BGP Communities [7:2486]
Can some please explain BGP communities, Ive read through Halabi's = description of it and still dont quite understand it's use in a = production environment. TIA Erich Kuehn Please no flames, I know this may be a bit basic but, Im just trying to = understand this. http://1cis.com Free E-mail Servers with unlimited mailboxes 1st Class Internet Solutions Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2486&t=2486 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF summary Address [7:2652]
Im trying to summarize 3 networks into to 1 advertisement. Here is a partial network Diagram R5 -- E0 11.1.1.5/16 \ | \ Area 4 NSSA | / |/ R6 ---S1 11.2.1.1/16 \ E0 11.1.1.6/16 | \ | \ |\ R7 -S4 11.2.1.2/16\ R7 -Lo0 11.3.1.1/16\ R7 -Lo1 11.4.1.1/16 \ Eigrp 1 / / Now I want to Summarize nets 11.2.0.0/16 through 11.4.0.0/16 on R5 What I have done is the following R5=20 router ospf 1 area 4 nssa area 4 default-cost 20=20 summary-address 11.0.0.0 255.248.0.0 network 10.10.0.0 0.0.255.255 area 0 network 11.1.0.0 0.0.255.255 area 4 This seems to work, (other routers in the OSPF process see a route to = 11.0.0.0/13) but Im wondering about the Summary-Address 11.0.0.0 = 255.248.0.0 command. Am I summarizing using the correct prefix? or am I = summarizing to many networks? TIA Erich Kuehn http://1cis.com Free E-mail Servers with unlimited mailboxes 1st Class Internet Solutions Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2652&t=2652 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Emutel solo ISDN simulator opinions needed [7:2918]
This might seem like a strange answer, but (if available) why dont you just get a couple of BRI installed where you are and pay the monthly charges until your done with it. That seems far cheaper than buying a simulator. Just my .02 Erich - Original Message - From: "Ed Dombrowski" To: Sent: Wednesday, May 02, 2001 11:01 AM Subject: Emutel solo ISDN simulator opinions needed [7:2918] > Does anybody have any opinions on the Emutel solo ISDN simulator from Arca > technologies. I hear great things about the Teltone but at $2800 for the > model that handles both ST and U interfaces i started looking for an > alternative. It appears the Emutel Solo can be had for a retail of around > $2000 and supports both types of interfaces. If you have experience with > this product can you leave a brief review and some pros and cons? Thanks. > > Ed Dombrowski > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > http://1cis.com > Free E-mail Servers with unlimited mailboxes > 1st Class Internet Solutions http://1cis.com Free E-mail Servers with unlimited mailboxes 1st Class Internet Solutions Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2922&t=2918 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Querying the FR Switch for DLCIs [7:3863]
I think you want Show Frame-Relay PVC. Erich - Original Message - From: "Barry Kiesz" To: Sent: Wednesday, May 09, 2001 11:28 AM Subject: Querying the FR Switch for DLCIs [7:3863] > Is there a command on a Cisco router to query a FrameRelay switch to find > out which DLCIs are pointed to it? > > Barry > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > http://1cis.com > Free E-mail Servers with unlimited mailboxes > 1st Class Internet Solutions http://1cis.com Free E-mail Servers with unlimited mailboxes 1st Class Internet Solutions Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3873&t=3863 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT Issue [7:9840]
Im trying to pass snmp traffic to my internal LAN (10.0.0.0) We connect to our WAN through a interface with a public address. When our snmp enabled devices try to access the Network Managment Station they get denied, I think it has something to do with private vs. public addresses. See Diagram *** * NMS * 10.0.0.101 * * 10.0.0.100 F0/0 & Sec. Public address * *2621* **Public add S0/0 (I want to NAT here) | | | Public Address S1/0.x GSR * *SNMP *172.16.x.x Public Add e0 *Device * * * *** Any help would be great Erich Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=9840&t=9840 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP advertisements [7:17930]
I have a question about BGP advertisments I have a customer who want us to provide BGP peering for him. He has is own ASN and we have sold him a /24 from our block. Currently Im announcing that /24 and other prefix with My BGP peers (other providers) The customer wants only to receive default routes from me due to their hardware limitations. My question is when I do this do I need to stop announcing the /24 prefix to my providers since that prefix will in essence orginate from his AS? Erich Kuehn [GroupStudy.com removed an attachment of type image/gif which had a name of tech.gif] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17930&t=17930 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP advertisements [7:17933]
I have a question about BGP advertisments I have a customer who want us to provide BGP peering for him. He has is own ASN and we have sold him a /24 from our block. Currently Im announcing that /24 and other prefix with My BGP peers (other providers) The customer wants only to receive default routes from me due to their hardware limitations. My question is when I do this do I need to stop announcing the /24 prefix to my providers since that prefix will in essence orginate from his AS? Erich Kuehn Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17933&t=17933 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: serial up/up w/o cable [7:27604]
Serial interfaces usually wont go up with out a cable, The no keep or keep 0 work on Ethernet, but not serial to my knowledge. If its a Wict1DSU card in the router you can create a loopback with and RJ-45 connector Just crossconnect Pins 1&4 and 2&5, that should create a loopback Erich -Original Message- From: Rajesh Kumar [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 28, 2001 4:22 PM To: [EMAIL PROTECTED] Subject: Re: serial up/up w/o cable [7:27604] No keepalive or keepalive 0 should work. rajesh Tom E wrote: > How can you get a serial interface to go up/up without a cable connected? I > have tried loop and no keep. [GroupStudy.com removed an attachment of type text/x-vcard which had a name of pikumar.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27612&t=27604 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Serial Line problems [7:31426]
Ive got a little problem, im hoping someone can shed some light on. I work for an isp, lately we've had a bunch of issues with some new turnups. While the circuit looks good, i.e. the pvc (frame-relay ietf) is established and standard (100 byte) pings work fine. Once we start to increase the size of the payload (to say 1500 bytes) the circuit chokes and we get dropped packets, The pvc never goes down, but performance is degraded seriously, These circuits do not have policing turned on. The statics from the interface and service module are as follows. We we question the local loop provider they say that if they can run clean to the NIU they are fine, and thus ends their responsiblilty, while this may be true, Im running the same configs on hundreds of customers with no issue, only lately have I had about a dozen of them or so do this. Has anyone seen anything similar, did you resolve it? HOW? Thanks in advance Erich Serial0 is up, line protocol is up Hardware is PQUICC with Fractional T1 CSU/DSU MTU 4000 bytes, BW 1536 Kbit, DLY 2 usec, reliability 171/255, txload 1/255, rxload 1/255 Encapsulation FRAME-RELAY IETF, loopback not set Keepalive set (10 sec) LMI enq sent 112, LMI stat recvd 91, LMI upd recvd 0, DTE LMI up LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 LMI DLCI 0 LMI type is ANSI Annex D frame relay DTE FR SVC disabled, LAPF state down Broadcast queue 0/64, broadcasts sent/dropped 21/0, interface broadcasts 0 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters 00:18:42 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/3/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 1152 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1085 packets input, 750046 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 52061 input errors, 51262 CRC, 660 frame, 0 overrun, 0 ignored, 139 abort 1177 packets output, 445635 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up Serial0.2 is up, line protocol is up Hardware is PQUICC with Fractional T1 CSU/DSU Internet address is x.x.x.170/30 MTU 4000 bytes, BW 1544 Kbit, DLY 2 usec, reliability 184/255, txload 1/255, rxload 1/255 Encapsulation FRAME-RELAY IETF sh service-module s0 Module type is T1/fractional Hardware revision is 0.80, Software revision is 0.2, Image checksum is 0x70F47262, Protocol revision is 0.1 Receiver has no alarms. Framing is ESF, Line Code is B8ZS, Current clock source is line, Fraction has 24 timeslots (64 Kbits/sec each), Net bandwidth is 1536 Kbits/sec. Last module self-test (done at startup): Passed Last clearing of alarm counters 00:22:04 loss of signal:0, loss of frame :0, AIS alarm :0, Remote alarm :0, Module access errors :0, Total Data (last 96 15 minute intervals): 24480 Line Code Violations, 24480 Path Code Violations 0 Slip Secs, 103 Fr Loss Secs, 30984 Line Err Secs, 10036 Degraded Mins 30941 Errored Secs, 22197 Bursty Err Secs, 103 Severely Err Secs, 0 Unavail Secs Data in current interval (714 seconds elapsed): 255 Line Code Violations, 255 Path Code Violations 0 Slip Secs, 2 Fr Loss Secs, 381 Line Err Secs, 12 Degraded Mins 380 Errored Secs, 311 Bursty Err Secs, 2 Severely Err Secs, 0 Unavail Secs Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31426&t=31426 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Serial Line problems [7:31426]
Thanks I just tried that and while I got better results (not as many packets dropped) I still was dropping some packets. If that had happened to work what would that indicate (if all 1', 0's or 4040, worked without dropping packets) ?? BTW I was not setting the DF bit Thanks Erich -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 09, 2002 10:13 AM To: [EMAIL PROTECTED] Subject: Re: Serial Line problems [7:31426] are you sending the packets with the DF bit set? Check that. try all ones or 4040 or all zero's pings. If those don't go trough, it's probably the lec. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31435&t=31426 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Serial Line problems [7:31426]
Scott Yes I have confirmed that already, Once I clear the counters and send data across the link, the errors start to increment almost immedatley. Erich -Original Message- From: Scott Nawalaniec [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 09, 2002 10:32 AM To: [EMAIL PROTECTED] Subject: RE: Serial Line problems [7:31426] Hi Erich, Looks like something is causing major CRC errors thus choking the circuit. Clear the interface counters and send data across wire and see if the CRC and input errors increase. If so, then there could be alot of different possibilities that could be causing the errors. "52061 input errors, 51262 CRC, 660 frame" Scott -Original Message----- From: Erich Kuehn [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 09, 2002 10:09 AM To: [EMAIL PROTECTED] Subject: Serial Line problems [7:31426] Ive got a little problem, im hoping someone can shed some light on. I work for an isp, lately we've had a bunch of issues with some new turnups. While the circuit looks good, i.e. the pvc (frame-relay ietf) is established and standard (100 byte) pings work fine. Once we start to increase the size of the payload (to say 1500 bytes) the circuit chokes and we get dropped packets, The pvc never goes down, but performance is degraded seriously, These circuits do not have policing turned on. The statics from the interface and service module are as follows. We we question the local loop provider they say that if they can run clean to the NIU they are fine, and thus ends their responsiblilty, while this may be true, Im running the same configs on hundreds of customers with no issue, only lately have I had about a dozen of them or so do this. Has anyone seen anything similar, did you resolve it? HOW? Thanks in advance Erich Serial0 is up, line protocol is up Hardware is PQUICC with Fractional T1 CSU/DSU MTU 4000 bytes, BW 1536 Kbit, DLY 2 usec, reliability 171/255, txload 1/255, rxload 1/255 Encapsulation FRAME-RELAY IETF, loopback not set Keepalive set (10 sec) LMI enq sent 112, LMI stat recvd 91, LMI upd recvd 0, DTE LMI up LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 LMI DLCI 0 LMI type is ANSI Annex D frame relay DTE FR SVC disabled, LAPF state down Broadcast queue 0/64, broadcasts sent/dropped 21/0, interface broadcasts 0 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters 00:18:42 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/3/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 1152 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1085 packets input, 750046 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 52061 input errors, 51262 CRC, 660 frame, 0 overrun, 0 ignored, 139 abort 1177 packets output, 445635 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up Serial0.2 is up, line protocol is up Hardware is PQUICC with Fractional T1 CSU/DSU Internet address is x.x.x.170/30 MTU 4000 bytes, BW 1544 Kbit, DLY 2 usec, reliability 184/255, txload 1/255, rxload 1/255 Encapsulation FRAME-RELAY IETF sh service-module s0 Module type is T1/fractional Hardware revision is 0.80, Software revision is 0.2, Image checksum is 0x70F47262, Protocol revision is 0.1 Receiver has no alarms. Framing is ESF, Line Code is B8ZS, Current clock source is line, Fraction has 24 timeslots (64 Kbits/sec each), Net bandwidth is 1536 Kbits/sec. Last module self-test (done at startup): Passed Last clearing of alarm counters 00:22:04 loss of signal:0, loss of frame :0, AIS alarm :0, Remote alarm :0, Module access errors :0, Total Data (last 96 15 minute intervals): 24480 Line Code Violations, 24480 Path Code Violations 0 Slip Secs, 103 Fr Loss Secs, 30984 Line Err Secs, 10036 Degraded Mins 30941 Errored Secs, 22197 Bursty Err Secs, 103 Severely Err Secs, 0 Unavail Secs Data in current interval (714 seconds elapsed): 255 Line Code Violations, 255 Path Code Violations 0 Slip Secs, 2 Fr Loss Secs, 381 Line Err Secs, 12 Degraded Mins 380 Errored Secs, 311 Bursty Err Secs, 2 Severely Err Secs, 0 Unavail Secs Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31436&t=31426 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Serial Line problems [7:31426]
Steve Here are the Show int s0 Show int s0.2 Sh service-module s0 I have checked the timing and from the CPE it appears to be correct. Our frame switch (CBX500) is providing the timing to him. I supposed our timing on the frame-switch could be off, but then more than a few customers would be affected. Im wondering if it isnt a crossed pair on the demarc, or a bad demarc extension. It is strange that the Show int S0 says Available Bandwidth 1152 kilobits/sec When in fact all 24 channels of this T1 are allocated to him Thanks Erich Serial0 is up, line protocol is up Hardware is PQUICC with Fractional T1 CSU/DSU MTU 4000 bytes, BW 1536 Kbit, DLY 2 usec, reliability 199/255, txload 1/255, rxload 1/255 Encapsulation FRAME-RELAY IETF, loopback not set Keepalive set (10 sec) LMI enq sent 409, LMI stat recvd 358, LMI upd recvd 0, DTE LMI up LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 LMI DLCI 0 LMI type is ANSI Annex D frame relay DTE FR SVC disabled, LAPF state down Broadcast queue 0/64, broadcasts sent/dropped 73/0, interface broadcasts 0 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters 01:08:08 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/3/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 1152 kilobits/sec 5 minute input rate 0 bits/sec, 1 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 8015 packets input, 3464954 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 81162 input errors, 80126 CRC, 892 frame, 0 overrun, 0 ignored, 144 abort 8145 packets output, 2970704 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up Serial0.2 is up, line protocol is up Hardware is PQUICC with Fractional T1 CSU/DSU Description: Connection to Video Bridge/Internet Internet address is x.x.x.170/30 MTU 4000 bytes, BW 1544 Kbit, DLY 2 usec, reliability 199/255, txload 1/255, rxload 1/255 Encapsulation FRAME-RELAY IETF Module type is T1/fractional Hardware revision is 0.80, Software revision is 0.2, Image checksum is 0x70F47262, Protocol revision is 0.1 Receiver has no alarms. Framing is ESF, Line Code is B8ZS, Current clock source is line, Fraction has 24 timeslots (64 Kbits/sec each), Net bandwidth is 1536 Kbits/sec. Last module self-test (done at startup): Passed Last clearing of alarm counters 01:08:17 loss of signal:0, loss of frame :0, AIS alarm :0, Remote alarm :0, Module access errors :0, Total Data (last 96 15 minute intervals): 24480 Line Code Violations, 24480 Path Code Violations 0 Slip Secs, 99 Fr Loss Secs, 31261 Line Err Secs, 10081 Degraded Mins 31219 Errored Secs, 22468 Bursty Err Secs, 99 Severely Err Secs, 0 Unavail Secs Data in current interval (784 seconds elapsed): 255 Line Code Violations, 255 Path Code Violations 0 Slip Secs, 0 Fr Loss Secs, 244 Line Err Secs, 13 Degraded Mins 244 Errored Secs, 189 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 09, 2002 10:35 AM To: [EMAIL PROTECTED] Subject: Re: Serial Line problems [7:31426] I didn't see the output of the int and service mod. You got major timing issues with the clock on the line. That's your problem. Have them check it and make sure you have the correct number of channels. Is it a Full T? Also try swapping out the Wic t1, could be a bad piece of hardware. But you have timing issues. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31442&t=31426 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Serial Line problems [7:31426]
I just finished testing with the lec (XO), while they could run clean to the NIU, they had a problem running quazi to the csu. Finally I think they will be taking some responsiblility for the issue. Thanks for everyones input, Im learing way more about Layer 1 than I care to, but then again isnt knowledge, power!??? Thanks Erich -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 09, 2002 11:06 AM To: [EMAIL PROTECTED] Subject: Re: Serial Line problems [7:31426] If it was a crossed pair somewhere, it wouln't come up at all. No carrier. It can very well be bad dmarc extensions, but so many all at once. Is it all in one area of the state/city? Could still be bad telco wiring if in same area of CO. I believe that the customer of yours receive timing on the CO, not your frame-switch, even though your souce is supposed to be higher. Are you not synced with the telco switch or the USNO? Maybe someone else can speak about the avail banwidth output, but I just checked a T1 frame module, and I have the same output, so I don't think it's that. I'll look that one up though. I'd still focus on the timing. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31464&t=31426 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router to Router VPNs- Longish [7:42245]
Mark I was having the same issue a few months ago. I then download configmaker from cisco and put together a senario, and then transferred the senario over to my lab. It worked, I was then able to go back and pick apart the configs and figure everything out. I know it's like putting the cart before the horse, but in this case it did work. Erich -Original Message- From: Mark Odette II [mailto:[EMAIL PROTECTED]] Sent: April 22, 2002 10:52 To: [EMAIL PROTECTED] Subject: Router to Router VPNs- Longish [7:42245] Hey folks, I am in a quandary, and am wondering if someone on the list has done this and figured out a working config. I've been challenged with putting a VPN together between two sites, and it shouldn't be a problem, as it seems to be a straight forward config, and I've used the example off of CCO. The problem is, I can't seem to pass traffic successfully across the VPN. :( Attached is the config for both ends of the network setup. As far as I know, as long as I've met the following criteria, this should work: 1. Both ends have to have a public static address for at least the Router. 2. Either end can have a static NAT for an extra inside host, such as a WWW server. 3. The VPN tunnel should work, no matter what type of "outside" interface the Crypto map is applied to; if regular private to public net connectivity works using NAT Overload, then End to End Tunnel termination should work so long as the access-lists are done right. This being said, this is what I got from CCO: ASCII Diagram of network scenario LAN(192.168.10.0) -- RouterHQ --(WIC1-ADSL) DSL --Internet-- SL --RouterBranchOffice--LAN (192.168.1.0) RouterHQ is assigned 5 public IPs, one assigned to the Router, 1 assigned to WWW Host via Static NAT RouterBO is assigned on public IP, which is assigned to the Router, with NAT Overload running for the hosts on the private LAN. * The description and ASCII art has been slightly modified from the CCO example only to use a WIC-1ADSL as the "Outside" interface on the HQ Router, rather than Ethernet Interfaces. Config From CCO: Daphne# service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Daphne ! memory-size iomem 10 ip subnet-zero ip audit notify log ip audit po max-events 100 ! !--- IKE policies: crypto isakmp policy 10 authentication pre-share crypto isakmp key ciscokey address 100.1.1.2 crypto ipsec transform-set to_fred esp-des esp-md5-hmac !--- IPSec policies: crypto map myvpn 10 ipsec-isakmp set peer 100.1.1.2 set transform-set to_fred !--- Include the private-network-to-private-network traffic !--- in the encryption process: match address 101 ! controller T1 0/0 shutdown ! controller T1 0/1 shutdown ! interface Loopback0 ip address 1.1.1.1 255.255.255.0 ! interface Ethernet0/0 ip address 10.1.1.1 255.255.255.0 ip Nat inside ip route-cache policy ip policy route-map nonat ! interface Ethernet0/1 ip address 200.1.1.2 255.255.255.0 ip Nat outside crypto map myvpn ! !--- Except the private network from the NAT process: ip Nat inside source list 122 interface Ethernet0/1 overload ip Nat inside source static 10.1.1.3 200.1.1.25 ip classless ip route 0.0.0.0 0.0.0.0 200.1.1.1 !--- Include the private-network-to-private-network traffic !--- in the encryption process: access-list 101 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 access-list 101 deny ip 10.1.1.0 0.0.0.255 any !--- Except the private network from the NAT process: access-list 122 deny ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 access-list 122 deny ip host 10.1.1.3 any access-list 122 permit ip 10.1.1.0 0.0.0.255 any access-list 123 permit ip host 10.1.1.3 172.16.1.0 0.0.0.255 dialer-list 1 protocol ip permit dialer-list 1 protocol ipx permit !--- Except the private network from the NAT process: route-map nonat permit 10 match ip address 123 set ip next-hop 1.1.1.2 ! end Fred- Router Configuration Fred# service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname fred ! memory-size iomem 10 ip subnet-zero ! ip audit notify log ip audit PO max-events 100 ! !--- IKE Policies: crypto isakmp policy 10 authentication pre-share crypto isakmp key ciscokey address 200.1.1.2 !--- IPSec Policies: crypto ipsec transform-set to_fred ESP-Des esp-md5-hmac ! crypto map myvpn 10 ipsec-isakmp set peer 200.1.1.2 set transform-set to_fred !--- Include the private-network-to-private-network traffic !--- in the encryption process: match address 101 ! controller T1 1/0 shutdown ! controller T1 1/1 shutdown ! interface Ethernet0/0 ip address 172.16.1.1 255.255.255.0 ip Nat inside ! interface Ethernet0/1 ip address 100.1.1.2 255.255.255.0 ip Nat outside crypto map myvpn ! !--- Except the private network from the NAT process: ip Nat inside source list 175 pool interface Ethernet0/1 overload ip classless ip route 0.0.0.0 0.0.0.0 100.1.1.1 ! !--- Include the private-network-to-private-network traffic !--- in the encryption process: access
RE: ISDN-BRI [7:44867]
You cant do this with ISDN, from what I know if you want to simulate an ISDN link you NEED either an ISDN simulator or actual ISDN line. Erich -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: May 23, 2002 12:25 To: [EMAIL PROTECTED] Subject: Re: ISDN-BRI [7:44867] I'm going to guess that it would need to be crossover as well, but I'm not sure. Probaly though. ""Steven A. Ridder"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I believe any cable with pins 3456 active will work. > > > ""jb"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Team, > > I have two routers with a BRI module, which cable should I used in > > order > for > > each router be able to talk to the other via ISDN. I do not have an > > ISDN simulater.. > > > > J Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44877&t=44867 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: What do you use to backup your configs? [7:46229]
I use Rancid http://www.shrubbery.net/rancid/ It works great. Erich -Original Message- From: stephen skinner1 [mailto:[EMAIL PROTECTED]] Sent: June 12, 2002 02:41 To: [EMAIL PROTECTED] Subject: Re: What do you use to backup your configs? [7:46229] CW2000 what a joy this is ... it does it automatically to your /var/adm/CSCOpx/files/archive directory. ofcourse you need to be managing these devices cheers steve - Original Message - From: "Craig Columbus" To: Sent: Monday, June 10, 2002 11:04 PM Subject: Poll: What do you use to backup your configs? [7:46229] > Out of curiosity, what do you use to schedule automated backups of > your router / switch configs? Commercial application? Homegrown > application? Trained monkey? How often are the configs backed up? > How do you implement version control? > > I was talking with a guy the other day who maintains a fairly large > corporate network (about 300 routers), and they don't backup the > configs at > all. They record the config when it's deployed and trust employees to > update the records if they make a change. This got me wondering what > others were doing. > > Craig Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46352&t=46229 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Migration Question [7:55819]
Ok everyone here is a good brain teaser. Current Situation: I have a simple L2 vpn between 2 sites. AR1---FR Switch-- FR Switch-AR2 Desired Solution: So now I want to terminate the PVC for AR1 on CR1 and and AR2 on CR2. Thus eliminating the Circuit between the frame-switches. My issue is that I cant reconfigure AR1 or AR2. The only configuration I can do is on the FR Switches and CR1 and CR2. Currently CR1 and CR2 Are MPLS enabled, but Im not sure that is the way to go with this. AR1---FR Switch FR Switch-AR2 | | | | | | Core Router 1--Core Router 2 Now the only way I can think of doing this is enabling frame switching on CR1 and CR2, Thus turning them into a "Frame-Switch". We don't need to worry about scalability As only a handful of these will ever be preformed. Any other ideas, Tunnels, etc. Remember I can't change the IP or DLCI at the AR's they need to stay the same. As for routing protocols of AR1 and AR2, I have no idea, but any solution that Satisfies the requirements should be able to accommodate the routing protocol of choice Thanks Erich Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55819&t=55819 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco IOS Docs Hardcopy? [7:49444]
Mark I just want to confirm, that as a SmartNet customer, I was able to order these docs without any charge. Erich -Original Message- From: Mark W. Odette II [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 24, 2002 6:38 AM To: [EMAIL PROTECTED] Subject: RE: Cisco IOS Docs Hardcopy? [7:49444] I am the same way about having hard-copy to read from... I can't tell you how many trees I've killed with printing docs out from the PDFs off of CCO, and then tossed the print outs several months later because of too much "loose" stuff on my desk. I also spent 60.00 on the 6.1 PIX Docs from EBay, just to find out several months later that the docs were available to me for free (thanks to a post on this list many months back pointing out the "secret hiding place" on CCO). Indeed, you hit the nail on the head as to why I ordered all the Docs I did: To have the resources to support just about anything I or my engineers may come across. But nothing replaces a properly placed TAC call. All of these Docs are in manual format with soft-cover though, so it's not like we have a huge library of Cisco Press-style books to reference. I still have pay for the hard-cover. Also, as someone else mentioned in an earlier reply, depending on your SmartNet, you too are probably able to order the same DOCs for free. Like you said, nothing beats paper in some cases. :) -Original Message- From: Thomas Larus [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 23, 2002 8:02 PM To: [EMAIL PROTECTED] Subject: Re: Cisco IOS Docs Hardcopy? [7:49444] I believe it costs a fortune (over $1000) for us mere customers/end users. I imagine Cisco thinks you resellers need to have it to support your customers, so they don't have to do as much of the support. I love my 12.1 printed docs, which I paid $400 plus shipping (around 43 dollars, I think) on ebay. My impression is that most people in this industry have no problem using the CD documentation and reading just about everything from a screen. I feel like some sort of relic because I strongly favor reading from paper. ""Mark W. Odette II"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Jason, > > Funny you should mention it. > > I just received my order of documentation, which I placed over a month > ago. > > One thing for sure, I got more documentation than I realized I ordered- > and it was all free. I did not find an indication of charge for > shipping or the docs themselves. Now I have enough documentation to > fill 5 bookshelves! > > ... and yes, part of that documentation is the 12.2 docs-- config guide, > debug docs, command guide, Voice-Video-Fax docs, and the list goes on. > > All of it is soft-cover though, so don't expect hard-cover. > > I received 1 very large box, a medium sized box, several small boxes and > bubble envelopes... 11 pieces in all. > > Some of that was Voice docs though... ICS 7750, IP Phones, Call Manager, > CiscoWorks for Voice, etc. > > I figured, if it was free, and I want to familiarize myself with that > stuff for the future, why the heck not order it! > > I believe my Reseller Status is what allowed me to order it all for free > though. > > Good Luck! > > Mark Odette II > StellarConnection Services > CCNP, MCSE, A+ Certified. > > -Original Message- > From: Barbee Jason [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 23, 2002 10:37 AM > To: [EMAIL PROTECTED] > Subject: Cisco IOS Docs Hardcopy? [7:49444] > > When logged in to CCO, I can go to the Product Upgrade tool, select > documentation, and see a large list of available documentation. I would > like > to order the documentation set for 12.2, but I do not see it on the > list. Is there a way to order the complete set? or should I just enter > quantity 1 > for all the IOS documenations. > And I'm concerned about billing too, it appears it will charge our Cisco > Reseller for the shipping and/or costs. > Do these documents cost anything or is it just the cost of shipping? > > I thought I had read a thread that mentioned this somewhere, but I > couldn't find it using the groupstudy google search engine, and the > older archive > search engine gave a glimpse not found error. I apologize if some of the > questions here have already been answered. > > Thanks everyone, > -Jason > [EMAIL PROTECTED] > www.cciewannabe.com - Remote Cisco Lab Access Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49526&t=49444 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Check this new command out [7:49717]
All I can say is KEWL.. I love that. I hate jumping in and out of config mode to look at my Runnning Config. Thanks for the insight. Erich -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 25, 2002 3:01 PM To: [EMAIL PROTECTED] Subject: Check this new command out [7:49717] Thought this was pretty cool!! c7304(config)#do sh ver Cisco Internetwork Operating System Software IOS (tm) 7300 Software (C7300-JS-M), Version 12.1(1.23.020716.), CISCO DEVELOPME NT TEST VERSION Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Tue 16-Jul-02 03:26 by Image text-base: 0x40008970, data-base: 0x41B32000... Dave -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49719&t=49717 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Huawei routers - a.k.a. futurewei.com [7:49778]
Ok Craig, you need to gather some more info before you start spreading piracy rumors. I just talked to the the west coast channel manager for Huawei, Yes their routers are very similar to cisco, But he assured me that they in no way reverse-engineered them. They have been designed with the cisco user in mind. That way your learning curve is quite small. They have their own OS it is NOT Cisco IOS, but the interface looks very similar, Their routers will NOT run cisco IOS. They also have designed their own ASIC's for these routers. So I think you need to chill out a little and get some more info. These products seem to fit a very big market here in the US. There are a lot of cisco engineers here in US that would love to be able to offer this to their customers. I will be getting a demo unit soon and would love to share my experience with the group. Erich -Original Message- From: Craig Columbus [mailto:[EMAIL PROTECTED]] Sent: Friday, July 26, 2002 8:58 AM To: [EMAIL PROTECTED] Subject: Re: Huawei routers - a.k.a. futurewei.com [7:49778] Just thought I'd comment on this Let me issue a disclaimer first: I've never heard of these routers until this thread. I'm only responding to the information presented in these posts. I've been, so far, unable to verify the information presented for myself. If I'm mistaken, and the product isn't a Cisco ripoff, then I apologize. With that said: Am I the only one who finds it troubling that this company has, apparently, copied Cisco's proprietary designs and is selling them as their own? Sure they're cheaper. So is pirated software. Does it make it right to support an operation like this? These guys even ripped off Cisco's product line names. Surely there's some legal recourse for Cisco, at least in the USA. I guess I'm bothered because this group is so anti-NDA violation, anti-software piracy, etcand then when something like this comes out, no one bothers to speak up against it. In fact, people seem excited because they'll be able to put together a cheaper lab to practice for the CCIE lab. Personally, I don't see any difference between this and willingly buying / exchanging pirated software. If I discover that the claims are true, and that this company is only selling reverse-engineered Cisco products, I, for one, will not support them or their equipment. Just my opinion... Craig At 03:10 PM 7/26/2002 +, you wrote: >Hi group, > >Huawei routers were introduced into the local market sometime in the >past 2 months in an asian networking exhibition called "Communicasia". > >That's where I met the Huawei distributor whom had volunteered to >provide a demo set for me to play with (myself from an international >mnc, has current projects to revamp our LAN/WAN structure) and guess >what, my boss is requesting me to have a look at their routers ! > >The day the router came into the office, I noticed that there were no >manuals provided. After meddling with the router, I believed that there >was no need to request for one in the first place ! There will be no >requirements to load the box with IOS, it is IOS (with a bit of >differences). The whole thing was CLONED ! > >I'm not too sure about reversed-engineering but more on how Cisco is >going to protect their market dominance. With boxes selling for 30-40% >cheaper, I guess lots of ppl will be rushing off to buy it. > >Guess might as well I pack my bags for China to get a new set of >certifications. > >Ron Tan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49791&t=49778 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Qwest DSL [7:50176]
Does any know if you can use the WIC-1ADSL module to connect to Qwest's DSL network (business class service)? Ive asked them and they are clueless. Erich Kuehn Sr. IP Engineer Backbone Communications [EMAIL PROTECTED] www.bbcominc.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50176&t=50176 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Qwest DSL [7:50176]
There is nothing real special about qwest, this price seems right, and only 19 business days for an install, Do you have any other recommendations? I need to put this into a colo rack and cant spare anymore space for a DSL modem. E -Original Message- From: Brian Zeitz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 30, 2002 1:33 PM To: [EMAIL PROTECTED] Subject: RE: Qwest DSL [7:50176] That's why their stock is selling for less then a candy bar. Is there something special about Quest? Just use the DSL modem, and I believe any ethernet interface will work. -Original Message- From: Erich Kuehn [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 30, 2002 4:01 PM To: [EMAIL PROTECTED] Subject: Qwest DSL [7:50176] Does any know if you can use the WIC-1ADSL module to connect to Qwest's DSL network (business class service)? Ive asked them and they are clueless. Erich Kuehn Sr. IP Engineer Backbone Communications [EMAIL PROTECTED] www.bbcominc.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50183&t=50176 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Qwest DSL [7:50176]
John Thanks for your insight, that being said, I'm still trying to find out if my WIC-1ADSL is compatiable with the Qwest DSL network, If it isnt does anyone know which networks are compatible? Thanks E -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 30, 2002 2:04 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Qwest DSL [7:50176] I've been planning to do a test with this but I haven't gotten around to it, primarily because I don't trust the code-level needed to use that WIC. I have a couple here but I haven't tried to implement them. It should be relatively painless, but that's dependent on your configuration. One major consideration that made me change my mind about this is that the Qwest DSL support staff are clueless and non-standard installations may be a bad idea. They have scripted questions that they have to ask no matter what and those are only applicable to the devices they support. If you choose to use the ADSL WIC then you won't be able to provide exactly what they're asking for, which will only extend troubleshooting sessions beyond the usual 1-1.5 hours. ;-) I suppose this depends on your setup with Qwest, though. We are a MegaCentral customer with remote sites connecting directly back to our headquarters on an ATM link. 99% of the DSL support staff have no understanding of this configuration and they get confused right off the bat. Just something to think about. John >>> "Erich Kuehn" 7/30/02 2:42:05 PM >>> There is nothing real special about qwest, this price seems right, and only 19 business days for an install, Do you have any other recommendations? I need to put this into a colo rack and cant spare anymore space for a DSL modem. E -Original Message- From: Brian Zeitz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 30, 2002 1:33 PM To: [EMAIL PROTECTED] Subject: RE: Qwest DSL [7:50176] That's why their stock is selling for less then a candy bar. Is there something special about Quest? Just use the DSL modem, and I believe any ethernet interface will work. -Original Message- From: Erich Kuehn [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 30, 2002 4:01 PM To: [EMAIL PROTECTED] Subject: Qwest DSL [7:50176] Does any know if you can use the WIC-1ADSL module to connect to Qwest's DSL network (business class service)? Ive asked them and they are clueless. Erich Kuehn Sr. IP Engineer Backbone Communications [EMAIL PROTECTED] www.bbcominc.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50187&t=50176 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Verizon Contact [7:52220]
Does anyone have a Verzion contact that could help with setting up a 2600 with a DSL wic. Or configs that might work. Thanks Erich Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52220&t=52220 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
TACACS+ [7:53721]
Im trying to setup tacacs+ for aaa on my routers. I have downloaded and installed tacplus from cisco on a linux box (RH7.3). Im looking for some examples of config files for the tac_plus executable. Currently we use SSH and local logins for authentication, I would like to continue to use SSH to get into my boxes. From the config files I have seen Im unsure as to how I would continue to use SSH as the passwords are all encrypted. Thanks Erich Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53721&t=53721 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF for ISPs [7:54540]
Well I work for an ISP, and I would have to say that it depends. For most customers (i.e. unmanaged) they just get a static route on the edge router which get redistributed in OSPF. If the customer happends to be in our "managed" program, we would then run OSPF to them. But if they happen to be in the MPLS-VPN catagory, well then we establish a BGP connection to them, and for larger customers we actually run a standard E-BGP session with them as they are mulithomed with another provider. So no one method will fit all of our customers. I agree those 1000 extra lines in the configs are a bit troublesome until you figure out how to parse the config efficently. (i.e. show run | beg show run |inc ) This really helps when searching for something. Erich -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 12:13 PM To: [EMAIL PROTECTED] Subject: Re: OSPF for ISPs [7:54540] Interesting. I don't work for an ISP bt have worked with many and I have only ran into one that ran an IGP with it's customers and I was suprised. My ancedotal evidence suggests that the vast majority either run BGP or statics to announce customer networks. I know there are plenty of ISP engineers out there and can confirm/rip my conjecture ;) Dave Mike Bernico wrote: > > I'm not sure I'm in complete agreement. The network I work for has > several distribution routers that contain around 1000 T1 speed > customers. If we were to static route each of their networks it would > add about 1000 to 1500 lines of router configuration to the router. > That would definately add to our maintenance and provisioning work and > make troubleshooting harder on our > techs. While I agree statics are probably the most stable way, I'm not > sure it's necessarily the best way to aggrigate high volumes of > customers. We currently use EIGRP at the edge with the stub command, > OSPF or IS-IS would work just as well. Regardless, we would never let > our IGP, that extends to the CE router, touch their IGP. About 98% of > our customers are not BGP customers though. > > YMMV > Mike > > --- > Mike Bernico [EMAIL PROTECTED] > Illinois Century Network http://www.illinois.net > (217) 557-6555 > > > -Original Message- > > From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] > > Sent: Monday, September 30, 2002 11:37 AM > > To: [EMAIL PROTECTED] > > Subject: Re: OSPF for ISPs [7:54540] > > > > > > At 2:58 PM + 9/30/02, Don wrote: > > >Rather than run OSPF to customers, it is generally much > > better to have > > >them use a default route to the ISP and for the ISP to run > > static routes to > > >the customer. OSPF to the customer is a huge land mine for > > the ISP and > > >should be avoided in almost every case. > > > Don > > > > I agree completely with Don that an ISP _never_ should link its IGP > > to that of the customer. Don't fall into the trap of assuming that > > BGP needs a full routing table or will consume excessive resources. > > > > I remain confused why a default route wouldn't serve, unless there > > are multiple connections between the ISP and customer. By "send the > > block to the customer," do you mean the block is in the customer's > > space? You could certainly use a second static route, which can be > > generated automatically as part of your address assignment (see my > > NANOG presentation, > > http://www.nanog.org/mtg-9811/ppt/berk/index.htm). > > > > If that's not appropriate, have the customer announce his two blocks > > to you with BGP and receive default from your BGP. > > > > > > > > > > >""Chris Headings"" wrote in message > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > >> Good morning all. I was wondering if someone could lend > > me a little help > > >> about engineering OSPF in the backbone for an ISP > > network. I just had a > > >> couple of questions and hopefully someone can give me > > some guidance.or > > >even > > >> some CCO links with some specific examples or better yet > > any material > > >> anywhere. > > >> > > >> Say, for example, that a customer has a small block of IP's and > > >> a distribution router knows where that block is, via a > > connected route, > > like > > >a > > >> /30 on a serial link. But later down the line the > > customer requests an > > >> additional block of 64 IP addresses, what is the best way > > to send this > > >block > > >> to the customer? Do I need to run OSPF on the customer > > equipment? If > > the > > >> customer router is not running OSPF, how do the routers > > know how to get > > to > > >> this destination? I assume via static routing??? > > >> > > >> Thanks as always. > > >> > > > > Chris -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&