OK, here we go... [7:34894]
First, you didn't mention what kind of DSL router it is. (BTW, most DSL routers comercially marketed are actually ethernet-to-ethernet routers. Calling them DSL routers is a misnomer.) Every NAT implementation I've worked with requires explicit ranges set up for NAT. There's a good chance that your NAT router is configured to only NAT addresses in the 192.168.0.X range. If you'd like a more in depth discussion of what NAT is and how it works, I'd be happy to write a quick one up. Second, your Windows box is using it's loopback address for DNS. This is only a correct configuration if your Windows box is a DNS server and is receiving zone transfers from external DNS servers. I doubt that this is the case, so I would assume that DNS queries are failing. Wait... I suppose if you're running DNS on that box and have a secondary lookup to a public DNS, it should work. Better solution is to use the DNS server your ISP provides. Thirdly, while your Windows box knows how to get to the 10.0.0.0 network, due to your "route add" commands (BTW, that is not a reliable solution. Don't ask hosts (like a server) to make routing decisions), your NAT router does not know how to get there, or even that it exists. So even if the NAT router would translate 10.0.0.0 into public addresses, the router would not be able to send any packets back. For this you need a static route in the NAT router for the 10.0.0.0 network. This solution also removes the need for the "route add" commands. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34906&t=34894 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
No can do [7:34864]
You cannot simulate frame-relay with 2 routers. A minimuim of three are required. One router must serve as the frame-relay switch. This router needs to be connected to both other routers via back-to-back serial connections. In many ways, frame-relay is analogous to IP. It's just one more set removed. In frame-relay, a router will segment data into frame-relay packets and address them using the DLCI. These packets are sent to the frame-relay provider. The frame-relay provider's equipment (referred to as a switch) passes the packet to another switch based on the DLCI. I don't really know how many switches a common frame-relay packet goes through, but it doesn't really matter, because it will come out in the right place on the other router. The other router accepts the data, reassembles it into the original form and routes it accordingly. The trick is, frame-relay was never meant to operate back-to-back. Therefore, each router needs to be directly connected to a frame-relay switch. I don't have a link to help in that configuration, but if you get a third router, I can dig something up. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34909&t=34864 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE-lab scenarios [7:34870]
One point I'd like to bring up is do you work for a Cisco partner. If you do, once you pass the written, alot of resources become available to you. You can get access to some practice labs, limited access to cisco personal for help, even (and this depends on you're partner status) access to cisco labs. Just check and see if any of these options are open to you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34911&t=34870 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VOIP for CCIE [7:34849]
Ideal would be VG200/248 or a NM-V or NM-2V plus VICs for your 2600. Neither of these are cheap, though. However, if you're just looking for voice gateways to add to your network, 1750's actually work quite well. They do not have some of the higher-end features that a 2600 does, but it does what it does pretty well. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34914&t=34849 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: WFQ On High Speed Link [7:34913]
I don't *know* that it would be detrimental, but I wouldn't be suprised. You're asking the router's processor to do advanced screening on ALOT of packets. It could easily overload the process utilization. First thing I'd do is look at that. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34916&t=34913 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: show ip route longer-prefixes [7:34834]
Sounds like more of an interface issue than a performance one. One of the developers at Cisco (or more likely some company that Cisco bought) figured that a "sh ip route x.x.x.x" comand should not take into account a default route, so the user is not potentially confused, thinking there is a specific route to that address. Then another developer added the longer-prefixes arguement and thought that the default route should be taken into account. Just accept it and move on. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34917&t=34834 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Flash upgrade disaster [7:35184]
Did you format the flash before you put the new image on it? I would recommend putting both in and format the flash from ROMMON. Also, did you change the console port speed when copying the image over? That will cut down the time needed to copy the image over. Just remeber what speed you changed it to, and change it back when your down. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35185&t=35184 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 4000 Router Stucks ..... [7:35164]
Well, you don't know it hangs. It is possible the router is just waiting for your command, but isn't getting input. Can you send a break sequence and get into ROMMON mode? What is the history of these routers? Where'd they come from and when did they work last? It's unlikely that 2 routers would fail in exactly the same way. Perhaps it a bizarre ROMMON switch that a previous owner/administrator put in place. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35190&t=35164 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP/CCIE Lab [7:35139]
Token Ring is not needed for CCNP. I got mine without ever touching one. You have to know the theory, and some of the pratical, but if you are looking to reduce the cost of your lab, that's the first one to go. The BRI emulator is priceless in terms of REMOTE. Unless you have hands on experience with multiple ISDN installations, I highly recommend some kind of ISDN emulator. The 5002 is really helpful when it comes to SWITCHING. There really isn't a better option for a set-based switch. The patch panels seem to be a convience to me. But back-to-back serial cables are a must. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35192&t=35139 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MAC Address format [7:35179]
Simple. Follow this procedure. 1) Get a clean sheet of white paper and a #2 pencil. 2) Write down, in pencil, the MAC address from the Cisco Router exactly as displayed, but leave space between each character. 3) Using the eraser end of the pencil, erase all periods. 4) Using the pencil, insert a colon after every 2nd number. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35194&t=35179 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Adding more Vtys [7:35189]
That is the correct format. However, the number of vtys possible varies based on router model and memory. Perhaps you attempted too high a number. Also, that command, "line vty 0 n", defines n+1 vty lines. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35195&t=35189 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: subnet mask question [7:35357]
Yeah, if you ping any 127.X.X.X for a workstation, you should get a reply from the loopback. That entire class A is reserved for loopback addresses. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35402&t=35357 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN T [7:35441]
The interface type S/T refers to a combination of a the S interface (between the TE and the NT2) and the T interface (between the NT2 and NT1). This implies that the S/T interface will not function with an NT2 device in place. Don't know this for certain, bacause I'm never tried. This is typically OK, because most implementations do not use, nor need an NT2. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35444&t=35441 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Question [7:36243]
I would quess that means that person has passed the CCIE Qualification Exam, or the written portion of the certification. He or she is presumably studying/preparing for the lab exam. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36246&t=36243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TWO ISP AND ONE FAILURE [7:36371]
Depends alot on what kind of connection you want. If you are just talking about outbound access from your site, that isn't a problem. Setup the two routers on the same subnet and use HSRP. Best practive would be to set up two HSRP address; each router will be primarary for one address and backup for the other. That way you can direct traffic over a specific connection when it's all up, but traffic will failover to one connection if the other goes down. If, on the other hand, you want to maintain public services during an outage (ie, web pages, FTP sites, incoming e-mail), that is a gorilla of a completly different color. If you're site is big enough, you could justify a /19 public address, which can be routed via BGP. That would solve alot of you're problems, but it's unlikely that you'd be asking the question if you had a /19. Some protocols will allow you to specifiy a backup via DNS (I'm thinking SMTP), but that only helps with mail. Otherwise, you're options are co-locateing the equipment you always want available, or switching both your WAN connections to the same ISP. THere is no really easy solution. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36374&t=36371 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VIC-2BRI S/T TE [7:36369]
My first guess would be lack of DTMF relay, but I'm afraid I don't have enough information to fully diagnose this. If there is no DTMF relay configured, it's possible the secondary dialed digits are not being received by the 2610. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36376&t=36369 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Gateway/Network Address confusion [7:36400]
OK, some terminology. We've got physical networks. They are bound by routers. Anytime a packet goes through a router, it is moving from one physical network to another. Then you have a logical subnet. This is what actually gets addressed. It is possible to have multiple logical subnets on one physical network, although not recommended. Each device can only directly communicate with other members of the same logical subnet. A router would have to "translate" between the two logical subnets. Now, in the scenario you described, you have two logical subnets on one physical network (that's what the secondary address does). Also, the two logical subnets consume all your address space. You mentioned partitioning off subnets for customers. Does this mean each customer gets a seperate physical network? And do you need to provision networks for WAN links? Here would be one way to do it. Take the .137.X network off the main router (Call it R1). Get a second router (R2) for this customer. Setup a point-to-point connection between the two. Now, R1-E0 has an address of 63.142.136.1/24. Assign R1-S0 to 63.142.137.1/30 and R2-S0 to 63.142.137.2/30. This is the WAN connection. Then on R2-E0, assign address 63.142.137.33/27. The default gateway for the hosts on this network would be 63.142.137.33 and the broadcast would be 63.142.137.63. And on a correct built network, the hosts (servers) never need to have route add commands. Now if you are doing this all on one router, you just need to add a secondary address of 63.142.137.33/27 (this would require you take off the 63.142.137.1/24 address first). This creates a logical subnet on your existing physical network. I hope this made some sense to you. If you have questions, I'll be lurking around here somewhere. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36421&t=36400 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Serial Interfaces disappear on a Cisco 2500 [7:36968]
If I'm reading this correctly, I am quite frankly stunned beyond beleif that that box is running at all. It appears that you have the Cisco IGS software loaded on a 2503. I beleive the IGS never had a option for 2 serials. There were only 3 model; 2E, 1E 1S, and Token Ring. So how you are getting what you are getting is beyond me. I recommend getting a good version of the IOS for the 2503 (this will probably involve purchasing SmartNet for this box) and reflash it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36972&t=36968 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Slight point [7:37298]
VoIP does not require a Call Manager. VoIP is just that, Voice over IP. It does not specify any call features and only extremely limited call handling. Use of a Call Manager implies IP Telephony, which is an alternative to PBX switches. IP Telephony includes complex call handling, call routing, and features like forwarding, transfering, on-hold, conferencing, etc. VoIP (and any VoX) can be used as a point-to-point toll bypass solution, using traditional PBX switches to provide the call routing and other features. However, for any kind of certification, all you typically need to do is make a phone ring, which can be done without IP Telephony. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37315&t=37298 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Actually, you'd be suprised.. [7:37298]
Actually, you'd be suprised how big a selling point it is to have a phone running on a iPaq at a tradeshow. Sure, it's a gimick, but it flashy and get the attention of the guys holding the puse strings. Oh, sure, you can talk for hours about reduced facility costs by using one network, or reduced administartion costs due to mobility and ease of configuration; You'll get blank stares. You can explain how IP telephony can combine half a dozen call centers spread over half the globe into one logical unit and you'll get a couple yawns. But whip out your iPaq and send and receive PSTN calls and they eat it up. Bright and shiny. Yeah, that's usually all you need :) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37320&t=37298 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VG200 [7:37394]
The WIC slots on the VG200 are vesidual. They are only there because the chassis is taken from the 2600 series. These WIC slots are not functional and no WIC can be installed there. The VG200 is designed to take a NM-1V, NM-2V, NM-HDV, or a DSP Network Module (not sure about the model number). This allows for up to 4 FXS or FXO ports, or 2 (possibly 4, I'm not sure) Multiflex T-1's. In theory, those Multiflex T-1 could carry TDM voice channels AND data channels, but I have never tested that on a VG200. The VG200 is designed to be a voice gateway, not a router. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37418&t=37394 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: force a AS5300 involment in a VOIP-VOIP call [7:37386]
Hang on. Are we talking point-to-point, toll-bypass VoIP or are we talking IP Telephony? If you are doing toll-bypass than all toll-bypass calls must go over the 5300. If, on the other hand, you are using IP Telephony with a CallManager, than no, you cannot force calls that stay on the local network through a H323 gateway. And you wouldn't want to. Every call that the 5300 touches burns a DSP. Even moderate use would overload the 5300's capabilities. If you can using CallManager, use Call Detail Records. They are designed for this purpose. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37420&t=37386 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: T1 Vs ISDN PR [7:37983]
T-1 is the layer 1 standard. ISDN PRI uses T-1 for layer 1 connectivity. Therefore, whenever you say ISDN PRI, you are referring to T-1. However, not all T-1's are ISDN PRI. The "other" T-1 is referred to as CAS, channel associated signaling and, as far as I know, is only used for voice. It allows 24 channels of sampled voice. ISDN PRI (aka common channel signaling) is a digital standard and supports 23 64k "B" channels (that can carry voice or data) and 1 64k "D" channel that carries control information. Voice over ISDN PRI has the advantage of a dedicated control channel for troubleshooting and additional call information from the telephone provider. However, it has 1 less channel. So if you are ordering a data T-1, your only choice is ISDN PRI. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37989&t=37983 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Trunk or SPAN [7:38146]
Everything Brian said is correct. The practical difference is the vlan tagging. Frames are tagged on a trunk based on what vlan they belong on. Frames are not tagged on a SPAN port because it is not intended to be split back into vlans. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38160&t=38146 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BootP Probs [7:39532]
I would imagine that if some clients are receiving addresses on the subnet and the printers are not, that the problem is with the printers. The router's helper address cannot filter certain requests from others becuase the devices do not have layer 3 addresses to filter on. I would try to manually configure the printers to confirm connectivity, or at least sniff the local subnet to see if the requests are getting to the router. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39545&t=39532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
If it's a 2611, you're out of luck [7:39788]
Vlan trunking requires a fast ethernet connection. It cannot be trunked with a 261X. You'd need a 262X. If you have to deal with a 2611, your options become much more limited. You could replace the 2611 with a 2620. Or you could get a ethernet module for the 2611. Unfortunately, last time I checked (whish was a couple years ago, given) those ethernet modules came in two models, 1 and 4 port, and cost about $1000 per port. Another option would be to replace the 2611 with a 1750. It's got one fast ethernet port. If this network is as small as it sounds, it'd be a viable option. Oh, and about trunking, the way it works is you define the switch port connected to the router as a trunk. This allows multiple (in your case, all) vlans to use the one port. The router is configured with subinterfaces on the fastethernet port, one for each vlan. The router can then route between these vlans. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39799&t=39788 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
I'm not sure I understand the question [7:39752]
If you are asking if you can have one public IP address for two internal web servers, the answer is no. At least not with Cisco equipment. That would require a layer 4 NAT server. Cisco NAT only operates at layer 3. That means the only thing that Cisco NAT will look at is IP address and port. A layer 4 will actually look at the header information to determine which web server it should go to. One workaround is to assign non-standard port numbers to additional web servers. One web server could use port 80, while another one could use port 8080, for instance. This does make it a little harder to access, but it does work. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39803&t=39752 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VOIP....... [7:39741]
Depends on how deep you want to go... Syngress' Configuring Cisco Voice over IP is a good start, if a little old (2000). If you are coming from the data side, The Essential Guide to Telecommunications by Dodd is a good primer on how the PSTN works. For the hard-core, Cisco Press has Cisco Voice over Frame Relay, ATM, and IP. This is a must for the CVoice exam. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39804&t=39741 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
In referenec to Jim's answer. [7:39788]
It's a kludge but it would work. What Jim is saying is put 2 logical subnet onto 1 vlan. With a switch, it wouldn't really be that bad. The two logical networks would share broadcast traffic, but that should cause any problems. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39805&t=39788 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: I have problem with IP telephony [7:39721]
I have seen problems similar to this, but that was with supervised transfers... I don't have an immediate suggestion, but I'm pretty sure the problem is on the voice gateway. Somehow, the voice gateway isn't registering the fact that the PSTN call hung up. Also, I've never worked with FXO so that might be an issue as well. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39807&t=39721 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Unrelated question [7:39788]
OK, so at least 3/4 of the response to this question say the exact same thing. Or at least hint at it. (It doesn't make sense to me to take the time to answers someones question and do it with 2 words. "vlans" while correct is not, by itself, an answer.) My point is the redundancy. Do some people not read the upt-teen responses before jumping out with their own? Or do some people access these via some other transport (i.e. e-mail) and so don't see the responses? Or do some people just like seeing their names on a newsgroup? It just doesn't make sense. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39846&t=39788 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 802.3ab [7:40158]
If alien crosstalk is an issue in any cabling, it would come up in 802.3af before you ever saw it in 802.3ab. 48 volts will cause alot more noise than 5 volts (Is that the voltage for standard 802.3?). I've seen bundles of 20+ cat 5 ethernet running 802.3af without seeing problems. My guess would be that alien crosstalk will not be an issue with Cat 5 no matter how many cables are bundled. Of course, this assumes the are carrying pseudo-random data (as would be seen in a production network). If all the cables (or a large portion of them) were running the exact same data, a cumlutive effect might be seen. Like soldier marching in lock-step. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40196&t=40158 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
re: voip em [7:40225]
Sounds to me like DTMF relay isn't set up on one side. Or setup wrong. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40355&t=40225 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Priority queueing and IMA interfaces [7:41893]
Naturally, queuing on the Fa interface will only limit traffic on the Fa int and not the IMA. The problem is queuing only effects outgoing traffic on an interface. Incoming traffic doesn't get queued (at least not for any discernable amount of time. Now if the Fa interface were to be connected point-to-point with another router, you could implement priority queuing there. You'd be limiting the traffic upstream. But ethernet does not have a source sqelsch or BECNs like some other protocols, so an interface cannot control the traffic it receives. You should probably look into traffic shaping instead. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41987&t=41893 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
The native VALN in dot1q [7:41837]
In 802.1Q trunking, the native vlan is not tagged. Only non-native VLANs are tagged. This allows you to connect a non-trunk device into a dot1q trunk port and still function properly on the native VLAN. Other than that, it does not serve a function. Yes, it must match on both sides of a trunk, because both switches must agree on what VLAN untagged packets belong. I beleive that ISL tags all packets and does not have a native VLAN. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41988&t=41837 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP Forwarding [7:42353]
Sure, it's called NAT. I think that's the only way you can do what you wnat it to do. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42371&t=42353 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access-list Assistance Needed [7:42351]
First of all, this won't work, unless you have the 198.x.x.x subnet setup as a secondary address on the serial interface of the 1720. The global address have to be available to the outside interface of the NAT router. If you have those addresses available, then, yes, it is possible. I will work out the configs and post them here shortly. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42373&t=42351 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access-list Assistance Needed [7:42351]
OK, if we assume that the ISP has also assigned 198.x.x.4/30 to this client and has the apropriate routing in place... ip nat inside source list 1 interface serial 0 overload ip nat inside source static 192.168.10.5 198.0.0.5 interface e0 ip address 192.168.10.1 255.255.255.0 ip nat inside interface s0 ip address 200.x.x.1 255.255.255.252 ip address 198.x.x.6 255.255.255.252 secondary ip access-group 102 in ip nat outside access-list 1 deny host 192.168.10.5 access-list 1 permit 192.168.10.0 0.0.0.255 access-list 102 deny tcp host 192.x.x.5 any eq 0 access-list 102 deny udp host 192.x.x.5 any eq 0 access-list 102 permit ip any any I don't have the equipment on hand to test this, but I beleive this would work. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42376&t=42351 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: access-list performance degradation [7:42327]
I don't have a definitive answer, but there are facts that come into play that you haven't revealed. First of all, there is no definitive answer. What you are looking for is a "Yeah, it'll work fine" or a "You'll run into serious problems". That depends alot on what you're doing with the line and the router. - If you are handling 90% ftp and http traffic, the cpu delay won't matter. If you are running VoIP or VidoIP, that delay could put you over the recommended limit and effect quality. - If the utilization of the line is low, the extra queuing probably won't matter. If you are overloaded the bandwidth, queuing becomes critical. - If the router is just routing packets, and hence has low cpu utilization, the extra cycles won't be missed. If it's running BGP, NAT, and auditing, you'll probably hit a snag. And you also didn't specify what kind of access list it was. Extended access lists use alot more processor cycles than standard lists. All this being said, I find it hard to beleive that the list cannot be adjusted to optimize it a bit. I assume you have taken a look at the "show ip access-list" command to see what rules are getting hit the most. If you need help optimizing it, post the output for that command here and we can help. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42379&t=42327 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Syslog setup [7:42381]
Cisco syslog can be directed at *any* syslog deamon. NT and *nix come with syslog deamons, but you can add one to other OSes, too. I did a quick look on Tucows and found one that will run on XP. You can check it out at http://www.kiwisyslog.com/products.htm. And it's freeware. (Note: I haven't used that package, so it could be complete crap. But whaddya expect from freeware.) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42382&t=42381 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Security advice - opening ports other than 80 [7:42333]
I agree with Sam. You can (and should) limit access as much as possible; if server A needs TCP port 100 open, then TCP port 100 should *only* be open to server A's ip address. That way, the only packets that get it will be dropped into the waiting arms of your vendors program. And if there's a security issue there, you will know who to talk to. You want to make sure you know what ports can get in to what addresses, and what applications are listening at those ports. That will give you a list (hopefully short) of application you need to keep updated with security patches. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42383&t=42333 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: data vs voice traffic [7:42324]
You can use QoS to prioritize traffic outbound, but unless you have control of both ends (you made it sound like this is a connection to an ISP), you can't prioritize traffic inbound. Sure, you could setup traffic shaping on the inbound connection, but that would just be closing the barn doors after the cows have gone. If you need prioritization, you need to talk to your ISP. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42384&t=42324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access-list Assistance Needed [7:42351]
First off, you caught a typo. That should have been 198.x.x.5, not 192.x.x.5. Secondly, going back to your first reposte... from your original post, it was not clear that the 198.x.x.x was being routed to you from the ISP. Ideally, you would have a /248 address space from the ISP, so you can assign one to the remote router, one to the local router, one for overloaded NAT, one for the static NAT, and still have 2 addresses let over. I agree the secondary address is something of a cludge. On reflection, I suppose it is not needed; the router *should* respond to the 198.x.x.5 address if there is a static route from the ISP. Oh, and overload to the interface is the same as overload to a pool of one, which is what we want, correct? When the interface is used (instead of a pool), it simply uses the ip address of the specified interface. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42385&t=42351 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Please help!!! [7:42411]
I agree. Are you terminiating the tunnel on gw1.bne? Or do you have another route from gw1.bne2 to gw1.bne? Becuase it looks like gw1.bne is learning it's route directly from gw1.bne2. If you could include the config from gw1.bne, it would help. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42441&t=42411 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IVR for conducting phone surveys [7:42405]
It definitely possible to run a phone survey with IPIVR and CallManger. Right now, IPIVR cannot record speech (that'll be next version, I beleive) and converting that speech to text and storing it a database would be around the next corner. But for caller entered digits (ie touchtones), and scripted survey questions, IPIVR can definitely do that. The trick, of course, is setting it up in a flexible enough configuration so that the local administrator can adapt it to whatever survey they want run. Chances are someone has already done this, but I don't know who. I know we can do it here. I'm a CallManager guy, and I don't know the backend of the IVR well enough to integrate with a database, but we have people who do. If you want to check it out, visit www.spanlink.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42442&t=42405 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How come I can't telnet to my router? [7:42444]
It's because you are running NAT overloaded. It assumes that all traffic it receives on the dialer interface is destined for a machine on the inside and not for itself. Since there is no static mapping, and no dynamic mapping for telnet, it is refused. That is assuming you are coming in over the dialer interface. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42446&t=42444 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How come I can't telnet to my router? [7:42444]
Oh, how rude of me. I explained the problem without offering a solution. The easiest (and least likely, considering it appears to be residencial DSL) is multiple IP addresses. A secondary address that is not a part of the NAT pool could be addressed from the outside. The next easiest (I hesitate to say next best, becuase this option is more secure) solution is to create a static NAT map for telnet (port specific) to an internal box (anything with telnetd will work). Then you can telnet from there to the ethernet interface of the router. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42447&t=42444 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Since you are in a teaching mode... [7:42913]
How is that different than IPX? It seems if you are going to increase the size of the address enough to include the MAC address, assigning a unique (whether locally or globally) become trivial. After all, MAC addresses are, in thoery, globally unique. Then the only question is routability, which means network information picked up from the line (as in IPX) or from a server (in IPv6 as you seem to indicate in your post). My greatest concern about IPv6 (and this is probably due to my ignorance on the subject) is the apperent reliance on name resolution. I just think how oftern in my line of work it is easiest and most expedicious to use the IP address rather than the name. That isn't going to be feasible when the address is 60 odd characters long. Am I missing something, or are the days of 'no ip domain-lookup' soon to be a thing of the past? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42918&t=42913 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
The Earth, routes and washing machines [7:42913]
First of all, the idea of my washing machine having a globally routable addess is a little scary. Someone could hack in and ruin my delicates. Second, in terms of waste, I understand what you are talking about when you bring up the old "640K" arguement. I remember reading an article 10 years ago saying that the 486 processor would never see the desktop, because it was too powerful for anything other than servers. However, 128 bits *is* alot, enough that you could take all the publicly routed IPv4 addresses, and assign all of them to each square meter of the Earth's surface. Each square meter (and that includes water) could be assigned a full 2^32 address space. Until we start talking about extraterrestrial internets, I think that 128 bit will do. Third, I agree that summarization is a good idea. But how should it be implemented? I would think geographically. However, from my personally experience, that wouldn't work out the best. I've been in a office building in Minnesota and tracerouted a machine on another floor in the same building. The path went from Mpls, to Chicago, to St. Louis and back. Any intelligent summarization will have to be based on the telecommunication providers rather than geography. Then you have issues of teleco moving, merging, failing, reconfiguring, etc. I don't know that there is a good permenent solution. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42984&t=42913 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ip route statement [7:43001]
I'm not sure what you mean by "implementing migrating". The cammand that you mentioned is a easy efficient access-list alternative. Essentially it tells the router to drop all packets destined for the specified network. It's easier to setup than an access-list, and more efficent in terms of processor time. Putting that on every router would essentially kill that address space on the network, but you could also do that by changing the IP addresses on the interfaces. Perhaps you could explain a little further what it is you want to accomplish. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43007&t=43001 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VoIP Call Detail Reporting [7:43238]
OK, if you don't have IP Phones, I assume that means you don't have CallManager. The question then is what are you using for a PBX. The easiest place to pull that information is from the phone switch. I haven't seen that information being collected at the voice gateway. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43239&t=43238 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: dot1q problem [7:43392]
The only issue I can think of in dot1q vs ISL is the native vlan. If the native vlan is set to something other than default (which is Vlan1) on one end of the trunk, and not on the other, then the 2 routers would not be on the same subnet and would behave the way you describe. One way to check this is to remove see if you can ping the real ip address of each router from the other while dot1q is up. If you can't than there must be something wrong with the trunk. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43395&t=43392 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Phone networks [7:43498]
The frame relay line from your location connect directly to a frame relay switch, which switches frames (go figure) between connections. In practice, it's a lot like a huge VTP domain. Say you have sites A and B, with a PVC between them. You have a dedicated connection from each site to the provider (typically, two different CO owned or leased by the provider). The provider connects that link directly into a frame relay switch. The frame relay switch is programmed with the knowledge of what other frame relay switch connects to the remote side, or at least what the next hop is. This traffic is aggregated with other customers, which is why you get things like CIR and burst rates. Therefore, you do not have a dedicated line (this isn't circuit-switching, thank goodness). But the magic all happens behind the scences, so we don't have to worry about it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43519&t=43498 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: A net or B net [7:43480]
Aside from security concerns, the only advantage you get from spliting the network with a router, *in a switched environment*, is broadcast control. Now broadcast control is a good thing, in some cases, but if you are just running IP without any broadcast intensive applications, you shouldn't have a problem running with one logical network. Of course, if you are planning on extensive growth, or you are running other protocols, for broadcast hogs, or you want/need security between groups, or you just don't have anything else to do with that router, you can definitely keep it in place, and it won't hurt anything, or at least not much. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43523&t=43480 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2600 Fast Etherenet problem [7:43518]
I don't know the situation, but I would suspect a bug of the human vareity there. Is it possible someone is tampering with your system? And the IP address, does it come from a DHCP scope on the network? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43527&t=43518 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Need Some Advice [7:43476]
For something that big, you need something in the 7000+ range. A 7500 could handle it. I'm not *vary* familar with the 7x00 series routers, but I know ithey can handle that level of connection. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43529&t=43476 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router/Bridge re-transmit frames? [7:43459]
Sure, it's retransmit if there's a collision. Cut-through switching will begin forwarding as soon as the MAC is read, but it must still keep a copy in memory in case of collision. I guess I don't know for certain, but I would assume... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43537&t=43459 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Nat [7:44300]
That config is taken verbatim from CCO. The problem has to be elsewhere. Can you explain what exactly you are doing and how you know it's not working? What, for instance, do you get from the "show ip nat translation" command? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44302&t=44300 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HELP pls ,,,, IPX ROUTING AND VOVELL 3.12 [7:44338]
Just turn on IPX routing and IPX RIP and everything will work itself out :) (Boy, I'm glad I'm not you. How'd you get roped into a project without knowledge of the technology and without the time to learn?) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44356&t=44338 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Bitswapping Tool [7:44385]
The question is why would you need to do that. I can see that as a question on the written, but I doubt the lab will require something so theoritcial. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44387&t=44385 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ip helper address: which is the mac address? [7:44608]
The DHCP server doesn't read the actually MAC address of the client PC. The DHCP client builds a DHCP request packet that includes the client's MAC address. The DHCP relay just passes that packet to the DHCP server, along with additional information (such as what subnet the request is coming from). Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44615&t=44608 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Seems to me... [7:45664]
The error says the source and destination are the same. Since the source and destination ip addresses are obviously different, I would guess the complaint is that the last-hop and next-hop gateways are the same. The IDS is complaining because some packets are trying to hairpin in your router. This could be because of some malicious spoofing or it could simply be a bad route at your ISP. I'd inform the ISP as a heads up and see what they have to say. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=45758&t=45664 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Privilige Password Advice ... [7:46246]
The best practice is, if you know Perl or some other scripting language (and I don't BTW, at least not well enough) is to put together a script that will take as input the existing enterprise-wide router password and a new password and the script can telnet to each router, login and change the password. That way, you can change the password every 3 months, or month, or when it could have been breached, or whenever you feel like it, and it will take 10 minutes instead of 4 hours. One important note, however. It would be a very good idea to have that script keep a text copy of all input and output, in case something goes wrong... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46270&t=46246 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
I always thought... :) [7:46282]
That NYC was in the Alpha Quadrant in subnebular terrian. But maybe I'm wrong. I'm sure it's just TAC's boilerplate excuse when no other culprit can be found, like "gremlins" in WW2 bombers. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46305&t=46282 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PBR [7:47463]
The question is how would the router know the host is down without some sort of heartbeat. My next question, and this shows my shallow knowledge of PBR, but can the next-hop be a non-local address? For instance, can router 1 which is connected to subnets A and B use a host on subnet C as a next-hop, despite the fact that router 1 has to go through router 2 to get to subnet C? If it can, would this create a tunnel, so that traffic would get to the next-hop address, or would Router 2 receive the packets and try to route them itself? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47569&t=47463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Full-Duplex Communication [7:47562]
That is a marketing issue, not a technical one. The people who work with switches everyday understand that when you are talking about full-duplex bandwidth, it's split between up and down. It's up to us to educate the decision-makers and end-users, rather than muddle with the marketese. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47567&t=47562 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: callmanager dial plan question [7:48300]
Trick is you will have to deal with the timeout problem with your current layout. Because all your Pleasanton extensions start with 6, and your RTP numbers start with 6, the CCM can't tell from the first button how many digits to expect. It would work better if you have an escape key for non-local internal sites, like an 8. As for users at RTP, you can set them up so they can dial their 4 digit extension locally. You'll need to set up an RTP partition and an RTP calling search space that specifies the RTP partition before everything else. Setup all extensions at RTP with 4 digits in the RTP partition with the RTP css. Also, create a translation pattern in a partition that all sites have access to, set it to translate 685 to and give it a css of RTP. You can copy this for all sites. And Chuck is right, dial plans are not shared between clusters within the software, so a "Grand Dial Plan Scheme" should be developed before starting and implemented within each cluster. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48332&t=48300 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
h225 IE data [7:48352]
We have been experiencing some toll fraud with our CallManager / Unity system. Thanks to CCM traces we were able to find out exactly how they were getting in. However, we still don't know who "they" are. The ANI on the incoming calls was blocked (suprise suprise). What I'm wondering if there is any information that we can get from the H225 data. I know we won't be able to get the calling number, but maybe we can pull out what city they are calling from, or what carrier they are using, or any information at all. It is possible that the FBI will get involved in this (the destination of these calls are countries that the FBI has an interest in) and, if they do, I'm sure they have ways and means to get far more information than I do. I'm just courious. If anyone knows what can be learned from H225 and how, I'd appreciate it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48352&t=48352 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: h225 IE data [7:48352]
Well, we haven't talked to Cisco about this. Somehow, and we aren't sure how, someone got the password to a Unity mailbox that was never assigned to a person (for administrative use only) and should have been locked. Once they had this, they could simply dial into any voice mailbox, opt out to the main menu, login as the comprimised mailbox, and then transfer themselves out to whereever they wanted to call. We have stopped this by A)locking and changing the entension of the comprimised mailbox, B)forcing password changes on all mailboxes, C) implementing the class of service feature so that Unity will not allow tranfers to international numbers and D)creating and assigned a calling search space to the VM route points so they cannot call out internationally (redundant, I know, but the Unity system was comprimised). We also changed all admin passwords. The troubling thing is we don't know how the password was leaked in the first place. There is no sign of a dictionary attack in Unity. It is possible that this was internal, but we don't know. We are still looking and if we find a smoking gun, I'll let you know. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48418&t=48352 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Yeah, you need another router [7:48795]
You'll need something with T1 and E1 interfaces. I can't imagine what could possibly convert T1 to E1 without terminating both. Depending on what you want to do, I would recommend a cheap 4000 (if you can find one on E-bay) or a VIC-2T1. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48838&t=48795 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PRI to BRI [7:48782]
Should work fine. Although, come to think of it, I've never worked with inbound BRI. You should just need to setup dial peers and call legs. This is a good primer on call legs if you have no idea what I'm talking about. http://www.cisco.com/warp/public/788/voip/dialpeer_call_leg.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48840&t=48782 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Software upgrade through Hyperterminal session [7:48764]
I was suprised to hear that the 2500 series didn't support xmodem, but looks like that's true. http://www.cisco.com/warp/public/130/rommon_boot_image.html Note where it says: If your router has no valid image in Flash or Bootflash, and no other ROMmon upgrade procedure, the only way to recover is to have a similar router with a compatible Flash card, download the image on that router, and then move the Flash card to the one that is stuck. Which, of course, means creating a new partition, copying to that partition, etc, etc... Not pretty. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48841&t=48764 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Help me on my CCNA Design Project [7:48715]
First of all, if you feel you need routing at gigabit-speeds, you probably need layer 3 switching. A Cat 4000 or 6500 with an RSM would do nicely. Of course, if this is anything but on paper, you've probably priced yourself out of the market. As for the GBIC question... Are you talking about the 2 connectors on a fiber GBIC? If so, you need both for one connection. One is transmit and the over is receive and they need to cross; Tx to Rx, Rx to Tx. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48842&t=48715 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3640 ATM Support (NM-4T1-IMA) [7:48803]
The T1 IMA card was tricky for me when I set it up. I ended up calling Cisco TAC. They have access to a compatability matrix that I, unfortunately, have not been able to find anywhere. Just tell them what modules you have and they will tell you the minimuim revision you need. I also do not beleive that different feature sets of the same IOS revision support different hardware. If the revision supports the hardware, it will recognize it, even if the feature set you have won't do the cool thing you want it to do. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48852&t=48803 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Hardware requirement for Cisco CallManager [7:50142]
CallManager 3.1 and higher is certified on Compaq DL320, DL380, and IBM series 340, for sure. I assume that DL360, also, although I have no first-hand knowledge of that, and I beleive some HP server (I think even a Dell). These are just the servers that are supported using the Sperion Installation Utility for the OS. In actualality, you can run an OS patch on any server running W2K Server and then install CallManager itself on top. The manufacturer isn't nearly as important as the performance. That being said, I wouldn't install even a lab CallManager on anything less than P3-700 with 512 memory. Production *should* be over a gigahertz with a GB of memory. And I would recommend installing any other apps on the CallManger server, either. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50163&t=50142 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Hardware requirement for Cisco CallManager [7:50142]
Blast it, I keep forgetting the "n't". That is "wouldN'T install any other apps on the CallManager server, either". I hope that was self-evident. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50171&t=50142 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: switch command [7:50413]
Switches don't give a fig about ip addresses and don't store them in any tables. Your sho arp command will only show ip addresses that the management interface has accessed; i.e. pc's from which you have telneted to the switch, hosts you have pinged from the switch CLI, etc. All the switch cares about is MAC addresses and VLANS. It's a layer 2 device, so it doesn't care about layer 3 addresses. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50419&t=50413 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Got problem installing CallManager 3.1 on IBM x330 [7:50401]
First of all, what revision are you trying to install? Second, are you attempting to install from CD or from a file? If you are using a CD, are you trying to boot from it? As I understand it, the CallManager installation itself should work fine (post 3.1.0), but you will run into problems trying to use the Spirion install (that's the cds that are bootable) on non-Cisco blessed hardware. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50421&t=50401 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: can reach host [7:50422]
To access one VLAN from another, you need to use a router. Even if both VLANS are on the same switch, without a layer 3 device (a router), you will not be able to access one from the other. Also, the router needs to be either trunked to the switch or have multiple connections to the switch (or intergrated in the case of a layer3 switch). If you'd like to explain further, I'd be happy to entertain questions. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50424&t=50422 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Anyone took EVODD (9E0-411)? [7:50340]
I have a co-worker who has taken and past this exam, both the old online version and the proctored one. If I remember correctly (He's not in the office today), the online version was a cake walk, one small step above a sales exam. The proctored one, however, scared him. He was expected somthing easy, and it wasn't. He barely passed. He said the best prep in his opinion would be the study material for CCDA, with an emphasis on voice technologies. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50426&t=50340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: routing question [7:50434]
You are saying that this configuration doesn't work? Nothing seems amiss. Are you sure the interfaces are up and working? Clockrate and all. Are the routes not getting in the routing table? A show ip route would help. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50438&t=50434 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: * Routing/Subnetting question [7:51193]
The problem is you cannot assign the same IP addresses to mulitple interfaces, especially on the same router. From what I'm reading, you are trying to assign a /29 (let's say 209.98.10.160/29, which allows for addresses .161-.166) and a /30 from that same range (like 209.98.10.164/30, which allows for .165 and .166). You must be assuming, incorrectly, that addressing is handled like routing, and the router will follow the most specific address. If the router received routes for both these networks on two different interfaces, this works. However, a router cannot have directly connected interfaces that share IP addresses. For instance, in the above example, if allowed (which is why you are getting the "overlapping" error), the router would have to send packets addressed to 209.98.10.165 out both interfaces, which it can't.James Wilson wrote: > > I have a 1750 with a /29 assigned to me, and I need to create a > DMZ to put > a DNS server on so that I can control access using CBAC. My > FastEthernet > interface is trunked to a Cat 2924. I'd like to have the /29 > on one > subinterface which talks to PacBell's router, and take a /30 > out of the > /29 and put it on another subinterface so that I can hang the > DNS server > off a port on that VLAN using a public IP address. I'd also > like to use > static NAT addresses out of the /29 including what would be an > all zero or > all one address out of the /30. My thought is that this would > work since > the NAT will take place via the subinterface on the /29 (ip nat > outside), > and the only time the /30 will come into play is with traffic > destined to > the DNS server, which is not NAT'ed. This would allow me to > have routing > and CBAC protection for the host on the /30 net and not lose > the ability > to use those addresses which would normally be lost from the > /30 all zeros > and all ones addresses by using them for static NAT entries for > hosts on > the private IP side of my network. When I go to assign an > address out of > the /30 to the subinterface facing the DMZ I get a message > stating that > the addresses overlap the other interface. Will this still > work the way I > believe it will? Would it make a difference if I use my > currently shut > down Eth0/0 interface instead of the trunked Fa0/0? > > Thanks for your time/help! > > -- > James D. Wilson, CCDA, MCP > Sr. Network/Security Engineer > "non sunt multiplicanda entia praeter necessitatem" > William of Ockham (1285-1347/49) > > [GroupStudy.com removed an attachment of type > application/x-pkcs7-signature which had a name of smime.p7s] > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51237&t=51193 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: T1 interface type compatibility [7:51137]
You need a T1 CSU/DSU to translate from the T1 to the serial. In T1, you only have 2 pair, 2 wire Tx, 2 wire Rx. In serial, you will have alot more pairs, which means some pairs can be used for control. That's what the DCD, DSR, DTR, RTS, and CTS are. They are individual wires (5 wires) that are either on or off. T1 simply doesn't have the parallel bandwidth for that. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51238&t=51137 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
First thing I would do... [7:51304]
Is look at the traffic and figure out what it is and if it's necessary. 3 mbs is some serious bandwidth for one spoke site. Is it database lookups on some apps? Perhaps it makes sense to put a database in the remote site and synchronize. Voice/video traffic? make sure your QoS infrastructure is up to date. Is it internet traffic? Perhaps some policies would help, or perhaps the third T1 should go from the remote site directly to an ISP. Is it garbage (i.e. SAP, DHCP, DNS, routing protocols, proxied arp, etc)? Then cut that B (as in b) S (as in s) out. Anyone can throw more money at a problem. As professionals, we need to throw brains first. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51367&t=51304 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Sure [7:52305]
It just copies the UDP broadcast packets to all address specified. So you could put in a second DHCP server. Any DHCP request would be sent to both servers. Both would respond and the client would select which one to take. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52307&t=52305 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
If you are looking forward to VoIP... [7:52762]
If you are looking at Cisco IP phones, I would recommend replacing all the Cat2950's with Cat3524-PWR. It's cheaper and easier to manage the phones when they get power from the switch, than buying and maintaining a power brick for each phone. This, of course, assumes enterprise-wide deployment of IP phones. If only a handful are getting them, the bricks may be a viable solution. BTW, IDF = Intermediate Distribution Frame. As opposed to the Main Distribution Frame. Typically, a multi-story building will have 1 MDF, usually in the basement, and 1 IDF on each floor. The MDF will have punchdowns going to each IDF, allowed easy patching between floors. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52796&t=52762 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VOIP and subnets [7:52688]
The difference is this: Voice over IP means just that, voice packetized to run over IP. This could be an IP phone, or an analog phone connected to an FXS port on a router, or even two voice gateways that provide toll bypass between 2 geographically seperate traditional PBX's. THe only defining characteristic is that, at some point, the voice is split up, put in IP packets and transported over an IP network. Now, IP Telephony is VoIP, but it means more than just that. Kinda like every square is a rectangle, but not all rectangles are squares. IP Telephony means that at least one end of the conversation is terminated on an IP device, such as an IP phone. This implies that the various features common to modern phones are provided by the IP system, like hold, transfer, park, call forward, etc. VoIP does not define these services. Hope this helps. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52797&t=52688 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FXS and Key System connection [7:52795]
In a word, no. The only way to get analog lines into a 26xx series router (or 36xx for that matter) is with a NM-1V (or -2V) and an FXO (or FXS) VIC. The NM-1V alone is running between $300 and $500 on E-bay. The FXO/S will probably be another couple hundred at least. But, yes, it seems that ITS will allow you to route IP phone calls to and from analog lines with the proper hardware. I haven't worked with ITS, much but the description seems to indicate that. However, I don't know if ITS will really help you. ITS is a nickle answer to the $64,000 question, and it will not help in passing the CIPT exam. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52802&t=52795 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Voice Certification [7:52734]
I would say go CVoice, CIPT, DQoS. Save the QoS test for last because it is a mother of a test. CVoice was harder than I thought it was going to be, but I thought it was going to be very easy. All in all, it's not a real tough test. The CIPT seemed to be more product knowlegde than technical knowledge. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52803&t=52734 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
