Follow-Up: 6509 Power Supply Swap -- No Swap? [7:75136]
Just thought I'd follow up ::: we did it::: hot-swapped-upgraded power supplies w/o any down time. http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/6000hw/6000_ ins/01over.htm -Original Message- From: COULOMBE, TROY Sent: Tuesday, September 02, 2003 5:57 PM To: [EMAIL PROTECTED] Subject: 6509 Power Supply Swap -- No Swap? Has anyone successfully HOT-SWAP-upgraded power supplies on a 6509s. In other words::: Pwr-A is 1300 watts Pwr-B is 1300 watts Pull out Pwr-A; XXX Pwr-B is 1300 watts replace it w/ a 2500 watt pwr supply; so you now have::: Pwr-A is 2500 watts Pwr-B is 1300 watts Now pull out Pwr-B; Pwr-A is 2500 watts XXX replace it w/ a 2500 watt pwr supply; so you now have::: Pwr-A is 2500 watts Pwr-B is 2500 watts And all without any downtime Thanks TroyC Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75136t=75136 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
6509 Power Supply Swap -- No Swap? [7:74695]
Has anyone successfully HOT-SWAP-upgraded power supplies on a 6509s. In other words::: Pwr-A is 1300 watts Pwr-B is 1300 watts Pull out Pwr-A; XXX Pwr-B is 1300 watts replace it w/ a 2500 watt pwr supply; so you now have::: Pwr-A is 2500 watts Pwr-B is 1300 watts Now pull out Pwr-B; Pwr-A is 2500 watts XXX replace it w/ a 2500 watt pwr supply; so you now have::: Pwr-A is 2500 watts Pwr-B is 2500 watts And all without any downtime Thanks TroyC **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74767t=74695 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
6509 Power Supply Swap -- No Swap? [7:74695]
Has anyone successfully HOT-SWAP-upgraded power supplies on a 6509s. In other words::: Pwr-A is 1300 watts Pwr-B is 1300 watts Pull out Pwr-A; XXX Pwr-B is 1300 watts replace it w/ a 2500 watt pwr supply; so you now have::: Pwr-A is 2500 watts Pwr-B is 1300 watts Now pull out Pwr-B; Pwr-A is 2500 watts XXX replace it w/ a 2500 watt pwr supply; so you now have::: Pwr-A is 2500 watts Pwr-B is 2500 watts And all without any downtime Thanks TroyC Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74695t=74695 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Wed's funnies [7:73251]
There is a url... Just me searching for catos software... http://www.cisco.com/cgi-bin/Support/browse/index.pl?i=Software%20Produc tsf=841 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73251t=73251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: regulations [7:66267]
I would suggest your legal dept. for DEFINATIVE answers... however, this might get you started::: http://www.sans.org/rr/legal/ hth, TroyC -Original Message- From: Stull, Cory [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 26, 2003 9:42 AM To: [EMAIL PROTECTED] Subject: regulations [7:66267] Where could I go to find information on network security regulations for banks and medical offices?. Information on firewalls and rules they have to abide by and that sort of thing? Thanks God Bless our troops. Cory Stull CCNP,CCDP,MCSE4/2k Communications Concepts Unlimited 262-814-7214 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66277t=66267 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 7206 non-vxr [7:64083]
Yep, and 128mb is the max mem... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, February 28, 2003 7:21 AM To: [EMAIL PROTECTED] Subject: 7206 non-vxr [7:64083] Can some one please tell me what is the fastest NPE processor capable of running on a 7206 Non-VXR router? I think it is the NPE-225 but just need confirmation. Thanks. Thanks, Mario Puras SoluNet Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64093t=64083 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RPC Endpoint Mapper [7:63916]
Anyone know of a good resource on RPC endpoint mapper? I trying to find where in the packet the server tells the client which [new] port to come back on. Using a sniffer, but I cant seem to nail down where in the payload the future port is passed to the client. a google search of rpc endpoint mapper sniffer has resulted in a lot of conversations about how RPC works, but not at the packet level :( don't mind RTFMing...but so far I can't find a good URL at least the FTP protocol states which port :) Thanks, TroyC Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63916t=63916 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RPC Endpoint Mapper [7:63916]
Priscilla, thanks for the quick reply :) yes, so far all 3 sniffers havent revealed much [ethereal, sniffer, my fav: etherpeek-nx] all show the decodes for RPC, but this is a Win2k box talking MS-RPC [port 135, initially] somehow, someway an upper port is getting assigned [4541 for example] from the server anywho, I'm t/s the win2k-box talking to vpn clients [also Wintel] and there seem to be a large number of tcp-rst happening on the higher ports upon initial connection ::: syn, rst, syn, rst I don't think it's black-hat activity as it was the users complaining...so I'm just trying to make sure the client is communicating back on the proper port the server assigned...but I cant seem to nail down where the port is in the payload... I do see the server send to the client the server's IP adder, but in character format [which to me is crazy] so the server sends 31 00 30 00 2e 00 31 00 30 00 2e 00 31 00 30 00 2e 00 33 00 36 00 for 10.10.10.36 31 being the hex equiv of the ascii char 1 00 being the buffer space, 30 being the 0 and 2e being the . of the 10. man, gives new respect to the folks who do reverse eng. :) I'll keep hacking at it... but I'm still hoping for a URL :) TroyC -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 3:10 PM To: [EMAIL PROTECTED] Subject: RE: RPC Endpoint Mapper [7:63916] In the olden days, in a Unix world, RPC required PortMappter. Maybe you could look that up? Not sure if there's a space, i.e. Port Mapper. I don't think there is. It's a separate protocol for assigning port numbers. You should see evidence of it on your Sniffer if it still exists. What operating system are you talking about? Windows does RPC too but I don't know it very well. Priscilla COULOMBE, TROY wrote: Anyone know of a good resource on RPC endpoint mapper? I trying to find where in the packet the server tells the client which [new] port to come back on. Using a sniffer, but I cant seem to nail down where in the payload the future port is passed to the client. a google search of rpc endpoint mapper sniffer has resulted in a lot of conversations about how RPC works, but not at the packet level :( don't mind RTFMing...but so far I can't find a good URL at least the FTP protocol states which port :) Thanks, TroyC Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63930t=63916 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: creating seperate sessions on a 2611 [7:62591]
username johnboy password abcdefg username autocommand menu menu_jb username bettysue password hijklm username autocommand menu menu_bs ip host Port01 2001 192.168.1.1 ip host Port02 2002 192.168.1.1 etc ip host Port15 2015 192.168.1.1 ip host Port16 2016 192.168.1.1 int lo0 ip add 192.168.1.1 255.255.255.255 menu menu_jb title ^C Welcome to the JohnBoy's Menu ^C menu menu_jb text 1 Device-1 location purpose etc menu menu_jb command 1 resume Port01 /connect telnet Port01 menu menu_jb text 2 Device-2 location purpose etc menu menu_jb command 2 resume Port02 /connect telnet Port02 etc menu menu_jb text 9 AS2511-RJ Command Prompt menu menu_jb command 9 menu-exit menu menu_jb text 10 End Sessions and Logoff menu menu_jb command 10 exit I'm showing 9 10, because it is possible to not let a user out of a menu... are they allowed to have CLI?? Yes::: include line 9 [text command] No::: don't include line 9 hth, TroyC ps. BettySue would have her own menu menu_bs or such :) -Original Message- From: john pike [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 06, 2003 10:04 AM To: [EMAIL PROTECTED] Subject: creating seperate sessions on a 2611 [7:62591] I am trying to create seperate login sessions on a 2611 in such a way that remote users connectiong to the 2611 can not tamper with each others devices. In other word our 2611 is connected to 15 devices, we have 3 admins responsible for these devices(each admin handales 3 to 6 devices..routers and switches). How do I configure the 2611 to protect the seperate sessions from each other? I have been told that I will probaly need seperate access servers for each admin...but the boss wants it to work this way. Any comments or suggestions are appreciated... thanks in advance for your help you may email me directly at [EMAIL PROTECTED] _ Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year. http://login.mail.lycos.com/brandPage.shtml?pageId=plusref=lmtplus Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62594t=62591 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: auto notify if router config changes? also software port [7:61731]
Give TrueControl by Rendition Networks a try :) www.renditionnetworks.com they just released their 1.01 product. hth, TroyC -Original Message- From: Jerry Deer [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 23, 2003 3:02 PM To: [EMAIL PROTECTED] Subject: RE: auto notify if router config changes? also software port [7:61728] Oh sorry I should have mentioned I really want to stay with a windows based program. Know of any? Thank you for your help! -Original Message- From: Johnny Routin [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 23, 2003 3:05 PM To: [EMAIL PROTECTED] Subject: Re: auto notify if router config changes? also software port [7:61720] If you're looking for a small, free solution then set up Cisco's free Tacacs+ for linux, set up AAA on the router, log to a file, and run swatch or logwatch to email you when changes are made. JR -- Johnny Routin )?) - Jerry Deer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello Team, I am looking for a router security program that will automatically email me if a change is made. Can anyone recommend such a program? The smaller the better but don't mind if it is a tool in a bigger program. Also I was wondering if there is any kind of port management tool that can deny or block usage of certain game ports on the LAN ? For instance if a corp office is having problems with people using unwanted programs such as messenger or counter strike (port 27015 by default) can it be done with a software program or packet sender to jam that port on a specific computer? I thought I would go right to the experts! Have a great day, JD Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61731t=61731 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NATting a subset [7:61746]
of a particular networkis it possilbe? I have a /22 network on an interface that from within that I'd like to NAT only certain addresses so::: IP network 172.25.24.0/22 who I want to NAT::: 172.25.27.0 [outbound] thoughts, suggestions, LINKS [urls] much appreciated...many thanks :) TroyC Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61746t=61746 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Bridging Question? [7:60546]
Mike, Well, we have an ATM PVC into the public cloud where the ISP later converts it to Frame, and on our 2600 we take the frame circuit bridge it... here's a snippet of the configs::: frame-router# FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Bridging Question? [7:60546]
I take it, 3 consecutive dots [one per line] does something to ixnay the remainder of an email?? -Original Message- From: COULOMBE, TROY Sent: Tuesday, January 07, 2003 5:52 PM To: 'mlehr'; [EMAIL PROTECTED] Subject: RE: Bridging Question? [7:60546] Mike, Well, we have an ATM PVC into the public cloud where the ISP later converts it to Frame, and on our 2600 we take the frame circuit bridge it... here's a snippet of the configs::: frame-router# interface Serial0/0 description Frame Relay to datacenter no ip address ip directed-broadcast encapsulation frame-relay IETF no ip mroute-cache no fair-queue ! interface Serial0/0.1 point-to-point frame-relay interface-dlci 41 IETF bridge-group 1 interface BVI1 ip address xxx.xxx.125.33 255.255.255.248 and on the ATM interface [in a 6509]::: interface ATM0 atm preferred phy A atm uni-version 4.0 atm pvc 125 2 41 aal5snap atm bind pvc vlan 125 125 no atm auto-configuration atm ilmi-keepalive no atm address-registration -Original Message- From: mlehr [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 5:11 PM To: [EMAIL PROTECTED] Subject: Bridging Question? [7:60546] I have studied for and successfully tested CCNA CCNP and now I am studying for the CCIE written exam. At this point in my studies, I am reading up on the subject of Bridging. I fully understand the concept of bridging when it comes to switches, but I am perplexed as to why a router would need to perform a bridging function. Obviously bridging capabilities are built into the routers IOS but what need would prompted anyone to use this feature. In the other studies Bridging was not a covered subject so this is new territory for me. Help! Mike L. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60558t=60546 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
HSRP Source MAC adder [7:35892]
Hey group, T/S an FTP app prob, and I came upon something that made me ponder. Hardware::: 6509, dual msfc2, Software: IOS 12.1.(5a)E Slot 15: VLAN236 10.10.239.12 standby 236.1 priority 150 [10.10.236.0/22] Slot 16: VLAN236 10.10.239.11 standby 236.1 priority 125 [and therefore standby] So I have a client on 10.22.22.22 FTPing to 10.10.236.57. When I sniffed the wire [actually the 236.57 port], what I found was that traffic from 22.22 had multiple source-MAC adders. So, lets for the sake of brevity say that MAC adders are:: slot15 is AAA slot16 is BBB HSRP is CCC 236.57 is DDD what I see is::: AAA (22.22) -- DDD (236.57) CCC (22.22) DDD (236.57) CCC (22.22) DDD (236.57) !! CCC (22.22) DDD (236.57) CCC (22.22) -- DDD (236.57) etc, you get the idea... OK, right up front, the conversation from AAA to DDD and then DDD to CCC makes sense to me.. :-) But why does the back-up mfsc suddenly transmit? He's not Primary, they haven't swapped active [did a sh logg]. My thoughts right now::: HSRP is a listening protocol and not a speaking protocolbut even if that is true [can't find anything DEFINITIVE at CCO] what makes the back-up interface suddenly decide to talk? And it doesn't seem to be a load-balance thing but rather new-session related... But what does that matter? ie: why would the secondary mfsc even see this traffic... Any thoughts? CCO links mucho appreciated if they explain this... Does the 6500 series automatically session-balance when using HSRP? Looking forward to your thoughts TroyC Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35892t=35892 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP Source MAC adder [7:35892]
Weird... my messaged got hacked during transit of group study (I 2x checked my sent box... and it reminded me of my telecom days left my station fine...must be your rx. heheheh) ... guess it doesn't like the repeat characters??? so here it is again... with some _underlines_ thrown in to maybe help prevent it happening again... === what I see is::: AAA (22.22) -- DDD (236.57) -- CCC (22.22) DDD (236.57) CCC (22.22) DDD (236.57) !! -- CCC (22.22) DDD (236.57) CCC (22.22) DDD (236.57) CCC (22.22) DDD (236.57) CCC (22.22) DDD (236.57) !! CCC (22.22) DDD (236.57) CCC (22.22) -- DDD (236.57) etc, you get the idea... OK, right up front, the conversation from AAA to DDD and then DDD to CCC makes sense to me.. :-) But why does the back-up mfsc suddenly transmit? He's not Primary, they haven't swapped active [did a sh logg]. My thoughts right now::: HSRP is a listening protocol and not a speaking protocolbut even if that is true [can't find anything DEFINITIVE at CCO] what makes the back-up interface suddenly decide to talk? And it doesn't seem to be a load-balance thing but rather new-session related... But what does that matter? ie: why would the secondary mfsc even see this traffic... Any thoughts? CCO links mucho appreciated if they explain this... Does the 6500 series automatically session-balance when using HSRP? Looking forward to your thoughts TroyC Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35896t=35892 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP Source MAC adder [7:35892]
my lord arghhh, I will re-tx maybe put it in a diff format!!! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35898t=35892 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Try2::: HSRP Source MAC adder [7:35899]
Hey group, T/S an FTP app prob, and I came upon something that made me ponder. Hardware::: 6509, dual msfc2, Software: IOS 12.1.(5a)E Slot 15: VLAN236 10.10.239.12 standby 236.1 priority 150 [10.10.236.0/22] Slot 16: VLAN236 10.10.239.11 standby 236.1 priority 125 [and therefore standby] So I have a client on 10.22.22.22 FTPing to 10.10.236.57. When I sniffed the wire [actually the 236.57 port], what I found was that traffic from 22.22 had multiple source-MAC adders. So, lets for the sake of brevity say that MAC adders are:: slot15 is AAA slot16 is BBB HSRP is CCC 236.57 is DDD what I see is::: AAA (22.22) -- DDD (236.57) and then CCC (22.22) DDD (236.57) and again CCC (22.22) DDD (236.57) ! and then CCC (22.22) DDD (236.57) and again CCC (22.22) - DDD (236.57) etc, you get the idea... OK, right up front, the conversation from AAA to DDD and then DDD to CCC makes sense to me.. :-) But why does the back-up mfsc suddenly transmit? He's not Primary, they haven't swapped active [did a sh logg]. My thoughts right now::: HSRP is a listening protocol and not a speaking protocolbut even if that is true [can't find anything DEFINITIVE at CCO] what makes the back-up interface suddenly decide to talk? And it doesn't seem to be a load-balance thing but rather new-session related... But what does that matter? ie: why would the secondary mfsc even see this traffic... Any thoughts? CCO links mucho appreciated if they explain this... Does the 6500 series automatically session-balance when using HSRP? Looking forward to your thoughts TroyC Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35899t=35899 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP Source MAC adder [7:35892]
OK, figured it was a groupstudy e-mail prob, because a bcc to my home e-mail showed up fine...but then...looking at it via web board makes it look okso now I'm not sure if the message got hacked up or not... :-/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35907t=35892 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: **stupid router tricks [7:32213]
well, not really a stupid router trick...but a reload in 15 {reload cancel} will save your arse when reconfiguring a wan link remotely...nothing worst than having to drive to a remote site to correct a misconfig... -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 16, 2002 1:54 PM To: [EMAIL PROTECTED] Subject: Re: **stupid router tricks [7:32213] do things like hotwiring your serial ports to connect analogue modems count? Is IOS firewall a stupid router trick ( in addition to being poor design and asking for trouble ) ? How about ODR? Eric Waguespack wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... over the years, of working on cisco routers lurking in this group, I have learned a few 'cool' tricks you can do with cisco routers, has anyone seen a compiled list of stupid router tricks ? e.g. -making your router a dhcp server -making your router a tftp server -back to back frame relay (no dedicated frame-relay switch) -ip over aux port -login without a password (conf t - line vty 0 4 - privilege level 15) here is where my memory fails me, can you guys think of anymore? __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32225t=32213 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NPE300 in 7206VXR [7:31534]
Chris, Sorta similar probs going on here... I've been fighting [and so far loosing] with a 7206-npe200/128mb that keeps dropping ICMP packets from my FWs. The FA is on a PA-FE-TX, but I've also tried PA-2FEISL-TX...to no avail... like I said, so far I'm loosing... :-. It's a 2 armed router ATM on the left [Internet] and FA on the right. Running full BGP routes on the ATM, Running HSRP on the FA this is what the CKPT-FW1s [running stonebeat] are pinging [the HSRP adder]. The FWs don't loose their pings _all the time_ just enough to cause them to go offline...say, 3x a week. Sniffed the wire, and sure enough the router just doesn't respond to some of them...router shows goose-eggs for drops/errors/runts/etc...replaced cables/PAs/IOSes [now on 12.1.5, 12.0.3, 12.2.4T] to no avail... TAC has sent me a new chassis NPE as the next guess...but I'm not expecting much outa that swap out let me know if you get anywhere...or thoughts :-) I'm almost ready to start whispering Nortel...NortelNortel... to the damn thing to see if I can use the fear factor to get him to act right... TroyC -Original Message- From: Kane, Christopher A. [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 8:26 AM To: [EMAIL PROTECTED] Subject: RE: NPE300 in 7206VXR [7:31534] Travis, Curious, did you try clearing the int (cle int) before you tried the reload? Chris -Original Message- From: travis marlow [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 10:36 AM To: [EMAIL PROTECTED] Subject: NPE300 in 7206VXR [7:31534] Hi everybody, longtime reader, first time poster. Was wondering if anybody has had problems with the fastethernet port on the NPE300 for the 7206VXR platform. Lastnight for some reason the box was not able to ping the other router that it was connected to via this port. When doing a sh arp it showed the ip I was trying to ping with a mac of INCOMPLETE. All other interfaces to this router were up and passing traffic, after doing the magic reload, everything was fine. It's weird that this port would just freeze up, it still said up and up on a sh int before the reload. After talking to a buddy, he said that they had had issues with using the fastethernet port on the NPE. I figured I would disseminate this problem to a larger group to see if anybody else had seen this. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31554t=31534 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: what would u do when u bored [7:3784]
Bored?? H... Assumption #1: You are working as some type of network engineer have access to the network Assumption #2: You have a sniffer [I love NAI Sniffer Pro--Distributed is even better...] Sniff all the different segments on you network. Create filters to filter out types of traffic. An example is create a filter looking for _only_ DNS failures. I just recently found a piece of spyware that ATT's ISP dialer software that was sending out dns querries for ibmxxx.inverse.net...where xxx was 001 through 009. They all fail...and the dialer software just kept rolling thru the numbers indefinately while the user was dialed up [and connected to our VPN] [the solution was to upgrade the software]... Look of _ICMP_ traffic... see what you see... Look at whatever routing protocol you use [ospf is the most _fun_]...what can you deduce from the traces... and then there is _SNMP_ traffic...always fun to catch...suprising how much info is sent in plaintext... and then there is just catching those boxen that have shitty [excuse my canadian-french] drivers...they don't window, or cause excessive retrans...etc... I make it 75% of my job to sniff...PRO-ACTIVE is key to a happy network... now if only all the users would get off my network, it would be fine ;-) TroyC -Original Message- From: Peter zhang [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 15, 2001 9:00 AM To: [EMAIL PROTECTED] Subject: what would u do when u bored [3:3784] Bored Hi guys, I will like to get some opinion from the group, what would you guys do when you feel bored at work? any input will be highly appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=26386t=3784 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco PIX Firewall Authentication Denial of Service [7:21907]
Just an FYI http://www.cisco.com/warp/public/707/pixfirewall-authen-flood-pub.shtml TroyC -=-=-=- With sufficient thrust, pigs fly just fine. ---RFC 1925 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21907t=21907 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Way OT: Interesting Date today [7:21675]
09-31-1390 to up you one month ;-) on my second cup... ;-) -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 02, 2001 8:04 AM To: [EMAIL PROTECTED] Subject: Way OT: Interesting Date today [7:21675] 10-02-2001... It's a palindrome! When was the last date where this occurred? Here at work we think it was 08-31-1380. When will the next one be? :-) Sorry for the OT post, I just thought this was amusing. Back to the morning coffee John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21677t=21675 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Way OT: Interesting Date today [7:21675]
Doh!!! 09 doesn't have 31 too much coffee ;-) -Original Message- From: COULOMBE, TROY Sent: Tuesday, October 02, 2001 8:13 AM To: Cisco Study Group (E-mail) Subject: RE: Way OT: Interesting Date today [7:21675] 09-31-1390 to up you one month ;-) on my second cup... ;-) -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 02, 2001 8:04 AM To: [EMAIL PROTECTED] Subject: Way OT: Interesting Date today [7:21675] 10-02-2001... It's a palindrome! When was the last date where this occurred? Here at work we think it was 08-31-1380. When will the next one be? :-) Sorry for the OT post, I just thought this was amusing. Back to the morning coffee John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21680t=21675 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Power Strip [7:21710]
Black Box Code: PS189A $69.95 Works great! -Original Message- From: Ray Smith [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 02, 2001 11:58 AM To: [EMAIL PROTECTED] Subject: Power Strip [7:21710] Guys, I have been trying to get two 19 horizontal power strips to mount on my rack, but have only been to locate places that sell the ones with surge protectors, and those are just rediculously priced. Does anyone have the link to anywhere that has reasonably priced rack mountable power strip? Please say. Ray _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21712t=21710 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Sniffing Packet From the router. [7:21111]
Yep, this is what we do...in fact, we have all the Y-cables cabled to a v.35 patch panel, which comes from my days in telecom...it's neater that way than having Y-cables dangling all over the place... You then patch from the monitor port of the particular WAN link to the WAN sniffer (also attached to the patch panel) with a simple patch cable--not Cat-5, but we called them K M patch cables (for _K_notched _M_odular)... Beware however, the patch panel will cost you a pretty penny (+-3500.00) But for the enterprise, it works well.. Don't have a part number from anywhere, but we buy ADC ones... TroyC -Original Message- From: Dan Faulk [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 02, 2001 1:53 PM To: [EMAIL PROTECTED] Subject: RE: Sniffing Packet From the router. [7:2] Hey learn something new every day on this list, good info. Could the Y-cable be left in circuit on critical links, with proper precautions of course, yeah I know simpleton question but you never know. I always leave one port open on all my switches just for the sniffer, has made life so much easier and safer too, nice to know the same idea could be used on the WAN also. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Trevor J Corness Sent: Tuesday, October 02, 2001 3:14 PM To: [EMAIL PROTECTED] Subject: Re: Sniffing Packet From the router. [7:2] The only other way that I know of to avoid crashing the router, and getting a useful sniff of the WAN traffic, is to use a V.35 protocol analyzer, such as the HP Internet Advisor. This is a pricey unit, but if you do this stuff regularly (as my coworkers and I do), it is the easiest, and most presentable way to do this. Note: There is a short disruption of service while inserting and removing the V.35 Y-cable used to do this. Internet Advisor generates some very management-friendly reports, used to present findings to people of a slightly more non-technical background. It also has many VERY powerful features (think: SnifferPro-like GUI). I am sure there are other very similiar products out in the field, I am only explaining what I have used. At the present time, this is only the HP Internet Advisor. Regards, Trevor J Corness, CCNA CCDA JNCIS NNCSS MCSE Radian Communication Services Corporation http://www.radiancorp.com On September 26, 2001 07:20 am, MADMAN wrote: You can easily hedge your bets against crashing the router by using an extended access-list with ip packet debuging. Dave Dennis wrote: debug ip packet... use with extreme care, you could crash the router if you have lots of traffic... Ken wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Does anyone know how I can sniff packet from a router. Or can the router redirect the packet to another Ethernet interface. Like Span port on the switch. I need to capture the packet that is going across the WAN interface. Thanks. Ken Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21728t=2 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Sniffing Packet From the router. [7:21111]
I take that back... I did find it... PMS-16-V35FF http://www.ibuyer.net/prod.html?id=447152 and to stay on topic...we use NAI DSSPro WAN sniffers...which work great... TroyC -Original Message- From: COULOMBE, TROY Sent: Tuesday, October 02, 2001 2:12 PM To: 'Dan Faulk'; [EMAIL PROTECTED] Subject: RE: Sniffing Packet From the router. [7:2] Yep, this is what we do...in fact, we have all the Y-cables cabled to a v.35 patch panel, which comes from my days in telecom...it's neater that way than having Y-cables dangling all over the place... You then patch from the monitor port of the particular WAN link to the WAN sniffer (also attached to the patch panel) with a simple patch cable--not Cat-5, but we called them K M patch cables (for _K_notched _M_odular)... Beware however, the patch panel will cost you a pretty penny (+-3500.00) But for the enterprise, it works well.. Don't have a part number from anywhere, but we buy ADC ones... TroyC -Original Message- From: Dan Faulk [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 02, 2001 1:53 PM To: [EMAIL PROTECTED] Subject: RE: Sniffing Packet From the router. [7:2] Hey learn something new every day on this list, good info. Could the Y-cable be left in circuit on critical links, with proper precautions of course, yeah I know simpleton question but you never know. I always leave one port open on all my switches just for the sniffer, has made life so much easier and safer too, nice to know the same idea could be used on the WAN also. Dan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21730t=2 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TFTP on a Cisco 2500 series?? [7:21781]
yep, it sure is... ;-) http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/fun_ r/frprt2/frd2006.htm#xtocid1236617 watch the word wrap..but basically it is: router1(config)#tftp-server flash ? hth, TroyC -Original Message- From: Cisco Nuts [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 02, 2001 8:01 PM To: [EMAIL PROTECTED] Subject: TFTP on a Cisco 2500 series?? [7:21781] Hello, Is it possible to configure a 2500 series router as a TFTP server? I tried the cco page but that has more stuff on setting it up on a windows/unix etc. machines. Is it possible? Please advise. Thank you. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21788t=21781 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Loopback Address scheme (long) [7:20002]
Alright gang, Usually I just lurk. However, for those of you doing support for networks, I would like to know (sample) your loopback address scheme. We have a Hub spoke network, with our core network consisting of core services (server farm, etc) and our two WAN routers. Off these WAN routers are our regions (and off them branches). Currently there is little redundancy (as far as it being meshed--we have redundant links/isdn backup, etc). We are a purely OSPF shop. So, Core/WAN is Area 0.0.0.0 Regions/Branches are areas x.x.x.x (Each (region and their branches) are separate areas...) However, due to transitions, summarization is not practical (things have moved within the corp.) Thoughts on BEST PRACTICE of loopback addressing??? Should I take a /32 from within the major network of each region/branch use that, or should I use one class C (and /32 that) and just spread it amongst the sites? Also, take into consideration that we are moving towards a more partial meshed network. Confused? See examples below Core network: 10.1.0.0 /16 (summarized) 10.1.1.0 /24 (server farm) Region 1 10.32.0.0 /16 (not summarized) 10.32.1.0 /24 (local net 1) Branch 1 10.32.1.0 /24 (local net) Branch 2 10.32.2.0 /24 (local net) Region 2 10.44.0.0 /16 (not summarized--but in general this is the major network we are going to) 10.44.1.0 /24 (local net 1) 10.44.2.0 /24 (local net 2) Branch 1 10.32.7.0 /24 (local net) see can't summarize above due to discontiguous nets ;- Branch 2 10.44.217.0 /24 (local net) == so solution #1 would be core network devices use addresses (like) 10.1.2.2 /32 (using a new network here) 10.1.2.3 /32 (using a new network here) etc etc. Region 1 10.32.2.2 /32 (using a new network here) 10.32.2.3 /32 (using a new network here) Branch 1 10.32.3.2 /32 (using a new network here) Branch 2 10.32.4.2 /32 (using a new network here) Region 2 10.44.3.2 /32 (using a new network here) 10.44.3.3 /32 (using a new network here) Branch 1 10.32.8.2 /32 (using a new network here) Branch 2 10.44.218.2 /32 (using a new network here) == or solution #2 would be using ONE loopback network... core network devices use addresses (like) 10.99.99.2 /32 10.99.99.3 /32 etc etc. Region 1 10.99.99.4 /32 10.99.99.5 /32 Branch 1 10.99.99.6 /32 Branch 2 10.99.99.7 /32 Region 2 10.99.99.8 /32 10.99.99.9 /32 Branch 1 10.99.99.10 /32 Branch 2 10.99.99.11 /32 == and maybe I am just sweating the small stuff it really doesn't matter...just pondering it, because quite truthfully, I seem to only do HubSpoke OSPF networks...all my mesh/part. mesh networks were EIGRP... and I figured I'd share this as it might also be a prob/solution that get peoples minds on off the tragedy. TroyC -=-=-=- With sufficient thrust, pigs fly just fine. ---RFC 1925 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20002t=20002 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Static Route Info [7:19817]
Anal? boy I think not IMO... Many thanks for the tipwe have quite a few (over 30) static routes due to partnerships, etc. Remembering what they are for, and why they are on a certain routers (and not others) ...well we keep it in an excel spreadsheet...A real pain during t/s. HOWEVER the trusty ? states: ip route 1.1.1.0 255.255.255.0 2.2.2.2 ? name Specify name of the next hop is it just a descriptor or does it do a dns lookup? Anyone KNOW FOR SURE? (looking on EVERYONE'S search engine as I type) TroyC -Original Message- From: Wright, Jeremy [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 13, 2001 11:30 AM To: [EMAIL PROTECTED] Subject: Static Route Info [7:19817] I figured out how to put a description on a static route. I know it probably won't help many of you, but this is one of the anal things I had to do for my boss: ip route 1.1.1.1 255.255.255.0 2.2.2.2 name static route to web server Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19831t=19817 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Book [7:13023]
Alright gang, OT because it's not a pure Cisco question... I use a sniffer everyday I am looking for a good book(s) to assist in analyzing CIFS/SMB network traffic. I am looking for something that would help me be able to more effectively troubleshoot/UNDERSTAND the following (for example): SMB: R transact2 - NT error, System, Error, Code = (52) STATUS_OBJECT_NAME_NOT_FOUND OBVIOUSLY, the object was not found...but what is an R transact2 ...and then there are things like: SMB: R NT create X, FID = 0x6002 So I am looking for a detailed book on SMB... I did the usual search engines, but I wanted to know what my fellow guru's use/recommend. TIA! TroyC Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13023t=13023 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: how to schedule a reload on 6509 switch ? [7:13017]
switch(enable)reset in hh:mm to cancel switch(enable)reset cancel HTH, TroyC -Original Message- From: Jaspreet Bhatia [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 19, 2001 2:29 PM To: [EMAIL PROTECTED] Subject: how to schedule a reload on 6509 switch ? [7:13017] How to schedule a reload on 6509 switch for a particular time ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13024t=13017 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP Simulator [7:1087]
HTH, TroyC -Original Message- From: sdonoho [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 18, 2001 7:14 AM To: [EMAIL PROTECTED] Subject: BGP Simulator [7:1087] Is there such a thing as a freeware BGP simulator? BGP simulators run on PCs or Workstations and simulate an external AS and will form adjacency with routers. Router manufactures use the simulators to stress their products. But I'm unsure if the simulators are homegrown, commercial or freeware. I'm currently using a Linux system in my home lab and a BGP simulator would be a great addition to my network. Scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1090t=1087 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP Simulator [7:1087]
H Let's try this again. ;-) Z e b r a is a bad word? Or is the mail now scanning for B R A? www. z e b r a . org 2nd Try TroyC -Original Message- From: COULOMBE, TROY [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 18, 2001 7:42 AM To: [EMAIL PROTECTED] Subject: RE: BGP Simulator [7:1087] HTH, TroyC -Original Message- From: sdonoho [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 18, 2001 7:14 AM To: [EMAIL PROTECTED] Subject: BGP Simulator [7:1087] Is there such a thing as a freeware BGP simulator? BGP simulators run on PCs or Workstations and simulate an external AS and will form adjacency with routers. Router manufactures use the simulators to stress their products. But I'm unsure if the simulators are homegrown, commercial or freeware. I'm currently using a Linux system in my home lab and a BGP simulator would be a great addition to my network. Scott FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1100t=1087 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco IOS on HTTP site WAS: Cisco IOS Documentation: on ftp si [7:910]
Don, That was I! ;-) I d/l them, then zipped them (10Mb v. 70Mb.) They are in the same directories, etc. I also zipped them up as one large file (same size)(proper directories maintained). I am allowed 2G of d/l per month from my domain hoster. So 150 people @ 10Mb is max LOL. But you never know. ;-) Will keep it there for as long as possible. ;-) IMPORTANT** If members on the list want to shoot me an E-mail with the following subject: CiscoDocs I will respond to those requests with the URL of the files for those w/ HTTP only access. ;-) Those that respond w/ a different subject, will be filed in /dev/null. ;-) Too much E-mail in a day, it _must_ be sorted/filtered ;-p TroyC -Original Message- From: Donald B Johnson jr [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 17, 2001 6:39 AM To: [EMAIL PROTECTED] Subject: Re: Cisco IOS Documentation: on ftp site [7:258] Hi All Everyone with the FTP site for the IOS docs the password has changed. I had to do this for use during the week. Starting Friday and into the weekend the site will reopen. Someone also said they zipped the files and made them available if they could inform others that would be great if this is true. Again the username and password will work this weekend. - Original Message - From: "Patrick McAllister" To: "Donald B Johnson jr" Sent: Monday, April 16, 2001 5:21 PM Subject: Re: Cisco IOS Documentation: on ftp site [7:258] Hi Don, I wanted to thank you for the user id and password for your ftp site. I downloaded a fair number of the guides, unfortunately I was not able to complete the downloads this weekend as planned. I went back tonight, but got an access denied message trying to change directories to "guides". I was wondering if the window of opportunity had closed? If so, no biggie, I'd like to thank you for making the documentation available. If perhaps I have done something incorrect and the word docs are still available for download, just let me know (at your convenience of course). Thanks again! Patrick FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=910t=910 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: deb int command [7:324]
At everyone's favorite search engine: http://www-search.cisco.com/pcgi-bin/search/public.pl?q=debug+interface+num =10searchselector=0 returns the following link: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/fun_c /fcprt3/fctroubl.htm watch the word wrap...then do a ctrl-f (find) and search for "debug int" and it's about 8/10ths down the page. HTH, TroyC -Original Message- From: Venkataramanaiah.R [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 12, 2001 5:30 AM To: [EMAIL PROTECTED] Subject: deb int command [7:324] Hi, Can somebody explain explain the use of "debug interface serial 3/1/1 " command. Regards -Venkat "The greatest glory in living lies not in never falling, but in rising every time we fall ." -- Nelson Mandela FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=487t=324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access-list , Cisco exam question [7:41]
You would be correct sir. Somehow I did not read that answer correctly _three_ times. Sorry bout the incorrect answer -Original Message- From: Tony van Ree [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 10, 2001 3:49 PM To: COULOMBE. TROY; [EMAIL PROTECTED] Subject: RE: Access-list , Cisco exam question [7:41] Hi, I would answer a. telnet sessions will be denied if initiated from any address other than 172.16.0.0 network Afterall the access list specifically says permit those sessions established by the 172.16.0.0 network and nothing else is specified therefore I would assume the implicit deny at this point. Just a thought. Teunis Hobart, Tasmania Australia On Tuesday, April 10, 2001 at 12:32:08 PM, COULOMBE. TROY wrote: Poorly worded, I would have answered (C); because of the keyword (to). But I guess it depends! What I see this access list doing is: allowing return packets of any telnet session established from 172.16.x.x to _any_ other network. If 172.16.x.x is an external network, then I might (struggle ) say (D). Then what the access-list is really saying, and I am assuming that it is applied on in interface as "in", is that any telnet session created from internal network to the 172.16.x.x net may come back in (established). And any telnet session created to another network (172.31.x.x) would not be allowed--return packets dropped, but the initial outgoing packet to establish the connection would go out to 172.31.x.x. If 172.16.x.x is an internal network, then I would say (C). Then the access-list would be saying, and with another assumption that it is also applied on an interface as "in", is that any telnet session return packets may come back to the 172.16.x.x (established). established : For the TCP protocol only; indicates an established connection. A match occurs if the TCP datagram has the ACK or RST bits set. The nonmatching case is that of the initial TCP datagram to form a connection. HTH, TroyC -Original Message- From: Arthur Simplina [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 10, 2001 3:49 AM To: [EMAIL PROTECTED] Subject: Access-list , Cisco exam question [7:41] What is the result of the command? access-list 101 permit tcp any 172.16.0.0 0.0.255.255 establisbed a. telnet sessions will be denied if initiated from any address other than 172.16.0.0 network b. telnet sessions will be denied to the 172.16.0.0 network only c. telnet sessions will be permitted regardless of the source address d. telnet sessions will be permitted to the 172.16.0.0 network only e. telnet sessions will be denied regardless of the source address FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] -- www.tasmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=222t=41 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PPP Configs (Overlooking the Obvious) [7:29]
Well, I don't do IPX (except in the lab), but my first two guesses would be: ipx ppp-client loopback0 or ipx routing was missing...it's a bit difficult t/s without the broken config. saving my third guess for later in the day. TroyC -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Monday, April 09, 2001 11:21 PM To: [EMAIL PROTECTED] Subject: PPP Configs (Overlooking the Obvious) [7:29] In the hopes that this might help some of the beginners (and some of the not-so-beginners) I thought I'd share an interesting troubleshooting problem I just ran into that is actually a little embarrassing but educational. (Yes, I should be in bed already. Perhaps my consistent lack of sleep causes me to have constant brain lock lately.) I started out with a back-to-back config between two 2501s from aux to aux. I initially was running IP, then I added CHAP authentication, then I added IPX. For some reason, I could not get IPX working correctly no matter what I tried... "show ipx traffic" showed that there was traffic but it wasn't behaving correctly. On Router A I had a static SAP that I wanted to advertise to Router B but it wasn't showing up on B. I also had a loopback address with a network number that I wanted to advertise to B. Again, it was not showing up. To make a longer story shorter, it might be helpful to reiterate the order in which I did this configuration. First, I configured IP and brought up the connection. It came up and I tested connectivity using pings. Simple, no problem. Next, I added the CHAP authentication. Again, no problem once I got the config correct on both routers. Then I added the IPX config. Hey, I just thought of something. Instead of coming out and telling you the answer to this problem, I should let others guess.I'll subtitle this "Late Monday Night Follies." If you've been doing this sort of thing for a while, please don't just come out and tell everyone the answer just yet. Let the people new to PPP figure this one out. I've given enough information here but there are a couple of other clues to be given that I haven't mentioned. Good luck! John the Very Sleepy ___ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66t=29 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access-list , Cisco exam question [7:41]
Poorly worded, I would have answered (C); because of the keyword (to). But I guess it depends! What I see this access list doing is: allowing return packets of any telnet session established from 172.16.x.x to _any_ other network. If 172.16.x.x is an external network, then I might (struggle ) say (D). Then what the access-list is really saying, and I am assuming that it is applied on in interface as "in", is that any telnet session created from internal network to the 172.16.x.x net may come back in (established). And any telnet session created to another network (172.31.x.x) would not be allowed--return packets dropped, but the initial outgoing packet to establish the connection would go out to 172.31.x.x. If 172.16.x.x is an internal network, then I would say (C). Then the access-list would be saying, and with another assumption that it is also applied on an interface as "in", is that any telnet session return packets may come back to the 172.16.x.x (established). established : For the TCP protocol only; indicates an established connection. A match occurs if the TCP datagram has the ACK or RST bits set. The nonmatching case is that of the initial TCP datagram to form a connection. HTH, TroyC -Original Message- From: Arthur Simplina [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 10, 2001 3:49 AM To: [EMAIL PROTECTED] Subject: Access-list , Cisco exam question [7:41] What is the result of the command? access-list 101 permit tcp any 172.16.0.0 0.0.255.255 establisbed a. telnet sessions will be denied if initiated from any address other than 172.16.0.0 network b. telnet sessions will be denied to the 172.16.0.0 network only c. telnet sessions will be permitted regardless of the source address d. telnet sessions will be permitted to the 172.16.0.0 network only e. telnet sessions will be denied regardless of the source address FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=68t=41 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Inactivity Timeouts with dialup connections [7:56]
Paul, Guess it depends what kind of device, but this should get you started ppp timeout idle http://www.cisco.com/warp/public/131/8.html http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/dial_ c/dcppp.htm dialer idle-timeout HTH, TroyC -Original Message- From: Paul Borghese [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 10, 2001 7:48 AM To: [EMAIL PROTECTED] Subject: Inactivity Timeouts with dialup connections [7:56] Does anyone know how to disconnect a person who has been idle (let's say 15 minutes) on a PPP dialup connection. Paul Borghese FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=78t=56 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VOIP questions - studying for CCIE Written [7:77]
Mike, take a look-see at everyone's favorite search engine: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121 limit/121x/121xm/121xm_5/ftdpeer.htm#69675 might be what your looking for...just starting to read-up on voip. TroyC -Original Message- From: Michael Bambic [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 10, 2001 10:02 AM To: [EMAIL PROTECTED] Subject: VOIP questions - studying for CCIE Written [7:77] I'm reading the Lammle book on VOIP and it shows a configuration on R1 that looks like this: dial-peer voice 2000 voip destination-pattern 2000 session target ipv4:10.10.10.2 In the diagram the 2000 is a telephone on the otherside of R2 router and 10.10.10.2 is the IP of the next hop address on R2. In R2 config it uses a command of: dial-peer voice 2000 voip destination-pattern 199. session target ipv4:10.10.10.1 My question is this, Do you have to put in a dial-peer command on the router for every single phone connected? What would a sample config look like if you had R1 with extensions 1000 through 1999 out 1/0/0 ? Thanks Mike Bambic [GroupStudy.com removed an attachment of type application/ms-tnef which had a name of winmail.dat] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=80t=77 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: backup default routes
Brett, I believe HSRP is what you are looking for. In addition, you can have the _primary_ router monitor the external (to the big I) interface and cut-over to the _standby_ router if that (external) interface dies. HSRP http://www.cisco.com/warp/public/619/hsrpguidetoc.html Here's a white-paper link: http://www.cisco.com/warp/public/cc/so/cuso/epso/entdes/hsrp_wp.htm Standby [group number] ip [ip-address(secondary)] Standby [group number] timers hellotime holdtime Standby [group number] priority priority number Standby [group number] preempt Standby [group number] track type number [interface priority] Standby [group number] authentication string Here's another link on some switch (prob) considerations w/ HSRP http://www.cisco.com/warp/public/619/8.shtml HTH, TroyC -Original Message- From: Brett Johnson [mailto:[EMAIL PROTECTED]] Sent: Monday, April 09, 2001 9:46 AM To: [EMAIL PROTECTED] Subject: backup default routes I have a general question about the following scenario: If I have two ways out to the internet using two different routers. These two routers and the firewall are connected to a switch. If I use a default route on the firewall with one path having a lower cost then the other, the firewall should forward the packets down that path. Now if the router in the preferred path crashes, will the other path become active. In other words how would the firewall know that the router is down. The firewalls link is still active because it is connected to another device (the switch), it isn't using a 'dynamic routing protocol'. So why would the firewall go to the other default route? (We could substitute another routers instead of a firewall in this scenario.) Thank you. Brett Johnson _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Dial out with a CISCO router
Hamid, watch the word-wrap on the links. You didn't mention Router model, what IOS, etc. So the first link is the most appropriate: www.cisco.com and put that info in along with "async dial out" But this will get you started: http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t_ 3/t1casbrn.htm#xtocid1730714 http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/dial ts_c/dtsprt2/dcdmodem.htm#xtocid63680 Probably not what you wanted, but still good info: http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t_ 3/t1casbrn.htm#xtocid1730714 and what link wouldn't be complete without DDR: http://www.cisco.com/univercd/cc/td/doc/cisintwk/idg4/nd2010.htm HTH, TroyC -Original Message- From: Hamid [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 10, 2001 1:43 PM To: [EMAIL PROTECTED] Subject: Dial out with a CISCO router Hi Does anyone know how to set up a CISCO to dial out on an async line and use that Interface as a Default Gateway? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
LONG! RE: Router/Switch naming standards
/begin babble Well, It depends. ;-) We are currently going through a similar (design) issue. One of the major issues of naming is scalability, because much like the network design itself it can be a real pain later --if not planned for. Businesses buy other businesses, sites relocate, become dual homed, etc. We are _mostly_ a hub and spoke network for our regions branches. So for quite a while we used a geographical area (self created) to identify the major node, then a name, then an increment number. EX: 17rtr01 (Area 17, router # 01) (Atlanta) Then branch offices hanging off this regional router were as such: EX: 1701rt1 (Area 17, Sub area 1 router # 01) (Columbia SC) Then their respective switches (we have a lot of token ring a growing number of Ether) were as such: EX: 17mdf-s001 (Area 17 Main Distro Frame Switch 1) with no idea if it was TR/ET EX: 17idf6a-s001 (Area 17 6th floor Int. Distro Frame Switch 1) with no idea if it was TR/ET Now: one of the bigger problems with this is-- what happens when you start to go to a meshed network. Doesn't follow as neatly. 1701rt1 is now hanging off of both 17rt01 and 14rt01. And like I said, b. buy other b. Overlapping networks (NATing private IPs), etc start making things kinda crazy until you get it sorted out. Then later on because sites come go (networks seem to always be in flux) you end up with 17rtr01, 1701rt1,1704rt1, 1707rt1 and the new folks are wondering where is 1702, 1703, 1705 1706. So what we are now extremely close to finalizing is something along these lines: ATL-RT1 (we'll _never_ have more than 9 routers in Atlanta) ATL-MDF-ES01 Atlanta MDF Ethernet Switch 1 (these are stackable Nortel 450s we'll never have more than 99--and five nines chance never more than 9) ATL-MDF-TS01 Atlanta MDF T/R Switch 1 ATL-MDF-SP01 Atlanta MDF StackProbe 1 ATL-I6A-ES01 Atlanta IDF floor 6A, Ether Sw 1 etc.etc. Now, that takes care of both the regions branches hanging off them (along with a Big E5 size drawing of the network). So: what about a pretty large Data Center. 250 Racks. One 6509 for every for racks. So here is what we did there: RDC-CS-S001 Redmond Data Center Core Switch 1 RDC-CS-S002 RDC Core Switch 2 RDC-CS-RT1 RDC Core Switch Router 1 MSFC slot 15 RDC-CS-RT2 RDC Core Switch Router 2 RDC-CS-RTV1 RDC Core Switch HSRP IP address of RT1/RT2 External interface (V for virtual) RDC-CS-RTV2 RDC CS HSRP IP address of RT1/RT2 Internal interface RDC-GA-S132 RDC General Access (ie: servers plugged in here @ gig 100) Switch located in Rack 132 RDC-GA-S145 RDC Gen. Access Sw located in Rack 145 RDC-DNS1RDC DNS 1 RDC-HA-BIG1 RDC High Available BigIP (F5 Gear) #1 RDC-HA-BIG2 RDC HA BigIP (F5 Gear) #2 RDC-HA-BIGV1RDC HA BigIP (F5 Gear) Vitual Interface External RDC-HA-DNS1 RDC HA DNS 1 Then there is stuff like DMZs (or is that DMZzz), Partner connections, etc. Basically it takes a bit of planning. ;-) HTH good luck, /end babble TroyC -Original Message- From: LeBrun, Tim [mailto:[EMAIL PROTECTED]] Sent: Friday, April 06, 2001 2:01 PM To: '[EMAIL PROTECTED]' Subject: Router/Switch naming standards Group, I am curious to know the opinions on what are some of the better naming standards used to name routers/switches? I have heard of several (using local airport codes being the most common, i.e. PDX001(Portland) or ATL001(Atlanta)). And then of course incrementing the number each time you add a router/switch. Any suggestions? [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: transaction language
This might get you started...hmmm...been about 2 years since I tapped away at a DACS (ATT), but that was mostly in MML. http://www.tl1.com/faq.htm http://telecom-info.telcordia.com/ Here is a Cisco link on MML. I've never used it w/ Cisco... http://www.cisco.com/univercd/cc/td/doc/product/access/sc/r2/som2/mml.htm Hmm...maybe I should have kept some of those huge binders for tech. ref. Nahhh. ;-) Sorry I can't help more... TroyC -Original Message- From: Ron Mansolino [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 04, 2001 1:11 PM To: [EMAIL PROTECTED] Subject: transaction language I'm looking for information about Transaction Language; specifically, a vendor-neutral explanation of some the provisioning aspects of it. I can figure out what the alarm and notification stuff is about, I'd like to learn more about provisioning sonet but I can't figure out what I need to search for... obCisco: recruiters think CCNA==DACS jockey :( These seem to be the only jobs available right now... -- Ron Mansolino [EMAIL PROTECTED] http://www.netaxs.com/~rmsolino/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FUD definition (WAS: Private Vlans - Is this a good idea)
http://www.everything2.com/index.pl?node_id=20165 HTH, TroyC -Original Message- From: Gareth Hinton [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 28, 2001 2:50 PM To: [EMAIL PROTECTED] Subject: Re: Private Vlans - Is this a good idea FUD - Sounds gud! What is it? If the FU stands for what I think it does, what does the D stand for. Sorry for dragging the thread to one side, but I think I work somewhere that FUD cud become a major part of our vocabulary. I don't want to make up my own D if it's already in popular use :-) Cheers, Gaz ""Howard C. Berkowitz"" [EMAIL PROTECTED] wrote in message news:p0500190eb6e697785d87@[63.216.127.100]... Let me generalize my standard question of "what is the problem you are trying to solve," with "what problem do you NOT WANT to solve." What you are describing is a management, not a technical, problem. If your customers are part of the same organization as you are, someone to whom both of you report needs to explain economic realities to them. This explanation would be along the lines of: 1. The network organization has a budget. 2. This budget is based on certain rational engineering assumptions about what components can do, and what services can safely share the same component. 3. VLANs were invented as a security technique, with the goal of isolating groups of users. 3a) The "multi-VLAN" approach that allows a port to be in more than one VLAN, IMNSHO, is _evil_, has marginal applicability, and designs that include it should be tied up and thrown into a pond. If they float, burn them at the stake. If they don't float, let them drown. 4. There is no reason for concern about sharing a properly configured switch. Unless the customer can document WHY it is a problem, their only justification is FUD, and the network organization should not have its budget governed by FUD. 5. If there are real security requirements for physical switch separation, as might be specified for government classified networks that follow RED/BLACK isolation criteria, then the costs of additional switchgear should be part of the budget of the organization with the security requirement. If your customers are a true customer and you are in a profit-making world, I would have the appropriate management (i.e., that is concerned with cost of sales rather than gross revenue) consider carefully if you can afford having them as a customer. Your strategic business interest may be served by letting your competitor inherit this customer's problems. In other words, the customer needs to ask, "what part of NO do you fail to understand?" Roberts, I don't think 5500 supports pvlan, it has to be 6500, but I heard from somewhere those lower end 2948/4000 also will be able to support pvlan very soon. pvlan, from my understanding, does not give you more security among vlans. It only controls ports within the same vlan by preventing them from talking to each other without your control. It is more of a way of saving vlans for service providers. Correct. I believe the doc of 6500 explains it pretty well. If your customer is concerned about vlan leak, I am afraid you will probably have to give them a seperate switch or they can use some kind encryption before sending out any traffic. Just my 2 cents. HTH KY ""Roberts, Timothy"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have some customers that need to be connected to my network. They insist on not having their servers connected to a switch that has other customers on it. They will not pay for an additional switch. I was considering recommending private vlans? That way things are more secure on the switch. Is this a good idea? The current switches are catalyst 5500. Does this hardware support private vlans? I have checked the documentation and I have only found that the software needs to be 5.4(1) but they make no mention of hardware requirements. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Token Ring Routing Control Field
http://www.techfest.com/networking/lan/token.htm HTH, TroyC -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 22, 2001 3:26 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Token Ring Routing Control Field True. So what does the third bit (from the left) do? I didn't see any mention of the third bit doing anything so I assumed it was zero, hence my confusion. If it's not doing anything, why would it be a one sometimes and a zero other times? I've read a token ring FAQ also and still haven't found a mention of what that bit is for. Thanks, John "John Mistichelli" [EMAIL PROTECTED] 3/22/01 4:17:59 PM "A" also starts with 10 8 = 1000 A = 1010 B = 1011 John Neiberger [EMAIL PROTECTED] wrote: Okay, now I'm confused by something in the Sybex CCIE study guide in the token ring chapter. It says that if the first two bits of the routing control field are 10 the frame is an all-routes explorer. If the first two bits are 11 then it's a single-route explorer. In all of their examples, when they convert the first nibble to hex they use A for allroutes explorer and C to indicate single route explorer. I understand "C" because 1100 = C, but 1000 = 8, not A. What's the deal? Am I losing my mind or is the book wrong? I've noticed the book has been wrong in several other places but this is a new topic for me. From what I can tell, a RIF that starts with 8 is an all-routes explorer. If it starts with C it is a single-route explorer. If it starts with zero it is a nonexplorer frame. Is this correct? Thanks, John _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] John Mistichelli CCSI #2, CCNP, CCDA, MCSE, CNE [EMAIL PROTECTED] - Do You Yahoo!? Yahoo! Mail Personal Address - Get email at your own domain with Yahoo! Mail. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: A different Wildcard Mask [1:2082]
Alright, Coming out of "lurker mode" . ;-) http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs003.htm#xtocid2185611 There are two and a half (2.5) answers at the bottom (in cut/paste mode) pending further clarification: Exclamation points are of course (of course!) comments and can be cut/pasted as well Also, a neat "trick" depending on where the router is located is to issue the "reload" command prior to applying access-lists. A simple "reload in 15" will reload the router in 15 minutes...so the steps I use are: 1. reload in 15 (reload in mmm) 2. cut/paste access list 3. apply access list 4. ensure connectivity is still possible. Best to create an ADDITIONAL telnet window. 5. ensure access list is doing whatever you believe it should be doing 6. wr mem (habits die hard)(copy run start) 7. reload cancel If you lose connectivity (Doh!) and can't get back in on #4, the reload will take place, return you to the prior running config (you _didn't_ do "copy run start" yet did you?, and wala! no 3 hour trip into Tokyo to console in. ;-) HTH, TroyC == ! Answer #1 access-list 15 permit ip 171.17.2.64 0.0.0.31 ! dot31 is the mask for 64-95 (inverse of 224) ! The access list/class is unaware and therefore ! doesn't care what the original subnet mask applied ! This will also deny _EVERYONE_ else which may or ! may not be what you want ! Don't forget their is an explicit DENY at the end (not seen) line vty 0 4 access-class 15 in == ! Answer #2 access-list 15 deny ip 171.17.2.96 0.0.0.31 access-list 15 permit ip any any ! dot31 is the mask for 96-127 (inverse of 224) ! This will deny _ONLY_ 2.96-2.127 and allow all other ! IP address telnet access line vty 0 4 access-class 15 in == ! Answer #3 UGLY UGLY UGLY access-list 15 permit ip 171.17.2.64 access-list 15 permit ip 171.17.2.65 access-list 15 permit ip 171.17.2.66 ! ! you get the idea ! access-list 15 permit ip 171.17.2.93 access-list 15 permit ip 171.17.2.94 access-list 15 permit ip 171.17.2.95 ! With no mask you are specifying a host line vty 0 4 access-class 15 in -Original Message- From: jeongwoo park [mailto:[EMAIL PROTECTED]] Sent: Friday, February 23, 2001 10:26 AM To: [EMAIL PROTECTED] Subject: Fw: A different Wildcard Mask [1:2082] Hi all. Can anyone clear this? thanks J - Original Message - From: "V Cumbie" [EMAIL PROTECTED] Newsgroups: groupstudy.associate Sent: Wednesday, February 21, 2001 12:08 PM Subject: A different Wildcard Mask [1:2082] Can you permit/deny only half of a subnet? Here is my problem: Network: 171.17.2.64 Subnet mask: 255.255.255.192 Host range: 171.17.2.65 thru 171.17.2.126 Broadcast: 171.17.2.127 I have to deny telnet from hosts 171.17.2.96 thru 171.17.2.126 and allow the remaining addresses (the lower half) 65 thru 95 complete access. I can not figure out a wildcard mask for splitting the hosts in half; to deny/permit one half of them. I would appreciate any help on this. V. Cumbie Message Posted at: http://www.groupstudy.com/form/read.php?f=1i=2082t=2082 -- You are reading GroupStudy's Associate Mailing List. To unsubscribe follow the directions on http://www.groupstudy.com/list/Associates.html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: T-1 Vs DS-1
Hmmm, I would prefer the question to read: (Q) At what speed does a T-1 run over DS-1? But don't take my word for it...Here is an EXCELLENT T1/DS1 tutorial. Bookmark this one...because there are very few T1 explainations that actually talk about the F-bit S-bit. He (Bob W.) does an excellent job breaking down the DS1 Signal levels (Pulse/LBO/etc), etc http://www.dcbnet.com/notes/9611t1.html The designation "DS" in Figure 3 refers to "Digital Signals" and describes the physical layer. The designation "T" refers to the type of carrier that is being used. Often these are used interchangeably but that technically is not correct. ... When someone says they are running T1, they may be saying several different things: They may mean that they have a network that is passing data at 1.544 Mbps; they may mean that they have a network that conforms to the T1 electrical interface specification (DSX-1), or that they have a network that passes data that conforms to one of the several framing formats (D4, ESF, etc.). More likely than not, they mean all three but their concentration may be on only one of these items. The confusion in the user community is a result of the inter- changeability of words and the confusing requirements for connection to the ATT system. ahhh the memories...just glad you didn't ask about EM signalling ;-) HTH, TroyC an old telco junkie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 14, 2000 1:02 PM To: [EMAIL PROTECTED] Subject: T-1 Vs DS-1 Pick the right answer here Q.) At what speed does a DS-1 run over T-1? a.) 1.536 MBb.) 1.544 MB _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]