Re: FXS Problem - Always getting a busy signal on either [7:74285]
What voice ports are the phones plugged into physically? Maybe you have phone in port x/y/1 instead of x/y/0. 'show voice port port#' will give details on voice port status too. You may want to do a 'csim start ' or 'csim start ' to see if the router with that phone actually rings (don't have any phones picked up at this point). --- Maria wrote: GDay Everyone, Just hoping you all may be able to shed some light onto this for me. This is the fist time I have tired to configure FXS ports and its proving to be getting the better of me. I have 2 routers (2610XM) connected together via a serial back to back. in each of these routers I have a VIC-2FXS card in each NM-2V module. I have followed a basic configuration and I get a dial tone in the ear handset but for the life of me I am continually getting a busy tone from each phone. When the phone is taken off hook I do get a green light on the vic. Below is the configuration Router A hostname Router-A voice-port 1/0/0 voice-port 1/0/1 dial-peer voice 1 pots destination-pattern port 1/0/0 dial-peer voice 2 voip destination-pattern session target ipv4:10.1.1.2 interface Serial0/0 ip address 10.1.1.1 255.255.255.0 no fair-queue Router B hostname Router-B voice-port 1/1/0 voice-port 1/1/1 dial-peer voice 1 pots destination-pattern port 1/1/0 dial-peer voice 2 voip destination-pattern session target ipv4:10.1.1.1 interface Serial0/0 ip address 10.1.1.2 255.255.255.0 no fair-queue clockrate 400 I can ping from either router the other router OK. Any thoughts would be of great advantage. Thanks for you assistance John **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74285t=74285 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Command rejected: FastEthernet5/14 not an access port. [7:72683]
john, Under the port, add 'switchport mode access' as well. By default the switchports can automatically become trunks if both sides agree, etc. If trunk isn't negotiated then the port is in access vlan 11 in your config below. The 'switchport mode access' command forces port to be in access mode and not the I'll decide what type of port i'll be mode. --- John Brandis wrote: Hi all, I am wishing to implement port security on my 4006 + supIII using Version 12.1(13)EW1 I tried to enter the command SYD_CORE1(config)#int fastEthernet 5/14 SYD_CORE1(config-if)#switchport port SYD_CORE1(config-if)#switchport port-security max SYD_CORE1(config-if)#switchport port-security maximum 2 ? SYD_CORE1(config-if)#switchport port-security maximum 2 Command rejected: FastEthernet5/14 not an access port. I then confirmed my config for the port interface FastEthernet5/14 description a computer internal switchport access vlan 11 no snmp trap link-status Can any one tell me why I would get the error? I have tried this on a few ports now and got the same error every time. I looked on the cisco site and around deja, and found nothing about the error. Can any one provide some help John ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.solution6.com ** [EMAIL PROTECTED] __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72683t=72683 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: switch default gateway question [7:72288]
ip default-gateway in IOS is only used when the device is acting as a host (not routing, etc). If it has IP routing enabled, then you probably want to use a default route (0.0.0.0/0) and/or other routes for your networks (static, RIP, EIGRP, etc). Erick --- Reimer, Fred wrote: I'm not saying that your way won't work. To tell you the truth, I don't really understand your method. I've just been through a lot of migrations myself in the past with customers, and creating new VLANs and moving users over to them is the typical way it is accomplished. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: gab.seun jones.ewulomi [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 12:16 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: switch default gateway question [7:72288] Hi Fred, Yes we are using vlans. Hence why we purchased the types of switches What I listed was a suggestion in which I asked if that way to would work. I know you can create another vlan sub-interface and start moving the the new addresses. I was thinking of the idea that if the switches can accept more than 2 default routes then why wont that way work What is wrong with dual default routes? As i understand according to how these works there will be a primary default etc regards, seun From: Reimer, Fred To: gab S.E jones , [EMAIL PROTECTED] Subject: RE: switch default gateway question [7:72288] Date: Tue, 15 Jul 2003 10:11:24 -0400 Say what? Why don't you just create additional VLANs for the new address space(s) and move PC's to the new VLANs as their addresses are changed? There is no need to be messing around with dual default routes. You could move all of the switches over to the new address space immediately, or change them over time to the new address and VLAN. If you are not using VLANs, then why did you purchase 4506s, 3550s, and 6509s? Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: gab S.E jones [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 5:48 AM To: [EMAIL PROTECTED] Subject: switch default gateway question [7:72288] Basically I want to know how best to approach the situation. Our network is all statically mapped no dynamic routing our switches(4506,3550,6509) are going to be changed to a different address range. the switches can accept more than one default gateway. The core routers addresses has to be changed to the same subnet as the switches soon 1)the switch old ip address is on a 11/8 address pointing to the core router(interface) with a 11/8 address 2)now the switch addresses are being changed to a 10/16(subnetted) address and the default gateway has to point to the core with a 10/16 address as well Myu approach was to 1)configure the swith with another default pointing to a 10/16 2)configure a secondary interface on the core with a 10/16 address 3)the other core routers connected to this core will be also given a secondary of 10/16 address 4)then on the core routers put floating statics for all our original routes to point to the default GW 10/16 addresses I presume that because the swithes now have to defalt GW statements that the swith will automatically send packest for pc's of 10 and 11 addresses. While we slowly migrate all our lan devices to the new 10/16 GW 5)will start gradually changing the lan devices to start pointing to the 10/16 GW Please correct me if im thinking of this the wrong way. Any advice will be greatly appreciated My apologies if I didnt explain myself properly regards, seun _ Sign-up for a FREE BT Broadband connection today! http://www.msn.co.uk/specials
Re: Cisco VPN client [7:71690]
Do you have the Local LAN access option checked under properties? Erick --- johnman johnman wrote: I have a cisco vpn client tunnel from my computer to a PIX Firewall. I had set a pool of IP addresses in the PIX for all the remote vpn clients. I would like to Print to my local printer that is connected to my PC and I cannot. has anybody got it working ?. _ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail [EMAIL PROTECTED] __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71700t=71690 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Multiple VLANs in a single switch port [7:69991]
Multiple-VLANs per port can be configured on certain models, but if you do multiple VLANs then you can't do dot1q or ISL trunks anywhere on the box. one or the other... thats the limitation. I wonder why cisco doesn't do protocol-based VLANs, etc like some other vendors. It's a sweet feature that rocks. --- Michael Montiverdi wrote: Hi, I believe it depends on the switch, like Marco said. I have a Catalyst 3548XL and I can setup multiple vlans on one port. Thanks, Michael Montiverdi -Original Message- From: M.C. van den Bovenkamp [mailto:[EMAIL PROTECTED] Sent: Monday, June 02, 2003 9:15 AM To: [EMAIL PROTECTED] Subject: Re: Multiple VLANs in a single switch port [7:69991] koh jef wrote: is there any way/s to configure mulitple VLANs in a single switch port? Aside from ISL or 802.1Q trunking? The answer is 'it depends'. Mostly on what switch you're using. Most switches can't do it, but some can; Cisco's 2900 series can, for instance. Regards, Marco. [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70042t=69991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Nortel Passport to Cisco 6500 [7:69798]
This works fine. Use 802.1q as the VLAN trunking/tag protocol if you're doing a VLAN trunk between the switches. The native/default VLAN on both switch ports has to be the same VLAN. If it's not a VLAN trunk, then you can just use a cross over cable between the two. I don't think link-aggregation (cisco fast etherchannel, nortels mlt) for combining more then 1 link into one shared pipe will work using the vendors propiertary protocols. Newer versions of the cisco code and nortel code I believe both support LACP for this so it should be fine on current releases. This may be for higher speed connections though. I have a project where I need to connect a Nortel Passport 8600 to two Cisco 6500. What would be the best way to make connection? __ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69847t=69798 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Policy Routing on the 3550? [7:64074]
route-map isn't listed as a command in the
documentation so it's probably something from full IOS
that isn't supported. They may add support in the
future.
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12112cea/3550scg/swuncli.htm#xtocid24
Unsupported route map commands on 3550 (latest code):
match route-type {level-1 | level-2}
set as-path {tag | prepend as-path-string}
set automatic-tag
set dampening
set ip destination ip-address mask
set ip next-hop
set ip precedence value
set ip qos-group
set metric-type internal
set metric-type internal
set tag tag-value
--- W. Alan Robertson
wrote:
Howdy folks...
I need to set the next hop on a 3550 (with the EMI
Image) based on the
protocol type. We've got a number of transparent
proxy servers, each
one handling a different type of traffic (One for
HTTP... One for
SMTP... Etc.).
No problem, right? Wrong.
Merrily, I configured my access-lists to identify
the various traffic
types. I then created the route-map statements to
set ip next-hop for
each of the types of traffic. I then went to my
vlan interface to
apply the route-maps, but lo and behold, no ip
policy command.
How can I apply the route-maps to my interface?
Is there another way to accomplish this?
Thanks,
Alan
__
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64137t=64074
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Any Suggestions? [7:63598]
Edwin, Here's the Cisco URL explaining this and how to troubleshoot. Probably a software bug/issue of some sort. What version of code are you running? http://www.cisco.com/warp/public/122/crashes_segv.html Erick --- Edwin Gonzalez wrote: By the way I did reload the router and it fix it temporarily and it came back again. Edwin Gonzalez wrote in message For some reason this router keeps getting this error when I do a show version; System returned to ROM by error - a SegV exception, PC 0x801B32F8 Does any one know what is causing this? I looked it up (CCO) and I did not find anything so we ended up opening up case with cisco. __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63610t=63598 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does MLS (Layer 3 switching) require VLANs? YES [7:63147]
comments inline. --- Jens Neelsen wrote: Hi, a layer3 switch (e.g.3550-EMI) does not have layer3 interfaces. All interfaces (Fastethernet and GigabitEthernet) are layer2 interfaces. They can not have IP addresses. On the 3550, you can have IP addresses on the actual interface if you do a 'no switchport' command thus making it not a switch port. The VLANs are the (virtual) interfaces to the routing engine (=layer3 switch). You can group ports together in the same VLAN by making them in the same access VLAN with the switchport command. Then you can optionally create a SVI for the VLANs you want to route on this switch. It's akin to a BVI on the routers. I don't know why they call it a SVI - just more acronyms. A switch is a multiport bridge. And same for fallback-bridging which is regular bridge commands that have been used on routers for a long time. Layer2 interfaces are grouped into different VLANs and the Layer3 switch (=Router) enables the communications between these VLANs. A Router has to have different IP subnets on each interface. Because the VLANs are the interfaces to the router, you need different subnets on each VLAN. See above. With secondary IP adresses you can have more than one IP subnet on a VLAN. But as with router interfaces the subnets of the VLANs cannot overlap. A 5000 switch with RSM works in the same way. This is covered in the Cisco BCMSN training course. With kind regards Jens Neelsen --- Stephen Hoover wrote: Say for instance I have 2 hosts on the same layer 3 switch, but the two hosts are on 2 different IP subnets (No VLANs are defined). That's not possible! if you are talking about 2 IP subnet, than: - actually it is by doing secondaries, but i would highly recommend doing vlans if possible. keep it clean and simple. Vicki, You mention the use of secondary IP's. On a L3 switch (a switch with the router engine in it) is it not possible to define Ethernet sub interfaces instead of using secondary IPs - without VLANs defined? I'm sorry to be so thick, I'm just not getting it. If a L3 switch (with a routing module/engine in it) is essentially a wire speed router, then the VLAN just seems like an additional identifier on top of the L3 address - and doesn't really serve any purpose. In my previous example, 2 hosts on the same L3 switch, but on 2 different IP subnets - wouldn't a defined Ethernet subinterface be each clients respective gateway, and thus normal L3 routing would occur, just at switch speeds Thanks again! Stephen Hoover Dallas, Texas [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63197t=63147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Switch VoIP Commands - differences? [7:63128]
Offhand (without research and verification), I would say the native VLAN wouldn't have the 802.1p info since the native VLAN is not tagged at all. Correct me if I'm wrong. This is an area I need to look into... I had a similar issue last week with a 6509 to 3600 router 1q trunk where LLQ wasn't matching packets based on ip precedence and dscp coming from 6509. Something with the cos mappings I'm sure but just haven't had the time to look into it deeply yet. HTH, erick --- The Long and Winding Road wrote: Been working on a 3550 practice lab. A particular instruction is as follows: Configure FastEthernet 0/2 to support a Cisco 7960 IP phone using 802.1P priority tagged frames. Use the default native vlan to carry all traffic on this port. Trust ingress packet COS values. The book solution is as follows: switchport access vlan 20 ( from a previous instruction ) switchport mode access ( to make this port unconditionally an access port ) switchport voice vlan dot1p ( THIS IS PART OF THE QUESTION ) no ip address ( garbage left over ) mls qos trust cos ( THIS IS PART OF THE QUESTION ) spanning-tree portfast ( from a previous instruction ) My solution was as follows: switchport access vlan 20 switchport voice vlan 1 ( native vlan? maybe not because of the static vlan assignment? ) switchport priority extend trust ( MY QUESTION ) no ip address spanning-tree portfast My questions are: 1) what are the differences between the mls qos trust cos command and the switchport priority extend trust command? 2) what does the switchport voice vlan dot1p do as opposed to the switchport voice vlan 1 ? Am I seeing that only one vlan is being assigned for both the phone and the PC to share? therefore configuration to specifically take note of dot1p frames from the telephone? I have read the command reference for all commands in question. There appears to be a subtlety I am missing, no doubt due to lack of hands on with voice implementations. Thanks. __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63199t=63128 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ping ethernet interface with datagram over 1500 [7:63085]
The ATM connection (provider) is probably limiting payload size to 1500. They may doing some form of traffic policing - common these days. Ethernet LAN MTU is 1500 so there really isn't a need to send greater than that across ATM in this case. --- Sean Kim wrote: Hello, My company has this 3rd party connection through ATM. The ATM TA has an ethernet outlet which is and connected to our core router. Our parner company is connected with anATM module on their router. Recently, I was told by our partner company that they were running ping test and they could not ping my ethernet interface (on the core router) with datagram over 1500 byte. From both the router itself and my workstation, I pinged my own interface with 1600 byte, and I was able to ping it. But when I pinged my partner company's interface with 1600 byte, it failed. In general it seems that pinging from other nodes, there is no problem, but sitting on the routers itself, pinging the other routers interface with the datagram size of over 1500 is failing. There isn't any problem with connection of performance. But I am very curious about why this is happening. Does anybody have any idea why this would happen? Or can anybody give me a clue as to how to approach this problem? Thank you in advance. Sean Kim [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63089t=63085 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ping ethernet interface with datagram over 150 [7:63085]
Try this ping from the nodes: ping -f -l 1600 node-on-other-side-of-ATM If this doesn't ping, then the ATM connection is only letting 1500 through. The Ethernet router interface is fragmenting packets to 1500 bytes (1600 packet becomes 2 packets) from the nodes. When doing a ping from the router, if using ATM interface as source then it is going across ATM as 1600 bytes. --- Sean Kim wrote: Hello Erick, If that's the case, than wouldn't I have problem pinging any nodes (with over 1500 byte datagram) across the ATM link? But I do not have pinging any other nodes. It only happens, when I am sitting on my router pinging the other router's interface and vice-versa... Sean Erick B. wrote: The ATM connection (provider) is probably limiting payload size to 1500. They may doing some form of traffic policing - common these days. Ethernet LAN MTU is 1500 so there really isn't a need to send greater than that across ATM in this case. --- Sean Kim wrote: Hello, My company has this 3rd party connection through ATM. The ATM TA has an ethernet outlet which is and connected to our core router. Our parner company is connected with anATM module on their router. Recently, I was told by our partner company that they were running ping test and they could not ping my ethernet interface (on the core router) with datagram over 1500 byte. From both the router itself and my workstation, I pinged my own interface with 1600 byte, and I was able to ping it. But when I pinged my partner company's interface with 1600 byte, it failed. In general it seems that pinging from other nodes, there is no problem, but sitting on the routers itself, pinging the other routers interface with the datagram size of over 1500 is failing. There isn't any problem with connection of performance. But I am very curious about why this is happening. Does anybody have any idea why this would happen? Or can anybody give me a clue as to how to approach this problem? Thank you in advance. Sean Kim [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63101t=63085 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router boot up time [7:61848]
no service config --- Chris Penrose wrote: I have a router that takes about 10 minutes to start up, I can see that it is sending out a broadcast http://255.255.255.255/adsl-config.txt trying to find a tftp server and load a configuration file which I don't need, how do I switch this off :-/ Chris [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61898t=61848 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: UDP port 1434 [7:61891]
comments inline... Anyone have a link to a good technical document about the worm? Thanks, Priscilla Below is from bugtraq: SQL Sapphire Worm Analysis Release Date: 1/25/03 Severity: High Systems Affected: Microsoft SQL Server 2000 pre SP 2 Description: Late Friday, January 24, 2003 we became aware of a new SQL worm spreading quickly across various networks around the world. The worm is spreading using a buffer overflow to exploit a flaw in Microsoft SQL Server 2000. The SQL 2000 server flaw was discovered in July, 2002 by Next Generation Security Software Ltd. The buffer overflow exists because of the way SQL improperly handles data sent to its Microsoft SQL Monitor port. Attackers leveraging this vulnerability will be executing their code as SYSTEM, since Microsoft SQL Server 2000 runs with SYSTEM privileges. The worm works by generating pseudo-random IP addresses to try to infect with its payload. The worm payload does not contain any additional malicious content (in the form of backdoors etc.); however, because of the nature of the worm and the speed at which it attempts to re-infect systems, it can potentially create a denial-of-service attack against infected networks. We have been able to verify that multiple points of connectivity on the Internet have been bogged down since 9pm Pacific Standard Time. It should be noted that this worm is not the same as an earlier SQL worm that used the SA/nopassword SQL vulnerability as its spread vector. This is a new worm is more devastating as it is taking advantage of a software-specific flaw rather than a configuration error. We have already had many reports of smaller networks brought down due to the flood of data from the Sapphire Worm trying to re- infect new systems. Corrective Action We recommend that people immediately firewall SQL service ports at all of their gateways. The worm uses only UDP port 1434 (SQL Monitor Port) to spread itself to a new system; however, it is safe practice to filter all SQL traffic at all gateways. The following is a list of SQL server ports: ms-sql-s 1433/tcp #Microsoft-SQL-Server ms-sql-s 1433/udp #Microsoft-SQL-Server ms-sql-m 1434/tcp #Microsoft-SQL-Monitor ms-sql-m 1434/udp #Microsoft-SQL-Monitor Once again this worm is taking advantage of a known vulnerability that has had a patch available for many months. Microsoft has also released a recent service pack for SQL (Service Pack 3) that includes a fix for this vulnerability. Standalone patch: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-039.asp SQL 2000 Service Pack 3: http://www.microsoft.com/sql/downloads/2000/sp3.asp Previous SQL Service Pack versions are vulnerable. Technical Description The following is a quick run-down of what the worm's payload is doing after infection: 1. Retrieves the address of GetProcAddress and Loadlibrary from the IAT in sqlsort.dll. It snags the necessary library base addresses and function entry points as needed. 2. Calls gettickcount, and uses returned count as a pseudo-random seed 3. Creates a UDP socket 4. Performs a simple pseudo random number generation formula using the returned gettickcount value to generate an IP Address that will later be used as the target. 5. Send worm payload in a SQL Server Resolution Service request to the pseudo random target address, on port 1434 (UDP). 6. Return back to formula and continue generating new pseudo random addresses. push42B0C9DCh ; [RET] sqlsort.dll - jmp esp mov eax, 1010101h ; Reconstruct session, after the overflow the payload buffer ; get's corrupted during program execution but before the ; payload is executed. . xor ecx, ecx mov cl, 18h FIXUP: pusheax loopFIXUP xor eax, 5010101h pusheax mov ebp, esp pushecx push6C6C642Eh push32336C65h push6E72656Bh ; kernel32 pushecx push746E756Fh ; GetTickCount push436B6369h push54746547h mov cx, 6C6Ch pushecx push642E3233h ; ws2_32.dll push5F327377h mov cx, 7465h pushecx push6B636F73h ; socket mov cx, 6F74h pushecx push646E6573h ; sendto mov esi, 42AE1018h ; IAT from sqlsort lea eax, [ebp-2Ch] ; (ws2_32.dll) pusheax calldword ptr [esi] ; call loadlibrary pusheax
RE: Loading IOS / OT Now [7:61413]
I use bnfs95 still but it was always an unsupported tool. Not aware of anything for 3com NetBuilders though. Old NB's had a floppy drive. Another cool BayRS tool is the PCAP tool to do captures right on the router. I like BayRS. --- Andrew Larkins wrote: I know that there was a utility a long time ago (in a galaxy far far away!!) for Nortel / Bay that worked great with win 95. Who still uses that :) -Original Message- From: Larkin, Richard [mailto:[EMAIL PROTECTED]] Sent: 21 January 2003 02:13 To: [EMAIL PROTECTED] Subject: RE: Loading IOS [7:61413] I recall years ago that 3Com had a utility that allowed you to place the card in your laptop, reformat the filesystem, then copy the image to it. If there is there a similar utility for Cisco, I'd be interested to know. Rik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 21 January 2003 5:54 AM To: [EMAIL PROTECTED] Subject: Loading IOS [7:61413] I am curious to know if it is possible to load 3660 IOS code to a PCMCIA card on a 3640 if all I am wanting to do is get the IOS on the flash card. I am not trying to load the 3640 router with the 3660 IOS. I am just in need of getting this IOS for a 3660 on a flash card but I dont have a 3660 at my present location so I thought about using my 3640. Thanks, Mario __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61540t=61413 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RX port buffers on cat4000's [7:61248]
* In-Lost - Packets which could not be received since the input buffers are full. Reason: Excessive input rate of traffic. * Delay Exceed - This is an indication of the number of frames discarded because of excessive delay in the switching process. Reason/Cause: Severe problem with the switch. Open a case with the Cisco TAC I'm guessing the PIX connection has lots of traffic (probably constant). maybe some sort of attack was going on at this time. Might be a combination of devices attached to that blade. There is no buffer adjustments I know of. Also the sup2 on 4006 does 18 Mpps , whereas a sup3/sup4 can do 48 Mpps. --- Vicuna, Mark wrote: Hi All, Just wondering if anyone has figures for the size of rx buffers for cat 4000 ports? Had a issue today where a port was connected to a pix 535 manually set at half/100 (yep you read right), the switch port was at auto/auto. The rate of In-Lost (rx buffer filling up) errors was on average 5 per minute (among all the other errors of course). I have seen In-Lost and delay-exceeds rise up for mis-settings to servers, but the pix connection was showing some pretty fast counter stats Hard to find these small details sometimes in doco.. maybe anyone here from cisco can advise? the mod on the 4006 is a ws-x4424-gb-rj45 (hw 1.5) with a supII (hw 3.2, gsp 7.1(2.0), nmp 7.1(2)) Cheers, M [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61251t=61248 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: frame relay stumper [7:60567]
Sounds like a possible carrier frame-relay switch mapping mishap. Maybe they added/changed some DLCIs to their switches and mucked up your PVC/DLCI mappings. Do you see CDP neighbor info over this DLCI (sub-interface) if CDP is enabled? That would indicate broadcast traffic is getting across the PVC end to end. Another idea would to clear the counters and do a ping test and see if other site PVC stats saw a increase in input packets relative to amount of ping traffic. Get on the horn with the carrier and have them verify the PVC mapping end to end, and verify the DLCI #s they have in their switches are the ones you are using still. Stay on the phone when they do this. Also, they may pass it off to some other intermediate carrier who has it messed up. The carrier can also monitor the PVC/DLCI traffic while you do some ping, data tests -- see if they see traffic being sent and received. Do a large 1500 byte ping for like a count of 200 just to get some data flowing while they look at it. If you have newer IOS, (12.03T and higher) you can try the Frame Relay End to End Keepalive (FREEK) feature too. This will force the DLCI/pvc down and sub-interface down if the keepalive packets aren't seen at other site. This probably isn't going to get you much but might show the smallish FREEK packet is getting across. Just another test similar to CDP packet test. HTH, Erick --- Mossburg, Geoff (MAN-Corporate) wrote: How's this for nutty: We have a frame-relay point-to-point circuit going between our Cisco 7500 core router and a 2500 remote router, and the subinterfaces have IP addys of .1 and .2, respectively. Both sides' subinterfaces are up/up, but I am not able to ping either IP address, even when I am on the host router for each address! Both sides have other working subinterfaces which I have tested similarly, and these use the same physical circuit, so I know the circuit is good. OH... and this connection WAS working at some point, but I can't tell when it stopped working, due to the fact that neither router recognizes that there is a problem. I tried bouncing both subinterfaces and reloading the 2500, but the problem remains. Any advice about what I may be overlooking would be a Godsend. Thanks! GM [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60581t=60567 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: User Privilege Level [7:60469]
Dave, Priv. level 1 gives you basic show commands, etc. level 15 is full access like you mentioned. levels 2-14 don't have any special commands , but you re-assign commands to these levels for different users for example. Theres also a priv level 0 which gives you close to no commands on router IOS and you need to reduce the level 1 (default level) to 0 if you make the priv level 0 for line vty for example. I'm not sure if you can go to 0 on the switches. When you say reset ports, do you mean clean counters or shut/no shut the port? the latter would be config access. What type of switch is this and version of code? Awhile back when I was doing this for a client there was a minor bug with the priv commands and config mode for setting speed and duplex where the commands weren't saved properly. haven't checked that in quite awhile though. Erick --- Williams, Dave wrote: I've been searching CCO most of the afternoon and can't seem to find the correct URL. I'm looking for a way to allow a technician to reset ports on a switch and look at interface stats, but not allow configuration access. For example, I know that user level 15 is the same as having the enable password and user level 1 is the same as a generic user, but I don't know what the other levels do for me. Thanks in advance for your help. Dave Williams Senior Network Engineer (402) 661-2143 [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60479t=60469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Two networks? [7:60414]
Comments inline... --- The Long and Winding Road wrote: Waleed Sami wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... My client, a telco., has two network logically and physically seperated. One that handle the business aspect of the operation: Customer services, billing...etc) and the other handles internet access, mail, office automationetc. The question is should they integrate the two networks in one? cost is not an issue here. Security is a major issue. The main direction for my client is to keep the situation as is: is this the right decision? What does the written security policy state? I would be very surprised that a telco did not have a detailed security policy, not to mention detailed acceptable use policies, employee handbooks, etc :- Also, there are probably some government regulations (FCC, etc) that come into play. Do your research... My own opinion - there is absolutely no need to integrate the two. There are too many bad things that could result, including compromise of customer information and perhaps even compromise of the phone network itself. The only good thing I can think would happen is that things might become easier for a few data network support people. HTH __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60482t=60414 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem regarding naming of port numbers [7:59276]
Agreed. They do have a way to map additional ports to the pre-defined services though. So for telnet for example you can add port 233, 2333, etc so when you specify 'telnet' in an ACL (or similar list) it matches port 23, 233, and 2333. Whats weird is I was looking at this yesterday, and for some ACL stuff the keyword is http and for other stuff it is www. I'm sure theres other keywords that mean the same as others but thats the one I noticed. Then again i don't port-map matches up to all the ACL keywords, I think it matches up against some other security features. I've used it for telnet in ACLs though with no problems in past. I guess consistency with port #s and service names would be a good thing. Maybe it would be nice if they didn't hardcode these in IOS but referenced a services file on the flash that could be editable like in most OS's. I think this may happen... it seems they are starting to clean up IOS and get rid of old protocols and modularize stuff so it uses similar syntax. MQC for example. --- Priscilla Oppenheimer wrote: You're assuming IOS is a modern operating system or something akin to a data dictionary or programming language. It's not. :-) If the IOS engineers include keywords in the command line interface, then you can use them. If they don't, you can't. Your idea sounds like a good one though. You could suggest it to Cisco, but I don't think they could easily accomdate such a change in philosophy. Priscilla Munit Singla wrote: Hi , There default ports given in the IOS .We can use both to refer those ports by names as well as port numbers .Can we customize it and to the defaut list ports by names not by numbers. or I want to use it use customized ports used for my applications by names in my access list. Is there any command to create customized ports by Name. See what my problem is when we make an extended access lists we can define source and destination ports.there is standard list of ports there to be used in access list that we can use by number or name.If we want to customize the port according to our default application we can add that port by number only.Is there a way to refer those ports by names in my access list.and can we add these customized TCP/UDP ports in the default list which is displayed, so that we can refer it when ever we like in our access-lists by name. Example: access-list 100 permit tcp any any eq Nortonvirus Here Nortonvirus keyword should refer to the port 5000. and this name and port mapping should get added to the default list so that i can refer later.here I am assuming nortons application is using port number 5000. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59341t=59276 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PPP events [7:58462]
Wolfgang, Are these cisco routers on both sides ? do you have control of both or not? It appears as this is an async connection on this end (modem). We get a input packet with CONFREJ (reject) but it appears to get further later and rejects on IPCP. Then theres a protocol reject (PROTREJ) inbound. Once sides has a MRU of 2048 and other has MRU of 1524. I've seen some PPP connections have problems with mismatched MRUs. Need to know more about the configs on both sides, and possibly get debugs from both sides if possible. erick --- wolfgang klages wrote: Hi Erick, thanks for the feedback. The debug output is below... May 29 21:30:39.033 UTC: As132 LCP: I CONFREQ [Closed] id 41 len 24 May 29 21:30:39.033 UTC: As132 LCP:MRU 2048 (0x01040800) May 29 21:30:39.033 UTC: As132 LCP:ACCM 0x000A (0x0206000A) May 29 21:30:39.033 UTC: As132 LCP:PFC (0x0702) May 29 21:30:39.033 UTC: As132 LCP:ACFC (0x0802) May 29 21:30:39.033 UTC: As132 LCP:MagicNumber 0xA3266B61 (0x0506A3266B61) May 29 21:30:39.037 UTC: As132 LCP: Lower layer not up, Fast Starting May 29 21:30:39.037 UTC: As132 PPP: Treating connection as a dedicated line May 29 21:30:39.037 UTC: As132 PPP: Phase is ESTABLISHING, Active Open May 29 21:30:39.037 UTC: As132 AAA/AUTHOR/FSM: (0): LCP succeeds trivially May 29 21:30:39.037 UTC: As132 LCP: O CONFREQ [Closed] id 1 len 44 May 29 21:30:39.037 UTC: As132 LCP:ACCM 0x000A (0x0206000A) May 29 21:30:39.037 UTC: As132 LCP:AuthProto PAP (0x0304C023) May 29 21:30:39.037 UTC: As132 LCP:MagicNumber 0xB1DD6D13 (0x0506B1DD6D13) May 29 21:30:39.037 UTC: As132 LCP:PFC (0x0702) May 29 21:30:39.037 UTC: As132 LCP:ACFC (0x0802) May 29 21:30:39.037 UTC: As132 LCP:MRRU 1524 (0x110405F4) May 29 21:30:39.037 UTC: As132 LCP:EndpointDisc 1 Local (0x1310015741502D4D5 54C54494C494E4B) May 29 21:30:39.037 UTC: As132 LCP: O CONFACK [REQsent] id 41 len 24 May 29 21:30:39.037 UTC: As132 LCP:MRU 2048 (0x01040800) May 29 21:30:39.037 UTC: As132 LCP:ACCM 0x000A (0x0206000A) May 29 21:30:39.037 UTC: As132 LCP:PFC (0x0702) May 29 21:30:39.037 UTC: As132 LCP:ACFC (0x0802) May 29 21:30:39.037 UTC: As132 LCP:MagicNumber 0xA3266B61 (0x0506A3266B61) May 29 21:30:39.785 UTC: As132 LCP: I CONFREJ [ACKsent] id 1 len 24 May 29 21:30:39.785 UTC: As132 LCP:MRRU 1524 (0x110405F4) May 29 21:30:39.785 UTC: As132 LCP:EndpointDisc 1 Local (0x1310015741502D4D5 54C54494C494E4B) May 29 21:30:39.789 UTC: As132 LCP: O CONFREQ [ACKsent] id 2 len 24 May 29 21:30:39.789 UTC: As132 LCP:ACCM 0x000A (0x0206000A) May 29 21:30:39.789 UTC: As132 LCP:AuthProto PAP (0x0304C023) May 29 21:30:39.789 UTC: As132 LCP:MagicNumber 0xB1DD6D13 (0x0506B1DD6D13) May 29 21:30:39.789 UTC: As132 LCP:PFC (0x0702) May 29 21:30:39.789 UTC: As132 LCP:ACFC (0x0802) May 29 21:30:40.525 UTC: As132 LCP: I CONFACK [ACKsent] id 2 len 24 May 29 21:30:40.525 UTC: As132 LCP:ACCM 0x000A (0x0206000A) May 29 21:30:40.525 UTC: As132 LCP:AuthProto PAP (0x0304C023) May 29 21:30:40.525 UTC: As132 LCP:MagicNumber 0xB1DD6D13 (0x0506B1DD6D13) May 29 21:30:40.525 UTC: As132 LCP:PFC (0x0702) May 29 21:30:40.525 UTC: As132 LCP:ACFC (0x0802) May 29 21:30:40.525 UTC: As132 LCP: State is Open May 29 21:30:40.525 UTC: As132 PPP: Phase is AUTHENTICATING, by this end May 29 21:30:40.541 UTC: As132 PAP: I AUTH-REQ id 1 len 17 from ciscowap May 29 21:30:40.541 UTC: As132 PPP: Phase is FORWARDING May 29 21:30:40.541 UTC: As132 PPP: Phase is AUTHENTICATING May 29 21:30:40.541 UTC: As132 PAP: Authenticating peer ciscowap May 29 21:30:40.541 UTC: AAA: parse name=Async132 idb type=10 tty=132 May 29 21:30:40.541 UTC: AAA: name=Async132 flags=0x11 type=4 shelf=0 slot=0 ada pter=0 port=132 channel=0 May 29 21:30:40.541 UTC: AAA: parse name=Serial0:0 idb type=13 tty=-1 May 29 21:30:40.541 UTC: AAA: name=Serial0:0 flags=0x51 type=1 shelf=0 slot=0 ad apter=0 port=0 channel=0 May 29 21:30:40.541 UTC: AAA/MEMORY: create_user (0x625F47BC) user='ciscowap' ru ser='' port='Async132' rem_addr='07714226291/01212757990' authen_type=PAP servic e=PPP priv=1 May 29 21:30:40.541 UTC: AAA/AUTHEN/START (2546412185): port='Async132' list='IS DN' action=LOGIN service=PPP May 29 21:30:40.541 UTC: AAA/AUTHEN/START (2546412185): found list ISDN May 29 21:30:40.541 UTC: AAA/AUTHEN/START (2546412185): Method=LOCAL May 29 21:30:40.541 UTC: AAA/AUTHEN (2546412185): status = PASS May 29 21:30:40.541 UTC: As132 AAA/AUTHOR/LCP: Authorize LCP May 29 21:30:40.541 UTC: As132 AAA/AUTHOR/LCP (3166493837): Port='Async132' list ='' service=NET May 29 21:30:40.541 UTC: AAA/AUTHOR/LCP: As132 (3166493837) user='ciscowap' May 29 21:30:40.541 UTC: As132 AAA/AUTHOR/LCP (3166493837): send AV service=ppp May 29 21:30:40.541 UTC: As132 AAA/AUTHOR/LCP (3166493837): send AV protocol
RE: is there anyone migrating isdn backup to dsl backup [7:58598]
I would second Chuck on this. I have seen some folk with DSL backup when the backup didn't work. Always was something with the provider. If you go this route, make sure to test/use the DSL connection on a weekly or bi-weekly basis. Same could be said for ISDN though. I guess it all depends on how good your provider is :) My home DSL connection has been a roller coaster ride as well. --- Mirza, Timur wrote: thx for the heads up...we are researching dsl as a backup solution...we have 1500 sites on isdn backup we have tons of isdn telco issues -Original Message- From: The Long and Winding Road [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 04, 2002 12:47 PM To: [EMAIL PROTECTED] Subject: Re: is there anyone migrating isdn backup to dsl backup [7:58568] Mirza, Timur wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... we are looking to migrate isdn backup at our retail stores to dsl...is there anyone that has performed this already? CL: having done a number of data networks that were DSL based ( but none migrating ISDN to DSL ) I can offer this consideration: if a DSL link goes down for whatever reason, it may take more than a couple of days for your telco to get it back up and working. You will want to have some solid service level agreements in place. DSL on the whole is extremely reliable. The problem tends to be during those rare instances when it is down for whatever reason, some telcos seem to have DSL repair low on their priority list. CL: other than that caviat, why not? Timur Mirza Principal Network Engineer Network Planning Engineering, West Region 15505-B Sand Canyon Avenue Irvine, California 92618 Verizon Wireless 949.286.6623 (o) 949.697.7964 (c) [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58598t=58598 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PPP events [7:58462]
Perhaps the router isn't seeing the CONFREQ from the other router so is sending it's own. I've seen this kind of activity when troubleshooting PPP problems. Could be a line issue of some sort, code issue, misconfiguration perhaps, etc. What type of connection is this (Point to point, ISDN, etc)? You're best bet would be to post the debug output here from both routers (debug ppp nego). Set the timestamp to datetime format also (service timestamp debug datetime msec). HTH, Erick --- wolfgang klages wrote: Group, Couple of PPP questions... [1] I'm looking at the debug output of a PPP negotiation on a Cisco router. The router receives a CONFREQ in the 'Closed' state. RFC1661 specifies that the router should reply with a Terminate-Ack. However, the router replies with a CONFREQ of its own. The router then moves from the 'Closed' state to the 'REQsent' state. Hard to believe but could it be that the router is not behaving according to RFC1661. [2] In this same debug output, I see the router receive a 'FORCED CONFREQ'. This message is not in RFC1661. Is this something internal only to Cisco routers? If so, what is its purpose? __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58529t=58462 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ntp packets modes [7:58359]
From RFC 1305. 0 - unspecified 1 - symmetric active 2 - symmetric passive 3 - client 4 - server 5 - broadcast 6 - reserved for NTP control message 7 - reserved for private use Symmetric Active (1): A host operating in this mode sends periodic messages regardless of the reachability state or stratum of its peer. By operating in this mode the host announces its willingness to synchronize and be synchronized by the peer. Symmetric Passive (2): This type of association is ordinarily created upon arrival of a message from a peer operating in the symmetric active mode and persists only as long as the peer is reachable and operating at a stratum level less than or equal to the host; otherwise, the association is dissolved. However, the association will always persist until at least one message has been sent in reply. By operating in this mode the host announces its willingness to synchronize and be synchronized by the peer. --- John Tafasi wrote: the debug ntp packets command shows packets sent and received with different modes. What are these modes? can some one explain? R5-2503# Mar 6 02:42:08.879: NTP: rcv packet from 10.10.10.1 to 10.10.10.2 on BRI0: Mar 6 02:42:08.883: leap 0, mode 2, version 3, stratum 8, ppoll 64 Mar 6 02:42:08.887: rtdel (0.000), rtdsp 0009 (0.137), refid 7F7F0701 (12 7.127.7.1) Mar 6 02:42:08.891: ref AF428DF1.DDC96254 (02:41:53.866 UTC Sat Mar 6 1993) Mar 6 02:42:08.891: org AF428DCF.F7F245A8 (02:41:19.968 UTC Sat Mar 6 1993) Mar 6 02:42:08.895: rec AF428DCF.FC06E685 (02:41:19.984 UTC Sat Mar 6 1993) Mar 6 02:42:08.899: xmt AF428E00.DDC524C4 (02:42:08.866 UTC Sat Mar 6 1993) Mar 6 02:42:08.903: inp AF428E00.E1C1EE1B (02:42:08.881 UTC Sat Mar 6 1993) R5-2503# Mar 6 02:42:23.966: NTP: xmit packet to 10.10.10.1: Mar 6 02:42:23.970: leap 0, mode 1, version 3, stratum 8, ppoll 1024 Mar 6 02:42:23.970: rtdel (0.000), rtdsp 000B (0.168), refid 7F7F0701 (12 7.127.7.1) Mar 6 02:42:23.974: ref AF428DEF.F7D4D2C0 (02:41:51.968 UTC Sat Mar 6 1993) Mar 6 02:42:23.978: org AF428E00.DDC524C4 (02:42:08.866 UTC Sat Mar 6 1993) Mar 6 02:42:23.982: rec AF428E00.E1C1EE1B (02:42:08.881 UTC Sat Mar 6 1993) Mar 6 02:42:23.986: xmt AF428E0F.F7B05F8D (02:42:23.967 UTC Sat Mar 6 1993) R5-2503# __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58360t=58359 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cat 6500 (Redundancy (SRM) vs (Dual MSFC Redundancy) [7:58312]
Comments inline... --- Eric W wrote: Dear Cisco Fans and Professionals, I need some friendly advice. There are different opinions about Cat6500(High availibility with Single Router Mode) and (High availibility with Dual MSFC Redundancy) Imagine you had 3 Cat65007s with Dual MSFC1 and Dual Supervisor1A. That is 6 MSFC's and 6 Supervisor engines. You have over 1500 users to support with 30VLANs that need interconnecting routing via EIGRP. Some user applications are sensitive to packet loss. You have to provide minimium downtime in the case of MSFC failer or Supervisor failer. Question 1. Which would you implement (High availibility with Single router mode) or (High availibility with Dual MSFC Redundancy) and why? I would use SRM. From my experience the downtime (if any) is very minimal while it switches over to the redundant MSFC. The forwarding tables are downloaded to the sup so when primary fails routing will still occur and after the redundant comes up and is online for 2 minutes (default) the new tables will be downloaded and become active. The 2 minute (120 sec) timer is adjustable in newer code (7.1.1 I believe) incse it takes longer than 2 mins for your network/routing to finish converging on a failover. The other HA MSFC redundant option (config-sync) is ok and works, but has limitations with some protocols. Plus you have all the alt stuff to deal with, extra IP address usage, extra neighbor adjancies, etc. It doesn't take much time to change between the 2 (SRM and config-sync) so you could see which you like better if you have a lab or flexible environment to work in. Average cutover time per box is 3-4 minutes if things go smoothly and I've done the conversion live without taking a hit. Question 2. Is was brought to my attention that running dual MSFC redundancy with a high number of VLANS would cause the EIGRP process to run very high. As you know EIGRP is a very noisy protocol. Query storms.. Implementing EIGRP passive interface on all VLAN interfaces except the management VLAN would help the EIGRP process to run low. Are query storms an issue to worry about even after the passive interface is issued on client/user VLANS? With newer versions of IOS you can include the network mask with the network statement under EIGRP so only those networks (interfaces) are in EIGRP. You could also use the EIGRP stub feature to reduce the querys. Regards, Eric Washington Network Engineer CCNP Thanks in advance for your input Cisco Professionals __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58312t=58312 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Little OT: Variation on SRM vs. Config Sync [7:58317]
Scott, Normal HSRP rules would be in effect in this scenario I would say (haven't done this yet). If the failed unit had a higher HSRP priority and was configured to preempt then when it came back online it would become active HSRP router. --- s vermill wrote: This is very closely related to another active thread but thought I should probably start another. I know better than to post on a Friday and expect much of an answer, but I could really use some insight on this one... I recently was looking at a network about to roll into production. It's a classic collapsed core design with redundant dist/core 6509s. I noticed that SRM was configured on each 6509. I also noticed that there was an HSRP instance per VLAN configured between the two chassis. So, in the event of an MSFC failure, assuming the failed MSFC was the active HSRP router for a given VLAN or group of VLANs, I guess the other chassis' designated MSFC would start picking up outbound traffic (normal HSRP stuff). In the mean time, the SRM process would be taking place on the chassis where the designated MSFC had failed. At what point, if at all, would the outbound traffic shift back to the chassis with the failed MSFC (assuming of course that the non-designated MSFC had successfully come online)? Is it a simple matter of whether or not preemt is configured? Or, would the switch to the other chassis ever even take place? Could it be that the non-designated MSFC would come online and immediately take over as the active HSRP router? That seems possible too. Maybe it comes down to how you set all the relevant timers? I couldn't find any example on CCO where SRM and HSRP were used together. In every case, SRM was used or HSRP was used with config sync. Never both together. Any thoughts? Any experience? It isn't an option at the moment to do too much experimenting. Besides, I'm not sure exactly how I would simulate a true MSFC failure to see what happens. Any thoughts there would also be appreciated. Thanks all... Scott __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58318t=58317 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF ABR question [7:57990]
Consider the following topology: area_0---ABR_1area_1-ABR_2area_0 There are two area 0's. Use a virtual link to connect the area 0s. __ Do you Yahoo!? Yahoo! Mail Plus ^V Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58022t=57990 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Connecting Bay Router with Cisco Router (Back-to-Back) [7:58084]
Your going to have to have CSUs between the routers most likely w/crossover between the CSUs. Back-to-back with Nortels requires internal clocking be set on both sides (this is w/v.35 cables). cisco's work fine w/internal on 1 side. Friends of mine tried several custom v.35 dte/dce crossovers with no luck. If you have internal CSUs in the routers (WIC-T1, MCT1, 56k CSU, etc) then that shouldn't be a problem since it's a CSU/DSU interface and you have standard 56 or T1 cable pinout to cross, depending on module type. You will need to run PPP between them; I have a doc on that if you need it. MPPP works. Nortel routers are rock solid IMHO. Might not be as feature rich but they rock for general routing stuff. Erick CCNP, NNCSE --- Daniel Cotts wrote: There used to be a writeup on this on the web. The URL now gives a 404. The short story IIRC was that there is a MTU mismatch due to the way that Cisco and Bay count packet size. One had to be changed to match the other. Also had to use PPP. This may not be true for newer Nortel gear. I've never tried it. -Original Message- From: Godswill Oletu [mailto:[EMAIL PROTECTED]] Sent: Monday, November 25, 2002 10:11 AM To: [EMAIL PROTECTED] Subject: Connecting Bay Router with Cisco Router (Back-to-Back) [7:58036] Hi group, Has anyone done this kind of connection before? Is it possible to connect a Cisco router and Bay(Nortel) Router together, back to back? Am thinking of doing this in my home Network. I have a couple of Bay Routers (Nortel) and I thought it will be great! simulating a WAN connection between them and my Cisco routers through the Serial interfaces and NOT THE ETHERNET INTERFACE. This I can do if both routers were Cisco by using a DTE/DCE cables. However, in this scenario which kind of cables are mine looking to buy, so that this Serial Interface-WAN connection would be done (OR HAS CISCO AND NORTEL NOT THOUGHT OF CO-EXISTING IN THIS FORMAT YET?) Your comment(s) however little would be appreciated. Thanks in advance. Godswill Oletu answer. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58084t=58084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2500 series DRAM ???? [7:57811]
binh, Heres my notes on 2500 memory... hopefully there should be some stickers or wording on the chips/pcb that help out finding out what you have. 2500 DRAM use ONLY: - 1x36 70ns(or faster) TIN SIMMS 4 meg - 4x36 70ns(or faster) TIN SIMM 16 meg PARITY, not Nx32. And they must be electronically 'single-sided'. Some simply don't work so shop/look around. --- Binh Ma wrote: Hi to all members, I have old 16mb DRAM modules and would like to reuse them on the 2500 series routers, but I'm a little unsure if the router will take it. Can someone clarify will me what type of DRAM will the 2500 series router take, non-parity or parity DRAM modules ?? And how can I tell if my 16mb DRAM modules are parity or non-parity type ?? Thank-you members, rgds, Binh Ma [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - Let the expert host your site http://webhosting.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57822t=57811 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cat 6 upgrade [7:57551]
I've been doing 6500 upgrades recently to and found out the same thing, but haven't been able to find a doc saying so. --- Patrick Donlon wrote: I eventually worked it out. It seems that you can't see a flash card on a RP on a 6000. I'd done a lot of testing with a loaned 6500 for upgrading from Cat OS Hybrid IOS and back again, just in case. On the 65 you can see the flash and so boot from it in rommon, which is great because I can leave my old images on the bootflash. On the 6000 though, no go, so I had to clear out my bootflash and hope that I didn't have to revert back and use all x modem etc. Strange thing was though that I have 4 identical 6Ks, 2 with Cat OS and the other 2 with native IOS, the Cat OS 6ks couldn't see the flash card in the RP but could with the SP, the IOS ones could see it no prob's. I couldn't find anything on the CCO about this, maybe it's not possible on the 65 to see the flash from the RP - I don't have one to test, but my documentation was (at least I thought it was before Sat') pretty comprehensive on the upgrade process. I know there are issues with the naming in the SP and RP and adding sup- to the device name. From you email it looks like you can, have you tried this running hybrid or only native? Cheers Pat MADMAN wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... What are you typing? Native6506#dir bootflash: Directory of bootflash:/ 1 -rw- 7110024 Mar 29 2002 12:48:52 c6msfc2-js-mz.121-4.E1 2 -rw- 1611604 Mar 29 2002 12:49:42 c6msfc2-boot-mz.121-4.E1 3 -rw- 528259 Mar 28 2002 07:19:26 DRACO2_RM2.srec.121-4r.E shows the bootflash of the MSFC or RP in this case. a dir slot0: will show the contents of the PCMCIA card in the SUP module: Native6506#dir slot0: Directory of slot0:/ 1 -rw-14780268 Oct 14 2002 10:36:19 c6sup12-js-mz.121-13.E.bin Dave Patrick Donlon wrote: Hi I'm upgrading a CAT6 from OS to IOS but I can't see my flash card in the route processor. I have another switch on CatOS and I can't see the flash either, any tips??? Cheers Pat -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Web Hosting - Let the expert host your site http://webhosting.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57660t=57551 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: isdn command [7:57571]
Does anyone else use this feature and have feedback on the different modes? I tend to run bidirectional mode. Also, with FREEK when the keepalives are missed FREEK will force the interface/subinterface down causing the backup or floating static to kick in. If your frame provider or PVC doesn't have A-bit support then one side could be down and the other side could be showing as up/up still. FREEK saves the day. --- Mike Martins wrote: It is an addition/feature to the backup interface command use a map-class under atm/fr or isdn Side A map-class *frame-relay etc* *name* frame-relay end-to-end keepalive mode reply Side B map-class *frame-relay etc* *name* frame-relay end-to-end keepalive mode request note -- Side B is the side that is using ISDN as a backup, this way frame-relay will inform when the interface is down Hope this helps. __ Do you Yahoo!? Yahoo! Web Hosting - Let the expert host your site http://webhosting.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57661t=57571 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: trunking over ethernet [7:57539]
dot1q on ethernet was added in IOS 12.0(1)T and the native keyword was added in 12.1(3)T. Before that, had to put the native VLAN cfg on the main/physical interface. --- Doug Oh wrote: On the 2611 platform, VLAN encapsulation is supported for Ethernet as of 12.1. Bridging on a subinterface is not supported until 12.2, however. __ Do you Yahoo!? Yahoo! Web Hosting - Let the expert host your site http://webhosting.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57552t=57539 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN PRI NailedUp [7:57555]
Hi, Starting in IOS 12.2(4)T they added a dialer persistent feature that does this (ignores the idle time basically). If you don't have that IOS or higher, you set the idle-time high and make sure theres some form of traffic that is considered interesting by the dialer-list defined so the idle time never expires. Also use the 'either' option on the dialer idle command so the idle timer gets reset for traffic in either direction. Erick --- Swapnil Jain wrote: Dear Cisco Pals, I have configured Cisco3661 with E1/PRI Balanced Network modules for dial in connection from remote users using ISDN TA from a windows PC. Everything is working fine. Now I have to convert the dialup to leasedline (I mean ISDN leased line or an ISDN nailed up connection). The TA at remote user supports nailed up isdn (Zyxel Omni net plus). What configuration changes I have to have at the 3661 side kindly let me know. The Telecom guys have nailed up the channels as required. I have searched cisco.com but could not find much on it. Anybody who have done it could help me more. -- Regards Swapnil Jain CNE,MCSE,CCNA,CCDA __ Do you Yahoo!? Yahoo! Web Hosting - Let the expert host your site http://webhosting.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57559t=57555 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: GLBP vs HSRP [7:57075]
I don't know if it is available in IOS yet. It's not listed on feature navigator and I've been looking to play with it but haven't seen it as a new feature in recent releases. --- HulaJoe wrote: Hi - Has anyone out there had a chance to put Gateway Load Balancing Protocol through its paces yet ? On paper, it looks like it addresses all of HSRP's shortcomings. Right now, we are running a symmetrical HSRP configuration for multiple VLANs shared across 6509s with MSFC-IIs. Deploying GLBP looks much more elegant. Are there any gotchas to be aware of ? Thanks in advance, Joe http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/glbpd_ds.htm Lead Network Engineer WAM!NET Government Services -Original Message- From: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com] Sent: Monday, November 04, 2002 5:11 AM To: [EMAIL PROTECTED] Subject: RE: HSRP VLAN Load Balancing [7:56689] Dale Kling wrote: Is there another way to do this? Don't know about easier, (haven't had a chance to play with this in the lab yet) but Cisco has recently announced Gateway Load Balancing Protocol, (GLBP) for balancing first-hop gateways. I found a quick white-paper on the topic. Hope it helps give you a quick idea about whether it will fill you needs. http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/glbpd_ds.htm --Wes [EMAIL PROTECTED] __ Do you Yahoo!? U2 on LAUNCH - Exclusive greatest hits videos http://launch.yahoo.com/u2 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57087t=57075 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2500 series routers all have S/T ISDN interface ?? [7:57093]
All the 2500 series router ISDN interaces are S/T I believe. Haven't ran into a U interface yet on a 2500. Need a NT1. --- Binh Ma wrote: Hi everybody, I recently bought an ISDN simulator with S/T interfaces. I would like to know if Cisco's 2500 series routers have S/T isdn interface (port). Thank you for your time. regards, Binh __ Do you Yahoo!? U2 on LAUNCH - Exclusive greatest hits videos http://launch.yahoo.com/u2 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57093t=57093 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF: setting tags on external routes [7:56408]
Hi, Route-maps and ACLs are the only way to set the tag for all routes, except when redistributing BGP into OSPF which isn't recommended. With that, the default tag would be comprised of the BGP AS_PATH but it can be over-riden with a route-map. Your idea is good though, maybe ask your Cisco SE to put in a feature request... --- bergenpeak wrote: I've got a number of different subnets on an OSPF ASBR that I would like to OSPF tag and advertise according to function. Assume these networks are directly connected to the ASBR and that a redistribute connected subnets is being used to make these subnets type 5 (type 7s in an NSSA). Besides route-maps and ACLs, is there another way to associate different OSPF tag values to each subnet? For instance, is there a way to say that all subnets on an interface (sub-interface) should be assigned OSPF tag value 42 and subnets on another interface are assigned OSPF tag value of 11? I'm looking for this to be an OSPF command at the interface level (again, so I can avoid route-maps and ACLs). Or, is it possible in the router OSPF section to do something like: redist connected network XYZ subnet metric-type 1 tag 42 redist connected network ABC subnet metric-type 1 tag 11 Thanks __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56425t=56408 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: summary-address and OSPF NSSA [7:56407]
You are correct. The only side-effects would be that if another area needs to get to that network that isn't advertised by the NSSA ABR they won't be able unless static route is used, etc. More detail... by default on NSSA External (type 7) routes the P-bit is set which permits the Type7 to Type5 at NSSA ABR. The not-advertise option turns off the P-bit. Erick --- bergenpeak wrote: I'm using an NSSA in some sites and want to prevent type 7 LSAs in these sites from being converted into type 5 LSAs and being injected into area 0. It appears this is possible using the summary-address command. Specifically, I'm considering doing the following in the ABR: summary-address 0.0.0.0 0.0.0.0 not-advertise It's my understanding the ABR, configured with the above, will block any type7-5 routes from being advertised into area 0. Is this correct? Besides the filtering behavior, any side-effect/ramifications to consider when doing the above? Thanks __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56426t=56407 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Native VLAN 1 [7:55743]
Comments inline... --- The Long and Winding Road wrote: Larry Letterman wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Pris, In our 6509's we used to make the native vlan and the data vlan the same and it was something other than 1...if a blade fails and we put in a new one , it defaults to vlan 1 for all ports. If the blade has trunk ports in it, they get set to native vlan 1. The other end is set for something else, this resulted in vlan mismatch in the vtp domain, and in a lot of instances we suffered stp recalcs that took buildings down for periods of time...we subsequently have returned to making native vlan 1 on all trunks and have not had any issues since.. I want to clarify a few items so we fully understand this behavior so next time I need to hot-swap I am prepared to make config changes as well. I thought the running config in RAM (and NVRAM) stayed the same when swapping *same model* blades in the same slot. If this isn't the case, then is some of the config the same and some is defaulted? Can you point us to a cisco doc explaining this behavior? Thank you very much! __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55782t=55743 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ATM Problem [7:55238]
Hi, The New site has 2 ATM PVCs defined, with a ip entry mapped to site A and C. Site C has a typo under it's map-list for the new site, going to 192.58.135.68 instead of 192.68.135.68. New site has no PVCs for site B yet configured. Also, this is multipoint non-broadcast interface so under OSPF you will neighbor statements. HTH, Erick --- Bill Smith wrote: Greetings, I have a problem/question regarding a current ATM Circuit. Currently, our ATM cloud connects 4 of our sites. We submitted an order to add another site into the cloud. The telco provided the vpi's but only two sites communicate. Site C | | | Site A--- ATM CLOUD Site B | | | NEW Site Sites a, b, c communicate correctly. The NEW Site was added but (pvc's to all sites), but will only communicate with Site A. Teloc has checked the VPI's and insists they are correct. Which brings up another strange item--All the VPI's were the same: New site Originating Destination 9090 100 100 8080 I have never noticed VPI's being the same on both ends,,Does this sound correct? OSPF is the routing protocol. But only new site and site a exchange info. Site A interface ATM5/0/0 ip address 192.68.135.66 255.255.255.240 ip pim sparse-mode ip ospf authentication-key 7 05180702014D43 ip ospf network non-broadcast map-group TEST atm pvc 1 35 40 aal5snap atm pvc 2 36 50 aal5snap atm pvc 5 95 95 aal5snap atm pvc 6 80 80 aal5snap no atm ilmi-keepalive map-list TEST ip 192.68.135.65 atm-vc 1 ip 192.68.135.67 atm-vc 2 broadcast ip 192.68.135.68 atm-vc 5 broadcast ip 192.68.135.68 atm-vc 6 broadcast NEW Site interface ATM3/0 ip address 192.68.135.68 255.255.255.240 ip ospf authentication-key 7 05180702014D43 ip ospf network non-broadcast map-group TEST atm pvc 1 95 95 aal5snap atm pvc 2 100 100 aal5snap no atm ilmi-keepalive map-list TEST ip 192.68.135.66 atm-vc 1 broadcast ip 192.68.135.65 atm-vc 2 broadcast Site C interface ATM1/0/0 ip address 192.68.135.65 255.255.255.240 ip ospf authentication-key 7 010007097B0A0B4F ip ospf network non-broadcast map-group TEST atm pvc 1 40 40 aal5snap atm pvc 2 100 100 aal5snap atm pvc 3 37 60 aal5snap no atm ilmi-keepalive map-list TEST ip 192.68.135.66 atm-vc 1 ip 192.68.135.67 atm-vc 3 ip 192.58.135.68 atm-vc 2 broadcast Any help is greatly appreciated! [EMAIL PROTECTED] = Those who are willing to trade freedom for security deserve neither freedom nor security. -- Benjamin Franklin __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55239t=55238 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ATM Problem [7:55238]
Bill, No problem. Well, lets start by trying to ping sites a, b and C from the new sites router console/telnet session. This way the ping is direct. If were able to do this then the PVC and map-list entries are correct. If the above doesn't work, then you'll need to verify the carrier has the PVCs mapped end-to-end correctly in their network. The ATM physical circuit might be fine and dandy but if they have multiple ATM switches this goes through and they have a mis-match in their PVC mappings then it isn't going to work. HTH, Erick --- Bill Smith wrote: Eric, Thank you for your response. It was a typo on my part entering the information in the posting. The map-list in the router does have the correct IP address. I have defined (many times) the additional PVC's on the NEW SITE router/map list without any success. I apologize, I should have stated that in my previous posting. I inserted the neighbor statements in the OSPF process, but no success. THE SHOw IP OSPF Neighbor statement shows ATTMPT/DROTHER for site c but eventually shows as being down. Also, I receive a message on the new site router sent youngest key0.. Thank You for your assistance.. -Original Message- From: Erick B. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 09, 2002 7:58 PM To: Bill Smith; [EMAIL PROTECTED] Subject: Re: ATM Problem [7:55238] Hi, The New site has 2 ATM PVCs defined, with a ip entry mapped to site A and C. Site C has a typo under it's map-list for the new site, going to 192.58.135.68 instead of 192.68.135.68. New site has no PVCs for site B yet configured. Also, this is multipoint non-broadcast interface so under OSPF you will neighbor statements. HTH, Erick --- Bill Smith wrote: Greetings, I have a problem/question regarding a current ATM Circuit. Currently, our ATM cloud connects 4 of our sites. We submitted an order to add another site into the cloud. The telco provided the vpi's but only two sites communicate. Site C | | | Site A--- ATM CLOUD Site B | | | NEW Site Sites a, b, c communicate correctly. The NEW Site was added but (pvc's to all sites), but will only communicate with Site A. Teloc has checked the VPI's and insists they are correct. Which brings up another strange item--All the VPI's were the same: New site Originating Destination 90 90 100 100 80 80 I have never noticed VPI's being the same on both ends,,Does this sound correct? OSPF is the routing protocol. But only new site and site a exchange info. Site A interface ATM5/0/0 ip address 192.68.135.66 255.255.255.240 ip pim sparse-mode ip ospf authentication-key 7 05180702014D43 ip ospf network non-broadcast map-group TEST atm pvc 1 35 40 aal5snap atm pvc 2 36 50 aal5snap atm pvc 5 95 95 aal5snap atm pvc 6 80 80 aal5snap no atm ilmi-keepalive map-list TEST ip 192.68.135.65 atm-vc 1 ip 192.68.135.67 atm-vc 2 broadcast ip 192.68.135.68 atm-vc 5 broadcast ip 192.68.135.68 atm-vc 6 broadcast NEW Site interface ATM3/0 ip address 192.68.135.68 255.255.255.240 ip ospf authentication-key 7 05180702014D43 ip ospf network non-broadcast map-group TEST atm pvc 1 95 95 aal5snap atm pvc 2 100 100 aal5snap no atm ilmi-keepalive map-list TEST ip 192.68.135.66 atm-vc 1 broadcast ip 192.68.135.65 atm-vc 2 broadcast Site C interface ATM1/0/0 ip address 192.68.135.65 255.255.255.240 ip ospf authentication-key 7 010007097B0A0B4F ip ospf network non-broadcast map-group TEST atm pvc 1 40 40 aal5snap atm pvc 2 100 100 aal5snap atm pvc 3 37 60 aal5snap no atm ilmi-keepalive map-list TEST ip 192.68.135.66 atm-vc 1 ip 192.68.135.67 atm-vc 3 ip 192.68.135.68 atm-vc 2 broadcast Any help is greatly appreciated! [EMAIL PROTECTED] = Those who are willing to trade freedom for security deserve neither freedom nor security. -- Benjamin Franklin __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55242t=55238 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Inside Interface accepts DHCP lease...but it has a static [7:55066]
That is strange. What type of router and IOS version? Just to clarify, the interface has 'ip address x.x.x.x y.y.y.y' config and not 'ip address dhcp' with a static DHCP assigned address. Being DSL, is it PPPoE by chance? Does e0 connect to DSL/Internet and e1 to their network or vice versa? --- Dain Deutschman wrote: Hi all, I have a problem with a client on a dsl connection. Ethernet 0 and 1 both have statically assigned IP addresses. I leave the customer site and 3 days later they call and have no internet. I check the router config and E0 has the wrong IP address. I check the Win2000 DHCP server and that address is listed as leased to the router. Any ideas why the router is allowing this to happen? -- Dain Deutschman CNA, MCP, CCNA Data Communications Manager [EMAIL PROTECTED] __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55066t=55066 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: CSCO stock [7:54957]
As well as plenty of other stocks... --- Eric R wrote: Just curious if anyone else noticed that Cisco is below $10 and Lucent is a now penny stock! __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54959t=54957 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to restrict hubs in a LAN [7:54937]
Greg, Windows XP does this by default in some situations. If you have a PC with a Ethernet NIC and firewire adapter, it will bridge the 2 interfaces together and create a logical L3 interface that the protocols are bound to all by default. --- Greg Reaume wrote: John, If WindowsXP is bridging two NICs it actually runs spanning-tree. It is a very nice feature for L1 redundancy. Though in your scenario I don't really see why they think that's necessary. I'm planning to use this functionality in the upcoming Windows.NET server to multihome all my servers, as long as it supports the concept of a loopback or virtual interface for L3 connectivity, to two different switches to protect against 48 servers failing because a switch burns out. I just wish MS had an add-on for Windows2K Server with this functionality so I don't have to wait. Check out these links: http://www.microsoft.com/WindowsXP/pro/techinfo/administration/homenetbridge /default.asp http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/c ableguy/cg0102.asp Correct me if I'm wrong but, from what I gather in your previous postings, loops seem to be your main concern. You say that it may very well be justified that these users need up to 5 PCs in their cube, or that you don't really want to get into that fight (whichever way you want to put it). You also say that it is very hard to run new drops. Why don't you take the approach of supporting them then, and instead of going through the work of running new drops, provide them with a small switch that runs spanning-tree. A 1548M (8-port desktop chassis) would do nicely for around $1K list. It allows for up to 4 local VLANs so the techs can do whatever they want on their own little switch. It also runs CDP so you can keep track of where they are through management tools like CiscoWorks, etc. If they want to clog up their link to the rest of the network with 5 PCs doing whatever, why not let them (as long as they do it safely)? Check here for more info on the 1548M: http://www.cisco.com/en/US/products/hw/switches/ps211/index.html HTH Greg Reaume JohnZ wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Well, when I wrote the orginal post I knew I will have these questions. Basically the first layer of support or help desk if you will have more PCs then the drops in their cubes. This is an old building not meant for an IS staff so there is some frustration on their part. I am not going to question if there is a legit need for folks to have 5 PCs when there is infact a seperate staging area to set up and test pcs for users. Any ways they know enough to be dangerous and there is no standard on hubs and I have seen where folks have created loops. Now with Windows XP I have seen some configs where 2 nics have been bridged via software I am not sure with what intent. Although it's been made clear many times not to use hubs but this is never enforced and I did not want to spend my time daily trying to hunt down the lawless. So that's when I thought if I could config the switch this will discourage the hub usage or bridging within pcs. I hope that answers most of the questions here. David j wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... See inline.. Chuck's Long Road wrote: as much of a rulemeister as I am, I still have to look at this from the user standpoint. Why are users throwing their own hubs onto the network? Is there a business case to be made? Is facilities too slow getting requested cable pulls done? what is the concern with a user plugging a hub in at the desk and then connected a couple of extra PC's? if the problem is one of dual homing by accident or otherwise, I can see the issue with spanning tree recalculations. But in a single home situation, what do you see as the issues? I see one issue: collisions, if you have a switched network you don't want to deal with collisions that hubs normally produce. I have to recognize, though, that hubs sometimes are very convenient and I'm the first on using them. when you say that politically, it's a mess what does that mean? high powered sales people throwing their weight around? management does not respect your input or concerns? something bad is happening, and it's rolling downhill? In some environments it's politically unacceptable, I know some hospitals in which you have to fill in a lot papers before being allowed to use a PC, so in that environments this could perfectly be part of the policy. I'm not questioning the wisdom or the necessity for doing what others have suggested. I'm just wondering why it is necessary for the network manager / network staff to unilaterally cut off user access. John Zaggat wrote in message [EMAIL
Re: Sniffing Async/Serial Ports on the Router [7:54919]
You can use sniffer with appropiate POD to tap a Serial line (PPP, HDLC, Frame, etc). This costs $ though. Theres other vendors with similar products (agilent, etc). If your looking to monitor terminal (reverse telnet like traffic) theres a async monitor command starting with 12.2(4)T or 8T if I recall. Haven't used it myself though but you can also sniff this traffic with a ethernet sniffer as it's telnet and in the clear. --- Hamid Ali Asgari wrote: Hi group, I am looking for a solution to monitor/sniff the traffic on Serial/Async ports. Any suggestions would be appreciated, Hamid [EMAIL PROTECTED] __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54921t=54919 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VWIC 2MFT-T1 [7:54796]
What type of router and IOS? There are/were limitations depending on those, but data is possible. You would set up a channel-group on the controller t1 interface and define the used timeslots. This creates a logical/virtual serial interface which you can configure like any other serial interface cfg is done. sample: controller t1 x/y channel-group 1 timeslots 1-24 int serialx/y:1 ip address x.x.x.x y.y.y.y encaps ppp/frame/whatever The :1 is the channel #, so if your channel-group was 2 this would be serialx/y:2 HTH, Erick --- [EMAIL PROTECTED] wrote: Has any one configured a Data T1 on the following card (VWIC 2MFT-T1)? This is very different from what I've seen in the past... I've been looking on CCO for data configuration, but haven't found anything. They say it's possible. Cheers, mkj ~~~ Michael Jablonski ABN AMRO Asset Management Holdings, Inc. 161 North Clark St. 9th Flr Chicago, IL 60601-2468 PH: 312.884.2996 FAX: 312.278.5550 ~~~ [EMAIL PROTECTED] __ Do you Yahoo!? New DSL Internet Access from SBC Yahoo! http://sbc.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54840t=54796 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VWIC 2MFT-T1 [7:54796]
What type of router and IOS? There are/were limitations depending on those, but data is possible. You would set up a channel-group on the controller t1 interface and define the used timeslots. This creates a logical/virtual serial interface which you can configure like any other serial interface cfg is done. sample: controller t1 x/y channel-group 1 timeslots 1-24 int serialx/y:1 ip address x.x.x.x y.y.y.y encaps ppp/frame/whatever The :1 is the channel #, so if your channel-group was 2 this would be serialx/y:2 HTH, Erick --- [EMAIL PROTECTED] wrote: Has any one configured a Data T1 on the following card (VWIC 2MFT-T1)? This is very different from what I've seen in the past... I've been looking on CCO for data configuration, but haven't found anything. They say it's possible. Cheers, mkj ~~~ Michael Jablonski ABN AMRO Asset Management Holdings, Inc. 161 North Clark St. 9th Flr Chicago, IL 60601-2468 PH: 312.884.2996 FAX: 312.278.5550 ~~~ [EMAIL PROTECTED] __ Do you Yahoo!? New DSL Internet Access from SBC Yahoo! http://sbc.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54841t=54796 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cable Broadband Question!!!! [7:54700]
Well, if you only have one Ethernet then you'll need to NAT-on-a-stick. But, any router w/Ethernet will be able to plug into a cable modem w/Ethernet connection. Config: interface Loopback1 ip address 172.16.2.10 255.255.255.0 no ip directed-broadcast ip nat inside ip policy route-map nat ! interface Ethernet0 mac-address 0040.1c60.9337 ip address 172.16.1.10 255.255.255.0 secondary ip address 66.200.150.4 255.255.255.0 (or ip address dhcp) no ip directed-broadcast ip nat outside ! ip nat inside source list 1 interface Ethernet0 overload ip classless ip route 0.0.0.0 0.0.0.0 Loopback1 ! access-list 1 permit 172.16.0.0 0.0.255.255 route-map nat permit 10 set ip next-hop 66.200.150.1 --- Matt wrote: Hi, Can anyone offer me any advice on whether it's possible to configure one of my cisco routers to work as a cable broadband router instead of having to purchase a model that specifically does the task. I currently have a 1601R, 1603R and 2 x 2503 and im sure somebody last year had something posted about being able to use one of these routers.. Any help would be appreciated Matt CCNA UK [EMAIL PROTECTED] __ Do you Yahoo!? New DSL Internet Access from SBC Yahoo! http://sbc.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54705t=54700 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Confused about Catalyst part numbers [7:54437]
Comments inline... --- Chuck's Long Road wrote: Lupi, Guy wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I would think about going with a 6509, the 5500 series has been eol'd, but the last support dates are a while away yet. CL: Lorda mercy!!! you sound like almost all of the Cisco sales guys I know ;- Mention the word core and the only thing they can say is 6509. Let's see - one slot for the sup, one for the 16 port gig blade, one for the 48 port ethernet blade - the rest of the slots for baking pizzas :- CL: 12 copper gig ports and 48x10/100 ports fits nicely into a 4006, which conveniently now sells with an L3 blade.. Use the 10/100/1000 blade, or use the copper gig GBICs, depending on other consideration. But the 4006 is a wiring closet switch. I recently ran into a company trying to use a 4006 w/sup2 with 12 GBIC ports attached to servers w/gigabit NICs and their performance and throughput suffered. (Ie: In-lost errors, rx-errors, and txmt-errors which all point to excessive traffic and full buffers). I've only seen this w/sup2s however so maybe sup3 or sup4 would help. I've seen other companys also have problems when using 4006 as a core/data-center device with a good amount of servers attached. CL: OR... I gotta keep brining this up - depending on the applications and traffic flows, a 3550-12G and a cou-ple of 3550-48's might just do the trick. The 12G is L3 out of the box. Agreed, or some other vendors box that isn't as pricy as the 6500 series (Extreme, Foundry). -Original Message- From: Stuart Pittwood [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 28, 2002 2:12 PM To: [EMAIL PROTECTED] Subject: Confused about Catalyst part numbers [7:54437] I am looking into buying a Catalyst 5509 for the core of our network, I am however confused by the part numbers I will need. I need about 12 + Gigabit Ethernet (Copper) ports, 48 10/100BaseT ports, a GBIC uplink to some 2950G-EIs we have, and an RSM to provide intervlan routing. Can anyone advise of of the part numbers I would need to get the required ports? Am I correct in thinking the the Supervisor Engine III would provide the layer 3 functions? Thanks in advance Stu __ Do you Yahoo!? New DSL Internet Access from SBC Yahoo! http://sbc.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54448t=54437 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Confused about Catalyst part numbers [7:54437]
Originally, they were and I had them divide them among the cards and it was better but then they added more servers. I'm a support guy so I try to fix peoples problems after the fact if possible. Here's the Mpps numbers... 4006 w/sup3 or sup4 -- 48 Mpps 4006 w/sup2 -- 18 Mpps Also, I'm told the 4006 has 3 buses each with it's own K1 (granite) chip and theres a 1GB connection between each K1 chip or bus. I've come across something someplace that mentioned that theres actually 2GB for the bus, and 3GB if you enable switch accelaration or add the fabric card. I haven't been able to find anything on cisco to verify this though. I'm also not sure what slot is on what bus. If anyone has any more details, I would be interested so we know what the best placement of devices / modules would be. --- Steven A. Ridder wrote: Were all the servers on the same card and CEF on? I had issues with that, so we re-engineered the traffic to keep as much as possible on individual cards, as the bus on the 4006 is only 2GB, as opposed to the 64 the marketing department claims. Erick B. wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Comments inline... --- Chuck's Long Road wrote: Lupi, Guy wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I would think about going with a 6509, the 5500 series has been eol'd, but the last support dates are a while away yet. CL: Lorda mercy!!! you sound like almost all of the Cisco sales guys I know ;- Mention the word core and the only thing they can say is 6509. Let's see - one slot for the sup, one for the 16 port gig blade, one for the 48 port ethernet blade - the rest of the slots for baking pizzas :- CL: 12 copper gig ports and 48x10/100 ports fits nicely into a 4006, which conveniently now sells with an L3 blade.. Use the 10/100/1000 blade, or use the copper gig GBICs, depending on other consideration. But the 4006 is a wiring closet switch. I recently ran into a company trying to use a 4006 w/sup2 with 12 GBIC ports attached to servers w/gigabit NICs and their performance and throughput suffered. (Ie: In-lost errors, rx-errors, and txmt-errors which all point to excessive traffic and full buffers). I've only seen this w/sup2s however so maybe sup3 or sup4 would help. I've seen other companys also have problems when using 4006 as a core/data-center device with a good amount of servers attached. CL: OR... I gotta keep brining this up - depending on the applications and traffic flows, a 3550-12G and a cou-ple of 3550-48's might just do the trick. The 12G is L3 out of the box. Agreed, or some other vendors box that isn't as pricy as the 6500 series (Extreme, Foundry). -Original Message- From: Stuart Pittwood [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 28, 2002 2:12 PM To: [EMAIL PROTECTED] Subject: Confused about Catalyst part numbers [7:54437] I am looking into buying a Catalyst 5509 for the core of our network, I am however confused by the part numbers I will need. I need about 12 + Gigabit Ethernet (Copper) ports, 48 10/100BaseT ports, a GBIC uplink to some 2950G-EIs we have, and an RSM to provide intervlan routing. Can anyone advise of of the part numbers I would need to get the required ports? Am I correct in thinking the the Supervisor Engine III would provide the layer 3 functions? Thanks in advance Stu __ Do you Yahoo!? New DSL Internet Access from SBC Yahoo! http://sbc.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54461t=54437 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Confused about Catalyst part numbers [7:54437]
True chuck, comments below... --- Chuck's Long Road wrote: Good points, Erik - some thoughts below: snipp for brevety CL: according to the specs, the 4006 has a 64 gig backplane, superior to the 65xx's advertised 32 gig out of the box. Also, take the Mpps numbers into consideration. I don't have them for the 6500 offhand. 5500 -- 1-25 Mpps 4006 w/sup3 or sup4 -- 48 Mpps 4006 w/sup2 -- 18 Mpps I do recall some conversation somewhere about Cisco's 6 port gig blade architechture being somewhat restrictive, but I don't recall the details. If you recall the details, I would be interested. The cisco pages say the 6 port GBIC is non-blocking but doesn't go into details about backplane. Something about each three gig ports sharing a chunk of the backplane? If this is the case, I can see certain high speed server applications having problems. Althoug I gotta say, the 65xx architechture isn't any better. CL: also, there could have been other reasons why there were problems in the case you mention. Agreed. It all depends on the type of traffic and amount happening at same time. IE: You could have 30 gig attached devices that aren't transmitting and run fine but if all 30 are pumping the wire you're likely to have problems. __ Do you Yahoo!? New DSL Internet Access from SBC Yahoo! http://sbc.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54464t=54437 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Serves Me Right - DHCP problem [7:54402]
Chuck, Have you tried to shorten the DHCP lease time? --- Larry Letterman wrote: why is that ? we have segmented avvid network across our campus. The laptops are all W2K and they work just fine without any issues on DHCP...The routers are all running hsrp and work correctly.. Chuck's Long Road wrote: I see I should have made this one a Friday Folly :- In a Big Flat Bridged Network, a mobile user unplugs the laptop at one office, drives over to the next office, plugs back in, and no further action is required. The Windoze PC has retained it's IP address, and the network doesn't care about location, because it is one big flat network. However, in the brand new ATM based AVVID ready routed network, said mobile user is now in a different segment in each location. With Windoze, you have to manually intervene. Sometimes you have to release the IP address, reload the computer, and then get your new DHCP assignment. Users don't like this. After all, now they have to do something, whereas before they did not. Never mind the higher speed, the failover capability of the routers, the new 100 mbs switches rather than 10mbs. They have to take an extra step or two in order to log in. This is normal behaviour for Windoze machines, and maybe for DHCP clients in general. I have had to do this release / renew for years. But to the customer, who is pretty naive in terms of networking, there is a problem that was caused by the new routers. To the users, there is a problem that never existed before. Like I said, serves me right. You give a customer a great new network, and you break something so rudimentary that it never would have occurred otherwise. :- -- www.chuckslongroad.info like my web site? take the survey! __ Do you Yahoo!? New DSL Internet Access from SBC Yahoo! http://sbc.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54465t=54402 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Erasing Flash system [7:54198]
You would type delete flash:c1700-sv3y-mz.121-5.YB4 then the file will be flagged as deleted. To regain the space, you do squeeze flash: The squeeze command doesn't work on all model routers however and sometimes depends on flash type. Offhand, I can't recall if 1700 can squeeze. If it can't you'll need to erase the whole flash and then transfer the image you want back. --- Parameswaran S wrote: Dear Group, I need to delete on the flash file system in my 1700 series router and the sh flash output is teynampet#sh flas System flash directory: File Length Name/status 1 6756080 c1700-sv3y-mz.121-5.YB4 2 7624104 c1700-sv3y-mz.122-8.T.bin [14380312 bytes used, 19174120 available, 33554432 total] 32768K bytes of processor board System flash (Read/Write) Acutually 122-8.T.bin is the working one and the other one is not needed.How do i erase 121-5.YB4?Any advise is appreciated. TIA, Regards, __ Do you Yahoo!? New DSL Internet Access from SBC Yahoo! http://sbc.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54205t=54198 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CAT 3550 : IPX and AT support? [7:53642]
YOu need to bridge IPX and AT. They call it fallback bridging but it's configured the same as regular bridging was... --- Robert Edmonds wrote: Diego, I don't think the 3550 supports IPX at all. I have checked Cisco's web site, plus I have a 3550-12G on my network and I can't find any IPX commands. Diego Rissone wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Does anybody know if the ios of the 3550's supports or will support ipx ? and at? thanks Diego Rissone CCIP,CCDP,CCNP,MSCE+I TECHINT GROUP -ARGENTINA [EMAIL PROTECTED] = Those who are willing to trade freedom for security deserve neither freedom nor security. -- Benjamin Franklin __ Do you Yahoo!? New DSL Internet Access from SBC Yahoo! http://sbc.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53678t=53642 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Windows and Net Behavior Tracking [7:53620]
Not that I know of. The timestamp of the file but it might not be accurate. You could set up a proxy on your PC that logs HTTP traffic I guess. You could also sniff HTTP, etc all the time... be really out of control but... It seems like internet access is becoming more like a police/big-brother thing. Extra applications on PCs chewing up resources, people watching people and the watchers don't know what the people do. Result is employees are less productive because they are constantly in fear of doing something that will raise flags, etc when they are actually doing productive work and busting their butt for the company. --- John Neiberger wrote: I now, that's a bizarre subject line. I couldn't think of a better one this early in the morning. :-) Here are the details... Let's say I went to a website and downloaded a specific file, then I subsequently cleared my cache. Once that is done, is there any way to reasonably prove where I got that file? If I'm claiming to have gotten that file from a particular site at a particular time, is there some other record on the computer that might still be intact that would show where and when I got it? Assume this is IE on Windows XP. Thanks, John [EMAIL PROTECTED] __ Do you Yahoo!? New DSL Internet Access from SBC Yahoo! http://sbc.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53681t=53620 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: interface vlan 1 -- no shut [7:53682]
Hi John, The VLAN Interfaces on the 3500/2900 XL series are management VLANs only and there can only be one up at a time. --- John Brandis wrote: HI All, Got a strange problem on a 3524xl switch. Problem: Need to create 2 VLANS . I issue the statements interface vlan 1 ip address 10.64.18.250 255.255.255.0 no shut interface vlan 2 ip address 10.64.19.25 255.255.255.0 no shut However, when I run sh ip interfaces , I see that only interface vlan 1 is up. I go into int vlan 1 and issue a shutdown, then I notice that VLAN 2 interface comes up... Can any one help with this please, or is this just how it works ? Level 20, THH 456 Kent St, Sydney ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk * This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * [EMAIL PROTECTED] __ Do you Yahoo!? New DSL Internet Access from SBC Yahoo! http://sbc.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53686t=53682 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF Authentication with one Spoke only.... [7:53366]
Is this for a lab or production environment? OSPF can authenticate per-area or on a interface basis. You'll have to put this spoke on it's own sub-interface or run a tunnel to it and do auth on the tunnel. --- Robert Massiache wrote: Hi, I got a strange question for you guys! How do I enable ospf md5 authentication in a hub and spoke multipoint network. I need authentication between a single spoke and the hub. I do not want auth between the same hub and the 'other spoke'. Remember this is a multipoint network. Any helpers...please! __ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53389t=53366 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ip classless and default route [7:53231]
It will work fine for any destination other then 210.210.210.x/24 which is the classful network for your IP subnet. A better real-world internet example with no ip classless and internet connections would be, if you had a 64.x.x.x subnet on the serial and similar on LAN side. In this case, 64.0.0.0/8 is the classful range. There are many other customers that have a subnet in this classful range out there. With 'no ip classless' and a default route with nexthop of 64.x.x.x any traffic destined to a 64.x.x.x site would fail, but traffic to 210.x.x.x, 65.x.x.x, etc would work. Erick --- YI Zhou wrote: according to many books, ip classless should be used to be able to use default route. but I just found my internet router, actually has no ip classless. which means I am using classful route lookup. And this is working fine,who can explain why note that ip address here is not real one. ! hostname xxx ! enable secret xxx ! ip subnet-zero no ip domain-lookup ip name-server x.x.x.x ! interface FastEthernet0/0 ip address 210.210.210.62 255.255.255.240 no ip directed-broadcast ! interface Serial0/0 bandwidth 64 ip unnumbered FastEthernet0/0 no ip directed-broadcast no ip mroute-cache no fair-queue ! no ip classless ip route 0.0.0.0 0.0.0.0 Serial0/0 Gateway of last resort is 0.0.0.0 to network 0.0.0.0 210.210.210.0/28 is subnetted, 1 subnets C 210.210.210.48 is directly connected, FastEthernet0/0 S* 0.0.0.0/0 is directly connected, Serial0/0 xxx# xxx#sh flash System flash directory: File Length Name/status 1 3612344 c2600-i-mz.120-3.T3 [3612408 bytes used, 4776200 available, 8388608 total] 8192K bytes of processor board System flash (Read/Write) [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53238t=53231 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Default Routing in EIGRP [7:53239]
Well, 12.2.1 is the first revision of 12.2 mainline code; they just released 12.2.12 so that may be better for you. Keep in mind that there is no 12.2 GD release yet. The T, X, etc trains add features so are likely to be more problem prone. Perhaps, look at 12.1 GD if you don't need any features introduced in 12.1T train or 12.2T train. Erick --- cebuano wrote: As a follow-up to my original post, a reboot reinstalled the default routes. As a word of caution, you might not want to use flash:/c2500-jk8os-l.122-1b.bin image as I've encountered too many strange results with it. Getting ready to swap it with a 12.1.xyz as I'm tired of wasting my time troubleshooting IOS features. Thank goodness for the 1-day lab format ;-$ And yes, ip sum eigrp 1 0.0.0.0 0.0.0.0 does work. Elmer __ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53241t=53239 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ? about floating Static route [7:52837]
If it's the only route to that destination, then it doesn't really matter what the admin distance (or cost) is for the route. Perhaps, he was saying this because you may have a dynamic routing protocol (RIP, EIGRP, OSPF, etc) that advertises a default route that uses another next-hop. In this case, a static route using BRI with default cost would cause all traffic destined to the default route to use the BRI, no matter if primary line was up. Or perhaps, just as a safety net in case one is used in future. Erick --- Johnzaggat wrote: Is there ever a need to have a single floating static default route. Does it really matter if it's floating or not because since it's the only static route it will always be used. I am talking in context to using it with Bri as backup to the main link. One of the colleagues at work was insisting on use floating static route for the Bri backup and I really couldn't make any sense of it. Can some one clear this up for me. Thanks __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52840t=52837 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF default-information original always [7:52721]
This commands advertises a 0.0.0.0/0 route via OSPF with the advertising router as the next-hop. The next-hop would be the IP address of the interface connecting to adjancent routers part of the OSPF domain. --- Gil Shulman wrote: Hi all, I have been wondering whether someone can help me understand, how to control which default-gateway will the OSPF mechanism will advertise first, in a scenario which I have four. Thank you in advance for any help, Gil ** The contents of this email and any attachments are confidential. It is intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to any one or make copies. ** eSafe scanned this email for viruses, vandals and malicious content ** ** [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52755t=52721 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Internet control [7:52663]
Well, for the authentication part you can use the aut proxy feature (both router IOS and PIX) coupled with a RADIUS/TACACS server. Local user db will work to. As far as blocking porn, etc there are other products like WebSense but thats the only one that works with the PIX at the moment. You could redirect the web traffic to a proxy box (wccp, transparently, etc) and have proxy check with a blacklist service (web sense, etc) as well. --- Rodney Jackson wrote: Guys, I know this is off the subject but I hope some of you will help. I have been tasked with implementing a way to filter Internet traffic (block porn sites) as well as user authentication. I'm thinking about using Websense but the cost is too much. What have you guys been using or recommend? __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52707t=52663 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 3550 EMI [7:52430]
The only thing I know of right now about this release is that it fixes a Spanning tree bug. CSCdy21905. http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdy21905 --- Eric Rogers wrote: A new IOS has just been released for the 3550 - 12.1.11.EA1. Looks like it came just in time for the new lab format too. Will this have BGP? What else will this have? The documentation has not been posted yet. Just in time to practice for the weekend anyhow. In any event it looks like the lab will be moving from 6 to 8 full routers come Nov. __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52433t=52430 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Staic Routes on 1605 Router [7:52340]
Where does the 10.258.52.x network reside in your network? I'm guessing it also uses a 255.255.255.0 mask. If there is a PC or PC's on one of the 1605 ethernet segments with a 10.258.52.x address then you will need to add a secondary IP address to the interface those devices are off of. This is also called a multinetted interface. interface e0 ip address 10.258.52.x 255.255.255.0 secondary If the 10.258.52.x is on another router in your network then you add a static route or enable a dynamic routing protocol between the routers. The static route next hop will be an adjancent router off one of the 1605 interfaces. Example: ip route 10.258.52.0 255.255.255.0 10.1.1.1.x where x is the other router on the 10.1.1.x/24 network. That router would also need routes back to the 1605 networks. HTH, Erick --- Craig Robertson wrote: Hi guys, I am having a problem with routing on a Cisco1605 router. Ethernet0 is set to 10.1.1.17 255.255.255.0 and ethernet1 is set to 10.128.52.1 255.255.255.0 My problem is: From the 10.1.1.0 network i can ping 10.1.1.17 (ethernet0) From the 10.1.1.0 network i can ping 10.128.52.1 (ethernet1) From the 10.1.1.0 network I can NOT ping 10.258.52.101 (pc on subnet) I have enabled ip routing on the router, however, nothing has changed. Can anyone please advise of the command(s) for a static route, if indeed this is the problem. Any suggestions would be appreciated. Thanks __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52344t=52340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Staic Routes on 1605 Router [7:52340]
Is the PC's default gateway set to 10.128.52.1? Also, check the PCs routing table to see if everything is ok. netstat -r --- Craig Robertson wrote: Sorry guys, the address of the PC is 10.128.52.101, not 258. Nice typo hey :-) Thanks Vance Krier wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Is the PC really 10.258.52.101..? V-- Craig Robertson wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi guys, I am having a problem with routing on a Cisco1605 router. Ethernet0 is set to 10.1.1.17 255.255.255.0 and ethernet1 is set to 10.128.52.1 255.255.255.0 My problem is: From the 10.1.1.0 network i can ping 10.1.1.17 (ethernet0) From the 10.1.1.0 network i can ping 10.128.52.1 (ethernet1) From the 10.1.1.0 network I can NOT ping 10.258.52.101 (pc on subnet) I have enabled ip routing on the router, however, nothing has changed. Can anyone please advise of the command(s) for a static route, if indeed this is the problem. Any suggestions would be appreciated. Thanks [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52346t=52340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: router hangs [7:52193]
Was the 2500 working fine then just started doing this, or is this 2500 new to you and first time using it? Turn off the router, use a electrostatic strap, and take the cover off and try reseating the memory and flash and make sure all chips are seated well on the mainboard. Power on and see if it comes up fine. Erick --- nilesh bothra wrote: can someone help me how I can fix this. = System Bootstrap, Version 4.14(9.1), SOFTWARE Copyright (c) 1986-1994 by cisco Systems 2500 processor with 16384 Kbytes of main memory Unknown or ambiguous service arg - udp-small-servers Illegal IP keyword - classless ANOTHER MESSAGE HERE*** Loading c2500-js-l_112-17.bin at 0x340, size = 8108960 bytes [OK] F3: 8010312+98616+315708 at 0x360 Restricted Rights Legend Use, duplication, or disclosure by the Government is. .. %SYS-5-CONFIG_I: Configured from memory by console %SYS-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JS-L), Version 11.2(17), RELEASE SOFTWARE (fc1) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Mon 04-Jan-99 17:27 by ashah %LINK-5-CHANGED: Interface Serial0, changed state to administratively down %LINK-5-CHANGED: Interface Serial1, changed state to administratively down %LINK-5-CHANGED: Interface TokenRing0, changed state to administratively down AND THE ROUTER HANGS HERE** __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52200t=52193 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: routing problem? [7:52054]
Try putting 'no ip address' on the serial interfaces. You don't need a ip unnumbered or ip address on them if they are part of a multilink-group. Have you tried removing the NAT? Don't see a complete config for NAT so can't see if it may be a issue. Erick --- Beckwith Rod wrote: Hello, This looks to be a very straight forward configuration, but it is giving me fits. It's a simple Multilink PPP setup. I can ping from Router A to Router B, but I can't do any TCP i.e. Telnet, SSH, Traceroute, etc. All I want to be able to do is telnet from Router A to Router B... The weird thing is, I can telnet from Router B to Router A. Please tell me if I have done something stupid. Router A ip subnet-zero ! no ip bootp server ! ! ! process-max-time 200 ! interface Multilink1 ip address 192.168.1.1 255.255.255.0 ip directed-broadcast ip nat outside no cdp enable ppp multilink multilink load-threshold 2 either multilink-group 1 ! interface Ethernet0/0 no ip address no ip directed-broadcast no ip mroute-cache shutdown no cdp enable ! interface Serial0/0 ip unnumbered Multilink1 ip directed-broadcast encapsulation ppp no ip mroute-cache no fair-queue service-module t1 clock source internal ppp multilink multilink-group 1 ! interface Serial0/1 ip unnumbered Multilink1 ip directed-broadcast encapsulation ppp no ip mroute-cache no fair-queue service-module t1 clock source internal ppp multilink multilink-group 1 ! interface FastEthernet1/0 ip address 172.16.XXX.XXX 255.255.0.0 secondary ip address 209.17.XXX.XXX 255.255.255.0 ip directed-broadcast no cdp enable ! ip classless ip route 0.0.0.0 0.0.0.0 209.17.95.1 ip route 209.17.XXX.144 255.255.255.240 Multilink1 no ip http server Router B ip subnet-zero ip dhcp excluded-address 192.168.4.1 192.168.4.20 ! ip dhcp pool wc network 192.168.4.0 255.255.255.0 default-router 192.168.4.1 dns-server 206.13.XXX.12 206.13.XXX.12 domain-name XXX.net lease 2 ! ! ! ! process-max-time 200 ! interface Multilink1 ip address 192.168.1.2 255.255.255.0 ip directed-broadcast ip nat outside no cdp enable ppp multilink multilink load-threshold 2 either multilink-group 1 ! interface Ethernet0/0 ip address 209.17.XXX.145 255.255.255.240 ip directed-broadcast full-duplex ! interface Serial0/0 ip unnumbered Multilink1 ip directed-broadcast encapsulation ppp no ip mroute-cache no fair-queue ppp multilink multilink-group 1 ! interface Serial0/1 ip unnumbered Multilink1 ip directed-broadcast encapsulation ppp no ip mroute-cache no fair-queue ppp multilink multilink-group 1 ! interface FastEthernet1/0 ip address 192.168.4.1 255.255.255.0 ip directed-broadcast ip nat inside ! ip nat translation timeout 43200 ip nat inside source list 101 interface Ethernet0/0 overload ip classless ip route 0.0.0.0 0.0.0.0 Multilink1 no ip http server Both routers are identical Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(5)T1, RELEASE SOFTWARE (fc1) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Tue 17-Aug-99 14:39 by cmong Image text-base: 0x80008088, data-base: 0x80B5E15C ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) Rhapsody@FIC uptime is 1 week, 20 hours, 21 minutes System returned to ROM by power-on System image file is flash:c2600-is-mz.120-5.T1 cisco 2610 (MPC860) processor (revision 0x202) with 32768K/8192K bytes of memory. Processor board ID JAD03342330 (2663084462) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. 1 Ethernet/IEEE 802.3 interface(s) 1 FastEthernet/IEEE 802.3 interface(s) 2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 Any clues? Thanks Rod __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52058t=52054 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IS-IS System ID [7:51878]
Hi, Try 'no ip domain-lookup nsap' globally. --- Raul F. Fernandez wrote: Its also happening with 12.2 code. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of cebuano Sent: Wednesday, August 21, 2002 11:42 PM To: [EMAIL PROTECTED] Subject: IS-IS System ID [7:51878] Hi Group, Has the 12.0 modified the output of the System ID to show the hostname instead of the actual 3-octet Hex? Here's a sample of what I see in 12.2. erlin#sh clns is System Id Interface State Type Priority Circuit Id Format Rome Se4 Up L1L2 0 /0 00 Phase V Paris Et0 Up L1L2 64/64 Paris.01 Phase V Amsterdam#sh is data IS-IS Level-1 Link State Database: LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL Amsterdam.00-00 * 0x0003 0xCD75647 1/0/0 Amsterdam.03-00 * 0x0001 0x75D50 (632) 0/0/0 Brussels.00-000x0004 0x6B9D639 1/0/0 Brussels.01-000x0001 0x8B68631 0/0/0 IS-IS Level-2 Link State Database: LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL Amsterdam.00-00 * 0x0002 0x3913633 0/0/0 Rome.00-000x0002 0x1196617 0/0/0 Rome.01-000x0002 0x2D62628 0/0/0 London.00-00 0x0005 0x9EA1631 0/0/0 Brussels.00-000x0003 0xCFB3624 0/0/0 Brussels.01-000x0002 0x1962634 0/0/0 Paris.00-00 0x000C 0x8D31575 0/0/0 Paris.01-00 0x0003 0x6215 1189 0/0/0 Berlin.00-00 0x000E 0x1967623 0/0/0 TIA, Elmer __ Do You Yahoo!? HotJobs - Search Thousands of New Jobs http://www.hotjobs.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51883t=51878 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Check this new command out [7:49717]
Looks to be new to 12.2(8)T and possibly some test builds. The output below is from a Development test version of 12.1 so maybe a future release of 12.1 mainline will have it to. On my 804 here, 12.2(4)T didn't have it but 12.2(8)T does. --- Moffett, Ryan wrote: What code rev is this in? I have some 12.2(5)+ and I don't see it. Is this just in specific 12.1 Development Test images? -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Friday, July 26, 2002 10:40 AM To: [EMAIL PROTECTED] Subject: Re: Check this new command out [7:49717] Ya but you don't need the do command. Dave Juan Blanco wrote: Please, correct me if I am wrong, but you can execute any command on the pix's box while you are in config mode as well -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of MADMAN Sent: Thursday, July 25, 2002 6:01 PM To: [EMAIL PROTECTED] Subject: Check this new command out [7:49717] Thought this was pretty cool!! c7304(config)#do sh ver Cisco Internetwork Operating System Software IOS (tm) 7300 Software (C7300-JS-M), Version 12.1(1.23.020716.), CISCO DEVELOPME NT TEST VERSION Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Tue 16-Jul-02 03:26 by Image text-base: 0x40008970, data-base: 0x41B32000... Dave -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49924t=49717 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FEC with routeurs [7:46008]
This is supported on the 7500/7000 series routers starting with 11.1 CA. Under the fast ethernet interface, do a 'channel-group #' which ties the fast Ethernet interface to a port-channel interface. Example: interface fast Ethernet 1/0/0 no ip address channel-group 1 interface fast Ethernet 2/0/0 no ip address channel-group 1 interface port-channel 1 ip address 1.2.3.4 255.255.255.0 --- Dion, Thierry wrote: hello guy, =20 Do U heard about FEC on Routers, if yes with what IOS version we can do = and our ? =20 Thanks Kind Regards. Thierry. _ =20 =20 [GroupStudy.com removed an attachment of type image/gif which had a name of getro.gif] [GroupStudy.com removed an attachment of type image/gif which had a name of CCNP.gif] [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46019t=46008 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is IGRP actually supported by other vendors? [7:43994]
Comments inline... --- Howard C. Berkowitz wrote: I don't know the specifics of the Nokia case. Cisco has, however, both supplied router blades running IOS on an OEM basis to vendors including Cabletron, and licensed a software port to DEC (IOS on DEC hardware -- Brouter 500) And the blade for the Synoptics 3000 chassis... __ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43997t=43994 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Free Sniffer download [7:43297]
It should work just fine. Haven't tested DHCP in 6.2 but have set up PIX outside interface up as DHCP client in past. The only minor problem I see is that I don't think there is a way to change the MAC address if they restrict DHCP via MAC address, but that might not effect you. --- Wayne Jang wrote: Just curious, will the Pix 506 (6.2)work if you have a DHCP assigned IP from your DSL provider? Greg Owens wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am searching for a Sniffer Download __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43323t=43297 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN dial [7:42884]
Just add another dialer string (or dialer map)... they will be used in the order they are entered. --- Michalis Palis wrote: Hello all. I have a customer who wants a router to dial (ISDN) to another destination in case the fist destination fails to answer ( no answer, busy etc). How can I do it using a Cisco router? I will appreciate your help. __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42943t=42884 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF over ISDN demand circuit [7:42348]
Hi, Having passive for the ISDN int would stop OSPF multicast hellos from going across the ISDN interface. You could still do a neighbor statement though which is unicast however. If the ISDN is bouncing, it's probably due to a route-redistribution problem or some form of IP traffic going out the ISDN interface. Do you have other routing protocols sending updates out ISDN (use passive interface for those routing protocols). Check your redistribution, do you have filters to not allow the ISDN/dialer interface IP subnet to be redistributed into OSPF again? To see whats triggering the ISDN/dialer int do: show dialer (should have a reason) debug interface bri/dialer debug ip pack (see note below) Debug ip pack generates a lot of output and might/will crash the router so be careful with it. If you use the debug interface (interface) condition then the debug output will only show traffic in/out of the interface specified which will narrow down the output. --- timothy thielen wrote: If one wishes for routing updates to bring up the link, can one not just use the passive-interface command on the ISDN interface? If it is a backup link, passive interface will keep routing updates will keep the link from coming up for updates. Then a couple of floating static routes on either end should bring it up if the primary (dynamic)link goes down as long as the administrative distance for the floaters are greater then that of OSPF. --Tim Ruihai An wrote: Hi, Group, On an ISDN circuit running ospf , if I want to use ip ospf demand-circuit to keep it from being brought up by ospf update, do I need to define 224.0.0.5 as non-interesting traffic in dialer-list? I have configured ip ospf demand-circuit on one side of the ISDN, but routing update to 224.0.0.5 keeps activating the circuit? What is the problem? Thanks Ruihai [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Games - play chess, backgammon, pool and more http://games.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42463t=42348 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: is the following pap callin cfg viable? [7:42475]
The config is good for the pieces you posted. Is it working or? If it's not, perhaps theres a extra space after one of the passwords. --- Mirza, Timur wrote: PAP Using Different Passwords On Two Different Routers on r1: username r2 password 0 timur ! int BRI0 ppp authentication pap ppp pap sent-username r1 password 0 milton on r2: username r1 password 0 milton ! int BRI0 ppp authentication pap callin ppp pap sent-username r2 password 0 timur !callin keyword on r2 means that r2 will only authenticate r1 if r1 initiated the call Timur Mirza Principal Network Engineer Network Planning Engineering, West Region 15505-B Sand Canyon Avenue Irvine, California 92618 Verizon Wireless 949.286.6623 (o) 949.697.7964 (c) __ Do You Yahoo!? Yahoo! Games - play chess, backgammon, pool and more http://games.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42485t=42475 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: standard trunk protocol [7:40809]
Yes there is, it's called GVRP which is part/extension of 802.1q. Not all vendors support this though so YMMV. VTP, DTP are Cisco propiertary. --- TP wrote: Dear Group, I'm confused. In a multi-vendor enviroment I've to design a VLANs scenario. So I can prefer 802.1Q tagging (standard) on the trunk link. And then? How to manage the VLAN informations? Is VTP (or DTP) a cisco protocol? Is there a standard in order to manage the vlan information dynamically? Thanks. Teresa [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=40867t=40809 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: the frame-relay interface-dlci XXX [7:39331]
The interface-dlci command can be used on a multipoint interface as well, and exist with a map statement. Using it this way lets you specify QoS for a DLCI. Example: frame map ip x.x.x.x 101 frame map ip x.x.x.x 102 frame interface-dlci 101 class dlci101 frame interface-dlci 102 class dlci102 --- MADMAN wrote: interface dlci command = point-to-point map = multipoint in a nut shell Dave cage wrote: I do want to know the truth of the frame-relay interface-dlci XXX and the diference between it and the command map? -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39767t=39331 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Bridging and HSRP [7:39525]
Hi, When using DECnet, the MAC address is changed depending on the DECnet address. You need to use the HSRP use-bia feature with DECnet. HSRP then uses the DECNet MAC address. From http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/decnet.htm DECnet hosts do not use manufacturer-assigned Media Access Control (MAC)-layer addresses. Instead, network level addresses are embedded in the MAC-layer address according to an algorithm that multiplies the area number by 1024 and adds the node number to the product. The resulting 16-bit decimal address is converted to a hexadecimal number and is appended to the address AA00.0400 in byte-swapped order, with the least-significant byte first. For example, DECnet address 12.75 becomes 12363 (base 10), which equals 304B (base 16). After this byte-swapped address is appended to the standard DECnet MAC address prefix, the address is AA00.0400.4B30. --- [EMAIL PROTECTED] wrote: Greetings all, I've a 6509 with 2 sups and MSFCs, running hsrp between both MSFCs. Routing 5 vlans, two of those 5 vlan are also bridging decnet. When I've the standby interface up, users can't get out, if I shutdown the standby interface all is good. According to Cisco I've to enable standby use-bia feature to prevent this problem. Have you guys seen this before, and what causes this problem? Just looking for some education and solutions. Thanks..Nabil - Hope I made my problem clear! [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39541t=39525 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: issue with PIX and dhcp ? [7:39269]
Why doesn't he just telnet/console into the PIX and do a 'ip address dhcp ...' instead of rebooting? This should renew it - at least this was working for me in a PIX class I attended last week. I did ask the instructor if you could change the MAC address on the PIX due to ISPs locking DHCP down to a MAC address and right nows theres not a way to change the MAC. --- Mark Odette II wrote: It Depends!! Historically, If the PC's DHCP-assigned address has never really changed that often, then you should be fine. If it has changed on a rather frequent basis, then it'll probably stop having outside communication after a small period of time. Just as a side note, in some parts of the US, specifically the D/FW area of Texas, the Cable-modem providers have not configured their networks in a way that the PIX 501 doesn't get a DHCP address. One of my colleagues is running this with his provider. He has a PIX 501 set up on Cable-modem, and just has to bounce his PIX every once in a while because the DHCP lease doesn't renew in a standard automated fasion. But as long as he reboots the PIX, it gets a new address, and keeps on transcieving I'll have to check to see who his provider is though to give you an idea of who does this functionality. -Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Audy Bautista Sent: Saturday, March 23, 2002 10:36 PM To: [EMAIL PROTECTED] Subject: Re: issue with PIX and dhcp ? [7:39269] I'm having the same problem with a PIX 501 and cable modem. I'm probably just going to take the IP received from the PC by the ISP and just put it statically on the outside interface on the PIX. Does anyone foresee any issues with this setup? bergenpeak wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi John, Cable companies often configure their provisioning (DHCP) severs to verify that the incoming DHCP request is from a MAC which is known. Couple of things to try. * Power cycle the CM and then have the PIX attempt to do DHCP. Do you get a DHCP OFFER? * After you power cycle the modem, put a sniffer on the wire between the PIX and modem to make sure that the PIX is generating enet frames from only one src MAC address. Depending on your service and how the CM is configured, the CM might be configured to learn one MAC on the home-side. If the PIX is generating frames with different MAC src then the one used for DHCP, this could be your issue. * If the above doesn't help and you have a host which does get an IP address, configure the PIX (if possible) to generate MAC src frames which originate with the host's MAC. If this works, its likely because the cable company's DHCP servers will only respond to known MACs. If you're an ATTBI-(former E@H/TCI) customer, unknown MACs will usually get an IP address (but you'll have limited access). If you're an ATTBI-(former Roadrunner/Mediaone) customer, the provisioning system must know your MAC in order for it to respond to your DHCP. Hope this helps, John Green wrote: is any one aware of any issue with PIX501 and connecting via cable modem to get an ip address (dhcp) ? internet-cable-PIXHOST modem 501 without the pix, the HOST is able to get the dhcp ip address fine. the pix is configured to get an ipaddress from dhcp for its outside interface. but it is failing. does anyone know of such issues ? __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39346t=39269 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VTP Servers [7:39083]
Hello, The switches use the VTP database with the highest config-revision. IE: You can be playing with a switch not attached to the network and then attach it to the network and if it's config-revision is higher it will wipe out the other switches. Changing the VTP domain makes the config-revision 0 again. So it is important to make sure the config-revision is 0 before you plug it into a live network if you don't want this switch to overwrite your VLAN databases. I don't recall offhand the 'show vtp ...' command that shows you what the current config-revision value is but it is there. Also, be aware that a VTP CLIENT can send out VTP updates and wipe out your VLAN database config. IE: A quick-fix is not to change from Server to client mode. HTH, Erick --- Jeffrey Reed wrote: If I have an existing VTP domain server with many VLANs configured and then add another VTP server does the first server update the new server? No chance of the new server updating the old server and wiping out the VTP database, right? Thanks!! Jeff [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39085t=39083 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Controlling utilization on switch port [7:39038]
The bandwidth command in IOS is used by some routing protocols (part of metric calc) and other router functions/services. This command on the switch, being IOS is probably the same and I'm not sure how effective it would be unless the switch had L3 functions, etc. --- sam sneed wrote: I never knew about this command. It is undocumented: http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/29_35wc3/cref/cl icmds.htm not there!!! I may try and play with it to see if it works. Bob Timmons wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I imagine it may depend on the switch. On the 3500's (or I guess any switch with IOS), you can specify the bandwidth command on any interface, but I've never tried it and don't know how well it works. SWITCH1(config)#int fast 0/13 SWITCH1(config-if)#bandwidth ? Bandwidth in kilobits Greetings all, Is there a trick or a way to control utilization on a switch port? Assuming we want the user to use only 5 MB instead of 10. No special requirement at this time, just curious. Thanks..Nabil [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39086t=39038 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Cond. Adv [7:39034]
Hi, Look at the advertise-map function. --- Larry Whitfill wrote: I need some help on conditional advertisements in BGP. I can have a condition where route A is advertised by RTR-X only when route B disappears from RTR-X's routing table. Is it possible to set up a condition where RTR-X only advertises route A when route B EXISTS in RTR-X's routing table? Thanks! Larry [EMAIL PROTECTED] = Those who are willing to trade freedom for security deserve neither freedom nor security. -- Benjamin Franklin __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39087t=39034 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF NSSA [7:38881]
Hi, I just did this up in my lab and got the same results using the metric-type option. Always was a N2. I checked the 12.1 and 12.2 command reference for 'area nssa' and metric-type and metric aren't listed as options for this command in the docs. That might not mean anything though. I also set a metric and metric-type 1 with same result. 'debug ip ospf lsa-gen' shows a external LSA for 0.0.0.0 being created as a type 2. As George stated a regular default-info-originate w/metric works fine. But then these options shouldn't be available on the area nssa command if they don't work. Anyone pursue this with the TAC or Cisco yet to confirm if its a bug?? --- Chee Kin wrote: Hi Georg, I am using IOS12.1.7 and it allows me to issue this syntax: area area-id nssa default-information originate metric-type 1 On IOS 11.x, it only allows me to issue this: area area-id nssa default-information originate If I leave the metric-type 1 off, I will get *N2 for the default route. If I use default-information originate metric-type 1, I will still get the same result. Looks like I may need to get a copy of Jeff Doyle's book and do a bit of reading on the NSSA stuff. The results of my NSSA config is way different from what I have anticipated. Thanks for your input anyway. I will let you know if I discover anything new. Regards, cheekin - Original Message - From: Georg Pauwen To: Sent: Wednesday, March 20, 2002 11:36 PM Subject: RE: OSPF NSSA [7:38881] Hi Cheekin, AFAIK, the syntax for the area nssa is: area area-id nssa default-information-originate which will generate a type 7 default into the NSSA area (NSSA ABR or NSSA ASBR only). So I think the 'metric-type 1' might confuse it. What happens when you leave 'metric-type 1' off ? I think that a default route of type 1 will only show up in the routing table when you use the default-information-originate metric-type 1 in router config mode, e.g.: router ospf 1 default-information-originate metric-type 1 Hope this helps. Regards, Georg [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39118t=38881 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Whats the difference between Classful Classless??? [7:38875]
Matt, The 'ip classless' and 'no ip classless' have to do with the way the router forwards packets. The commands don't have an effect on the routing protocols themselves. The best routes from the routing protocols will be put int the Routing Information Base (RIB). With 'ip classless' the router looks up the route with the longest-match and uses that. With 'no ip classless' it's different. Lets say you have 2 directly connected interfaces of 172.16.1.x/24 and 172.16.2.x/24 and a default route pointing to 172.16.1.2 which is an adjancent router off the first interface. Now, a packet comes in the router with a destination of 172.16.9.x. In a classful world, the router see's it as 172.16.0.0 and saids I have interfaces in that classful range but no 172.16.9.x so it drops it. In a classless world, longest-match rule is in effect so it uses the route that matches it best which would be the default route to 172.16.1.2. HTH. Also, this effects all router vendors (not just cisco) but most have classless enabled by default these days (BayRS doesn't though). Erick B. Matt Saunders wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Group, Im really struggling to understand the requirement in using the ip classless command when you are configuring a default route. I noticed that RIP 2 is a classless protocol RIP ver 1 is a classfull. Can anyone help me understand what the difference is (in simple terms!!) as i want to move on with my studies though im sure this is something thats going to come up again Cheers Matt __ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38875t=38875 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ospf and sub-interfaces [7:38788]
Hi, This shouldn't be a problem. I've done it before. Just make sure the native VLAN is the same on each 802.1q connection (ie: switch port and router port connecting to each other are in same native VLAN). If you have a newer router IOS you can do a 'encaps dot1q # native' command. Older IOS's didn't have the native keyword. If you don't have the IOS with the native keyword you can put the native VLAN IP on the main interface which will be native VLAN. You might also want to hard-code the trunk to on instead of auto/desirable and turn channeling off and hardcode the speed/duplex. HTH, Erick B. --- bergenpeak wrote: I'm looking at an design where there's a hub-spoke network based on 802.1q. Specifically, there will be a number of routers connect back via FE/GE into a central router through an 802.1q trunked interface. Each remote router will run OSPF and thus should form an OSPF adjancency with the central router over its respective sub-interface. Any issues or gotchas with this? I've not gotten a chance to test this out yet. __ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38876t=38788 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: what does SC0: stand for? [7:38517]
I think SLiRP was the program used for making a console connection into a SLIP connection. Trumpet may have done this also... --- Ken Diliberto wrote: Wasn't Trumpet used to convert a shell account into a SLIP line? That was way cool at the time. Ken Erick B. 03/16/02 12:48AM SC = Serial Console SL = SLIP (from before PPP days - anyone remember Trumpet? those were the days!). Erick B. [snip] [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38550t=38517 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ws-x5213 or ws-x5213a [7:38546]
I did some google searches and some site mentioned the A-version is the same module but the components used to make it were different and the cost was cheaper then the original. --- Daniel Cotts wrote: Here's the output of a show port capabilities on both a 5213 and a 5213A. No difference. I seem to remember that the A version fixed some flaws in the older blade. I have no idea what they might be. I've found the 5213 in a 1996 catalog. The 5213A is in the '98 catalog. If price wasn't much different, I'd go for the newer. Bill_Cat5505 sh port capabilities 4 ModelWS-X5213 Port 4/1 Type 10/100BaseTX Speedauto,10,100 Duplex half,full Trunk encap type ISL Trunk mode on,off,desirable,auto,nonegotiate Channel no Broadcast suppressionpps(0-15) Flow control no Security yes Membership static,dynamic Fast start yes Rewrite no *** Left5K sh port capabilities 2 ModelWS-X5213A Port 2/1 Type 10/100BaseTX Speedauto,10,100 Duplex half,full Trunk encap type ISL Trunk mode on,off,desirable,auto,nonegotiate Channel no Broadcast suppressionpps(0-15) Flow control no Security yes Membership static,dynamic Fast start yes Rewrite no -Original Message- From: Circusnuts [mailto:[EMAIL PROTECTED]] Sent: Saturday, March 16, 2002 10:21 AM To: [EMAIL PROTECTED] Subject: ws-x5213 or ws-x5213a [7:38546] Anyone know the difference between these two modules ??? Thanks Phil [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38583t=38546 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: what does SC0: stand for? [7:38517]
SC = Serial Console SL = SLIP (from before PPP days - anyone remember Trumpet? those were the days!). Erick B. --- TALBOT, WILLIAM P (SWBT) wrote: Probably switch console or system console Good question though, I am curious to see what it really means. Pat -Original Message- From: Eric Waguespack [mailto:[EMAIL PROTECTED]] Sent: Friday, March 15, 2002 10:46 PM To: [EMAIL PROTECTED] Subject: RE: what does SC0: stand for? [7:38517] thanks, but i know what it is and how to use it, what i am curious about is what it stands for, SC0 .. for example tty stands for teletype. --- TALBOT, WILLIAM P (SWBT) wrote: Quoting from CCO: The interface sc0 is an internal management interface that is connected to the switching fabric and participates in all of the functions of a normal switch port, such as Spanning-Tree Protocol (STP), Cisco Discovery Protocol (CDP), and VLAN membership. taken from http://www.cisco.com/warp/public/473/8.html Hope this helps, Pat -Original Message- From: Eric Waguespack [mailto:[EMAIL PROTECTED]] Sent: Friday, March 15, 2002 10:07 PM To: [EMAIL PROTECTED] Subject: what does SC0: stand for? [7:38517] any idea? __ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38530t=38517 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Management VLANs? [7:38282]
Other suggestions for not using VLAN 1 for mgmt are: - Before version 5.4 of CatOS, VLAN 1 couldn't be removed from VLAN trunk links. - VLAN1 is default VLAN which means if it was the mgmt VLAN and switches weren't configured to put all ports in another VLAN if someone plugged into one of these ports on this switch they're on your mgmt network. Along this line of thinking, if you use VLANxx for mgmt then chances are the only interfaces in that VLAN on that device is the logical management interface and trunk ports. The trunk ports being the only physical ports in the mgmt VLAN. This makes it hard for a casual user to plug into a open port and get to the mgmt VLAN/network unless they know which IP subnet it is and telnet there, etc. Also, make the mgmt VLAN a non-native VLAN on the trunk port if its 802.1Q so it is tagged. This way if someone knows what VLAN it is it'll be harder to get to it if they decide to pull the cable on the trunk port :) Erick B. --- R. Benjamin Kessler wrote: I think Cisco generally recommends that your switch mgmt interface is on a different VLAN than your regular (read: end-user/server) devices. This helps isolate broadcast/multicast traffic so the switch CPU doesn't have to process it - especially critical in networks where there is a high percentage of broadcast/multicast traffic. Additionally, there's a security component to this line of thinking; if you have an isolated subnet purely for switch management then you can restrict (at the router) who is allowed into that network; this is in addition to the various access controls you can employ on the individual switches. A word of caution though...I wouldn't recommend that you have a single mgmt VLAN that spanned your entire network unless you work in a really small shop - this breaks all sorts of rules in the Core-Distribution-Access religion and can be difficult to manage. Last note; I've seen a document (but can't place my fingers on it now) that recommended that you NOT use VLAN # 1 as your mgmt VLAN. Unfortunately it didn't elaborate as to why. HTH, Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael Kelker Sent: Thursday, March 14, 2002 2:14 PM To: [EMAIL PROTECTED] Subject: Management VLANs? [7:38282] this isn't a direct CCNP cert question, but I was thinking of trying to make my network infrastructure easier to navigate. I was thinking of creating a VLAN on a certain IP scheme and have each piece of equipment have a virutal interface on it. Am I going about this the right way? How do some of you address this issue? __ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38350t=38282 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Layer 3 switch ? [7:38358]
Hi, The term layer 3 switch is used to describe a switch that has routing capabilities. In the 6509, routing is handled by the MSFC daughtercard on the Sup module. If you do a 'show module' the MSFC is in slot 15 and/or 16. If you do a 'session 15' you reverse-telnet/console into the router module from the switch prompt if using Hybrid IOS. You don't need to route on the 6500 with the MSFC, you could use a external router as well if you want but the 6500+MSFC combo is faster. --- John Green wrote: Is it ok to refer to a router as a Layer 3 switch ? cisco 6500 was referred to as a Layer 3 switch. question: does it(6500) have routing capabilities ? - to connect to different vlans one needs a router. right ?? (as shown below) switchA ROUTER---switchB but say some nodes connected to switchB are on the vlan of switchA. so now to connect switchA and switchB can router be ok ? __ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38361t=38358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Windows XP and tftp [7:37738]
I've done plenty of TFTP transfers in Win XP with Pumpkin with no problem. It's all I use for TFTP. Their website is www.klever.net/kin but it appears to be down at the moment. It's been awhile since I've been there... The stories they had about the programs were funny. __ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37770t=37738 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: point-to-point subinterface [7:37831]
Hi, Is there already a s0.1 interface defined? Try creating a s0.2 or something that doesn't exist. Once you create a sub-interface you can't change it from multipoint to point-to-point and vice versa. Also, if you remove sub interfaces they aren't completely removed from memory until the router is reloaded/reset. Perhaps, you deleted the s0.1 interface and are running into this. HTH, Erick --- Richard Yun wrote: Hello, I'm trying to create a point-to-point subinterface under s0 inteface and I'm getting the following warning message: interface Serial0 no ip address encapsulation frame-relay no ip route-cache no ip mroute-cache no fair-queue clockrate 200 r1(config)#int s0.1 point % Warning: cannot change link type FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37835t=37831 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Lab - San Jose [7:37444]
Hi, I believe there is a new major-name hotel open now down the street at the end of the Cisco campus that looked walking distance to bldg C. Forgot the name... can someone help? Since it's one of the bigger hotel names, probably a bit pricy then the cheap motels/inns in the area. When I've been, I stay at the Vagabond Inn on North 1st street by the airport which is cheap cost wise. It's a nice place. It's about a 10 min drive. Theres a few more motels/inns along north first between 101 and tazman to. The light rail train/trolley runs down north 1st and tazman also so that could be helpful if you can't swing a car, but I'd check the schedule ahead of time so you get to bldg C in plenty of time. Erick --- James wrote: Hello, I hope to get some advice from those who attempted the lab in San Jose. I have a lab scheduled soon and hope that someone can let me know where to stay at the best rates, travel arrangements from hotel to Cisco, etc.. any information is greatly appreciated. Thank you __ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37623t=37444 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP Bandwidth statements [7:37221]
Hi, The bandwidth assigned to the main interface will be used on the subinterfaces, unless theres a bandwidth command on the subinterface which will override the bandwidth defined on the main. Example: int s0/0 band 1000 int s0/0.1 point ip address ... int s0/0.2 point ip address ... bandwith 256 int s0/0.3 point int s0/0, s0/0.1, s0/0.3 will have a bw of 1000 int s0/0.2 will have bw of 256 If you have different CIRs for each PVC and want EIGRP to use CIR as part of the calculation then define the bw on each sub. Keep in mind that you probably will be going above the guaranteed CIR most of the time unless there is congestion. I don't know of a way to adjust the bw for when traffic-shaping throttles back to the mincir. I'm not aware of any preferences or rules. Since bandwidth is used, it could have a negative/positive impact on your network routing depending on your network, etc. --- Mike Deloach wrote: Hi All Can someone clarify the rules for EIGRP bandwidth statements in a frame relay environment with point to point subinterfaces?? Is it more preferred to place the statement on the port itself or each subinterface? Assuming equal and unequal CIR's Thank You MikeD. __ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37235t=37221 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco VS Foundry Networks.. [7:36448]
Worry about in what sense? Foundry makes quality gear, etc. They just came out with their new ASIC (JetCore) and theirs a few products out based on it. They also have The FoundryMan Action figure :) Extreme also makes quality gear, as well as a number of other major/popular vendors. I do multi-vendor tech support for a big company and work on gear from many vendors. I don't have a preference other then I want exposure to as many vendors as I can. Bottom line, is you shouldn't base decisions on a nameplate or color. Look into the features, hardware arch., performance, reviews, etc. Erick B. --- Washington Rico wrote: Cisco people I would like to know your impression of Foundry Networks. Are they something to worry about? Regards, Eric Washington __ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36459t=36448 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Installing new IOS on new flash [7:36457]
Hi, From rommon you can use TFTP (tftpdnld command) after setting 4-5 variables listed by the tftpdnld command if they aren't all set. However, for the tftpdnld to work the bootstrap/rommon version has to support a interface you have installed. IE: A newer FastEthernet Net Mod may not be recognized by rommon. See the following URL for more on 'tftpdnld' on a 2600. http://www.cisco.com/warp/public/471/76.html --- Lan Wong wrote: Hi, This is my first post so if I did anything incorrectly, please let me know. I have recently replaced my 8 meg flash with a 16 meg flash memory on a 2611. Is there a faster way of loading the ios image onto this blank flash than using xmodem. Thanks, LW __ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36464t=36457 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PVC status don't go down [7:35389]
You could also use Frame-Relay End-To-End keepalives (FREEK). This works best if a subinterface is used. --- Nick S. wrote: Ok, The PVC status would never go down till the switch reports it as down, and only then will the line protocol go down. I have come across this scenario a couple of times (with ATM, concept is the same). And the trick is to use a routing protocol between the 2 routers, a routing protocol senses that the keepalives / hellos are not being answered and so will consider the neighbor as down, and in turn will activate the isdn circuit. You could also use dialer watch, watch a route and if that route goes down (when one end of the frame goes down) activate the isdn. hth Nick __ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35654t=35389 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLan Ooops Part 2 [7:34687]
802.1q (dot1q) works on 10meg interfaces. I'm doing it on a 2600 here... --- Nisus wrote: Ok so I understand the trunk feature now after talking to a good CCIE friend of mine. (he runs http://www.IPexpert.net shameless plug) And he explained the trunking feature. Here is my dilemma. I am going into a 2610 router which DOES NOT have a fast Ethernet interface. From what I have been told 10Mb Ethernet doesn't support tunking. Ahhh Crap. Any one know a way around this? And if so where can I learn how to do it ??? Thanks again, you all are great, Steven M Aiello __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34708t=34687 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 7507 PA-4E full duplex operation [7:34076]
Maybe with the use of the 'transmit-interface' command. I haven't tried this myself. --- Tauseef Nagi wrote: Cisco states that their PA-4E module (four port 10BaseT) for 7500 Series routers is capable of being configured for full duplex operation. Under the ethernet interface, no full-duplex option available. Also, the command no half-duplex returns Invalid input. Has anyone configured this module for 10M/full duplex operation? Thanks. Tauseef [EMAIL PROTECTED] __ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34148t=34076 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Strange Problem: Everything works fine but the Router can [7:34173]
Hi, This usually happens when a router has 2 routes to the same destination net but one of the next-hops doesn't have a route back to the source. Whats your routing table look like, how about the destination routers routing table? Is the IP address space on your LAN side public space your ISP provided? How about the interface connecting to them? Also, try pinging with extended commands using your LAN IP as a source and see if that is error-free. If it is, then the destination router has a route back to that IP subnet fine. Do a debug ip packet, might want to point it to an access-list so it doesn't show you everything. eg: debug ip pack 101. If the debugs show everything going out the same interface then it's probably the other end. HTH, Erick --- Hamid Ali Asgari wrote: Hi group, I have a router which is the main gateway of my network. All the hosts on my network can successfully ping everywhere on the internet, but the ROUTER itself has always a success rate at 50%. Bellow is the ping result: Router#ping Protocol [ip]: Target IP address: 193.0.0.193 Repeat count [5]: 10 Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 10, 100-byte ICMP Echos to 193.0.0.193, timeout is 2 seconds: !.!.!.!.!. Success rate is 50 percent (5/10), round-trip min/avg/max = Same time my computer which is exactly behind the router can ping 193.0.0.193 without any errors. No routing protocol is running on the router and it's using simple static routes and all of its interfaces have VALID IP addresses. Any idea what the problem is ??? Thanks in advance, __ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34173t=34173 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Ethernet SubInterfaces [7:33790]
Circus, You need to put 'encaps isl/dot1q (VLAN-#)' on the subinterface before defining the ip address. If this isn't a VLAN-trunk link then to assign multiple IPs, use the secondary keyword at the end of the ip address command on the major interface. Circusnuts wrote: Man- any idea on this one... I'm trying to run two physical addresses on one logical Ethernet interface. I cannot quite understand what this error message is pointing me to do (especially since it's a 10BaseT link). The CCO has sent me to MPLS examples. r4(config-subif)#inter e0.1 r4(config-subif)#ip address 10.1.1.1 255.255.255.0 Configuring IP routing on a LAN subinterface is only allowed if that subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q, or IS L vLAN. r4(config-subif)# Thanks Everyone !!! Phil [EMAIL PROTECTED] __ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33823t=33790 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
