OT Cisco Routers 4 sail [7:70664]
Hello everybody, i have got 2500 qty 10, 2600 qty5 , 2524 qty 10 for immediate sale in UAE, or abroad. contact with confidence Regards Farhan Ahmed Tel: 97126267050 Ext 108 Cell: 971507903578 Email: [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70664t=70664 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Access server problem [7:52462]
Hi all I ve got a problem The user is getting disconnect after 2-3 minutes, I ve changed the line at both side, Doesn't help, it was working b4 a month no configuration has been changed Anyone knows about this error? 8589934592d8589934592h: Call Handle failed for Modem 2/1 Also this one 0 2002-08-31 14:20:45 Local7.Debug192.168.10.13 1924: 2d06h: TTY66: Async Int reset: Dropping DTR 2002-08-31 14:20:45 Local7.Debug192.168.10.13 1925: 2d06h: Modem 2/1 Mcom: in modem state 'Disconnecting' 2002-08-31 14:20:45 Local7.Debug192.168.10.13 1926: 2d06h: Modem 2/1 Mcom: DISCONNECT, duration = 00:02:01, reason (0x9) DTR Drop 2d07h: Modem 2/1 Mcom: in modem state 'Dialing/Answering' 2d07h: Modem 2/1 Mcom: in modem state 'Incoming ring' 2d07h: %LINK-3-UPDOWN: Interface BRI1/2:1, changed state to up 2d07h: Modem 2/1 Mcom: in modem state 'Waiting for Carrier' 2d07h: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI1/2:1, o up 2d07h: %ISDN-6-CONNECT: Interface BRI1/2:1 is now connected to 0 2d07h: Modem 2/1 Mcom: in modem state 'Connected' 8589934592d8589934592h: Call Handle failed for Modem 2/1 2d07h: Modem 2/1 Mcom: CONNECT at 31200/31200(Tx/Rx), V34, LAPM, 2d07h: TTY66: DSR came up 2d07h: Modem 2/1 Mcom: switching to PPP mode 2d07h: TTY66: no timer type 1 to destroy 2d07h: TTY66: no timer type 0 to destroy 2d07h: tty66: Modem: IDLE-(unknown) 2d07h: %LINK-3-UPDOWN: Interface Async66, changed state to up 2d07h: Modem 2/1 Mcom: PPP escape map: Tx map = , Rx map 2d07h: Modem 2/1 Mcom: PPP escape map: Tx map = , Rx map 2d07h: TTY66: Async Int reset: Dropping DTR 2d07h: Modem 2/1 Mcom: in modem state 'Disconnecting' 2d07h: Modem 2/1 Mcom: DISCONNECT, duration = 00:00:26, reason ( 2d07h: TTY66: DSR was dropped 2d07h: tty66: Modem: READY-(unknown) 2d07h: TTY66: dropping DTR, hanging up 2d07h: tty66: Modem: HANGUP-(unknown) 2d07h: Modem 2/1 Mcom: in modem state 'Idle' 2d07h: %LINK-5-CHANGED: Interface Async66, changed state to rese 2d07h: TTY66: cleanup pending. Delaying DTR 2d07h: TTY66: cleanup pending. Delaying DTR 2d07h: TTY66: cleanup pending. Delaying DTR 2d07h: Modem 2/1 Mcom: switching to character mode 2d07h: TTY66: no timer type 0 to destroy 2d07h: TTY66: no timer type 1 to destroy 2d07h: TTY66: no timer type 3 to destroy 2d07h: TTY66: no timer type 4 to destroy 2d07h: TTY66: no timer type 2 to destroy 2d07h: Async66: allowing modem_process to continue hangup 2d07h: TTY66: restoring DTR 2d07h: TTY66: autoconfigure probe started 2d07h: %LINK-3-UPDOWN: Interface Async66, changed state to down Best Regards Have A Good Day!! ++ Farhan Ahmed MCSE+I, MCP Win2k, CCA, CCDA, CCNA, CSE , CCNP Network Engineer Mideast Data Systems Abu Dhabi Uae. www.mdsemirates.com Tel: 97126274000Cellular: 971507903578 ++ Be a builder, not a destroyer!!! Disclaimer: Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Errors and Omissions may occur in the contents of this e-mail arising out of or in connection with data transmission, network malfunction or failure, machine or software error, malfunction, or by the person who is sending the email. Mideast Data Systems accepts no responsibility for any such errors or omissions Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52462t=52462 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Need Some Advice [7:43476]
Hello guys I need to accommodate 21 e1 connections and 3 e3 connections to central site, somebody can tell me which cisco product should I choose at central and remote sites Thanks fa Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43476t=43476 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pix 520 [7:37836]
6.0 and Higher PIX software releases 6.0 and later and PIX Device Manager require a minimum of 32MB RAM and 8MB Flash. Some PIX 520 systems may not meet these minimum requirements, and the purchase and installation of a 128MB RAM upgrade and/or a 16MB flash card will be necessary. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, March 11, 2002 12:24 PM To: [EMAIL PROTECTED] Subject: RE: Pix 520 [7:37836] It only requires 8 mb of flash also. I am actually trying to install 6.13 not 6.2. I've also tried going just to 5.2 and get the same results. thanks -Original Message- From: Mark Odette II [mailto:[EMAIL PROTECTED]] Sent: Monday, March 11, 2002 9:02 AM To: Subject: RE: Pix 520 [7:37836] Jason- I might be wrong, but I think the 6.x PIX software requires the 16MB Flashcard. You might check CCO to confirm. Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Monday, March 11, 2002 1:15 AM To: [EMAIL PROTECTED] Subject: Pix 520 [7:37836] I currently am trying to upgrade a pix 520 from pix ios 4.7(7) to 6.2 and am having some difficulty or errors more like. When upgrading the pix I am using the 6.1 boothelper on the floppy to upgrade the pix. It gives me an error telling me that the pix's flash is obsolete. It then reboots the pix. I have never seen this before and have worked with plenty of pix's before. The pix runs fine with version 4.7 and has 8mb of flash for upgrade. Anybody have any ideas of what I can do to trick it possibly or a work around. Thanks, Jason Pehrson Systems Administrator Information Systems Department Naval Support Activity Naples, Italy [EMAIL PROTECTED] Work: (39) 081-568-4316 Cell: (39) 347-381-1060 Fax:(39) 081-568-5689 [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Pehrson, Jason Contractor (NSANAP N63).vcf] [GroupStudy.com removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37842t=37836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PAT [7:37848]
Hi Group, Any one has idea how to figure out or how to connect to specific service via an outside ip address that is being pat on a router Best Regards Have A Good Day!! ++ Farhan Ahmed MCSE+I, MCP Win2k, CCA, CCDA, CCNA, CSE , CCNP Network Engineer Mideast Data Systems Abu Dhabi Uae. www.mdsemirates.com Tel: 97126274000Cellular: 971507903578 ++ Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it [GroupStudy.com removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37848t=37848 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pix 520 [7:37836]
U might need more Flash size -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, March 11, 2002 11:15 AM To: Subject: Pix 520 [7:37836] I currently am trying to upgrade a pix 520 from pix ios 4.7(7) to 6.2 and am having some difficulty or errors more like. When upgrading the pix I am using the 6.1 boothelper on the floppy to upgrade the pix. It gives me an error telling me that the pix's flash is obsolete. It then reboots the pix. I have never seen this before and have worked with plenty of pix's before. The pix runs fine with version 4.7 and has 8mb of flash for upgrade. Anybody have any ideas of what I can do to trick it possibly or a work around. Thanks, Jason Pehrson Systems Administrator Information Systems Department Naval Support Activity Naples, Italy [EMAIL PROTECTED] Work: (39) 081-568-4316 Cell: (39) 347-381-1060 Fax:(39) 081-568-5689 [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Pehrson, Jason Contractor (NSANAP N63).vcf] [GroupStudy.com removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37839t=37836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
cant firgure it out why accesslist not working [7:25217]
dear all this access list is allowing rdp and other connections to the hosts like .47, cant firgure it out why accesslist not working.. any thoughts sh runn Building configuration... ! ! ! ! ip subnet-zero no ip finger no ip domain-lookup ! --More-- isdn switch-type basic-net3 ! ! ! interface FastEthernet0/0 ip address 201.170.253.33 255.255.255.224 secondary ip address 201.170.253.1 255.255.255.224 speed 10 full-duplex ! interface BRI0/0 description connected to Internet ip unnumbered FastEthernet0/0 ip access-group 101 in encapsulation ppp dialer idle-timeout 2147483 dialer string 400 dialer hold-queue 100 dialer-group 1 isdn switch-type basic-net3 no cdp enable ppp authentication chap callin ppp chap hostname mdspc-0012 --More-- ppp chap password 7 06051F324843 hold-queue 50 in ! interface FastEthernet0/1 no ip address shutdown speed 10 full-duplex ! ip classless ip route 0.0.0.0 0.0.0.0 BRI0/0 no ip http server ! access-list 101 permit tcp any host 201.170.253.10 eq www access-list 101 permit tcp any host 201.170.253.47 eq smtp access-list 101 permit tcp any host 201.170.253.47 eq pop3 access-list 101 permit tcp any host 201.170.253.47 eq 143 access-list 101 permit tcp any host 201.170.253.47 eq domain access-list 101 permit udp any host 201.170.253.47 eq domain access-list 101 permit tcp any host 201.170.253.48 eq smtp access-list 101 permit tcp any host 201.170.253.48 eq pop3 access-list 101 permit tcp any host 201.170.253.48 eq 143 access-list 101 permit tcp any host 201.170.253.50 eq 3389 --More-- access-list 101 permit tcp any host 201.170.253.51 eq 1494 access-list 101 permit tcp any host 201.170.253.51 eq 3389 access-list 101 permit icmp any host 201.170.253.47 dialer-list 1 protocol ip permit ! line con 0 transport input none line aux 0 line vty 0 4 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=25217t=25217 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT:need cisco equipments [7:25045]
any one wish to sale cisco equipments pls cont me with model serial no and prices delievery will be in united arab emirates, abudhabi can pay via visa and escrow or through a friend in NJ usa thnx farhan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=25045t=25045 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT:need cisco equipments [7:24923]
any one wish to sale cisco equipments pls cont me with model serial no and prices delievery will be in united arab emirates, abudhabi can pay via visa and escrow or through a friend in NJ usa thnx farhan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=24923t=24923 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
brain teaser Dhcp Relay question [7:24423]
hi group, i have a question, if we configure ip helper address on a remote network to pass the bootp to the central site , how the dhcp server will know from which scope to assign to the dhcp client via dhcp relay server , if we have multiple scope configured on dhcp server thnx for input fa Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=24423t=24423 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Domain for Sale [7:23887]
Hello all, I m selling one of my domain name www.certifiedpeoples.com If somebody is interested in setting up a knowledge website or groupdiscussion or a database of certified cisco peoples etc etc. pls cc me at [EMAIL PROTECTED] ;;; Farhan Ahmed MCSE+I, MCP Win2k, CCA, CCDA, CCNA, CSE , CCNP Network Engineer Mideast Data Systems Abu Dhabi Uae. ;;; Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=23887t=23887 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Outbond Vpn [7:21823]
hello Patrick, can u tell me what i need to open for the outbond access to a vpn server (win2k) pix 506 is on lan and nat and pat is running thnx in advance fa Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21823t=21823 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: source based routing ..... [7:21827]
u need policy routing send yr config -Original Message- From: Chamak [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 03, 2001 4:03 PM To: [EMAIL PROTECTED] Subject: Re: source based routing . [7:21827] Set the default gateway on both the serial interfaces to your ISP, this should work. Mukul RAJESH AGNIHOTRI wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Greetings to All ... I would highly appreciate if some one can help me out this problem... Basically we have connectivity to two ISP in India.We have different IP address give by the different ISP. 1 202.169.191.128/29 2164.164.89.80/28 ... These are the lan ip address give to use by the ISP... we have 2610 router with to serial interface and on Ethernet interface. Now we wanted to configure this router in such a way that any packet comming from 164.164.89.80/28 should be routed its respective ISP and any packet comming from 202.169.191.128/28 network should be routed to respective ISP. we have give both the ip address on the eth.. one of ISP 164 AND ISP 202 . SECONDRY .. can any one help us out on this Line of reply is highly appreciated Regards RajesH Agnihotri _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21832t=21827 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
spanning tree fwddelay ques [7:21547]
does anyone describe, somebody ask me, which statement is not true about spanning tree forward delay value that u can check with the catalyst 5000 show command ?? says: 1, all the default values are obtained from the root bridge ?? says: 2 all switch ports must use the values learned from the root bridge ?? says: 3 the delay calue can be set on the root bridge as fwddelay argument ?? says: 4 the delay is how much time the port should spend in listending or learning mode Best Regards Have A Good Day!! ;;; Farhan AhmedR MCSE+I, MCP Win2k, CCDA, CCNA, CSE , CCA Network Engineer Mideast Data Systems Abu Dhabi Uae. ;;; Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21547t=21547 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: connectivity issue [7:21600]
enable nat for that network nat (inside) 0 0 -Original Message- From: Paul Holloway [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 02, 2001 1:10 AM To: [EMAIL PROTECTED] Subject: connectivity issue [7:21600] Guys (and gals), I was wondering if anyone had ran into this problem. I have a private, pt-pt network terminating on my side with a 2524 running 11.1. This is connected into a 2900 switch. My ISP comes in on a 2610 through a PIX running 6.1.(Whose inside IP is the gateway for all PCs) It is also hitting the 2900. My machines behind the firewall can get to the internet and also ping the 2524 Ethernet interface on my side, but that is as far as they will go. I have put a static route into the PIX pointing any traffic for the 10.4.0.0 network (the far side of the pt-pt) directed to the inside IP of the 2524. from the PIX, I can ping the 2524, and any address on the far network. But the PCs cannot go past the Ethernet of the 2524. They can ping the inside interface of the 2524, but not even the WAN interface of this router. I have also added a static for the Network of the WAN link, a /30. I don't understand how the PIX can ping through the 2524 to the remote network and the PCs cannot, when all the routes are in the PIX to direct these packets to the correct destination(2524). Could it have to do with the fact the times I'm getting on those pings( around 600ms) are above the TTL on the PCs or could I be missing something else? This is probably going to turn out to be a stupid question, and I will regret sending it. Be gentle Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21631t=21600 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Passed CCNP Thanks To ALL [7:21634]
I ve completed the CCNP in 2 months i ve started on 31st july and ended on 1st October also i make the ccna exam again (new version) Many thanks to all of you who provide valuable informations and guides Reciepe: 1 month vacation from Office CCNP preparation Library from Cisco Press www.cisco.com Mentors and White papers groupstudy.com and finally the RED BULL (special thanks) www.redbull.com Best Regards Have A Good Day!! ;;; Farhan AhmedR CCA, MCSE+I, MCP Win2k, CCDA, CCNA, CSE , CCNP Network Engineer Mideast Data Systems Abu Dhabi Uae. ;;; Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21634t=21634 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
pix 506 users support [7:21503]
how many users does pix 506 support simultaneously Best Regards Have A Good Day!! ;;; Farhan AhmedR MCSE+I, MCP Win2k, CCDA, CCNA, CSE , CCA Network Engineer Mideast Data Systems Abu Dhabi Uae. ;;; Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21503t=21503 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
tunning buffers [7:21268]
hello all any bidy has an idea what does it mean by need-11 the router is suffereing form no buffer Buffer elements: 437 in free list (500 max allowed) 475 hits, 0 misses, 0 created Small buffers, 104 bytes (total 60, permanent 60): 60 in free list (20 min, 150 max allowed) 62 hits, 0 misses, 0 trims, 0 created Middle buffers, 600 bytes (total 25, permanent 25): 23 in free list (10 min, 75 max allowed) 58 hits, 0 misses, 0 trims, 0 created Big buffers, 1524 bytes (total 71, permanent 66, need -11): 5 in free list (5 min, 40 max allowed) 66 hits, 0 misses, 0 trims, 5 created 16 max cached, 15 in cache free list Large buffers, 5024 bytes (total 0, permanent 0): 0 in free list (0 min, 10 max allowed) 0 hits, 0 misses, 0 trims, 0 created Huge buffers, 18024 bytes (total 0, permanent 0): 0 in free list (0 min, 4 max allowed) 0 hits, 0 misses, 0 trims, 0 created Best Regards Have A Good Day!! ;;; Farhan AhmedR MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. ;;; Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21268t=21268 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
tunning buffers in 2500 router [7:21270]
hello all any bidy has an idea what does it mean by need-11 the router is suffereing form no buffer Buffer elements: 437 in free list (500 max allowed) 475 hits, 0 misses, 0 created Small buffers, 104 bytes (total 60, permanent 60): 60 in free list (20 min, 150 max allowed) 62 hits, 0 misses, 0 trims, 0 created Middle buffers, 600 bytes (total 25, permanent 25): 23 in free list (10 min, 75 max allowed) 58 hits, 0 misses, 0 trims, 0 created Big buffers, 1524 bytes (total 71, permanent 66, need -11): 5 in free list (5 min, 40 max allowed) 66 hits, 0 misses, 0 trims, 5 created 16 max cached, 15 in cache free list Large buffers, 5024 bytes (total 0, permanent 0): 0 in free list (0 min, 10 max allowed) 0 hits, 0 misses, 0 trims, 0 created Huge buffers, 18024 bytes (total 0, permanent 0): 0 in free list (0 min, 4 max allowed) 0 hits, 0 misses, 0 trims, 0 created Best Regards Have A Good Day!! ;;; Farhan AhmedR MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. ;;; Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21270t=21270 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Can I configure 2 leased line for single channel ? [7:21254]
ppp multilink but u need to change the encapsulation -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 9:06 AM To: [EMAIL PROTECTED] Subject: Can I configure 2 leased line for single channel ? [7:21251] Hello all, I have 128 KBPS leased line between 2 routers and I want to enhance the performance of the same using one more leased line . Can anyboby suggest me whether is there any command which will make these 2 lines to work as 1 logical line as is the case with etherchannel ? Thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21254t=21254 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: invalid magic number in 2600 [7:21249]
try to erase flash and put the ios again send the dump of yr screen -Original Message- From: Alejandro Pelaez [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 8:42 AM To: [EMAIL PROTECTED] Subject: invalid magic number in 2600 [7:21249] I can't boot a 2600 router, I get the message 'invalid magic number' in flash. Ive tried changing the config register but it didn't work. Please if you know how to fix this answer to [EMAIL PROTECTED] please (if you want to answer to the newsgroup you can too, but please i prefer the email response). Thanks in advance. I have some other question to ask. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21255t=21249 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DHCP [7:21051]
i remember the only command i ut on the cisco router is peer default ip address dhcp and enable the ip helper address -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 11:28 PM To: [EMAIL PROTECTED] Subject: Re: DHCP [7:21051] OK, I'm starting to see where the confusion is coming from. The ip dhcp-server command can be used on dial-up PPP links. It specifies the IP address of a DHCP server for the PPP client to use. It was almost impossible to find in the documentation. Most of the ip dhcp commands relate to telling your router to be a DHCP server, which is a completely different solution, of course. Are you using PPP, Khramov? The general-purpose way to tell your router the address of your DHCP server is the ip helper-address command. Priscilla At 01:54 PM 9/26/01, Tim Booth wrote: Priscilla and others: Ip dhcp-server does not turn your router into a dhcp server. It tells your router where your dhcp server is. Tim Booth - Original Message - From: Priscilla Oppenheimer To: Sent: Wednesday, September 26, 2001 12:12 PM Subject: Re: DHCP [7:21051] Why do you want to turn your router into a DHCP server? I thought you already had a DHCP server. You just need a helper address and ip forward-protocol udp 67 no ip forward-protocol 137 no ip forward-protocol 138 The last two commands are because you said that NetBIOS broadcast forwarding was causing problems for your NT server. When you have a helper address, the router forwards a bunch of UDP packets. You have to configure it to be more discerning. Priscilla At 09:24 AM 9/26/01, khramov wrote: Hello, ip dhcp-server works, I didn't specify it with a hyphen. So would you agree that the best solution for me would be to disable ip directed broadcast, ip helper address and enable ip dhcp-server at the global config? If I enable ip dhcp-server do I need to enable ip forward-protocol udp (ports 66 and 67)? Thanks a lot, Alex MADMAN wrote: Hmm.. I haven't done it in a while so I tried it on a 7507 with RSP8's and an MSFC2, they both accepted the command just fine but are not in the config. So I figured they must be enabled by default so I did a no ip forward protocol udp 67 and wallah, there it is!!! C7507MIX#conf t Enter configuration commands, one per line. End with CNTL/Z. C7507MIX(config)#no ip for C7507MIX(config)#no ip forward-protocol udp 67 C7507MIX(config)#^Z C7507MIX#wr t Building configuration...ip kerberos source-interface any ip classless no ip forward-protocol udp bootps Dave khramov wrote: I did that, but when I do sh run it is not showing up in config file. I mean (ip forward-protocol udp 67). Is that the way it is suppose to be? MADMAN wrote: Check ip foward protocol Dave khramov wrote: Hello How do I enable broadcast for DHCP server? I know that ip helper enables UDP broadcast, but broadcast of netbios services causes some problems for win nt server. So I guess to be more specific what can I do to forward udp broadcast on ports 67 and 68 only? And another question that I have what exactly ip directed-broadcast command does? I've searched Cisco's web site but I never came across a clear defenition? Thanks, Alex [GroupStudy.com removed an attachment of type text/x-vcard which had a name of khramov.vcf] -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it [GroupStudy.com removed an attachment of type text/x-vcard which had a name of khramov.vcf] -- David Madland CCIE# 2016 Senior Network Engineer Qwest Communications 612-664-3367 [GroupStudy.com removed an attachment of type text/x-vcard which had a name of khramov.vcf] Priscilla Oppenheimer http://www.priscilla.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21256t=21051 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: can 3640 RAS can support both out incomi [7:20133]
yes its possible u need to install ras on nt -Original Message- From: Jagan Krishnaraj [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 5:12 AM To: [EMAIL PROTECTED] Subject: RE: can 3640 RAS can support both out incomi [7:20133] Thank you Chris Cell. The situation is like this: 1. Windows NT server Cisco 3640 Remote Site Windows 98 PC dialout 16 port NM-Analog RAS 2. Windows NT server Cisco 3640 Remote Site Windows 98 PC dialout 16 port NM-Analog RAS Are these methods possible. Please let me know. regards jagan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20253t=20133 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Alert: Some sort of IIS worm seems to be propagating [7:20360]
-Original Message- From: Simon Clausen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 12:49 AM To: [EMAIL PROTECTED] Subject: Re: Alert: Some sort of IIS worm seems to be propagating Sent on behalf of Rich Zuris ([EMAIL PROTECTED]) due to his network being taken offline by the worm. Following is a list of recorded changes made to NT4 SP6a with Q299444 rollup security patches. The following is appended to EVERY HTML file on the machine: window.open(readme.eml, null, resizable=no,top=6000,left=6000) Just about every directory on the machine has one or more files with extension .eml, mostly readme.eml but also other names that seem to correspond to directory or other filenames. Total of 1234 .eml files created, totalling 98Mb (about 78Kb each). Also got 55 files with extension .nws, containing exact same content. Both .eml and .nws files can be opened by Outlook Express. Virus makes numerous outbound connections to port 80 to propagate itself to other servers. Virus sets IE5 to IE4 compatibility mode (apparently to circumvent security) and crashes Explorer.exe when IE is launched. IExplore.exe appears to be hacked, and there is now a hidden IExplore .exe (note the space before the extension) in same directory. Virus code in stealth executable file with name tftp###, where ### is any numeric string. File has no extension, but it is definitely a Windows executable. This file is placed into \Program Files\Common Files\System\MSADC, and in same directory, Admin.dll appears to be hacked. IIS console hacked: New MMC.EXE placed in \WINNT directory, which may override original version in \WINNT\System32. EXE files placed into TEMP directory. Note that most/all hacked EXE files are flagged Hidden. Riched20.dll files placed in random directories (not on PATH, not containing executables). NT Account Guest was made a member of the NT Administrators group! Regards, Simon Clausen -Original Message- From: Windows NTBugtraq Mailing List [mailto:[EMAIL PROTECTED]] On Behalf Of Russ Sent: Wednesday, 19 September 2001 1:21 AM To: [EMAIL PROTECTED] Subject: Alert: Some sort of IIS worm seems to be propagating -BEGIN PGP SIGNED MESSAGE- There have been numerous reports of IIS attacks being generated by machines over a broad range of IP addresses. These infected machines are using a wide variety of attacks which attempt to exploit already known and patched vulnerabilities against IIS. It appears that the attacks can come both from email and from the network. A new worm, being called w32.nimda.amm, is being sent around. The attachment is called README.EXE and comes as a MIME-type of audio/x-wav together with some html parts. There appears to be no text in this message when it is displayed by Outlook when in Auto-Preview mode (always a good indication there's something not quite right with an email.) The network attacks against IIS boxes are a wide variety of attacks. Amongst them appear to be several attacks that assume the machine is compromised by Code Red II (looking for ROOT.EXE in the /scripts and /msadc directory, as well as an attempt to use the /c and /d virtual roots to get to CMD.EXE). Further, it attempts to exploit numerous other known IIS vulnerabilities. One thing to note is the attempt to execute TFTP.EXE to download a file called ADMIN.DLL from (presumably) some previously compromised box. Anyone who discovers a compromised machine (a machine with ADMIN.DLL in the /scripts directory), please forward me a copy of that .dll ASAP. Also, look for TFTP traffic (UDP69). As a safeguard, consider doing the following; edit %systemroot/system32/drivers/etc/services. change the line; tftp 69/udp to; tftp 0/udp thereby disabling the TFTP client. W2K has TFTP.EXE protected by Windows File Protection so can't be removed. More information as it arises. Cheers, Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor -BEGIN PGP SIGNATURE- Version: PGP Personal Privacy 6.5.2 iQCVAwUBO6dmcRBh2Kw/l7p5AQHJCgQA1JHwqF5RjJX+QVMMDUChVqn6yReQXqEH Tm8Ujms5+6ia0tcT1qmZWJV48eHYNzV3+AyyO6Gn8ds/NVYJUupDHB1Yy1DY/po6 iycY2qnARDJP6KNmHI0bAdBUBtsnVo5P9itElIoqKbAorQjamKI2eqd4TdE0yfIO hSW7yN2lhJc= =YAwc -END PGP SIGNATURE- Delivery co-sponsored by Trend Micro, Inc. TREND MICRO SCANMAIL FOR EXCHANGE 2000 -- SECOND to NONE If you are worried about email viruses, you need Trend Micro ScanMail for Exchange. ScanMail is the first antivirus solution that seamlessly integrates with the Microsoft Exchange 2000 virus-scanning API 2.0. ScanMail ensures 100% inbound and outbound email virus scanning and provides remote software management. Download a FREE 30-day trial copy of ScanMail and find out why it is the best: http://www.antivirus.com/banners/tracking.asp?si=8BI;=240UL;=/smex2000
1603R Crash No Console Access [7:20049]
hello everone, After an upgrade of Ios and Dram (kingston) on a 1603 R router by one of our guys, the router crash and i cannot getinto the router the console is not responding the back led is showing ok the link led is ok BUT the front led is blingking countinously , sometimes 7 , 8 or in the begiinnng v fast then stays blinking i ve tried to xmodem the new ios but no luck also search on cco and still but nothing does anyone has clue Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind.Opinions,Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20049t=20049 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Active Directory Ports PIX [7:19772]
u can join the domain and then stop replication , it will still work as a stand alone domain controller. -Original Message- From: Evans, TJ [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 16, 2001 7:50 AM To: [EMAIL PROTECTED] Subject: RE: Active Directory Ports PIX [7:19772] You also need to specify what is where ... ... AD servers in DMZ / outside or the client PC's in the DMZ / outside? Hopefully, AD inside ... but then again, hopefully you would use a VPN for the outside boxes to connect. One possible, semi-allowable exception - multiple firewalls; either layered or separate .. AD is supposed to be all encrypted, no? Separate: Running on theory here ... you would still hopefully use a PIX2PIX VPN! But ... I believe TCP ports 135-139 and 445 are used, dunno if all are needed tho'. Layered: We have one client that has the primary firewall, which has the AD server and some Web/APP server ... they also have another PIX behind the first PIX, which then houses some DB servers. I believe, the DB servers were able to join the domain w/o any config changes as they were outbound connections. One issue we had - the DB server registered themselves in DDNS with their INTERNAL addresses so all of the other boxes using AD provided DNS could not reach them address to reach them. Thanks! TJ -Original Message- From: Patrick Ramsey [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 13, 2001 11:24 AM To: [EMAIL PROTECTED] Subject:Re: Active Directory Ports PIX [7:19772] Allowing a server access to all domain functions completely defies putting it in a DMZ... That means if any one person broke into a box in the dmz, he has access to the entire domain not a good idea.. -Patrick Dave Luancing 09/13/01 10:36AM Does anyone know what ports need to be opened in a PIX to allow servers to join the domain and replicate. Thanks, Dave __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ * The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20094t=19772 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PPP Authentication CHAP [7:18093]
nothing to do with that.. -Original Message- From: Jaspreet Bhatia [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 13, 2001 12:30 AM To: [EMAIL PROTECTED] Subject: Re: PPP Authentication CHAP [7:18093] Hello Gaz, I was facing a very similar issue.This is what I did and it may seem strange but it worked for me .I turned on service password-encryption and then CHAP authentication strated working . See if it works for you Jaspreet Gaz wrote: Hi, Can you help me plz guys been trying to get me 1601 with ISDN WIC to work for yonks. From debug's it looks like CHAP AUTH is failing but I don't know why ?! I have enclosed sh ver, sh run and debug dialer, debug ppp auth chap. Any help would be greatly appreciated. Thanx in advance. Sh ver 1601#sh ver Cisco Internetwork Operating System Software IOS (tm) 1600 Software (C1600-SY-L), Version 12.0(7)T, RELEASE SOFTWARE (fc2) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Mon 06-Dec-99 18:03 by phanguye Image text-base: 0x0803DCE8, data-base: 0x02005000 ROM: System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY DEPLOYMENT RELEASE SOFTWARE (fc2) ROM: 1600 Software (C1600-BOOT-R), Version 11.1(7)AX, EARLY DEPLOYMENT RELEASE S OFTWARE (fc2) 1601 uptime is 1 hour, 30 minutes System returned to ROM by power-on System image file is flash:/c1600-1207T.bin cisco 1601 (68360) processor (revision C) with 13824K/4608K bytes of memory. Processor board ID 04909005, with hardware revision Bridging software. X.25 software, Version 3.0.0. Basic Rate ISDN software, Version 1.1. 1 Ethernet/IEEE 802.3 interface(s) 1 Serial(sync/async) network interface(s) 1 ISDN Basic Rate interface(s) System/IO memory with parity disabled 2048K bytes of DRAM onboard 16384K bytes of DRAM on SIMM System running from FLASH 7K bytes of non-volatile configuration memory. 8192K bytes of processor board PCMCIA flash (Read ONLY) Configuration register is 0x2102 Sh run Building configuration... Current configuration: ! version 12.0 service timestamps debug datetime msec service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname 1601 ! enable secret 5 $1$FgI.$bygzIO/R77k37T.qfBWhH. ! username xx password 0 x ! ! ! ! ip subnet-zero no ip domain-lookup ! isdn switch-type basic-net3 isdn voice-call-failure 0 ! ! ! interface Ethernet0 ip address 10.10.1.1 255.255.255.0 no ip directed-broadcast ip nat inside no ip route-cache no ip mroute-cache ! interface Serial0 physical-layer async bandwidth 64000 ip unnumbered Ethernet0 no ip directed-broadcast encapsulation ppp no ip route-cache no ip mroute-cache keepalive 10 dialer in-band dialer wait-for-carrier-time 120 async mode interactive fair-queue 64 16 0 ppp authentication chap callin ! interface BRI0 bandwidth 64 ip address negotiated no ip directed-broadcast ip nat outside encapsulation ppp no ip route-cache no ip mroute-cache no keepalive dialer idle-timeout 150 dialer string 08451400101 dialer-group 2 isdn switch-type basic-net3 ppp authentication chap ! ip nat inside source list 100 interface BRI0 overload ip classless ip route 0.0.0.0 0.0.0.0 BRI0 no ip http server ! access-list 100 permit ip 10.10.1.0 0.0.0.255 any access-list 101 deny udp any any eq snmp access-list 101 deny udp any any eq ntp access-list 101 permit ip any any access-list 110 deny udp 10.10.1.0 0.0.0.255 eq netbios-ns any log dialer-list 1 protocol ip list 110 dialer-list 2 protocol ip permit ! line con 0 exec-timeout 0 0 transport input none line 1 modem InOut transport input all stopbits 1 speed 115200 flowcontrol hardware line vty 0 exec-timeout 0 0 login local length 25 line vty 1 4 exec-timeout 0 0 login local ! 1601#sh deb Dial on demand: Dial on demand events debugging is on PPP: PPP protocol negotiation debugging is on ISDN: ISDN Q931 packets debugging is on ISDN Q931 packets debug DSLs. (On/Off/No DSL:1/0/-) DSL 0 -- 1 1 - 1601#ping 4.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.1.1.1, timeout is 2 seconds: *Mar 1 01:42:51.533: BRI0 DDR: Dialing cause ip (s=10.10.1.1, d=4.1.1.1) *Mar 1 01:42:51.537: BRI0 DDR: Attempting to dial 08451400101 *Mar 1 01:42:51.549: ISDN BR0: TX - SETUP pd = 8 callref = 0x04 *Mar 1 01:42:51.553: Bearer Capability i = 0x8890 *Mar 1 01:42:51.553: Channel ID i = 0x83 *Mar 1 01:42:51.557: Called Party Number i = 0x80, '08451400101' *Mar 1 01:42:51.747: ISDN BR0: RX CONNECT_ACK pd = 8 callref = 0x04 01:43:43: %LINK-3-UPDOWN: Interface BRI0:2, changed state to up 01:43:43: %ISDN-6-CONNECT: Interface BRI0:2 is now connected to 08451400101 *Mar 1 01:42:53.561: BR0:2 PPP: Treating connection as a callout *Mar 1 01:42:53.565: BR0:2 PPP:
RE: Troubleshooting ethernet interface on a 2501 router [7:19545]
set keep alives also tryy shut and no shut -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 12, 2001 10:03 AM To: [EMAIL PROTECTED] Subject: Troubleshooting ethernet interface on a 2501 router [7:19543] Hello All: When I remove the UTP cable off the ethernet transceiver my router responds with a Ethernet0 is UP, line protocol is down...however when I reconnect the cable...it won't come back upwhy is that and how do I fix it? This is strictly in a lab environment..but I'm trying to find out why it can't synch up again. Is there a setting that I have to retype to tell it the line is connected?? Any thoughts on this is greatly appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19545t=19545 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 1603R Crash [7:19378]
hello everone, After an upgrade of Ios and Dram on a 1603 R router by one of our guys, the router crash and i cannot getinto the router the console is not responding the back led is showing ok the link led is ok BUT the front led is blingking countinously , sometimes 7 , 8 or in the begiinnng v fast then stays blinking i ve tried to xmodem the new ios but no luck also search on cco and still but nothing does anyone has clue Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind.Opinions,Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19544t=19378 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Redistributing IGP's to BGP NOT working!! [7:19706]
rta should have two interface one running ibgp and one ebgp rtb and rtc should be bgp peers with sync off -Original Message- From: Brian [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 13, 2001 7:35 AM To: [EMAIL PROTECTED] Subject: Re: Redistributing IGP's to BGP NOT working!! [7:19706] igp and bgp networks identical with same mask? What about sync Bri - Original Message - From: Cisco Nuts To: Sent: Wednesday, September 12, 2001 7:11 PM Subject: Redistributing IGP's to BGP NOT working!! [7:19706] Hello, I have configured 3 routers with BGP.RTA and RTB are in AS100...RTC on AS300 RTA has netw. 150.10.0.0 configed on Loopback0 RTB netw. 160.10.0.0 and RTC netw. 170.10.0.0 likewise RTC connected to RTA and RTA connected to RTB Have the networks advertised on each router Have the redistribute connected configed on RTA Also have RIP running b/w RTA and RTB with networks 150.10.0.0 and 160.10.0.0 configed. Have the redistribute rip command on RTA Problem is: Cannot ping 160.10.0.1 from RTC and Cannot ping 160.10.0.1 from RTA Cannot ping 170.10.0.1 from RTB I took out rip and configured static routes on RTA and RTB and the redistribute static command on RTA...Still same problem. Question is: What is the trick to redistribute IGP or static routes to BGP so that RTC can get those networks?? Please advise. Thank you. Kind regards. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19729t=19706 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: mail servers behind the pix [7:19381]
static (inside,outside) global ip local ip mask conduit permit global ip eq 25 change to dmz if u have it on dmz insead -Original Message- From: fmxiao [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 10:41 AM To: [EMAIL PROTECTED] Subject: mail servers behind the pix [7:19381] hi all, how to configurate the pix, so that a mail server (NT 4 w/ Exchange) can communicate with other mail servers on the Internet behind the pix? thx. adv. roy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19384t=19381 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Multihoming BGP with two seperate ISP's via single router [7:19370]
actually only one outsie route is allowed in pix so u might think of putting a nother router in between pix and yr bgp router -Original Message- From: Jeff Smith [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 7:24 AM To: [EMAIL PROTECTED] Subject: Re: Multihoming BGP with two seperate ISP's via single router [7:19361] Bob, Is your PIX default gateway the router in question? If yes, it should not even know what is going on in terms of bgp at the edge. The bgp changes should not affect its routing, as long as there is a path available beyond that router when the change occurs, which you said there is. I have always used static routes between PIX-router, are you running a protocol? Jeff From: Bob Reply-To: Bob To: [EMAIL PROTECTED] Subject: Multihoming BGP with two seperate ISP's via single router that [7:19328] Date: Mon, 10 Sep 2001 18:01:04 -0400 Hello, I am multihoming BGP with two seperate ISP's via single router that is connected to a PIX. When I shutdown the one of my serial ports to one of the ISP's you can see the BGP table removing paths. All trace's show that the router starts routing to the ISP that is still active, but all the workstations on the inside of the pix interface can no longer route. I've read where the PIX Firewall does not support the use of BGP, and that I could use RIP between them. Does anyone have an example of this configuration? My searches on this subject within Cisco's knowledgebase have not been very successfull. Or if you can think of another solution for my setup, please let me know. Thank you, _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19370t=19370 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Load Balancing using BGP challenge problem [7:19339]
then u should think abt running 2 static routes and forget abt bgp cuz its really doesnt exsist -Original Message- From: suaveguru [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 4:53 AM To: [EMAIL PROTECTED] Subject: Load Balancing using BGP challenge problem [7:19339] hi all I have been cracking my head with this load-balancing issue but still no answer . It goes as such Customer A has two providers to Internet The first provider runs BGP with Customer A and is only a Receive-Only Inbound link over Satellite The second provider is a terrestrial link full-duplex but the customer does not run BGP with them but purely a default route Question is how can I use BGP to balance the traffic between the two providers for the Inbound traffic to the customer. I have been contemplating on using AS-PATH prepend but was not so ready to use it because the customer does not have their own AS-NUMBER and is using private AS number provided by the first satellite provider and the first provider simply strip private AS-Numbers at their router Any form of input will be greatly appreciated __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19371t=19339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
1603R Crash [7:19378]
hello everone, After an upgrade of Ios and Dram on a 1603 R router by one of our guys, the router crash and i cannot getinto the router the console is not responding the back led is showing ok the link led is ok BUT the front led is blingking countinously , sometimes 7 , 8 or in the begiinnng v fast then stays blinking i ve tried to xmodem the new ios but no luck also search on cco and still but nothing does anyone has clue Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind.Opinions,Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19378t=19378 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: I have a customer who... food for thought - static routes [7:17824]
u might need to consider a radius server and map routes to the usernames -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 30, 2001 10:29 AM To: [EMAIL PROTECTED] Subject: I have a customer who... food for thought - static routes [7:17819] I have a customer who... don't you love it when a post begins with those words? In my case, I am hoping this can serve as food for thought, a springboard for discussion. So here goes My customer is a high tech firm whose name you would all recognize, if I were to exhibit ill manners by revealing it. My project ( well, I'm just the junior assistant engineer ) is to develop and proof configurations for a private remote access network. DSL at the home, ATM at the central site. Not a VPN. This circuit does not touch the internet. In any case, the client is expecting 500-1000 home users on this network. Here's the kicker. the client refuses to allow routing protocols on either the home user routers ( Cisco 827's ) or the central site router ( Cisco 7206 ) That means how many static routes at the host site? :-0 Food for thought - what are some of the reasons the customer might not want a routing protocol of any kind on this network? When discussing with the customer engineer in charge of this project, I was given a couple of reasons, and upon hearing them I saw the point and agreed the concerns were valid. BTW, the point was not that the customer hates me and wants me to spend the next three weeks typing in static routes. Nor is it that the customer does not get it. It is not a matter of good or bad design. So, in light of the old saw that static routes are not scalable, and should be avoided, what might be some reasons that a designer would demand a network of this size and relative complexity, with users being added, subtracted, and relocated, thus creating long term employment for the router administrator, be composed entirely of static routes? What are the plusses? What is the downside? Your analyses, please. Chuck P.S. I think I'm going to try again. Maybe On Demand Routing would solve my problem and the customer's. Oops, that's right. The major component of ODR is not allowed on this network either. ( hint ) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=17824t=17824 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: please clear my concept on frame-relay and ISDN [7:17649]
i think they put a ta on serial interface and change the layer 2 to isdn instead if u dont have a isdn interface -Original Message- From: Susan Stone [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 29, 2001 1:06 PM To: [EMAIL PROTECTED] Subject: please clear my concept on frame-relay and ISDN [7:17649] Hi.. Dear all, I don!t understand this. Hope u can clear my concept. I have a 1700 router in remote office(Milan) which is connected to a main router in London via a Frame-relay link in interface s0.1. My IT colleague (Milan) told me that the frame-relay line was cancelled last week by ISP!s mistake and the link has been running on ISDN since the 20th August. Until now it is still in ISDN. Now I found that the Milan(remote) router is still connecting main router via the same interface s0.1. When I type !'sh int s0.1!( shown below, it still show me that it is a frame-relay. 1)How do I know whether it is on ISDN or not, what command? 2)What is the difference between frame-relay line and lease line. Can I say that previously the line is a frame-relay leased line and now it is a frame-relay ISDN line?? 3)How can they change the line into a ISDN using the same interface? I thought it should have a ISDN back up interface?? Can the ISP vendor change the circuit to ISDN at their site without coming the Milan office? Or the Remote(Milan) office change a ISDN!s CSU/DSU and made it to a ISDN line? MILAN1sh int s0.1 Serial0.1 is up, line protocol is up Hardware is PowerQUICC Serial Description: --- Links to LON1, Ser1/0.12 --- Internet address is 60.100.201.152/30 MTU 1500 bytes, BW 256 Kbit, DLY 2 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation FRAME-RELAY _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=17652t=17649 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
inside, outside and dmz [7:17627]
comments below, isnt it better to keep mailservers and other servers inside and allowing only the ports that are required from outside , instead of putting them into dmz and allow more ports ,in the case of microsoft exchange servers web servers with database connection etc... what is the real benefit? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=17627t=17627 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pix Route issue [7:17242]
only one route is allowed.. Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. -Original Message- From: Bob Nawrocki [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 25, 2001 8:30 PM To: [EMAIL PROTECTED] Subject: Pix Route issue [7:17242] We have a Pix firewall that is serving as a default gateway to the Internet as well as providing ipsec tunnel connectivity to several remote offices for serveral hosts on a subnet. On the same subnet we have a 2600 providing a point to point wan link. I added a route to the Pix on the inside interface to point to the 2600 for the wan route. I am still not able to connect to that subnet unless i add a specific route on the hosts. When running debug logging on the Pix I get the following output: 106011: Deny inbound (No xlate) icmp src inside:10.111.1.55 dst inside:10.112.3.3 (type 8, code 0) Any thoughts? Bob Nawrocki CCNP CCDP [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Farhan Ahmed.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=17293t=17242 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pix Route issue [7:17242]
two networks connect to inside interface the inside interface add is 10.1.1.4 route inside 10.1.2.0 255.0.0.0 10.1.1.4 1 route inside 10.1.3.0 255.0.0.0 10.1.1.4 1 Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. -Original Message- From: Bob Nawrocki [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 25, 2001 8:30 PM To: [EMAIL PROTECTED] Subject: Pix Route issue [7:17242] We have a Pix firewall that is serving as a default gateway to the Internet as well as providing ipsec tunnel connectivity to several remote offices for serveral hosts on a subnet. On the same subnet we have a 2600 providing a point to point wan link. I added a route to the Pix on the inside interface to point to the 2600 for the wan route. I am still not able to connect to that subnet unless i add a specific route on the hosts. When running debug logging on the Pix I get the following output: 106011: Deny inbound (No xlate) icmp src inside:10.111.1.55 dst inside:10.112.3.3 (type 8, code 0) Any thoughts? Bob Nawrocki CCNP CCDP [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Farhan Ahmed.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=17294t=17242 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Unable to detect source for attack [7:17095]
command debug ip packet detail Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. -Original Message- From: suaveguru [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 9:54 AM To: [EMAIL PROTECTED] Subject: Unable to detect source for attack [7:17095] hi all, I am not able to detect the type of an ip attack on an interface . All I can detect is the source and destination ip addresees using ip accounting but I could not block the ip addresses because they are all in use . All I can do is to find out what kind of traffic is causing the attack for e.g. tcp, udp , sync etc. but what tools could I use? regards, suaveguru __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Farhan Ahmed.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=17228t=17095 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: traceroute [7:16494]
ctrl+shift+6 then press x Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. -Original Message- From: kaushalenders [mailto:[EMAIL PROTECTED]] Sent: Sunday, August 19, 2001 3:45 PM To: [EMAIL PROTECTED] Subject: traceroute [7:16494] hi , how can we quit in between when router is tracerouteing any destination from traceroute or cancel the traceroute thanx kaushlender [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Farhan Ahmed.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16495t=16494 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX static map question [7:15983]
clear xlate to make your changes in affect sequence doesnt matter Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. -Original Message- From: Munzir Khan [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 16, 2001 10:12 AM To: [EMAIL PROTECTED] Subject: RE: PIX static map question [7:15983] Question for MAJDI EVANS just a quick question, Is it really require to restart the pix firewall to take effect the new settings?? another question is defining static map for INSIDE/DMZ/OUTSIDE should be in sequence or it does not mater whatever sequence you make. for example static (inside,outside) 212.x.x.10 192.168.0.30 netmask 255.255.255.255. 0.0 static (inside, DMZ) static (inside) static (inside,outisde) see above it is not in sequence i have the same case, I applied the settings you have suggested but it is not even ping to that IP from outside ... also tell me Conduit need to be also arranged by the Ip addresses ??? please suggest!!! [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Farhan Ahmed.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16258t=15983 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Code Red?? Virus Problems for DDR and Pix [7:15160]
just nat Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. -Original Message- From: Gareth Hinton [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 08, 2001 1:30 AM To: [EMAIL PROTECTED] Subject: Code Red?? Virus Problems for DDR and Pix [7:15160] Had some problem site today where router was constantly dialling different sites. I must admit this was not a Cisco router, it was a Bintec but I think a problem which would be the same with a Cisco, so thought I'd mention it here. I shoved a sniffer on the ethernet interface of the router (Bintec debug is poor), and found that three servers on the LAN were constantly sending http port 80 packets to (almost) random addresses. I say random, because they did seem to be within the Class A range even though the ethernet was using a 24 bit mask. There was no reason for this traffic apparently, other than one of the variants of Code Red virus on the three servers. Once all the Microsoft patches were installed and the servers re-booted, the problem disappeared. I'll be honest that I haven't had a good look which of the variants it was, as the rest of the day has been pretty busy. Also had another problem which I don't know whether is connected or not. We've had a sudden flow of support customers with Pix 506 which keep re-booting (very regularly - few minutes). We've replaced a few of them, upgrading the code from the deferred 5.3.1 to 5.3.2 and waiting to hear whether that alone has cured the problem. In the lab, I couldn't get the box to fall over even with the deferred code on. Tried using the sniffed packets from above server faults with traffic generator to generate 100% network traffic, but still stayed up. Something I did notice was that the customers config used the outside interface within the global range, and had no overload. i.e. (IP addresses changed) ip address outside 192.49.146.243 255.255.255.248 global (outside) 1 192.49.146.243-192.49.146.246 whereas I used something more like: ip address outside 192.49.146.243 255.255.255.248 global (outside) 1 192.49.146.244-192.49.146.245 global (outside) 1 192.49.146.246 I know I could now use the outside interface with the accepted commands, but I am not convinced that the customers config is a workable method. Can anybody advise on whether or not the customers config would actually do PAT, or whether it would allow four NAT sessions then stop. I won't rattle on any more as I suspect the number of people reading this far is limited, but may have further input if the thread continues. Regards, Gaz [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Farhan Ahmed.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=15591t=15160 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: dial in to AUX port on 2611 [7:15417]
try modem autoconfigure-discovery or reverse telnet to port 2001 if its line 1 on yr router u can see by sh line command get yr strings from 56k.com and do it manually also do debug confmodem b4 modem autoconfigure-discovery to c whats happening with modem - Original Message - From: No Data To: Sent: Thursday, August 09, 2001 9:06 PM Subject: Re: dial in to AUX port on 2611 [7:15417] try this. modemcap edit usrmodem misc FS0=1C1D3H1R2B1 then under the line config modem autoconfigure type usrmodem speed 38400 Make sure dips 3 and 8 are down and the rest up. hth Ben --- Mr. Richard L. Pickard wrote: I have a US Robotics Sportster 14,000 modem connected to my 2611 router via the AUX port. The router does not answer the call. I have an enable enable secret password set. I am certain of the satin crossover cable and all other physical layer issues. Here is my config: line con 0 transport input none line aux 0 password cisco login modem InOut transport input all speed 115200 flowcontrol hardware line vty 0 1 password cisco login line vty 2 4 login Anybody have any ideas? [EMAIL PROTECTED] __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=15496t=15417 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN Problems [7:15236]
This is usually due to a D-channel error. If this error occurs systematically, report it to your ISDN service provider - Original Message - From: Paul To: Sent: Wednesday, August 08, 2001 3:38 PM Subject: Re: ISDN Problems [7:15236] Check your switch type is right. It might also be an IOS problem might be worth upgrading your IOS. http://www.cisco.com/warp/public/129/isdn_disc_code.html Cheers, Paul - Original Message - From: Albert Lu To: [EMAIL PROTECTED] Sent: Wednesday, August 08, 2001 11:59 AM Subject: ISDN Problems [7:15236] Hello group, I'm having a little trouble with my ISDN config. Now, this is what I'm getting after a single ping. It looks like it's telling me Mandatory IE missing. Could someone please take a look. Thanks Albert ! interface BRI0 ip address 196.1.1.1 255.255.255.0 no ip directed-broadcast encapsulation ppp no ip route-cache no ip mroute-cache dialer map ip 196.1.1.2 name RouterB broadcast dialer-group 1 isdn switch-type basic-ni ppp authentication chap ppp multilink ! no ip classless ! dialer-list 1 protocol ip permit ! ! RouterA#ping Protocol [ip]: ip Target IP address: 196.1.1.2 Repeat count [5]: 1 Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 1, 100-byte ICMP Echos to 196.1.1.2, timeout is 2 seconds: 21:05:10: ISDN BR0: TX - SETUP pd = 8 callref = 0x65 21:05:10: Bearer Capability i = 0x8890 21:05:10: Channel ID i = 0x83 21:05:10: Called Party Number i = 0x80, '' 21:05:10: ISDN BR0: RX CONNECT pd = 8 callref = 0xCC 21:05:10: Channel ID i = 0x8A 21:05:10: ISDN BR0: RX DISCONNECT pd = 8 callref = 0x65 21:05:10: . Success rate is 0 percent (0/1) RouterA#Cause i = 0x80E034 - Mandatory IE missing 21:05:10: ISDN BR0: RX RELEASE_COMP pd = 8 callref = 0x65 21:05:10: ISDN BR0: RX RELEASE pd = 8 callref = 0xCC 21:05:10: ISDN BR0: RX21:05:10: Cause i = 0x8090 - Normal call clearing _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=15341t=15236 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MCSE need help [7:15235]
reinstall office microsoft as usuall - Original Message - From: parky chan To: Sent: Wednesday, August 08, 2001 2:54 PM Subject: MCSE need help [7:15235] Dear all My office applicate is Easy Clear but when i use this function to print out document , it prompt OLE error code 0x80040154 class not registered OLE object is being ignored Record number :4 then prompt fatal error Error number is 1925 How to solve this problem Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=15343t=15235 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Can't ping outside of PIX [7:15205]
u cannot ping until u put conduit permit statements -Original Message- From: Allen May [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 08, 2001 6:29 PM To: [EMAIL PROTECTED] Subject: Re: Can't ping outside of PIX [7:15205] Looks ok to me but I tend to agree with cheekin. Try subnetting to a .128 to divide your IP range in 2 so you have half for the global range and half for the equipment on the LAN. If nothing else, just to see if that eliminates your problem for troubleshooting purposes. - Original Message - From: cheekin To: Sent: Wednesday, August 08, 2001 8:27 AM Subject: Re: Can't ping outside of PIX [7:15205] I think you will need to give a different range of IP address for the global statement. The global statement and the outside interface are using the same ip address. I also think that the route inside statement is not necessary in this case. You can use sh route to display the routing table. PIX gurus, correct me if I am wrong. cheekin - Original Message - From: Pierre-Alex To: Sent: Wednesday, August 08, 2001 11:34 Subject: Can't ping outside of PIX [7:15205] I have spent the all day on the problem below and I still can't see what I did wrong. Can you help? The PC can ping the inside ip address of the firewall The Firewall can ping the default-gateway and anything on the Internet But I cannot get the PC to ping the outside IP address of the firewall (208.136.247.214) or anything outside like (206.26.90.8). |PC|(1)--(2)|PIX|(3)-(4)--DSL MODEM PC (1): ip address 10.1.1.12 subnet mask: 255.255.255.0 default gateway: 10.1.1.10 PIX (2): ip adddress 10.1.1.10 subnet mask: 255.255.255.0 PIX (3i ip address 208.136.247.214 subnet mask: 255.255.255.0 DSL MODEM (4): ip address 208.136.247.1 subnet mask: 255.255.255.0 PIX Version 4.0.7 enable password 8Ry2YjIyt7RRXU24 encrypted passwd kIQggKv8.UiICW/r encrypted hostname pixfirewall failover names syslog output 20.3 no syslog console interface ethernet outside 10baset interface ethernet inside 10baset ip address inside 10.1.1.10 255.255.255.0 ip address outside 208.136.247.214 255.255.255.0 arp timeout 14400 global 1 208.136.247.214-208.136.247.214 nat 1 0.0.0.0 0.0.0.0 age 10 no rip outside passive no rip outside default no rip inside passive no rip inside default route outside 0.0.0.0 0.0.0.0 208.136.247.1 1 route inside 0.0.0.0 0.0.0.0 10.1.1.12 timeout xlate 24:00:00 conn 12:00:00 udp 0:02:00 timeout rpc 0:10:00 h323 0:05:00 uauth 0:05:00 no snmp-server location no snmp-server contact mtu outside 1500 mtu inside 1500 : end [OK] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=15323t=15205 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: vtp, spanning tree [7:14961]
u wrote The selection of the root bridge and which interfaces are blocking might not be optimized for all the applications and devices in the large, switched network. With per-VLAN spanning tree, each VLAN becomes a single spanning tree with its own root bridge and own set of blocked ports. This way you can optimize traffic flow and reduce the amount of work to converge to a spanning tree. my question does the root bridge helps in data path flow...? i dont think so.. also if u can define the data flow in the network with and without vlan regards have a good day!! fa - Original Message - From: Picciani Francesco Saverio To: Sent: Tuesday, August 07, 2001 5:09 PM Subject: R: vtp, spanning tree [7:14961] I thing that the main benefit of having per-VLAN spanning tree is that a problem on a VLAN does not impact the other VLANs also if they lay on the same ISL trunk. -Messaggio originale- Da: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Inviato: lunedl 6 agosto 2001 20.05 A: [EMAIL PROTECTED] Oggetto: Re: vtp, spanning tree [7:14961] At 02:13 PM 8/5/01, Cisco Troubleshooter wrote: can any body tell, why we need spanning tree protocol per vlan If you have a large, switched network, all the switches are in the same spanning tree. Converging the spanning tree can take a long time. In addition, traffic flow may not be optimized. The selection of the root bridge and which interfaces are blocking might not be optimized for all the applications and devices in the large, switched network. With per-VLAN spanning tree, each VLAN becomes a single spanning tree with its own root bridge and own set of blocked ports. This way you can optimize traffic flow and reduce the amount of work to converge to a spanning tree. It's somewhat analogous to dividing a routed network into areas or autonomous systems. Also, at least with Catalyst 1900 switches, if you allow all VLANs to travel across both trunks, you will have a loop. If you don't configure per-VLAN spanning tree, you will have a broken network. You would think spanning tree would just work around this problem, but it doesn't seem to when VLANs are configured. and vtp why it is needed what purpose it serves VTP is a management protocol that allows switches to share information about VLAN names and IDs. It reduces configuration because you can configure VLAN names and IDs on just one or two server switches. The rest of the switches act as clients and pick up the info when they boot. By default, the switches do not keep track of which switches have which VLANs configured, however. I disagree with the other responder who said VTP reduces bandwidth usage on links and switches. It's VTP pruning that does that. If you configure VTP pruning, then an added VTP message gets sent. The added message includes VLAN membership information. With VTP pruning, the switches become a bit smarter and do not forward traffic for a VLAN across a link or to a switch that has no ports in that VLAN. This must be configured. Without pruning, VTP just shares info about VLAN names and IDs. Priscilla thnx in advance jd __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=15110t=14961 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Netmeeting and PIX [7:15002]
try this fixup protocol h323 1720 Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. -Original Message- From: Patrick Donlon [mailto:[EMAIL PROTECTED]] Sent: Monday, August 06, 2001 2:09 PM To: [EMAIL PROTECTED] Subject: Netmeeting and PIX [7:15002] Does anyone know if PIX will work with Netmeeting audio and video traffic through using NAT? Currently we've upgraded from 5.31 to 6.10(101) on our PIX, the netmeeting call is set-up and features such as chat work but no audio and video. We have voip traffic passing through the PIX from CCMs with out any problems. Any tips or work arounds appreciated regards Pat [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Farhan Ahmed.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=15043t=15002 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: New WIC 2T - Qurery [7:14951]
u need a smart serial cable 4 it. - Original Message - From: Rashid Lohiya To: Sent: Sunday, August 05, 2001 7:52 PM Subject: New WIC 2T - Qurery [7:14951] Hi, I have just acquired a 2nd user WIC-2T Card for my 3600 Router, but it does not have the regular 60pin interfaces, which I was expecting to see. Instead it has 2 x smaller, thinner female interfaces with 2 nuts on each end for the cable connector to screw into. The card is marked WIC 2T, and the two interfaces are labeled Serial 0 and Serial 1. Has anyone else seen this type of interface? Can anyone give me a cisco part number for the type of cable I would need? Will I be able to connect each of these connectors to a DCE/DTE crossover cable to connect to a regular 60pin connector? Is this normal or is this some special or new type of card? Pls. let me know Thanks -- Rashid Lohiya [EMAIL PROTECTED] 020 8509 2990 07785 362626 www.pioneer-computers.com London UK www.rashidl.co.uk Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14960t=14951 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load Balancing... [7:14865]
- Original Message - From: Santosh Koshy To: Sent: Sunday, August 05, 2001 4:06 AM Subject: Re: Load Balancing... [7:14865] Peter, Here is the problem i am trying to solve - I am located in Canada - We have a data center in US. All our users use SAP, Web, FTP, and other such applications across the border - We currently have one T1 circuit running to the US - After monitoring Traffic flow and Utilization we have come to the conclusion that the bandwisth is not adequate, and that we have no redundancy - We have decided to go with 4 links (from 2 different vendors) - We use OSPF in Canada. - All unknown routes (0.0.0.0 0.0.0.0) are pushed to the US router I was thinking of doing the following - Terminating all of these links into one router, and use per-packet load balancing to push these packets across the border - Use the following config ! disable fast switching no ip route-cache no ip mroute-cache ! Use route statements to do per-packet load balancing ip route 0.0.0.0 0.0.0.0 link1 ip route 0.0.0.0 0.0.0.0 link2 ip route 0.0.0.0 0.0.0.0 link3 ip route 0.0.0.0 0.0.0.0 link4 My only worry is that with the above solution; I will be acheiving per-packet load balancing, but at the cost of a single point of failure (the Router) All suggestions are welcome... Thanks a lot guys, Santosh Koshy Peter Van Oene wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Since Howard is in London, allow me to ask What problem are you trying to solve? *** REPLY SEPARATOR *** On 8/3/2001 at 10:07 PM Santosh Koshy wrote: Hi All, I have a slight dilemma to which I cannot seem to find a definitive answer.. We have 4 circuits going from Canada to the US... Is it necessary to terminate all the circuits into one router to do per-packet load balancing. -- Santosh Koshy WAN Administrator Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14966t=14865 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: config for access server to callback PC modem [7:14769]
remove this async dynamic address use one only peer default ip address dhcp or peer default ip address pool ip-pool ,,, ip pool ip-pool 192.168.1.2 192.168.1.2 use one only ppp callback initiate or ppp callback accept add autoselect duriing-login - Original Message - From: Sim, CT (Chee Tong) To: 'Farhan Ahmed' Cc: Sent: Friday, August 03, 2001 12:46 PM Subject: config for access server to callback PC modem Hi.. Farhan and Dear all, I tried to config for access server to callback PC modem, but it doesn't work, could you please check for me what's wrong with the config below. Sim access_server#sh run Building configuration... Current configuration: ! version 11.2 service timestamps debug uptime service password-encryption no service udp-small-servers no service tcp-small-servers ! hostname access_server ! enable secret 5 $ ! username sim callback-dialstring 99 password XXX ip host modem1 2001 50.200.100.11 ip host modem2 2002 50.200.100.11 ip host modem3 2003 50.200.100.11 ip dhcp-server 50.200.100.11 chat-script script dialout ABORT ERROR ABORT BUSY AT OK ATDT\T TIMEOUT 30 CONNECT \c ! interface Loopback0 ip address 192.198.255.10 255.255.255.255 no logging event subif-link-status ! interface Ethernet0 ip address 50.200.100.11 255.255.252.0 no ip directed-broadcast no logging event subif-link-status load-interval 180 ! interface Serial0 no ip address no logging event subif-link-status no fair-queue ! interface Async1 ip unnumbered Ethernet0 encapsulation ppp no logging event subif-link-status async dynamic address async mode interactive peer default ip address dhcp ppp callback initiate ppp authentication pap ! ip classless ip route 0.0.0.0 0.0.0.0 50.200.100.1 permanent logging trap debugging logging facility local3 logging 50.200.100.22 snmp-server community public RO ! line con 0 line 1 password 7 XX autoselect ppp script callback dialout login local modem InOut modem autoconfigure discovery length 0 transport input all speed 115200 flowcontrol hardware line 2 location modem2 no exec password 7 login modem InOut transport input all speed 115200 flowcontrol hardware line 3 8 line aux 0 password 7 X autoselect ppp login local modem InOut transport input all speed 38400 flowcontrol hardware line vty 0 4 no exec exec-timeout 0 0 password 7 XX login ! end access_server# access_server# -Original Message- From: Farhan Ahmed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 01, 2001 5:47 PM To: 'Sim, CT (Chee Tong)' Subject: RE: me again Importance: High no need just replace the command async mode interactive from dedicated autoselect ppp try also autoselect during login if u have any prob Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. -Original Message- From: Sim, CT (Chee Tong) [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 01, 2001 10:49 AM To: 'Farhan Ahmed' Subject: me again Hi.. Farhan, me again May I ask about your script chat script dialout ABORT ERROR ABORT BUSY AT OK ATDT \T TIMEOUT 30 CONNECT \c Do you have to specify the the phone no eg 99 to callback after atdt?? What it means by sending you debug ppp negiotation, authentication? Does it refer the debug output on my access server when people dial in. Any configuration need to be done on the WIN98 (mine is WIN98) OS and modem in order to let access server callback. Do we need to use AT command to configured the PC's modem??? Thanks for your help Sim -Original Message- From: Sim, CT (Chee Tong) Sent: Wednesday, August 01, 2001 1:46 PM To: 'Farhan Ahmed' Subject: RE: how to configure callback for 2 numbers [7:14121] Farhan, Thanks you your kind help. I think my access-server IOS version not up-to-date is it??? I found my account cannot download IOS software. May I borrow your account? Or Please let me know how to get a account to download? Sim access_server#sh ver Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 11.2(18)P, RELEASE SOFTWARE (fc1) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Mon 12-Apr-99 13:29 by ashah Image
RE: design issues [7:14454]
i couldnt understand Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. -Original Message- From: Mohammed Saro [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 01, 2001 11:21 AM To: [EMAIL PROTECTED] Subject: design issues [7:14454] i have acase and i want some1 to help me to solve it a company has two sites they want to have dedicated line with 128 kbps on site 1 and to make an ISDN dial backup to the ISP then site 2 is connected to site 1 with dedicated line of 128kbps and they have ISDN line their but they face sometimes problems with their line in site 1 so they need in case of failure of the ddicated liune betwenn their site 1 and the ISP and the failure of site 1 ISDN backup to dial the ISP they want the ISDN line of site 2 to dial to the ISP and will be in this case the gateway of two sites the question now how can i trigger dial on ISDN line in site 2 in case of failure of dedicated then failure of ISDNline of site 1 with the caution that the bri interface always up up spoofing Mohammed Saro Network Engineer [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Farhan Ahmed.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14462t=14454 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Intermittent connectivity loss [7:14416]
u may ve virus code red Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. -Original Message- From: Santosh Koshy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 01, 2001 4:37 PM To: [EMAIL PROTECTED] Subject: Re: Intermittent connectivity loss [7:14416] This may sound stupid... but have the obvious been checked 1) duplex settings 2) speed settings 3) portfast enabled (only on user ports) Don Oxman wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I must admit this is my first question posted to the group, though I've been a lurker for a long time. Here it is: We have workstations on 10 different floors (each floor divided in half, each half a different subnet), all connected to 5505's (20 in total). From the 5505's fiber goes to a 6509, then ultimately to the WAN via ATM. The servers all plug into the 6509. So far, so good. For the past 3 days we have had workstations (not all, but about 50%)on every floor lose connectivity to the network, whereby all of our NT and NetWare servers are unavailable and web browsing is gone. This has happened a total of 6 times, and there doesn't appear to be a pattern to the time or network utilization. Most times the users have to reboot, though sometimes they can reconnect without a reboot. Can anyone help steer me in the right direction? Our WAN guys can't help, and I have a feeling that it's going to be up to me to figure this one out. Thanks a lot. --Don _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Farhan Ahmed.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14486t=14416 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ppp pap sent-username command [7:14140]
anyone knows.. when to use this command and for what purpose..? ppp pap sent-username [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Farhan Ahmed.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14140t=14140 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Firewall HCT02-5 [7:14134]
oye virus *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. -Original Message- From: nadeem mujahid [mailto:[EMAIL PROTECTED]] Sent: Monday, July 30, 2001 2:21 PM To: [EMAIL PROTECTED] Subject: PIX Firewall HCT02-5 [7:14134] Hi! How are you? I send you this file in order to have your advice See you later. Thanks [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Farhan Ahmed.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14144t=14134 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: how to configure callback for 2 numbers [7:14121]
that was wrong command wait i m sending u the full config u need to have ios 11.3 2 t or higher 4 win95 callback Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. -Original Message- From: Sim, CT (Chee Tong) [mailto:[EMAIL PROTECTED]] Sent: Monday, July 30, 2001 1:56 PM To: [EMAIL PROTECTED] Subject: RE: how to configure callback for 2 numbers [7:14121] Yes.. I tried this before, but it come out these errors.. what's wrong??/ access_server(config)#username sim password simiscute callback-dialstring 99 % Overly long Password truncated after 25 characters access_server(config)#username sim password simiscute callback-dialstring 99 % Overly long Password truncated after 25 characters access_server(config)#username sim password simiscute [callback-dialstring 99] % Overly long Password truncated after 25 characters -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, July 30, 2001 5:23 PM To: [EMAIL PROTECTED]; Sim, CT (Chee Tong) Subject: RE: how to configure callback for 2 numbers [7:14121] Specify the call back number in the username configuration: username yourname password yourpassword callback-dialstring 88 username yourmate password hispassword callback-dialstring 77 CM -Original Message- From: [EMAIL PROTECTED] on behalf of Sim, CT (Chee Tong) Sent: 30 July 2001 08:04 To: [EMAIL PROTECTED] Subject: how to configure callback for 2 numbers [7:14121] -- From: Sim, CT (Chee Tong)[SMTP:[EMAIL PROTECTED]] Sent: Monday, July 30, 2001 9:04:53 AM To: [EMAIL PROTECTED] Subject:how to configure callback for 2 numbers [7:14121] Auto forwarded by a Rule Dear all, I want to make my access-server to callback my home phone no 888-888 and my colleage phone no 777-777, once we use these two number to dial to the access-server, , after verification, the access server will cut the line and call back, no other number can be callbacked. Part of my config is as follow, Please tell me what else I need to configure in order to make it work. eg callback-dialstring and etc interface Async1 ip unnumbered Ethernet0 encapsulation ppp no logging event subif-link-status async dynamic address async mode interactive peer default ip address dhcp ppp callback accept ppp authentication pap ! line 1 password 7 00059805050058 autoselect ppp login local modem InOut length 0 transport input all speed 115200 flowcontrol hardware == De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. == The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. == == De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. == The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. == [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Farhan Ahmed.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14141t=14121 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct
RE: X.25 interface maximum rate [7:14146]
u can define window and packet size to control the data transf if i see yr config it ll be helpfull Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, July 30, 2001 3:37 PM To: [EMAIL PROTECTED] Subject: X.25 interface maximum rate [7:14146] Hello Group, Can somebody tell me the maximum speed an X.21 interface can suport or a URL that has detail information on this. I have an X.21 interface connection to a 2MB link and it would flap after about 48hrs of operation with a lot of input, CRC errors. A Bit Error Rate test has been performed on the link and the link quality was confirmed to be good. Please help!!! Regards, Preye. [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Farhan Ahmed.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14152t=14146 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN Backup [7:14148]
router a--routerb ok username routerb password same int e0/0 - 10.4.10.50 255.255.255.0 int so/0 - 192.168.1.1 255.255.255.252 backup interface dialer0 backup delay 60 40 backup load 128 20 int dialer 1 ip unnumbered e0 dialer group 1 dialer string dialer remote name routerb dialer pool 1 encapsulation ppp ppp authentication chap dialer load threshold 128 either ppp multilink dilaer hold-queue 10 int bri 0 encapsulation ppp ppp authentication chap dialer pool-member 1 dilaer-list 1 protocol ip list 101 access list 101 permit ip any any router eigrp 100 redistribute static network 10.4.10.0 network 192.168.1.0 passive interface dialer 0 ip route ( your remote network ) 192.168.1.2 let me know Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. -Original Message- From: Uttam Majumdar [mailto:[EMAIL PROTECTED]] Sent: Monday, July 30, 2001 4:10 PM To: [EMAIL PROTECTED] Subject: ISDN Backup [7:14148] Hi All, I am not able communicate between 2 routers when connected using the ISDN backup of a leased connection. My router IP's are - Router A S0/0 - 192.168.1.1 255.255.255.252 E0/0 - 10.4.10.50 255.255.255.0 ISDN - IP Unnumbered. Router B S0 - 192.168.1.2 255.255.255.252 E0 - 10.4.0.30 255.255.255.0 ISDN - IP Unnumbered. I hv used RIP for Networks - 10.0.0.0 192.168.0.0 Also hv used backup with dialer map. Please treat urgent Friends Thanks Uttam [GroupStudy.com removed an attachment of type text/x-vcard which had a name of karuna_nrich.vcf] [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Farhan Ahmed.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14159t=14148 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: how to configure callback for 2 numbers [7:14121]
try this dont paste username caller1 callback-dialstring password caller1 username caller2 callback-dialstring password caler2 chat script dialout ABORT ERROR ABORT BUSY AT OK ATDT \T TIMEOUT 30 CONNECT \c interface loopback1 ip address 192.168.1.1 interface group-async 1 encapsulation ppp ip unnumbered interface loopback1 ppp authentication pap async mode dedicated peer default ip address pool ip-pool ppp callback accept group range 1 1 ip pool ip-pool 192.168.1.2 192.168.1.2 line 1 modem inout no exec script callback dialout transport input all modem autoconfigure discovery stopbits 1 flow control hardware u need to have ios 11.3 2 t or higher 4 win95 callback send me debug ppp negotioation, authentication if u have any problem let me know Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. -Original Message- From: Sim, CT (Chee Tong) [mailto:[EMAIL PROTECTED]] Sent: Monday, July 30, 2001 1:56 PM To: [EMAIL PROTECTED] Subject: RE: how to configure callback for 2 numbers [7:14121] Yes.. I tried this before, but it come out these errors.. what's wrong??/ access_server(config)#username sim password simiscute callback-dialstring 99 % Overly long Password truncated after 25 characters access_server(config)#username sim password simiscute callback-dialstring 99 % Overly long Password truncated after 25 characters access_server(config)#username sim password simiscute [callback-dialstring 99] % Overly long Password truncated after 25 characters -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, July 30, 2001 5:23 PM To: [EMAIL PROTECTED]; Sim, CT (Chee Tong) Subject: RE: how to configure callback for 2 numbers [7:14121] Specify the call back number in the username configuration: username yourname password yourpassword callback-dialstring 88 username yourmate password hispassword callback-dialstring 77 CM -Original Message- From: [EMAIL PROTECTED] on behalf of Sim, CT (Chee Tong) Sent: 30 July 2001 08:04 To: [EMAIL PROTECTED] Subject: how to configure callback for 2 numbers [7:14121] -- From: Sim, CT (Chee Tong)[SMTP:[EMAIL PROTECTED]] Sent: Monday, July 30, 2001 9:04:53 AM To: [EMAIL PROTECTED] Subject:how to configure callback for 2 numbers [7:14121] Auto forwarded by a Rule Dear all, I want to make my access-server to callback my home phone no 888-888 and my colleage phone no 777-777, once we use these two number to dial to the access-server, , after verification, the access server will cut the line and call back, no other number can be callbacked. Part of my config is as follow, Please tell me what else I need to configure in order to make it work. eg callback-dialstring and etc interface Async1 ip unnumbered Ethernet0 encapsulation ppp no logging event subif-link-status async dynamic address async mode interactive peer default ip address dhcp ppp callback accept ppp authentication pap ! line 1 password 7 00059805050058 autoselect ppp login local modem InOut length 0 transport input all speed 115200 flowcontrol hardware == De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. == The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. == == De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren
RE: Frame Relay - slow link? overutilized? [7:14163]
send me sh int clear counters before sending and wait for 5 min to get new stats your router is not receiving lmi packets properly how many sites u have? Num Status Enq. Sent 401101 Num Status msgs Rcvd 400894 Num Update Status Rcvd 0 Num Status Timeouts 2 Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. -Original Message- From: Provost, Robert [mailto:[EMAIL PROTECTED]] Sent: Monday, July 30, 2001 6:18 PM To: [EMAIL PROTECTED] Subject: Frame Relay - slow link? overutilized? [7:14163] We have a frame relay network with some sites complaining about slowness issues. Everyone is blaming the bandwidth without testing. Is there anyway I can prove what is causing the latency? Here are some outputs from the remote site router. Can someone help me decipher? Thanks, Rob Provost router#sh run Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname router ! enable password X XXX ! ip subnet-zero ! ! ! interface Ethernet0 ip address 172.16.1.1 255.255.255.0 ip helper-address 10.1.1.2 no ip directed-broadcast ! interface Serial0 description router DLCI 200 no ip address no ip directed-broadcast encapsulation frame-relay IETF service-module 56k clock source line service-module 56k network-type dds frame-relay lmi-type cisco ! interface Serial0.1 point-to-point description HQ DLCI 100 ip address 10.254.12.6 255.255.255.252 no ip directed-broadcast frame-relay interface-dlci 100 ! router rip version 2 network 10.0.0.0 ! ip classless ip route 0.0.0.0 0.0.0.0 10.254.12.5 ! ! line con 0 transport input none line vty 0 4 password X X login ! end router#sh interfaces serial 0 Serial0 is up, line protocol is up Hardware is QUICC Serial (with onboard CSU/DSU) Description: router DLCI 200 MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255, load 1/255 Encapsulation FRAME-RELAY IETF, loopback not set, keepalive set (10 sec) LMI enq sent 401099, LMI stat recvd 400892, LMI upd recvd 0, DTE LMI up LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 LMI DLCI 1023 LMI type is CISCO frame relay DTE Broadcast queue 0/64, broadcasts sent/dropped 276474/0, interface broadcasts 2 09741 Last input 00:00:00, output 00:00:00, output hang never Last clearing of show interface counters never Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/10/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 1000 bits/sec, 1 packets/sec 5 minute output rate 1000 bits/sec, 1 packets/sec 4243911 packets input, 2199323988 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 2 giants, 0 throttles 52784 input errors, 35055 CRC, 9168 frame, 0 overrun, 0 ignored, 8561 abort 1472502 packets output, 215379554 bytes, 0 underruns 0 output errors, 0 collisions, 69 interface resets 0 output buffer failures, 0 output buffers swapped out 1 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up router#sh controllers serial QUICC Serial (with onboard CSU/DSU) unit 0 idb at 0x25158A8, driver data structure at 0x251710C SCC Registers: General [GSMR]=0x2:0x0030, Protocol-specific [PSMR]=0x0 Events [SCCE]=0x, Mask [SCCM]=0x001F, Status [SCCS]=0x0006 Transmit on Demand [TODR]=0x0, Data Sync [DSR]=0x7E7E Interrupt Registers: Config [CICR]=0x00368461, Pending [CIPR]=0xC004 Mask [CIMR]=0xC812, In-srv [CISR]=0x Command register [CR]=0x6C0 Port A [PADIR]=0x, [PAPAR]=0xCCC3 [PAODR]=0x, [PADAT]=0xF5FE Port B [PBDIR]=0x00F13F, [PBPAR]=0x0010CE [PBODR]=0x00, [PBDAT]=0x034ADD Port C [PCDIR]=0x000A, [PCPAR]=0x [PCSO]=0x0830, [PCDAT]=0x03C4, [PCINT]=0x SCC GENERAL PARAMETER RAM (at 0xFF00F00) Rx BD Base [RBASE]=0x560, Fn Code [RFCR]=0x18 Tx BD Base [TBASE]=0x5A0, Fn Code [TFCR]=0x18 Max Rx Buff Len [MRBLR]=1528 Rx State [RSTATE]=0x18008240, BD Ptr [RBPTR]=0x590 Tx State [TSTATE]=0x18000348, BD Ptr [TBPTR]=0x5A0 SCC HDLC PARAMETER RAM (at 0xFF00F38) CRC
RE: configure AS5300 for ISDN call receive [7:14156]
u have pri e1/t1? any way i ll show u abt t1 username remoteroutera password same username remoterouterb password same config t isdn switch-type primary-5ess (use your isdn switch ask yr teleco) controller t1 0 ( there are 4 all togethere 0-3) framing esf linecode b8zs pri-group timeslots 1-24 clock source line primary ok now u have to make a dialer. to make and receive calls interface dialer 1 (make as many u like)2,3,4,5,6-23 ppp authentication chap dialer group 1 dialer string dialer remote-name remoteroutera ( remote router host name) no peer default ip address dialer threshold 128 either dialer pool 1 dialer idle timeout 120 encapsulation ppp ppp multilink now d channel config int s0:23 (0---22) encapsulation ppp dialer pool-member1 dialer list 1 protocol ip permit ip route remote netwrk bri int of remote router Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. -Original Message- From: Sunil Subash [mailto:[EMAIL PROTECTED]] Sent: Monday, July 30, 2001 5:30 PM To: [EMAIL PROTECTED] Subject: configure AS5300 for ISDN call receive [7:14156] Hi there, Does any one knows how to configure my cisco AS5300 to accept isdn call? thanks in advance, ss [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Farhan Ahmed.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14189t=14156 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Frame Relay - slow link? overutilized? [7:14163]
auh-- u have a big setup.. most of the frame relay problem happens of remote site pushing too much data that the central site can handle u r using default queing strategy. and u send me only the remote site config u need to ccalculate what is the total cir and Be(excess bust speed of all remote sites comming into your vc u need to provide fine details Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. -Original Message- From: Provost, Robert [mailto:[EMAIL PROTECTED]] Sent: Monday, July 30, 2001 7:22 PM To: [EMAIL PROTECTED] Subject: RE: Frame Relay - slow link? overutilized? [7:14163] Here is the sh int after cleared counters and 5 minute wait. We have 320+ sites. Most sites are 56k lines, some frac T1, some DSL. Most have one PVC back to HQ. HQ has three routers on the Frame w/a total of 7 T1s. Thanks for your help, Rob router#sh int Ethernet0 is up, line protocol is up Hardware is QUICC Ethernet, address is 0001.42a5.c6ec (bia 0001.42a5.c6ec) Internet address is 10.253.X.X/24 MTU 1500 bytes, BW 1 Kbit, DLY 1000 usec, rely 255/255, load 1/255 Encapsulation ARPA, loopback not set, keepalive set (10 sec) ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:01, output 00:00:00, output hang never Last clearing of show interface counters 00:07:13 Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 186 packets input, 19777 bytes, 0 no buffer Received 177 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 input packets with dribble condition detected 438 packets output, 207446 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out Serial0 is up, line protocol is up Hardware is QUICC Serial (with onboard CSU/DSU) Description: router DLCI 200 MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255, load 1/255 Encapsulation FRAME-RELAY IETF, loopback not set, keepalive set (10 sec) LMI enq sent 44, LMI stat recvd 44, LMI upd recvd 0, DTE LMI up LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 LMI DLCI 1023 LMI type is CISCO frame relay DTE Broadcast queue 0/64, broadcasts sent/dropped 25/0, interface broadcasts 18 Last input 00:00:00, output 00:00:00, output hang never Last clearing of show interface counters 00:07:14 Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/10/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 1000 bits/sec, 1 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 421 packets input, 167457 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 117 packets output, 9694 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up Serial0.1 is up, line protocol is up Hardware is QUICC Serial (with onboard CSU/DSU) Description: HQ DLCI 100 Internet address is 10.254.X.X/30 MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255, load 1/255 Encapsulation FRAME-RELAY IETF -Original Message- From: Farhan Ahmed [mailto:[EMAIL PROTECTED]] Sent: Monday, July 30, 2001 10:52 AM To: 'Provost, Robert'; [EMAIL PROTECTED] Subject: RE: Frame Relay - slow link? overutilized? [7:14163] Importance: High send me sh int clear counters before sending and wait for 5 min to get new stats your router is not receiving lmi packets properly how many sites u have? Num Status Enq. Sent 401101 Num Status msgs Rcvd 400894 Num Update Status Rcvd 0 Num Status Timeouts 2 Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data
RE: Frame Relay - slow link? overutilized? [7:14163]
lmi has local significance why dont u send us hub config Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. -Original Message- From: Provost, Robert [mailto:[EMAIL PROTECTED]] Sent: Monday, July 30, 2001 11:39 PM To: [EMAIL PROTECTED] Subject: RE: Frame Relay - slow link? overutilized? [7:14163] I'm confused. My remote site LMI type is Cisco, HQ is ANSI. I am passing LMI and the site is up, just slow. If my LMI type was mismatched, wouldn't it not work at all? I cleared the counters and over the last couple of hours have received no CRCs, FECNs, BECNs, dropped packets, etc. Here is some statistics from my Frame Relay provider. Their reporting also shows no FECNs, BECNs, discarded packets, etc. PVC Usage to CIR Ratio Exceptions Hour Day %Peak 5 Min Crit Thresh 6Thu290.80150.00 7Wed150.11150.00 12 Tue150.41150.00 12 Fri173.33150.00 15 Mon172.14150.00 16 Thu150.92150.00 Any suggestions? TIA, Rob -Original Message- From: Jim Dixon [mailto:[EMAIL PROTECTED]] Sent: Monday, July 30, 2001 11:40 AM To: Provost, Robert Subject: RE: Frame Relay - slow link? overutilized? [7:14163] Robert, What kind of router is at HQ? Is it the one below? What kind is at the remote end? Is IT the one below? Which end are we looking at in other words? Are Both Routers CISCO? Is the Frame Relay Network providing CISCO LMI? (that is my FIRST question) If so then check cables. CRC's are most often a layer one issue. Jim -Original Message- From: Provost, Robert [mailto:[EMAIL PROTECTED]] Sent: Monday, July 30, 2001 10:22 AM To: [EMAIL PROTECTED] Subject: RE: Frame Relay - slow link? overutilized? [7:14163] Here is the sh int after cleared counters and 5 minute wait. We have 320+ sites. Most sites are 56k lines, some frac T1, some DSL. Most have one PVC back to HQ. HQ has three routers on the Frame w/a total of 7 T1s. Thanks for your help, Rob router#sh int Ethernet0 is up, line protocol is up Hardware is QUICC Ethernet, address is 0001.42a5.c6ec (bia 0001.42a5.c6ec) Internet address is 10.253.X.X/24 MTU 1500 bytes, BW 1 Kbit, DLY 1000 usec, rely 255/255, load 1/255 Encapsulation ARPA, loopback not set, keepalive set (10 sec) ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:01, output 00:00:00, output hang never Last clearing of show interface counters 00:07:13 Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 186 packets input, 19777 bytes, 0 no buffer Received 177 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 input packets with dribble condition detected 438 packets output, 207446 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out Serial0 is up, line protocol is up Hardware is QUICC Serial (with onboard CSU/DSU) Description: router DLCI 200 MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255, load 1/255 Encapsulation FRAME-RELAY IETF, loopback not set, keepalive set (10 sec) LMI enq sent 44, LMI stat recvd 44, LMI upd recvd 0, DTE LMI up LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 LMI DLCI 1023 LMI type is CISCO frame relay DTE Broadcast queue 0/64, broadcasts sent/dropped 25/0, interface broadcasts 18 Last input 00:00:00, output 00:00:00, output hang never Last clearing of show interface counters 00:07:14 Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/10/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 1000 bits/sec, 1 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 421 packets input, 167457 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 117 packets
RE: delay command [7:14071]
try dialer hold-queue and hold the traffic and see when yr app times out... Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. -Original Message- From: kwock99 [mailto:[EMAIL PROTECTED]] Sent: Sunday, July 29, 2001 10:12 AM To: [EMAIL PROTECTED] Subject: delay command [7:14071] I am trying to look for an router command to delay sending out the traffic through a serial interface. Hopefully, it would simulate the real life case when traffic passing through the WAN interface. By tuning the delay figure, we would find out how long the application at both end can take before timeout. I have tested the delay command. Here is the syntax and description: delay tens-of-microseconds tens-of-microseconds: Integer that specifies the delay in tens of microseconds for an interface or network segment. To see the default delay, use the show interfaces command. I have set the maximum value for the tens-of-microseconds on the serial interfaces and perform the ping test at the both end. There is no actual delay on the ping test reponse time. PC1 - (R1) S0 -- S0 (R2) -- PC 2 Delay max Delay max DTE DCE Thanks Francis Tsui [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Farhan Ahmed.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14073t=14071 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: delay command [7:14071]
what kind of devices.. u ve any urls? Best Regards Have A Good Day!! -Original Message- From: Michael L. Williams [mailto:[EMAIL PROTECTED]] Sent: Sunday, July 29, 2001 7:42 PM To: [EMAIL PROTECTED] Subject: Re: delay command [7:14071] There are devices you can purchase that will add latency to a connection (as you describe below). I don't remember the exact name of it, but if you search the archives, you'll find it. There have been discussions in this group about such a device. Mike W. kwock99 wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am trying to look for an router command to delay sending out the traffic through a serial interface. Hopefully, it would simulate the real life case when traffic passing through the WAN interface. By tuning the delay figure, we would find out how long the application at both end can take before timeout. I have tested the delay command. Here is the syntax and description: delay tens-of-microseconds tens-of-microseconds: Integer that specifies the delay in tens of microseconds for an interface or network segment. To see the default delay, use the show interfaces command. I have set the maximum value for the tens-of-microseconds on the serial interfaces and perform the ping test at the both end. There is no actual delay on the ping test reponse time. PC1 - (R1) S0 -- S0 (R2) -- PC 2 Delay max Delay max DTE DCE Thanks Francis Tsui [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Farhan Ahmed.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14086t=14071 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: when 25 booting, the message is repeat again and a [7:13983]
may be, this problem occurs if you have just replaced your system EPROMs. 1 Power down the system. 2 Inspect each EPROM. Make sure each EPROM is correctly positioned in the socket (with notches properly aligned) in the correct socket. 3 If a pin is bent, straighten it carefully. Reinstall the EPROM and power up the system. If a pin breaks off, the EPROM must be replaced. 4 If an EPROM has been installed backward and power has been applied to it, the EPROM has been damaged and must be replaced. Best Regards Have A Good Day!! Farhan Ahmed MCSE+I, MCP Win2k, CCDA, CCNA, CSE, CCNA Network Engineer Mideast Data Systems Abudhabi Uae. Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. -Original Message- From: xie rootstock [mailto:[EMAIL PROTECTED]] Sent: Friday, July 27, 2001 7:13 PM To: [EMAIL PROTECTED] Subject: when 25 booting, the message is repeat again and a [7:13950] System Bootstrap, Version 11.0(10c), SOFTWARE Copyright (c) 1986-1996 by cisco Systems 2500 processor with 2048 Kbytes of main memory Local Timeout (control reg=0x118) Error, address: 0x213202C at 0x101772A (PC) what is the metter anyway!! please help, I bough this router for only 1 day. [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Farhan Ahmed.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13983t=13983 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: access list.. [7:13564]
hi ejay.. sunet calc wont calc wild mask or does it? Best Regards -Original Message- From: Hire, Ejay [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 26, 2001 12:42 AM To: [EMAIL PROTECTED] Subject: RE: access list.. [7:13564] No, Solution2 is correct. The objective was to permit x.x.240-255.0-255 per the original message : What mask would be used if you want to create an access list where the IP addresses (128.252.0.0 to 128.252.240.0) would be blocked pls support with explanation, You can check it with the subnet calculator from B0s0n Software. -ejay -Original Message- From: Farhan Ahmed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 25, 2001 2:23 PM To: 'Hire, Ejay'; [EMAIL PROTECTED] Subject: RE: access list.. [7:13564] solution2; will permit 1-240 range and the deny statement will deny the rest thats opposite to get a wild mask we put higher minus lower 255.255.255.255 255.255.240. 0 0 015 255 so the router will permit 1-240 instead -Original Message- From: Hire, Ejay [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 25, 2001 9:22 PM To: 'Farhan Ahmed'; [EMAIL PROTECTED] Subject: RE: access list.. [7:13564] Objective: Create an Access list to block the source address range 128.252.0.0 to 128.252.240.0 Solution 1: access-list 1 deny 128.252.0.00.0.127.255 Blocks 128.252.0-127.0-255 access-list 1 deny 128.252.128.0 0.0.63.255 Blocks 128.252.128-191.0-255 access-list 1 deny 128.252.192.0 0.0.31.255 Blocks 128.252.192-223.0-255 access-list 1 deny 128.252.224.0 0.0.15.255 Blocks 128.252.224-239.0-255 access-list 1 permit any Allows all other traffic to pass. Solution 2: access-list 1 permit 128.252.240.0 0.0.15.255 Permits 128.252.240-255.0-255 access-list 1 deny 128.252.0.0 0.0.255.255 Denies traffic from 128.252 that is not permitted by the previous line access-list 1 permit any Notes: Both Solutions work, but solution 2 has less lines and will result in less processor utilization in most scenarios. -Ejay -Original Message- From: Farhan Ahmed [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 2:29 PM To: [EMAIL PROTECTED] Subject: access list.. [7:13564] What mask would be used if you want to create an access list where the IP addresses (128.252.0.0 to 128.252.240.0) would be blocked pls support with explanation, [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Farhan Ahmed.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13835t=13564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Catalyst 5509 [7:13848]
Console (enable) set ip permit 172.16.0.0 255.255.0.0 telnet 172.16.0.0 with mask 255.255.0.0 added to telnet permit list. Console (enable) set ip permit 172.20.52.32 255.255.255.224 snmp 172.20.52.32 with mask 255.255.255.224 added to snmp permit list. Console (enable) set ip permit 172.20.52.3 all 172.20.52.3 added to IP permit list. Console (enable) show ip permit http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_6_1/config/s nmp.htm Best Regards Have A Good Day!! Farhan Ahmed MCSE+I, MCP Win2k, CCDA, CCNA, CSE, CCNA Network Engineer Mideast Data Systems Abudhabi Uae. Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. -Original Message- From: Andy Low [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 26, 2001 1:24 PM To: [EMAIL PROTECTED] Subject: Catalyst 5509 [7:13848] Hi, Anyone knows how to enable ACL or some form of telnet control to the switch. Is there any instructions on how to control the SNMP query as well. Thanks, Andy [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Farhan Ahmed.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13853t=13848 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Async comes up but encapsulation fails [7:13834]
use autoselect ppp where is the dialer info?? Best Regards Have A Good Day!! Farhan Ahmed MCSE+I, MCP Win2k, CCDA, CCNA, CSE, CCNA Network Engineer Mideast Data Systems Abudhabi Uae. Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. -Original Message- From: Ahmed Mamoor Amimi [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 26, 2001 5:32 PM To: [EMAIL PROTECTED] Subject: Re: Async comes up but encapsulation fails [7:13834] Both the routers get connected but can't ping both side and says encapsualtion failed the config on both side for async port is interface Async1 ip address 192.168.4.2 255.255.255.0 no ip directed-broadcast encapsulation ppp keepalive 10 dialer in-band dialer wait-for-carrier-time 5 dialer map ip 192.168.4.1 35 dialer-group 1 async default routing async mode dedicated ! router rip network 192.168.4.0 network 192.168.5.0 ! line aux 0 login local modem InOut modem autoconfigure type usr_sportster transport input all stopbits 1 speed 38400 flowcontrol hardware = help me!! Bruce McNamara wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Have you verified the the encapsulation type on either side? We use CHAP as it is professed to be more secure using the chanllenge-response method. [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Farhan Ahmed.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13883t=13834 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
wrong study notes at cramsession.com [7:13905]
Dallas2(config-if)#dialer in-band (enables v25bis on sync and chat-scripts on async) Adding Modems to Router - The router has a built-in modem compatibility database (modemcap) to issue the correct initialization strings. Use the following command to have the router search and configure the new modem: Dallas2(config-line)# modemcap autoconfigure discovery You can also use a preset or user defined modem database. http://cramsession.brainbuzz.com/cramsession/cisco/bcran/guide.asp Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE, CCNA Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Farhan Ahmed.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13905t=13905 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: access list.. [7:13564]
solution2; will permit 1-240 range and the deny statement will deny the rest thats opposite to get a wild mask we put higher minus lower 255.255.255.255 255.255.240. 0 0 015 255 so the router will permit 1-240 instead -Original Message- From: Hire, Ejay [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 25, 2001 9:22 PM To: 'Farhan Ahmed'; [EMAIL PROTECTED] Subject: RE: access list.. [7:13564] Objective: Create an Access list to block the source address range 128.252.0.0 to 128.252.240.0 Solution 1: access-list 1 deny 128.252.0.00.0.127.255 Blocks 128.252.0-127.0-255 access-list 1 deny 128.252.128.0 0.0.63.255 Blocks 128.252.128-191.0-255 access-list 1 deny 128.252.192.0 0.0.31.255 Blocks 128.252.192-223.0-255 access-list 1 deny 128.252.224.0 0.0.15.255 Blocks 128.252.224-239.0-255 access-list 1 permit any Allows all other traffic to pass. Solution 2: access-list 1 permit 128.252.240.0 0.0.15.255 Permits 128.252.240-255.0-255 access-list 1 deny 128.252.0.0 0.0.255.255 Denies traffic from 128.252 that is not permitted by the previous line access-list 1 permit any Notes: Both Solutions work, but solution 2 has less lines and will result in less processor utilization in most scenarios. -Ejay -Original Message- From: Farhan Ahmed [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 2:29 PM To: [EMAIL PROTECTED] Subject: access list.. [7:13564] What mask would be used if you want to create an access list where the IP addresses (128.252.0.0 to 128.252.240.0) would be blocked pls support with explanation, [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Farhan Ahmed.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13790t=13564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ACS2.6 users on Cluster Servers!! [7:13481]
Cisco Secure ACS operates as a Windows NT or Windows 2000 service and controls the authentication, authorization, and accounting (AAA) of users accessing networks. Cisco Secure ACS operates with Windows NT Server version 4.0 and Windows 2000 Server. Provided that Microsoft Clustering Services are not installed, Cisco Secure ACS operates on Windows 2000 Advanced Server and Windows 2000 Datacenter Server. u might look 4 some 3rd part clustering software like doubletake -Original Message- From: Magdy H. Ibrahim [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 2:28 PM To: [EMAIL PROTECTED] Subject: ACS2.6 users on Cluster Servers!! [7:13481] Hi guys, I installed ACS2.6 on 2 nodes cluster , using Win2k to provide high availability , so when any ACS service stop on one node the ACS will failover to the other node . The problem I'm facing is that the ACS configuration replicated well when ACS moves from one node to the other , but the users database not !! , So are there any way to replicate the users database from Windows registry , If answer is yes , which key I'll need to copy ? Any suggestions will be appriciated . Thanks in advance, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13487t=13481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
vpn speed [7:13499]
lets say we have 2 cisco 1720 with vpn accelerator card and both have a 64k connection to internet what would be the speed of the tunnel Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13499t=13499 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Ciscco IDS [7:13516]
how its possible for ids to read the contents of packet for eg confidential doc and generate an alaram what if somebody using vpn from inside network to somewhere else to transfer confidential information what does it means that ipsec is ,,, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13516t=13516 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
access list.. [7:13564]
What mask would be used if you want to create an access list where the IP addresses (128.252.0.0 to 128.252.240.0) would be blocked pls support with explanation, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13564t=13564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ccna challenge question [7:13565]
Last Weeks CCNA(tm) Challenge Question Question Using classful assumptions, what is the directed broadcast address for 172.18.2.0 with the mask 255.255.254.0? a) 172.18.2.255 b) 172.18.3.255 c) 172.18.255.255 d) 172.18.0.0 Answer b) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13565t=13565 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: access list.. [7:13564]
def mask -Original Message- From: MikeN [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 10:36 PM To: [EMAIL PROTECTED] Subject: Re: access list.. [7:13564] To answer this question, we would need to know what the subnet masks are. Thanks, MikeN Farhan Ahmed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... What mask would be used if you want to create an access list where the IP addresses (128.252.0.0 to 128.252.240.0) would be blocked pls support with explanation, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13569t=13564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem with Fastethernet 2610 router [7:13497]
u need to setup static route in both direction u just put only 1 route to the 1st vlan u need more rotes in both direc on the other vlans u should have static routes to router via x -Original Message- From: Kiran Kumar M [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 10:28 PM To: [EMAIL PROTECTED] Subject: Re: Problem with Fastethernet 2610 router [7:13497] Thanks for your mail. No, the default route is already there. It is already defined in that router. Infact I just copied it from the working router. Thanks, Kiran On Tue, 24 Jul 2001, Patrick Ramsey wrote: sounds like you have missed a default route on the 2610. The 2610 will not be able to see any other vlans unless the vlan it is plugged into has an ip address assigned to it acting as a gateway. Then you need to set that ip address as the 2610's default gateway. (or at least specify a specific route to the other vlans) If this is a router conencted to the internet, you would defiantely want to keep the default gw out it's serial interface. -Patrick Kiran Kumar M 07/24/01 10:27AM Hai, I am facing a strange problem. I am using a cisco 2610 router in my network. In that I am having one fastethernet, and 2 WIC2T . When I am connecting to the L3 switch, it is able to ping to that particular VLAN, and unable to ping to other VLANS or outside of that VLAN. If I use another router with ethernet card (becuase I am not having another ethernet card in first router), with the same setup it is able to communicate with the outside world. So I concluded that it is not the problem with L3 switch. I tried to find it on cisco site, but unable to locate the solution. Thanks in advance, Kiran Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13568t=13497 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem with Fastethernet 2610 router [7:13497]
cAN U SEND YR CONFIGS -Original Message- From: Kiran Kumar M [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 10:40 PM To: Farhan Ahmed Cc: [EMAIL PROTECTED] Subject: RE: Problem with Fastethernet 2610 router [7:13497] It is not at all the routing problem. Because it is perfectly working with the same configuration with other router with out any changes. Thanks, Kiran On Tue, 24 Jul 2001, Farhan Ahmed wrote: u need to setup static route in both direction u just put only 1 route to the 1st vlan u need more rotes in both direc on the other vlans u should have static routes to router via x -Original Message- From: Kiran Kumar M [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 10:28 PM To: [EMAIL PROTECTED] Subject: Re: Problem with Fastethernet 2610 router [7:13497] Thanks for your mail. No, the default route is already there. It is already defined in that router. Infact I just copied it from the working router. Thanks, Kiran On Tue, 24 Jul 2001, Patrick Ramsey wrote: sounds like you have missed a default route on the 2610. The 2610 will not be able to see any other vlans unless the vlan it is plugged into has an ip address assigned to it acting as a gateway. Then you need to set that ip address as the 2610's default gateway. (or at least specify a specific route to the other vlans) If this is a router conencted to the internet, you would defiantely want to keep the default gw out it's serial interface. -Patrick Kiran Kumar M 07/24/01 10:27AM Hai, I am facing a strange problem. I am using a cisco 2610 router in my network. In that I am having one fastethernet, and 2 WIC2T . When I am connecting to the L3 switch, it is able to ping to that particular VLAN, and unable to ping to other VLANS or outside of that VLAN. If I use another router with ethernet card (becuase I am not having another ethernet card in first router), with the same setup it is able to communicate with the outside world. So I concluded that it is not the problem with L3 switch. I tried to find it on cisco site, but unable to locate the solution. Thanks in advance, Kiran Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13574t=13497 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem with Fastethernet 2610 router [7:13497]
WHAT DO u mean by another router with ethernet card nd unable to ping to other VLANS or outside of that VLAN. If I use another router with ethernet card (becuase I am not having another ethernet card in first router), -Original Message- From: Kiran Kumar M [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 10:40 PM To: Farhan Ahmed Cc: [EMAIL PROTECTED] Subject: RE: Problem with Fastethernet 2610 router [7:13497] It is not at all the routing problem. Because it is perfectly working with the same configuration with other router with out any changes. Thanks, Kiran On Tue, 24 Jul 2001, Farhan Ahmed wrote: u need to setup static route in both direction u just put only 1 route to the 1st vlan u need more rotes in both direc on the other vlans u should have static routes to router via x -Original Message- From: Kiran Kumar M [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 10:28 PM To: [EMAIL PROTECTED] Subject: Re: Problem with Fastethernet 2610 router [7:13497] Thanks for your mail. No, the default route is already there. It is already defined in that router. Infact I just copied it from the working router. Thanks, Kiran On Tue, 24 Jul 2001, Patrick Ramsey wrote: sounds like you have missed a default route on the 2610. The 2610 will not be able to see any other vlans unless the vlan it is plugged into has an ip address assigned to it acting as a gateway. Then you need to set that ip address as the 2610's default gateway. (or at least specify a specific route to the other vlans) If this is a router conencted to the internet, you would defiantely want to keep the default gw out it's serial interface. -Patrick Kiran Kumar M 07/24/01 10:27AM Hai, I am facing a strange problem. I am using a cisco 2610 router in my network. In that I am having one fastethernet, and 2 WIC2T . When I am connecting to the L3 switch, it is able to ping to that particular VLAN, and unable to ping to other VLANS or outside of that VLAN. If I use another router with ethernet card (becuase I am not having another ethernet card in first router), with the same setup it is able to communicate with the outside world. So I concluded that it is not the problem with L3 switch. I tried to find it on cisco site, but unable to locate the solution. Thanks in advance, Kiran Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13575t=13497 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem with Fastethernet 2610 router [7:13497]
what do u mean by safe side? -Original Message- From: Kiran Kumar M [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 11:04 PM To: Farhan Ahmed Subject: RE: Problem with Fastethernet 2610 router [7:13497] Nothing Actually second line is not required if we are defining the first. But it was defined on safe side.. some time we remove the routing after incresing the links.. Thanks, Kiran On Tue, 24 Jul 2001, Farhan Ahmed wrote: whats the diff bw these 2 ip route 0.0.0.0 0.0.0.0 192.168.2.1 ip route 192.168.2.0 255.255.255.0 192.168.2.1 ! -Original Message- From: Kiran Kumar M [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 10:57 PM To: Farhan Ahmed Cc: [EMAIL PROTECTED] Subject: RE: Problem with Fastethernet 2610 router [7:13497] Sure. It is very simple configuration. 2610 Router: Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! enable secret 5 x enable password ! ip subnet-zero ip domain-name xx.xxx ip name-server xxx.xxx.xxx.xxx ! ! interface Loopback0 no ip address no ip directed-broadcast ! interface Ethernet0/0 ip address 192.168.2.2 255.255.255.0 no ip directed-broadcast ! interface Serial0/0 no ip directed-broadcast encapsulation ppp no ip route-cache no ip mroute-cache shutdown ! interface Serial0/1 ip address 192.168.1.61 255.255.255.252 no ip directed-broadcast encapsulation ppp no ip route-cache no ip mroute-cache ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.2.1 ip route 192.168.2.0 255.255.255.0 192.168.2.1 ! ! ! line con 0 transport input none line aux 0 line vty 0 4 password xx login ! end Here I replaced the passwords and IP address ( Actually I am using public IP address, here I mention the private IP addresses). The very same is following on 2620 router also. Except one change. That is Ethernet is replaced with Fast ethernet. Thanks, Kiran On Tue, 24 Jul 2001, Farhan Ahmed wrote: cAN U SEND YR CONFIGS -Original Message- From: Kiran Kumar M [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 10:40 PM To: Farhan Ahmed Cc: [EMAIL PROTECTED] Subject: RE: Problem with Fastethernet 2610 router [7:13497] It is not at all the routing problem. Because it is perfectly working with the same configuration with other router with out any changes. Thanks, Kiran On Tue, 24 Jul 2001, Farhan Ahmed wrote: u need to setup static route in both direction u just put only 1 route to the 1st vlan u need more rotes in both direc on the other vlans u should have static routes to router via x -Original Message- From: Kiran Kumar M [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 10:28 PM To: [EMAIL PROTECTED] Subject: Re: Problem with Fastethernet 2610 router [7:13497] Thanks for your mail. No, the default route is already there. It is already defined in that router. Infact I just copied it from the working router. Thanks, Kiran On Tue, 24 Jul 2001, Patrick Ramsey wrote: sounds like you have missed a default route on the 2610. The 2610 will not be able to see any other vlans unless the vlan it is plugged into has an ip address assigned to it acting as a gateway. Then you need to set that ip address as the 2610's default gateway. (or at least specify a specific route to the other vlans) If this is a router conencted to the internet, you would defiantely want to keep the default gw out it's serial interface. -Patrick Kiran Kumar M 07/24/01 10:27AM Hai, I am facing a strange problem. I am using a cisco 2610 router in my network. In that I am having one fastethernet, and 2 WIC2T . When I am connecting to the L3 switch, it is able to ping to that particular VLAN, and unable to ping to other VLANS or outside of that VLAN. If I use another router with ethernet card (becuase I am not having another ethernet card in first router), with the same setup it is able to communicate with the outside world. So I concluded that it is not the problem with L3 switch. I tried to find it on cisco site, but unable to locate the solution. Thanks in advance, Kiran Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13582t=13497 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem with Fastethernet 2610 router [7:13497]
nothing wrong but its illogical same route pointing to one host none of them will work if that host is down so there is no point of safe side.. right? -Original Message- From: Kiran Kumar M [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 11:12 PM To: Farhan Ahmed Subject: RE: Problem with Fastethernet 2610 router [7:13497] Here right now I am testing on only one interface, imagine If I have 10 WAN and 2 ethernet.. Then This kind of setting will be useful. We generally follow it, so it was there.. What is the wrong in that ? On Tue, 24 Jul 2001, Farhan Ahmed wrote: what do u mean by safe side? -Original Message- From: Kiran Kumar M [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 11:04 PM To: Farhan Ahmed Subject: RE: Problem with Fastethernet 2610 router [7:13497] Nothing Actually second line is not required if we are defining the first. But it was defined on safe side.. some time we remove the routing after incresing the links.. Thanks, Kiran On Tue, 24 Jul 2001, Farhan Ahmed wrote: whats the diff bw these 2 ip route 0.0.0.0 0.0.0.0 192.168.2.1 ip route 192.168.2.0 255.255.255.0 192.168.2.1 ! -Original Message- From: Kiran Kumar M [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 10:57 PM To: Farhan Ahmed Cc: [EMAIL PROTECTED] Subject: RE: Problem with Fastethernet 2610 router [7:13497] Sure. It is very simple configuration. 2610 Router: Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! enable secret 5 x enable password ! ip subnet-zero ip domain-name xx.xxx ip name-server xxx.xxx.xxx.xxx ! ! interface Loopback0 no ip address no ip directed-broadcast ! interface Ethernet0/0 ip address 192.168.2.2 255.255.255.0 no ip directed-broadcast ! interface Serial0/0 no ip directed-broadcast encapsulation ppp no ip route-cache no ip mroute-cache shutdown ! interface Serial0/1 ip address 192.168.1.61 255.255.255.252 no ip directed-broadcast encapsulation ppp no ip route-cache no ip mroute-cache ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.2.1 ip route 192.168.2.0 255.255.255.0 192.168.2.1 ! ! ! line con 0 transport input none line aux 0 line vty 0 4 password xx login ! end Here I replaced the passwords and IP address ( Actually I am using public IP address, here I mention the private IP addresses). The very same is following on 2620 router also. Except one change. That is Ethernet is replaced with Fast ethernet. Thanks, Kiran On Tue, 24 Jul 2001, Farhan Ahmed wrote: cAN U SEND YR CONFIGS -Original Message- From: Kiran Kumar M [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 10:40 PM To: Farhan Ahmed Cc: [EMAIL PROTECTED] Subject: RE: Problem with Fastethernet 2610 router [7:13497] It is not at all the routing problem. Because it is perfectly working with the same configuration with other router with out any changes. Thanks, Kiran On Tue, 24 Jul 2001, Farhan Ahmed wrote: u need to setup static route in both direction u just put only 1 route to the 1st vlan u need more rotes in both direc on the other vlans u should have static routes to router via x -Original Message- From: Kiran Kumar M [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 10:28 PM To: [EMAIL PROTECTED] Subject: Re: Problem with Fastethernet 2610 router [7:13497] Thanks for your mail. No, the default route is already there. It is already defined in that router. Infact I just copied it from the working router. Thanks, Kiran On Tue, 24 Jul 2001, Patrick Ramsey wrote: sounds like you have missed a default route on the 2610. The 2610 will not be able to see any other vlans unless the vlan it is plugged into has an ip address assigned to it acting as a gateway. Then you need to set that ip address as the 2610's default gateway. (or at least specify a specific route to the other vlans) If this is a router conencted to the internet, you would defiantely want to keep the default gw out it's serial interface. -Patrick Kiran Kumar M 07/24/01 10:27AM Hai, I am facing a strange problem. I am using a cisco 2610 router in my network. In that I am having one fastethernet, and 2 WIC2T . When I am connecting to the L3 switch, it is able to ping to that particular VLAN, and unable to ping to other VLANS or outside of that VLAN. If I use another router with ethernet card (becuase I am not having another ethernet card in first router), with the same setup
RE: last modem question ever (I can only hope) [7:13586]
try this telnet 192.168.1.201 20(yourline#) at OK READY 02:02:56: TTY3: DSR was dropped 02:02:56: tty3: Modem: READY-HANGUP 02:02:57: TTY3: dropping DTR, hanging up 02:02:57: tty3: Modem: HANGUP-IDLE 02:03:02: TTY3: restoring DTR It looks to me like it connects (both from the debug and the pretty lights on the modems themselves) but that ppp negotiation does not start. Hardwarewise Ive got a 3640 with a wic-2a/s and a 1720 with a wic-2a/s attached to v.34 usr courier modems. Here is the relevent parts of the config from the router that is dialing out. ! version 12.2 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname PHX_Router ! ! username dialto password 0 password username dialfrom password 0 password ip subnet-zero ! isdn voice-call-failure 0 chat-script dialout ABORT ERROR ATFC1D2 OK ATDT \T TIMEOUT 60 \c call rsvp-sync ! ! interface Serial2/0 physical-layer async no ip address encapsulation ppp dialer in-band dialer pool-member 2 async mode dedicated ! interface Serial2/1 physical-layer async no ip address ! interface Dialer2 ip address 10.145.1.2 255.255.255.0 encapsulation ppp dialer pool 2 dialer remote-name dialto dialer string 2546593 dialer hold-queue 100 dialer-group 2 pulse-time 0 ppp authentication chap ! ip classless ip route 192.168.1.0 255.255.255.0 Dialer2 no ip http server ! dialer-list 2 protocol ip permit ! ! ! ! ! ! dial-peer cor custom ! ! ! ! line con 0 exec-timeout 0 0 transport input none line 65 66 no exec script dialer dialout modem InOut modem autoconfigure type usr_courier transport input all stopbits 1 speed 115200 line aux 0 line vty 0 4 password password login ! end and here is the config from the modem it is dialing into. version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! ! username dialto password 0 password username dialfrom password 0 password ! ! ! ! memory-size iomem 25 ip subnet-zero no ip domain-lookup ! chat-script dial ABORT ERROR ATFC1D2 OK ATDT \T TIMEOUT 60 \c chat-script resetusr atfs0=1e0r2d2c1b1h1m4k1q0w OK ! ! ! interface Loopback0 ip address 192.168.1.1 255.255.255.255 ! interface Serial0 no ip address ! interface Serial1 physical-layer async no ip address encapsulation ppp dialer in-band dialer map ip 10.145.1.2 name Phx_Router broadcast dialer-group 1 async mode dedicated ppp authentication chap ! interface Serial2 physical-layer async no ip address ! interface FastEthernet0 ip address 10.129.0.132 255.255.0.0 speed auto ! ip classless ip route 0.0.0.0 0.0.0.0 Serial1 no ip http server ! dialer-list 1 protocol ip permit ! line con 0 transport input none line 2 3 no exec script dialer dial script reset resetusr modem InOut transport input all stopbits 1 speed 115200 line aux 0 line vty 0 4 login ! no scheduler allocate end I think im missing something pretty basic here, as in I basically dont know what to do now. Any help or ideas would be greatly appreciated at this point. Ben __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13589t=13586 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: last modem question ever (I can only hope) [7:13586]
try putting flowcontrol hardware -Original hostname PHX_Router ! ! username dialto password 0 password username dialfrom password 0 password ip subnet-zero ! isdn voice-call-failure 0 chat-script dialout ABORT ERROR ATFC1D2 OK ATDT \T TIMEOUT 60 \c call rsvp-sync ! ! interface Serial2/0 physical-layer async no ip address encapsulation ppp dialer in-band dialer pool-member 2 async mode dedicated ! interface Serial2/1 physical-layer async no ip address ! interface Dialer2 ip address 10.145.1.2 255.255.255.0 encapsulation ppp dialer pool 2 dialer remote-name dialto dialer string 2546593 dialer hold-queue 100 dialer-group 2 pulse-time 0 ppp authentication chap ! ip classless ip route 192.168.1.0 255.255.255.0 Dialer2 no ip http server ! dialer-list 2 protocol ip permit ! ! ! ! ! ! dial-peer cor custom ! ! ! ! line con 0 exec-timeout 0 0 transport input none line 65 66 no exec script dialer dialout modem InOut modem autoconfigure type usr_courier transport input all stopbits 1 speed 115200 line aux 0 line vty 0 4 password password login ! end and here is the config from the modem it is dialing into. version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! ! username dialto password 0 password username dialfrom password 0 password ! ! ! ! memory-size iomem 25 ip subnet-zero no ip domain-lookup ! chat-script dial ABORT ERROR ATFC1D2 OK ATDT \T TIMEOUT 60 \c chat-script resetusr atfs0=1e0r2d2c1b1h1m4k1q0w OK ! ! ! interface Loopback0 ip address 192.168.1.1 255.255.255.255 ! interface Serial0 no ip address ! interface Serial1 physical-layer async no ip address encapsulation ppp dialer in-band dialer map ip 10.145.1.2 name Phx_Router broadcast dialer-group 1 async mode dedicated ppp authentication chap ! interface Serial2 physical-layer async no ip address ! interface FastEthernet0 ip address 10.129.0.132 255.255.0.0 speed auto ! ip classless ip route 0.0.0.0 0.0.0.0 Serial1 no ip http server ! dialer-list 1 protocol ip permit ! line con 0 transport input none line 2 3 no exec script dialer dial script reset resetusr modem InOut transport input all stopbits 1 speed 115200 line aux 0 line vty 0 4 === message truncated === __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13596t=13586 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: access list.. [7:13564]
should be 0.0.15.255 but how? -Original Message- From: Ayers, Michael [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 25, 2001 12:27 AM To: [EMAIL PROTECTED] Subject: RE: access list.. [7:13564] Your statement (access-list 101 deny ip 128.252.0.0 0.0.255.255 128.252.240.0 0.0.255.255), will AND off the 240 part, and still block all of the class b Thank You, Michael Ayers Network Engineer OneNeck IT Services (480) 539-2203 (800) 272-3077 -Original Message- From: MikeN [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 12:49 PM To: [EMAIL PROTECTED] Subject:Re: access list.. [7:13564] Okay.. default masks meaning classful class B. 128.252.0.0 with a subnet mask of 255.255.0.0 and 128.252.240.0 with a subnet mask of 255.255.0.0 On a router you would use the wildcard mask (inverse) of the subnet mask: access-list 101 deny ip 128.252.0.0 0.0.255.255 128.252.240.0 0.0.255.255 access-list 101 permit ip any any Then apply it to the interface with ip access-group 101 in or out depending on what interface it is applied to. It is easy to envision what the wildcard mask is and what it does if we view the decimal numbers in binary format: wildcard mask 0.0.255.255 = ... 0's = interesting part of the address is to the router; 1's = portion of address the router isn't going to care aboutthis portion of the accress could be any number. If you list the ip address in binary above the wildcard mask, it looks like this: 128 . 252 . 0. 0 1000.1100.. ... 0 . 0.252 . 252 The router will only view the portion of the address NOT blocked by 1's as interesting: 128.252.x.x You will need to grasp this concept before moving on to subnetting and supernetting. There are some excellent explanations for how this works in the Cisco Press CCNA books. To confirm, this is for routers and not the PIX ACLs. HTH MikeN Farhan Ahmed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... What mask would be used if you want to create an access list where the IP addresses (128.252.0.0 to 128.252.240.0) would be blocked pls support with explanation, Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13606t=13564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: access list..cool up [7:13564]
Tac Certified Doc Using Wildcard Masks in Access List Definitions Question: How do I configure an access list to disallow network 10.90.0.0 255.255.0.0 from accessing 10.80.0.0 255.255.0.0, but allow it to access others? I''ve entered the following commands: access list 101 deny ip 10.90.0.0 255.255.0.0 10.80.0.0 255.255.0.0 access list 101 permit ip any any int vlan 90 ip access-group 101 out But when I do a show run, I see the following: access-list 102 deny ip 0.0.0.0 255.255.0.0 0.0.0.0 255.255.0.0 access-list 102 permit ip any any Why does this happen? Answer: The problem is that you are using subnet masks rather than wildcard masks in your access list definition. A wildcard mask is just the opposite of a subnet mask: each time there is a binary 1 in a subnet mask, you have to replace it with a 0 to get the equivalent wildcard mask. In other words, if you have a subnet mask of 255.255.0.0, the equivalent wilcard mask is 0.0.255.255. The same idea applies to subnet mask of 255.255.255.252, which becomes 0.0.0.3 as a wildcard mask. For your access list, you should enter the following lines to your configuration: access-list 101 deny ip 10.90.0.0 0.0.255.255 10.80.0.0 0.0.255.255 access-list 101 permit ip any any Then type sh run to verify that the above lines are unchanged. Last Modified: 30-NOV-99 All contents copyright ) 1992--2001 Cisco Systems, Inc. Important Notices and Privacy Statement. -Original Message- From: fgh [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 25, 2001 12:40 AM To: [EMAIL PROTECTED] Subject: Re: access list.. [7:13564] He wants to block the range 128.252.0.0-128.252.240.0 and permit all else. access-list 1 deny 128.252.0.0 0.0.240.255 access-list 1 permit any I have a CCIE and a sniffer instructor sitting next to me and they verified that the above commands work for blocking the range and permitting everything else. - Original Message - From: Ayers, Michael To: 'fgh' ; Sent: Tuesday, July 24, 2001 3:04 PM Subject: RE: access list.. [7:13564] That should be 0.0.15.255, but that allows 240, and you have it backwards, you need to permit the first line (access-list 1 deny 128.252.0.0 0.0.15.255), and then deny the class b , then permit all else -Original Message- From: fgh [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 1:02 PM To: [EMAIL PROTECTED] Subject: Re: access list.. [7:13564] access-list 1 deny 128.252.0.0 0.0.240.255 access-list 1 permit any the 1st line blocks that range and the 2nd line allows all other traffic i think? not positive though - Original Message - From: Farhan Ahmed To: Sent: Tuesday, July 24, 2001 1:28 PM Subject: access list.. [7:13564] What mask would be used if you want to create an access list where the IP addresses (128.252.0.0 to 128.252.240.0) would be blocked pls support with explanation, Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13610t=13564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: access list.. [7:13564]
we wanted to block till 240 1-240 -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 25, 2001 1:33 AM To: [EMAIL PROTECTED] Subject: RE: access list.. [7:13564] Wouldn't the right answer be this: ip access-list 101 deny 128.252.240.0 0.0.0.255 ip access-list 101 permit 128.252.240.0 0.0.240.255 ip access-list 101 deny 128.252.0.0 0.0.255.255 ip access-list 101 permit any Line 1 would block .240 Line 2 would allow .240 thru .255 Line 3 would block .0 thru .255 Line 4 would allow the rest Hth, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: Ayers, Michael [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 4:06 PM To: [EMAIL PROTECTED] Subject: RE: access list.. [7:13564] Only problem, your scenario should be too block all from 0 to 239 to make an easy solution. -Original Message- From: Ayers, Michael Sent: Tuesday, July 24, 2001 1:40 PM To: 'Farhan Ahmed'; Ayers, Michael; [EMAIL PROTECTED] Subject:RE: access list.. [7:13564] 0.0.15.255 = I only care what the first 20 bits are. So 128.252 are 16 bits, we can ignore them (they match visually). The last octet is all 1, so we can ignore that also don't care. We also don't care what the last 4 bits are, so we do care what the first 4 are. If we use 128.252.240.0, we get 1000 1100 000 in binary. We only want to focus on the 3rd octet . SO CARE Don't Care Decimal Number 240 0001241 0010242 0011243 0100244 0101245 0110246 0111247 1000248 1001249 1010250 1011251 1100252 1101253 1110254 255 -Original Message- From: Farhan Ahmed [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 1:35 PM To: 'Ayers, Michael'; [EMAIL PROTECTED] Subject:RE: access list.. [7:13564] should be 0.0.15.255 but how? -Original Message- From: Ayers, Michael [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 25, 2001 12:27 AM To: [EMAIL PROTECTED] Subject: RE: access list.. [7:13564] Your statement (access-list 101 deny ip 128.252.0.0 0.0.255.255 128.252.240.0 0.0.255.255), will AND off the 240 part, and still block all of the class b Thank You, Michael Ayers Network Engineer OneNeck IT Services (480) 539-2203 (800) 272-3077 -Original Message- From: MikeN [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 12:49 PM To: [EMAIL PROTECTED] Subject:Re: access list.. [7:13564] Okay.. default masks meaning classful class B. 128.252.0.0 with a subnet mask of 255.255.0.0 and 128.252.240.0 with a subnet mask of 255.255.0.0 On a router you would use the wildcard mask (inverse) of the subnet mask: access-list 101 deny ip 128.252.0.0 0.0.255.255 128.252.240.0 0.0.255.255 access-list 101 permit ip any any Then apply it to the interface with ip access-group 101 in or out depending on what interface it is applied to. It is easy to envision what the wildcard mask is and what it does if we view the decimal numbers in binary format: wildcard mask 0.0.255.255 = ... 0's = interesting part of the address is to the router; 1's = portion of address the router isn't going to care aboutthis portion of the accress could be any number. If you list the ip address in binary above the wildcard mask, it looks like this: 128 . 252 . 0. 0 1000.1100.. ... 0 . 0.252 . 252 The router will only view the portion of the address NOT blocked by 1's as interesting: 128.252.x.x You will need to grasp this concept before moving on to subnetting and supernetting. There are some excellent explanations for how this works in the Cisco Press CCNA books. To confirm, this is for routers and not the PIX ACLs. HTH MikeN Farhan Ahmed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... What mask would be used if you want to create an access list where the IP addresses (128.252.0.0 to 128.252.240.0) would be blocked pls support with explanation, Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind.
RE: access list.. [7:13564]
i think b4 it was ok -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 25, 2001 1:46 AM To: [EMAIL PROTECTED] Subject: RE: access list.. [7:13564] Oops, I made an error - sorry. It should be: ip access-list 101 deny 128.252.240.0 0.0.0.255 ip access-list 101 permit 128.252.240.0 0.0.15.255 ip access-list 101 deny 128.252.0.0 0.0.255.255 ip access-list 101 permit any Line 1 would block .240 Line 2 would allow .240 thru .255 Line 3 would block .0 thru .255 Line 4 would allow the rest Hth, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 4:33 PM To: [EMAIL PROTECTED] Subject: RE: access list.. [7:13564] Wouldn't the right answer be this: ip access-list 101 deny 128.252.240.0 0.0.0.255 ip access-list 101 permit 128.252.240.0 0.0.240.255 ip access-list 101 deny 128.252.0.0 0.0.255.255 ip access-list 101 permit any Line 1 would block .240 Line 2 would allow .240 thru .255 Line 3 would block .0 thru .255 Line 4 would allow the rest Hth, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: Ayers, Michael [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 4:06 PM To: [EMAIL PROTECTED] Subject: RE: access list.. [7:13564] Only problem, your scenario should be too block all from 0 to 239 to make an easy solution. -Original Message- From: Ayers, Michael Sent: Tuesday, July 24, 2001 1:40 PM To: 'Farhan Ahmed'; Ayers, Michael; [EMAIL PROTECTED] Subject:RE: access list.. [7:13564] 0.0.15.255 = I only care what the first 20 bits are. So 128.252 are 16 bits, we can ignore them (they match visually). The last octet is all 1, so we can ignore that also don't care. We also don't care what the last 4 bits are, so we do care what the first 4 are. If we use 128.252.240.0, we get 1000 1100 000 in binary. We only want to focus on the 3rd octet . SO CARE Don't Care Decimal Number 240 0001241 0010242 0011243 0100244 0101245 0110246 0111247 1000248 1001249 1010250 1011251 1100252 1101253 1110254 255 -Original Message- From: Farhan Ahmed [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 1:35 PM To: 'Ayers, Michael'; [EMAIL PROTECTED] Subject:RE: access list.. [7:13564] should be 0.0.15.255 but how? -Original Message- From: Ayers, Michael [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 25, 2001 12:27 AM To: [EMAIL PROTECTED] Subject: RE: access list.. [7:13564] Your statement (access-list 101 deny ip 128.252.0.0 0.0.255.255 128.252.240.0 0.0.255.255), will AND off the 240 part, and still block all of the class b Thank You, Michael Ayers Network Engineer OneNeck IT Services (480) 539-2203 (800) 272-3077 -Original Message- From: MikeN [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 24, 2001 12:49 PM To: [EMAIL PROTECTED] Subject:Re: access list.. [7:13564] Okay.. default masks meaning classful class B. 128.252.0.0 with a subnet mask of 255.255.0.0 and 128.252.240.0 with a subnet mask of 255.255.0.0 On a router you would use the wildcard mask (inverse) of the subnet mask: access-list 101 deny ip 128.252.0.0 0.0.255.255 128.252.240.0 0.0.255.255 access-list 101 permit ip any any Then apply it to the interface with ip access-group 101 in or out depending on what interface it is applied to. It is easy to envision what the wildcard mask is and what it does if we view the decimal numbers in binary format: wildcard mask 0.0.255.255 = ... 0's = interesting part of the address is to the router; 1's = portion of address the router isn't going to care aboutthis portion of the accress could be any number. If you list the ip address in binary above the wildcard mask, it looks like this: 128 . 252 . 0. 0 1000.1100.. ... 0
RE: Cabling info needed [7:13317]
cisco.com/go/tools -Original Message- From: Omer Ehsan Dar [mailto:[EMAIL PROTECTED]] Sent: Monday, July 23, 2001 10:53 AM To: [EMAIL PROTECTED] Subject: Cabling info needed [7:13317] Hi all, Where can I find good cabling info related to LAN networking and the cisco switches in particular. Thanks Omer Ehsan dar Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13318t=13317 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
pix 525 gigabit restriction [7:13327]
does any body know why cisco restrict to use only 1 gigabit interface on pix models? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13327t=13327 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: sh system command ? [7:13330]
current traffic rate -Original Message- From: Phil Barker [mailto:[EMAIL PROTECTED]] Sent: Monday, July 23, 2001 1:28 PM To: [EMAIL PROTECTED] Subject: sh system command ? [7:13330] Hi, The 'show system' command on a Cat 5500 contains a current traffic level and a peak level. How long are these values valid for. e.g is the current traffic value over a five minute period ? Is the peak value from when the Supy is booted up ? PS : checked cisco.com but cannot find an answer. Regards, Phil. Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13331t=13330 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: what's wrong with CCIE today? [7:13151]
u should have used 3 tacacs servers Sean Young wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... What's wrong with CCIEs today? I know that I am making a general assumptions; however,this is the second time that it has happend to the company that I work for. We have several tacacs servers that use to authenticate users. These tacacs servers are running on a combination of Linux and Solaris platforms. While I was away at the Networker Conference, one of our tacacs servers (solaris) die due to hardware failure and the amazingly the tacacs process on the Linux die. Because of this, everyone has to login to the routers and switches via local account. We hire these CCIEs to maintain the network while I am away for a few weeks. None of these CCIEs have any background with tacacs servers running on Unix platforms. As to our problems, the simple to do is just to restart the tacacs process byfirst: killall tac_plus and second /usr/sbin/tac_plus -C /etc/tacacs/tac_plus.cfg but these CCIEs guys have absolutely no clues. Furthermore, they don't even know how to use editing in Unix (i.e vi or emacs) and ended up screwing up my tacacs configuration files. We have a few employees that need tacacs account but these CCIEs guys have no clues how to addnew users to a configuration file which if anyone has done tacacs on the unix platform know that you just modify the configuration file tac_plus.conf and restart tacacs process. These CCIE guys say that they come from a windows environment so they don't have too much with Unix platforms. I also notice that a lot of CCIEs these days lack the Unix skills that are required for the Service Providers environment. Most don't even know how to tunnel X-application through Secure Shell (SSH). I still remember those days when Cisco Engineers are very well verse in both unix and routers skills. I long for those days again. Comments anyone? Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13336t=13151 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 1601, dial-in server... [7:13285]
! interface Dialer 1 description connected to Dial-inPCs(modem) ip unnumbered Ethernet 0 ip tcp header-compression passive encapsulation ppp dialer in-band dialer-group 1 ppp authentication chap no cdp enable peer default ip address pool Cisco1601-Group-1 ! ! interface Serial 0 physical-layer async no shutdown description connected to Dial-inPCs(modem) ip unnumbered Ethernet 0 async mode dedicated dialer rotary-group 1 ! ! ip local pool Cisco1601-Group-1 10.1.1.1 10.1.1.1 ip classless ! ! line 1 autoselect ppp modem InOut transport input all stopbits 1 speed 38400 flowcontrol hardware -Original Message- From: Arun [mailto:[EMAIL PROTECTED]] Sent: Monday, July 23, 2001 4:39 PM To: [EMAIL PROTECTED] Subject: Re: 1601, dial-in server... [7:13285] hi try this link http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Internetworking:PPP; s=Implementation_and_Configuration Regards Justin wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... hey all :) Im trying to configure my 1601, to recieve calls via async serial port, and initiate a ppp connection, like an access server.. i can make it dial out and connect to my isp. etc, but i cant seem to get it to do the opossite. i've looked on cisco.com and im starting to think its not possible on these type of routers ? anyone done this ?? thanks :) Justin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13346t=13285 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FrameRelay Over Utilized [7:13349]
send me debug frame-relay lmi output -Original Message- From: Jeff [mailto:[EMAIL PROTECTED]] Sent: Monday, July 23, 2001 5:20 PM To: [EMAIL PROTECTED] Subject: FrameRelay Over Utilized [7:13349] Hello, If I have a frame relay switch which is being over utilized will that cause the connection to drop. After looking in the log I see dlci 501 state changed to inactive, line protocol on interface s0/0.1 changed to down, dlci 501 active, this keeps going and going through out the log. The local telco insists that the circuit is overutilized and this is why the connection is dropping. I think it is a telco or csu problem. Also doing a show interface is showing 3000 crc errors and 500 interface resets for the past 3 days. Is there any way to tell for sure whether it is overutilization or a telco problem?? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13352t=13349 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FrameRelay Over Utilized [7:13349]
also these outputs show interfaces serial show controllers serial debug serial interface -Original Message- From: Jeff [mailto:[EMAIL PROTECTED]] Sent: Monday, July 23, 2001 5:20 PM To: [EMAIL PROTECTED] Subject: FrameRelay Over Utilized [7:13349] Hello, If I have a frame relay switch which is being over utilized will that cause the connection to drop. After looking in the log I see dlci 501 state changed to inactive, line protocol on interface s0/0.1 changed to down, dlci 501 active, this keeps going and going through out the log. The local telco insists that the circuit is overutilized and this is why the connection is dropping. I think it is a telco or csu problem. Also doing a show interface is showing 3000 crc errors and 500 interface resets for the past 3 days. Is there any way to tell for sure whether it is overutilization or a telco problem?? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13355t=13349 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Urgent... [7:13351]
first do backup delay 30 600 just to wait isdn 4 30 sec use eigrp and floating static put cost above 90 let me know -Original Message- From: sakella locuz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 23, 2001 5:37 PM To: [EMAIL PROTECTED] Subject: Urgent... [7:13351] Hi everybody, I am in a big problem..request ur assistance immediately... This is the configuration now working on 2 routers connected over a leased line also has a ISDN backup. While the leased line is working we tried the backup by switching of the leased line modem. The ISDN connection came up but there was nothing traversing over the connection. We checked the status, connection is absolutely OK, also we found that the leased circuit configuration when removed totally and connected over ISDN data flows smoothly. Kindly reply with exact problem...enclosed is the running config.. -- show running-config -- Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname BOBKHYD ! enable secret 5 ! username bobk password 0 username BOBKBOM password 0 ip subnet-zero ! isdn switch-type basic-net3 ! ! ! interface Ethernet0/0 ip address 10.4.10.50 255.255.255.0 no ip directed-broadcast no keepalive ! interface Serial0/0 ip address 192.168.1.1 255.255.255.252 no ip directed-broadcast no ip mroute-cache backup delay 0 600 backup interface Dialer1 backup load 60 40 no fair-queue ! interface BRI0/0 description connected to BOBKBOM no ip address no ip directed-broadcast encapsulation ppp dialer rotary-group 1 isdn switch-type basic-net3 no cdp enable ! interface Serial0/1 no ip address no ip directed-broadcast shutdown ! interface Dialer1 description connected to BOBKBOM bandwidth 64 ip unnumbered Ethernet0/0 no ip directed-broadcast encapsulation ppp no ip split-horizon dialer in-band dialer idle-timeout 600 dialer map ip 10.4.0.30 name BOBKBOM broadcast 0222805890 dialer hold-queue 10 dialer-group 1 no cdp enable ppp authentication chap ! ip classless ip route 10.4.0.0 255.255.255.0 Serial0/0 ip route 10.4.0.0 255.255.255.0 Dialer1 100 ip http server ! dialer-list 1 protocol ip permit ! line con 0 exec-timeout 0 0 transport input none line aux 0 line vty 0 4 password login ! end -- show running-config -- Building configuration... Current configuration: ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname BOBKBOM ! enable secret 5 ! username bobk password 0 username BOBKHYD password 0 ! ! ! ! memory-size iomem 25 ip subnet-zero ! isdn switch-type basic-net3 ! ! ! ! ! ! ! ! ! interface Serial0 description connected to bobkhyd bandwidth 64000 ip address 192.168.1.2 255.255.255.252 no fair-queue ! interface BRI0 description connected to BOBKHYD no ip address encapsulation ppp dialer rotary-group 1 isdn switch-type basic-net3 no cdp enable ! interface FastEthernet0 description connected to fastethernetLAN ip address 10.4.0.30 255.255.255.0 no keepalive speed auto ! interface Dialer1 description connected to BOBKHYD ip unnumbered FastEthernet0 encapsulation ppp no ip split-horizon dialer in-band dialer idle-timeout 600 dialer map ip 10.4.0.50 name BOBKHYD broadcast 0403391011 dialer hold-queue 10 dialer-group 1 no cdp enable ppp authentication chap ! ip classless ip route 10.4.10.0 255.255.255.0 Serial0 ip route 10.4.10.0 255.255.255.0 Dialer1 100 ip http server ! dialer-list 1 protocol ip permit ! voice-port 2/0 ! voice-port 2/1 ! ! line con 0 transport input none line aux 0 line vty 0 4 password login ! no scheduler allocate end -Surya- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13358t=13351 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: certificate system again [7:13401]
what is the scenario -Original Message- From: Jim Bond [mailto:[EMAIL PROTECTED]] Sent: Monday, July 23, 2001 10:01 PM To: [EMAIL PROTECTED] Subject: OT: certificate system again [7:13401] Hello, I posted this message on certificate newsgroup but didn't get any response. Since there are many experts here, allow me to ask this question again: We're trying to set up a certificate system, I'm wondering which one is better? Entrust, Microsoft, VeriSign and Netscape? Thanks in advance. Jim __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13414t=13401 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Working Frame Relay Point-to-Point Config [7:13245]
Deleted means that the Frame Relay switch doesn't have this DLCI programmed for the router. But it was programmed at some point in the past. This could also be caused by the DLCIs being reversed on the router, or by the PVC being deleted by the telco in the Frame Relay cloud. Configuring a DLCI (that the switch doesn't have) will show up as a 0x4 -Original Message- From: Albert Lu [mailto:[EMAIL PROTECTED]] Sent: Sunday, July 22, 2001 4:56 PM To: [EMAIL PROTECTED] Subject: Working Frame Relay Point-to-Point Config [7:13245] Hello Group, Could someone point me to (or send me) a working config for a Frame switch and routers attached to it, using point-to-point connections. I'm currently stuck on this for my routers, as the PVCs are there but in a deleted state. I probably should have included my configs in this email, but I'm not at my routers at the moment, and I'm sure it's something simple that I have missed. Thanks for your help. Albert _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13247t=13245 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: peer to peer IPX [7:13246]
ofcourse u can its a protocol -Original Message- From: Mr. Richard L. Pickard [mailto:[EMAIL PROTECTED]] Sent: Sunday, July 22, 2001 5:03 PM To: [EMAIL PROTECTED] Subject: peer to peer IPX [7:13246] 7/22/2001 7:45am Sunday It is possible to run IPX between WIN 95 workstations without a server on the segment? Richard [EMAIL PROTECTED] // Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13248t=13246 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]