RE: HSRP [7:10428]
Here is a link that may answer some questions about HSRP groups, and what it could be used for. http://www.cisco.com/warp/public/619/7.html Best Regards, Eric Hoffman Senior Systems Engineer MCP, CCNA, CCNP Computer Professionals International -Original Message- From: Marc [mailto:[EMAIL PROTECTED]] Sent: Friday, June 29, 2001 4:03 PM To: [EMAIL PROTECTED] Subject: Re: HSRP [7:10428] HSRP is for router redundancy, not WAN circuit redundancy. If you wanted to have internet or WAN circuit redundacy, you would of course use two lines, have equal-cost routes (two default routes...etc) and that's all that's involved. HSRP not needed for WAN load-balancing/redundancy... Marc "Sam Sneed" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I was doing a little research on HSRP and had a question for anyone who has > configured it. I read the whole RFC 2281 and could not find my answer there. > If you have two routers running HSRP with T1 lines to the internet, 1 is the > standby and one is the active. Does all traffic only go through the active > at all times unless it dies? If so isn't it a waste not ever utilizing the > T1 line thats on standby (of course until the active fails)? > > If bandwidth exceeded 1.5MB would the second router kick in to share the > load or would it totally take over? > > With these 2 routers acting as a single virtual router would throughput > ever be able to exceed 1.54 MB assuming each has its own T1 connection? > > thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=10434&t=10428 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: serving websites through frame-relay [7:11941]
You could always use debugging for frame relay on the router, to see dlci's you are being assigned from the frame switch. http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12supdoc/deb ug_r/ddlsw.htm#xtocid2763771 debug frame relay packet Make sure you only turn on debugging for frame relay packets, becuase you can crash the router if you try to debug too much. To see what the router is running at (proccessor wise), the command is show proc cpu. Most of the time, the Dlci's that the ISP provide me are incorrect. I use this method of debugging from the frame switch , to save a lot of time and headaches. Best of luck! Eric -Original Message- From: paul [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 10:43 AM To: [EMAIL PROTECTED] Subject: serving websites through frame-relay [7:11941] Greetings Wizards, I need to setup a webserver using a frame-relay "link" and was given 6 host addresses to use for whatever services I needed. However, I wasn4t given any dlci "details" ( I am already using a dlci # on one subinterface to access the internet from inside), do I need to get this from my SP or I am going about this the wrong way (no dlci needed to config the subint for webserver?). Can anyone "enlighten" me here, please.(or point me to sample config) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=11943&t=11941 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: serving websites through frame-relay [7:11941]
I apologize for not understanding what was listed below. You do not need to configure any additional dlci's on the router, if you are adding a webserver to that existing link. The only time you would need to configure new dlci's on an existing link, is if you are adding a new pvc to that existing link. -Original Message- From: paul [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 10:43 AM To: [EMAIL PROTECTED] Subject: serving websites through frame-relay [7:11941] Greetings Wizards, I need to setup a webserver using a frame-relay "link" and was given 6 host addresses to use for whatever services I needed. However, I wasn4t given any dlci "details" ( I am already using a dlci # on one subinterface to access the internet from inside), do I need to get this from my SP or I am going about this the wrong way (no dlci needed to config the subint for webserver?). Can anyone "enlighten" me here, please.(or point me to sample config) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=11945&t=11941 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: WAN link funnies - UP UP but no comms- on same subnet!!! [7:12786]
What version of ios are you running? If you are running some flavor of 11, check to make sure you have the ip classless on both routers. -Original Message- From: Andrew Larkins [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 18, 2001 7:17 AM To: [EMAIL PROTECTED] Subject: RE: WAN link funnies - UP UP but no comms- on same subnet!!! [7:12780] the very weird thing here is at RTS DTS etc are all up both devices are on a /30 subnet no problems here. I do not need any routing because these are directly connected networks. NO crc errors on link flap/ interface resets!! Very confused -Original Message- From: Phil Barker [mailto:[EMAIL PROTECTED]] Sent: 18 July 2001 12:45 To: [EMAIL PROTECTED] Subject: Re: WAN link funnies - UP UP but no comms- on same subnet!!! [7:12778] Andrew, From what you say your remote end is working fine both in Tx and Rx and your Tx is working fine since remote end sees your cdp. Your Rx appears to be the problem. Have you tried swapping out your local Serial cable ? What about 'sh int serial xxx' to check your pins ? DCD RTS etc. regards, Phil. --- Andrew Larkins wrote: > HI all, > > Strange problem here. > > The serial interface are UP UP on both sides, but we > are not able to ping > each other - even though directly connected. A > "debug ip ICMP" on the > remote site shows the ping coming through and > replying, but the reply never > gets back. > Also the remote site saw my router using CDP, but I > do not see him. > > Any ideas?? > > I believe this is Telco related, but the line shows > clean from the interface > stats > > Andrew [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12786&t=12786 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ios features [7:12945]
www.cisco.com/go/fn feature navigator rules! you need cco login to gain access. -Original Message- From: Donald B Johnson jr [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 19, 2001 10:44 AM To: [EMAIL PROTECTED] Subject: ios features [7:12945] Does anyone remember the link that allows you to search for a IOS version based on a feature, say DHCP. Don Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12947&t=12945 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Multilink Virtual-Templates [7:15091]
You could set up profiles through your radius/acs server to assign ip addresses to the users, based on their authentication information. The profiles would then assign users the ip addresses, based on what is listed in the profiles on the radius/acs server. HTH, Eric -Original Message- From: Hamid [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 07, 2001 8:33 AM To: [EMAIL PROTECTED] Subject: Multilink Virtual-Templates [7:15091] Hi group I have configured my access server to allow multilinks. I have created a virtual template for the multilink users as follows: ! interface Virtual-Template1 description Template for Multilink users ip unnumbered Loopback1 no ip directed-broadcast ip tcp header-compression passive peer default ip address pool ip-pool1 ppp authentication pap ms-chap dial-in ppp multilink ! AS-Alpha#sh ip local pool Pool Begin End ip-pool1 61.11.243.100 61.11.243.150 ip-pool2 213.217.32.100213.217.32.150 The problem is that I have 2 type of users, which I have to assign different classes of IP addresss. (as the above IP pools). The async lines are different., the first group dials into the Group-Async 1 interfaces and the second group dials into the Group-Async2 interfaces. Can anyone tell me how I can assign these multilink users with different IP address classes? Thanx Hamid Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=15104&t=15091 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CODE RED protection ! ! ! [7:15989]
NBAR on the routers can help stop code red. watch the wrap... http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml HTH Eric -Original Message- From: Hamid [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 14, 2001 6:14 AM To: [EMAIL PROTECTED] Subject: CODE RED protection ! ! ! [7:15989] Hi group I have some costumers whom I belive are infected with CODE RED. Any ideas how I can deny any traffic related to CODE RED on my router? Thanks Hamid Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16004&t=15989 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: subinterfaces with v.35 [7:16202]
You would need to configure one of the routers to act as a frame relay switch. This is a good article on how to convert a router into a frame relay switch, and a setup... Watch the wrap: http://www.cisco.com/warp/public/125/fr_switching.html HTH, Eric -Original Message- From: george gittins [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 15, 2001 1:10 PM To: [EMAIL PROTECTED] Subject: subinterfaces with v.35 [7:16202] can you make subinterfaces with v.35 back to back , i tried and no success shows the line down , works with point to point dough, any suggestions? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16203&t=16202 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 3640 WIN 2000 IAS [7:16408]
Hi, Access-reject means that Raidus/IAS doesn't like either the person/username or the client that is trying to authenticate... whether it is a bad username or the configuration for the radius client is not setup on the server correctly. (I have found that IAS is really picky about the ip address.) ie) 10.09.9.3 configured as the client on the server, will give you an error (access-reject) if the ip address of the client is 10.9.9.3. Check your event logs on the IAS server. This will give you a good idea of what is not working/where to look for misconfiguration. HTH, Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, August 17, 2001 3:27 PM To: [EMAIL PROTECTED] Subject: Cisco 3640 WIN 2000 IAS [7:16408] I am trying to get a users dialing into a 3640 to authenticate to a Win 2000 IAS Radius Server. IAS log Shows the Access-Request on the first line then Access-Reject on the Second line Is this Access-Reject referring to the user or the router? The Cisco Running the Cisco debug tell me it fails local and logon fails for the Radius "IAS" I have checked the ports and password on the IAS as well as the Cisco. WIN 2000 Clinent Client-Vender = CISCO Remote Access Polices In the advance settings I have added the vender specific parameters for Cisco. Authentication I started with Chap, then went to unencrypted PAP SPAP CISCO IOS (tm) 3600 Software (C3640-I-M), Version 12.1(8), RELEASE SOFTWARE (fc1) aaa new-model aaa authentication login default local aaa authentication login no_radius enable aaa authentication ppp default if-needed group radius aaa authorization network default group radius aaa accounting exec start_stop start-stop group radius aaa accounting network start_stop start-stop group radius radius-server host 10.108.1.6 auth-port 1645 acct-port 1646 radius-server retransmit 3 radius-server key AnDialRtr Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16417&t=16408 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: vlan [7:30189]
A Native VLAN is used for sending and receiving untagged traffic on the trunk port. A Native VLAN Mismatch means that the trunk ports on each side are not configured to use the same native vlan. -Original Message- From: James [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 10:47 AM To: [EMAIL PROTECTED] Subject: vlan [7:30189] Can any on tell me what a "Native VLan Mismatch" is Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30197&t=30189 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FECN/BECN below a CIR [7:18444]
If you feel that you maybe going over your CIR, I would suggest configuring traffic shaping on the router interface. The way I understand it, is that it will throttle the amount of traffic sent to the frame provider. If you see FECN and BECN's after configuring traffic shaping, you may have a case to contact the frame provider Watch the wrap. http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c /qcpart4/qcfrts.htm HTH, Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 05, 2001 10:55 AM To: [EMAIL PROTECTED] Subject: Re: FECN/BECN below a CIR [7:18444] Don't forget as well that the time over which the CIR usage is calculated (I've forgotten the formal term and don't feel like searching for it right now) is generally of the order of a second (at least in this part of the world), while the load reported by the router is generally averaged over five minutes. If you have bursty traffic (routing updates, for example), you may be going above CIR for some periods, even though your five-minute average may be well under CIR. More relevant for DE rather than FECN/BECN, but something to keep in mind. JMcL - Forwarded by Jenny Mcleod/NSO/CSDA on 05/09/2001 09:48 am - "Karen E Young" To: [EMAIL PROTECTED] Subject: Re: FECN/BECN below a CIR [7:18444] Sent by: nobody@groups tudy.com 05/09/2001 05:42 am Please respond to "Karen E Young" If you're getting FECN/BECN traffic then its experiencing congestion. Congestion on the FR network prior to CIR being met is indeed a good sign of oversubscription. If its only occasional then it may simply have been a spike on the switch. However, if you're getting it fairly regularly, then you need to talk to your provider. There's NO reason to set FECN/BECN when there isn't congestion. Ask them how they determine subscription load. Some providers (such as Sprint last I heard) use the CIR to determine load on a switch, not the actual traffic. If they have alot of customers with 0 CIR then the switch can easily get oversubscribed to the point that the provider can no longer meet the CIR of their customers. HTH, Karen *** REPLY SEPARATOR *** On 9/4/2001 at 2:19 PM Paul Borghese wrote: >Does anyone know if a Frame Relay provider will send FECN/BECN messages even >if the CIR is not oversubscribed? > >Is looking at the FECN/BECN traffic a good determination of CIR >oversubscription? > >Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18630&t=18444 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Telnet on PIX outside interface [7:20271]
With version 5.1, you can setup a vpdn/pptp connection to telnet to the outside interface of the pix. Watch the wrap. http://www.cisco.com/warp/public/110/pptppix.html -Original Message- From: Magdy H. Ibrahim [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 10:38 AM To: [EMAIL PROTECTED] Subject: Re: Telnet on PIX outside interface [7:20271] Hi, If your inside servers run W2k then you can setup the remote access service on the W2k server and add static command on your PIX with conduit command to permit remote access from outside to your W2k server. then permit telnetting for this server to the inside interface... if you want exactly the command mail me again and I'll be pleased to help.. Bytheway there is no way to telnet on the outside interface... Magdy H. Ibrahim ""NRB"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Guys/Gurus, > > Can anyone please help me in setting up Telnet access on outside interface > of PIX. > I heard that we need to uses IPSec and Cisco VPN client. I do not have VPN > client, > can it still be done. Please help. > > Thanks, > NRB Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20281&t=20271 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ip dhcp-server under e0?? [7:22250]
I was able to get it to work on 12.2(1)T on a 1605. Try feature Navigator to find DCHP client. www.cisco.com/go/fn Watch the wrap HTH, Eric -Original Message- From: Cisco Nuts [mailto:[EMAIL PROTECTED]] Sent: Friday, October 05, 2001 3:01 PM To: [EMAIL PROTECTED] Subject: ip dhcp-server under e0?? [7:22250] Hello, A couple of weeks back someone had successfully configured his 2514 router to get a dhcp ip addr. from his cable service provider, configured nat on the router for his laptop to go out on the internet. I tried to do the same on my 2514 but I cannot type the command under e0 for my router to get the dhcp ip addr. from the service provider. I initially thought that it was the ios ver. (was using 11.3.(3)) I upgraded to 12.0.(9) but it still will not let me type the command. Will this command only work on higher routers like the 2600 and the 3600 series. Please advise. Thank you. Kind regards. Output from the router: RTA(config-if)#ip dhcp ? % Unrecognized command RTA#conf t Enter configuration commands, one per line. End with CNTL/Z. RTA(config)#int e0 RTA(config-if)#ip ? Interface IP configuration subcommands: access-groupSpecify access control for packets accounting Enable IP accounting on this interface address Set the IP address of an interface authentication authentication subcommands bandwidth-percent Set EIGRP bandwidth limit broadcast-address Set the broadcast address of an interface cgmpEnable/disable CGMP directed-broadcast Enable forwarding of directed broadcasts dvmrp DVMRP interface commands hello-interval Configures IP-EIGRP hello interval _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=22254&t=22250 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
