Re: Non-contiguous subnet masks

[Chuck]

Dear Chris :
Could you refer us the RFC or website for further study.   Thanks



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Passed the written... again

[Chuck]

Yeah !!That is exactly how I feel !!!
English is my second language.  Now my tears is coming out, just you too
feel the same way.   And most important, you write it out for me.
Thanks

>
> To give you an idea, pretending that this was a math exam, some of the
> questions looked like this:
>
>
> 1.  How many sides are contained in a left-handed square?
> A.  4 sides if there are 2 triangles present
> B. None, a circle has 4 sides.
> C. A right handed square has 4 sides.
> D. All of the above.
>
>
> 2.  Chuck bought 5 bananas at the supermarket.  Priscilla bought 2 apples.
> Howard robbed Pamela the cashier.  How much did Chuck pay for the apples?
> A.  The bananas were 1 dollar a pound.
> B.  False, the apples were really peaches.
> C.  Howards got 5-10, with time off for good behavior.
> D.  The log lady likes apples too.
>



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco 3000 VPN Concentrators (DSP add-on) [7:35059]

[Chuck]

A quick try on google revealed a couple of hits indicating that yes DSP
chips are used for IPSec encryption/decryption.

http://www.ssh.com/about/press/2000/release08062000(2).cfm

http://business.vsnl.com/kbs/dsp.html

http://www.broadcom.com/pbs/BCM3352.pdf

for example.

Seeing that, and knowing that a DSP ( digital signal processor ) is a
computationally speedy IC used for processing complex signals associated
with real time audio and video, it occurs to me that why couldn't the
architecture be used to service the computationally intense processing that
IPSEC entails?

Howard? BSEE's?


 wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> The 3000 VPN concentrators do encryption via software.  The 3015 and above
> models can use the Scalable Encryption Processor (SEP) hardware
accelerators
> to offload the encryption processing.
>
> According to the documentation, the 3030 and above can use a "programmable
> DSP-based security accelerator".  The only explanation I have found on
> Cisco's web site about DSP is "digital signal processor".  What does that
> have to do with IPsec encryption?
>
> Thanks,
> Dave Goldsmith
>
> 
> This email message is for the sole use of the intended
> recipient(s) and may contain confidential and privileged
> information.  Any unauthorized review, use, disclosure or
> distribution is prohibited.  If you are not the intended
> recipient, please contact the sender by reply email and
> destroy all copies of the original message.  Any views
> expressed in this message are those of the individual
> sender, except where the sender specifically states them
> to be the views of Intelsat, Ltd. and its subsidiaries.
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35070&t=35059
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IPX Network Number question [7:35146]

[Chuck]

Ah, memories of the IPX default network experiments!

I'll have to root around in my notes and  write up a little something on
this. I spent a number of fun filled hours learning how to make this work in
preparation for my Lab last December. Watch this space for a mini lab and
configs...

Chuck



""Priscilla Oppenheimer""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Very tricky ;-)
>
> When Novell invented NLSP, they reserved the 0xFFFE network number to
> mean the default route for both NLSP and RIP. Cisco adopted this standard.
>
> If you must use 0xFFFE, you can disable the default handling of the
> network number with the no ipx default-route command.
>
> Priscilla
>
> At 05:13 PM 2/11/02, Wilson, Christian wrote:
> >I have a IPX network question
> >
> >I am doing a practice lab that requires me to assign the IPX network
address
> >FFFE to an interface and to set the encapsulation type to SAP.  I
have
> >attempted to do this, but my router will not take the address.  When
typing
> >"ipx network ? ", I see that the valid range for IPX network numbers ends
at
> >FFFD.  The practice lab is very specific about assigning FFFE,
> >stating that there is a trick to accomplish this.  I have searched the
CCO
> >and my documentation, but I have found nothing.  Can someone please
assist
> >me with this?
>
>
> 
>
> Priscilla Oppenheimer
> http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35161&t=35146
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MAC ACLs [7:33554]

[Chuck]

check out CCO:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ibm_
r/brprt1/br1dtb.htm#1047297
watch the word wrap

eg:

access-list 700 deny 0800.2000. .00FF.
access-list 700 permit .. ..
interface ethernet 1
 bridge-group 1 input-address-list 700

happy hunting.

Chuck


""Vijendra Jaiswal""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello All ,
>
> Can anyone pls post a sample configuration of the MAC addresses ACLs  so
as
> to restrict the MAC addresses using Access Control Lists .
>
> Thanks in advance ,
> Vijendra.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35201&t=33554
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MAC Address format [7:35203]

[Chuck]

In fairness to the original poster, different manufacturers, and even within
Cisco, different product lines, have different ways of entering/configuring
MAC's.

True, a MAC is 48 bits, and true, there are different ways of representing
them. Most books I have read use the .. format. some sources
might use colons instead of periods.

But in terms of configuration, on a Cisco router the configuration format is
1224.5678.abcd while on a catalyst 5000 switch the format is
12-34-56-78-ab-cd

The guy who posted the original question noted that on 3com garbage
equipment the format is 12:23:56:78:ab:cd

Chuck


""Logan, Harold""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Those are both valid MAC formats. Your router's MAC is
> 00:08:00:50:8d:b2. Same hex digits, different way of writing them.
>
> Hal
>
> -Original Message-
> From: Charles Lomotey [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, February 12, 2002 7:08 AM
> To: [EMAIL PROTECTED]; Logan, Harold; Charles Lomotey;
> [EMAIL PROTECTED]
> Subject: MAC Address format
>
>
> Hi All,
>
> I have to a MAC address shown as 0008.0050.8db2 on my cisco and want to
> block it on my 3com lan switch which has MAC addresses in the format eg.
> 00:01:03:28:4c:3d
>
> How do I convert the Cisco MAC to this other format?
>
> Charles
>
>
>   _




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35208&t=35203
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: TTL and modern (fast) routers [7:35507]

[Chuck]

Yes, RFC 1812 is where this is discussed. IIRC, the author notes that all of
the router manufacturers complained that trying to use time rather than hops
was impractical if not impossible from their perspective.

Chuck

""Howard C. Berkowitz""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> >AFAIK, the TTL gets decremented by one by a router as it passes it on (if
> >it's held under one second), or by the number of seconds it was held if
it
> >is held over one second.  I agree that anything more than 1000ms of delay
> >seems outrageous for a single hop these days, but I don't know of
anything
> >that has changed that "rule" that both you and I describe.
> >
> >Mike W.
>
> This is off the top of my head, but I think the changing of the rule
> to decrementing the hop count is in RFC 1812. TTL for fragment
> reassembly is a little different.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35610&t=35507
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Easy ways to pick up a few extra minutes on the CCIE lab. [7:35613]

[Chuck]

I borrowed some of these from other folks. Some I derived myself. In the
real lab I found myself using some more than others. knowing the various
switches makes these very useful. note that first two lines - for your
initial configuration of routers, this helps immensely, assuming you have
made no typos.

My favorite dumb thing I once did was mis typing exec-timeout 0 4 that one
was real fun to correct.

I should probably add an eigrp command or two. also an alias for "exit" as
several of these aliases don't work unless you are at the
router(config)> prompt

come to think of it, aliases for show access-list and show route-map might
be useful as well. I hesitate for feat that I'll end up spending too much
time creating the list ;->

enable
conf t

no ip domain-lookup
no ip http server
ip classless
ip subnet-zero
ip tcp synwait-time 5

alias configure a access-list
alias configure ae alias exec
alias configure rm route-map
alias configure ro router

ae a show access-list
ae b show ip bgp
ae d show dlsw
ae e show ip eigrp
ae f show frame
ae ib show ip interface brief
ae ip show ip protocol
ae ir show ip route
ae o show ip ospf
ae p show protocol
ae sr show run | begin
ae xb show ipx interface brief
ae ap show ipx route

line con 0
exec-timeout 0 0
privilege level 15



""Wright, Jeremy""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> also, check the groupstudy database...there was a list of aliases that a
guy
> put on the list
>
> -Original Message-
> From: Daniel Cotts [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 15, 2002 2:19 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Easy ways to pick up a few extra minutes on the CCIE lab.
> [7:35547]
>
>
> Better than the CTRL+R that I've been using.
>
> > -Original Message-
> > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, February 15, 2002 1:45 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: Easy ways to pick up a few extra minutes on the CCIE lab.
> > [7:35541]
> >
> >
> > That's a really good one. I hate it when the console blasts
> > some stupid
> > message at you while you're typing. It still throws me off
> > even though I
> > should be used to it. ;-) Thanks for telling us about this.
> >
> > Priscilla
> >
> > At 02:11 PM 2/15/02, Sean Knox wrote:
> > >I always enter console config and turn on "logging
> > synchronous"; it inserts
> > >a carriage return automatically after system messages show
> > up. Doesn't hurt
> > >to enable it on the vtys either.
> > >
> > >core8500#conf t
> > >Enter configuration commands, one per line.  End with CNTL/Z.
> > >core8500(config)#line con 0
> > >core8500(config-line)#logg sync
> > >
> > >-Original Message-
> > >From: Hire, Ejay [mailto:[EMAIL PROTECTED]]
> > >Sent: Friday, February 15, 2002 10:32 AM
> > >To: [EMAIL PROTECTED]
> > >Subject: Easy ways to pick up a few extra minutes on the CCIE lab.
> > >[7:35523]
> > >
> > >
> > >no ip domain-lookup  (how do you spell pnig again)
> > >terminal escape-char 3  (Press Ctrl-c to break out of ping & Telnet)
> > >
> > >Anybody got others?
> > 
> >
> > Priscilla Oppenheimer
> > http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35613&t=35613
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Easy ways to pick up a few extra minutes on th [7:35580]

[Chuck]

for some reason, the Lab proctors frown on people installing their own
software on their terminals. ;->

I've been told that they frown on people even saving things like their
notepad files to the computers in the lab. I don't recall any instruction
one way or another on this one. I do vaguely recall one proctor saying that
if somehow you hack your way to the internet, and they catch you, you will
be disqualified immediately.

Chuck




""Ozzie Sutcliffe""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Can you use terraTerm instead of hyperterm ?
> If so set the scroll buffer to 10,000 lines this way you have a complete
> history by scrolling up the gui in terra term
>
> oz




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35614&t=35580
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Secondary ip address and ip helper-address [7:35601]

[Chuck]

One must be wary of using secondary addresses. As has been discussed here
many a time, in many a context, secondary addressing on routers is
problematic. Adjacencies in various routing protocols do not form. Routes do
not get exchanged.

In general, the router will use the primary address as it's source for lots
of things, including DCHP forwarding.

one solution to the particular problem might be to use the router itself as
the local DHCP server.

Chuck


""GAHellinger""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Make sure your Microcrap server is using a superscope to encompass both
your
> DHCP scopes.
>
>
> ""J-B""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Team,
> > I have the following problem:
> >
> > Our network has 10 sites, I am in the process of readdressing current
> > network. I have setup secondary ip address on every site, At the present
> > time I am setting up a wk2000 dhcp/win server in one site. The problem
is
> > that I am not able to obtain ip address from the DHCP server via the
WAN,
> it
> > works fine in the site where it is locate. The layout is the following:
> >
> > Hub site
> >
> > interface Ethernet0
> >  ip address 192.168.13.1 255.255.255.0 secondary
> >  ip address 192.168.1.1 255.255.255.0
> >  ip helper-address 192.168.12.17
> >  ip directed-broadcast
> >  no cdp enable
> >
> > interface Serial0
> >  no ip address
> >  ip directed-broadcast
> >  encapsulation frame-relay IETF
> >  no ip mroute-cache
> >  frame-relay lmi-type ansi
> >
> > interface Serial0.3 point-to-point
> >  description Spoke site
> >  bandwidth 384
> >  ip unnumbered Ethernet0
> >  ip helper-address 192.168.12.17
> >  ip directed-broadcast
> >  frame-relay interface-dlci 26
> >
> > Spoke site
> >
> > interface Ethernet0
> >  ip address 192.168.12.1 255.255.255.0 secondary
> >  ip address 192.168.2.1 255.255.255.0
> >
> > interface Serial0
> >  no ip address
> >  encapsulation frame-relay IETF
> >  no fair-queue
> >  frame-relay lmi-type ansi
> > !
> > interface Serial0.1 point-to-point
> >  description connection to Hub
> >  ip unnumbered Ethernet0
> >  bandwidth 384
> >  frame-relay interface-dlci 16
> > !
> >
> > The ip address of the DHCP sever is 192.168.12.17
> >
> > Be aware that I have not problem pinging to the DHCP server from the Hub
> > site.
> >
> > Team, what I am doing wrong here...HELP
> >
> >
> > Thanks (nothing can replace experiencewo)
> >
> >
> > JB




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35615&t=35601
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: redistribution and tags [7:35624]

[Chuck]

Route maps are essentially built around an "if then else(if)" logic. the
point of their activation is the point of their inception.

therefore if you were to have a route-map such as:

route-map eigrp_tag_igrp permit 10
 match tag X
 set metric 1 100 255 1 1500

and the redistribute statement:

router igrp 100
redistribute eigrp 50 route-map eigrp_tag_igrp

then the logic flow is:

1) take a route learned from eigrp 50
2)if the tag for that route is X then set the metric as stated and
redistribute it into IGRP 100
3) else don't redistribute

in this case, only those routes with a tag of X learned from eigrp 50 will
be redistributed into igrp ( subject to the classfulness of the route )

sometimes it can be a little difficult to determine where exactly things
happen in the various processes on a router. for example, linear
redistribute seems not to occur at all, even if that does not seem logical.
( can't redistribute from rip to igrp to ospf an the same router, not and
get anything coherent or predictable as a result ) however, in this case,
the logic appears to be straightforward, so far as I can tell.

HTH

Chuck

""Scott H.""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> At what point during redistribution is a route-map processed?  In other
> words, if I want to redistribute from EIGRP (supports tags) to IGRP
(doesn't
> support tags) can I match tags in the route map and then let those routes
go
> into IGRP?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35625&t=35624
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: redistribution and tags [7:35624]

[Chuck]

I did a little bit of research on this, being curious as to the reason for
your question.

essentially, the logic illustrated below works just fine. the questions that
came up are:

1) how to tag the eigrp routes in the first place and
2) why the routes may not appear in IGRP assuming the eigrp tags exist.

there may be a way to tag the routes natively, but I have not found it. tags
can be set during redistribution into eigrp using route-maps.

don't forget the metric commands when redistributing into igrp and eigrp.
routes do not get redistributed without a metric assignment. I experienced
difficulty when using a route-map to set the metric. I ended up using a
default metric under the eigrp process.

the setup:

OSPF->EIGRP--->IGRP

ospf routes have a tag of 200

O192.168.23.0/24 [110/74] via 192.168.34.3, 00:19:09, Ethernet0
O192.168.33.0/24 [110/11] via 192.168.34.3, 00:19:09, Ethernet0
R4#

D192.168.106.0/24 [90/2297856] via 192.168.47.4, 00:16:05, Serial0
C192.168.47.0/24 is directly connected, Serial0
D192.168.105.0/24 [90/2297856] via 192.168.47.4, 00:16:05, Serial0
I192.168.8.0/24 [100/8976] via 192.168.78.8, 00:01:17, Serial1
 156.26.0.0/24 is subnetted, 1 subnets
D EX 192.168.23.0/24 [170/2195456] via 192.168.47.4, 00:15:15, Serial0
D EX 192.168.34.0/24 [170/2195456] via 192.168.47.4, 00:15:15, Serial0
D EX 192.168.33.0/24 [170/2195456] via 192.168.47.4, 00:15:17, Serial0
R7#

note the external routes in EIGRP - these originate in OSPF, and should have
a tag of 200
the "D" routes ( native EIGRP ) will have no such tag

I192.168.23.0/24 [100/10576] via 192.168.78.7, 00:00:16, Serial1
I192.168.34.0/24 [100/10576] via 192.168.78.7, 00:00:17, Serial1
I192.168.33.0/24 [100/10576] via 192.168.78.7, 00:00:18, Serial1
R8#

note that the only IGRP routes are those that appear as EIGRP external
routes on R7 ( those redistributed from OSPF, and having the tag of 200.
note that the EIGRP native routes of 192.168.105.0 and 106.0 do not appear

things to check:

1) proper construction of the route maps

2) setting of a default-metric within the eigrp and igrp processes so that
routes are redistributed and/or accepted by those processes

3) that tags are actually being applied to routes as you believe they should
be.

HTH

Chuck


""Chuck""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Route maps are essentially built around an "if then else(if)" logic. the
> point of their activation is the point of their inception.
>
> therefore if you were to have a route-map such as:
>
> route-map eigrp_tag_igrp permit 10
>  match tag X
>  set metric 1 100 255 1 1500
>
> and the redistribute statement:
>
> router igrp 100
> redistribute eigrp 50 route-map eigrp_tag_igrp
>
> then the logic flow is:
>
> 1) take a route learned from eigrp 50
> 2)if the tag for that route is X then set the metric as stated and
> redistribute it into IGRP 100
> 3) else don't redistribute
>
> in this case, only those routes with a tag of X learned from eigrp 50 will
> be redistributed into igrp ( subject to the classfulness of the route )
>
> sometimes it can be a little difficult to determine where exactly things
> happen in the various processes on a router. for example, linear
> redistribute seems not to occur at all, even if that does not seem
logical.
> ( can't redistribute from rip to igrp to ospf an the same router, not and
> get anything coherent or predictable as a result ) however, in this case,
> the logic appears to be straightforward, so far as I can tell.
>
> HTH
>
> Chuck
>
> ""Scott H.""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > At what point during redistribution is a route-map processed?  In other
> > words, if I want to redistribute from EIGRP (supports tags) to IGRP
> (doesn't
> > support tags) can I match tags in the route map and then let those
routes
> go
> > into IGRP?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35671&t=35624
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: redistribution and tags [7:35624]

[Chuck]

hmmm interesting discussion. the scenario reminds me of something I saw
from someplace called NT Labs, maybe?

Let's see if I can sketch the scene:


R1-R2-R3
IGRP bunch of stuff  OSPF/EIGRP

R2:

router IGRP
  redistribute OSPF route-map filter-ospf-tag
  redistribute EIGRP route-map filter-eigrp-tag

router eigrp
  redistribute OSPF tag 1

R3

router ospf
  redistribute eigrp tag 2

seems to me there is a trick in here somewhere. maybe on R2, where
redistribution into IGRP contains the possibility of route leak? maybe not
in this topology. maybe if the topology were a ring or a circle, and there
are two points of mutual redistribution? Slattery's book has an interesting
exercise along that line, and I'm not sure I ever got the filters tweaked
right in that one.

Chuck

""Scott H.""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> On 1 router I am redistributing OSPF into IGRP, EIGRP into IGRP, and OSPF
> into EIGRP.  Downstream, I am redistributing OSPF into EIGRP.  The loop in
> this scenario is deadly so I need to find a way to let both EIGRP and OSPF
> redistribute only routes originating from their domains into IGRP.  The
plan
> was to tag OSPF routes going into EIGRP w/ a tag of 1 and EIGRP routes
going
> into OSPF w/ a tag of 2 downstream.  Therefore, when I redistribute EIGRP
> into IGRP I can deny all routes w/ a tag of 1 and permit anything else.
> Also, when I redistribute OSPF into IGRP I can deny all routes w/a tag of
2
> and permit everything else.  This should ensure that IGRP receives only
> routes from the OSPF domain that originated in OSPF and only EIGRP routes
> that originated in EIGRP.  I still have not had a chance to test this, but
> in theory it should work perfectly.
>
> You see any potential problems here?
>
> ""Chuck""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I did a little bit of research on this, being curious as to the reason
for
> > your question.
> >
> > essentially, the logic illustrated below works just fine. the questions
> that
> > came up are:
> >
> > 1) how to tag the eigrp routes in the first place and
> > 2) why the routes may not appear in IGRP assuming the eigrp tags exist.
> >
> > there may be a way to tag the routes natively, but I have not found it.
> tags
> > can be set during redistribution into eigrp using route-maps.
> >
> > don't forget the metric commands when redistributing into igrp and
eigrp.
> > routes do not get redistributed without a metric assignment. I
experienced
> > difficulty when using a route-map to set the metric. I ended up using a
> > default metric under the eigrp process.
> >
> > the setup:
> >
> > OSPF->EIGRP--->IGRP
> >
> > ospf routes have a tag of 200
> >
> > O192.168.23.0/24 [110/74] via 192.168.34.3, 00:19:09, Ethernet0
> > O192.168.33.0/24 [110/11] via 192.168.34.3, 00:19:09, Ethernet0
> > R4#
> >
> > D192.168.106.0/24 [90/2297856] via 192.168.47.4, 00:16:05, Serial0
> > C192.168.47.0/24 is directly connected, Serial0
> > D192.168.105.0/24 [90/2297856] via 192.168.47.4, 00:16:05, Serial0
> > I192.168.8.0/24 [100/8976] via 192.168.78.8, 00:01:17, Serial1
> >  156.26.0.0/24 is subnetted, 1 subnets
> > D EX 192.168.23.0/24 [170/2195456] via 192.168.47.4, 00:15:15, Serial0
> > D EX 192.168.34.0/24 [170/2195456] via 192.168.47.4, 00:15:15, Serial0
> > D EX 192.168.33.0/24 [170/2195456] via 192.168.47.4, 00:15:17, Serial0
> > R7#
> >
> > note the external routes in EIGRP - these originate in OSPF, and should
> have
> > a tag of 200
> > the "D" routes ( native EIGRP ) will have no such tag
> >
> > I192.168.23.0/24 [100/10576] via 192.168.78.7, 00:00:16, Serial1
> > I192.168.34.0/24 [100/10576] via 192.168.78.7, 00:00:17, Serial1
> > I192.168.33.0/24 [100/10576] via 192.168.78.7, 00:00:18, Serial1
> > R8#
> >
> > note that the only IGRP routes are those that appear as EIGRP external
> > routes on R7 ( those redistributed from OSPF, and having the tag of 200.
> > note that the EIGRP native routes of 192.168.105.0 and 106.0 do not
appear
> >
> > things to check:
> >
> > 1) proper construction of the route maps
> >
> > 2) setting of a default-metric within the eigrp and igrp processes so
that
> > routes are redistributed and/or accepted by those processes
> >
> > 3) that tags are actually being applied to routes as you believe they
> should
> > be.
> >
> > HTH
> >
> >

Re: DNS Request Redirection [7:35703]

[Chuck]

consider that the DNS request packet has a destination address of the server
of your former ISP. what you are trying to accomplish, if I understand you
correctly, is to change that destination address. Policy routing can change
the next hop, but it cannot change the destination IP of the packet in
question.

why not leave well enough alone? is there any reason DNS is not being
answered by the servers of your former ISP? Do they filter DNS requests from
sources not in their space? If not, everyone is happy. If so, then your
choices are to visit each machine and physically change the DNS information,
or to set up DHCP, and then visit each machine to physically set up DHCP on
them.

Chuck


""Michael Hair""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I was wondering what is the best way to take care of the following:
>
> I have been using a private address space behind a Cisco 4500 router
> connected up to our current ISP using NAT, now we want to move our
> connection from our current ISP to a new ISP with better bandwidth. My
> problem is that we don't want to change all our client machines TCP/IP
> settings, which are all static, for some reason or another they were all
> setup to use our ISP's DNS. Not my idea but that another problem. So how
can
> I setup our router to forward requests looking from our current ISP's DNS
to
> our new ISP's DNS without touching all the client machines.
>
> Would the best way be to use policy-base routing?
>
> Would a static route work?
>
> Could I use a static route under NAT?
>
> If someone could proved me a sample of how you could do this I would be
> greatful...
>
> Thanks
> Michael




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35704&t=35703
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DNS Request Redirection [7:35703]

[Chuck]

hhmmm.

as I understand the original question, each workstation in the network in
question is hard coded for DNS.

So, if for example, my machine is hard coded for DNS server 207.126.96.162
( my ISP DNS server ) and I change ISP's, and make no changes to my
workstation, then any DNS request will have a destination address of
207.126.96.162

The question, as I understand, if how to change that destination address
without making workstation visits.

Policy routing can change next hop, but not destination address. NAT
outbound changes source address, not destination address.

Unless there is a packet interceptor that takes all DNS requests, and
physically changes the destination address, the user has few options.

Again, IF the former ISP does not restrict DNS requests to its own address
space, i.e. accepts DNS requests from anywhere, then there is no problem,
and no changes need be made.

However IF ( and this would be good practice for a lot of reasons ) the
former ISP does indeed restrict DNS requests to source addresses within its
own space, then there will have to be additional changes on the user
network.

This whole discussion illustrates why people SHOULD follow best practice
from the get go. If they want to hard code IP's, then I believe DHCP can be
configured so that it provides only DNS info and default gateway info, for
example. the people who have insisted that their network hard code
everything are now learning the hard lesson.

Chuck


""Priscilla Oppenheimer""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> At 05:11 AM 2/18/02, Godswill HO wrote:
> >You can still use your former ISP's DNS records while using the new ISP's
> >bandwidth. It does not matter who owns the DNS server. Everybody have
access
> >to it once they are in the internet. Except when they are specifically
> >filtered.
> >
> >The only drawn back is that, Your new ISP have to forward the packet in a
> >round trip to the old ISP's network through the internet before they are
> >resolved and sent back to you machine,
>
> It would depend on what records they are accessing. If the users are going
> to the Internet and accessing sites such as www.cisco.com and
> www.groupstudy.com, for example, the DNS queries don't have to go back to
> the original ISP.
>
> >had it been you are using the DNS of
> >your new ISP, these request would stop there. Do not loose your sleep,
> >because at the worst these delays are in milisseconds and not easily
> >noticeable by the eye, more each machine have a cache so it does not
forward
> >every request. Great if you have a Cache Engine to compliment the
machine's
> >cache.
> >
> >Whatever, you are kool and everything will be fine, switch to your new
ISP
> >and enjoy.
> >
> >Regards.
> >Oletu
> >- Original Message -
> >From: Michael Hair
> >To:
> >Sent: Sunday, February 17, 2002 8:07 PM
> >Subject: DNS Request Redirection [7:35703]
> >
> >
> > > I was wondering what is the best way to take care of the following:
> > >
> > > I have been using a private address space behind a Cisco 4500 router
> > > connected up to our current ISP using NAT, now we want to move our
> > > connection from our current ISP to a new ISP with better bandwidth. My
> > > problem is that we don't want to change all our client machines TCP/IP
> > > settings, which are all static, for some reason or another they were
all
> > > setup to use our ISP's DNS. Not my idea but that another problem. So
how
> >can
> > > I setup our router to forward requests looking from our current ISP's
DNS
> >to
> > > our new ISP's DNS without touching all the client machines.
> > >
> > > Would the best way be to use policy-base routing?
> > >
> > > Would a static route work?
> > >
> > > Could I use a static route under NAT?
> > >
> > > If someone could proved me a sample of how you could do this I would
be
> > > greatful...
> > >
> > > Thanks
> > > Michael
> >_
> >Do You Yahoo!?
> >Get your free @yahoo.com address at http://mail.yahoo.com
> 
>
> Priscilla Oppenheimer
> http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35755&t=35703
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DNS Request Redirection [7:35703]

[Chuck]

the simple way to test this would be to set your workstation with some other
ISP's DNS address, and see how things go. In one of my posts I provided the
real IP of an active DNS server. Someone want to give it a try? or post one
that you know about. I'll be happy to test.

I wish the guy who posted the original question would get back to us with
his results.

Chuck

""Priscilla Oppenheimer""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> At 12:28 PM 2/18/02, Marc Thach Xuan Ky wrote:
> >Any decent ISP will refuse DNS recursion from any IP address that is not
> >within its own address space.
>
> He wasn't asking about recursion. He was asking about the initial query
> from the end host. Although I could believe you that a service provider
> should make sure these queries only come from customers, my experience is
> that service providers don't do this. I can set my PC to use a variety of
> DNS servers around the Internet and it works.
>
> I think it's because it's tricky to do, especially for small ISPs. Some
> ISPs might have only one DNS server. The same server that provides DNS
> services to Internet-access customers may also be the authority for
various
> names managed by the ISP. The ISP may be doing Web hosting and be the
> authority for a bunch of names. In that case, it can't filter out DNS
> queries coming from the Internet.
>
> For example, say your PC asks your local DNS server to resolve
> www.priscilla.com. Your server can't do it. It asks its upstream server,
> probably one of the root servers. The root server figures out that
> petiteisp.com owns www.priscilla.com and tells your server the IP address
> of the authoritative name server at petiteisp.com. Your server queries
> petiteisp.com which gives your server the IP address for
www.priscilla.com.
> Your server finally responds to your PC.
>
> Notice that the query to petiteisp.com came from some unexpected IP
address
> that can't be anticipated in a filter. If petiteisp.com had a filter to
> allow queries only from its customers, the query from your server would
> have failed.
>
> Did that make sense? ;-) How to bigger ISPs handle this? I suppose bigger
> ISPs have more than one DNS server, one for Internet access customers, and
> one that is the authority for names owned by the ISP.
>
> Priscilla
>
> >  This is fundamental to DNS security.
> >You need to rewrite the destination IP address.  Note that Cisco's NAT
> >is not suitable for this because of the DNS ALG.  The easiest thing to
> >do may be to provide an on-site cacheing DNS using the old ISPs DNS
> >addresses.  If you've got a lot of workstations and a decent bandwidth
> >to the Internet, you will probably find that running your own DNS cache
> >will be more satisfactory anyway.
> >rgds
> >Marc TXK
> >
> >
> >Godswill HO wrote:
> > >
> > > You can still use your former ISP's DNS records while using the new
ISP's
> > > bandwidth. It does not matter who owns the DNS server. Everybody have
> >access
> > > to it once they are in the internet. Except when they are specifically
> > > filtered.
> > >
> > > The only drawn back is that, Your new ISP have to forward the packet
in a
> > > round trip to the old ISP's network through the internet before they
are
> > > resolved and sent back to you machine, had it been you are using the
DNS
> of
> > > your new ISP, these request would stop there. Do not loose your sleep,
> > > because at the worst these delays are in milisseconds and not easily
> > > noticeable by the eye, more each machine have a cache so it does not
> >forward
> > > every request. Great if you have a Cache Engine to compliment the
> machine's
> > > cache.
> > >
> > > Whatever, you are kool and everything will be fine, switch to your new
> ISP
> > > and enjoy.
> > >
> > > Regards.
> > > Oletu
> > > - Original Message -
> > > From: Michael Hair
> > > To:
> > > Sent: Sunday, February 17, 2002 8:07 PM
> > > Subject: DNS Request Redirection [7:35703]
> > >
> > > > I was wondering what is the best way to take care of the following:
> > > >
> > > > I have been using a private address space behind a Cisco 4500 router
> > > > connected up to our current ISP using NAT, now we want to move our
> > > > connection from our current ISP to a new ISP with better bandwidth.
My
> > > > problem is that we don't want to change all our client

Re: Dening telnet access [7:35628]

[Chuck]

hey Mad Guy, does your organization permit DNS requests from any old place,
or do you restrict that to sources only within your space?

Chuck
trying to drag you into another thread entirely


""MADMAN""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Not in my world:
>
> interface Ethernet4/0/0
>  bandwidth 1000
>  ip address 172.28.64.11 255.255.255.192
>  ip access-group 150 in
>  no ip directed-broadcast
>  no ip mroute-cache
> !
>  access-list 150 deny   tcp host 172.28.56.48 any eq telnet log
> access-list 150 permit ip any any
>
> *Feb 18 12:11:42: %SEC-6-IPACCESSLOGP: list 150 denied tcp
> 172.28.56.48(57010) -
> > 172.28.64.11(23), 1 packet
>
>   Thank you!!
>
>   Dave
>
> "Roberts, Larry" wrote:
> >
> > The only way that the access-list applied to the inbound interface (
> non-vty
> > ) blocked your telnet is if you were trying to telnet
> > To an address that was not the directly connected address ( loopback or
far
> > side serial/ethernet )
> >
> > If you were to telnet directly to the interface that the access-list was
> > applied to you WOULD get in. Only an access-class applied
> > To the VTY ports will stop that.
> >
> > Thanks
> >
> > Larry
> >
> > -Original Message-
> > From: MADMAN [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, February 18, 2002 1:05 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Dening telnet access [7:35628]
> >
> > I know it does.  I have, even fairly recently, locked myself out of a
> router
> > via an inbound access list applied to an interface,DOH:(  Try again and
if
> > it doesn't work I would like to see the config.
> >
> >   Are you sure the interface on which you applied the access list is the
> > interface you were telneting to/thru??
> >
> >   Dave
> >
> > Patrick Ramsey wrote:
> > >
> > > really?  I have had no luck using inbound acl's to control telnet to
> > > the
> > router...I always have to use acc's on the vty's
> > >
> > > Is there a trick to this?
> > >
> > > -Patrick
> > >
> > > >>> MADMAN  02/18/02 12:16PM >>>
> > > Actually telnet packets are processed by inbound access-list.  Now if
> > > your refering to outbound access-lists then you would be correct.
> > >
> > >   Dave
> > >
> > > "Hire, Ejay" wrote:
> > > >
> > > > Because telnet packets destined for the router are not normally
> > > > processed
> > > by
> > > > access-lists.  (i don't understand why not, but hey...)
> > > >
> > > > instead do this
> > > >
> > > > access-list y deny xx.xx.xx.xx xx.xx.xx.xx
> > > >
> > > > line vty 0 n (n = the results of a ?, usually 4) access-class y
> > > >
> > > > -Original Message-
> > > > From: McHugh Randy [mailto:[EMAIL PROTECTED]]
> > > > Sent: Saturday, February 16, 2002 4:49 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Dening telnet access [7:35628]
> > > >
> > > > Access list problem:
> > > >
> > > > Why does this extended access list not work to deny telnet access
> > > > applied
> > > to
> > > > the internet interface on a 2514?
> > > >
> > > > Extended IP access list 199
> > > > deny tcp any any eq telnet
> > > >
> > > > interface Ethernet0
> > > >
> > > > ip access-group 199 in
> > > >
> > > > I have alot more statments than this and of course the statement
> > > > access-list 199 permit ip any any
> > > >
> > > > to take care of the implicit deny all , but I can still access the
> > > > router from the internet through telnet. Anyone have any ideas what
> > > > else might be needed to prevent of selectivly allow telnet access to
> > > > my router. Thanks,
> > > > Randy
> > > --
> > > David Madland
> > > Sr. Network Engineer
> > > CCIE# 2016
> > > Qwest Communications Int. Inc.
> > > [EMAIL PROTECTED]
> > > 612-664-3367
> > >
> > > "Emotion should reflect reason not guide it"
> > > >>>>>>>>>>>>>  Confidentiality DisclaimerThis email and any files
> > transmitted with it may contain confidential and /or proprietary
>

Re: what is wrong with the job market ? [7:35611]

[Chuck]

in the case of a number of the CLEC's, part of the problem was the old telco
monopoly that they had to fight.

companies like COVAD, Northpoint, Concentric ( now part of XO ) to name a
few, were there firstest with the mostest while the telco's dragged their
feet on bringing DSL to their customer base. All the time racking up
revenues through their local loop charges.

Now the telcos are in the market full tilt boogie, steamrolling the CLEC's
by taking advantage of their existing base, and more importantly, their
existing infrastructure.

I've had DSL through Concentric/XO, and before that with Flashcom. In both
cases, new wire had to be used for me to get my line. The telco racked up
the installation charges, and the local loop revenue.

Now, the telco is offering to come in, and throw DSL on my existing dial
tone line, something the CLEC's couldn't do. The result is that the telco
can charge slightly less for DSL, and they don't have any additional costs
in terms of wiring.

the pure economics of it is that the telcos continue to have the distinct
advantage. They sat back, let the CLEC's do all the initial work, let the
CLEC's do all the initial marketing, and then they blew in and blew the
CLEC's out of business.

Chuck

""Steven A. Ridder""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> That article taked about 1 problem, the problem almost every company had -
> grabing too much land and equipment with no customers or sustainable
> revenue.  But that's also the problem every dot-bomb had.  Thankfully the
> buble burst, the madness ended and took out the garbage.  No company would
> stay in business that way.  This dosen't mean that their services weren't
> wanted.  Most every home who has a dial-up, most buisinesses that don't
have
> DSL in their area are still waiting for the right company/technology to
come
> by and at the right price.  There's still a pretty large demand for
> high-speed internet.  Now we just have to wait for the right technology to
> come by and offer good service at a good price.
>
> There is also another problem that was just as bad - the market was
flooded
> with service providers.  There was WAY too much supply and only moderatre
> demand.
>
> I still see plenty of growth in this industry, even excluding the service
> provider market.
> ""nrf""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > For example, here is just one study from today:
> >
> > http://news.com.com/2009-1033-839335.html
> >
> >
> > ""nrf""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Most indications seem to be that the networking industry, and the
> > > telco/provider segment in particular will greatly lag any general
> economic
> > > recovery.  Nobody is predicting a serious telecom recovery this year,
> and
> > > many economists don't even predict one next year.  Many big names have
> > > already gone down - Exodus, Excite@home, GlobalCrossing - and others
are
> > > playing serious defense - Level3, MCIWorldcom, AT&T, Qwest.   Huge
debt
> > > payments continue to hang over the industry, and that problem won't be
> > > cleared up anytime soon.
> > >
> > > One dirty little secret of the provider industry is that very few
> > providers
> > > actually make consistent profit on a true cash-flow basis. Just like
the
> > > dotcoms, the providers can't figure out how to wring a decent amount
of
> > > profit out from the Internet either. Sure, many providers will
claim
> > > pro-forma profits, but after the Enron catastrophe, nobody wants to
see
> > > pro-forma numbers, correctly preferring real cash-flow numbers.
> > >
> > > But all this talk might be a case of fiddling while Rome burns.  All
> this
> > > talk of a future recovery  in the long run doesn't really help anybody
> > right
> > > now.  Like the macro-economist John Maynard Keynes once said: "In the
> long
> > > run, we're all dead".  Specifically, discussion of decent job
prospects
> in
> > > the future doesn't exactly help a guy who needs to pay the bills now.
> > >
> > >
> > >
> > >
> > > ""Steven A. Ridder""  wrote in message
> > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > It's the economy.  When it picks up, so will the jobs.
> > > > ""saktown""  wrote in message
> > > > [EMAIL PROTECTED]">news:[EMAIL PROTEC

Re: DNS Request Redirection [7:35703]

[Chuck]

thanks, Cil.

I guess we can lay this one to rest.  the network in question probably needs
make no changes and life will be dandy.

Chuck

""Priscilla Oppenheimer""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Yes, I can use that DNS server that you mentioned without any problem. I
> have my PC set to use it right now. And I know of others that anyone can
> use too, but I'm not going to give details in case they would not like
this
> info to get out. ;-)
>
> Priscilla
>
> At 03:24 PM 2/18/02, Chuck wrote:
> >the simple way to test this would be to set your workstation with some
other
> >ISP's DNS address, and see how things go. In one of my posts I provided
the
> >real IP of an active DNS server. Someone want to give it a try? or post
one
> >that you know about. I'll be happy to test.
> >
> >I wish the guy who posted the original question would get back to us with
> >his results.
> >
> >Chuck
> >
> >""Priscilla Oppenheimer""  wrote in message
> >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > At 12:28 PM 2/18/02, Marc Thach Xuan Ky wrote:
> > > >Any decent ISP will refuse DNS recursion from any IP address that is
not
> > > >within its own address space.
> > >
> > > He wasn't asking about recursion. He was asking about the initial
query
> > > from the end host. Although I could believe you that a service
provider
> > > should make sure these queries only come from customers, my experience
is
> > > that service providers don't do this. I can set my PC to use a variety
of
> > > DNS servers around the Internet and it works.
> > >
> > > I think it's because it's tricky to do, especially for small ISPs.
Some
> > > ISPs might have only one DNS server. The same server that provides DNS
> > > services to Internet-access customers may also be the authority for
> >various
> > > names managed by the ISP. The ISP may be doing Web hosting and be the
> > > authority for a bunch of names. In that case, it can't filter out DNS
> > > queries coming from the Internet.
> > >
> > > For example, say your PC asks your local DNS server to resolve
> > > www.priscilla.com. Your server can't do it. It asks its upstream
server,
> > > probably one of the root servers. The root server figures out that
> > > petiteisp.com owns www.priscilla.com and tells your server the IP
address
> > > of the authoritative name server at petiteisp.com. Your server queries
> > > petiteisp.com which gives your server the IP address for
> >www.priscilla.com.
> > > Your server finally responds to your PC.
> > >
> > > Notice that the query to petiteisp.com came from some unexpected IP
> >address
> > > that can't be anticipated in a filter. If petiteisp.com had a filter
to
> > > allow queries only from its customers, the query from your server
would
> > > have failed.
> > >
> > > Did that make sense? ;-) How to bigger ISPs handle this? I suppose
bigger
> > > ISPs have more than one DNS server, one for Internet access customers,
> and
> > > one that is the authority for names owned by the ISP.
> > >
> > > Priscilla
> > >
> > > >  This is fundamental to DNS security.
> > > >You need to rewrite the destination IP address.  Note that Cisco's
NAT
> > > >is not suitable for this because of the DNS ALG.  The easiest thing
to
> > > >do may be to provide an on-site cacheing DNS using the old ISPs DNS
> > > >addresses.  If you've got a lot of workstations and a decent
bandwidth
> > > >to the Internet, you will probably find that running your own DNS
cache
> > > >will be more satisfactory anyway.
> > > >rgds
> > > >Marc TXK
> > > >
> > > >
> > > >Godswill HO wrote:
> > > > >
> > > > > You can still use your former ISP's DNS records while using the
new
> >ISP's
> > > > > bandwidth. It does not matter who owns the DNS server. Everybody
have
> > > >access
> > > > > to it once they are in the internet. Except when they are
> specifically
> > > > > filtered.
> > > > >
> > > > > The only drawn back is that, Your new ISP have to forward the
packet
> >in a
> > > > > round trip to the old ISP's network through the internet before
they
> >are
> > > > > resolved and sent back to you

IPX default network / default route [7:35789]

[Chuck]

Not an exciting topic, but you never can tell where this might show up ;->

R1--R3--R4--R7-R8
 |---tunnel--|ethernet   serialserial

1FA.0010.7b7e.ebdf 8.8.8.8

no routing takes place between R1 and R3

R1 has a default route to R3

R3 advertises a default route to the tunnel interface address of R1

R1 relevant configuration:

ipx route default AFFA.0003.0003.0003

note that although the IPX default-network command has been entered, it does
not show up in the configuration output

R3 relevant configuration:

ipx route default AFFA.0001.0001.0001
!
ipx router rip
 no network AFFA
!

note - to break routing between R1 and R3 I had to remove the tunnel
interface from the routing process.

R1 routing table:

S   FFFE via AFFA.0003.0003.0003,Tu13

C1FA (SAP),   Et0
C   11AA (UNKNOWN),   Lo1
C   AFFA (TUNNEL),Tu13
R1#

note the default route. note there are no other IPX routes in the table. IPX
routing is not taking place. the default route points to the tunnel
interface address of R3.

R3 routing table:

S   FFFE via AFFA.0001.0001.0001,Tu13

C1FB (NOVELL-ETHER),  Et0
C   AFFA (TUNNEL),Tu13
R  7 [01/01] via  1FB..0c8d.2257,   49s, Et0
R  8 [01/01] via  1FB..0c8d.2257,   49s, Et0
R   47FF [02/01] via  1FB..0c8d.2257,   49s, Et0
R   78FF [01/01] via  1FB..0c8d.2257,   49s, Et0
R   8101 [01/01] via  1FB..0c8d.2257,   49s, Et0
R   8102 [01/01] via  1FB..0c8d.2257,   49s, Et0
R   8103 [01/01] via  1FB..0c8d.2257,   49s, Et0
R  8 [14/02] via  1FB..0c8d.2257,   49s, Et0
R3#

note there are lots of IPX routes, but the default is to the tunnel
interface

R8 routing table:

E   FFFE [270336000/3] via 78FF.0077.0077.0077, age 01:00:07,
 1u, Se1

L  8 is the internal network
C  8 (UNKNOWN),   Lo104
C   78FF (HDLC),  Se1
C   8101 (UNKNOWN),   Lo101
C   8102 (UNKNOWN),   Lo102
C   8103 (UNKNOWN),   Lo103
E  7 [2297856/0] via 78FF.0077.0077.0077, age 01:00:57,
 2u, Se1
E1FB [2707456/0] via 78FF.0077.0077.0077, age 01:00:57,
 1u, Se1
E   47FF [2681856/0] via 78FF.0077.0077.0077, age 01:00:57,
 1u, Se1
E   AFFA [270336000/2] via 78FF.0077.0077.0077, age 01:00:12,
 1u, Se1
R8#

note the existence of the default route. not there are lots of routes in the
table.

Connectivity:

R8#ping 1FA.0010.7b7e.ebdf
Translating "1FA.0010.7b7e.ebdf"

Translating "1FA.0010.7b7e.ebdf"

Type escape sequence to abort.
Sending 5, 100-byte IPX Novell Echoes to 1FA.0010.7b7e.ebdf, timeout is 2
second
s:
!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/56/68 ms
R8#

note - able to ping an unknown network.

R1#ping
Protocol [ip]: ipx
Target IPX address: 8.8.8.8
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Verbose [n]:
Type escape sequence to abort.
Sending 5, 100-byte IPX Novell Echoes to 8.0008.0008.0008, timeout is 2
seconds:

!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/54/56 ms
R1#

R1, with no routes other than the default route, can ping an unknown
network. ( extended ping, because the IPX network in question would be
interpreted as an IP address otherwise )


Some points of interest:

1) IPX default-route must be issued on every router where you want the
default route to be advertised. this does not show up in the running or
stored config.

2) while the default-route can be associate with a physical interface, one
can use an IPX network as well. that network cannot reside on the router
where the ipx route default command resides.

3) when constructing an IPX default route, one needs keep in mind the
requirements. It does not work at all like an IP default route.


My topology probably limits the usefulness of the IPX default route.

Hope this is of some use to some of you.

Chuck




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35789&t=35789
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DNS Request Redirection [7:35703]

[Chuck]

yep - seems to work just fine.

Chuck


""Mark Odette II""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Chuck, et al.,
>
> One DNS Server IP that I've used for years when I don't have a specific IP
> given when doing installations for customers, i.e., they don't tell me any
> additional info in regards to whether or not their ISP told them to use
> X.X.X.X and Y.Y.Y.Y for their client DNS settings, is a UUNet DNS Cache
> server:
>
> 198.6.1.2
>
> Never had any problems with it yet.
>
> But then again, I don't keep them on that DNS Setting... It's usually just
> for initial install/test for DNS /Internet connectivity.  Then I go get
the
> rest of the information.  And again, these steps are only performed this
way
> when the customer contact is quite busy, and disappears on me within
minutes
> of me confirming my arrival to work, or they have the classic response of
> "Uh, I'm not sure right now... lemme go try to dig that info up in our
> paperwork..." and they still don't come back for an extended period of
time.
>
> Otherwise, I work efficiently, and request all of the specific
configuration
> info up front as part of the install plan. :)
>
> SO.. Give the UUNet Caching server a spin, and let us know if it fails
> certain queries.
>
> Mark
>
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Monday, February 18, 2002 2:25 PM
> To: [EMAIL PROTECTED]
> Subject: Re: DNS Request Redirection [7:35703]
>
>
> the simple way to test this would be to set your workstation with some
other
> ISP's DNS address, and see how things go. In one of my posts I provided
the
> real IP of an active DNS server. Someone want to give it a try? or post
one
> that you know about. I'll be happy to test.
>
> I wish the guy who posted the original question would get back to us with
> his results.
>
> Chuck
>
> ""Priscilla Oppenheimer""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > At 12:28 PM 2/18/02, Marc Thach Xuan Ky wrote:
> > >Any decent ISP will refuse DNS recursion from any IP address that is
not
> > >within its own address space.
> >
> > He wasn't asking about recursion. He was asking about the initial query
> > from the end host. Although I could believe you that a service provider
> > should make sure these queries only come from customers, my experience
is
> > that service providers don't do this. I can set my PC to use a variety
of
> > DNS servers around the Internet and it works.
> >
> > I think it's because it's tricky to do, especially for small ISPs. Some
> > ISPs might have only one DNS server. The same server that provides DNS
> > services to Internet-access customers may also be the authority for
> various
> > names managed by the ISP. The ISP may be doing Web hosting and be the
> > authority for a bunch of names. In that case, it can't filter out DNS
> > queries coming from the Internet.
> >
> > For example, say your PC asks your local DNS server to resolve
> > www.priscilla.com. Your server can't do it. It asks its upstream server,
> > probably one of the root servers. The root server figures out that
> > petiteisp.com owns www.priscilla.com and tells your server the IP
address
> > of the authoritative name server at petiteisp.com. Your server queries
> > petiteisp.com which gives your server the IP address for
> www.priscilla.com.
> > Your server finally responds to your PC.
> >
> > Notice that the query to petiteisp.com came from some unexpected IP
> address
> > that can't be anticipated in a filter. If petiteisp.com had a filter to
> > allow queries only from its customers, the query from your server would
> > have failed.
> >
> > Did that make sense? ;-) How to bigger ISPs handle this? I suppose
bigger
> > ISPs have more than one DNS server, one for Internet access customers,
and
> > one that is the authority for names owned by the ISP.
> >
> > Priscilla
> >
> > >  This is fundamental to DNS security.
> > >You need to rewrite the destination IP address.  Note that Cisco's NAT
> > >is not suitable for this because of the DNS ALG.  The easiest thing to
> > >do may be to provide an on-site cacheing DNS using the old ISPs DNS
> > >addresses.  If you've got a lot of workstations and a decent bandwidth
> > >to the Internet, you will probably find that running your own DNS cache
> > >will be more satisfactory anyway.
> > >rgds
> &g

Re: DNS Request Redirection [7:35703]

[Chuck]

I think what you are talking about is a static nat ( conduit, in Cisco
speak )

It's done all the time, for just the reason you mention. any device for
which you want / need a single internet face, use a static NAT.

Chuck

""Michael Hair""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have been re-reading the posts again and I have one question.
>
> I believe what Chuck says is true about NAT outbound changes the source
> address, not the destination address.
>
> So
>
> Would it be possible to change the destination address on the inbound side
?
>
> For example.
>
> Let say I have a web server behind my router doing NAT. 192.168.75.105.
How
> would I tell the router to redirect connections going to 209.165.166.59
port
> 80 to go to 192.168.75.105 port 80. So I would be using the private
address
> on the inside but still want the public IP address to be used by outside
> world. Would this not be changing the destination address ?
>
> Can this actually be done ?
>
> Thanks
> Michael
>
>
>
>
> ""Chuck""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > hhmmm.
> >
> > as I understand the original question, each workstation in the network
in
> > question is hard coded for DNS.
> >
> > So, if for example, my machine is hard coded for DNS server
207.126.96.162
> > ( my ISP DNS server ) and I change ISP's, and make no changes to my
> > workstation, then any DNS request will have a destination address of
> > 207.126.96.162
> >
> > The question, as I understand, if how to change that destination address
> > without making workstation visits.
> >
> > Policy routing can change next hop, but not destination address. NAT
> > outbound changes source address, not destination address.
> >
> > Unless there is a packet interceptor that takes all DNS requests, and
> > physically changes the destination address, the user has few options.
> >
> > Again, IF the former ISP does not restrict DNS requests to its own
address
> > space, i.e. accepts DNS requests from anywhere, then there is no
problem,
> > and no changes need be made.
> >
> > However IF ( and this would be good practice for a lot of reasons ) the
> > former ISP does indeed restrict DNS requests to source addresses within
> its
> > own space, then there will have to be additional changes on the user
> > network.
> >
> > This whole discussion illustrates why people SHOULD follow best practice
> > from the get go. If they want to hard code IP's, then I believe DHCP can
> be
> > configured so that it provides only DNS info and default gateway info,
for
> > example. the people who have insisted that their network hard code
> > everything are now learning the hard lesson.
> >
> > Chuck
> >
> >
> > ""Priscilla Oppenheimer""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > At 05:11 AM 2/18/02, Godswill HO wrote:
> > > >You can still use your former ISP's DNS records while using the new
> ISP's
> > > >bandwidth. It does not matter who owns the DNS server. Everybody have
> > access
> > > >to it once they are in the internet. Except when they are
specifically
> > > >filtered.
> > > >
> > > >The only drawn back is that, Your new ISP have to forward the packet
in
> a
> > > >round trip to the old ISP's network through the internet before they
> are
> > > >resolved and sent back to you machine,
> > >
> > > It would depend on what records they are accessing. If the users are
> going
> > > to the Internet and accessing sites such as www.cisco.com and
> > > www.groupstudy.com, for example, the DNS queries don't have to go back
> to
> > > the original ISP.
> > >
> > > >had it been you are using the DNS of
> > > >your new ISP, these request would stop there. Do not loose your
sleep,
> > > >because at the worst these delays are in milisseconds and not easily
> > > >noticeable by the eye, more each machine have a cache so it does not
> > forward
> > > >every request. Great if you have a Cache Engine to compliment the
> > machine's
> > > >cache.
> > > >
> > > >Whatever, you are kool and everything will be fine, switch to your
new
> > ISP
> > > >and enjoy.
> > > >
> > > >Regards.
> > > >Oletu
> > > >- Original Message -
&g

Re: what is wrong with the job market ? [7:35611]

[Chuck]

one reason so many CLEC's have gone under is that prices are too low, not
too high. They were  unable to attain positive cash flow.

All these 100 mbs college students have benefited from what has been
effectively a free resource. Once they start paying their own bills, their
attitudes may well change.

this is a well known economic principal, essentially a function of supply
and demand. When a product or service is free, then demand is limited only
by supply. When a product or service costs, then demand becomes limited by
the willingness and ability of people to pay. If my high speed internet
access is free, then I "need" all these services. If I have to pay for it,
then maybe I don't really "need" as much as I thought I did.

Chuck


""Priscilla Oppenheimer""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> A few more random thoughts
>
> I would add that the first wave of college students who got used to
> 100-Mbps in their dorm room are graduating. They aren't going to put up
> with 56-Kbps modems at home. Plus they expect to do file sharing with
> enormous music and video files. They will expect cheap bandwidth, however.
> The prices need to come down, I think.
>
> This industry is cyclical. It will come back. It always has before,
anyway.
> And, new uses for the network are going to drive bandwidth needs. They
> always have before anyway. For many years we have been able to forsee new
> uses for networking that aren't available yet. But they will become
> available.
>
> One more thought: Security is hot. Maybe companies aren't building up
their
> networks now, but they definitely want to protect them. People I know who
> got laid off in September are back to work doing security now.
>
> Priscilla
>
> At 01:41 PM 2/19/02, Steve Ridder wrote:
> >My first message never came through, so I'll try again...
> >
> >It's true that TV's, phones, radios, and cable have a larger market
share,
> >but it took like 50 years for those technologies to reach critical mass!
As
> >I keep saying, the Internet is still in it's infancy.
> >
> >The problem that the dot.bomb's, telecom providers, and others had is the
> >same you seem to be having - it's not going to happen overnight.  It's
going
> >to take time.  It's also going to take new and creative uses for the
Intenet
> >in order to create demand for Internet useage and high-speed links.  Just
as
> >the static web page is popular now, it will be replaced with things such
as
> >video-on demand, file-sharing peer-to-peer apps that Napster proved to be
so
> >popular, and even peer-to-peer computer OS's (every major company is
trying
> >to come up with one, .Net, JINI and others just to name a few).  Thses
> >things need networks.  Plus, tehcnology has gotten better, faster and
> >cheaper since the ancient times, so I don't doubt that prices will come
> >down.  I would never bet against technology.  Remember, "640k ought to be
> >enough for anyone"?
> >
> >Also, there isn't a computer in evey home yet, as they can be complicated
> >for granny and grampa to use, and they are still quite expensive.  The
web
> >will soon be accessed with simple devices other than computers, such as
your
> >cable box or reffrigerator, greatly expanding the net.
> >
> >All these things will expand the Net and create jobs.
> >
> >I nrf wrote:
> > >
> > > ""Steven A. Ridder""  wrote in message
> > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > That article taked about 1 problem, the problem almost every
> > > company had -
> > > > grabing too much land and equipment with no customers or
> > > sustainable
> > > > revenue.  But that's also the problem every dot-bomb had.
> > > Thankfully the
> > > > buble burst, the madness ended and took out the garbage.  No
> > > company would
> > > > stay in business that way.  This dosen't mean that their
> > > services weren't
> > > > wanted.  Most every home who has a dial-up, most buisinesses
> > > that don't
> > > have
> > > > DSL in their area are still waiting for the right
> > > company/technology to
> > > come
> > > > by and at the right price.
> > >
> > > I'm afraid I have to disagree.  The simple fact is that in many
> > > cases, the
> > > services were in fact not wanted, at least at the price points
> > > they were
> > > offered at, but then of course if they

Re: Current CD Rom Documentation [7:35930]

[Chuck]

This post gives me a good excuse to break open the most recent doc CD that I
have - dated October 2001.

this one contains the 12.2 documentation. It is in the new format, with the
drop down menus.

The search engine is still crap, and your best bet is to continue to
practice drilling down through the menus.

I don't think it is a violation of NDA to mention that my last time through
the lab, the doc CD available to me was still using the old format. I don't
recall if 12.2 was on it or not. It may have been, but since 12.1 was what
was advertised as the Lab IOS, I just went to the 12.1 doc section when I
needed to look something up. Not that it mattered, because my pod had not
yet been upgraded at the time.  ;->

HTH

Chuck


""McHugh Randy""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Does anyone know where or how to obtain a current Cisco CD Rom
documentation
> CD with the latest IOS of like 12.2 on it without like taking an official
> Cisco course from a Training partner? I have a bunch of them are outdated
> with only up to IOS 12.1. They certainley seem to be difficult to navigate
> and do a search on . Any suggestions welcome.
> Thank you,
> Randy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35931&t=35930
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: China/Cisco connection [7:35946]

[Chuck]

so.

BFD, packets can be sniffed and access to certain sites can be blocked. so
what? nothing new here. We get questions on this list regularly about how to
do it. There are several companies, including but not only Cisco, who make a
lot of money selling content blocking products.

Most things in life can be used for good or evil. The internet is no
different. Corporate and government response to the internet is no
different.

BTW, does the US government filter access to the internet for it's employees
and from it's offices? bet they do!

Chuck


""B.J. Wilson""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> An interesting article I came across this morning:
>
>
http://www.weeklystandard.com/Content/Public/Articles/000/000/000/922dgmtd.a
> sp
>
> Comments?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35949&t=35946
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: China/Cisco connection [7:35946]

[Chuck]

hhh.. them commies, with the full cooperation of cisco, censoring
Groupstudy? Where are all the posts today?


""B.J. Wilson""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> An interesting article I came across this morning:
>
>
http://www.weeklystandard.com/Content/Public/Articles/000/000/000/922dgmtd.a
> sp
>
> Comments?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35961&t=35946
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: can you bind two frame relay circuits? [7:35854]

[Chuck]

according to the information in the link, this feature is supported only on
the 12000 series. Anyone checked to see if the feature has been migrated
down to other platforms as newer IOS's are released?


""MADMAN""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> You want to get fancy you can try multilink frame relay:
>
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120
limit/120s/120s17/17s_mfr.htm
>
>   Then again if you want it simple and to work do what Patrick aluded
> to, enable CEF and on the interface choose your favorite switching
> mechanism, per packet or per destination.
>
>   Dave
>
> Patrick Ramsey wrote:
> >
> > well you wouldn't really "bind" them...but, if you were using a routing
> > protocol such as ospf, then it could round robin packets for you.
> >
> > -Patrick
> >
> > >>> beth  02/19/02 10:34AM >>>
> > I have several 256k frame relay circuits some coming back to same host
> > circuit
> > my question is , is there anyway to way to bind a couple of these on a
> router
> > to increase bandwidth to 512k??
> > >  Confidentiality DisclaimerThis email and any files
> transmitted with it may contain confidential and
> > /or proprietary information in the possession of WellStar Health System,
> > Inc. ("WellStar") and is intended only for the individual or entity to
whom
> > addressed.  This email may contain information that is held to be
> > privileged, confidential and exempt from disclosure under applicable
law.
> If
> > the reader of this message is not the intended recipient, you are hereby
> > notified that any unauthorized access, dissemination, distribution or
> > copying of any information from this email is strictly prohibited, and
may
> > subject you to criminal and/or civil liability. If you have received
this
> > email in error, please notify the sender by reply email and then delete
> this
> > email and its attachments from your computer. Thank you.
> >
> > 
> --
> David Madland
> Sr. Network Engineer
> CCIE# 2016
> Qwest Communications Int. Inc.
> [EMAIL PROTECTED]
> 612-664-3367
>
> "Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35966&t=35854
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: exec-timeout 0 0 ?? [7:36018]

[Chuck]

and if you want to have a ton of fun, set it to something like 0 1 ;->


""Thom Castognalia""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Phil - It will make your timeout infinity.  If you want to set your
timeout
> to absolutely nothing, do the command, "no exec"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36033&t=36018
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: can you bind two frame relay circuits? [7:35854]

[Chuck]

this news will surely disappoint the woman who posted the question. If
memory serves,she works for a company that probably does not have 12xxx's in
their lineup

Chuck

""MADMAN""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Yes I have since you pointed that out.  Know what it means to
> ASSume!!  It is a 12000 series only feature at this point.
>
>   Dave
>
> Chuck wrote:
> >
> > according to the information in the link, this feature is supported only
on
> > the 12000 series. Anyone checked to see if the feature has been migrated
> > down to other platforms as newer IOS's are released?
> >
> > ""MADMAN""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > You want to get fancy you can try multilink frame relay:
> > >
> > >
> >
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120
> > limit/120s/120s17/17s_mfr.htm
> > >
> > >   Then again if you want it simple and to work do what Patrick aluded
> > > to, enable CEF and on the interface choose your favorite switching
> > > mechanism, per packet or per destination.
> > >
> > >   Dave
> > >
> > > Patrick Ramsey wrote:
> > > >
> > > > well you wouldn't really "bind" them...but, if you were using a
routing
> > > > protocol such as ospf, then it could round robin packets for you.
> > > >
> > > > -Patrick
> > > >
> > > > >>> beth  02/19/02 10:34AM >>>
> > > > I have several 256k frame relay circuits some coming back to same
host
> > > > circuit
> > > > my question is , is there anyway to way to bind a couple of these on
a
> > > router
> > > > to increase bandwidth to 512k??
> > > > >>>>>>>>>>>>>  Confidentiality DisclaimerThis email and any
files
> > > transmitted with it may contain confidential and
> > > > /or proprietary information in the possession of WellStar Health
> System,
> > > > Inc. ("WellStar") and is intended only for the individual or entity
to
> > whom
> > > > addressed.  This email may contain information that is held to be
> > > > privileged, confidential and exempt from disclosure under applicable
> > law.
> > > If
> > > > the reader of this message is not the intended recipient, you are
> hereby
> > > > notified that any unauthorized access, dissemination, distribution
or
> > > > copying of any information from this email is strictly prohibited,
and
> > may
> > > > subject you to criminal and/or civil liability. If you have received
> > this
> > > > email in error, please notify the sender by reply email and then
delete
> > > this
> > > > email and its attachments from your computer. Thank you.
> > > >
> > > > 
> > > --
> > > David Madland
> > > Sr. Network Engineer
> > > CCIE# 2016
> > > Qwest Communications Int. Inc.
> > > [EMAIL PROTECTED]
> > > 612-664-3367
> > >
> > > "Emotion should reflect reason not guide it"
> --
> David Madland
> Sr. Network Engineer
> CCIE# 2016
> Qwest Communications Int. Inc.
> [EMAIL PROTECTED]
> 612-664-3367
>
> "Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36034&t=35854
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MLPS-VPN requirements [7:35972]

[Chuck]

try this one:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fswt
ch_c/swprt3/xcftagov.htm#1007630
watch the wrap

you might have to scroll down a bit - this is from the Cisco Configuration
Guide on CCO

HTH

Chuck


""Stanzin Takpa""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi !
>   Can anybody know, what are the basic MPLS things that should be
> configured there on the routers (backbone) before going for MPLS-VPN.
> Thanks
>
> Stanzin Takpa
> Astracon,
> 6560 S Greenwood Plaza Blvd.,
> Engelwood, CO-80111
> USA




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36035&t=35972
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Delay Metric in EIGRP [7:36001]

[Chuck]

I'm curious about the EIGRP bandwidth being reported at 2.5 billion bps.
what kind of a network you running there, PO? ;->

see below:


""Priscilla Oppenheimer""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> At 07:03 PM 2/20/02, Steven A. Ridder wrote:
> >It's not in a packet that gets sent.
>
> It is actually. Here's a packet for you:
>
> DLC:  - DLC Header -
>DLC:  Destination = Station Cisco1053E80
>DLC:  Source  = Station Cisco1002E75
>DLC:  Ethertype   = 0800 (IP)
> IP: - IP Header -
>IP: Version = 4, header length = 20 bytes
>IP: Type of service = 00
>IP:   000.    = routine
>IP:   ...0  = normal delay
>IP:    0... = normal throughput
>IP:    .0.. = normal reliability
>IP: Total length= 68 bytes
>IP: Identification  = 0
>IP: Flags   = 0X
>IP:   .0..  = may fragment
>IP:   ..0.  = last fragment
>IP: Fragment offset = 0 bytes
>IP: Time to live= 2 seconds/hops
>IP: Protocol= 88 (EIGRP)
>IP: Header checksum = 4C3F (correct)
>IP: Source address  = [172.16.10.2] Charlotte
>IP: Destination address = [172.16.10.1] Albany
>IP: No options
> EIGRP: - Enhanced IGRP Header -
>EIGRP:
>EIGRP: Version= 2
>EIGRP: Opcode = 1 (Update)
>EIGRP: EIGRP Checksum = E17D (correct)
>EIGRP: Flags (unused) = 
>EIGRP: Flags  = 0001
>EIGRP:      ..0. = Conditionally receive mode is not
> required
>EIGRP:      ...1 = Is an initial update packet
>EIGRP: Sequence number  = 1
>EIGRP: Acknowledgment number= 0
>EIGRP: Autonomous System number = 100
>EIGRP:
>EIGRP: Protocol ID  = 0x01 (IP)
>EIGRP: Type Code= 0x0102 (IP Internal Routes)
>EIGRP: Field length = 28
>EIGRP: Next hop address= 0 (use source IP addr)

>EIGRP: Time delay (10 msec/256)=
512000EIGRP: Path bandwidth (2,560,000,000/kbps) = 1657856
EIGRP: Min/max transmission unit (MTU) = 1500
>EIGRP: Hop count   = 0
>EIGRP: Reliability (error percentage)  = 250
>EIGRP: Load utilization percentage = 1
>EIGRP: Reserved
>EIGRP: Prefix length in bits   = 24
>EIGRP: IP Destination Address  = 0.172.16.40
>
> Priscilla
>
>
>
> >""Sasa Milic""  wrote in message
> >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > The router DOES pass total delay and minumum bandwidth of the route
> > > to neighbors.
> > >
> > > check "show ip eigrp topologu
> > >
> > > Sasa
> > > CCIE No 8635
> > >
> > >
> > >
> > > "Steven A. Ridder" wrote:
> > > >
> > > > I believe the delay is by default set on the interface by the router
> >based
> > > > on the type of link it is.  I'm sure there's charts on CCO
somewhere.
> >You
> > > > can change this info on the interface with the delay command, which
is
> >the
> > > > recommended way of changing a metric if you are forced to do so.
The
> > > router
> > > > dosen't pass the delay info of a link to other routers as a raw
figure,
> >it
> > > > calculates the BW and delay, then multiplies it by 256 and sends
that
> > > > calculation to a neighbor, which is the metric.
> > > >
> > > > ""Yatou Wu""  wrote in message
> > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > > Hi,
> > > > >
> > > > > In EIGRP, the delay metric is taken as configured in the interface
of
> >the
> > > > > router by the administrator, by default, or by measurement?
> > > > >
> > > > > when the router calculates the metric, it needs to know the
minimum
> > > > > bandwidth along the path, and also the delay along the path. how
can
> >the
> > > > > router pass the infor around? pass the total delay along the path,
or
> > > > delay
> > > > > of every link?
> > > > >
> > > > > thanks
> > > > >
> > > > > yatou
> > > > >
> > > > > _
> > > > > Get your FREE download of MSN Explorer at
> > > > http://explorer.msn.com/intl.asp.
> 
>
> Priscilla Oppenheimer
> http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36036&t=36001
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Delay Metric in EIGRP [7:36001]

[Chuck]

well, phrak, the server ate my notations:

trying again:

see below.




""Priscilla Oppenheimer""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> At 07:03 PM 2/20/02, Steven A. Ridder wrote:
> >It's not in a packet that gets sent.
>
> It is actually. Here's a packet for you:
>
> DLC:  - DLC Header -
>DLC:  Destination = Station Cisco1053E80
>DLC:  Source  = Station Cisco1002E75
>DLC:  Ethertype   = 0800 (IP)
> IP: - IP Header -
>IP: Version = 4, header length = 20 bytes
>IP: Type of service = 00
>IP:   000.    = routine
>IP:   ...0  = normal delay
>IP:    0... = normal throughput
>IP:    .0.. = normal reliability
>IP: Total length= 68 bytes
>IP: Identification  = 0
>IP: Flags   = 0X
>IP:   .0..  = may fragment
>IP:   ..0.  = last fragment
>IP: Fragment offset = 0 bytes
>IP: Time to live= 2 seconds/hops
>IP: Protocol= 88 (EIGRP)
>IP: Header checksum = 4C3F (correct)
>IP: Source address  = [172.16.10.2] Charlotte
>IP: Destination address = [172.16.10.1] Albany
>IP: No options
> EIGRP: - Enhanced IGRP Header -
>EIGRP:
>EIGRP: Version= 2
>EIGRP: Opcode = 1 (Update)
>EIGRP: EIGRP Checksum = E17D (correct)
>EIGRP: Flags (unused) = 
>EIGRP: Flags  = 0001
>EIGRP:      ..0. = Conditionally receive mode is not
> required
>EIGRP:      ...1 = Is an initial update packet
>EIGRP: Sequence number  = 1
>EIGRP: Acknowledgment number= 0
>EIGRP: Autonomous System number = 100
>EIGRP:
>EIGRP: Protocol ID  = 0x01 (IP)
>EIGRP: Type Code= 0x0102 (IP Internal Routes)
>EIGRP: Field length = 28
>EIGRP: Next hop address= 0 (use source IP addr)

>EIGRP: Time delay (10 msec/256)= 512000   ?
EIGRP delay metric???


>EIGRP: Path bandwidth (2,560,000,000/kbps) = 1657856   
bandwidth = 2.5 BILLION bps?
what kind of a network you running there, PO??




>EIGRP: Min/max transmission unit (MTU) = 1500
>EIGRP: Hop count   = 0
>EIGRP: Reliability (error percentage)  = 250
>EIGRP: Load utilization percentage = 1
>EIGRP: Reserved
>EIGRP: Prefix length in bits   = 24
>EIGRP: IP Destination Address  = 0.172.16.40
>
> Priscilla
>
>
>
> >""Sasa Milic""  wrote in message
> >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > The router DOES pass total delay and minumum bandwidth of the route
> > > to neighbors.
> > >
> > > check "show ip eigrp topologu
> > >
> > > Sasa
> > > CCIE No 8635
> > >
> > >
> > >
> > > "Steven A. Ridder" wrote:
> > > >
> > > > I believe the delay is by default set on the interface by the router
> >based
> > > > on the type of link it is.  I'm sure there's charts on CCO
somewhere.
> >You
> > > > can change this info on the interface with the delay command, which
is
> >the
> > > > recommended way of changing a metric if you are forced to do so.
The
> > > router
> > > > dosen't pass the delay info of a link to other routers as a raw
figure,
> >it
> > > > calculates the BW and delay, then multiplies it by 256 and sends
that
> > > > calculation to a neighbor, which is the metric.
> > > >
> > > > ""Yatou Wu""  wrote in message
> > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > > Hi,
> > > > >
> > > > > In EIGRP, the delay metric is taken as configured in the interface
of
> >the
> > > > > router by the administrator, by default, or by measurement?
> > > > >
> > > > > when the router calculates the metric, it needs to know the
minimum
> > > > > bandwidth along the path, and also the delay along the path. how
can
> >the
> > > > > router pass the infor around? pass the total delay along the path,
or
> > > > delay
> > > > > of every link?
> > > > >
> > > > > thanks
> > > > >
> > > > > yatou
> > > > >
> > > > > _
> > > > > Get your FREE download of MSN Explorer at
> > > > http://explorer.msn.com/intl.asp.
> 
>
> Priscilla Oppenheimer
> http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36039&t=36001
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: redistribution and tags [7:35624]

[Chuck]

ooh ooh, I'm getting ready to have some fun with this one. got it mocked up
in my lab. just want to clarify something prior to jumping through hoops and
writing a report.

On R4 you have mutual redistribution between OSPF and EIGRP?  ospf---> eigrp
and eigrp -ospf ??

On R2 you have the same - ospf to eigrp and eigrp to ospf
and you have igrp into what and what into igrp? both going both ways?

Scott, you have a mess from the get go. ;->

Chuck

P.S. I'm considering opening up the pod to internet access after I have this
up and working. there is a technical detail to work out. I'll let you know.


""Scott H.""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> This is actually something a co-worker has drawn up for me.  One of my
> weaker points has always been multiple redistribution between multiple
> protocols.  Goes something like this:
>
> R1-R2R3
>||
>||
>-R4
>
> R1 has IGRP connection to R2
> R2 has a OSPF connection to R4
> R2 also has EIGRP connection to R3
> R3 is EIGRP to R4
>
> R4 and R3 have a bunch of loopbacks to generate routes.
>
> My thought here was to only allow routes originating from their respective
> domain into IGRP.  That would solve the loop and AD issue here.  The
> redundancy is gone, but whoever draws up a network like this in real life
> should be shot.
>
> On R4:
>
> route-map filtereigrp deny 10
> match tag 1
>
> route-map filtereigrp permit 20
> set tag 2
>
> route-map filterospf deny 10
> match tag 2
>
> route-map filterospf permit 20
> set tag 1
>
> router ospf 1
> redistribute eigrp 1 subnets route-map filtereigrp
>
> router eigrp 1
> redistribute ospf 1 route-map filterospf
> default-metric x x x x
>
> On R2:
>
> Same as above between eigrp and ospf
>
> For OSPF2IGRP:
>
> route-map filtereigrproutes deny 10
> match tag 1
>
> route-map filtereigrproutes permit 20
>
> For EIGRP2IGRP:
>
> route-map filterospfroutes deny 10
> match tag 2
>
> route-map filterospfroutes permit 20
>
>
> router igrp 1
> redistribute eigrp 1 route-map filterospfroutes
> redistribute ospf 1 route-map filtereigrproutes
> default-metric x x x x
>
> Will probably have a redistribute connected in EIGRP and OSPF to pick up
the
> IGRP connection to R1.  Not sure what you meant by the route leak, please
> explain.
>
>
> ""Chuck""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > hmmm interesting discussion. the scenario reminds me of something I
> saw
> > from someplace called NT Labs, maybe?
> >
> > Let's see if I can sketch the scene:
> >
> >
> > R1-R2-R3
> > IGRP bunch of stuff  OSPF/EIGRP
> >
> > R2:
> >
> > router IGRP
> >   redistribute OSPF route-map filter-ospf-tag
> >   redistribute EIGRP route-map filter-eigrp-tag
> >
> > router eigrp
> >   redistribute OSPF tag 1
> >
> > R3
> >
> > router ospf
> >   redistribute eigrp tag 2
> >
> > seems to me there is a trick in here somewhere. maybe on R2, where
> > redistribution into IGRP contains the possibility of route leak? maybe
not
> > in this topology. maybe if the topology were a ring or a circle, and
there
> > are two points of mutual redistribution? Slattery's book has an
> interesting
> > exercise along that line, and I'm not sure I ever got the filters
tweaked
> > right in that one.
> >
> > Chuck
> >
> > ""Scott H.""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > On 1 router I am redistributing OSPF into IGRP, EIGRP into IGRP, and
> OSPF
> > > into EIGRP.  Downstream, I am redistributing OSPF into EIGRP.  The
loop
> in
> > > this scenario is deadly so I need to find a way to let both EIGRP and
> OSPF
> > > redistribute only routes originating from their domains into IGRP.
The
> > plan
> > > was to tag OSPF routes going into EIGRP w/ a tag of 1 and EIGRP routes
> > going
> > > into OSPF w/ a tag of 2 downstream.  Therefore, when I redistribute
> EIGRP
> > > into IGRP I can deny all routes w/ a tag of 1 and permit anything
else.
> > > Also, when I redistribute OSPF into IGRP I can deny all routes w/a tag
> of
> > 2
> > > and permit everything else.  This should ensure that IGRP receives
only
> > > routes from the OSPF domain that originated in OSPF

Re: %Error: No System flash chip information available - Help [7:36077]

[Chuck]

on the 25xx series, you can have 2x4 meg or 2x8 meg

I believe what needs be done is to enter the command

partition flash 1

this will perform some magic that will result in one great big 16 meg flash
after reloading.

Chuck



""MADMAN""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Are you installing two 8M SIMMs?  Scratching my head but I seem to
> recall that if you do you will have partitoned flash.  If you want an
> unpartitioned 16M you need to install a single 16M SIMM.  I'm sure this
> can be verified on CCO if your so inclined.
>
>   good luck
>
>   Dave
>
> Cisco Nuts wrote:
> >
> > Ok,
> > Just tried to unpartition and partition my flash and then this error
msg.
> > when I do a #sh ver . help!! :-)
> >
> > %Error: No System flash chip information available
> >
> > Here is what happened:
> > First configed-register to 0x2101...Reloaded...
> > Then a erase flash cmd.
> > Remote(boot)#erase flash
> > Partition   SizeUsed  Free  Bank-Size  State  Copy
Mode
> >   1 8192K   5180K 3011K 8192K  Read/Write Direct
> >   2 8192K   7918K  273K 8192K  Read/Write Direct
> >
> > [Type ? for partition directory; ? for full directory; q to abort]
> > Which partition? [default = 1] 2
> >
> > System flash directory, partition 2:
> > File  Length   Name/status
> >   1   8108960  /c2500-js-l_112-17.bin
> > [8109024 bytes used, 279584 available, 8388608 total]
> >
> > Erase flash device, partition 2? [confirm]
> > Are you sure? [yes/no]: y
> > Erasing device...  ...erased
> >
> > Next step did a:
> > Remote(boot)(config)#partition flash 2 16 to make it one big 16MB
> >
> > Then did a #sh flash
> > Remote(boot)#sh flash
> >
> > System flash directory, partition 1:
> > File  Length   Name/status
> >   1   5304572  80135005.bin
> > [5304636 bytes used, 11472580 available, 16777216 total]
> > 16384K bytes of processor board System flash (Read/Write)
> >
> > %Error: No System flash chip information available
> >
> > Can anyone help?? Thank you.
> >
> > _
> > Join the worlds largest e-mail service with MSN Hotmail.
> > http://www.hotmail.com
> --
> David Madland
> Sr. Network Engineer
> CCIE# 2016
> Qwest Communications Int. Inc.
> [EMAIL PROTECTED]
> 612-664-3367
>
> "Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36077&t=36077
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: hop count in EIGRP? [7:36082]

[Chuck]

to augment the other answers, the IP hop count is really the IP TTL value.
It can never exceed 255

EIGRP defaults to 100 hops, so I would expect that the routing packet IP TTL
is set at 100 at that point.

Well ( checking the sniffer trace that Priscilla so thoughtfully supplied a
couple of days ago ) I'm seeing the IP TTL as 2. Still, maybe there is an
adjustment made. After all, the (E)IGRP metric includes end to end metrics.
hhmmm... ( looking over Priscilla's trace again ) way down there I see an
EIGRP hop count 0 line.

the IP TTL is still really the only thing that makes sense in terms of the
way IP works.

Anyone?

Chuck

""Steven A. Ridder""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Anyone know why there is a hop-count in EIGRP?  It has a 1 byte value, but
> it doesn't limit the number of hops and it looks like routers don't use it
> in their calculations.  Why is it there?
>
> --
> RFC 1149 Compliant.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36145&t=36082
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: https to log in to a router - Possible?? [7:36143]

[Chuck]

if only because Cisco ought to be embarrassed at the half assed HTTP
functionality. essentially worthless, IMHO

Chuck


""Patrick Bass""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> IMO, they should remove HTTP access completely!!  If you're looking for a
> secure connection to the router, try SSH, or use TACACS+...
>
> ""Cisco Nuts""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hum! Suprisingly it has the http built-in. I would think that they
should
> > have implemented ssl functionality in the code than http
> >
> >
> > >From: "Steven A. Ridder"
> > >Reply-To: "Steven A. Ridder"
> > >To: [EMAIL PROTECTED]
> > >Subject: Re: https to log in to a router - Possible?? [7:36143]
> > >Date: Thu, 21 Feb 2002 20:22:00 -0500
> > >
> > >The router would have to have a web server with ssl built in, and I
don't
> > >believe Cisco's do.
> > >""Cisco Nuts""  wrote in message
> > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > Hello,
> > > > Is it possible to use https:// to access a router? I have just
> been
> > > > thinking about this and would like to know if and how it would
indeed
> be
> > > > possible?
> > > > An acl permitting 443 would not work as it is not for traffic
> > >originating
> > > > from the router itself, correct?
> > > > Is there like a access-class cmd. for https at all?
> > > > Thank you.
> > > >
> > > >
> > > >
> > > > _
> > > > Join the worlds largest e-mail service with MSN Hotmail.
> > > > http://www.hotmail.com
> > _
> > Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36176&t=36143
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Autonomous-system command [7:36067]

[Chuck]

the question is - what does the command do? it does not appear in the
documentation. there is no apparent result using show ip protocol, or show
ip anything else.

if you can explain what the command "autonomous-system" does, I'm all ears.

Chuck



""Anthony Toh""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi, take a look at the protocol IGRP in the Cisco website. Maybe you can
> have a better understanding of what an Autonomous system number is all
about.
>
> Anthony.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36177&t=36067
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: hop count in EIGRP? [7:36082]

[Chuck]

it gets complicated, routing protocols versus ip packets.

first of all, if I understand correctly, all ip routing protocols use ip
headers. The routing protocol packet is the payload, and not an entity unto
itself. I have seen traces of OSPF packets showing IP TTL of various values.
Someone shared with me some traces to validate something I suspected - that
the OSPF virtual link packet has an initial TTL of 255. My theory is that it
has to be deliberately set high because there is no predicting the number of
hops a virtual link will traverse.

The eBGP multihop command sets the IP TTL to something greater than the
native BGP TTL of 1.

EIGRP? Don't know. Was merely speculating. But consider - where else might
the "hop limit" occur? The EIGRP header has no field indicating hop count
that I can see. My source is the Rad Com World of Protocols book.

Yes, RIP and RIPv2 contain within the RIP packet ( not the IP header ) a
field in which metric / hopcount is carried. This leads me to believe that
RIP does nothing to manipulate the IP TTL value. The others appear to do
just that, however.

Chuck


""Priscilla Oppenheimer""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> At 08:05 PM 2/21/02, Chuck wrote:
> >to augment the other answers, the IP hop count is really the IP TTL
value.
> >It can never exceed 255
>
> You're confusing two issues.
>
> Remember the router has two jobs: forwarding packets and learning the
> topology. Hop count has to do with the latter and affects what goes in the
> routing table. The IP TTL causes a router to drop a packet before
> forwarding if the TTL becomes zero.
>
>
> >EIGRP defaults to 100 hops, so I would expect that the routing packet IP
TTL
> >is set at 100 at that point.
>
> Routing packets only go to neighbors. The IP TTL should be set to one or
> two. This has nothing to do with hop count which will be later in the
> packet in the distance vectors.
>
>
> >Well ( checking the sniffer trace that Priscilla so thoughtfully supplied
a
> >couple of days ago ) I'm seeing the IP TTL as 2. Still, maybe there is an
> >adjustment made. After all, the (E)IGRP metric includes end to end
metrics.
> >hhmmm... ( looking over Priscilla's trace again ) way down there I see an
> >EIGRP hop count 0 line.
>
> The router was advertising a directly-connected network.
>
>
> >the IP TTL is still really the only thing that makes sense in terms of
the
> >way IP works.
>
> In terms of forwarding maybe. You better reconsider routing protocols
> though...
>
> Priscilla
>
>
> >Anyone?
> >
> >Chuck
> >
> >""Steven A. Ridder""  wrote in message
> >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Anyone know why there is a hop-count in EIGRP?  It has a 1 byte value,
> but
> > > it doesn't limit the number of hops and it looks like routers don't
use
> it
> > > in their calculations.  Why is it there?
> > >
> > > --
> > > RFC 1149 Compliant.
> 
>
> Priscilla Oppenheimer
> http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36179&t=36082
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: hop count in EIGRP? [7:36082]

[Chuck]

BTW, it occurs to me that we have had this discussion before. There being
nothing in the routing table indicating IGRP or EIGRP hop counts, how does
(E)IGRP "know" the diameter of the network of which it is a member? And why
would it "care"? ;->

Maybe one of these days I'll daisy chain the routers in my lab, and set the
max hops to 4 and see what happens ;->

Chuck


""Priscilla Oppenheimer""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> At 08:05 PM 2/21/02, Chuck wrote:
> >to augment the other answers, the IP hop count is really the IP TTL
value.
> >It can never exceed 255
>
> You're confusing two issues.
>
> Remember the router has two jobs: forwarding packets and learning the
> topology. Hop count has to do with the latter and affects what goes in the
> routing table. The IP TTL causes a router to drop a packet before
> forwarding if the TTL becomes zero.
>
>
> >EIGRP defaults to 100 hops, so I would expect that the routing packet IP
TTL
> >is set at 100 at that point.
>
> Routing packets only go to neighbors. The IP TTL should be set to one or
> two. This has nothing to do with hop count which will be later in the
> packet in the distance vectors.
>
>
> >Well ( checking the sniffer trace that Priscilla so thoughtfully supplied
a
> >couple of days ago ) I'm seeing the IP TTL as 2. Still, maybe there is an
> >adjustment made. After all, the (E)IGRP metric includes end to end
metrics.
> >hhmmm... ( looking over Priscilla's trace again ) way down there I see an
> >EIGRP hop count 0 line.
>
> The router was advertising a directly-connected network.
>
>
> >the IP TTL is still really the only thing that makes sense in terms of
the
> >way IP works.
>
> In terms of forwarding maybe. You better reconsider routing protocols
> though...
>
> Priscilla
>
>
> >Anyone?
> >
> >Chuck
> >
> >""Steven A. Ridder""  wrote in message
> >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Anyone know why there is a hop-count in EIGRP?  It has a 1 byte value,
> but
> > > it doesn't limit the number of hops and it looks like routers don't
use
> it
> > > in their calculations.  Why is it there?
> > >
> > > --
> > > RFC 1149 Compliant.
> 
>
> Priscilla Oppenheimer
> http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36180&t=36082
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF Virtual Link Authentication problem [7:36194]

[Chuck]

which area is a virtual link in?


""IT Guy""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi Guys,
>
> Please help me to solve the issues.
> DO we must have to configure virtual link for authentication aswell if our
> Area0 is configured for authentication also??
>
> 2nd. we have two areas A0 and A10,configured with different password keys
> and authentication schemes , and virtual link is setup b/w these two Area
> routers. So which password scheme and Key we should follow for virtual
> links???A0 or A10??
>
> thanks for ur help in advance.
>
> TOM
>
> _
> Chat with friends online, try MSN Messenger: http://messenger.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36209&t=36194
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NAT Detection Utility [7:36248]

[Chuck]

you might be surprised...

I'm currently involved with a couple of universities, in the sales process.
of the three campuses with which I have been engaged, all are using public
IP space on their inside network, and from here in my study, using my
personal IP connection, I can ping just about every IP address I try on
their inside networks, supposedly behind firewalls...

It would appear, then, that these colleges have just such a policy -
forbidding NAT. ;->

I kid you not. I was speaking with one of my associates the other day about
one of these campuses, and he told me he was able to set up an OSPF
adjacency with one of the routers on the inside network.

Amazing!!

Chuck



""Patrick Ramsey""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> dynamic nat a security breach?  I was under the impression that dynamic
was
> a security practice?and if you are speaking of static nat, well
> darn...that's you guys...
>
> -Patrick
>
> >>> Kwame  02/22/02 02:04PM >>>
> Anyone know of a tool for detecting NAT activity on the network. I work in
a
> large university and we've instituted a policy against nat especially in
the
> dorms due to some very serious security breaches. Is there anything out
> there that can remotely detect a nat operation? Thanks.
> >>>>>>>>>>>>>  Confidentiality DisclaimerThis email and any files
transmitted with it may contain confidential and
> /or proprietary information in the possession of WellStar Health System,
> Inc. ("WellStar") and is intended only for the individual or entity to
whom
> addressed.  This email may contain information that is held to be
> privileged, confidential and exempt from disclosure under applicable law.
If
> the reader of this message is not the intended recipient, you are hereby
> notified that any unauthorized access, dissemination, distribution or
> copying of any information from this email is strictly prohibited, and may
> subject you to criminal and/or civil liability. If you have received this
> email in error, please notify the sender by reply email and then delete
this
> email and its attachments from your computer. Thank you.
>
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36294&t=36248
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Please help me answer this question [7:36295]

[Chuck]

I think you're a bad boy, and you know exactly what I mean.....

Chuck


""Love Cisco""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> 1. Which of the following customers can probably meet their security
> requirements with a simple firewall system?
> A. Company ABC wants to make sure customers can see public marketing data
> but not proprietary sales figures.
> B. University ABC want to make sure students can see but not change their
> grades in administrative database.
> C. Company XYZ wants to make sure employees do not download software from
> unauthorized site.
> D. University XYZ wants to make sure that public central software
developed
> at the university stops working after a period of time if the user does
not
> pay shareware fees.
> =
> I think C is right. But some people think A.
>
> What do you think? Why?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36296&t=36295
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Wireless MAN coverage [7:36223]

[Chuck]

you might need to use licensed spectrum for this kind of an application.

consider that with unlicensed, anyone can use it, and you run the risk of
interfering with someone else's stuff, and you run the risk of them
interfering with your stuff. not to mention the security considerations.

Call the folks at NAS wireless  www.naswireless.com  they would love to talk
to you.

Chuck

""Sites, Bob""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Has anyone setup or can you point me to a wireless solution for an entire
> metro area? I have a hospital that we would like to link 10+ offices
within
> a 15 mile radius.  I've had good success with the Aironet 340 series, but
at
> this point we need something more geared towards a wide coverage area,
> rather than point to point. Any ideas would be appreciated.
>
> Bob Sites
> System Engineer
> Valley Health System (IS)
> [EMAIL PROTECTED]
>
>
> Confidentiality Notice:
>
> This e-mail message, including any attachments, is for the sole use of the
> intended recipients and may contain confidential and privileged
information.
> Any unauthorized review, use, disclosure or distribution is prohibited. If
> you are not the intended recipient, please contact the sender by reply
> e-mail and destroy all copies of the original message.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36315&t=36223
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: cipt [7:36148]

[Chuck]

I'm taking the Knowledgenet CIPT class currently. The instructor claims
among other things to be involved with the people at Cisco who do the actual
test writing. No he does not give us inside information. But as we cover the
materials, he will point out areas where the book is a bit thin, and add a
couple of points to consider. he also says this is another typical Cisco
test with poorly written questions.

CIPT is essentially configuring Call Manager. So hands on would be quite
helpful. I have not taken the test, but I am guessing that there would be
questions which require you knowing the menus. Certainly there would be
questions about sequence of set up, and the various features such as route
patterns, media resources, templates, route plans, patterns and masks,
partitions, yada yada

my impression is that lab practice is a definite plus here

Also, the instructor did mention that Cisco is revamping the CIPT test, and
lowering the passing score. I don't recall if he gave a number or not. His
advice to us was to make sure we got the new test, not the old one.

not meaning to plug knowledgenet in particular, but one of the fringe
benefits I have is access to a real call manager server for study purposes.
The neat thing is that this is a web class, and access to the labs is web
based. So I can study at odd hours of the day and night as time permits.

Chuck


""tony paparazzo""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Excuse me...So it's a problem to ask how an exam was. You really think its
> bad to ask what a passing score is.. Damn..Not like I was asking for the
> answers..Wow..Unbelievable...By the way..I have those objectives the day I
> satrted studying..I was JUST asking how the exam was...
>
> So I cant perform research cuz I asked for what passing score is...Man
> whatever.
>
>
>
> Tony
>
>
>
>
>
>
>
>
>
>
>
> ""Tim Medley""  wrote in message
> news:[EMAIL PROTECTED]...
> > Part of becoming Cisco Certified is the ability to perform research.
> >
> > http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_
> > exams/9E0-402.html
> >
> > Also what does it matter what the passing score is for the exam?
> >
> >
> > Tim Medley - CCNP+Voice, CCDP
> > Sr. Network Architect
> > VoIP Group
> > iReadyWorld
> >
> > p 704.943.3615
> > f 704.525.9119
> >
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> > tony paparazzo
> > Sent: Thursday, February 21, 2002 8:28 PM
> > To: [EMAIL PROTECTED]
> > Subject: cipt [7:36148]
> >
> > Anyone take this yet..What is passing..What are some key areas to
> > study..
> >
> > Thanks
> >
> > Tony




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36317&t=36148
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Lab this Fri. in RTP [7:36365]

[Chuck]

there's still time.

1) redistribution between any two routing protocols over any topology.

2) route filtering - there is more than one way

3) there is a topic that may be NDA if I say anything specific, but for
which there is a specific CCNP test, and which if you read this and/or the
CCIE list you see all kinds of questions, complaints, concerns.

4) there is one very important topic, but I don't want to say it directly
because I believe it crosses the NDA line. It has been discussed many times
here and over on the CCIE lab list. hope you have covered it. you may want
to check the archives of both lists to see what kinds of things are covered.

Knock 'em dead, pal!

Chuck



""Richard Newman""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Any last minute study suggestions. I've been through all the FatKid and
> CCBoot Camp labs twice. There are a couple of areas where I'm shaky which
> I'll be concentrating on. What should my focus be in this the last few
days
> of studing?
>
> Richard




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36431&t=36365
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Off Topic - HR 1542 vote Wednesday [7:36446]

[Chuck]

My employer internal e-mail is telling me that HR 1542 comes up for a vote
this Wednesday. If you have an opinion one way or another, you may want to
express it to your representative.

HR 1542 would among other things allow RBOCs to enter into the long distance
data market ( not voice, so I'm told ) It is also supposed to open up the
ISP broadband market, which my employer says is dominated by cable companies
and bankrupt CLEC's.

IMHO this would prove among other things a real boon to voice over IP as
well as data only networks, as your customers or your company could now
obtain more or al of their service from a single carrier within any of the
RBOC regions. ( There would still be 3rd party participation across RBOC
boundaries. )

I personally think this is a good idea, but you may disagree. In either
case, let your reps know how you feel.

Chuck




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36446&t=36446
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Lab this Fri. in RTP [7:36365]

[Chuck]

sure - route tags, prefix lists, various and sundry route-maps. gotta know
them! after all, if your only tool is a hammer, all your routing tables will
look like you've been nailed ;->

Chuck

""Steven A. Ridder""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> As for route filtering, I can only think of distribute lists and wacky
> offset lists.  Are there others?
>
> --
>
> RFC 1149 Compliant.
>
>
> ""Chuck""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > there's still time.
> >
> > 1) redistribution between any two routing protocols over any topology.
> >
> > 2) route filtering - there is more than one way
> >
> > 3) there is a topic that may be NDA if I say anything specific, but for
> > which there is a specific CCNP test, and which if you read this and/or
the
> > CCIE list you see all kinds of questions, complaints, concerns.
> >
> > 4) there is one very important topic, but I don't want to say it
directly
> > because I believe it crosses the NDA line. It has been discussed many
> times
> > here and over on the CCIE lab list. hope you have covered it. you may
want
> > to check the archives of both lists to see what kinds of things are
> covered.
> >
> > Knock 'em dead, pal!
> >
> > Chuck
> >
> >
> >
> > ""Richard Newman""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Any last minute study suggestions. I've been through all the FatKid
and
> > > CCBoot Camp labs twice. There are a couple of areas where I'm shaky
> which
> > > I'll be concentrating on. What should my focus be in this the last few
> > days
> > > of studing?
> > >
> > > Richard




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36447&t=36365
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Installing new IOS on new flash [7:36457]

[Chuck]

yes - download a copy of Cisco's Router Software Loader from CCO. I believe
you need a CCO login to get to that software.

http://www.cisco.com/pcgi-bin/tablebuild.pl/rsl

HTH

Chuck

""Lan Wong""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
>
> This is my first post so if I did anything incorrectly, please let me
know.
> I have recently replaced my 8 meg flash with a 16 meg flash memory on a
> 2611. Is there a faster way of loading the ios image onto this blank flash
> than using xmodem.
>
> Thanks,
>
> LW
>
>
>
> _
> Chat with friends online, try MSN Messenger: http://messenger.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36463&t=36457
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Meeting & Affordable Classes [7:36344]

[Chuck]

When you say "the WORST possible way to redistribute OSPF and IGRP!" isn't
that an oxymoron. ( shut up, Vance! )

all ways of redistributing OSPF and IGRP are the worst! ;->


""Bruce Evry""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Dear Kevin and Everyone Else,
>
> Afraid I got caught in a time warp, the message got posted a day
> after the meeting. Oh well
>
> We will try once again - This coming Saturday, March 2, 2002.
> Time: Noon to 4 PM.
> Place: Bruce's House (under construction...)
> 1607 Thomas Road, Fort Washington, Maryland 20744
>
> Howard Berkowitz may be making a special guest appearance and we
> may get to log into 2 remote CCIE Labs to finally answer the question of
> what is the WORST possible way to redistribute OSPF and IGRP!
>
> Everyone is invited. Our group is informal and there are no fees,
> dues, or secret handshakes to learn. All you need is an interest in Cisco.
> (of course bringing snacks and sodas is always encouraged!)
>
> Bring laptops and gear if you have them. If not bring yourself!
>
> Do try and let me know how many people are coming so I can get an
> appropriate amount of food. (my treat but donations are accepted)
>
> Yours Truly - Bruce Evry
>
>
>
> On Sun, 24 Feb 2002, Kevin Wigle wrote:
>
> > guess you didn't want a big turn out since I see it says sent
> > Sunday, 24 Feb
> >
> >
> > - Original Message -
> > From: "Bruce Evry"
> > To:
> > Sent: Sunday, 24 February, 2002 10:57
> > Subject: Cisco Meeting & Affordable Classes [7:36344]
> >
> >
> > > Dear Friends,
> > >
> > > After taking the month of January off, we are going to hold the
> > > next meeting/luncheon of the Washington DC group this coming Saturday.
> > >
> > > Saturday, February 23, 2002
> > > Time 10 am to 4 pm
> > > Place - Bruce's House with newly rebuilt Garage!
> > > 1607 Thomas Road, Fort Washington, MD 20744
> > >
> > > Please bring Laptops, Snacks, Sodas, Desserts and of course
> > > Routers and Switches.
> > >
> > > This session we will be doing OSPF and IGRP redistribution the
> > > hard way. Figure it's about time we kill this thing and nail down the
lid
> > > to its coffin... :)
> > >
> > > Speaking of learning Cisco stuff, I want to thank all of you who
> > > sent such nice replies to my question about affordable training.
> > >
> > > I would like to offer interested folks the chance to come visit us
> > > here at my house for a week and to do total-immersion Cisco Study.
This
> > > will be geared toward the CCIE Practical Lab.
> > >
> > > Monday will be about designing your very own lab. Then on Tuesday
> > > through Friday you get to build your lab! (and try others as well)
> > >
> > > Topics covered will include Ethernet, Token Ring, Frame Relay, ISDN,
ATM,
> > > Voice, along with all our favorite routing protocols, RIP, IGRP,
EIGRP,
> > > OSPF, and BGP.  Bonus extras include NAT, PAT, HSRP, HTTP, NTP, SMTP,
and
> > > FOOD!
> > >
> > > This offer includes room and board for those of you who are out of
> > > town. Please contact me for details and pricing. (it'll be
reasonable!)
> > >
> > > Home Phone 301-292-5231
> > > Cell Phone 202-262-5324
> > > E-mail [EMAIL PROTECTED]
> > >
> > > Yours Truly - Bruce Evry




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36475&t=36344
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco VS Foundry Networks.. [7:36448]

[Chuck]

I think the Apple versus Microsoft  and the Lotus versus Borland "look and
feel" lawsuits of the late 80's / early 90's pretty much resolved that
concern. Tain't no such thing as "look and feel" infringement.

It still brings a smile to my face, thinking how Phillippe Kahn ( sp? ) was
totally snookered by Microsoft with regards to the Borland purchase of
Ashton Tate ( Dbase II ), and Microsoft's subsequent purchase of FoxPro.

And yes Foundry is good stuff.  The selling points are a bit different than
Cisco selling points. It gets down to what best serves the customer.

Chuck


""Elijah Savage""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have heard the guys that started Foundry left Cisco, how true that is
> I do not know. But I am so surprised that nothing has come of a lawsuit
> because the CLI and almost all commands are like Cisco's from what I
> have seen of them. I do know one thing about them they are very sturdy
> in heat. In the environment they were in we had some Cisco's fail and
> Xylan switches fail due to heat; we finally did get ac put in that
> janitors closet :) but the Foundry were rock solid in the heat.
>
> These were Big Iron 8000 by the way. You can go here for a buyers guide
> comparison but I do not know how up to date it is.
> http://www.networkcomputing.com/ibg/Products?guide_id=2444
>
> Now that is my one bad comment against Cisco for the year :)
>
> www.digitalrage.org latest in Technical News and HowTo's
> www.digitalrage.org/phpBB Discussion Forums
>
>
> -Original Message-
> From: Hartnell, George [mailto:[EMAIL PROTECTED]]
> Sent: Monday, February 25, 2002 8:17 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Cisco VS Foundry Networks.. [7:36448]
>
> Depends on what you mean by "worry".
>
> I've got a couple of Foundry's in addition to the Cisco stuff.  Both L2
> and
> L3.
>
> I like them.  I like the support. And I like the company.
>
> Best, G.
>
> > -Original Message-
> > From: Washington Rico [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, February 25, 2002 4:03 PM
> > To: [EMAIL PROTECTED]
> > Subject: Cisco VS Foundry Networks.. [7:36448]
> >
> >
> > Cisco people I would like to know your impression of Foundry
> > Networks.  Are
> > they something to worry about?
> >
> > Regards,
> > Eric Washington
> >
> > _
> > $B$+$o(B &
> > $B;H$($k%V%i%&%6$G!"%$%s%?! http://explorer.msn.co.jp/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36461&t=36448
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Was Re: Where is Bruce Caslow ECP1 Class? [7:36501]

[Chuck]

Take a lesson from the financial markets. Call this an investment in the
future. The best time to buy stocks is when they are low. (
duhh )

The best time to educate and improve yourself is when the market is slow.
Now is the time to invest in yourself - training, experience, whatever you
can get.

the market is starting to come back. it's hard to tell, but this is because
jobs are a trailing indicator. Companies will delay new hiring until they
are certain the market is recovering. The economy is indeed recovering as we
speak, according to the leading indicators. This will not be reflected in
the current job market. We may not see the job market improve for several
more months. But I can tell you, I'm seeing a lot more in terms of customer
activity than I was seeing six months ago. Or three months ago, for that
matter. the biggies are VoIP and VPN, but there is a good share of
infrastructure upgrade. Without the idiots from defunct places like M1
mucking up the dialogue, customers are getting better advice IMHO, and are
seeing the value of investing now.

I suspect the real question here is whether or not there is value to being a
CCIE as opposed to some other certification, or expertise in networking in
general. We could debate this point until doomsday and never come up with a
definitive conclusion. IMHO the skills acquired during the CCIE Lab prep
process are valuable. The cert itself may or may not be of value to a
particular employer.

My own opinion - always invest in yourself. Invest in the skills that will
keep you challenged and keep you employed.

Chuck


""John Neiberger""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I'm curious about the feelings others have toward this sort of class,
> especially considering the current job market.  A couple of years ago if
> you had CCIE on your resume you were almost sure to get an outrageous
> salary with bonues and other killer benefits.  This more than offset the
> cost of taking these sorts of classes.
>
> In the current market, I've heard that if you have a job position that
> requires a CCIE you'll get ten applications!  With the HUGE numbers of
> unemployed engineers--of course, depending on where you live--it is no
> longer a 'sure thing' that you'll even be able to find a job, let alone
> get those huge salaries that made everyone salivate.
>
> So, if you had to pay for something like this out of your own pocket,
> do you think it's worth it?  Do you think a one-week class that costs
> over $4,000 will pay off more in the long run than spending a fraction
> of that on a few more routers and some books and then putting in an
> extra month or two of practice and study?
>
> Here in Denver the market REALLY sucks right now.  Even if I pass the
> lab the chances of me moving to a different company--and therefore
> getting a better salary--are slim to none and Slim might have just left
> town.
>
> I guess what I'm getting at is this:  do you think these types of
> companies are pricing themselves right out of the market based on demand
> figures from a couple of years ago?  Or, do they seem to be operating on
> the premise that as long as there are people willing to pay exorbitant
> prices, they'll charge sky-high prices.
>
> What are your thoughts?
>
> John
>
>
>
> >>> "Rob Webber"  2/26/02 10:21:23 AM >>>
> Now called "RS-NMC-1 (Routing and Switching Net Master Class)"
>
> Rob.
>
> ""Will K.""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Does anyone know where information about this class can be found?
> Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36522&t=36501
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ATM question [7:36496]

[Chuck]

not to be a smart ass, but it depends. below are some ideas based on what my
local telco offers:

 wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Greetings all,
>
> Couple of general questions about ordering ATM services.
>
> 1- At what increments can I order ATM from a service provider

this is dependent upon the local telco. in this area thre minimum is ATM
T1 - 1.54 you can order 1, 2, 4, or 8, and use IMA to inverse mux them.
after that the local telco here offers 25 mbs and 45 mbs. and so on.

> 2- What kind of termination equipment normally used (ATM DSU, etc)

depends on your decision based on #1. T1 ATM would usually terminate on ATM
IMA equipment. this can be a router blade, or an external box from someplace
like Adtran of Kentrox ( yes I know they changed their name ) up to 45 mbs
would probably come in on a DS3 electrical ( coax ) but more likely the
telco would hand off fiber. OC3 and up would definitely be fiber.

> 3- what are the cost for ATM services.

depends on the local telco. I don't know pricing off hand as I sell
equipment and the telco people sell transport. I believe that a T1 ATM
around here is about the same cost as a regular T1

> 4- Please add anything here that might be relevant to my above
> questions.

keep probing your provider - ask a lot of questions. get a second opinion
from a different provider. keep in mind that prtoviders will charge you in
part based upon the pricing they get from theri telco. If the telco charges
the ISP 5K for transport, the ISP is going to charge you 6K so they can make
some money. Shop around.

>
> Thanks a lot for your time.
>
> Nabil




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36525&t=36496
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Naming Conventions [7:36535]

[Chuck]

there is a chapter in Howard Berkowitz' book Designing Addressing
Architectures that covers this topic.

there are many other good reasons for owning this book

""Richard Tufaro""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hey Im looking for a good naming convention that clearly tells the
location,
> company and function of the device. Does anyone what to submit there
naming
> contentions? What is the "best" naming convention?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36548&t=36535
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP metrics [7:36596]

[Chuck]

how does the router know?  I would imagine the router OS checks the BGP
origin. If I am AS 559 and I receive a BGP route that originates in AS 559,
it is either iBGP, or I have a loop. If AS 559 is the only AS in the AS
path, it follows that it is an iBGP route, and therefore is assigned an AD
of 200.

make sense?



""Thom Castognalia""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> How does a router assign an iBGP AD vs. an eBGP AD?  The iBGP AD is less
> preferred than EIGRP and the other interior RPs, is that correct?  (one
week
> until R&S qual. exam)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36606&t=36596
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: speaking of PIX clones [7:36593]

[Chuck]

if you ever want to see something funny, tell a customer in the presence of
a Cisco account team that the customer should sell his old stuff on eBay
rather than trade it in to Cisco.

if looks could kill...

on a more serious note, while Cisco can make a very good legal case against
folks who buy used routers, then download new IOS images, I think it might
be very difficult for them to take legal action against people who sell used
Cisco equipment, or those who buy. This ground has already been covered with
used PC's, used IBM computer and terminal equipment, used cars, used books,
etc etc etc.


""Mike Sweeney""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I just heard from a friend that a SonicWall rep was saying(dont you love
5th
> hand news) that Cisco is planning to crack down on PIXes being resold on
> Ebay by killing any and all support for them. No smartnet, no software, no
> activation keys etc..
>
> I personally think it is a bunch of hooyie.. The number of PIX units being
> sold 2nd hand on Ebay is a grain of sand compared to national/world sales
of
> new units and to expend that much effort, ill will and bad karma really
> doesnt strike me as the "cisco way" of doing business. MS maybe.. but not
> cisco.
>
> Am I off base here?  even if it's a bunch of crap, it makes for some
> interesting thoughts.. whats next? no support for used routers? switches ?
> talk about killing the goose that lays golden eggs..
>
> MikeS




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36608&t=36593
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Security Design - PIX or Whatever [7:36677]

[Chuck]

Just to remove this topic from that other thread about PIX clones, Patrick
R. brought up some good points in one of his posts.

Security design ( which is apparently NOT what cisco teaches or tests in
their security programs ) is a lot more than just closing ports and doing
NAT.

Many organizations have reason to segregate various pats of their network
from eachother. Financial institutions, medical organizations, insurance
companies, any operation that has information that is "need to know" has
reason to set up multiple security zones. We cover some of this thinking
when we talk about access-lists. Modern multiport firewalls take this to its
logical extreme in their design and philosophy.

for example, given a County School Board, which has an internet connection,
and permits multiple school districts to share that internet connection
through a WAN. Is it reasonable or rational, let alone good security
practice, to consider a two port firewall as adequate protection? ( three
port if there is a DMZ for, say, school web sites ) 

how about a brokerage firm, where there are supposed to be "chinese walls"
between their sales, investment banking, and research operations?

what about any company with payroll, human resources, sales, "trade secret"
operations such as manufacturing or patent development?

With everyone become interconnected, it is more important than ever to study
security in terms of protecting assets, rather than filtering ports or
addresses. Identification of those assets is an integral part of the
process.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36677&t=36677
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Security Design - PIX or Whatever [7:36677]

[Chuck]

don't even get me started on this. I work for an organization that uses
employee SSN numbers for validation purposes in a lot of instances. So when
I call the Help Desk to complain about e-mail ( an ongoing problem ) I am
asked to provide my SSN to the folks there. In these days of rampant and
easy identity theft, how smart is it to allow access to a large database of
valid SSN's to practically everyone who asks?

HIPAA??? isn't that on hold for review?  You know, I was reading through one
of the drafts and I thought I saw something that floored me - the regulators
were stating that multiplexed links such as frame relay and ATM were
considered unsecure because different organizations were "sharing" circuits.
The implication was that healthcare organizations would have to move to
point to point technologies - most of which end up passing through ATM
backbones anyway. Sheesh.

Longer term I believe that security solutions will involve end to end
encryption - server to host, on the LAN as well as the WAN, in addition to
what is already done on VPN's.

I always liked the HIPAA provision about management responsibility and
management fines and jail time for failure to comply. Wish that were so in a
lot of other industries where I have worked. ;->

Chuck



""William Gragido""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> The only difference is that those organizations (physicians as well), will
> held accountable for violation of HIPPA and face fines and potentially
jail
> time :-(
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, February 27, 2002 12:30 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Security Design - PIX or Whatever [7:36677]
>
>
> Lets not forget politcal concerns when trying do a reasonable level of
> security. I worked a healthcare provider and boy, you should have heard
the
> Docs squawk about passwords and pin codes for access to the primary
> LAN/WAN... to the point that admin overruled the IS dept and special
> *permission* not to use the security procedures...  happens every day..
>
> MikeS
> '




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36686&t=36677
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP metrics [7:36596]

[Chuck]

I checked RFC 1771 just to be sure. You are correct that I should not have
discussed this in terms of the AS-PATH

Within the BGP update message there is a field defined as "path attributes"

One of the sub fields of path attributes is the "origin" . bit settings
within this sub field are the indicator if a route is iBGP, eBGP, or
incomplete. The originating router sets these bits, I presume based on the
nature of its neighbor relationship.

In answer to the original post, the answer to these kinds of questions can
usually be found within the published standard. The router, being a
computer, merely processes data and produces information based upon the
results of that processing.

Chuck


""[EMAIL PROTECTED] (Timothy Ouellette)""  wrote in
message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Chuck,
>
> Wouldn't it be safer to say that if a BGP speaking router learns a
> prefix from a peer that doesn't have an AS-path attribute (what you
> referenced as being originated from)  then it is IBGP because bgp
> won't tag it's own as-path onto a prefix until it tries to go over a
> ebgp connectiong. Furthermore, when you set up your 'neighbor x.x.x.x
> remote-as yyy' your pretty much defining that routes learned from that
> neighbor are ibgp (if that yyy is the same as your yyy) or ebgp (if
> they're different).
>
> Tim
>
> On 27 Feb 2002 01:35:07 -0500, [EMAIL PROTECTED] ("Chuck") wrote:
>
> >how does the router know?  I would imagine the router OS checks the BGP
> >origin. If I am AS 559 and I receive a BGP route that originates in AS
559,
> >it is either iBGP, or I have a loop. If AS 559 is the only AS in the AS
> >path, it follows that it is an iBGP route, and therefore is assigned an
AD
> >of 200.
> >
> >make sense?
> >
> >
> >
> >""Thom Castognalia""  wrote in message
> >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> >> How does a router assign an iBGP AD vs. an eBGP AD?  The iBGP AD is
less
> >> preferred than EIGRP and the other interior RPs, is that correct?  (one
> >week
> >> until R&S qual. exam)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36761&t=36596
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Study Plan [7:36763]

[Chuck]

Take the words of this two time loser with the appropriate grain of salt,
but consider well how you organize your notes. You will be writing down
observations, sketching lab setups, and testing a lot of things. You will be
making extensive notes. You will most definitely want to review your
findings occasionally. It doesn't matter how - whether you use file folders
or notebooks, but you will definitely want to group your notes not only by
date, but by topic.

I have a lot of reasonably good notes on a lot of topics. Damned if I can
find what I'm looking for most of the time. ;->

Chuck



""Lan Wong""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
>
> After getting my NP and CCSA few months ago, I have decided to prepare for
> the CCIE lab. I have bought just about all the equipments that were
> recommend on this board. I also have numerous books: CCIE Practical
Studies,
> Routing TCP/IP I & II, Caslow Bridges, Routers, and Switches for CCIEs,
> Cisco CCIE Practical Kit by Satterlee & Hutnik, OSPF Network Design, Cisco
> ATM Sol., Cisco BGP-4 Command, Internet Routing Arch. 2nd Edt., Cisco
Voice
> over Fr/ATM/IP, MPLS and VPN Arch..
>
> Could someone shred some lights as to what is the most effective way to
> study. I am currently putting approx. 4-8 hrs. each day.
>
> I am interested in finding out what strategies other great ones have taken
> to achieve their CCIE destination or people who are in the process of
> obtaining their CCIE.
>
> Lastly, does anyone know if there's a study group in Philly (KOP)?
>
> Thanks,
>
> LW
>
>
>
> _
> Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36764&t=36763
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ppp multilink cmd. prevents pings?? [7:36465]

[Chuck]

this one has been kicking around in my thoughts for a couple of days. Hope
this discussion is still relevant.

In looking through CCO ( configuration guide -
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/dial
ts_c/dtsprt4/dcdppp.htm#19282
watch the wrap )

it would appear that with regard to the multilink operation, that the end
points of the link are the virtual-template, and not the physical
interfaces. I tested this by placing ip addresses on the physical
interfaces, saving my configuration, reloading the routers ( to eliminate
artifact after all the screwing around I've been doing to get this to work,
and then to develop a checklist for PPP multilink. )

In any case, I issued a debug ip packet, and the output shows an
encapsulation failed at layer 2.

I believe you discovered this for yourself, when you report that upon
removing ppp multilink, you have no problem pinging on the physical
interface.

check the following output:

00:07:20: IP: s=192.168.1.7 (local), d=192.168.1.8 (Serial1), len 100,
sending
00:07:20: IP: s=192.168.1.7 (local), d=192.168.1.8 (Serial1), len 100,
encapsula
tion failed.
Success rate is 0 percent (0/5)

so the answer to your question is cronkite - because that's the way it
works! It is probably more helpful to suggest that ppp multilink creates a
single layer two link, and Cisco has chosen to use the virtual-template as
the Layer 3 interface to that Layer 2 circuit.

HTH

Chuck


""Cisco Nuts""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello,
> I have 2 routers, Remote and Central connected via 2 serial intfs. I have
> ppp pap auth. and ppp multilink configed. on these intfs. This creates a
> virtual intf. Virtual-Access1 intf. which allows me to learn about
networks
> on Remote and Central. I can ping successfully to these networks but when
I
> ping the serial ip itself of the other side, it fails. Why would the ppp
> multilink cmd. prevent me from pinging the serial ip itself but allow me
to
> ping to networks that is actually being learned through these serial
intfs?
> Obviously, when I remove the ppp multilink cmd. pings work fine for both
> serials!
> Output:
> Remote#ping 4.4.4.2
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 4.4.4.2, timeout is 2 seconds:
> .
> Success rate is 0 percent (0/5)
>
> Remote#ping 21.21.21.1
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 21.21.21.1, timeout is 2 seconds:
> !
> Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/28 ms
>
> With ppp multilink cmd. removed from the serials:
>
> Remote#ping 4.4.4.2
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 4.4.4.2, timeout is 2 seconds:
> !
> Success rate is 100 percent (5/5), round-trip min/avg/max = 36/37/40 ms
>
> Any ideas?? Thank you.
>
>
>
>
>
>
>
> _
> Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36766&t=36465
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MPLS in CCIE [7:36682]

[Chuck]

I suppose the philosophical question is whether the CCIE a forward looking
or backward looking cert? I am under the impression that Cisco originally
geared the test around what a significant number of Cisco large customers
were running.

I'm sure there are still Vines networks around. I'm not sure if PG&E, for
example, ever got around to migrating away from Vines. Let alone Nature's
Conservancy. Hell, there might even be a few XNS networks out there
somewhere.

Especially now that the Lab format is one day, Cisco can't test for
everything. They have to focus.  So it becomes a matter of what's important.
Sooner or later ( and this will be bad news for most of us ) Cisco is also
going to have to migrate the Lab pods to more current equipment. Either that
or tacitly admit that a lot of the high end solutions they hawk are really
not all that important.

Another tack they might take is to create CCIE tracks for every specialty
that comes along - voice, WAN, QoS, wireless, VPN, etc.

But I'm not sure I agree that just because there are people out there
running obsolete technologies, that the CCIE Lab should test those
technologies. IBM now runs Linux on some of their mainframe products. Token
ring and DLSw are dying. The future is IP. Sure the legacy stuff will hang
on for a while yet. But seeing as CCIE skills are as much a marketing
strategy for Cisco as a resource for customers, I would think that older
technologies will have to yield their place in the lab for the new stuff
that Cisco counts on for future revenue.

Just my couple of cents.

Chuck

""David C Prall""  wrote in message
news:[EMAIL PROTECTED].;
> Steven,
> I don't know if it is outdated or not. I still have customers running
Vines,
> DecNet, IPX and AppleTalk. Of course chaos, apollo and pup I haven't seen
> recently in the real world.
>
> David C Prall   [EMAIL PROTECTED]   http://dcp.dcptech.com
> - Original Message -
> From: "Steven A. Ridder"
> To:
> Sent: Wednesday, February 27, 2002 3:51 PM
> Subject: Re: MPLS in CCIE [7:36682]
>
>
> > For routing and switching - none.  Is it me or is the R&S track getting
> > outdated?  It seems to cover technologies that, although are useful, not
> as
> > current.
> >
> > --
> >
> > RFC 1149 Compliant.
> >
> >
> > ""Persio Pucci""  wrote in message
> > news:[EMAIL PROTECTED].;
> > > How much of MPLS (if some at all) is covered in the CCIE exams?
> > >
> > > tks!
> > >
> > > Persio Pucci - CCNP
> > > UOL Inc. - Tecnologia
> > > [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36819&t=36682
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RSTP - what's up with that? [7:36851]

[Chuck]

This sounds like a question for Super Designer!

Truly, in Radia Perlman's book Interconnections there is good information
about how STP works. If you've read it, you also know that there is no
shortage of remarks of one sort or another about the shortcomings and
compromises in various protocols of one kind or another. I don't recall any
regarding STP, but I was awfully sleepy at the time. ;->


""nrf""  wrote in message
news:[EMAIL PROTECTED].;
> Cool.  That's pretty much exactly what I was looking for.
>
> It still leaves one of my questions unanswered though.  I know this might
> sound like a wise-ass question, but I assure you that I ask this with no
> malice.  If RSTP really does offer such an improvement over STP, then why
> didn't we always have RSTP?  Specifically, why didn't the inventors of the
> original STP put the features of RTSP into STP?  Was it just a matter of
> learning from a mistake -  that they thought that the long STP convergence
> time was acceptable, and then later realized that it wasn't?  Or that they
> wanted to keep STP simple, only to find that customers really wanted these
> advanced (albeit complex) features?  Or were there some technical issues
> with switches in the old days that might have prevented proper RTSP
> implementation?  Or something else?
>
>
> ""Priscilla Oppenheimer""  wrote in message
> news:[EMAIL PROTECTED].;
> > You can get to the standard. You don't have to be a member of IEEE.
> >
> > filler due to url bug filler due to url bug filler due to url bug filler
> > due to url bug filler due to url bug filler due to url bug filler due to
> > url bug filler due to url bug filler due to url bug
> >
> > Near the bottom of the following page, click on Terms and Conditions and
> > agree to give away your first born child if you should break these terms
> > and then you can get to many standards, inlucding IEEE 802.1w. Please
let
> > us know what you find out. ;-)
> >
> > http://standards.ieee.org/getieee802/
> >
> > Priscilla
> >
> >
> > At 04:09 PM 2/28/02, nrf wrote:
> > >Does anybody know exactly how Rapid Spanning Tree works, or have a link
> that
> > >describes it in detail? What I'm really interested in knowing is the
> > >technical details that make it better than old-school STP, and in
> > >particular, if RSTP is better, then why didn't the original STP
designers
> > >make it like RSTP in the first place (not trying to criticize, I'm just
> > >interested in the evolutionary process of protocols)?
> > >
> > >What I find curious is that I searched and while I found that  web
sites
> > >freely discuss how RSTP is better (or not), or talk about which vendors
> have
> > >implemented it or not,  I haven't found a single site that describes
> exactly
> > >what RSTP is doing from a technical perspective and why whatever it is
> doing
> > >is better than STP.  Furthermore, I'm not a member of IEEE, so I guess
I
> > >can't access the 802.1w doc.
> > 
> >
> > Priscilla Oppenheimer
> > http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36906&t=36851
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Config PVC on LS1010 [7:36909]

[Chuck]

I posted something a couple of months back.

unlike on a frame relay switch, you do the route statement on only one of
the interfaces.

for example:

interface ATM0/1/0
 no ip address
 no ip directed-broadcast
 atm ilmi-keepalive
!
interface ATM0/1/1
 no ip address
 no ip directed-broadcast
 atm ilmi-keepalive
 atm pvc 1 101  interface  ATM0/1/0 1 100

this works fine - 1/0 is PVC 1 100 and 1/1 is pvc 1/101

make sense?

chuck


""D Rick""  wrote in message
news:[EMAIL PROTECTED].;
> Does anyone have experience in cfg on LS1010?  I have hard time getting my
> PVC under an interface.  I'm running ver 11.3
>
>
> Thanks in advance,
> Rick




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36911&t=36909
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Can i choose which firewall to use for internet? [7:36920]

[Chuck]

sure.

Router_A

ip route 0.0.0.0 0.0.0.0 x.x.x.100

Router_B

ip route 0.0.0.0 0.0.0.0 x.x.x.200

assuming those addresses are the inside interface addresses of the
firewalls.

sure you don't want to load balance?




""beth""  wrote in message
news:[EMAIL PROTECTED].;
> Is there anyway to configure a cisco router to use a particular firewall
for
> its internet connection?
> for instance i want router A to use xxx.xxx.xxx.100  and router B to use
> firewall xxx.xxx.xxx.200
> ANY replies would be appreciated.
> (any with examples would be GREATLY appreciated! :)  )




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36921&t=36920
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Can i choose which firewall to use for internet? [7:36920]

[Chuck]

based on your private message - you left out the fact that these are remote
sites connecting to a central site, and you want each of the remote sites to
use a different firewall

the answer is policy routing on the central site router.

I sent you a rough config idea, but it will have to be refined a bit using
access lists so that internet traffic is distinguished from non internet
traffic.

but policy routing is the way to go, give a central site and several remote
sites.

Chuck


""beth""  wrote in message
news:[EMAIL PROTECTED].;
> Is there anyway to configure a cisco router to use a particular firewall
for
> its internet connection?
> for instance i want router A to use xxx.xxx.xxx.100  and router B to use
> firewall xxx.xxx.xxx.200
> ANY replies would be appreciated.
> (any with examples would be GREATLY appreciated! :)  )




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36969&t=36920
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

A Note From Your Friendly Moderator [7:36978]

[Chuck]

On occasion I am unable to check the moderator's queue on a timely or
regular basis. this has meant that some messages, flagged due to the
presence of "forbidden words" have not been released. Some folks then try to
send again, thinking that the internet ate their previous post.

So, 1) be patient. Your friendly moderator will get to the queue sooner of
later and 2) please accept my apologies if duplicates are appearing. I don't
always catch the fact that someone has posted multiple times.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36978&t=36978
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: A Note From Your Friendly Moderator [7:36978]

[Chuck]

The "forbidden words" are there mainly to stop spam, but also to stop some
of the non-Cisco study messages that occasionally pop up.

references to entertainment sites of various kinds ( you guys especially
know what I mean ;-> )  certain types of language, even certain web sites
are flagged. no biggie.

for example, xxx gets flagged. any message referencing router xxx ends up in
the queue. your friendly moderator reads the message and determines it is ok
to post, and not a solicitation to participate in certain recreational
activities, and all is well.

BTW, messages of excessive length get flagged as well. There is one list
member who subscribes to the digest, and who every time she goes on
vacation, ends up trying to post an "out of office" message with a long
digest attached. plonk

another funny forbidden word is "teen" again - put in there to stop spam
from a certain entertainment site. Every discussion about token ring speed
gets flagged because "sixteen" shows up on the list.




""Steven A Ridder""  wrote in message
news:[EMAIL PROTECTED].;
> what are the forbidden words? Why are they there?
>
> --
> RFC 1149 Compliant
>
> ""Chuck""  wrote in message
> news:[EMAIL PROTECTED].;
> > On occasion I am unable to check the moderator's queue on a timely or
> > regular basis. this has meant that some messages, flagged due to the
> > presence of "forbidden words" have not been released. Some folks then
try
> to
> > send again, thinking that the internet ate their previous post.
> >
> > So, 1) be patient. Your friendly moderator will get to the queue sooner
of
> > later and 2) please accept my apologies if duplicates are appearing. I
> don't
> > always catch the fact that someone has posted multiple times.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37018&t=36978
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Applying "prefix-list" to "interface" (not BGP processor), [7:37021]

[Chuck]

depending upon what you are trying to do, you could set up policy routing on
the Ethernet interface, and the associate route map would use the prefix
list.
""Jerry Lu""  wrote in message
news:[EMAIL PROTECTED].;
> I think the same message that I sent out yesterday to the list somehow
> got lost - never saw it showed up. So here it comes again.
>
> I was trying to see if it's possible to create an "access-list" that has
> sequence numbers associated with each entry in it. The goal here is to be
> able to insert a new entry to a specific position (for example, to the 3rd
> line, instead of to the bottom) so I don't have to take the whole
> access-list out, re-arrange the order of all entries, then insert it back
> to the router. This "access-list" will be used on Ethernet interfaces.
>
> Although I had never tried, somehow I have the impression that it's doable
> via "named access list", at first. After spending several hours on this
> issue, it seems to me that I was wrong. Couldn't find a way to add the
> sequence number to entries in "named access list".
>
> The closest thing I could find is "prefix-list". However, I couldn't seem
> to find out how to associate the "prefix-list" that I created with
> Ethernet interfaces on my routers (Cisco 4500 running IOS 12.0). Cannot
> find the command under the (config-if) mode to make the interface
> work with the "prefix-list". I checked the archives, the books I have, and
> Cisco website. The only time "prefix-list" is mentioned is when talking
> about BGP. Looks to me that "prefix-list" is specifically used with BGP
> for route filtering, not with router interfaces. Am I right about this
> conclusion?
>
> If that's true, is there any other way that could achieve my goal?
>
> Thanks for your help!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37021&t=37021
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VLSM and CIDR [7:37031]

[Chuck]

I think you're trying to outsmart yourself. Can't be done!!! ;->

I showed you in my private reply the result of the EIGRP test I set up. The
answer was "no problem"

I also know from long lab rat experience that it is not a problem with OSPF.

I have not tried with either IS-IS or Ripv2, but again, why not?

there may be issues with older IOS code. Some vendor older models may not
support it. But I have no reason based on my experience, to believe that it
is an issue with current IOS code.

Chuck



""Pierre-Alex Guanel""  wrote in message
news:[EMAIL PROTECTED].;
> The statement that provoked my question is from RFC 1721. They say
>
> "Subnet masks are also necessary for implementation of "classless"
> addressing, as the CIDR work proposes"
>
> thus the question "if a routing protocol supports subnet mask does that
> automatically mean that it can do CIDR?
>
> ( I think the answer is no because CIDR means that you could have masks
> stilling bits from the newtork ID and the router may not like this  I
> also think that historically subnetting and Variable Length subnet masking
> came before CIDR. But those are just speculations. I don't have examples /
> references to support my arguments and I would like to know if I am
correct.)
>
>
> Thanks,
>
> Pierre-Alex




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37034&t=37031
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VLSM and CIDR [7:37031]

[Chuck]

kinda in answer to your private message:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c
/ipcprt2/1cdrip.htm
watch the wrap

according to this, Cisco's implementation of Ripv2 does indeed support CIDR

On the other hand, getting this to work appears to be problematic. A check
of Doyle shows no CIDR example for Ripv2 A look though Large Scale IP
Network Solutions yields this interesting sentence: "RIPV2 is able to
support classless interdomain routes. It can propagate a classless route
through redistribution"

I can't get a damn CIDR route to show up in the RIPv2 table no matter how
many hokey pokies I do.

At this point I'm going to assume you have tried RipV2 and have had the same
frustration I just had - seeing no CIDR routes. This calls for a bit more
research.

Chuck


""Chuck""  wrote in message
news:[EMAIL PROTECTED].;
> I think you're trying to outsmart yourself. Can't be done!!! ;->
>
> I showed you in my private reply the result of the EIGRP test I set up.
The
> answer was "no problem"
>
> I also know from long lab rat experience that it is not a problem with
OSPF.
>
> I have not tried with either IS-IS or Ripv2, but again, why not?
>
> there may be issues with older IOS code. Some vendor older models may not
> support it. But I have no reason based on my experience, to believe that
it
> is an issue with current IOS code.
>
> Chuck
>
>
>
> ""Pierre-Alex Guanel""  wrote in message
> news:[EMAIL PROTECTED].;
> > The statement that provoked my question is from RFC 1721. They say
> >
> > "Subnet masks are also necessary for implementation of "classless"
> > addressing, as the CIDR work proposes"
> >
> > thus the question "if a routing protocol supports subnet mask does that
> > automatically mean that it can do CIDR?
> >
> > ( I think the answer is no because CIDR means that you could have masks
> > stilling bits from the newtork ID and the router may not like this 
I
> > also think that historically subnetting and Variable Length subnet
masking
> > came before CIDR. But those are just speculations. I don't have examples
/
> > references to support my arguments and I would like to know if I am
> correct.)
> >
> >
> > Thanks,
> >
> > Pierre-Alex




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37042&t=37031
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VLSM and CIDR [7:37031]

[Chuck]

well, to continue to beat this dead horse ( like anyone cares about RIPv2
CIDR anyway )

Gateway of last resort is not set

 172.17.0.0/24 is subnetted, 1 subnets
C   172.17.1.0 is directly connected, TokenRing0
 173.4.0.0/24 is subnetted, 1 subnets
C   173.4.57.0 is directly connected, Loopback0
 161.52.0.0/24 is subnetted, 1 subnets
R   161.52.1.0 [120/1] via 132.31.99.8, 00:00:24, Virtual-Access1
 132.31.0.0/16 is variably subnetted, 2 subnets, 2 masks
C   132.31.99.8/32 is directly connected, Virtual-Access1
C   132.31.99.0/24 is directly connected, Virtual-Access1
C192.168.0.0/24 is directly connected, Serial0
C192.168.1.0/24 is directly connected, Serial1
C200.0.0.0/8 is directly connected, Loopback101
R201.0.0.0/15 [120/5] via 132.31.99.8, 00:00:11, Virtual-Access1
R96.0.0.0/4 [120/5] via 132.31.99.8, 00:00:00, Virtual-Access1
R203.0.0.0/8 [120/5] via 132.31.99.8, 00:00:00, Virtual-Access1
R129.0.0.0/12 [120/5] via 132.31.99.8, 00:00:00, Virtual-Access1
C181.48.0.0/13 is directly connected, Loopback201
R7#

note all the CIDR routes in the routing table, all learned via RIP.

How?

interface Loopback101
 ip address 201.0.0.1 255.254.0.0
!
interface Loopback1001
 ip address 203.0.0.1 255.0.0.0
!
interface Loopback1002
 ip address 129.1.1.1 255.240.0.0
!
interface Loopback1003
 ip address 100.1.1.1 240.0.0.0
!
router rip
 version 2
 redistribute connected metric 5
 network 132.31.0.0
 network 161.52.0.0
 network 201.0.0.0
 no auto-summary

you apparently do have to redistribute the CIDR routes into RIPv2. Silly me.
Why wouldn't that be obvious?

Chuck



""Chuck""  wrote in message
news:[EMAIL PROTECTED].;
> kinda in answer to your private message:
>
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c
> /ipcprt2/1cdrip.htm
> watch the wrap
>
> according to this, Cisco's implementation of Ripv2 does indeed support
CIDR
>
> On the other hand, getting this to work appears to be problematic. A check
> of Doyle shows no CIDR example for Ripv2 A look though Large Scale IP
> Network Solutions yields this interesting sentence: "RIPV2 is able to
> support classless interdomain routes. It can propagate a classless route
> through redistribution"
>
> I can't get a damn CIDR route to show up in the RIPv2 table no matter how
> many hokey pokies I do.
>
> At this point I'm going to assume you have tried RipV2 and have had the
same
> frustration I just had - seeing no CIDR routes. This calls for a bit more
> research.
>
> Chuck
>
>
> ""Chuck""  wrote in message
> news:[EMAIL PROTECTED].;
> > I think you're trying to outsmart yourself. Can't be done!!! ;->
> >
> > I showed you in my private reply the result of the EIGRP test I set up.
> The
> > answer was "no problem"
> >
> > I also know from long lab rat experience that it is not a problem with
> OSPF.
> >
> > I have not tried with either IS-IS or Ripv2, but again, why not?
> >
> > there may be issues with older IOS code. Some vendor older models may
not
> > support it. But I have no reason based on my experience, to believe that
> it
> > is an issue with current IOS code.
> >
> > Chuck
> >
> >
> >
> > ""Pierre-Alex Guanel""  wrote in message
> > news:[EMAIL PROTECTED].;
> > > The statement that provoked my question is from RFC 1721. They say
> > >
> > > "Subnet masks are also necessary for implementation of "classless"
> > > addressing, as the CIDR work proposes"
> > >
> > > thus the question "if a routing protocol supports subnet mask does
that
> > > automatically mean that it can do CIDR?
> > >
> > > ( I think the answer is no because CIDR means that you could have
masks
> > > stilling bits from the newtork ID and the router may not like this

> I
> > > also think that historically subnetting and Variable Length subnet
> masking
> > > came before CIDR. But those are just speculations. I don't have
examples
> /
> > > references to support my arguments and I would like to know if I am
> > correct.)
> > >
> > >
> > > Thanks,
> > >
> > > Pierre-Alex




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37043&t=37031
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VLSM and CIDR [7:37031]

[Chuck]

what gets me is how Cisco says they support CIDR in their implementation of
RIPv2, and yet CIDR routes are not advertised natively. You have to F*G
redistribute CIDR routes into RIPv2 before they will be advertised. Exactly
what good is that?

Oh, and boo to CCO for the absolute lack of any information on this.


""Pierre-Alex Guanel""  wrote in message
news:[EMAIL PROTECTED].;
> Ok, you win :)
>
> Pierre-Alex
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Chuck
> Sent: Friday, March 01, 2002 8:32 PM
> To: [EMAIL PROTECTED]
> Subject: Re: VLSM and CIDR [7:37031]
>
>
> well, to continue to beat this dead horse ( like anyone cares about RIPv2
> CIDR anyway )
>
> Gateway of last resort is not set
>
>  172.17.0.0/24 is subnetted, 1 subnets
> C   172.17.1.0 is directly connected, TokenRing0
>  173.4.0.0/24 is subnetted, 1 subnets
> C   173.4.57.0 is directly connected, Loopback0
>  161.52.0.0/24 is subnetted, 1 subnets
> R   161.52.1.0 [120/1] via 132.31.99.8, 00:00:24, Virtual-Access1
>  132.31.0.0/16 is variably subnetted, 2 subnets, 2 masks
> C   132.31.99.8/32 is directly connected, Virtual-Access1
> C   132.31.99.0/24 is directly connected, Virtual-Access1
> C192.168.0.0/24 is directly connected, Serial0
> C192.168.1.0/24 is directly connected, Serial1
> C200.0.0.0/8 is directly connected, Loopback101
> R201.0.0.0/15 [120/5] via 132.31.99.8, 00:00:11, Virtual-Access1
> R96.0.0.0/4 [120/5] via 132.31.99.8, 00:00:00, Virtual-Access1
> R203.0.0.0/8 [120/5] via 132.31.99.8, 00:00:00, Virtual-Access1
> R129.0.0.0/12 [120/5] via 132.31.99.8, 00:00:00, Virtual-Access1
> C181.48.0.0/13 is directly connected, Loopback201
> R7#
>
> note all the CIDR routes in the routing table, all learned via RIP.
>
> How?
>
> interface Loopback101
>  ip address 201.0.0.1 255.254.0.0
> !
> interface Loopback1001
>  ip address 203.0.0.1 255.0.0.0
> !
> interface Loopback1002
>  ip address 129.1.1.1 255.240.0.0
> !
> interface Loopback1003
>  ip address 100.1.1.1 240.0.0.0
> !
> router rip
>  version 2
>  redistribute connected metric 5
>  network 132.31.0.0
>  network 161.52.0.0
>  network 201.0.0.0
>  no auto-summary
>
> you apparently do have to redistribute the CIDR routes into RIPv2. Silly
me.
> Why wouldn't that be obvious?
>
> Chuck
>
>
>
> ""Chuck""  wrote in message
> news:[EMAIL PROTECTED].;
> > kinda in answer to your private message:
> >
> >
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c
> > /ipcprt2/1cdrip.htm
> > watch the wrap
> >
> > according to this, Cisco's implementation of Ripv2 does indeed support
> CIDR
> >
> > On the other hand, getting this to work appears to be problematic. A
check
> > of Doyle shows no CIDR example for Ripv2 A look though Large Scale IP
> > Network Solutions yields this interesting sentence: "RIPV2 is able to
> > support classless interdomain routes. It can propagate a classless route
> > through redistribution"
> >
> > I can't get a damn CIDR route to show up in the RIPv2 table no matter
how
> > many hokey pokies I do.
> >
> > At this point I'm going to assume you have tried RipV2 and have had the
> same
> > frustration I just had - seeing no CIDR routes. This calls for a bit
more
> > research.
> >
> > Chuck
> >
> >
> > ""Chuck""  wrote in message
> > news:[EMAIL PROTECTED].;
> > > I think you're trying to outsmart yourself. Can't be done!!! ;->
> > >
> > > I showed you in my private reply the result of the EIGRP test I set
up.
> > The
> > > answer was "no problem"
> > >
> > > I also know from long lab rat experience that it is not a problem with
> > OSPF.
> > >
> > > I have not tried with either IS-IS or Ripv2, but again, why not?
> > >
> > > there may be issues with older IOS code. Some vendor older models may
> not
> > > support it. But I have no reason based on my experience, to believe
that
> > it
> > > is an issue with current IOS code.
> > >
> > > Chuck
> > >
> > >
> > >
> > > ""Pierre-Alex Guanel""  wrote in message
> > > news:[EMAIL PROTECTED].;
> > > > The statement that provoked my question is from RFC 1721. They say
> > > >
> > > > "Subnet masks are also necessary for implementation of "classle

Re: BGP distribute-list and ip-prefixlist [7:37059]

[Chuck]

a couple of quick thoughts:

""Joep Hoet""  wrote in message
news:[EMAIL PROTECTED].;
> From the BGP section in the BSCN course book I "understand" that
> IP-Prefixlist are essentially nothing but another method of reaching the
> same goal as a distribute-list, but with a better performance and a more
> convenient user-interface.

sure, that's one way of looking at it. make it easier for the folks at the
ISP's to do their job.

> So they are (except for performance) functional the same, and there
> would be no reason to use a distribute-list instead of a ip prefix list
ever.
>

think of distribute list as a sledge hammer and prefix list as a hammer and
chisel. You can attempt sculpture with both. one will get you different and
finer results than the other.


> I wonder whether this is also true in regards to on which interfaces they
> work on.
>
> Are IP-Prefix-lists indeed only used on incoming packets: so do they
filter
> on incoming routes only?

nope - in and out by neighbor

R8(config-router)#neigh 1.1.1.1 prefix-list qwerty ?
  in   Filter incoming updates
  out  Filter outgoing updates

>
> So, is it true than that IP-Prefix-lists are for filtering incoming
updates,
> and distribute-lists (I'm talking BGP only) are able to filter both on
> incoming and outgoing packets?

yep

>
> If so, is the matter of "better performance" for IP-prefix-list partly
> caused the fact that you don't hassle you router with packets you can kill
> on your incoming interface, which you can do with a outbound
distribute-list
> route filtering?
>

interesting question. my own ( ignorant ) opinion is that at this point it
comes down to the way a router/computer operates. I think the boolean
operation used against a prefix list is probably faster and less resource
intesive than a similar operation against a distribute list. why? If pushed
I would guess it has to do with the legacy coed in the IOS versus the new
code written around prefix lists. Cisco has some pretty sharp computer
science geeks running their code development.

consider that in order to filter so that I get just those routes with a 15
bit prefix, what I would have to do with a distribute list, versus what I
would have to do with a prefix list. the distribute list requires a
reference to an access list, which means an exra operation or two for each
line. a prefix list cab be operated on with just the one operation per line.


> Plz explain presumming only BGP knowledge at the BSCN/CCNP level.
>
> Thnx,
>  Joep




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37065&t=37059
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VLSM and CIDR [7:37031]

[Chuck]

interesting points, Andrew. makes sense. following are some of the lines
from the show ip protocol:

R8:

 Routing for Networks:
132.31.0.0
161.52.0.0
201.0.0.0

and R7:

Routing for Networks:
132.31.0.0
173.4.0.0
181.48.0.0
200.0.0.0

and the config entry:

router rip
 version 2
 redistribute connected metric 5
 network 132.31.0.0
 network 161.52.0.0
 network 201.0.0.0
 no auto-summary

while the network statement in CIDR form is accepted, still something
doesn't work.

note the existence of the two CIDR blocks 200.0.0.0 /8 and 201.0.0.0/8 since
a show ip route yields the proper mask on the interface:

C201.0.0.0/15 is directly connected, Loopback101
C96.0.0.0/4 is directly connected, Loopback1003
C203.0.0.0/8 is directly connected, Loopback1001
C129.0.0.0/12 is directly connected, Loopback1002

then the "problem" has to occur within the RIP process itself, and the
manner in which the subnet mask is extracted. OSPF appears to take the
information from the interface configuration. BGP uses the manually
configured network/mask statement. I did not test this, but when I have used
EIGRP in the past, I used the new notation available in 12.1 that allows
network x.x.x.x  y.y.y.y a la OSPF

So good call - looks like you nailed it.

Chuck

""Andrew Cook""  wrote in message
news:[EMAIL PROTECTED].;
> I duplicated this effect.  It seems the whole problem lies with RIP
network
> statements.  Although RIPv2 itself can carry classless info, the network
> statement to turn RIP on for an interface is classful.  Until Cisco allows
> the inclusion of netmask info in the network statement as they do for
other
> routing protocols, I would guess that redistribution is the only way to
make
> this work - and I'd wager that they aren't really devoting a lot of
> development time to RIP anymore!
> Incidentally, I created a supernet on a loopback with a /22 and then tried
> putting all 4 class Cs into RIP as networks to see if that would magically
> fix it - it did not.
> Can anyone confirm RIPv2 operation on other vendor equipment?  Does anyone
> allow a CIDR netblock as a native RIP interface without redistribution?
>
> PS - as to the need for RIPv2 on a modern network, I am still forced to
use
> it in many cases for MPLS/VPN.  The only routing choices to a CE router
are
> static, RIPv2, BGP, and OSPF.  OSPF is limited because each instance uses
up
> one protocol descriptor block (PDB), of which you can only have 32.
Static
> is easy for small customers, but larger ones will almost certainly require
> dynamic routing.  That leaves us the choice of BGP or RIPv2.  It all
depends
> on whether the end user is comfortable using BGP.  Almost everyone has set
> up RIP before, so it seems to be the catchall.
>
> Andrew Cook
>
> ""Chuck""  wrote in message
> news:[EMAIL PROTECTED].;
> > well, to continue to beat this dead horse ( like anyone cares about
RIPv2
> > CIDR anyway )
> >
> > Gateway of last resort is not set
> >
> >  172.17.0.0/24 is subnetted, 1 subnets
> > C   172.17.1.0 is directly connected, TokenRing0
> >  173.4.0.0/24 is subnetted, 1 subnets
> > C   173.4.57.0 is directly connected, Loopback0
> >  161.52.0.0/24 is subnetted, 1 subnets
> > R   161.52.1.0 [120/1] via 132.31.99.8, 00:00:24, Virtual-Access1
> >  132.31.0.0/16 is variably subnetted, 2 subnets, 2 masks
> > C   132.31.99.8/32 is directly connected, Virtual-Access1
> > C   132.31.99.0/24 is directly connected, Virtual-Access1
> > C192.168.0.0/24 is directly connected, Serial0
> > C192.168.1.0/24 is directly connected, Serial1
> > C200.0.0.0/8 is directly connected, Loopback101
> > R201.0.0.0/15 [120/5] via 132.31.99.8, 00:00:11, Virtual-Access1
> > R96.0.0.0/4 [120/5] via 132.31.99.8, 00:00:00, Virtual-Access1
> > R203.0.0.0/8 [120/5] via 132.31.99.8, 00:00:00, Virtual-Access1
> > R129.0.0.0/12 [120/5] via 132.31.99.8, 00:00:00, Virtual-Access1
> > C181.48.0.0/13 is directly connected, Loopback201
> > R7#
> >
> > note all the CIDR routes in the routing table, all learned via RIP.
> >
> > How?
> >
> > interface Loopback101
> >  ip address 201.0.0.1 255.254.0.0
> > !
> > interface Loopback1001
> >  ip address 203.0.0.1 255.0.0.0
> > !
> > interface Loopback1002
> >  ip address 129.1.1.1 255.240.0.0
> > !
> > interface Loopback1003
> >  ip address 100.1.1.1 240.0.0.0
> > !
> > router rip
> >  version 2
> >  redistribute connected metric 5
> >  network 132.31.0.0
> >  network 161.52.0.0
> >  network 201.0.0.0
> >  no auto-summary
&

Re: VoIP help... [7:36997]

[Chuck]

start interviewing consulting firms NOW! if you don't know where to begin,
bring in some experts to help you out.

you can start with your Cisco Account Team, who in turn should refer you to
one or more of their partners. If you check out Cisco's web site, you can
search for partners by location.

If you are in California, contact me off line. My employer would love to
talk to you.

Chuck



""Gunjan Mathur""  wrote in message
news:[EMAIL PROTECTED].;
> Hi Experts,
>
> My organisation is going for VoIP implementation, Can
> any one send me links & Docs for implementation of
> VoIP.
>
> TIA.
>
> It
>
> __
> Do You Yahoo!?
> Yahoo! Greetings - Send FREE e-cards for every occasion!
> http://greetings.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37117&t=36997
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VoIP problem [7:36396]

[Chuck]

a look at TAC error message decoder yields this result:

1. %VTSP-3-DSP_TIMEOUT: DSP timeout on event [dec]: DSP ID=[hex]: [chars]
A timeout on the digital signal processor (DSP) response has occurred.

Recommended Action: The DSP has been reset automatically. If the problem
persists, contact your Cisco technical support representative.

Related documents: No specific documents apply to this error message.

you need a CCO login to access this, I believe.

http://www.cisco.com/cgi-bin/Support/Errordecoder/home.pl


Seems to me that 12.2.4 rings a bell in terms of being just plain bad code.
Maybe an IOS upgrade ( or downgrade ) ?


""Patrick Donlon""  wrote in message
news:[EMAIL PROTECTED].;
> Hi all
>
> I've a problem with a voice router I'm getting DSP timeout errors on the
far
> end (egress) router and I was wondering if anyone has any ideas. See the
> text below for the error, it appears after the call is disconnected with
> "normal call clearing", we use E1s. A reboot will make the problem go away
> for a short while and we using 12.2(4)T on a 3640. The call routing is
fine
> and I can make csim calls from the far end router to my local router and
to
> my phone no problem, in the other direction I get DSP timeouts.
>
> Cheers
>
> Pat
>
> 10w5d: %VTSP-3-DSP_TIMEOUT: DSP timeout on event 0x6: DSP ID=0x1: DSP Disc
> (call mode=0)
> 10w5d: %VTSP-3-DSP_TIMEOUT: DSP timeout on event 0x6: DSP ID=0x1: DSP
error
> stats (call mode=1658181684), chnl info(1, 0, 0)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37118&t=36396
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF Question [7:37228]

[Chuck]

unless you are advertising a host route, I don't think there would be any
effect here. and to be truthful, I'm not sure that the routing process cares
one way or another so long as the particular router's LAN port is
functional.

the routing table would show that host route 172.20.10.1 is reachable via
network 172.20.10.0 as long as the router interface in network 172.20.10.0
is operational.

haven't tested, just thinking out loud.

Chuck



""Hunt Lee""  wrote in message
news:[EMAIL PROTECTED].;
> I believe someone might have mentioned this already but since I'm studying
> it right now I thought I'd ask again...  It would be greatly appreciated
if
> someone can shed some light on this.
>
> For OSPF, I understand that a "flapping" subnet will cause LSAs to be
> flooded throughout the internetwork at each state transition.  However, my
> question is:
>
> TCP / IP Vol1 by Jeff Doyle says if a subnet is summarized by a summary
> address, the subnet's instability will no longer be advertised.  But if
this
> is the case, then what happens if:-
>
> e.g.  Router A advertised a summary route (advertising subnet 172.20.10.0
> /24 to Router B.  Now if a host in that subnet (say 172.20.10.1 is
> bouncing) - if this instability is hidden by the summary route, does it
mean
> that Router B wouldn't realized that 172.20.10.1 is flapping, and
continues
> to forward packets to it?
>
> Please help...
>
> Best Regards,
> Hunt Lee




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37231&t=37228
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DHCP across PIX [7:37286]

[Chuck]

my curiousity has been piqued by this conversation. why would you want to do
DHCP across a firewall? wouldn't such a thing permit security breaches?

Am I correct that this would become a concern in a network where you have a
number of internal security zones ( research, sales, accounting departments
all within the same company ) and the members of those departments, although
firewalled from eachother, would still require DHCP for their addressing?

Was this the idea / design of the guy who asked the original question?

Chuck


""Kent Hundley""  wrote in message
news:[EMAIL PROTECTED].;
> You cannot.  The PIX does not support forwarding of DHCP requests (or any
> broadcast for that matter).
>
> Your only options are to hard-code your IP address or use the DHCP server
> built into the PIX.
>
> HTH,
> Kent
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> kenairs
> Sent: Tuesday, March 05, 2002 9:08 AM
> To: [EMAIL PROTECTED]
> Subject: DHCP across PIX [7:37286]
>
>
> Hi,
> My pc are located in one of the PIX interface. There is an DHCP server in
> the other interface.
> How to let the DHCP packet go through ? Broadcast ?
>
> Tks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37332&t=37286
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RIP issue :-) [7:37339]

[Chuck]

suppose you were to add a third router into the mix, and throw in some
loopbacks just for kicks

router_1---router_2router_3

same numbering scheme for the 1-2 link. bet router 3 would see the /30

or if you don't have a third router, just create a bunch of /30 loopbacks
out of the same major network. you'll see those /30s show up, providing you
have the "no auto-summary" engaged.

at present, there is no need for the rip process to differentiate since
there is only one network known to it, and that one is directly connected.

Chuck


""Stanzin Takpa""  wrote in message
news:[EMAIL PROTECTED].;
> I did the no auto-summary and also on ip classless, but the situation is
> same .
>
> stanzin
>
>
> -Original Message-
> From: Sean Knox [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, March 05, 2002 6:36 PM
> To: [EMAIL PROTECTED]
> Subject: RE: RIP issue :-) [7:37339]
>
>
> Rip is a CLASSFUL protocol... it can't utilize CIDR notation. Therefore,
rip
> sees your address as a class B address and will hence only use two octets
> for the network portion, regardless of any netmask you set. Hope this
helps.
>
> Sean
>
> -Original Message-
> From: Stanzin Takpa [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, March 05, 2002 4:59 PM
> To: [EMAIL PROTECTED]
> Subject: RIP issue :-) [7:37339]
>
>
> Hi !
>  I am enabling RIP b/w two p-to-p network /30. But the strange
> thing is ,when I say
> RouterA__.1/30___.2/30__RouterB
>
> router rip
> ver 2
> network 150.1.11.0
>
> and exec show runn, it is showing  the network as 150.1.0.0.
>
> Any comment on this...
>
> Stanzin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37362&t=37339
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: strange problem [7:37359]

[Chuck]

David Letterman's top 10 reasons this customer can't browse the internet:

10) aliens are abducting the packets

9) someone experimenting in Tessla physics has created a time warp nearby.
the packets will reach the internet tomorrow, or they may have been thrown
back in time and have arrived before the internet was created

8) Art Bell is talking about this phenomenon at this very moment on his
radio show

7)  the server is temperamental and would rather talk to other people than
your customer

6) through 2)   make up your own. I have to stop because I have finally
realized I will never have a successful career in comedy

1) there is an access list on the edge router that is wreaking havoc

my best guess, never having seen configs or traceroutes, etc

Chuck








""kaushalender""  wrote in message
news:[EMAIL PROTECTED].;
> Hi group
>
> I am facing strange problem one of customer whom we have given 128Kbps
> linkand connected on ppp ecapsulation. They r not able to browse the
> website.When i did traceroute and ping it was working fine and customer
> is able to reach the internet .But when i typed www.yahoo.com in the
> browser the browser was respoding "website found waiting for reply " and
> it keeps on waiting .Can somebody can help me in identifing that why
> http request is dieng or geting killed




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37363&t=37359
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: solution of strange prob [7:37377]

[Chuck]

hold on a second. let's get back to troubleshooting 101.

when a PC is plugged directly into the internet router, you have no problem
browsing.

if it is only one station that has the problem, that's a whole different
direction than if it is the whole site.

if you would be more specific about the problem, list all of the relevant
info, folks here are better able to help.

""kaushalender""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi group,
>
> In early post of mine.I have mentioned a problem of my customer who is
> not able to browse .Than i took a cross cabel and connected the router
> directly to the pc .In that case the browse is opening the website.Can
> some 1 help me how can i find that what is the problem which is stoping
> the browser to download the page into machine.how can i find bad network
> card into 150 pc lan .
>
> Thanx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37407&t=37377
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE program will be dropping token ring! [7:37422]

[Chuck]

be careful what you wish for..

better the devil you know than the devil you don't. ;->

I'm convinced the Cat 3920 was there just to screw with people. Now that
there are lots of practice racks, not to mention a very good software
simulator, Cisco will just go find some other piece of junk to throw a
monkey wrench into your network.

somebody else had the correct analysis. There's no big deal to configuring
token ring - or ethernet for that matter.

hmmm if I were Cisco, what would I do next? Maybe some things that
require more than one switch? maybe put in some different transport?




""Cisco Nuts""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> hoorraayyy!!
>
>
> >From: "William Gragido"
> >Reply-To: "William Gragido"
> >To: [EMAIL PROTECTED]
> >Subject: RE: CCIE program will be dropping token ring! [7:37422]
> >Date: Wed, 6 Mar 2002 12:52:08 -0500
> >
> >AWESOME
> >
> >-Original Message-
> >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> >Steven A. Ridder
> >Sent: Wednesday, March 06, 2002 10:44 AM
> >To: [EMAIL PROTECTED]
> >Subject: CCIE program will be dropping token ring! [7:37422]
> >
> >
> >I'm in a meeting with the CCIE program manager and they will be removing
> >Token-ring soon!
> >
> >--
> >
> >RFC 1149 Compliant.
> >
> >
> >""Scott H.""  wrote in message
> >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Not that bad.  A bunch of dates open in March and April in San
Jose--if
> >you
> > > can't do that, you are screwed until August.  The one thing that I
have
> > > noticed is that when people get within their 28 day window, they drop
> >their
> > > date.  This opens up dates for the more serious contenders.
> > >
> > > Best of luck!
> > > Scott
> > >
> > > ""AMR""  wrote in message
> > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > What's the wait time like nowadays?
> > > >
> > > > -A
> _
> Join the worlds largest e-mail service with MSN Hotmail.
> http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37506&t=37422
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Slightly OT: 6509 SFM and non fabric cards [7:37657]

[Chuck]

we have been having this debate internally. Take a 65xx box, throw in a
switch fabric module ( increase the back plane to 256 gig ) throw in a few
fabric enabled cards. life is good.

but later, you have need for a non fabric enabled card - say a flexwan
module or an IDS blade.

if I understand things correctly, doing so means that none of the line cards
can use the SFM, and that effectively the box is crippled, limited to the 32
gig native backplane.

http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/tech/hafc6_wp.htm

reading this document, it really is not clear what exactly happens. It notes
that with a mix of fabric and non-fabric cards, throughput is reduced from
30 mpps to 15 mpps. I think it says that the sup module will no longer use
the SFM.

what I am looking for is something definitive. if I buy a 6509, and my
requirement includes a non fabric enabled card, then there is no point to
buying the SFM?

I ask, because different Cisco sources keep telling me different things. Pre
sales tells me true - and the AM/SE team tells me false - that the SFM is
always used by the fabric enabled cards.

Parenthetically, it's stuff like this that makes Extreme and Foundry look a
lot better.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37657&t=37657
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Quality of Cisco exams [7:38063]

[Chuck]

FWIW, I know of plenty of people who made it to day two, and even into
troubleshooting, and came away empty.

I might agree with your point about technology, except that it should be
pretty apparent that certain technologies that Cisco deems important ( and
many of Cisco's large customers as well ) cannot be tested given the current
equipment and images. Nor are certain important and forward looking
technologies touched at all.

Yes the test is hard. Yes IMHO the one day lab is more difficult than the
two day lab because there are a number of things that used to be minor that
now have a lot more points associated with them.  But just because the test
is hard doesn't necessarily mean it's relevant.

Chuck


""Steven A. Ridder""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> The CCIE lab is just as difficult as before.  They just don't test you on
> troublshooting.  I once heard that no one who ever made it to the second
day
> failed.  I can't say that it's true, but I don't doubt it.
Troubleshooting
> and cabling isn't CCIE level stuff.  As for the old equipment, you aren't
> tested on the product line.  It's the technology that's important.
Dosen't
> matter what equipment it runs on.
>
> --
>
> RFC 1149 Compliant.
>
>
> ""Yahoudi""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > should anyone be surprised that Cisco too is becoming victim to the
> > certification craze?
> >
> > 1) cert tests for everything under the sun
> >
> > 2) reduction of the CCIE Lab from two days to one
> >
> > 3) obsolete and EOL'd equipment in the Lab
> >
> > 4) lower level tests that have too many filler questions centered around
> > marketing materials
> >
> > 5) poorly worded questions? sometimes I wonder if this is just the
excuse
> of
> > those who don't really know the materials, but since I know your work,
> > Robert, in your case I will accept your judgement on this
> >
> > It would be impossible for Cisco to test for everything out there - old
> and
> > new. The question becomes this: is any certification forward looking or
> > backwards looking? Face it, the whole reason for certification is for
> > companies to go to the marketplace and show potential buyers that if
they
> > buy a particular company's products, there are plenty of people around
who
> > can work on it. This goes for any technology - from Microsoft to Linux
to
> > Cisco to anyone. Certification is nothing more than a marketing tool,
and
> > one more means to help companies sell. If certification is too easy,
then
> > sure, there is some marketplace backlash, but if certification is too
> hard,
> > requires too much expertise, too much experience, then that has negative
> > effects as well.
> >
> > One would hope that being a beta test, Cisco would throw out a lot of
the
> > bad questions just because their analysis shows them as bad questions.
But
> > you never can tell. I sometimes suspect that Cisco deliberately keeps a
> > certain percentage of bad questions in their exams just so that you have
> to
> > be smarter than the average bear to pass, because you have to do so much
> > better with the remainder. Does that make sense?
> >
> >
> > ""Robert Padjen""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Greetings all -
> > >
> > > I have a discussion point that I am curious to get
> > > feedback on from the group. I recently took another
> > > Cisco certification exam (beta) and was amazed at the
> > > questions.
> > >
> > > For example, at least four questions regarded products
> > > that no longer exist - Cisco end-of-lifed them some
> > > time ago. Other questions included choices that don't
> > > exist - at least I am unaware of a (sic) series router
> > > for serial connections (it was a switch that does not
> > > have a WIC slot). Still more questions had no
> > > reasonable way to answer them without having
> > > previously read or learned specific Cisco materials.
> > >
> > > My observation is that this is bad for us as
> > > certification holders. And, since we pay for the tests
> > > and represent to our employers that they represent a
> > > certain level of professionalism, I think I have a
> > > real issue. The issues are not complaints regarding
> > > poor writing or syntax on the exam, although I am
> > > concerned about this for 

Re: Jr. CCIE Ad on Dice [7:38034]

[Chuck]

Let the company that has never done this cast the first denigrating
remark ;->




""Larry Letterman""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> In other words, do everything and get paid nothing..
>
>
>
> Larry Letterman
> Cisco Systems
> [EMAIL PROTECTED]
>
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Clayton Dukes
> Sent: Tuesday, March 12, 2002 10:40 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Jr. CCIE Ad on Dice [7:38034]
>
>
> I think the humor is that they are posting a position for a Junior role,
but
> requiring Senior skills...
>
>
> Clayton Dukes
> CCNA, CCDA, CCDP, CCNP, NCC
> ===
> Free Cisco Training http://www.gdd.net
>
>
>
> - Original Message -
> From: "Jason"
> To:
> Sent: Tuesday, March 12, 2002 8:57 PM
> Subject: Re: Jr. CCIE Ad on Dice [7:38034]
>
>
> > Not sure what's so funny about it ?
> > Looks fine to me.
> >
> >
> > ""Ken Diliberto""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > This is good for a laugh.  They are looking for a junior CCIE.
> > >
> > > http://www.dice.com/DandL/c/cxapga.35951.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=38161&t=38034
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Last question on OSPF point-to-multi nonbroadcast [7:38189]

[Chuck]

gives evil Lab Proctors another weapon to use against you where it counts
;->



""Cebuano""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
> Just a simple question.
> If OSPF subinterfaces in an NBMA default to "nonbroadcast multiaccess
mode",
> then what's the point of having "point-to-multipoint nonbroadcast"?
> I must be misreading something here.
>
> Thanks.
>
> Elmer




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=38193&t=38189
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Default Weight in BGP [7:38191]

[Chuck]

sorry about the non sequiter. one of those nights...



""Chuck""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> interesting way to put the question.  but..
>
> 172.16.0.0/12 and 192.168.0.0/16 are CIDR notation. any subnets within
those
> ranges would default to the classfull values based upon the first couple
of
> bits. remembering that 0 in the first position is class A, 10 in the first
> two positions indicate class B, and 110 in the first three positions
> indicate class C. RIP and IGRP are classful, and would note the classful
> values.
>
>
>
>
> ""Cebuano""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Another simple question for all BGP gurus.
> > What's the point of a Cisco router assigning a default weight of 32768
for
> > paths it originates?
> >
> > Thanks.
> > Elmer




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=38196&t=38191
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Default Weight in BGP [7:38191]

[Chuck]

interesting way to put the question.  but..

172.16.0.0/12 and 192.168.0.0/16 are CIDR notation. any subnets within those
ranges would default to the classfull values based upon the first couple of
bits. remembering that 0 in the first position is class A, 10 in the first
two positions indicate class B, and 110 in the first three positions
indicate class C. RIP and IGRP are classful, and would note the classful
values.




""Cebuano""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Another simple question for all BGP gurus.
> What's the point of a Cisco router assigning a default weight of 32768 for
> paths it originates?
>
> Thanks.
> Elmer




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=38194&t=38191
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RFC on Private IP Address v.s. RIP/IGRP [7:38190]

[Chuck]

interesting way to put the question.  but..

172.16.0.0/12 and 192.168.0.0/16 are CIDR notation. any subnets within those
ranges would default to the classfull values based upon the first couple of
bits. remembering that 0 in the first position is class A, 10 in the first
two positions indicate class B, and 110 in the first three positions
indicate class C. RIP and IGRP are classful, and would note the classful
values.

and my apologies for putting this answer into the BGP thread. The news
server ate my post, and..



""Cebuano""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Ladies and gents,
> If you are all aware of the RFC on Private IP Address allocation, it
> specifies
> that 172.16.0.0 uses /12 and 192.168.0.0 uses /16.
> Now does this mean our old friends RIP and IGRP are "aware" of this when
they
> perform the "First-Octet Rule" to apply the mask for these network ranges
> accordingly?
>
> Please someone clarify this subtle issue.
> Thanks.
>
> Elmer




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=38195&t=38190
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Off Topic - Riddle - "The Obvious Question" [7:38336]

[Chuck]

this is not one of those "I have a customer" questions, although "I have a
customer" is the starting point.

A couple of years ago a small college installed a new cable plant consisting
of fiber for data and copper for analogue phones between their main telco
closet and a couple of dormitories. there are currently a total of 80
analogue phones in the dorms. The idea was that dorm occupants would arrange
for their own telephone service, and use an analogue phone to connect to the
telco.

Well, room mates being what they are, the college decided that rather than
continually break up fights resulting from disputes over telephone usage and
payment, they would provide the means for two phones per room rather than
one.  Ah, but there is only enough copper between the buildings to
accommodate one phone per room. What to do.

the customer's question to me - can he use the existing fiber to transport
the analogue signal to the main telco closet?

Well, I merrily mulled this over, and came up with a number of very clever
solutions. But after having completed the work, it occurred to me that
because I was so jazzed at trying to come up with a solution, I neglected to
ask a very important question.

So today's quiz, for all you techno gurus - what is the question I neglected
to ask?

for extra credit - why is that question so important?

Hint - consider the ways one might convert analogue to optic.

Chuck




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=38336&t=38336
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Off Topic - Riddle - "The Obvious Question" [7:38336]

[Chuck]

oh all right, if you insist

after pricing out the several options I came up with, it occurred to me that
I should have asked "how much will it cost you to pull new copper to the
buildings?"

BTW, the answer was 20,000.

For those of you who have priced out VoIP, AVVID, or FXS ports, you get the
idea.

Chuck



""Steven A. Ridder""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> You could have asked what grade copper.  If it's 2 strand cat 3, you're
sol,
> but if they did cat5, you have plenty of pairs.  If you started to get
into
> fiber cans to conver the signal you're getting too expensive.  It would
have
> been cheaper to just run some more wire in the conduits between the
> buildings.
>
> --
>
> RFC 1149 Compliant.
>
>
> ""Chuck""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > this is not one of those "I have a customer" questions, although "I have
a
> > customer" is the starting point.
> >
> > A couple of years ago a small college installed a new cable plant
> consisting
> > of fiber for data and copper for analogue phones between their main
telco
> > closet and a couple of dormitories. there are currently a total of 80
> > analogue phones in the dorms. The idea was that dorm occupants would
> arrange
> > for their own telephone service, and use an analogue phone to connect to
> the
> > telco.
> >
> > Well, room mates being what they are, the college decided that rather
than
> > continually break up fights resulting from disputes over telephone usage
> and
> > payment, they would provide the means for two phones per room rather
than
> > one.  Ah, but there is only enough copper between the buildings to
> > accommodate one phone per room. What to do.
> >
> > the customer's question to me - can he use the existing fiber to
transport
> > the analogue signal to the main telco closet?
> >
> > Well, I merrily mulled this over, and came up with a number of very
clever
> > solutions. But after having completed the work, it occurred to me that
> > because I was so jazzed at trying to come up with a solution, I
neglected
> to
> > ask a very important question.
> >
> > So today's quiz, for all you techno gurus - what is the question I
> neglected
> > to ask?
> >
> > for extra credit - why is that question so important?
> >
> > Hint - consider the ways one might convert analogue to optic.
> >
> > Chuck




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=38417&t=38336
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Layer 3 switch ? [7:38358]

[Chuck]

so if I enable IRB on my 2501, I now have a layer 3 switch? ;->


""mlh""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> According to Clark's Cisco LAN Switching(page 452 ),
> layer 3 switching techniques can be grouped
> into two categories:
> Routing switches
> Switching routers
>
> mlh
>
> - Original Message -
> From: "Larry Letterman"
> To:
> Sent: Friday, March 15, 2002 2:48 AM
> Subject: RE: Layer 3 switch ? [7:38358]
>
>
> > A true router, 2621/3640/7200, is not usually considered
> > a L3 switch. A 6500 with an MSFC module installed can be
> > is a L3 switch and will perform L2/L3 routing and switching.
> >
> > A 6500 without the MSFC module is just a large high speed switch,
> > capable of only L2 switching.
> >
> > A layer 3 switch usually routes the first packet in the flow of data
> > and then switches the rest in the switching hardware. This is why L3
> > routing/switching is quite a bit faster. A traditional router will use
> > IOS software to determine routes and the switch each packet between the
> > interfaces in the router.
> >
> >
> > Larry Letterman
> > Cisco Systems
> > [EMAIL PROTECTED]
> >
> >
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > John Green
> > Sent: Thursday, March 14, 2002 10:50 PM
> > To: [EMAIL PROTECTED]
> > Subject: Layer 3 switch ? [7:38358]
> >
> >
> > Is it ok to refer to a "router" as a Layer 3 switch ?
> >
> > cisco 6500 was referred to as a Layer 3 switch.
> >
> > question: does it(6500) have routing capabilities ?
> > -
> >
> > to connect to different vlans one needs a router.
> > right ?? (as shown below)
> >  switchA ROUTER---switchB
> >
> > but say some nodes connected to switchB are on the
> > vlan of switchA. so now to connect switchA and switchB
> > can router be ok ?
> > --
> >
> > __
> > Do You Yahoo!?
> > Yahoo! Sports - live college hoops coverage
> > http://sports.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=38418&t=38358
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: about routing protocols [7:38393]

[Chuck]

OSPF, BGP, and EIGRP send updates only upon initializing or when there have
been changes ( new routes added, old routes deleted ) therefore they do not
advertise "periodically", which implied predictable regularity


""John Green""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> C and D (info about links and routes) is always true
> for all routing protocols because that is what is
> routing is all about.
>
> A (periodic updates): RIP does that for sure. not sure
> for ospf and bgp.
> B: hello mechanism...  not sure if all do, but i guess
> it is true as well (guess though)
>
>
> --- mlh  wrote:
> > Hi, there,
> >
> > The following question has been given a reference
> > answer : ABCD
> > But I am not sure: All routing protocols update
> > periodically?
> > All of them send hello message? what is the
> > difference between
> > information about links and routes?
> >
> > What are some characteristics of routing protocols?
> >
> > A - Send periodic updates.
> > B - Have a separate hello mechanism.
> > C - Exchange information about links.
> > D - Exchange information about routes.
> > E - No answer is correct
> [EMAIL PROTECTED]
>
>
> __
> Do You Yahoo!?
> Yahoo! Sports - live college hoops coverage
> http://sports.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=38441&t=38393
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OFF TOPIC - Politics on list [7:38445]

[Chuck]

OK that does it.

Your friendly moderator is now deleting out of hand any political opinion
post in the moderator's queue

Not all such messages hit the queue, of course, but any that do - PLONK!

there are plenty of newsgroups where this discussion is more appropriate.

Paul - want to set up a filter blocking the "American need to think" thread?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=38445&t=38445
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Policy routing - interface or subinterface? [7:38528]

[Chuck]

Just verifying something I am seeing in my lab.

All examples of policy routing that I can find, both in Doyle and on CCO,
show policy routing as taking place on the physical interface. I can find no
examples indicating that policies can be set on a subinterface.

However, I am finding in my lab that separate policies can indeed be set up
on different subinterfaces.

Any comments from the field, based either on real world or lab rat
experience?

( and yes, I have a customer, and I am testing this because I did the design
before I studied the feasibility :->  )

Chuck




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=38528&t=38528
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Off Topic - Riddle - "The Obvious Question" [7:38336]

[Chuck]

A wise person once told me that it takes three things to make a project
possible. It must be technically feasible, politically feasible, and
financially feasible.

The small college in question in this case has no interest in doing anything
except providing the means for students living in dormitories to have POTS
in their rooms  ( no cracks from you dopers! ) They wanted a cheap way to
double the number of POTS phones without having to pull new copper.

So in terms of VoIP proposals, numbers two and three just weren't there. Not
when they can pull copper for 20K and the best I could come up with on the
VoIP side weighed in at around 100K. A full blown AVVID came in at around
175K, and did not include the monthly recurring for some ISDN PRI's for PSTN
connectivity. Not to mention that now the college would have to take
responsibility for billing.

BTW, anyone worked with the VG248 box? I got mixed signals from Cisco about
whether or not this box had to work in conjunction with a Call Manager, or
if it could be used in conjunction with a router, thus providing 48 FXS
ports for router to router VoIP.

Chuck


""Hartnell, George""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Interesting, sometimes the obvious can be elusive.  "Pull more copper", is
> the obvious.  Depending upon the telco layout, of course.
>
> But, like many of Chuck's musings, this brings up some more "real world"
> questions.
>
> Given: Investment in analog/digital cu based phone sets at buildings.
>A score, or more, of PBX's currently on telco copper.
> New fiber to each PBX building for voice and data. (6 strands, sm)
>
> What transport over that fiber would be most cost-effective in the near
> term?
> How about the longer-term?
> Where would convergence fit in the calculations?
>
> Let'see.  Fiber T1 modems are simple, easy.  Pluses.  Minus?  Old
> technology, difficult for data guys to manage well, no convergence factor.
>
> IP transport for telephones over the fiber pair.  Pluses, data guys
> understand IP, ok convergence path.  Bit more costly, currently, though.
>
> True VoIP.  Haven't heard really glowing reports from large scale, lower
> budget, institutions,...yet.  "The" convergence path.  Costly.  Throw out
> yer copper investment(s).
>
> Of course this is not an exhaustive discussion.  Just a number of ways
> 'round the communications barn.
>
> Best, G.
> VP OGC
>
> >
> > Subject: Off Topic - Riddle - "The Obvious Question" [7:38336]
> >
> > Hint - consider the ways one might convert analogue to optic.
> >
> > Chuck




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=38532&t=38336
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Policy routing - further tidbits [7:38551]

[Chuck]

Should be obvious when considered logically. But one can never trust logic
when it comes to how things work

Policy can be applied on a subinterface by subinterface basis.

Policies applied to the physical interface have no effect on traffic
arriving via the subinterface

Policies do not apply to traffic for which the interface / subinterface are
the end points. e.g. routing protocol updates.

Therefore, policies behave slightly differently than do access-lists, and
one should use the different tools differently, depending upon the desired
outcome.

Obvious stuff, but not necessarily covered specifically in the study
material.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=38551&t=38551
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Free Router Security Guide [7:39511]

[Chuck]

links to which may be found here:

http://www.ciscoworldmagazine.com/newsflash2/2002/02/22_routersecy.shtml

the eventual PDF file is a bit over 2 megs. contains a rudimentary intro to
routers, networking, and OSI. ( I can't help but wonder what PO, HCB, and
others would think of part 1 ) and an interesting and lengthy coverage of
router security, router security policy. There are sample configurations,
explanations of what and why. Yes, very Cisco-centric, although ostensibly
this is a US Gov. NSA document. Still, much of the information can be
applied to non-Cisco router vendors, if there are any left. ;->

There are a few other security assessment tools that can be found through
this link as well.

Enjoy.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=39511&t=39511
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Where do I start? [7:39553]

[Chuck]

Said the caterpillar to Alice "One should begin at the beginning"  ;->

depending upon your current level of expertise, I would say that any of the
books out there are as good as any other. Unfortunately, if you have the
level of understanding that I did, for example, of OSPF, then you just have
to keep reading and keep banging out things on routers. sooner or later it
begins to sink through. If you don't have routers, you can rent time at any
of several places. I wish the gettcomm was operational, because I found
their rack rental approach well suited for beginners. maybe soon?

keep reading groupstudy. I can't tell you how much this newsgroup has
contributed to my understanding. lots of good folks happy to help.

best wishes to you.

Chuck


""Yomi Thomas""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi Guys,
> I'm just about to start climbing the CCNP ladder and I need suggestions.
> What books to start reading etc. Some friends are saying the BCSN Cisco
> press books are too confusing and I'm more better of using other authors.
> Any suggestions please?!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=39594&t=39553
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: subinterface in ospf [7:39029]

[Chuck]

inverse arp does not apply. that is, when you invoke the frame-relay
interface-dlci command, this overrides inverse arp for that particular dlci.
other dlci's might still be mapped via inverse arp ( to the physical
interface )

this command is REQUIRED on point to point subinterfaces.


""cage""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> when using the command frame-relay interface-dlci XXX in point-to-point
> subinterface, does it mean the inverse-arp to map the remote ip to the
local
> dlci dynamicly?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=39614&t=39029
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]