RE: VLan accesability [7:34471]
If I'm reading your question correctly, the link between your router and switch would be a trunk line. You would have to set the 2610's eth0 up with subinterfaces to route your VLAN, this is assuming you don't have a VLAN routing capable device somewhere else in your network already. This will allow your two VLAN's to access the router. HTH, Don Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34482&t=34471 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLan accesability [7:34471]
Doh, I assumed all of the 2600 series routers had ports capable of trunking, forgot you need ports capable of 100mb in order to trunk =P Don Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34486&t=34471 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: WINS replication problem across PPP network [7:41410]
Ip-helper addresses entries probably won't help in your scenario, they are used with boradcast services such as DHCP. Try adding a static entry in the LMHOST file on server pointing to server 2 with the #PRE and #DOM attributes and use nbtstat -R to reload the netbios cache on server 1 after you add this to its LMHOST file. This should work HTH, Don Nguyen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41412&t=41410 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Written Beta Announcement [7:41340]
How much are the beta exams ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41415&t=41340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: xon/xoff [7:41433]
Use the show line command to find out what the line number is and you can set the flow control for the line in the line configuration. conf t line xxx<--- line number flowcontrol software|hardware|none software for xon/xoff hardware for cts/rts none for well none =P HTH Don Nguyen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41464&t=41433 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Site-Site VPN Performance [7:41924]
It depends on how strong of encryption you want to use. If memory serves me correctly a 1700 series with an encryption module tops out at 1.544 mbits/sec(T1) while a 2600 with an encryption module maxes out at 4mbits/sec. These numbers are for for encrypted traffic bandwidth using 3DES. Another thing to consider is that DH key exchange with large keys (>768 bits) can take a "long" time on a 2500(TAC has it listed at up to 4 seconds). The main district office will probably need something a little more powerful then a 1700(2600/3600, PIX or VPN concentrator) in order to terminate 5 IPSEC vpn tunnels however, the remote schools would probably do just fine with a 1700(which is actually what the 1700 was designed for). Of course this is all based on max throughput. You could argue that all you need are 1700's if the combined throughput of the 5 remote connections would never exceed 1.544Mbits/sec. HTH, Don Nguyen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41964&t=41924 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Security advice - opening ports other than 80 and [7:42333]
Its generally a good idea only to open ports that necesarry (eg. 80 for http, 21 for ftp, etc..). Opening up unnecesarry ports and/or running unnecesarry services just opens your server up to security vulnerabilities. In your case I don't really understand what you're trying to do. For a web server using SSL you only have to allow inbound traffic to port 443, you don't need port 80 open unless it also serves up unencrypted pages. If you want/need to use IPSEC you will need to allow inbound traffic on the UDP port 500 and allow IP protocols 50 and 51(not ports 50 and 51). HTH, Don Nguyen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42334&t=42333 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Remote access [7:42310]
If they can't use or a VPN solution is not viable you could look into a virtual modem bank from a telco that services your area. I used this as a solution for a customer that needed dial-up access. Basically you buy say 50-100 virtual modem lines(unless of course you think all 500 remote users will be on simultaneously, this should give you a modem line/remote user ratio of 10-1 to 5-1). The telco handles the calls and you can give a single number to your remote users. They route this traffic to your router/access server where you handle the authentication and access, usually thru an ATM pipe. However, I would recommend trying a VPN solution solution if possible first. HTH, Don Nguyen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42335&t=42310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CSPM for IDS4210 [7:42788]
You can try the software center on cisco's website. You might need a CCO account in order to download the CSPM eval though. HTH, Don Nguyen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42798&t=42788 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: switch and router pricing [7:42778]
So... which routers will you have on sell soon ? Still looking to fill out my CCIE lab =) Don Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42800&t=42778 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CISCO 2600 NAT [7:43139]
If you have ACL's applied inbound to your NAT outside interface make sure you explicitly allow outside inbound connections to port 5080. HTH, Don Nguyen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43205&t=43139 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: why "ip inspect" block my traffic? [7:43802]
You need to apply your IP inspect in the opposite direction of your external interfaces ACL. So, if you have an ACL applied inbound on your external interface you need to apply your IP Inspect list outbound. The reason being, CBAC will inspect your outbound packets and then dynamically insert "permit" entries at the top of your inbound ACL to allow traffic flow that's part of the same session back in to your network. HTH, Don Nguyen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43872&t=43802 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: cheapest router supporting two ethernet ports [7:44061]
2514's have two ethernet ports... they are probably the cheapest 2 ethernet port routers. You could also go with a 4000 with a NP-2E but I think those are roughly 100-200 more then a 2514. HTH, Don Nguyen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44069&t=44061 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DNS - Unicast or Broadcast? [7:44060]
WINS is the MS bastardization of DNS =P... but to answer your question windows uses unicast for dns query to a name server. I noticed that you refered to a WINS server in your question, WINS is used to netbios name resolution not dns name resolution. However, even here a windows client uses unicast when querying the WINS server. HTH, Don Nguyen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44070&t=44060 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Which Catalyst uses CatOS [7:44107]
Hi all, I was wondering which catalyst switches use the CatOS(Set-based CLI), other then the Cat 5K's. Thanks, Don Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44107&t=44107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Which Catalyst uses CatOS [7:44107]
Thanks for the responses. I think I'm going to go with a 2926T/F. BTW, the PDF on www.laganiere.com is an excellent reference. Thanks, Don Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44243&t=44107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
