefore > >> > testing technique, for my attempt 2 (you perform like you > >> > practice..right?). It paid off. The change was to monotonously ping > >every > >> > interface IP / IPX address from every router. I made a list of the > >> addresses > >> > and ran through all of them from every router. I believe this lack of > >> > attention to detail is what did me in on attempt one. > >> > > >> > Time management was key. If I didn't know the config off > the top of my > >> > head, I skipped it. This allowed me to complete the entire day 1 > >portion 3 > >> > hours early. I had 4 areas that I needed to think about, so I saved > >them > >> > for last. I methodically approached each of the 4 areas, knocked out > >each > >> > requirement, and had 1 hour left to do the testing above. > My strategy > >was > >> > that no matter what, I would take the last hour to test thoroughly, I > >just > >> > happened to get my 4 items done. Day 2 was the same way...although > >only > >3 > >> > hours for the first part, I still had 45 minutes to test it all. > >> > > >> > Troubleshooting was by far the most nerve-racking > experience. I had a > >> > "trouble ticket" list and was told to find as many problems > as I could > >and > >> > document/fix them (one liners). Unexpectedly I had to troubleshoot a > >> > different network than the one I had spent a day and a half > >configuring. > >3 > >> > hours was the time limit to learn a new topology, IP scheme, protocol > >> > intent, and then fix as much as possible. I don't feel like I was > >ready > >> for > >> > this, and must have just kept calm enough to manage it. > >> > >
On-line registration for the CCIE R&S lab [7:4149]
Dang I feel kind of left out ;) Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4149&t=4149 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: On-line registration for the CCIE R&S lab [7:4149]
Retry. The link got cut off. tools.cisco.com/CCIE/Schedule_Lab/jsp/login.jsp > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Brian Dennis > Sent: Friday, May 11, 2001 2:16 AM > To: [EMAIL PROTECTED] > Subject: On-line registration for the CCIE R&S lab [7:4149] > > > Dang I feel kind of left out ;) > > Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 > 5G Networks, Inc. > [EMAIL PROTECTED] > (925) 260-2724 > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4151&t=4149 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 4000 behind a cable modem [7:1498]
Tim, You could use "ip address dhcp" on your Ethernet interface connected to the cable modem. It's a 12.1(2)T feature. Access_Server(config-if)#ip address ? A.B.C.D IP address dhcp IP Address negotiated via DHCP You'll need to set up NAT if you're only getting one IP address to use. Also they may have the cable modem configured to only talk to one particular MAC address. If so just change the MAC address on the Ethernet interface connected to the cable modem to same as your PC's NIC. Brian Dennis CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tim Roberts Sent: Saturday, April 21, 2001 2:32 PM To: [EMAIL PROTECTED] Subject: Cisco 4000 behind a cable modem [7:1498] I just had cable internet access installed. I want to put a 4000 (with a 6-port ethernet module) between the cable modem and my network. The cable service only does dynamic addressing at this point. Every few weeks, I will get a new IP address. The IP address is grabbed by the PC not by the cable modem. So in order to put the 4000 between the cable box and my network, I will need one of the ethernet ports to grab an IP from the DHCP server. I cannot remember if there is a way to make an ethernet port do this. Can someone help me out with this or recommend another way to perform this task. Thanks _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1502&t=1498 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 4000 behind a cable modem [7:1498]
Might add that a standard 4000 can't run the 12.1T train but can run the 12.1 mainline. You'll need a 4500 or 4700 to get the T train features. Brian Dennis CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 -Original Message----- From: Brian Dennis [mailto:[EMAIL PROTECTED]] Sent: Saturday, April 21, 2001 4:00 PM To: Tim Roberts; [EMAIL PROTECTED] Subject: RE: Cisco 4000 behind a cable modem [7:1498] Tim, You could use "ip address dhcp" on your Ethernet interface connected to the cable modem. It's a 12.1(2)T feature. Access_Server(config-if)#ip address ? A.B.C.D IP address dhcp IP Address negotiated via DHCP You'll need to set up NAT if you're only getting one IP address to use. Also they may have the cable modem configured to only talk to one particular MAC address. If so just change the MAC address on the Ethernet interface connected to the cable modem to same as your PC's NIC. Brian Dennis CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tim Roberts Sent: Saturday, April 21, 2001 2:32 PM To: [EMAIL PROTECTED] Subject: Cisco 4000 behind a cable modem [7:1498] I just had cable internet access installed. I want to put a 4000 (with a 6-port ethernet module) between the cable modem and my network. The cable service only does dynamic addressing at this point. Every few weeks, I will get a new IP address. The IP address is grabbed by the PC not by the cable modem. So in order to put the 4000 between the cable box and my network, I will need one of the ethernet ports to grab an IP from the DHCP server. I cannot remember if there is a way to make an ethernet port do this. Can someone help me out with this or recommend another way to perform this task. Thanks _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1503&t=1498 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 4000 behind a cable modem [7:1498]
I was stating that "ip address dhcp" needed to have 12.1(2)T not NAT. Brian Dennis CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 -Original Message- From: Circusnuts [mailto:[EMAIL PROTECTED]] Sent: Saturday, April 21, 2001 7:27 PM To: Brian Dennis; [EMAIL PROTECTED] Subject: Re: Cisco 4000 behind a cable modem [7:1498] I know NAT started with 11.2. 11.2 & 11.3 (gotta MZMaker the 11.3) work fine on the 4 Meg 4000's. If I'm not mistaken, 11.3 started the ability to run Dynamic in & out (can anyone correct me here ???) Phil ----- Original Message - From: Brian Dennis To: Sent: Saturday, April 21, 2001 7:07 PM Subject: RE: Cisco 4000 behind a cable modem [7:1498] > Might add that a standard 4000 can't run the 12.1T train but can run the > 12.1 mainline. You'll need a 4500 or 4700 to get the T train features. > > Brian Dennis > CCIE #2210 (R&S)(ISP/Dial) > CCSI #98640 > > > -Original Message- > From: Brian Dennis [mailto:[EMAIL PROTECTED]] > Sent: Saturday, April 21, 2001 4:00 PM > To: Tim Roberts; [EMAIL PROTECTED] > Subject: RE: Cisco 4000 behind a cable modem [7:1498] > > > Tim, > You could use "ip address dhcp" on your Ethernet interface connected to the > cable modem. It's a 12.1(2)T feature. > > Access_Server(config-if)#ip address ? > A.B.C.D IP address > dhcp IP Address negotiated via DHCP > > You'll need to set up NAT if you're only getting one IP address to use. Also > they may have the cable modem configured to only talk to one particular MAC > address. If so just change the MAC address on the Ethernet interface > connected to the cable modem to same as your PC's NIC. > > Brian Dennis > CCIE #2210 (R&S)(ISP/Dial) > CCSI #98640 > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Tim Roberts > Sent: Saturday, April 21, 2001 2:32 PM > To: [EMAIL PROTECTED] > Subject: Cisco 4000 behind a cable modem [7:1498] > > > I just had cable internet access installed. I want to put a 4000 (with a > 6-port ethernet module) between the cable modem and my network. The cable > service only does dynamic addressing at this point. Every few weeks, I will > get a new IP address. The IP address is grabbed by the PC not by the cable > modem. So in order to put the 4000 between the cable box and my network, I > will need one of the ethernet ports to grab an IP from the DHCP server. I > cannot remember if there is a way to make an ethernet port do this. Can > someone help me out with this or recommend another way to perform this task. > Thanks > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1511&t=1498 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: difference between synchronous and asynchronous serial [7:4327]
The 2522 has 2 regular high speed serial ports and 8 low speed serial ports. The low speed serials support speeds up to 115200. If you're just going to use it as a frame switch I would recommend the 2523 which is the same as a 2522 except that it has a token-ring interface as opposed to an ethernet interface. Also the 2523 will cost about 1/3 less than a 2522. Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Thomas Sent: Friday, May 11, 2001 10:36 PM To: [EMAIL PROTECTED] Subject: difference between synchronous and asynchronous serial ports [7:4255] Hi All - I am looking for some routers to setup my CCNP lab. The Cisco 2522 seems to be a great for Frame Relay switch if I can use crossover cable with the A/S serial ports. However, I am not sure if the A/S will be acting exactly the same as the synchronous serial port? Can I connect these asynchromous serial port to a synchronous serial port on a 2501 router using crossover cable? Thanks all in advance! FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4327&t=4327 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF routing table explanation [7:4448]
Ed, Loopback interfaces will by default show up as /32's (see RFC2328 section 9.1) in OSPF. In newer IOS versions (11.3T and 12.0) you can use the interface configuration command "ip ospf network point-to-point" to have the loopback advertised with its actual mask as opposed to the /32 (host mask). Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Ed Dombrowski > Sent: Monday, May 14, 2001 12:11 PM > To: [EMAIL PROTECTED] > Subject: OSPF routing table explanation [7:4448] > > > Below is a routing table from a scenario i am working on. It is for OSPF > over NBMA in Point-to-Point mode over subinterfaces. It is > probably an easy > explanation but something i would like to be clear on. My hub location is > the 2521 which is where this table is from. I have three routers connected > to it VIA subinterfaces running through a 2523 acting as the > switch. I used > 192.168.1.0 /30 for the wan addresses. On my remote 2501 connected VIA > Serial0.102 i added loopback interface 1 ip address 192.168.1.33 /27 as i > wanted to see how the VLSM address showed up in the route table > of the 2521. > The table is as follows. > > 2521#show ip route > Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP >D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area >N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 >E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP >i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate > default >U - per-user static route, o - ODR > > Gateway of last resort is not set > > 192.168.1.0/24 is variably subnetted, 4 subnets, 2 masks > O 192.168.1.33/32 [110/1563] via 192.168.1.6, 00:00:17, Serial0.102 > C 192.168.1.8/30 is directly connected, Serial0.103 > C 192.168.1.12/30 is directly connected, Serial0.104 > C 192.168.1.4/30 is directly connected, Serial0.102 > 2521# > > My question is why does the address show up as 192.168.1.33/32 instead of > /27 as i expected. I have dug around through my books and i > understand VLSM > but cant find a simple explanation as to why this shows up as a > /32 address. > Can anybody explain this to me? > > Thanks, > > Ed > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4468&t=4448 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PPP protocol [7:4696]
If you really want to understand PPP in-depth and be able to troubleshoot it well I would recommend the RFC on PPP (RFC1661). It's only about 50 pages and actually isn't a bad read. Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Lists Wizard > Sent: Wednesday, May 16, 2001 8:58 AM > To: [EMAIL PROTECTED] > Subject: PPP protocol [7:4696] > > > Hi group, > > Does any body know about a good online document that describes > the operation > of Point-to-Point Protocolo or PPP. > > Thanks in advance > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4707&t=4696 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 1605 56k csu dsu to 1602 CSU DSU [7:5091]
www.cisco.com/warp/public/471/75.html Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Randy Espiritu > Sent: Friday, May 18, 2001 10:52 PM > To: [EMAIL PROTECTED] > Subject: 1605 56k csu dsu to 1602 CSU DSU [7:5091] > > > Hi All > > Anyone know how to configure 2 1600 series router connecting both > WIC-1DSU-56K from each router using cross over cable > > thanks all in advance > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=5095&t=5091 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: debug command [7:4966]
If you want to see packets that are actually going through the router you can use the "debug ip packet" command with the dump option. The dump option is hidden and use it at your own risk. You'll also need to disable any route caching that the router maybe doing. If you don't you'll only see packets that are process switched. Remember turning off route caching can create high CPU utilization. In a production environment you should never use the debug ip packet command without using an access-list with it. Well it may not be a real Sniffer but it's better than nothing if it's all you have ;) Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 R1(config)#access-list 150 permit icmp any any R1(config)#^Z R1#deb ip pack 150 dump IP packet debugging is on (dump) for access list 150 R1# IP: s=172.16.1.50 (local), d=172.16.1.4 (Ethernet0), len 74, sending 04015510: 0C3D9FCA 00609771...=.J.`.q 04015520: 5B930800 453C 1CBF FF0144AB [...E.. R1# IP: s=172.16.1.50 (local), d=172.16.1.4 (Ethernet0), len 74, sending 0401C740:.. 0401C750: 0C3D9FCA 00609771 5B930800 453C .=.J.`.q[...E.. -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Priscilla Oppenheimer > Sent: Friday, May 18, 2001 1:17 PM > To: [EMAIL PROTECTED] > Subject: Re: debug command [7:4966] > > > My guess it that the "debug ip udp" command will let you look at UDP > packets generated by the router but not UDP packets forwarded by the > router. You wouldn't want to slow down the router and ask it to > look above > the IP layer to see if it's a UDP packet and then display it on > the console > if it were. > > Try generating DNS queries from the router. > > And get a Sniffer! The router isn't a protocol analyzer. ;-) > > Priscilla > > At 06:47 AM 5/18/01, Dwayne Saunders wrote: > >Hi all, > > this might be a stupid question but when you use the > debug ip udp > on > >a rsm blade of a catalyst 5500 what output would you expect to > see. dns on > >one side mail server on the other. > > > >I am getting no output at all when I do a domain lookup from the > mail server > >to the dns is this correct or am I meant to see that traffic log to the > >console > > > >D'Wayne Saunders > >CCNA > >FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > Priscilla Oppenheimer > http://www.priscilla.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=5096&t=4966 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: vlans 1-1000 are automatically transported [7:5311]
The reference is to what VLANs are trunked by default. It doesn't actually create the VLANs. Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Reel, JohnX > Sent: Monday, May 21, 2001 12:12 PM > To: [EMAIL PROTECTED] > Subject: vlans 1-1000 are automatically transported [7:5311] > > > Comrades, > > I have one quick question that I have not been able understand so > far... can > someone please help with an answer or a direction pointer. I > appreciate your > help. > > (1) CAT5509 as a reference > (2) Cisco "Building Cisco Multilayer Switched Networks," book by > Karen Webb, > page 106. > > > The Cisco book states ~"vlans 1-1000 are automatically transported... even > if a range was specified... one must use the "clear" command to remove the > unnecessary vlans". > > When two test vlans are added to the 5509 and then the "show vlan" command > is used, I do not see where "unnecessary' vlans have been added. > Note that > example: > > 1 default active 3 3/1-12 >5/1-2 >7/1-3 > 2 jr_vlan2 active 146 5/9-16 > 3 jr_vlan3 active 146 5/17-25 > ... > > John L. Reel > Intel-Gigabit Lab > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=5323&t=5311 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Connecting Serial Interfaces [7:5838]
Your clock rate is too fast on the other router. On the 2522, interface S2 through S9 are limited to 115200. These are low speed serials. Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 2522(config)#int s2 2522(config-if)#clock rate ? Speed (bits per second) 300 1200 2400 4800 9600 14400 19200 28800 32000 38400 56000 57600 64000 72000 115200 Choose clockrate from list above 2522(config-if)#clock rate -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mark Rose Sent: Thursday, May 24, 2001 7:14 PM To: [EMAIL PROTECTED] Subject: Connecting Serial Interfaces [7:5838] I am trying to set up a serial link between a 2514 and a 2522. I am using the sync/async ports on the 2522. I cannot get the interface to stay up . It works for a few seconds & then too many errors take down the link. I used the physical-layer sync command on the serial ports of the 2522. This does not help. I know that I have missed a command to set up the sync/async interface, but cannot figure what it is. Advise is needed TIA Mark Configs below: 2522 North#sh run Building configuration... Current configuration: ! version 11.2 service password-encryption no service udp-small-servers no service tcp-small-servers ! hostname North ! enable secret 5 $1$F2gJ$LGaIm7rXo0n4KiMKZOSX21 ! ! interface Ethernet0 no ip address shutdown ! interface Serial0 no ip address shutdown ! interface Serial1 no ip address shutdown ! interface Serial2 description East S0 192.168.50.0 ip address 192.168.50.2 255.255.255.0 bandwidth 64 ! interface Serial3 description West S0 192.168.30.0 ip address 192.168.30.2 255.255.255.0 bandwidth 64 ! interface Serial4 description Link West 192.168.40.0 no ip address bandwidth 64 shutdown ! interface Serial5 no ip address shutdown ! interface Serial6 no ip address shutdown ! interface Serial7 description West S1 192.168.40.0 ip address 192.168.40.2 255.255.255.0 bandwidth 64 ! interface Serial8 no ip address shutdown ! interface Serial9 no ip address shutdown ! interface BRI0 no ip address shutdown ! no ip classless ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 password 7 121C091E180A04 login ! end 2512 west#sh run Building configuration... Current configuration: ! version 11.2 service password-encryption no service udp-small-servers no service tcp-small-servers ! hostname west ! enable secret 5 $1$a7wE$jE18AUEn2QSTBFY.P1Fqg1 ! partition flash 2 8 8 ! ! interface Ethernet0 no ip address shutdown ! interface Ethernet1 description Link to East 192.168.20.0 ip address 192.168.20.1 255.255.255.0 ! interface Serial0 description North S3 192.168.30.0 ip address 192.168.30.1 255.255.255.0 bandwidth 64 clockrate 100 ! interface Serial1 description North S7 192.168.50.0 ip address 192.168.40.1 255.255.255.0 bandwidth 64 clockrate 100 ! no ip classless ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 password 7 070A2D45440811 login ! end FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=5847&t=5838 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: cisco cd from Hard disk [7:8888]
Ken, Install the CD as you would normally do. Then copy the documentation CD to your hard disk. Edit the search.ini file and change the following two lines to point to wherever you copied the documentation CD. Example: InitialURL=/c:/program files/cisco/cd_data/home/home.htm SourceDrive=c:/program files/cisco/cd_data/ Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > kenny wong > Sent: Sunday, June 17, 2001 7:16 AM > To: [EMAIL PROTECTED] > Subject: cisco cd from Hard disk [7:] > > > Hi , > Any one try to copy the Cisco CD to your hard disk and eventually access > through the hard disk ? > Please help > > Regards > ken Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8891&t= -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: I can't use dialer 1 int to connect internet [7:9662]
Try using "dialer pool 1" under the dialer interface and "dialer pool-member 1" under the BRI interface(s). Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > hwen > Sent: Saturday, June 23, 2001 8:50 PM > To: [EMAIL PROTECTED] > Subject: I can't use dialer 1 int to connect internet [7:9662] > > > Hi, > when I only config the bri int , I can ping any ip in route. > Now, I use the dialer 1 int, I can't ping any ip in route > > my config > > version 12.0 > service timestamps debug uptime > service timestamps log uptime > no service password-encryption > ! > hostname 2600 > ! > ! > ! > ! > ! > ! > ip subnet-zero > no ip domain-lookup > ! > isdn switch-type basic-net3 > isdn voice-call-failure 0 > ! > ! > ! > interface FastEthernet0/0 > ip address 192.168.1.250 255.255.255.0 > no ip directed-broadcast > ip nat inside > duplex auto > speed auto > ! > interface BRI1/0 > ip address negotiated > no ip directed-broadcast > ip nat outside > encapsulation ppp > dialer rotary-group 1 > dialer-group 1 > isdn switch-type basic-net3 > ! > interface BRI1/1 > no ip address > no ip directed-broadcast > ip nat outside > encapsulation ppp > shutdown > dialer rotary-group 1 > isdn switch-type basic-net3 > ! > interface BRI1/2 > no ip address > no ip directed-broadcast > shutdown > isdn switch-type basic-net3 > ! > interface BRI1/3 > no ip address > no ip directed-broadcast > shutdown > isdn switch-type basic-net3 > ! > interface Dialer1 > ip address negotiated > no ip directed-broadcast > ip nat outside > encapsulation ppp > dialer in-band > dialer idle-timeout 1800 > dialer string 169 > dialer load-threshold 1 either > dialer-group 1 > ppp authentication pap callin > ppp pap sent-username 169 password 7 055A5056 > ppp multilink > ! > ip classless > ip route 0.0.0.0 0.0.0.0 Dialer1 > no ip http server > ! > dialer-list 1 protocol ip permit > ! > line con 0 > transport input none > line aux 0 > line vty 0 4 > login > ! > no scheduler allocate > end > > > when I ping somewhere in route , the message is > > Sending 5, 100-byte ICMP Echos to 166.111.8.28, timeout is 2 seconds: > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=9669&t=9662 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: I can't use dialer 1 int to connect internet [7:9662]
If the "ip address negotiated" command is left on the BRI it will still work using dialer interfaces. Try it for yourself. Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > SilCam > Sent: Monday, June 25, 2001 4:02 AM > To: [EMAIL PROTECTED] > Subject: Re: I can't use dialer 1 int to connect internet [7:9662] > > > you also need to configure "no ip address" under the BRI interface. > > "Brian Dennis" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Try using "dialer pool 1" under the dialer interface and "dialer > pool-member > > 1" under the BRI interface(s). > > > > Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 > > 5G Networks, Inc. > > [EMAIL PROTECTED] > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > > hwen > > > Sent: Saturday, June 23, 2001 8:50 PM > > > To: [EMAIL PROTECTED] > > > Subject: I can't use dialer 1 int to connect internet [7:9662] > > > > > > > > > Hi, > > > when I only config the bri int , I can ping any ip in route. > > > Now, I use the dialer 1 int, I can't ping any ip in route > > > > > > my config > > > > > > version 12.0 > > > service timestamps debug uptime > > > service timestamps log uptime > > > no service password-encryption > > > ! > > > hostname 2600 > > > ! > > > ! > > > ! > > > ! > > > ! > > > ! > > > ip subnet-zero > > > no ip domain-lookup > > > ! > > > isdn switch-type basic-net3 > > > isdn voice-call-failure 0 > > > ! > > > ! > > > ! > > > interface FastEthernet0/0 > > > ip address 192.168.1.250 255.255.255.0 > > > no ip directed-broadcast > > > ip nat inside > > > duplex auto > > > speed auto > > > ! > > > interface BRI1/0 > > > ip address negotiated > > > no ip directed-broadcast > > > ip nat outside > > > encapsulation ppp > > > dialer rotary-group 1 > > > dialer-group 1 > > > isdn switch-type basic-net3 > > > ! > > > interface BRI1/1 > > > no ip address > > > no ip directed-broadcast > > > ip nat outside > > > encapsulation ppp > > > shutdown > > > dialer rotary-group 1 > > > isdn switch-type basic-net3 > > > ! > > > interface BRI1/2 > > > no ip address > > > no ip directed-broadcast > > > shutdown > > > isdn switch-type basic-net3 > > > ! > > > interface BRI1/3 > > > no ip address > > > no ip directed-broadcast > > > shutdown > > > isdn switch-type basic-net3 > > > ! > > > interface Dialer1 > > > ip address negotiated > > > no ip directed-broadcast > > > ip nat outside > > > encapsulation ppp > > > dialer in-band > > > dialer idle-timeout 1800 > > > dialer string 169 > > > dialer load-threshold 1 either > > > dialer-group 1 > > > ppp authentication pap callin > > > ppp pap sent-username 169 password 7 055A5056 > > > ppp multilink > > > ! > > > ip classless > > > ip route 0.0.0.0 0.0.0.0 Dialer1 > > > no ip http server > > > ! > > > dialer-list 1 protocol ip permit > > > ! > > > line con 0 > > > transport input none > > > line aux 0 > > > line vty 0 4 > > > login > > > ! > > > no scheduler allocate > > > end > > > > > > > > > when I ping somewhere in route , the message is > > > > > > Sending 5, 100-byte ICMP Echos to 166.111.8.28, timeout is 2 seconds: > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=9771&t=9662 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: router respond to network address [7:9793]
Rob, In what IOS version is proxy arp not enabled by default? Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > [EMAIL PROTECTED] > Sent: Monday, June 25, 2001 10:33 AM > To: [EMAIL PROTECTED] > Subject: Re: router respond to network address [7:9793] > > > Singh, > Depending on the IOS version you are using, this sounds like > ProxyARP is in > your default configuration. > HTH, > Rob H. CCNP, CCDP, MCSE Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=9826&t=9793 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ACPC @ Globalknowledge [7:9971]
Bryan, They are excellent preparation for the CCIE lab but my opinion might be a little biased seeing as I'm the developer of the ACPC classes ;) The classes are geared toward students who are about 3-5 months out from their lab date. There are three ACPC classes, ACPC1, ACPC2 and ACPC3. Each class focuses on different technologies. The classes are run Monday to Friday from 8:30am till 10:00pm with the instructor remaining with the class the whole time (lunch and dinner excluded). The current instructors are myself and Paul Borghese. Students get access to the equipment 24x7 during the week of the class. The console server is setup so it's accessible via the Internet. Currently we are giving access to the equipment over the weekend after class. This gives students additional time to redo labs, practice additional scenarios, etc. The main objective of the classes is for the student to achieve a full understanding of the technologies needed to become a CCIE. Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Bryan Long (Richmond VA) > Sent: Tuesday, June 26, 2001 8:22 AM > To: [EMAIL PROTECTED] > Subject: ACPC @ Globalknowledge [7:9971] > > > Has anyone tried the ACPC courses offered by GlobalKnowledge? > > > Bryan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=10005&t=9971 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Block this MAC address! [7:34953]
If memory serves me correct, on a router, the MAC address access-list will not work for a protocol if you're routing that protocol. It's used for bridged traffic. If you're routing IP and need to filter based on a MAC address you might try looking into using a BVI. Another easier solution would be to just allow from the customer only the IP addresses that are assigned to the customer. Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) Chuck Larrieu wrote: > absolutely. you want something in either the 700-799 range or 1100-1199 > range. see router output below:I've never actually implemented one of > these in real or lab. the choices seem to be permit or deny. There does > not appear to be a lot of flexibility here, as with an IP access list. > > R1(config)#access-list ? (edited ) >Extended 48-bit MAC address access list > 48-bit MAC address access list > > HTH > > Chuck > > > ""Charles Lomotey"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> Hi, >> >> Is it possible to block a MAC address on an interface by accesslist >> or.?? >> >> I have this annoying customer playing around with their IP adresses and >> bringing down the whole network >> Charles >> >> > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34969&t=34953 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Lab Remote (was RE: Current Wait time on the lab) [7:12746]
Greg, It won't matter if there isn't a waiting list if the CCIE certification has lost it's value. The one-day lab is the first step to start running the lab remote from testing centers like Sylvan. I don't think that you want to be known as a "Sylvan CCIE" do you? Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] Here is an excert from an e-mail I sent on the ccielab mailing list today: I think that we all know that someone could make an extremely hard one day lab that fails 99% of the candidates but that isn't the issue. There are a couple issues with remote labs and the shortening of the waiting list. One issue is that with the short waiting list people are going to be able to take the lab over and over again enabling the CCIE lab exams to become common knowledge just like the CCIE written is today. It'll be simpler for someone to just take the lab over and over again then it would to actually study. Cisco needs to put safeguards in that don't allow people take the test to often to solve this problem and I don't mean a weak solution like the 20 points on day one. I bet the average CCNP could get 20 points on day one. Having a long waiting list enables candidates to prepare and study for the lab and is part of the becoming a CCIE. Becoming a CCIE isn't something that you do overnight and should not be able to attempt every 30 days. Another issue is the problem with Sylvan testing centers that don't enforce Sylvan's policies and Sylvan centers that aren't on the up-and-up. This problem speaks for itself. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Greg Macaulay Sent: Tuesday, July 17, 2001 6:22 PM To: [EMAIL PROTECTED] Subject: RE: Current Wait time on the lab [7:12713] Chuck --- Do you really think the CCIE is finished?? I hope you are wrong! We've all invested so many hundreds of hours of blood, sweat, tears and Money to get to this point!! I read Cisco's explanation today -- and hopefully their new lab will simply economize on time -- not on expertise. Say a prayer! Greg Macaulay Oldest CCNP/CCDP on Earth Lifetime Member of AARP Retired Attorney/Law Professor -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chuck Larrieu Sent: Tuesday, July 17, 2001 8:52 PM To: [EMAIL PROTECTED] Subject: RE: Current Wait time on the lab [7:12713] I'm willing to part with my December 3 date for a nominal fee. Chuck betting that once the one day lab takes effect, the value of the CCIE will plummet ;-> -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of EA Louie Sent: Tuesday, July 17, 2001 2:33 PM To: [EMAIL PROTECTED] Subject: Re: Current Wait time on the lab [7:12713] - Original Message - From: John Neiberger To: Sent: Tuesday, July 17, 2001 2:12 PM Subject: Re: Current Wait time on the lab [7:12713] > I just scheduled the lab today and the earliest date available was > 3/8/2002. But I took that spot. :-) not true, the earliest date was today ;-) then one on 8/7 and another on 8/17 (heheheheh) > > John > > >>> "Jaspreet Bhatia" 7/17/01 2:40:18 PM >>> > Guys, > Does anyone know what is the current wait time for the > R/S > lab in San Jose . > > Jaspreet _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12746&t=12746 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Meet Your New CCIE Proctor (was RE: CCIE Lab Remote) [7:12803]
I heard it directly and indirectly from sources at Cisco that they were looking into Sylvan as a testing provider. Sylvan wouldn't actually own the equipment or employ CCIEs, they would just provide the testing facilities. The equipment would still be located at Cisco and administrated by Cisco. Also I know that the beta of the one-day lab was offered to people remote. Not from Sylvan but from any Cisco sales office. Do you want to meet your new proctor? Click on the link below. http://www.mentortech.com/learn/ccie_assessor.shtml Let me say that this technology looks totally impressive. It looks to be a great product but do I think I want something like this to replace the proctor? No. I truly hope that I'm totally incorrect and this isn't the direction that Cisco is going. Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of EA Louie Sent: Wednesday, July 18, 2001 12:21 AM To: [EMAIL PROTECTED] Subject: Re: CCIE Lab Remote (was RE: Current Wait time on the lab) [7:12770] Is there any evidence to support this possibility? The reason I ask is that the proctors have a very important role in the lab exam as it sits today, and I don't see how that role could be diminished. Hmmm...as a CCIE, if there were Sylvan remote lab testing, and lab proctors had to be CCIE's, that would fill a the gap in the CCIE unemployment...interesting tactic... But I doubt it will ever happen. Too much reputation at stake for Cisco to give up that much control over that coveted certification. -e- - Original Message - From: Brian Dennis To: Sent: Tuesday, July 17, 2001 6:53 PM Subject: CCIE Lab Remote (was RE: Current Wait time on the lab) [7:12746] > Greg, > It won't matter if there isn't a waiting list if the CCIE certification has > lost it's value. The one-day lab is the first step to start running the lab > remote from testing centers like Sylvan. I don't think that you want to be > known as a "Sylvan CCIE" do you? > > Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 > 5G Networks, Inc. > [EMAIL PROTECTED] > > Here is an excert from an e-mail I sent on the ccielab mailing list today: > > I think that we all know that someone could make an extremely hard one day > lab that fails 99% of the candidates but that isn't the issue. There are a > couple issues with remote labs and the shortening of the waiting list. One > issue is that with the short waiting list people are going to be able to > take the lab over and over again enabling the CCIE lab exams to become > common knowledge just like the CCIE written is today. It'll be simpler for > someone to just take the lab over and over again then it would to actually > study. Cisco needs to put safeguards in that don't allow people take the > test to often to solve this problem and I don't mean a weak solution like > the 20 points on day one. I bet the average CCNP could get 20 points on day > one. > > Having a long waiting list enables candidates to prepare and study for the > lab and is part of the becoming a CCIE. Becoming a CCIE isn't something that > you do overnight and should not be able to attempt every 30 days. > > Another issue is the problem with Sylvan testing centers that don't enforce > Sylvan's policies and Sylvan centers that aren't on the up-and-up. This > problem speaks for itself. > > > > > > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Greg Macaulay > Sent: Tuesday, July 17, 2001 6:22 PM > To: [EMAIL PROTECTED] > Subject: RE: Current Wait time on the lab [7:12713] > > > Chuck --- > Do you really think the CCIE is finished?? I hope you are wrong! We've all > invested so many hundreds of hours of blood, sweat, tears and Money to get > to this point!! I read Cisco's explanation today -- and hopefully their new > lab will simply economize on time -- not on expertise. Say a prayer! > > Greg Macaulay > Oldest CCNP/CCDP on Earth > Lifetime Member of AARP > Retired Attorney/Law Professor > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Chuck Larrieu > Sent: Tuesday, July 17, 2001 8:52 PM > To: [EMAIL PROTECTED] > Subject: RE: Current Wait time on the lab [7:12713] > > > I'm willing to part with my December 3 date for a nominal fee. > > Chuck > betting that once the one day lab takes effect, the value of the CCIE will > plummet ;-> > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > EA Louie > Sent: Tuesday, July 17, 2001 2:33 PM
RE: New CCIE Lab!!??!!! [7:12926]
Peter, The issue isn't a one day / two day issue. I'm sure the one day lab with be tough and at first we will see a lot of people failing it. Cisco has to do this to ensure that it looks like a good decision but wait for a few months after a ton of people take it. The beta one day lab was really hard and failed many people. Bruce Caslow scored a 27/100 and Phil Remaker scored 35/100. Some people declined to take it because they knew that they would be setup to fail ;) But that isn't what Cisco is trying to do. Cisco is using the long waiting list as an excuse to move to a one day remote lab. If Cisco really wanted to shorten the waiting list they would fix the written but that wouldn't give them an excuse to go to a one day remote lab. People should not be fooled into thinking this a one day / two day issue or a long waiting list issue. This is just a start of the changes to come for the CCIE lab. Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Peter Van Oene Sent: Thursday, July 19, 2001 11:03 AM To: [EMAIL PROTECTED] Subject: RE: New CCIE Lab!!??!!! [7:12926] - IGNORE THIS - JOKE [7:12980] Are you missing the point that the lab with still be very tough? The only issue is meeting the customer demand for rack time for testing. Cisco cannot do this in a two day format and much of the two day stuff was overhead. I personally think one day will be tougher. Pete *** REPLY SEPARATOR *** On 7/19/2001 at 1:25 PM Ciaron Gogarty wrote: >I do believe that the format IS changing to a one day lab, so it's >actually >taking the piss out of the reasons Cisco are giving for changing the >format... > >Personally, I think CCIE is THE most respected vendor certification out >there, so why change what (to my mind) has been a great format for >seperating the weed from the chaff?? In the end, the market will get >swamped with half baked CCIE's who have no substantive real world >experience >and the value of the cert will go down... much like the way the MCSE went.. > >thats my two cents > > > >-Original Message- >From: Andrew Larkins [mailto:[EMAIL PROTECTED]] >Sent: 19 July 2001 14:52 >To: [EMAIL PROTECTED] >Subject: RE: New CCIE Lab!!??!!! [7:12926] - IGNORE THIS - JOKE >[7:12943] > > >thanks > >I read this after an all night work session - half asleep > > >-Original Message- >From: Ciaron Gogarty [mailto:[EMAIL PROTECTED]] >Sent: 19 July 2001 15:23 >To: [EMAIL PROTECTED] >Subject: RE: New CCIE Lab!!??!!! [7:12926] > > >I think u should read the article more closely > >;-) > >-Original Message- >From: Andrew Larkins [mailto:[EMAIL PROTECTED]] >Sent: 19 July 2001 10:05 >To: [EMAIL PROTECTED] >Subject: FW: New CCIE Lab!!??!!! [7:12926] > > >This is what I received from a colleague. > >Is this true? >http://angelfire.com/my/no1daylab/new_format.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12993&t=12926 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: serial up/up w/o cable [7:27604]
Set it up to do dial. See below. Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] Gateway#sho int s0 Serial0 is up (spoofing), line protocol is up (spoofing) Hardware is HD64570 MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set Keepalive not set Last input never, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/0/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=down DSR=down DTR=down RTS=down CTS=down Gateway# sho contr ser 0 HD unit 0, idb = 0xC04F7C, driver structure at 0xC0AE10 buffer size 1524 HD unit 0, No cable cpb = 0x2, eda = 0x2940, cda = 0x2800 RX ring with 16 entries at 0x4022800 00 bd_ptr=0x2800 pak=0xC0E520 ds=0x402C60C status=80 pak_size=0 01 bd_ptr=0x2814 pak=0xC0E2D4 ds=0x402BF50 status=80 pak_size=0 02 bd_ptr=0x2828 pak=0xC0E088 ds=0x402B894 status=80 pak_size=0 03 bd_ptr=0x283C pak=0xC0DE3C ds=0x402B1D8 status=80 pak_size=0 04 bd_ptr=0x2850 pak=0xC0DBF0 ds=0x402AB1C status=80 pak_size=0 05 bd_ptr=0x2864 pak=0xC0D9A4 ds=0x402A460 status=80 pak_size=0 06 bd_ptr=0x2878 pak=0xC0D758 ds=0x4029DA4 status=80 pak_size=0 07 bd_ptr=0x288C pak=0xC0D50C ds=0x40296E8 status=80 pak_size=0 08 bd_ptr=0x28A0 pak=0xC0D2C0 ds=0x402902C status=80 pak_size=0 09 bd_ptr=0x28B4 pak=0xC0D074 ds=0x4028970 status=80 pak_size=0 10 bd_ptr=0x28C8 pak=0xC0CE28 ds=0x40282B4 status=80 pak_size=0 11 bd_ptr=0x28DC pak=0xC0CBDC ds=0x4027BF8 status=80 pak_size=0 12 bd_ptr=0x28F0 pak=0xC0C990 ds=0x402753C status=80 pak_size=0 13 bd_ptr=0x2904 pak=0xC0C744 ds=0x4026E80 status=80 pak_size=0 14 bd_ptr=0x2918 pak=0xC0C4F8 ds=0x40267C4 status=80 pak_size=0 15 bd_ptr=0x292C pak=0xC0C2AC ds=0x4026108 status=80 pak_size=0 16 bd_ptr=0x2940 pak=0xC0C060 ds=0x4025A4C status=80 pak_size=0 cpb = 0x2, eda = 0x3000, cda = 0x3000 TX ring with 1 entries at 0x4023000 00 bd_ptr=0x3000 pak=0x00 ds=0x00 status=80 pak_size=0 01 bd_ptr=0x3014 pak=0x00 ds=0x00 status=80 pak_size=0 0 missed datagrams, 0 overruns 0 bad datagram encapsulations, 0 memory errors 0 transmitter underruns 0 residual bit errors Gateway# ""Tom E"" wrote: > How can you get a serial interface to go up/up without a cable connected? I > have tried loop and no keep. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27625&t=27604 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ATM circuit [7:28774]
Priscilla, There was something called the "Cell in Frame Alliance" that was developing ATM over Ethernet but I don't know whatever came of it. Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] ""Priscilla Oppenheimer"" wrote: > My co-author added this statement to the book I'm working on: > > " an ATM virtual circuit may begin on an OC-3 fiber link, cross over to > a T3 line, pass across a Gigabit Ethernet fiber backbone, and end up going > out through an OC-12 fiber link. This may be an implementation of a single > ATM circuit, however." > > Could an ATM virtual circuit really span an Ethernet backbone?? > > Thanks! I don't want to be one of those authors that propagates > misinformation. ;-) Seriously, some mistakes are unavoidable, but this one > seems avoidable (if it is a mistake) > > Priscilla > > > > Priscilla Oppenheimer > http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28791&t=28774 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: automatic retrieval and ENCRYPTION of router configs [7:31041]
Eric, I personally haven't heard of an "off the shelf" application that could do this but it could be easily written. Someone (me ;-) could write this in about an hour. First I would configure ssh on the router. Then I would write a script in Expect* to connect to the router with ssh. Have the script grab the config from the router. It then encrypts the config and stores it on the "server". Add a nice little user interface using HTML/PHP and you're done. Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] *Expect is a very useful scripting language for automation network task. Check it out at http://expect.nist.gov/ ""2387"" wrote: > Hello all , > im looking for a friendly point in the right direction here . I am looking > for > a kind of tftp program that will not only automatically retrieve and store > configs from remote routers but will also encrypt or password protect them > where they are stored. is there such a thing? > thanks for any replies. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31041&t=31041 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Lab Equipments - Any one selling ? [7:31040]
Prabhat, Check out Brad Ellis at www.optsys.net . He can hook you up with everything you need. Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] ""Prabhat Sen"" wrote in message news:... > Thanks for all the feedbacks: > > Any one selling these equipments for a home lab . Pls > send me mail directly. My email is > > [EMAIL PROTECTED] > Any reliable websites from where hese are aviabale? > > List of Equipments: > > 2x2501 routers; 1x2522 or 2523; 2x2503 or 2504 > routers; 1 x 2513 or 2514 > > A Cat5K switch or a 2900 (non XL); > > One ISDN Simulator; Token Ring Mau x 2; > > 1 x 2509 or CS 516 > 1 x Token Ring 3920 > > Thanks, > Prabhat > > > > > __ > > Do You Yahoo!? > > Send FREE video emails in Yahoo! Mail! > > http://promo.yahoo.com/videomail/ > [EMAIL PROTECTED] > > > __ > Do You Yahoo!? > Send FREE video emails in Yahoo! Mail! > http://promo.yahoo.com/videomail/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31050&t=31040 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: some further observations - CCIE Practical Studies [7:32520]
Chuck, I don't think that you are totally correct here. Yes, on a frame-relay physical interface "ip split-horizon" is disable. But on a frame-relay multipoint subinterface "ip split-horizon" is enabled. In both places in chapter 5 where I found him referring to ip split horizon, it seems that he's referring to it in reference to frame-relay multipoint subinterfaces. So if that's the case, he is correct to say it needs to be disabled. The rule with frame-relay is: Physical interface - ip split horizon is off Multipoint subinterface - ip split horizon is on Point-to-point subinterface - ip split horizon is on Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] ""Chuck Larrieu"" wrote in message news:... > I've now browsed chapters 2-5 > > Chap 2 - LAN protocols - tells you everything you were afraid to ask about > the raw protocols historical tables. cable types, frame types, IEEE > references. Let's call this the "Priscilla" chapter ;-> > > also covers bridging and switching in good detail. I read with great > interest the section on token ring switching, and found it to be the best > guide I have seen with regards to both the theory and the practical > configuration of a 3920 switch. I say this with confidence because the > recommendations are very close to what I developed independently, using > Cisco documentation and the 3920 simulator which I believe NLI is now > selling. Confidence because not too long ago I was someplace where this > was important, and everything worked the way it was supposed to on the 3920, > at least. superior IMHO to the very good explanation found in the Kennedy > Clark book. > > Chap 3 WAN HDLC - OK > > Chap 4 WAN PPP - not too bad. concentrates on ISDN / dial. The section on > PPP multilink is incredibly poor, to the point of being useless. this > surprised me, as there is so much detail elsewhere. > > Chap 5 - frame relay. another decent chapter. contains a HUGE error. states > that frame relay split horizon is on by default, and that you have to > disable it manually. not true, and the source of woe to many who find > themselves frustrated with certain sections of various practice labs. on a > frame relay interface, split horizon is DISabled by default. several CCIEs > otta be ashamed of themselves for letting that one through! ;-> > > The several lab exercises at the ends of each chapter cover the fundamentals > pretty well. They are not necessarily CCIE level labs, but they are > certainly worth looking at. > > So far, what I would say, is that the book contains a lot of good reference > information, some good practical configuration information, and some decent > exercises for all levels. I continue to recommend this one as something > folks new to the field, or just starting out in the certification grid, plan > on adding to their libraries. Along with the books by Doyle and Caslow, this > is one that can serve well throughout the journey. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32520&t=32520 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: some further observations - CCIE Practical Studies [7:32567]
Scott, What error are you referring too? The book is correct in regards to split horizon and frame-relay. The only 'shortcoming' I see in the frame-relay chapter is that it doesn't beat into the reader's head the ip split horizon issue with frame-relay physical interfaces ;-) Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] ""Scott"" wrote: > While what you are saying regarding split horizon is true, I agree with > Chuck in that it was a little confusing exactly what the authors were > talking about (physical or sub). Anyone studying for the lab exam should > pick that error up immediately, but for people that are just really starting > down this road it could create a big bump. > > my $0.005 > > ""Brian Dennis"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Chuck, > > I don't think that you are totally correct here. Yes, on a frame-relay > > physical interface "ip split-horizon" is disable. But on a frame-relay > > multipoint subinterface "ip split-horizon" is enabled. In both places in > > chapter 5 where I found him referring to ip split horizon, it seems that > > he's referring to it in reference to frame-relay multipoint subinterfaces. > > So if that's the case, he is correct to say it needs to be disabled. > > > > The rule with frame-relay is: > > > > Physical interface - ip split horizon is off > > Multipoint subinterface - ip split horizon is on > > Point-to-point subinterface - ip split horizon is on > > > > > > Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 > > 5G Networks, Inc. > > [EMAIL PROTECTED] > > > > > > ""Chuck Larrieu"" wrote in message > > news:... > > > I've now browsed chapters 2-5 > > > > > > Chap 2 - LAN protocols - tells you everything you were afraid to ask > about > > > the raw protocols historical tables. cable types, frame types, IEEE > > > references. Let's call this the "Priscilla" chapter ;-> > > > > > > also covers bridging and switching in good detail. I read with great > > > interest the section on token ring switching, and found it to be the > best > > > guide I have seen with regards to both the theory and the practical > > > configuration of a 3920 switch. I say this with confidence because the > > > recommendations are very close to what I developed independently, using > > > Cisco documentation and the 3920 simulator which I believe NLI is now > > > selling. Confidence because not too long ago I was someplace where > this > > > was important, and everything worked the way it was supposed to on the > > 3920, > > > at least. superior IMHO to the very good explanation found in the > Kennedy > > > Clark book. > > > > > > Chap 3 WAN HDLC - OK > > > > > > Chap 4 WAN PPP - not too bad. concentrates on ISDN / dial. The section > on > > > PPP multilink is incredibly poor, to the point of being useless. this > > > surprised me, as there is so much detail elsewhere. > > > > > > Chap 5 - frame relay. another decent chapter. contains a HUGE error. > > states > > > that frame relay split horizon is on by default, and that you have to > > > disable it manually. not true, and the source of woe to many who find > > > themselves frustrated with certain sections of various practice labs. on > a > > > frame relay interface, split horizon is DISabled by default. several > CCIEs > > > otta be ashamed of themselves for letting that one through! ;-> > > > > > > The several lab exercises at the ends of each chapter cover the > > fundamentals > > > pretty well. They are not necessarily CCIE level labs, but they are > > > certainly worth looking at. > > > > > > So far, what I would say, is that the book contains a lot of good > > reference > > > information, some good practical configuration information, and some > > decent > > > exercises for all levels. I continue to recommend this one as something > > > folks new to the field, or just starting out in the certification grid, > > plan > > > on adding to their libraries. Along with the books by Doyle and Caslow, > > this > > > is one that can serve well throughout the journey. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32567&t=32567 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 99% CPU Utilisation with ethernet disconnected [7:32599]
Gaz, The way the CPU utilization is calculated for your "show proc cpu" is 99% - 65% = 34%. The 34% is "IP Input" as you stated. The other "missing" 65% is interrupts to the CPU. There really isn't a way to find out exactly what is causing the interrupts to the CPU but since "IP Input" is so high it would be safe to say that it has something to do with packet processing (i.e. fast switching). Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] ""Gaz"" wrote: > Hi all, > > This is not really a problem, just curious and not been able to find a > reason for it. > > I went to a site yesterday which ran 3DES on a 2650 with VPN module with > just serial and fast ethernet. The firewall connected to the fast ethernet > had been disconnected ready for me to move the router. I noticed that it > took a while to accept the password, and around a minute for write mem, so I > did a sho proc cpu. > CPU was running constantly at 99%, although looking through the detail there > was only around 35% in total. It was almost all in IP input. > I put no keepalive on the fast ethernet and cpu utilisation went straight > down to 1%. > > Didn't have time to check what traffic was going on. > > Anybody have any explanation? > > Cheers, > > Gaz > > CPU utilization for five seconds: 99%/65%; one minute: 99%; five minutes: > 99% > PID Runtime(ms) Invoked uSecs5Sec 1Min 5Min TTY Process >12920 3767046 0 0.00% 0.00% 0.00% 0 Load Meter >2 423173 0.00% 0.00% 0.00% 0 PPP auth >3 7669232 2230284 3438 0.00% 0.03% 0.02% 0 Check heaps >4 0 1 0 0.00% 0.00% 0.00% 0 Chunk Manager >5 821380 0.00% 0.00% 0.00% 0 Pool Manager >6 0 2 0 0.00% 0.00% 0.00% 0 Timers >75012 12621397 0.00% 0.00% 0.00% 0 Serial Backgroun >86831 3765897 1 0.00% 0.00% 0.00% 0 ALARM_TRIGGER_SC >9 356627773 0 0.00% 0.00% 0.00% 0 Environmental mo > 10 753315430 2 0.00% 0.00% 0.00% 0 ARP Input > 11 025 0 0.00% 0.00% 0.00% 0 DDR Timers > 12 0 2 0 0.00% 0.00% 0.00% 0 Dialer event > 13 0 4 0 0.00% 0.00% 0.00% 0 Entity MIB API > 14 0 1 0 0.00% 0.00% 0.00% 0 SERIAL A'detect > 15 0 1 0 0.00% 0.00% 0.00% 0 Critical Bkgnd > 16 135559 2095603 64 0.00% 0.00% 0.00% 0 Net Background > 17 8 953 8 0.00% 0.00% 0.00% 0 Logger > 18 31610 18804830 1 0.00% 0.01% 0.00% 0 TTY Background > 19 16334 18805051 0 0.00% 0.00% 0.00% 0 Per-Second Jobs > 20 4 2 2000 0.00% 0.00% 0.00% 0 Hawkeye Backgrou > 213278 1354 2420 0.00% 0.12% 0.35% 0 Exec > PID Runtime(ms) Invoked uSecs5Sec 1Min 5Min TTY Process > 22 0 1 0 0.00% 0.00% 0.00% 0 HDV background > 23 0 2 0 0.00% 0.00% 0.00% 0 VNM DSPRM MAIN > 24 042 0 0.00% 0.00% 0.00% 0 Net Input > 254407 3767048 1 0.00% 0.00% 0.00% 0 Compute load avg > 26 6294136314153 20035 0.00% 0.04% 0.00% 0 Per-minute Jobs > 27 0 1 0 0.00% 0.00% 0.00% 0 CES Line Conditi > 29 129535685967188 0.00% 0.00% 0.00% 0 ecaimLoPri > 3013206273 2500683 5281 34.77% 33.20% 32.77% 0 IP Input > 31 6215447 2353531 2640 0.08% 0.03% 0.00% 0 CDP Protocol Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32603&t=32599 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PATS RULE! (EOM) [7:32614]
c1sc0k1d, I think that he switched from NAT to PAT. Since he's saving IP addresses using PAT, he must be really happy about it and just wanted everyone to know. ;-) Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) c1sc0k1d wrote: > PAT who? > > > > ""Steven A. Ridder"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> -- >> >> RFC 1149 Compliant. >> >> >> FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html >> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32651&t=32614 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT : Tacacs+ / Linux [7:32661]
Alex, Use "ps -e | grep tac_plus" or you could use "/etc/init.d/tac_plus status" to see it is running. [root@bart /root]# /etc/init.d/tac_plus status tac_plus (pid 741) is running... [root@bart /root]# ps -e | grep tac_plus 741 ?00:00:00 tac_plus [root@bart /root]# To "stop", "start", or "restart" TACACS+ just su to root and type "/etc/init.d/tac_plus ". The config file for tac_plus is /etc/tacacs/tac_plus.cfg. If you need any help with the TACACS+ config file just let me know. Also make sure that you have an alternate why to get into the router if TACACS+ authentication fails and if the router can't communicate with the TACACS+ server. Good Luck and Enjoy! Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) Alex Lee wrote: > A newbie question regarding Tacacs+ on Linux box for home lab. > > I download the Tacacs+ v.9 from http://www.gazi.ed.tr/tacacs. > > Installed it successfully (I believe) as per instruction from the site, > since I got a output of : > tac_plus-F4.0.3.alpha-9 > when I issue a query : rpm -q tac_plus > > How can I tell if Tacacs+ is up and running even before I configure a > router to test it ? Is Tacacs+ running as a service (daemon) whenever the > Linux box boots up ? I cannot get answer after reading the docs from the > same site. > > Can any group member point me to some resources concerning running Tacacs+ > on Linux ? > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32664&t=32661 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ** MEAN router tricks, (was RE: **stupid router tricks) [7:32667]
How about a "wr e" with a timed reload. If they are using a network management app like HP Openview, have the routers reload from the outskirts of the network first and work their way in. Maybe have a one or two minute interval between each router reloading. This will keep the guys in the NOC busy ;-) As soon as they start looking into one router going red on the Openview map another ones goes belly up. ;-) Gateway#wr e Erasing the nvram filesystem will remove all files! Continue? [confirm]y[OK] Erase of nvram: complete Gateway#reload in 35790 Reload scheduled in 596 hours and 30 minutes Proceed with reload? [confirm]y Gateway# Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) Nick Lesewski wrote: > Mean router trick number 2... > > On evening before your last day... > > Go to each router; TFTP your configs to a laptop; hack up all the configs; > save the configs; reload the configs from your TFTP server without > saving... > > All the routers are working, but the first time your replacement schedules > an outage all the routers reboot with the hacked up code. The assumption > is that the guy isn't smart enought to save his configs; but hey, nothings > perfect... > > Nick... > > > > >>From: "[EMAIL PROTECTED]" >>Reply-To: "[EMAIL PROTECTED]" >>To: [EMAIL PROTECTED] >>Subject: ** MEAN router tricks, (was RE: **stupid router tricks) [7:32314] >>Date: Thu, 17 Jan 2002 12:14:58 -0500 >> >>I guess some of us are more devious than others, in >>honor of those members, lets hear your worst trick >>that you played on some poor ccna candidate, or was >>played on you by a student, etc... >> >>(e.g.) >> >>-exec-timeout 1 >> >>-banner motd (thanks Priscilla =) >> >>SYNTAX ERROR >>ROUTER CANNOT INITIALIZE >>CONTACT CISCO TECHNICAL SUPPORT IMMEDIATELY >> >>-hostname to # or > or to the name of some other >>router that they frequently Telnet to. >> >>-"test crash" >> >>__ >>Do You Yahoo!? >>Send FREE video emails in Yahoo! Mail! >>http://promo.yahoo.com/videomail/ > _ > Chat with friends online, try MSN Messenger: http://messenger.msn.com > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32667&t=32667 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: levelling of enable secer can't work [7:33363]
It's not working because you're trying to enter privilege level 15. If you want to enter privilege level 2 or 3 try "enable 2" or "enable 3". When you just use "enable" you are actually using "enable 15". Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) On Saturday 26 January 2002 12:10 am, Grad Alfons Kanon wrote: > Hello team, > > I have problem here, I configured two different level of enable password on > my OHIO router to enable different privilege of accessing the router, but > seems can't work because when I telnet from Michigan, OHIO is no even > considered has the enable secret configured > > below is the config. > > > > OHIO ROUTER > === > ! > hostname Ohio > ! > enable secret level 2 5 $1$maWB$LVrsaUTyQGfCjUssdGVAN0 > enable secret level 3 5 $6PRD$oza0RE5ve6QdSB3rAVG7h/ > ! > privilege exec level 3 show version > privilege exec level 2 show interfaces > > > MICHIGAN ROUTER > > > Michigan#135.2.56.6 > Trying 135.2.56.6 ... Open > > > User Access Verification > > Password: > Michigan>en > % No password set > > > > _ > Join the worlds largest e-mail service with MSN Hotmail. > http://www.hotmail.com > _ > CCIE Security list: http://www.groupstudy.com/list/security.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33363&t=33363 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Certified Cisco System Instructor (CCSI) [7:64319]
In order to become a CCSI you have to be sponsored by a Cisco Training (Learning) Partner. In today's market there aren't a lot of jobs, if any, for CCSIs. I would estimate that about 50% of the CCSIs I know aren't teaching authorized Cisco classes anymore. All the good CCSIs I know are off on there own consulting or teaching private classes. Unless someone can teach a ton of Cisco classes right off the bat (MPLS, CVOICE, CWFUN, MCAST, etc) I would be very surprised if a Cisco training partner was willing to sponsor someone new. Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security) CCSI #98640 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tafasi Sent: Monday, March 03, 2003 7:59 PM To: Cisco Group Study; ccielab Subject: Certified Cisco System Instructor (CCSI) Hi Group, I am interested in becoming a CCSI but i could not find any information regarding procedures for this certification on Cisco's web site. Can some one give me some advice. Thanks John Tafasi Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64319&t=64319 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Catalyst 3550 SMI or EMI [7:64450]
If the image name starts with "c3550-i5" it's EMI. If it starts with "c3550-i9" it's SMI. Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security) [EMAIL PROTECTED] http://www.labforge.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tafasi Sent: Tuesday, March 04, 2003 10:32 PM To: Cisco Group Study; ccielab Subject: Catalyst 3550 SMI or EMI How do I know if a catalyst 3550 is running EMI or SMI image. I tried using show version but that gave me no clue. Thanks John Tafasi Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64450&t=64450 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem with Lightstream 100, SVC [7:64794]
Looks like you have an NSAP incorrect. 470001000100010001000100001110111000 s): SETUPv2 ci: 0xF3 mp: 0 ei: 0x 04:02:04: ATMSIG: Called len 20 04:02:04: ATMSIG: Calling len 20 04:02:04: ATMSIG(ATM0 0,0 - 0243/00): (vcnum:0) build Setup msg, Null(U0) state 04:02:04: ATMSIG(ATM0 0,0 - 0243/00): (vcnum:0) API - from sig-client ATM_OWNER_SMAP 04:02:04: ATMSIG(ATM0 0,0 - 0243/00): (vcnum:245) Input event : Req Setup in Null(U0) 04:02:04: ATMSIG(ATM0 0,0 - 0243/00): (vcnum:245) Output Setup msg(XferAndTx), Null(U0) state 04:02:04: ATMSIG: Called Party Addr: 47.000200020002000200020002.222022202220.00 r6# 04:02:04: ATMSIG: Calling Party Addr: 47.000100010001000100010001.111011101110.00 04:02:04: ATMSIG(ATM0 0,0 - 0243/00): (vcnum:245) Null(U0) -> Call Initiated(U1) 04:02:04: E164 NOT Converted 04:02:04: ATMSIG(ATM0 0,0 - 0243/00): (vcnum:245) Input event : Rcvd Release Complete in Call Initiated(U1) 04:02:04: ATMSIG(ATM0 0,0 - 0243/00): (vcnum:245)cause = mandatory information element is missing, location = User 04:02:04: ATMSIG(ATM0 0,0 - 0243/00): (vcnum:245) Call Initiated(U1) -> Null(U0) 04:02:04: ATMSIG(ATM0 0,0 - 0243/00): (vcnum:245) API - notifying Release Complete event to client ATM0.1 04:02:04: ATMAPI: (cs): SETUPv2 ci: 0xE9 mp: 0 ei: 0x 04:01:04: ATMSIG: Called len 20 04:01:04: ATMSIG: Calling len 20 04:01:04: ATMSIG(ATM0 0,0 - 0233/00): (vcnum:0) build Setup msg, Null(U0) state 04:01:04: ATMSIG(ATM0 0,0 - 0233/00): (vcnum:0) API - from sig-client ATM_OWNER_SMAP 04:01:04: ATMSIG(ATM0 0,0 - 0233/00): (vcnum:234) Input event : Req Setup in Null(U0) 04:01:04: ATMSIG(ATM0 0,0 - 0233/00): (vcnum:234) Output Setup msg(XferAndTx), Null(U0) state 04:01:04: ATMSIG: Called Party Addr: 47.000200020002000200020002.222022202220.00 04:01:04: ATMSIG: Calling Party Addr: 47.000200020002000200020002.222022202220.00 04:01:04: ATMSIG(ATM0 0,0 - 0233/00): (vcnum:234) Null(U0) -> Call Initiated(U1) 04:01:04: E164 NOT Converted 04:01:04: ATMSIG(ATM0 0,0 - 0233/00): (vcnum:234) Input event : Rcvd Release Complete in Call Initiated(U1) 04:01:04: ATMSIG(ATM0 0,0 - 0233/00): (vcnum:234)cause = mandatory information element is missing, location = User 04:01:04: ATMSIG(ATM0 0,0 - 0233/00): (vcnum:234) Call Initiated(U1) -> Null(U0) 04:01:04: ATMSIG(ATM0 0,0 - 0233/00): (vcnum:234) API - notifying Release Complete event to client ATM0.1 04:01:04: ATMAPI: (c To: "John Tafasi" ; "Cisco Group Study" ; "ccielab" Sent: Friday, March 07, 2003 1:18 PM Subject: Re: Problem with Lightstream 100, SVC > Your IP addresses are incorrect. It looks like you forgot the 8 in 108 on > R6. > > > > Tony Schaffran > Network Analyst > CCIE #11071 > CCNP, CCNA, CCDA, > NNCSS, NNCDS, CNE, MCSE > > www.cconlinelabs.com > "Your #1 choice for Cisco rack rentals." > > > - Original Message - > From: "John Tafasi" > To: "Cisco Group Study" ; "ccielab" > > Sent: Friday, March 07, 2003 11:37 AM > Subject: Problem with Lightstream 100, SVC > > > > Hi Group, > > > > I have two atm routers that are connected to a Cisco Lightstream 100 atm > > switch. I am trying to cause r6 to call r9 but the call does not succeed. > I > > have configured svc routes on the switch and configured the two routers to > > use svc to reach each other. Below you will find the necessary > > configurations and output of the debug commands. From the output of the > > debug commands on the routers I can see that the routers could not > register > > their addresses with the arp server. > > > > > > A > > > > r6#show run > > Building configuration... > > > > Current configuration : 883 bytes > > ! > > version 12.2 > > service timestamps debug uptime > > service timestamps log uptime > > no service password-encryption > > ! > > hostname r6 > > ! > > ! > > ip subnet-zero > > ! > > ip ssh time-out 120 > > ip ssh authentication-retries 3 > > ! > > ! > > ! > > ! > > interface Ethernet0 > > no ip address > > shutdown > > media-type 10BaseT > > ! > > interface Ethernet1 > > no ip address > > shutdown > > media-type 10BaseT > > ! > > interface Serial0 > > no ip address > > shutdown > > ! > > interface Serial1 > > no ip address > > shutdown > > ! > > interface ATM0 > > no ip address > > atm pvc 1 0 5 qsaal > > atm pvc 2 0 16 ilmi > > no atm ilmi-keepalive > > ! > > interface ATM0.1 multipoint > > ip address 138.10.168.1 255.255.255.0 > > atm nsap-address 47.000100010001000100010001.111011101110.00 > > atm arp-server nsap 47.000200020002000200020002.222022202220.00 > > ! > > ! > > ip classless > > no ip http server > > ip pim bidir-enable > > ! > > ! > > ! > > ! > > ! > > ! > > ! > > ! > > ! > > ! > > ! > > line con 0 > > exec-timeout 0 0 > > logging synchronous > > line aux 0 > > line vty 0 4 > > login > > ! > > end > > > > r6# > > > > === > > > > r9>ena > > r9#show run > > Building configuration... > > > > Current configuration : 643 bytes > > ! > > version 12.2 > > service timestamps debug uptime > > service timestamps l
RE: Problem with Lightstream 100, SVC [7:65088]
Looks like you have an NSAP incorrect. 470001000100010001000100001110111000 s): SETUPv2 ci: 0xF3 mp: 0 ei: 0x 04:02:04: ATMSIG: Called len 20 04:02:04: ATMSIG: Calling len 20 04:02:04: ATMSIG(ATM0 0,0 - 0243/00): (vcnum:0) build Setup msg, Null(U0) state 04:02:04: ATMSIG(ATM0 0,0 - 0243/00): (vcnum:0) API - from sig-client ATM_OWNER_SMAP 04:02:04: ATMSIG(ATM0 0,0 - 0243/00): (vcnum:245) Input event : Req Setup in Null(U0) 04:02:04: ATMSIG(ATM0 0,0 - 0243/00): (vcnum:245) Output Setup msg(XferAndTx), Null(U0) state 04:02:04: ATMSIG: Called Party Addr: 47.000200020002000200020002.222022202220.00 r6# 04:02:04: ATMSIG: Calling Party Addr: 47.000100010001000100010001.111011101110.00 04:02:04: ATMSIG(ATM0 0,0 - 0243/00): (vcnum:245) Null(U0) -> Call Initiated(U1) 04:02:04: E164 NOT Converted 04:02:04: ATMSIG(ATM0 0,0 - 0243/00): (vcnum:245) Input event : Rcvd Release Complete in Call Initiated(U1) 04:02:04: ATMSIG(ATM0 0,0 - 0243/00): (vcnum:245)cause = mandatory information element is missing, location = User 04:02:04: ATMSIG(ATM0 0,0 - 0243/00): (vcnum:245) Call Initiated(U1) -> Null(U0) 04:02:04: ATMSIG(ATM0 0,0 - 0243/00): (vcnum:245) API - notifying Release Complete event to client ATM0.1 04:02:04: ATMAPI: (cs): SETUPv2 ci: 0xE9 mp: 0 ei: 0x 04:01:04: ATMSIG: Called len 20 04:01:04: ATMSIG: Calling len 20 04:01:04: ATMSIG(ATM0 0,0 - 0233/00): (vcnum:0) build Setup msg, Null(U0) state 04:01:04: ATMSIG(ATM0 0,0 - 0233/00): (vcnum:0) API - from sig-client ATM_OWNER_SMAP 04:01:04: ATMSIG(ATM0 0,0 - 0233/00): (vcnum:234) Input event : Req Setup in Null(U0) 04:01:04: ATMSIG(ATM0 0,0 - 0233/00): (vcnum:234) Output Setup msg(XferAndTx), Null(U0) state 04:01:04: ATMSIG: Called Party Addr: 47.000200020002000200020002.222022202220.00 04:01:04: ATMSIG: Calling Party Addr: 47.000200020002000200020002.222022202220.00 04:01:04: ATMSIG(ATM0 0,0 - 0233/00): (vcnum:234) Null(U0) -> Call Initiated(U1) 04:01:04: E164 NOT Converted 04:01:04: ATMSIG(ATM0 0,0 - 0233/00): (vcnum:234) Input event : Rcvd Release Complete in Call Initiated(U1) 04:01:04: ATMSIG(ATM0 0,0 - 0233/00): (vcnum:234)cause = mandatory information element is missing, location = User 04:01:04: ATMSIG(ATM0 0,0 - 0233/00): (vcnum:234) Call Initiated(U1) -> Null(U0) 04:01:04: ATMSIG(ATM0 0,0 - 0233/00): (vcnum:234) API - notifying Release Complete event to client ATM0.1 04:01:04: ATMAPI: (c To: "John Tafasi" ; "Cisco Group Study" ; "ccielab" Sent: Friday, March 07, 2003 1:18 PM Subject: Re: Problem with Lightstream 100, SVC > Your IP addresses are incorrect. It looks like you forgot the 8 in 108 on > R6. > > > > Tony Schaffran > Network Analyst > CCIE #11071 > CCNP, CCNA, CCDA, > NNCSS, NNCDS, CNE, MCSE > > www.cconlinelabs.com > "Your #1 choice for Cisco rack rentals." > > > - Original Message - > From: "John Tafasi" > To: "Cisco Group Study" ; "ccielab" > > Sent: Friday, March 07, 2003 11:37 AM > Subject: Problem with Lightstream 100, SVC > > > > Hi Group, > > > > I have two atm routers that are connected to a Cisco Lightstream 100 atm > > switch. I am trying to cause r6 to call r9 but the call does not succeed. > I > > have configured svc routes on the switch and configured the two routers to > > use svc to reach each other. Below you will find the necessary > > configurations and output of the debug commands. From the output of the > > debug commands on the routers I can see that the routers could not > register > > their addresses with the arp server. > > > > > > A > > > > r6#show run > > Building configuration... > > > > Current configuration : 883 bytes > > ! > > version 12.2 > > service timestamps debug uptime > > service timestamps log uptime > > no service password-encryption > > ! > > hostname r6 > > ! > > ! > > ip subnet-zero > > ! > > ip ssh time-out 120 > > ip ssh authentication-retries 3 > > ! > > ! > > ! > > ! > > interface Ethernet0 > > no ip address > > shutdown > > media-type 10BaseT > > ! > > interface Ethernet1 > > no ip address > > shutdown > > media-type 10BaseT > > ! > > interface Serial0 > > no ip address > > shutdown > > ! > > interface Serial1 > > no ip address > > shutdown > > ! > > interface ATM0 > > no ip address > > atm pvc 1 0 5 qsaal > > atm pvc 2 0 16 ilmi > > no atm ilmi-keepalive > > ! > > interface ATM0.1 multipoint > > ip address 138.10.168.1 255.255.255.0 > > atm nsap-address 47.000100010001000100010001.111011101110.00 > > atm arp-server nsap 47.000200020002000200020002.222022202220.00 > > ! > > ! > > ip classless > > no ip http server > > ip pim bidir-enable > > ! > > ! > > ! > > ! > > ! > > ! > > ! > > ! > > ! > > ! > > ! > > line con 0 > > exec-timeout 0 0 > > logging synchronous > > line aux 0 > > line vty 0 4 > > login > > ! > > end > > > > r6# > > > > === > > > > r9>ena > > r9#show run > > Building configuration... > > > > Current configuration : 643 bytes > > ! > > version 12.2 > > service timestamps debug uptime > > service timestamps l
RE: Pinging a Multicast address [7:65132]
John, You can look into using Multicast Routing Monitor (MRM). Here is a working config. R5 ip mrm manager myTest manager Ethernet 0/0 group 226.2.3.4 senders 1 receivers 2 sender-list 1 ! access-list 1 permit 161.1.45.4 access-list 2 permit 161.1.127.1 R4 interface Ethernet0/0 ip address 161.1.45.4 255.255.255.0 ip mrm test-sender R1 interface FastEthernet0/0 ip address 161.1.127.1 255.255.255.252 ip mrm test-receiver R5 mrm myTest start Basically you configure a manager, multicast test sender, and multicast test receiver. In this case R5 is the manager. R4 is the multicast sender and R1 is the multicast receiver. Look at some of the "show ip mrm" commands to see the results. This can also be used in the real world to monitor a real multicast stream. The config is essentially the same except the multicast test sender isn't needed. Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security) CCSI# 98640 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tafasi Sent: Tuesday, March 11, 2003 10:11 PM To: Cisco Group Study; ccielab Subject: Pinging a Multicast address Hi group, I practicing multicast and I am trying to get the router below to send a continuous multicast stream. I receive response to only the first multicast packet. Can some one give me a solution for this? Thanks John Tafasi r1#ping Protocol [ip]: Target IP address: 225.2.2.2 Repeat count [1]: 100 Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 100, 100-byte ICMP Echos to 225.2.2.2, timeout is 2 seconds: Reply to request 0 from 150.50.7.7, 440 ms.. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65132&t=65132 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: how to change dial up prompt [7:65712]
Look into using the "aaa authentication username-prompt" and "aaa authentication password-prompt" commands. Rack4R1(config)#aaa new-model Rack4R1(config)#aaa authentication ? arap Set authentication lists for arap. banner Message to use when starting login/authentication. enable Set authentication list for enable. fail-message Message to use for failed login/authentication. loginSet authentication lists for logins. nasi Set authentication lists for NASI. password-prompt Text to use when prompting for a password ppp Set authentication lists for ppp. username-prompt Text to use when prompting for a username Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security) [EMAIL PROTECTED] http://www.labforge.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65721&t=65712 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CS ACS - import Utilities? [7:65698]
With Cisco ACS users can be added, updated or deleted manually or by using an external database. Importing User and AAA Client Information: http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs31/acsuser/ae.htm#687 RDBMS Synchronization Import Definitions: http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs31/acsuser/ag.htm Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security) [EMAIL PROTECTED] http://www.labforge.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65722&t=65698 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: eBGP Multi-hop [7:65823]
Jim, The default route as you've seen won't work but this will: Rack4R2#conf t Enter configuration commands, one per line. End with CNTL/Z. Rack4R2(config)#ip route 0.0.0.0 128.0.0.0 192.168.33.2 Rack4R2(config)#ip route 128.0.0.0 128.0.0.0 192.168.33.2 Rack4R2(config)#^Z Rack4R2#show ip route static S0.0.0.0/1 [1/0] via 192.168.33.2 S128.0.0.0/1 [1/0] via 192.168.33.2 Rack4R2# It's the next best thing to a default route ;-) Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security) [EMAIL PROTECTED] http://www.labforge.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Devane Sent: Thursday, March 20, 2003 9:28 AM To: [EMAIL PROTECTED] Subject: Re: eBGP Multi-hop [7:65823] Thanks for the replies so far... Hmm, Well, actually becuase BGP uses TCP 179 is can traverse non-BGP speakers to a router that does speak BGP ( Just like TFTP'ing to another router) I put the config I was testing below. The config works, BGP runs everyone is happy when I have a specific route to the opposite side peer's Loopback address. ip route 172.16.10.1 255.255.255.255 192.168.33.2 but if I remove that and install ip route 0.0.0.0 0.0.0.0 192.168.33.2 then BGP breaks. I don't understand why. There is no IGP. Both routes point to exactly the same place. conf t router bgp 65500 no synchronization bgp log-neighbor-changes network 192.168.47.0 network 192.168.55.0 aggregate-address 192.168.0.0 255.255.0.0 neighbor 172.16.10.1 remote-as 6 neighbor 172.16.10.1 ebgp-multihop5 neighbor 172.16.10.1 update-source Loopback0 neighbor 172.16.10.1 version 4 neighbor 172.16.10.1 soft-reconfiguration inbound neighbor 172.16.10.1 password 7 140705191C117B3821 neighbor 172.16.10.1 filter-list 3 in neighbor 172.16.10.1 filter-list 4 out - Original Message - From: "Carroll Kong" To: Sent: Thursday, March 20, 2003 6:54 AM Subject: Re: eBGP Multi-hop [7:65823] > I guess I am kind of just going to a quick stab. Do you have "no > synchronization" under the BGP configuration? > > > hello all, > > > > (Re-post...not sure if original msg made it our not) > > > > playing around again and have a question. eBGP multi-hop cannot come up if > > the peer is known through a default route. > > Is there a reason why? > > I mean, what is the point of a static route that causes a recursive lookup > > or a static route that simply points to the same next hop as a default > route? > > For that matter, I can't see it being a matter of proximity either. If > > convergence time were not an issue, what is really wrong with having a 10 > > hop or even 50 hop BGP session? (I know it is unlikely and there are > > cetainly better ways to handle it (GRE or IPSec tunnel)) but for the sake > of > > argument... > > > > Just curious, not able to find much on WHY it is like this... > > > > thanks, > > Jim > -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65875&t=65823 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: eBGP Multi-hop [7:65823]
The 0.0.0.0/1 and 128.0.0.0/1 routes will work for the next hop. Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security) [EMAIL PROTECTED] http://www.labforge.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, March 21, 2003 1:42 AM To: [EMAIL PROTECTED] Subject: RE: eBGP Multi-hop [7:65823] A default route, aka a route of last resort. For BGP, route to the next hope must be explicitly in the routing table. This is one of the pre-reqs for BGP to advertise its own routes as well (unless you have synchronisation turned off). In my deployments of BPG, we alway suse the loopbak interface for iBGP peers as this is already distributed using our IGP, and then use the interface address of the peering routing for eBGP, with a atatic route to that IP. Good old bgp :). Right now lets spark of some discussion about the security of BGP peering :) Brian Dennis wrote: > > Jim, > The default route as you've seen won't work but this will: > > Rack4R2#conf t > Enter configuration commands, one per line. End with CNTL/Z. > Rack4R2(config)#ip route 0.0.0.0 128.0.0.0 192.168.33.2 > Rack4R2(config)#ip route 128.0.0.0 128.0.0.0 192.168.33.2 > Rack4R2(config)#^Z > Rack4R2#show ip route static > S0.0.0.0/1 [1/0] via 192.168.33.2 > S128.0.0.0/1 [1/0] via 192.168.33.2 > Rack4R2# > > It's the next best thing to a default route ;-) > > Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security) > [EMAIL PROTECTED] > http://www.labforge.com > > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of > Jim Devane > Sent: Thursday, March 20, 2003 9:28 AM > To: [EMAIL PROTECTED] > Subject: Re: eBGP Multi-hop [7:65823] > > Thanks for the replies so far... > Hmm, Well, actually becuase BGP uses TCP 179 is can traverse > non-BGP > speakers to a router that does speak BGP ( Just like TFTP'ing > to another > router) > I put the config I was testing below. The config works, BGP runs > everyone is > happy when I have a specific route to the opposite side peer's > Loopback > address. > > ip route 172.16.10.1 255.255.255.255 192.168.33.2 > > but if I remove that and install > > ip route 0.0.0.0 0.0.0.0 192.168.33.2 > > then BGP breaks. I don't understand why. There is no IGP. Both > routes > point > to exactly the same place. > > conf t > router bgp 65500 > no synchronization > bgp log-neighbor-changes > network 192.168.47.0 > network 192.168.55.0 > aggregate-address 192.168.0.0 255.255.0.0 > neighbor 172.16.10.1 remote-as 6 > neighbor 172.16.10.1 ebgp-multihop5 > neighbor 172.16.10.1 update-source Loopback0 > neighbor 172.16.10.1 version 4 > neighbor 172.16.10.1 soft-reconfiguration inbound > neighbor 172.16.10.1 password 7 140705191C117B3821 > neighbor 172.16.10.1 filter-list 3 in > neighbor 172.16.10.1 filter-list 4 out > > > - Original Message - > From: "Carroll Kong" > To: > Sent: Thursday, March 20, 2003 6:54 AM > Subject: Re: eBGP Multi-hop [7:65823] > > > > I guess I am kind of just going to a quick stab. Do you have > "no > > synchronization" under the BGP configuration? > > > > > hello all, > > > > > > (Re-post...not sure if original msg made it our not) > > > > > > playing around again and have a question. eBGP multi-hop > cannot come > up > if > > > the peer is known through a default route. > > > Is there a reason why? > > > I mean, what is the point of a static route that causes a > recursive > lookup > > > or a static route that simply points to the same next hop > as a > default > > route? > > > For that matter, I can't see it being a matter of proximity > either. > If > > > convergence time were not an issue, what is really wrong > with having > a > 10 > > > hop or even 50 hop BGP session? (I know it is unlikely and > there are > > > cetainly better ways to handle it (GRE or IPSec tunnel)) > but for the > sake > > of > > > argument... > > > > > > Just curious, not able to find much on WHY it is like > this... > > > > > > thanks, > > > Jim > > -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65934&t=65823 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP default-originate crashes the router every [7:66269]
Look into Cisco bug ID CSCdp26660. Basically you'll need to either not use the command or upgrade the IOS. Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security) Director of CCIE Training and Development - IPexpert, Inc. Mailto: [EMAIL PROTECTED] Outside U.S. & Canada: 312.321.6924 URL: http://www.IPexpert.NET "Self-Paced, Instructor Led & Distance Learning (vClass) CCIE Training!" -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cisco Nuts Sent: Wednesday, March 26, 2003 7:50 AM To: [EMAIL PROTECTED] Subject: BGP default-originate crashes the router everytime - Why?? [7:66258] Hello, Everytime, I configure #nei a.b.c.d default-originate on my routers, it crashes the router. I have tried this on different routers and it's the same result every time. Is this a problem on 25xx's series? My routers have 16Flash and 16Dram. Anyone with a similar experience? Thank you. Sincerely, CN Excerpt from my router: AS1239-A(config-router)#nei 180.80.10.1 default-originate AS1239-A(config-router)# === Flushing messages (21:04:23 UTC Mon Mar 1 1993) === Buffered messages: 00:00:12: %SYS-7-NV_BLOCK_INIT: Initalized the geometry of nvram 00:00:14: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up 00:00:14: %LINK-3-UPDOWN: Interface Serial0, changed state to up 00:00:14: %LINK-3-UPDOWN: Interface Serial1, changed state to down 00:00:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up 00:00:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up 00:01:54: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up 00:01:56: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up 00:02:01: %LINK-5-CHANGED: Interface Serial1, changed state to administratively down 00:02:02: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed state to down 00:02:02: %SYS-5-CONFIG_I: Configured from memory by console 00:02:50: %SYS-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JK8OS-L), Version 12.2(1), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Fri 27-Apr-01 15:20 by cmong 00:03:10: %BGP-5-ADJCHANGE: neighbor 180.80.10.1 Up 01:20:21: %SYS-5-CONFIG_I: Configured from console by console 01:50:45: %SYS-5-CONFIG_I: Configured from console by console 19:09:35: %SYS-5-CONFIG_I: Configured from console by console 19:12:12: %BGP-5-ADJCHANGE: neighbor 160.60.10.1 Up 19:30:06: %SYS-5-CONFIG_I: Configured from console by console 19:52:26: %SYS-5-CONFIG_I: Configured from console by console 20:02:48: %SYS-5-CONFIG_I: Configured from console by console 20:11:47: %SYS-5-CONFIG_I: Configured from console by console 20:35:37: %SYS-5-CONFIG_I: Configured from console by console 20:44:02: %BGP-5-ADJCHANGE: neighbor 180.80.10.1 Down Interface flap 20:44:02: %SYS-5-CONFIG_I: Configured from console by console 20:44:04: %LINK-5-CHANGED: Interface Ethernet0, changed state to administratively down 20:44:05: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to down 20:49:20: %SYS-5-CONFIG_I: Configured from console by console 20:49:21: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up 20:49:22: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up 20:49:30: %BGP-5-ADJCHANGE: neighbor 180.80.10.1 Up 21:00:44: %BGP-5-ADJCHANGE: neighbor 180.80.10.1 Down Interface flap 21:00:45: %SYS-5-CONFIG_I: Configured from console by console 21:00:46: %LINK-5-CHANGED: Interface Ethernet0, changed state to administratively down 21:00:47: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to down 21:01:19: %SYS-5-CONFIG_I: Configured from console by console 21:01:21: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up 21:01:22: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up 21:01:47: %BGP-5-ADJCHANGE: neighbor 180.80.10.1 Up Queued messages: Exception: Illegal Instruction at 0x0 (PC) System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE Copyright (c) 1986-1995 by cisco Systems 2500 processor with 14336 Kbytes of main memory F3: 15343148+1154396+1180856 at 0x360 Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JK8OS-L), Version 12.2(1), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Fri 27-Apr-01 15:20 by cmong Image text-base: 0x0307EE08, data-b
RE: CCIE R/S Bootcamp [7:66239]
The current IPexpert CCIE classes are all brand new so there really isn't anyone that can give you a review. The first instructor led class is scheduled for next month and the first CCIE mock lab class is in June. We also are offering a distance learning vClass. Seeing as I'm the developer of the courses and the instructor for them I can answer any questions. If you do have any questions you would like answered, feel free to e-mail me directly or call me. My contact information is below. Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security) Director of CCIE Training and Development - IPexpert, Inc. Mailto: [EMAIL PROTECTED] Toll Free: 866.225.8064 Outside U.S. & Canada: 312.321.6924 URL: http://www.IPexpert.NET "Self-Paced, Instructor Led & Distance Learning (vClass) CCIE Training!" -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Firesox Sent: Friday, March 28, 2003 7:49 AM To: [EMAIL PROTECTED] Subject: CCIE R/S Bootcamp [7:66239] Folks, In preparation for R/S lab this summer, I am looking to take a bootcamp. I know there are few organizations offering the R/S bootcamps, I was wondering if someone has recommendations. Has anyone taken IPExpert's bootcamp? I would prefer somewhere in east caost, but would appreciate any input. Also looking for some lab materials so practice in my lab. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66412&t=66239 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF over FR [7:70025]
You can not mix point-to-point and non-broadcast network types which is what you are trying to do. You can make them neighbors but they will never install routes into the routing table. Look at their OSPF databases and you will see the LSA's but the routers will not install them in the routing table. Also note the "Adv Router is not-reachable" error message above each LSA. Network types that use a DR (broadcast and non-broadcast) can be mixed together just as network types that do not use a DR (point-to-point and point-to-multipoint) can mixed but DR types can NOT mix with non-DR types. Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Catherine Wu Sent: Monday, June 02, 2003 2:52 PM To: [EMAIL PROTECTED] Subject: OSPF over FR [7:70025] I am testing Hub-Spoke for OSPF over FR, I verified the neighbor adjacency,but I couldn't see route 2.2.2.2 and 3.3.3.3 in the routing table, RouterA#sh ip ospf nei Neighbor ID Pri State Dead Time Address Interface 3.3.3.3 1 FULL/ -00:01:4110.1.1.6 Serial0/0.2 2.2.2.2 1 FULL/ -00:01:3910.1.1.2 Serial0/0.1 RouterB#sh ip ospf nei Neighbor ID Pri State Dead Time Address Interface 1.1.1.1 1 FULL/BDR00:01:3810.1.1.1 Serial0/0 RouterC#sh ip ospf nei Neighbor ID Pri State Dead Time Address Interface 1.1.1.1 1 FULL/BDR00:01:3410.1.1.5 Serial0/0 RouterA#sh ip ro Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets C 1.1.1.1 is directly connected, Loopback0 10.0.0.0/30 is subnetted, 2 subnets C 10.1.1.0 is directly connected, Serial0/0.1 C 10.1.1.4 is directly connected, Serial0/0.2 Please help. Thanks Catherine RouterA interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface Serial0/0 no ip address encapsulation frame-relay frame-relay lmi-type ansi no sh ! interface Serial0/0.1 point-to-point ip address 10.1.1.1 255.255.255.252 ip ospf hello-interval 30 frame-relay interface-dlci 101 ! interface Serial0/0.2 point-to-point ip address 10.1.1.5 255.255.255.252 ip ospf hello-interval 30 frame-relay interface-dlci 102 ! router ospf 1 log-adjacency-changes network 1.1.1.1 0.0.0.0 area 1 network 10.1.1.0 0.0.0.3 area 0 network 10.1.1.4 0.0.0.3 area 0 RouterB ! interface Loopback0 ip address 2.2.2.2 255.255.255.255 ! interface Serial0/0 ip address 10.1.1.2 255.255.255.252 encapsulation frame-relay frame-relay map ip 10.1.1.1 110 broadcast no frame-relay inverse-arp frame-relay lmi-type ansi no sh ! router ospf 1 log-adjacency-changes network 2.2.2.2 0.0.0.0 area 2 network 10.1.1.0 0.0.0.3 area 0 neighbor 10.1.1.1 ! RouterC interface Loopback0 ip address 3.3.3.3 255.255.255.255 ! interface Serial0/0 ip address 10.1.1.6 255.255.255.252 encapsulation frame-relay frame-relay map ip 10.1.1.5 120 broadcast no frame-relay inverse-arp frame-relay lmi-type ansi no sh ! router ospf 1 log-adjacency-changes network 3.3.3.3 0.0.0.0 area 3 network 10.1.1.4 0.0.0.3 area 0 neighbor 10.1.1.5 [GroupStudy removed an attachment of type application/ms-tnef which had a name of winmail.dat] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70028&t=70025 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Simple config issues [7:70482]
Do you have a route to x.x.x.x? If your router does not have a route to x.x.x.x it will not install the static route in the routing table since the next hop is unreachable. As far as RIP goes you are seeing the correct behavior. Remember that RIP is classful. Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security) Anil Gupte wrote: > > I am trying to configure a 2600 router. I have two problems: > > 1. I issued the default route command > ip route 0.0.0.0 0.0.0.0 x.x.x.x > > I can see this under ip classless in "sh run" > > However, when I do a "sh ip route", it does not appear there > and in fact > says: > > Gateway of last resort is not set > > 2. I configured it for RIP using > router rip > network 63.x.x.0 > > and it shows as > 63.0.0.0 > > in "sh run". Is this correct behavior? Until now I had only > dealt with > networks in the Class C range. This is a Class C assigned to > us but by the > first octet you can see that it is from a Class A range. > > Any help or pointers will be muchly appreciated. > > Thanx, > Anil Gupte > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70489&t=70482 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: X2 command on a Term Serv?? [7:23475]
It's call X.28. Just type "exit" too get out of it. http://www.cisco.com/univercd/cc/td/doc/product/software/ios112/x28.htm Brian Dennis, CCIE #2210 (R&S)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] ""Cisco Nuts"" wrote in message" > Hello, > I mistakenly typed x2 on my Terminal server prompt by mistake and it's not > doing the shift+ctrl+6 keys anymore...infact this is what I get: > TS#x2 > > * > > INV > > * > > * > > * > > * > > * > > *x > > ERR > > * > > * > > What is going on? I have never seen this behavior before?? Please advise. > Thank you. > > > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23525&t=23475 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ntp packets modes [7:58371]
A very good explanation of NTP modes can be found in RFC 1305 (NTP v3 Specification, Implementation and Analysis). http://www.faqs.org/rfcs/rfc1305.html Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tafasi Sent: Saturday, November 30, 2002 11:26 PM To: Cisco Group Study; ccielab Subject: ntp packets modes the debug ntp packets command shows packets sent and received with different modes. What are these modes? can some one explain? R5-2503# Mar 6 02:42:08.879: NTP: rcv packet from 10.10.10.1 to 10.10.10.2 on BRI0: Mar 6 02:42:08.883: leap 0, mode 2, version 3, stratum 8, ppoll 64 Mar 6 02:42:08.887: rtdel (0.000), rtdsp 0009 (0.137), refid 7F7F0701 (12 7.127.7.1) Mar 6 02:42:08.891: ref AF428DF1.DDC96254 (02:41:53.866 UTC Sat Mar 6 1993) Mar 6 02:42:08.891: org AF428DCF.F7F245A8 (02:41:19.968 UTC Sat Mar 6 1993) Mar 6 02:42:08.895: rec AF428DCF.FC06E685 (02:41:19.984 UTC Sat Mar 6 1993) Mar 6 02:42:08.899: xmt AF428E00.DDC524C4 (02:42:08.866 UTC Sat Mar 6 1993) Mar 6 02:42:08.903: inp AF428E00.E1C1EE1B (02:42:08.881 UTC Sat Mar 6 1993) R5-2503# Mar 6 02:42:23.966: NTP: xmit packet to 10.10.10.1: Mar 6 02:42:23.970: leap 0, mode 1, version 3, stratum 8, ppoll 1024 Mar 6 02:42:23.970: rtdel (0.000), rtdsp 000B (0.168), refid 7F7F0701 (12 7.127.7.1) Mar 6 02:42:23.974: ref AF428DEF.F7D4D2C0 (02:41:51.968 UTC Sat Mar 6 1993) Mar 6 02:42:23.978: org AF428E00.DDC524C4 (02:42:08.866 UTC Sat Mar 6 1993) Mar 6 02:42:23.982: rec AF428E00.E1C1EE1B (02:42:08.881 UTC Sat Mar 6 1993) Mar 6 02:42:23.986: xmt AF428E0F.F7B05F8D (02:42:23.967 UTC Sat Mar 6 1993) R5-2503# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58371&t=58371 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: problem with reflexive access list [7:59213]
John, By default packets sourced by the router will not be affected by an outbound ACL. Since the outbound ACL does not "see" the telnet traffic sourced by the router, the router does not add an entry to the inbound ACL to allow the traffic to return. Try telneting from behind R5. Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tafasi Sent: Friday, December 13, 2002 4:32 PM To: Cisco Group Study; ccielab Subject: problem with reflexive access list Hello, I have a problem telneting from r5 to r2 when reflexive ip access list is configured. Without the reflexive access list, the telnet will work fine. The two routers are directly connect via their ethernet 0 interfaces. Could some one find out what is wrong with my configuration. Both routers are using their ethernet ip addresses for source and destination of the telnet traffic. hostname r5 ! ip reflexive-list timeout 1000 ! ip access-list extended inboundfilter permit igrp any any evaluate tcptraffic ip access-list extended outboundfilter permit tcp any any reflect tcptraffic timeout 5000 ! interface Ethernet0 ip address 10.10.110.3 255.255.255.0 ip access-group inboundfilter in ip access-group outboundfiler out ntp disable hostname r2 ! interface Ethernet0 ip address 10.10.110.16 255.255.255.0 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: problem with reflexive access list [7:59222]
You also misspelled "outboundfilter" when you applied it to Ethernet 0. Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security) -Original Message- From: John Tafasi [mailto:[EMAIL PROTECTED]] Sent: Friday, December 13, 2002 11:43 PM To: Brian Dennis; 'Cisco Group Study'; 'ccielab' Subject: Re: problem with reflexive access list I tried that too and it did not work. ----- Original Message - From: "Brian Dennis" To: "'John Tafasi'" ; "'Cisco Group Study'" ; "'ccielab'" Sent: Friday, December 13, 2002 11:56 PM Subject: RE: problem with reflexive access list > John, > By default packets sourced by the router will not be affected by an > outbound ACL. Since the outbound ACL does not "see" the telnet traffic > sourced by the router, the router does not add an entry to the inbound > ACL to allow the traffic to return. Try telneting from behind R5. > > Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security) > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > John Tafasi > Sent: Friday, December 13, 2002 4:32 PM > To: Cisco Group Study; ccielab > Subject: problem with reflexive access list > > Hello, > > I have a problem telneting from r5 to r2 when reflexive ip access list > is > configured. Without the reflexive access list, the telnet will work > fine. > The two routers are directly connect via their ethernet 0 interfaces. > Could > some one find out what is wrong with my configuration. Both routers are > using their ethernet ip addresses for source and destination of the > telnet > traffic. > > > hostname r5 > ! > ip reflexive-list timeout 1000 > ! > ip access-list extended inboundfilter > permit igrp any any > evaluate tcptraffic > ip access-list extended outboundfilter > permit tcp any any reflect tcptraffic timeout 5000 > ! > interface Ethernet0 > ip address 10.10.110.3 255.255.255.0 > ip access-group inboundfilter in > ip access-group outboundfiler out > ntp disable > > > > hostname r2 > ! > interface Ethernet0 > ip address 10.10.110.16 255.255.255.0 > . Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59222&t=59222 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: No input access group defined for BRI0 [7:59854]
John, Is "lock and key" security configured on R5? Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tafasi Sent: Friday, December 27, 2002 11:51 AM To: Cisco Group Study; ccielab Subject: No input access group defined for BRI0 Hi Groub, r2 and r5 are connected via isdn. I am trying to telnet to r5 from r2 but I receive the message "No input access group defined for BRI0." Does that mean you cannot access a router via its bri interface unless an access list is configured on bri0? r2#telnet 10.10.10.2 Trying 10.10.10.2 ... Open User Access Verification Password: Password: No input access group defined for BRI0. [Connection to 10.10.10.2 closed by foreign host] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: No input access group defined for BRI0 [7:59862]
John, Look under the vty's for an "autocommand access-enable" command and remove it. You should be okay then. line vty 0 4 autocommand access-enable host timeout 10 Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security) -Original Message- From: John Tafasi [mailto:[EMAIL PROTECTED]] Sent: Friday, December 27, 2002 12:49 PM To: Brian Dennis; 'Cisco Group Study'; 'ccielab' Subject: Re: No input access group defined for BRI0 here is the configuration in r5: ! interface BRI0 ip address 10.10.10.2 255.255.255.0 encapsulation ppp dialer callback-secure dialer idle-timeout 300 dialer enable-timeout 1 dialer map ip 10.10.10.1 name r2 class eng broadcast 8358661 dialer-group 1 isdn switch-type basic-ni isdn spid1 0835866201 isdn spid2 0835866401 cdapi buffers regular 0 cdapi buffers raw 0 cdapi buffers large 0 snapshot server 5 ppp callback accept ppp authentication chap ppp chap hostname r5 ! ----- Original Message - From: "Brian Dennis" To: "'John Tafasi'" ; "'Cisco Group Study'" ; "'ccielab'" Sent: Friday, December 27, 2002 1:17 PM Subject: RE: No input access group defined for BRI0 > John, > Is "lock and key" security configured on R5? > > Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security) > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > John Tafasi > Sent: Friday, December 27, 2002 11:51 AM > To: Cisco Group Study; ccielab > Subject: No input access group defined for BRI0 > > Hi Groub, > > r2 and r5 are connected via isdn. I am trying to telnet to r5 from r2 > but I > receive the message "No input access group defined for BRI0." Does that > mean > you cannot access a router via its bri interface unless an access list > is > configured on bri0? > > r2#telnet 10.10.10.2 > Trying 10.10.10.2 ... Open > > > User Access Verification > > Password: > Password: > No input access group defined for BRI0. > [Connection to 10.10.10.2 closed by foreign host] > . Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59862&t=59862 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: No input access group defined for BRI0 [7:59868]
John, Remove the "autocommand access-enable host timeout 5" from under your "line vty 0 4" and you'll be set. Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tafasi Sent: Friday, December 27, 2002 12:53 PM To: Brian McGahan; 'Cisco Group Study'; 'ccielab' Subject: Re: No input access group defined for BRI0 Here is the complete configuration file for r5 r5#show run Building configuration... Current configuration : 2245 bytes ! ! Last configuration change at 22:38:53 UTC Thu Mar 11 1993 ! NVRAM config last updated at 15:54:58 UTC Wed Mar 10 1993 ! version 12.2 no service single-slot-reload-enable service timestamps debug datetime msec service timestamps log uptime no service password-encryption ! hostname r5 ! logging rate-limit console 10 except errors ! username omer password 7 14141B180F0B username r4 password 7 095E1B username r2 password 7 045802150C2E username r5 password 7 13061E010803 ip subnet-zero no ip finger no ip domain-lookup ! ip reflexive-list timeout 1000 no ip dhcp-client network-discovery isdn switch-type basic-ni ! ! ! ! interface Loopback5 ip address 5.5.5.5 255.255.255.0 ! interface Ethernet0 ip address 10.10.110.3 255.255.255.0 shutdown ! interface Serial0 no ip address shutdown ! interface Serial1 no ip address shutdown ! interface BRI0 ip address 10.10.10.2 255.255.255.0 encapsulation ppp dialer callback-secure dialer idle-timeout 300 dialer enable-timeout 1 dialer map ip 10.10.10.1 name r2 class eng broadcast 8358661 dialer-group 1 isdn switch-type basic-ni isdn spid1 0835866201 isdn spid2 0835866401 cdapi buffers regular 0 cdapi buffers raw 0 cdapi buffers large 0 snapshot server 5 ppp callback accept ppp authentication chap ppp chap hostname r5 ! router rip network 5.0.0.0 network 10.0.0.0 ! ip kerberos source-interface any ip classless ip route 0.0.0.0 0.0.0.0 10.10.10.1 ip route 0.0.0.0 0.0.0.0 10.10.110.16 ip http server ! ! ip access-list extended abc dynamic test permit ip any any permit tcp any host 10.10.110.3 eq telnet ip access-list extended inboundfilter permit igrp any any evaluate tcptraffic ip access-list extended outboundfilter permit tcp any any reflect tcptraffic timeout 5000 ! map-class dialer eng dialer callback-server username access-list 21 deny any access-list 100 permit tcp any any eq telnet access-list 100 permit icmp any any dialer-list 1 protocol ip list 100 ! snmp-server engineID local 55 snmp-server engineID remote 10.10.10.1 22 ! line con 0 exec-timeout 0 0 logging synchronous transport input none line aux 0 line vty 0 4 password cisco login autocommand access-enable host timeout 5 ! ntp clock-period 17179628 end - Original Message - From: "Brian McGahan" To: "'John Tafasi'" ; "'Cisco Group Study'" ; "'ccielab'" Sent: Friday, December 27, 2002 1:29 PM Subject: RE: No input access group defined for BRI0 > John, > > This is most likely due to the fact that you have a dynamic > access-list configured, yet the dynamic list is not applied to that > interface. Once you have the 'access-enable' command defined, telnet on > tcp 23 is used exclusively to authenticate. > > Try something like this: > > line vty 0 3 > autocommand access-enable host timeout 20 > line vty 4 > rotary 1 > > Now the router will listen on TCP 7001 for actual telnet traffic > to the CLI. > > HTH > > Brian McGahan, CCIE #8593 > Director of Design and Implementation > [EMAIL PROTECTED] > > CyscoExpert Corporation > Internetwork Consulting & Training > Voice: 847.674.3392 > Fax: 847.674.2625 > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf > Of > > John Tafasi > > Sent: Friday, December 27, 2002 1:51 PM > > To: Cisco Group Study; ccielab > > Subject: No input access group defined for BRI0 > > > > Hi Groub, > > > > r2 and r5 are connected via isdn. I am trying to telnet to r5 from r2 > but > > I > > receive the message "No input access group defined for BRI0." Does > that > > mean > > you cannot access a router via its bri interface unless an access list > is > > configured on bri0? > > > > r2#telnet 10.10.10.2 > > Trying 10.10.10.2 ... Open > > > > > > User Access Verification > > > > Password: > > Password: > > No input access group defined for BRI0. > > [Connection to 10.10.10.2 closed by foreign host] > > . FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
