Way to filter out the "Emotional" emails [7:60267]
Hey folks, I'm sure someone has some hints on how to better keep the "good technical" emails from this study group in my INBOX, and filtering out the "overly emotional" emails that people send on a daily basis. That stuff clutters my inbox and I end up wasting precious time reading them. Please send any useful utilities/information to me on how to do this. Nuff said, sorry for adding to the clutter. -D- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60267&t=60267 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Route Map Question [7:60263]
Hello, Had a question and been trying to figure this one out for a while now. I have a router with an internal 205.10.1.0/24 network hanging off of fa0/0 and external connection to lots of other networks that start with 205. I want to create a 205.0.0.0/8 static route pointing everything to the external gateway router, but will have problems when sending to an external network (205.10.50.0/24) because the longest matched route will come up as the internal 205.10.1.0 network's route, not the 205.0.0.0 static route. I need to force the packet to route through the 205 static route IF it does not match the internal network. How would I do this with a route-map? NOTE: I need the route-map to check the dest.IP and IF it is not destined for the 205.10.1.0 subnet then send it to the upstream default gateway. Mahalo for your help, Daren Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60263&t=60263 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Question regarding performance and Route-Maps [7:59766]
Fellow Ciscoers, Anyone have any idea on the performance hit for a cisco 3660 using route-maps instead of routing using static routes? I have 200+ routes that I would like to compile into one route-map with 3 match statements instead. Is there an equation that would tell me how much slower (pps) my data will route when using a route-map instead of static routes. Does such an equation exist? Mahalo, Daren Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59766&t=59766 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
EBGP and ip unnumbered [7:57901]
Folks, Anyone have any sample configs of 2 peers doing EBGP with both interfaces using ip unnumbered and pointing to loopback addresses? I don't even know if this can be done. Daren Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57901&t=57901 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
frame relay switching [7:56918]
Hi everyone, Was wondering if anyone hasd a sample config for doing frame relay PVC switching on a multiple serial interface router. Example would be a cisco 2523 router with port s0/0 supporting PVC/DLCI 100/200 and switching PVC 100 to s0/1 and PVC 200 to s0/2. I know there is a frame-relay switching command, but don't know how to use it. Your help is appreciated. Mahalo, Daren Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56918&t=56918 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Connecting 2 routers using modems through the aux ports [7:56340]
Folks, Any router configs for 2600's hooking up through POTS with modems and doing PPP. Or config of Win2k w/dial up modem connecting to 2600 w/modem aux port. Daren Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56340&t=56340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Dial into aux port using modem and windows 2k w/modem [7:56339]
Folks, Trying to look for configs for 2600 router. Using win2k PPP with no authentication to dial into aux port on router through phone line. Dials up to modem, but nothing after that. Daren Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56339&t=56339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Would this break the NDA [7:55799]
It's HYPERTERMINAL!!! -Original Message- From: [EMAIL PROTECTED] [mailto:nobody@;groupstudy.com]On Behalf Of Kaminski, Shawn G Sent: Thursday, October 17, 2002 9:53 AM To: [EMAIL PROTECTED] Subject: RE: Would this break the NDA [7:55799] No, I don't believe it breaks the NDA. It's not any different than knowing what equipment is in the lab, which is spelled out for everyone right on Cisco's website. I've heard it was Reflections or Hyperterminal. I don't know because I haven't taken the lab yet, but I would like to know just out of curiosity. If you feel comfortable telling us, please do! Shawn K. > -Original Message- > From: "B.J. Wilson" [SMTP:[EMAIL PROTECTED]] > Sent: Thursday, October 17, 2002 11:41 AM > To: [EMAIL PROTECTED] > Subject: Re: Would this break the NDA [7:55799] > > I haven't taken the lab yet, but I look at it this way: would answering > someone else's question about the lab environment be worth the price of > never > being allowed to take the lab again? :-) > > BJ > > > > On Thu, 17 Oct 2002 15:09:43 GMT Thomas Crowe wrote: > > > I remember a while back I had the question of > > which terminal emulator is > > being used for the CCIE lab. Well after taking > > the Lab (and yes I was > > honored with an invitation to come back and try > > again one day soon :-o ) I > > now definitively know the answer to this > > question. As I recall others also > > had this question, in trying to avoid a flaming > > war, what is the group's > > consensus on this. Do you feel that it would > > violate the NDA to disclose > > this information, it doesn't address any of the > > technical content of the lab > > (and NO I will not disclose any of those, so > > please do not ask) so I don't > > feel that it would. This is simply an effort > > to help out some people with > > their studying efforts so that they are not > > wasting time getting accustomed > > to a new and totally different terminal > > emulator. > > > > __ > > > > Thomas Crowe > > Senior Systems Engineer / Senior Architect > > EMC Proven Master Architect > > EMC Proven Master Operator > > CTS Professional Services - Atlanta > > __ > > > > [GroupStudy.com removed an attachment of type > > text/x-vcard which had a name > > of Thomas Crowe.vcf] > > to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55835&t=55799 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ATM Problem [7:55238]
If these are indeed PVP's being supplied, then you should be able to check PNNI to make sure everyone sees each other. You PNNI masking may be off, double check everyone has the same PNNI level mask applied to the NSAP Nodes. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Smith Sent: Wednesday, October 09, 2002 5:37 PM To: [EMAIL PROTECTED] Subject: RE: ATM Problem [7:55238] Eric, I appreciate your help. SITE A--PINGS ALL SITES SITE C-- PINGS ALL but "new site" NEW SITE--PINGS SITE A ONLY -Original Message- From: Erick B. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 09, 2002 8:30 PM To: Bill Smith; [EMAIL PROTECTED] Subject: RE: ATM Problem [7:55238] Bill, No problem. Well, lets start by trying to ping sites a, b and C from the new sites router console/telnet session. This way the ping is direct. If were able to do this then the PVC and map-list entries are correct. If the above doesn't work, then you'll need to verify the carrier has the PVCs mapped end-to-end correctly in their network. The ATM physical circuit might be fine and dandy but if they have multiple ATM switches this goes through and they have a mis-match in their PVC mappings then it isn't going to work. HTH, Erick --- Bill Smith wrote: > Eric, > > Thank you for your response. It was a typo on my > part entering the > information in the posting. The map-list in the > router does have the > correct IP address. > I have defined (many times) the additional PVC's on > the "NEW SITE" > router/map list without any success. I apologize, I > should have stated > that in my previous posting. > > I inserted the neighbor statements in the OSPF > process, but no success. > THE SHOw IP OSPF Neighbor statement shows > ATTMPT/DROTHER for site "c" > but eventually shows as being down. Also, I > receive a message on the > "new site" router " sent youngest key0".. > > Thank You for your assistance.. > > > -Original Message- > From: Erick B. [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, October 09, 2002 7:58 PM > To: Bill Smith; [EMAIL PROTECTED] > Subject: Re: ATM Problem [7:55238] > > Hi, > > The New site has 2 ATM PVCs defined, with a ip entry > mapped to site A and C. Site C has a typo under it's > map-list for the new site, going to 192.58.135.68 > instead of 192.68.135.68. New site has no PVCs for > site B yet configured. > > Also, this is multipoint non-broadcast interface so > under OSPF you will neighbor statements. > > HTH, Erick > > --- Bill Smith wrote: > > Greetings, > > > > I have a problem/question regarding a current ATM > > Circuit. Currently, > > our ATM cloud connects 4 of our sites. We > > submitted an order to add > > another site into the cloud. The telco provided > the > > vpi's but only two > > sites communicate. > > > > > > Site C > > | > > | > > | > > Site A--- ATM CLOUD Site > B > > | > > | > > | > > NEW Site > > > > Sites a, b, & c communicate correctly. The "NEW > > Site" was added but > > (pvc's to all sites), but will only communicate > with > > Site A. Teloc has > > checked the VPI's and insists they are correct. > > Which brings up another > > strange item--All the VPI's were the same: > > > > New site > > Originating Destination > > 90 90 > > 100 100 > > 80 80 > > > > I have never noticed VPI's being the same on both ends,,Does this > > sound correct? > > > > OSPF is the routing protocol. But only "new site" > > and site a exchange > > info. > > > > Site A > > interface ATM5/0/0 > > ip address 192.68.135.66 255.255.255.240 > > ip pim sparse-mode > > ip ospf authentication-key 7 05180702014D43 > > ip ospf network non-broadcast > > map-group TEST > > atm pvc 1 35 40 aal5snap > > atm pvc 2 36 50 aal5snap > > atm pvc 5 95 95 aal5snap > > atm pvc 6 80 80 aal5snap > > no atm ilmi-keepalive > > > > map-list TEST > > ip 192.68.135.65 atm-vc 1 > > ip 192.68.135.67 atm-vc 2 broadcast > > ip 192.68.135.68 atm-vc 5 broadcast > > ip 192.68.135.68 atm-vc 6 broadcast > > > > > > > > NEW Site > > interface ATM3/0 > > ip address 192.68.135.68 255.255.255.240 > > ip ospf authentication-key 7 05180702014D43 > > ip ospf network non-broadcast > > map-group TEST > > atm pvc 1 95 95 aal5snap > > atm pvc 2 100 100 aal5snap > > no atm ilmi-keepalive > > > > > > map-list TEST > > ip 192.68.135.66 atm-vc 1 broadcast > > ip 192.68.135.65 atm-vc 2 broadcast > > > > > > > > > > Site C > > interface ATM1/0/0 > > ip address 192.68.135.65 255.255.255.240 > > ip ospf authentication-key 7 010007097B0A0B4F > > ip ospf network non-broadcast > > map-group TEST > > atm pvc 1 40 40 aal5snap > > atm pvc 2 1
RE: How to restrict hubs in a LAN [7:54937]
Isn't there a limitation on the number of MACs that a port will handle? Won't hubs share all those macs with each port, and possibly cause the max limit to be reached? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, October 07, 2002 8:20 AM To: [EMAIL PROTECTED] Subject: Re: How to restrict hubs in a LAN [7:54937] David j wrote: > > See inline.. > Chuck's Long Road wrote: > > > > as much of a rulemeister as I am, I still have to look at this > > from the user > > standpoint. Why are users throwing their own hubs onto the > > network? Is there > > a business case to be made? Is facilities too slow getting > > requested cable > > pulls done? > > > > what is the concern with a user plugging a hub in at the desk > > and then > > connected a couple of extra PC's? if the problem is one of > dual > > homing by > > accident or otherwise, I can see the issue with spanning tree > > recalculations. But in a single home situation, what do you > > see as the > > issues? > > > > I see one issue: collisions, if you have a switched network you > don't want to deal with collisions that hubs normally produce. > I have to recognize, though, that hubs sometimes are very > convenient and I'm the first on using them. Collisions are only a problem for the hubbed network that the user made for him/her self. The switched network is isolated from the collisions (with the exception of the one switch port that connects the user's hub). I say, let 'em do it! What's the harm? Don't you have way more bandwidth than you need anyway?? ;-) A lot of companies do. Reference the disussion of Cisco stock. Nobody's buying, because, guess what, we don't need it!?? Tech support is an issue, though, of course, for example, the user that is clueful enough to know he/she needs a hub but not clueful enough to select the right cable (x-over versus s/t) and duplex mode. Well a hub should defaul to half, but a lot of devices that are marketed as hubs are really switches or bridges. But could you say they aren't supported rather than out right disallowing them? Is there a comprosmise somewhere?? ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com > > > when you say that "politically, it's a mess" what does that > > mean? high > > powered sales people throwing their weight around? management > > does not > > respect your input or concerns? something bad is happening, > and > > it's rolling > > downhill? > > > In some environments it's politically unacceptable, I know some > hospitals in which you have to fill in a lot papers before > being allowed to use a PC, so in that environments this could > perfectly be part of the policy. > > > I'm not questioning the wisdom or the necessity for doing what > > others have > > suggested. I'm just wondering why it is necessary for the > > network manager / > > network staff to unilaterally cut off user access. > > > > > > > > > > ""John Zaggat"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Thanks guys that's pretty good information, but do you think > > in your > > opinion > > > is that good approach to deal with this problem. Do you see > > any caveats > > and > > > are there any other ways this can be dealt with. > > > ""Kevin Wigle"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > take a look into Port Security. > > > > > > > > > > > > > > http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration > > > > _guide_chapter09186a008007f2dd.html > > > > > > > > In the event of a security violation, you can configure > the > > port to go > > > into > > > > shutdown mode or restrictive mode. The shutdown mode > option > > allows you > > to > > > > specify whether the port is permanently disabled or > > disabled for only a > > > > specified time. The default is for the port to shut down > > permanently. > > The > > > > restrictive mode allows you to configure the port to > remain > > enabled > > during > > > a > > > > security violation and drop only packets that are coming > in > > from > > insecure > > > > hosts. > > > > > > > > Kevin Wigle > > > > > > > > > > > > - Original Message - > > > > From: "John Zaggat" > > > > To: > > > > Sent: Saturday, October 05, 2002 5:01 PM > > > > Subject: How to restrict hubs in a LAN [7:54937] > > > > > > > > > > > > > I am just trying to think of how to restrict Hubs from > > being used in > > the > > > > > LAN. Politically it's a mess and despite a lot of > > discussions certain > > > > people > > > > > are able to add hubs at will where ever they want. So I > > was trying to > > > > think > > > > > of a way to stop that within the switch. Now normally > > these ports that > > > the > > > > > hubs are connected to show several mac addresses when I > > do "show cam" > > > > which > > > > > gives me an idea is there any way to restrict host ports > > to only > > accept > > > > one > > > > > mac-addr
Anyone know how to tell the difference? [7:54972]
Group Studiers, Anyone know how to tell the difference between a 1720 and 1721 router? Will it show up on a "show ver" that it is a 1721 vice 1720? Is there something different as far as visually? Thanks in advance, Daren Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54972&t=54972 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How to restrict hubs in a LAN [7:54937]
John, You can enable port security on the switch ports to only allow a specific # of macs. See below: LILO#config t Enter configuration commands, one per line. End with CNTL/Z. LILO(config)#int fa0/1 LILO(config-if)#port ? block Forwarding of unknown uni/multi cast addresses group Place this interface in a port group monitorMonitor another interface networkConfigure an interface to be a network port protected Configure an interface to be a protected port security Configure an interface to be a secure port storm-control Configure storm control parameters LILO(config-if)#port security ? action action to take for security violation aging Enable Port-security aging max-mac-count maximum mac address count LILO(config-if)#port security max-mac-count ? Maximum mac address count for this secure port LILO(config-if)#port security max-mac-count 1 LILO(config-if)#port security action ? shutdown shut down the port from which security violation is detected trap send snmp trap for security violaiton LILO(config-if)#port security action shutdown Hope this helps, Daren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Zaggat Sent: Saturday, October 05, 2002 11:02 AM To: [EMAIL PROTECTED] Subject: How to restrict hubs in a LAN [7:54937] I am just trying to think of how to restrict Hubs from being used in the LAN. Politically it's a mess and despite a lot of discussions certain people are able to add hubs at will where ever they want. So I was trying to think of a way to stop that within the switch. Now normally these ports that the hubs are connected to show several mac addresses when I do "show cam" which gives me an idea is there any way to restrict host ports to only accept one mac-address. I don't want to hardcode the mac-address because that would be too much a administrative burden. But if I could restrict the port to accept just one mac-address then that will make these hubs useless. Well anyways let me know if I am way off here but are there any other tricks in use by any of you guys. I'll appreciate any pointers. JZ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54939&t=54937 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Extended Vlan across Wan [7:54866]
Chuck, I agree with you. I worked for FORE Systems doing nothing but ATM to the desktop for 4 years before moving to a company with all cisco. Not much harder to understand, as long as you understand basic networking fundamentals and the fact that these are just 2 different technologies that have their place in the network. Daren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chuck's Long Road Sent: Friday, October 04, 2002 7:28 AM To: [EMAIL PROTECTED] Subject: Re: Extended Vlan across Wan [7:54866] This thread brings to mind a question I've had for a while. It appears sometimes that a lot of people think ATM is difficult to understand, implement, support. Why is it that? My ( albeit limited ) exposure to ATM from the customer side is that ATM is basically every bit as easy to set up and run on your typical WAN as frame relay. Yes there are some additional bells and whistles which can become complex as you do more complex things. And obviously, complex corporate networks might make use of a lot more ATM specific features. But in general, you set up the PVC's, configure the IP address ( or enable bridging ) and do everything else pretty much the same was as you do with frame relay. Any thoughts? Chuck -- TANSTAAFL "there ain't no such thing as a free lunch" ""M.C. van den Bovenkamp"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Daren Presbitero wrote: > > > Couldn't you bridge the VLAN's into an ATM 1483 bridged PVC, point to > > point across the WAN at both ends? > > That's how I did it when I had the need. > > Regards, > > Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54920&t=54866 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Extended Vlan across Wan [7:54866]
Couldn't you bridge the VLAN's into an ATM 1483 bridged PVC, point to point across the WAN at both ends? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of gladston vidali Sent: Friday, October 04, 2002 4:05 AM To: [EMAIL PROTECTED] Subject: Extended Vlan across Wan [7:54866] Hi Guys, Could you give me your opinion about the following ? What is the best technology nowadays to extend Vlans across a ATM Wan backbone ? -- __ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup "Free price comparison tool gives you the best prices and cash back!" http://www.bestbuyfinder.com/download.htm Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54893&t=54866 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Strange behaviour for 2600 tftpdnld - anyone else has [7:54892]
I just encountered this problem with 12.1 also on a 2600. The way I got it to work was by setting the "TFTP_CHECKSUM" variable (I think that's what it is called) to the value of 0. It worked after this. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Chuck's Long Road Sent: Friday, October 04, 2002 5:03 AM To: [EMAIL PROTECTED] Subject: Re: Strange behaviour for 2600 tftpdnld - anyone else has [7:54871] I encountered something similar with IOS 12.1.10 enterprise on the 2500 series. I reported it to Cisco and posted something on the list here a month or two back. There is a bug in some of the 12.1 codes. ""Andrew Larkins"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > > I was upgrading some 2600's yesterday with new flash and DRAM. The > router boots up into rommon mode correctly. All the TFTP variables are > then set and the code uploaded. Problem is that when the code is > finished I > get an error about invalid checksum. Downloaded some new code and same > results. Eventually, through sheer frustration I tried IOS 11.3 IP > only. This worked. > I then reloaded the router for the new code to take effect. I was now > able to upload the IOS 12.2.12 that I was originally trying. Worked > perfectly. Routers are 100% stable. > > Anyone else have problems like this?? > > Andrew Larkins > BCom, CCNP, CCDP > Bytes Technology Networks > A Division of the Bytes Technology Group > A Member of the Altron Group > www.btgroup.co.za > visit the press office @ www.itweb.co.za/office/bytes > > Tel : +27 11 800 9336 > Fax : +27 11 800 9496 > Mobile : +27 83 656 7214 > Email : [EMAIL PROTECTED] > OR [EMAIL PROTECTED] > > "This e-mail and its attachments may contain information that is > confidential and that may be subject to legal privilege and copyright. > If you are not the intended recipient you may not peruse, use, > disclose, distribute, copy or retain this message. If you have > received this message > in error, please notify the sender immediately by e-mail, facsimile or > telephone and return and thereafter destroy the original message. > > Please note that e-mails are subject to viruses, data corruption, > delay, interception and unauthorised amendment, and that the sender > does not accept > liability for any damages that may be incurred as a result of communication > by e-mail. > > No employee or intermediary is authorised to conclude a binding > agreement on > behalf of the sender by e-mail without express written confirmation by > a duly authorised representative of the sender. > > By transmitting this e-mail message over the Internet the sender does > not intend to allow the contents hereof to become part of the public > domain, and > the confidential nature of the contents shall not be altered or > diminished from by such transmission." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54892&t=54892 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF for ISPs [7:54540]
What about using default routes at the customer sites? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Peter van Oene Sent: Friday, October 04, 2002 5:17 AM To: [EMAIL PROTECTED] Subject: Re: OSPF for ISPs [7:54540] At 07:12 PM 9/30/2002 +, MADMAN wrote: >Interesting. I don't work for an ISP bt have worked with many and I >have only ran into one that ran an IGP with it's customers and I was >suprised. My ancedotal evidence suggests that the vast majority either >run BGP or statics to announce customer networks. I know there are >plenty of ISP engineers out there and can confirm/rip my conjecture ;) > > Dave Best practises would dictate the use of static or a distance vector variant IGP for customer connections. The lack of import filtering capability in Link State protocols presents a very dangerous situation for the ISP. In general, ISP's are very paranoid about customers (and peers/providers alike) and take all means necessary to protect themselves from misbehaving external peers (IP peers in this general case) BGP naturally provides the most policy rich tool set for those applications where static routing will not suffice. I find RIP to be a comfortable variant for those multihomed customers who simply will not turn up BGP, though I'd still prefer to have the BGP discussion one last time with them prior to doing using it. Of course, linking one's main IGP to a customers is a really silly idea which I think everyone grasps ;) >Mike Bernico wrote: > > > > I'm not sure I'm in complete agreement. The network I work for has several > > distribution routers that contain around 1000 T1 speed customers. > > If we were to static route each of their networks it would add about > > 1000 to 1500 > > lines of router configuration to the router. That would definately > > add to > > our maintenance and provisioning work and make troubleshooting > > harder on >our > > techs. While I agree statics are probably the most stable way, I'm not > > sure it's necessarily the best way to aggrigate high volumes of customers. > > We currently use EIGRP at the edge with the stub command, OSPF or > > IS-IS would work just as well. Regardless, we would never let our > > IGP, that extends to the CE router, touch their IGP. About 98% of > > our customers are > > not BGP customers though. > > > > YMMV > > Mike > > > > --- > > Mike Bernico [EMAIL PROTECTED] > > Illinois Century Network http://www.illinois.net > > (217) 557-6555 > > > > > -Original Message- > > > From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] > > > Sent: Monday, September 30, 2002 11:37 AM > > > To: [EMAIL PROTECTED] > > > Subject: Re: OSPF for ISPs [7:54540] > > > > > > > > > At 2:58 PM + 9/30/02, Don wrote: > > > >Rather than run OSPF to customers, it is generally much > > > better to have > > > >them use a default route to the ISP and for the ISP to run > > > static routes to > > > >the customer. OSPF to the customer is a huge land mine for > > > the ISP and > > > >should be avoided in almost every case. > > > > Don > > > > > > I agree completely with Don that an ISP _never_ should link its > > > IGP to that of the customer. Don't fall into the trap of assuming > > > that BGP needs a full routing table or will consume excessive > > > resources. > > > > > > I remain confused why a default route wouldn't serve, unless there > > > are multiple connections between the ISP and customer. By "send > > > the block to the customer," do you mean the block is in the > > > customer's space? You could certainly use a second static route, > > > which can be generated automatically as part of your address > > > assignment (see my NANOG presentation, > > > http://www.nanog.org/mtg-9811/ppt/berk/index.htm). > > > > > > If that's not appropriate, have the customer announce his two > > > blocks to you with BGP and receive default from your BGP. > > > > > > > > > > > > > > >""Chris Headings"" wrote in message > > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > >> Good morning all. I was wondering if someone could lend > > > me a little help > > > >> about engineering OSPF in the backbone for an ISP > > > network. I just had a > > > >> couple of questions and hopefully someone can give me > > > some guidance.or > > > >even > > > >> some CCO links with some specific examples or better yet > > > any material > > > >> anywhere. > > > >> > > > >> Say, for example, that a customer has a small block of IP's > > > >> and a distribution router knows where that block is, via a > > > connected route, > > > like > > > >a > > > >> /30 on a serial link. But later down the line the > > > customer requests an > > > >> additional block of 64 IP addresses, what is the best way > > > to send this > > > >block > > > >> to the customer? Do I need to run OSPF on the customer > > > equipment? If > > > the > > > >> custome
RE: NAT [7:54838]
Hi Paul, With this command, will you be able to let's say ftp to the outside IP and get forwarded to the ftp ports of the internal ip? Daren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Paul Msava Sent: Thursday, October 03, 2002 7:28 PM To: [EMAIL PROTECTED] Subject: RE: NAT [7:54838] Hi, ip nat inside source static private public ip ./Msava -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Joe Middleton Sent: Friday, October 04, 2002 3:23 AM To: [EMAIL PROTECTED] Subject: NAT [7:54838] Hi All, I am trying to set up NAT on a cisco 2600 router. Everything seems to be working except that I can not access resources on the inside using there public IP address from the inside. From the internet the router translates the public addresses to private addresses, but from the inside I have to use the private address to access any resource. How can I get the router to translate requests that originate from the inside? Any help would be greatly appreciated. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54889&t=54838 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
