OT Cisco Routers 4 sail [7:70664]

[Farhan Ahmed]

Hello everybody,

i have got 2500 qty 10, 2600 qty5 , 2524 qty 10 for immediate sale in
UAE, or abroad.

contact with confidence

Regards

Farhan Ahmed

Tel: 97126267050 Ext 108
Cell: 971507903578
Email: [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70664t=70664
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Access server problem [7:52462]

[Farhan Ahmed]

Hi all


I ve got a problem


The user is getting disconnect after 2-3 minutes, I ve changed the line at
both side,

Doesn't help, it was working b4 a month no configuration has been changed

Anyone knows about this error?
8589934592d8589934592h: Call Handle failed for Modem 2/1

Also this one

0
2002-08-31 14:20:45 Local7.Debug192.168.10.13   1924: 2d06h: TTY66:
Async Int reset: Dropping DTR
2002-08-31 14:20:45 Local7.Debug192.168.10.13   1925: 2d06h: Modem
2/1 Mcom: in modem state 'Disconnecting'
2002-08-31 14:20:45 Local7.Debug192.168.10.13   1926: 2d06h: Modem
2/1 Mcom: DISCONNECT, duration = 00:02:01, reason (0x9) DTR Drop




2d07h: Modem 2/1 Mcom: in modem state 'Dialing/Answering'
2d07h: Modem 2/1 Mcom: in modem state 'Incoming ring'
2d07h: %LINK-3-UPDOWN: Interface BRI1/2:1, changed state to up
2d07h: Modem 2/1 Mcom: in modem state 'Waiting for Carrier'
2d07h: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI1/2:1,
o up
2d07h: %ISDN-6-CONNECT: Interface BRI1/2:1 is now connected to 0
2d07h: Modem 2/1 Mcom: in modem state 'Connected'
8589934592d8589934592h: Call Handle failed for Modem 2/1
2d07h: Modem 2/1 Mcom: CONNECT at 31200/31200(Tx/Rx), V34, LAPM,
2d07h: TTY66: DSR came up
2d07h: Modem 2/1 Mcom: switching to PPP mode
2d07h: TTY66: no timer type 1 to destroy
2d07h: TTY66: no timer type 0 to destroy
2d07h: tty66: Modem: IDLE-(unknown)
2d07h: %LINK-3-UPDOWN: Interface Async66, changed state to up
2d07h: Modem 2/1 Mcom: PPP escape map: Tx map = , Rx map
2d07h: Modem 2/1 Mcom: PPP escape map: Tx map = , Rx map
2d07h: TTY66: Async Int reset: Dropping DTR
2d07h: Modem 2/1 Mcom: in modem state 'Disconnecting'
2d07h: Modem 2/1 Mcom: DISCONNECT, duration = 00:00:26, reason (
2d07h: TTY66: DSR was dropped
2d07h: tty66: Modem: READY-(unknown)
2d07h: TTY66: dropping DTR, hanging up
2d07h: tty66: Modem: HANGUP-(unknown)
2d07h: Modem 2/1 Mcom: in modem state 'Idle'
2d07h: %LINK-5-CHANGED: Interface Async66, changed state to rese
2d07h: TTY66: cleanup pending. Delaying DTR
2d07h: TTY66: cleanup pending. Delaying DTR
2d07h: TTY66: cleanup pending. Delaying DTR
2d07h: Modem 2/1 Mcom: switching to character mode
2d07h: TTY66: no timer type 0 to destroy
2d07h: TTY66: no timer type 1 to destroy
2d07h: TTY66: no timer type 3 to destroy
2d07h: TTY66: no timer type 4 to destroy
2d07h: TTY66: no timer type 2 to destroy
2d07h: Async66: allowing modem_process to continue hangup
2d07h: TTY66: restoring DTR
2d07h: TTY66: autoconfigure probe started
2d07h: %LINK-3-UPDOWN: Interface Async66, changed state to down


Best Regards
Have A Good Day!!
++
Farhan Ahmed
MCSE+I, MCP Win2k, CCA, CCDA, CCNA, CSE , CCNP
Network Engineer
Mideast Data Systems Abu Dhabi Uae. www.mdsemirates.com 

Tel: 97126274000Cellular: 971507903578
++


Be a builder, not a destroyer!!!

 

Disclaimer:
Privileged/Confidential Information may be contained in this message or
Attachments hereto. Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind. Errors and
Omissions may occur in the contents of this e-mail arising out of or in
connection with data transmission, network malfunction or failure, machine
or software error, malfunction, or  by the person who is sending the email.
Mideast Data Systems accepts no responsibility for any such errors or
omissions  Opinions, Conclusions and other information in this message that
do not relate to the Official business of this company shall be understood
as neither given nor Endorsed by it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=52462t=52462
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Need Some Advice [7:43476]

[Farhan Ahmed]

Hello guys
 
I need to accommodate 21 e1 connections and 3 e3 connections to central
site, somebody can tell me which cisco product should I choose at central
and remote sites
 
 
Thanks 
 
fa




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=43476t=43476
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Pix 520 [7:37836]

[Farhan Ahmed]

6.0 and Higher 

PIX software releases 6.0 and later and PIX Device Manager require a
minimum of 32MB RAM and 8MB Flash.  Some PIX 520 systems may not meet
these minimum requirements, and the purchase and installation of a 128MB
RAM upgrade and/or a 16MB flash card will be necessary.  

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Monday, March 11, 2002 12:24 PM
To: [EMAIL PROTECTED]
Subject: RE: Pix 520 [7:37836]


It only requires 8 mb of flash also.  I am actually trying to install
6.13 not 6.2.  I've also tried going just to 5.2 and get the same
results.

thanks

-Original Message-
From: Mark Odette II [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 11, 2002 9:02 AM
To: 
Subject: RE: Pix 520 [7:37836]


Jason- I might be wrong, but I think the 6.x PIX software requires the
16MB Flashcard.

You might check CCO to confirm.

Mark

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, March 11, 2002 1:15 AM
To: [EMAIL PROTECTED]
Subject: Pix 520 [7:37836]


I currently am trying to upgrade a pix 520 from pix ios 4.7(7) to 6.2
and am having some difficulty or errors more like.  When upgrading the
pix I am using the 6.1 boothelper on the floppy to upgrade the pix.  It
gives me an error telling me that the pix's flash is obsolete.  It then
reboots the pix. I have never seen this before and have worked with
plenty of pix's before. The pix runs fine with version 4.7 and has 8mb
of flash for upgrade. Anybody have any ideas of what I can do to trick
it possibly or a work around.

Thanks,

Jason Pehrson
Systems Administrator
Information Systems Department
Naval Support Activity Naples, Italy [EMAIL PROTECTED]
Work:   (39) 081-568-4316
Cell:   (39) 347-381-1060
Fax:(39) 081-568-5689
 

[GroupStudy.com removed an attachment of type application/octet-stream
which had a name of Pehrson, Jason Contractor (NSANAP N63).vcf]

[GroupStudy.com removed an attachment of type application/x-pkcs7-signature
which had a name of smime.p7s]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=37842t=37836
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PAT [7:37848]

[Farhan Ahmed]

Hi Group,

Any one has idea how to figure out or how to connect to specific service
via an outside ip address that is being pat on a router

Best Regards
Have A Good Day!! 
++
Farhan Ahmed
MCSE+I, MCP Win2k, CCA, CCDA, CCNA, CSE , CCNP
Network Engineer
Mideast Data Systems Abu Dhabi Uae. www.mdsemirates.com

Tel: 97126274000Cellular: 971507903578
++

Privileged/Confidential Information may be contained in this message or
Attachments hereto. Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind. Opinions,
Conclusions and other information in this message that do not relate to
the Official business of this company shall be understood as neither
given nor Endorsed by it

[GroupStudy.com removed an attachment of type application/x-pkcs7-signature
which had a name of smime.p7s]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=37848t=37848
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Pix 520 [7:37836]

[Farhan Ahmed]

U might need more Flash size 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Monday, March 11, 2002 11:15 AM
To: 
Subject: Pix 520 [7:37836]


I currently am trying to upgrade a pix 520 from pix ios 4.7(7) to 6.2
and am having some difficulty or errors more like.  When upgrading the
pix I am using the 6.1 boothelper on the floppy to upgrade the pix.  It
gives me an error telling me that the pix's flash is obsolete.  It then
reboots the pix. I have never seen this before and have worked with
plenty of pix's before. The pix runs fine with version 4.7 and has 8mb
of flash for upgrade. Anybody have any ideas of what I can do to trick
it possibly or a work around.

Thanks,

Jason Pehrson
Systems Administrator
Information Systems Department
Naval Support Activity Naples, Italy [EMAIL PROTECTED]
Work:   (39) 081-568-4316 
Cell:   (39) 347-381-1060
Fax:(39) 081-568-5689
  

[GroupStudy.com removed an attachment of type application/octet-stream
which had a name of Pehrson, Jason Contractor (NSANAP N63).vcf]

[GroupStudy.com removed an attachment of type application/x-pkcs7-signature
which had a name of smime.p7s]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=37839t=37836
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

cant firgure it out why accesslist not working [7:25217]

[farhan ahmed]

dear all

this access list is allowing rdp and other connections to the hosts like .47,
cant firgure it out why accesslist not working..

any thoughts

sh runn
Building configuration...

!
!
!
!
ip subnet-zero
no ip finger
no ip domain-lookup
!
 --More-- isdn switch-type basic-net3
!
!
!
interface FastEthernet0/0
 ip address 201.170.253.33 255.255.255.224 secondary
 ip address 201.170.253.1 255.255.255.224
 speed 10
 full-duplex
!
interface BRI0/0
 description connected to Internet
 ip unnumbered FastEthernet0/0
 ip access-group 101 in
 encapsulation ppp
 dialer idle-timeout 2147483
 dialer string 400
 dialer hold-queue 100
 dialer-group 1
 isdn switch-type basic-net3
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname mdspc-0012
 --More--  ppp chap password 7 06051F324843
 hold-queue 50 in
!
interface FastEthernet0/1
 no ip address
 shutdown
 speed 10
 full-duplex
!
ip classless
ip route 0.0.0.0 0.0.0.0 BRI0/0
no ip http server
!
access-list 101 permit tcp any host 201.170.253.10 eq www
access-list 101 permit tcp any host 201.170.253.47 eq smtp
access-list 101 permit tcp any host 201.170.253.47 eq pop3
access-list 101 permit tcp any host 201.170.253.47 eq 143
access-list 101 permit tcp any host 201.170.253.47 eq domain
access-list 101 permit udp any host 201.170.253.47 eq domain
access-list 101 permit tcp any host 201.170.253.48 eq smtp
access-list 101 permit tcp any host 201.170.253.48 eq pop3
access-list 101 permit tcp any host 201.170.253.48 eq 143
access-list 101 permit tcp any host 201.170.253.50 eq 3389
 --More-- access-list 101 permit tcp any host
201.170.253.51 eq 1494
access-list 101 permit tcp any host 201.170.253.51 eq 3389
access-list 101 permit icmp any host 201.170.253.47
dialer-list 1 protocol ip permit
!
line con 0
 transport input none
line aux 0
line vty 0 4




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=25217t=25217
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT:need cisco equipments [7:25045]

[farhan ahmed]

any one wish to sale cisco equipments pls cont me with model serial no
and prices

delievery will be in united arab emirates, abudhabi

can pay via visa and escrow or through a friend in NJ usa

thnx

farhan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=25045t=25045
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT:need cisco equipments [7:24923]

[farhan ahmed]

any one wish to sale cisco equipments pls cont me with model serial no and
prices

delievery will be in united arab emirates, abudhabi

can pay via visa and escrow or through a friend in NJ usa

thnx

farhan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=24923t=24923
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

brain teaser Dhcp Relay question [7:24423]

[farhan ahmed]

hi group,

i have a question,

if we configure ip helper address on a remote network to pass the bootp to
the
central site , how the dhcp server will know from which scope to assign to
the
dhcp client via dhcp relay server , if we have multiple scope configured on
dhcp server

thnx for input

fa




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=24423t=24423
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Domain for Sale [7:23887]

[Farhan Ahmed]

Hello all,

I m selling one of my domain name

www.certifiedpeoples.com

If somebody is interested in setting up a knowledge website or
groupdiscussion
or a database of certified cisco peoples etc etc.

pls cc me at [EMAIL PROTECTED]

;;;
Farhan Ahmed
MCSE+I, MCP Win2k, CCA, CCDA, CCNA, CSE , CCNP
Network Engineer
Mideast Data Systems Abu Dhabi Uae.
;;;
Privileged/Confidential Information may be contained in this message or
Attachments hereto. Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind. Opinions,
Conclusions and other information in this message that do not relate to
the Official business of this company shall be understood as neither
given nor Endorsed by it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=23887t=23887
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Outbond Vpn [7:21823]

[Farhan Ahmed]

hello Patrick,

can u tell me what i need to open for the outbond access to a vpn server
(win2k) 
pix 506 is on lan and nat and pat is running

thnx in advance

fa




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=21823t=21823
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: source based routing ..... [7:21827]

[Farhan Ahmed]

u need policy routing send yr config 

-Original Message-
From: Chamak [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 03, 2001 4:03 PM
To: [EMAIL PROTECTED]
Subject: Re: source based routing . [7:21827]


Set the default gateway on both the serial interfaces to your ISP, this
should work.

Mukul


RAJESH AGNIHOTRI  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Greetings to All ...


 I would highly appreciate if some one can help me out this problem...

 Basically we have connectivity to two ISP in India.We have different IP
 address give by the different ISP.

 1 202.169.191.128/29
 2164.164.89.80/28 ... These are the lan ip address give to use by the
 ISP... we have 2610 router with to serial interface and on Ethernet
 interface.

 Now we wanted to configure this router in such a way that any packet
comming
 from 164.164.89.80/28 should be routed its respective ISP
 and any packet comming from 202.169.191.128/28 network should be routed to
 respective ISP.

 we have give both the ip address on the eth..
 one of ISP 164 AND ISP 202 . SECONDRY ..

 can any one help us out on this


 Line of reply is highly appreciated


 Regards

 RajesH Agnihotri


 _
 Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=21832t=21827
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

spanning tree fwddelay ques [7:21547]

[Farhan Ahmed]

does anyone describe, somebody ask me,

which statement is not true about spanning tree forward delay value
that u can check with the catalyst 5000 show command

?? says:

1, all the default values are obtained from the root bridge

?? says:

2 all switch ports must use the values learned from the root bridge

?? says:

3 the delay calue can be set on the root bridge as fwddelay argument

?? says:

4 the delay is how much time the port should spend in listending or
learning mode



Best Regards

Have A Good Day!!

;;;
Farhan AhmedR
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE , CCA
Network Engineer
Mideast Data Systems Abu Dhabi Uae.

;;;

Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind. Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it. 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=21547t=21547
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: connectivity issue [7:21600]

[Farhan Ahmed]

enable nat for that network

nat (inside) 0 0

-Original Message-
From: Paul Holloway [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 02, 2001 1:10 AM
To: [EMAIL PROTECTED]
Subject: connectivity issue [7:21600]


Guys (and gals), I was wondering if anyone had ran into this problem. I have
a private, pt-pt network terminating on my side with a 2524 running 11.1.
This is connected into a 2900 switch. My ISP comes in on a 2610 through a
PIX running 6.1.(Whose inside IP is the gateway for all PCs) It is also
hitting the 2900. My machines behind the firewall can get to the internet
and also ping the 2524 Ethernet interface on my side, but that is as far as
they will go. I have put a static route into the PIX pointing any traffic
for the 10.4.0.0 network (the far side of the pt-pt) directed to the inside
IP of the 2524. from the PIX, I can ping the 2524, and any address on the
far network. But the PCs cannot go past the Ethernet of the 2524. They can
ping the inside interface of the 2524, but not even the WAN interface of
this router. I have also added a static for the Network of the WAN link, a
/30. I don't understand how the PIX can ping through the 2524 to the remote
network and the PCs cannot, when all the routes are in the PIX to direct
these packets to the correct destination(2524). Could it have to do with the
fact the times I'm getting on those pings( around 600ms) are above the TTL
on the PCs or could I be missing something else?  This is probably going to
turn out to be a stupid question, and I will regret sending it. Be gentle


Paul




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=21631t=21600
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Passed CCNP Thanks To ALL [7:21634]

[Farhan Ahmed]

I ve completed the CCNP in 2 months
i ve started on 31st july and ended on 1st October also i make the ccna exam
again (new version)

Many thanks to all of you who provide valuable informations and guides

Reciepe:

1 month vacation from Office
CCNP preparation Library from Cisco Press
www.cisco.com 
Mentors and White papers
groupstudy.com

and finally the RED BULL (special thanks) www.redbull.com



Best Regards

Have A Good Day!!

;;;
Farhan AhmedR
  CCA, MCSE+I, MCP Win2k, CCDA, CCNA, CSE , CCNP

Network Engineer
Mideast Data Systems Abu Dhabi Uae.

;;;

Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind. Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=21634t=21634
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

pix 506 users support [7:21503]

[Farhan Ahmed]

how many users does pix 506 support simultaneously




Best Regards

Have A Good Day!!

;;;
Farhan AhmedR
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE , CCA
Network Engineer
Mideast Data Systems Abu Dhabi Uae.

;;;

Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind. Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it. 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=21503t=21503
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

tunning buffers [7:21268]

[Farhan Ahmed]

hello all

any bidy has an idea what does it mean by need-11

the router is suffereing form no buffer

Buffer elements:
 437 in free list (500 max allowed)
 475 hits, 0 misses, 0 created
Small buffers, 104 bytes (total 60, permanent 60):
 60 in free list (20 min, 150 max allowed)
 62 hits, 0 misses, 0 trims, 0 created
Middle buffers, 600 bytes (total 25, permanent 25):
 23 in free list (10 min, 75 max allowed)
 58 hits, 0 misses, 0 trims, 0 created
Big buffers, 1524 bytes (total 71, permanent 66, need -11):
 5 in free list (5 min, 40 max allowed)
 66 hits, 0 misses, 0 trims, 5 created
 16 max cached, 15 in cache free list
Large buffers, 5024 bytes (total 0, permanent 0):
 0 in free list (0 min, 10 max allowed)
 0 hits, 0 misses, 0 trims, 0 created
Huge buffers, 18024 bytes (total 0, permanent 0):
 0 in free list (0 min, 4 max allowed)
 0 hits, 0 misses, 0 trims, 0 created


Best Regards

Have A Good Day!!

;;;
Farhan AhmedR
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE
Network Engineer
Mideast Data Systems Abudhabi Uae.

;;;

Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind. Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it. 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=21268t=21268
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

tunning buffers in 2500 router [7:21270]

[Farhan Ahmed]

hello all

any bidy has an idea what does it mean by need-11

the router is suffereing form no buffer

Buffer elements:

437 in free list (500 max allowed)

475 hits, 0 misses, 0 created

Small buffers, 104 bytes (total 60, permanent 60):

60 in free list (20 min, 150 max allowed)

62 hits, 0 misses, 0 trims, 0 created

Middle buffers, 600 bytes (total 25, permanent 25):

23 in free list (10 min, 75 max allowed)

58 hits, 0 misses, 0 trims, 0 created

Big buffers, 1524 bytes (total 71, permanent 66, need -11):

5 in free list (5 min, 40 max allowed)

66 hits, 0 misses, 0 trims, 5 created

16 max cached, 15 in cache free list

Large buffers, 5024 bytes (total 0, permanent 0):

0 in free list (0 min, 10 max allowed)

0 hits, 0 misses, 0 trims, 0 created

Huge buffers, 18024 bytes (total 0, permanent 0):

0 in free list (0 min, 4 max allowed)

0 hits, 0 misses, 0 trims, 0 created



Best Regards

Have A Good Day!!

;;;
Farhan AhmedR
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE
Network Engineer
Mideast Data Systems Abudhabi Uae.

;;;

Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind. Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=21270t=21270
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Can I configure 2 leased line for single channel ? [7:21254]

[Farhan Ahmed]

ppp multilink
but u need to change the encapsulation

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001 9:06 AM
To: [EMAIL PROTECTED]
Subject: Can I configure 2 leased line for single channel ? [7:21251]


Hello all,

I have  128 KBPS leased line  between 2 routers and I want to enhance the
performance of the same using one more leased line . Can anyboby suggest me
whether  is there any command which will  make these 2 lines to work as 1
logical line as is the case with etherchannel ?
Thanks in advance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=21254t=21254
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: invalid magic number in 2600 [7:21249]

[Farhan Ahmed]

try to erase flash and put the ios again
send the dump of yr screen

-Original Message-
From: Alejandro Pelaez [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001 8:42 AM
To: [EMAIL PROTECTED]
Subject: invalid magic number in 2600 [7:21249]


I can't boot a 2600 router, I get the message 'invalid magic number' in
flash. Ive tried changing the config register but it didn't work.

Please if you know how to fix this answer to [EMAIL PROTECTED] please
(if you want to answer to the newsgroup you can too, but please i prefer
the email response).

Thanks in advance. I have some other question to ask.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=21255t=21249
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: DHCP [7:21051]

[Farhan Ahmed]

i remember the only command i ut on the cisco router is

peer default ip address dhcp

and enable the ip helper address

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 11:28 PM
To: [EMAIL PROTECTED]
Subject: Re: DHCP [7:21051]


OK, I'm starting to see where the confusion is coming from. The ip 
dhcp-server command can be used on dial-up PPP links. It specifies the IP 
address of a DHCP server for the PPP client to use. It was almost 
impossible to find in the documentation. Most of the ip dhcp commands 
relate to telling your router to be a DHCP server, which is a completely 
different solution, of course.

Are you using PPP, Khramov?

The general-purpose way to tell your router the address of your DHCP server 
is the ip helper-address command.

Priscilla

At 01:54 PM 9/26/01, Tim Booth wrote:
Priscilla and others:

Ip dhcp-server does not turn your router into a dhcp server. It tells your
router where your dhcp server is.

Tim Booth

- Original Message -
From: Priscilla Oppenheimer
To:
Sent: Wednesday, September 26, 2001 12:12 PM
Subject: Re: DHCP [7:21051]


  Why do you want to turn your router into a DHCP server? I thought you
  already had a DHCP server. You just need a helper address and
 
  ip forward-protocol udp 67
  no ip forward-protocol 137
  no ip forward-protocol 138
 
  The last two commands are because you said that NetBIOS broadcast
  forwarding was causing problems for your NT server. When you have a
helper
  address, the router forwards a bunch of UDP packets. You have to
configure
  it to be more discerning.
 
  Priscilla
 
  At 09:24 AM 9/26/01, khramov wrote:
  Hello,
ip dhcp-server works,  I didn't specify it with a hyphen.  So
would
  you
  agree
that the best solution for me would be to disable ip directed
  broadcast, ip
helper address and enable ip dhcp-server at the global config?
If
I
  enable ip
dhcp-server do I need to enable ip forward-protocol udp  (ports
66
and
  67)?
  
Thanks a lot,
Alex
  
  MADMAN wrote:
  
Hmm..  I haven't done it in a while so I tried it on a 7507 with
RSP8's
  and
an MSFC2,
they both accepted the command just fine but are not in the config.
So
  I
figured they
must be enabled by default so I did a no ip forward protocol udp 67
and
wallah, there it
is!!!
   
C7507MIX#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
C7507MIX(config)#no ip for
C7507MIX(config)#no ip forward-protocol udp 67
C7507MIX(config)#^Z
C7507MIX#wr t
Building configuration...ip kerberos source-interface any
ip classless
no ip forward-protocol udp bootps
   
  Dave
   
khramov wrote:
   
 I did that, but when I do sh run it is not showing up in config
file.
  I
 mean (ip
 forward-protocol udp 67).
 Is that the way it is suppose to be?

 MADMAN wrote:

  Check ip foward protocol
 
Dave
 
  khramov wrote:
  
   Hello
How do I enable broadcast for DHCP server?  I know that
ip
helper enables UDP broadcast, but broadcast of netbios
services causes some problems for win nt server.  So I
guess
to be more specific what can I do to forward udp
broadcast
on
ports 67 and 68 only?
  
And another question that I have what exactly ip
directed-broadcast command does?  I've searched Cisco's
web
site but I never came across a clear defenition?
  
Thanks,
Alex
  
   [GroupStudy.com removed an attachment of type text/x-vcard
which
  had
  a
 name
   of khramov.vcf]
  --
  David Madland
  Sr. Network Engineer
  CCIE# 2016
  Qwest Communications Int. Inc.
  [EMAIL PROTECTED]
  612-664-3367
 
  Emotion should reflect reason not guide it

 [GroupStudy.com removed an attachment of type text/x-vcard which
had
a
  name
 of khramov.vcf]
--
David Madland
CCIE# 2016
Senior Network Engineer
Qwest Communications
612-664-3367
  
  [GroupStudy.com removed an attachment of type text/x-vcard which had a
name
  of khramov.vcf]
  
 
  Priscilla Oppenheimer
  http://www.priscilla.com


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=21256t=21051
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: can 3640 RAS can support both out incomi [7:20133]

[Farhan Ahmed]

yes its possible
u need to install ras on nt

-Original Message-
From: Jagan Krishnaraj [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 5:12 AM
To: [EMAIL PROTECTED]
Subject: RE: can 3640 RAS can support both out  incomi [7:20133]


Thank you Chris Cell.

The situation is like this:

1.
Windows NT server  Cisco 3640  Remote Site Windows 98 PC
  dialout  16 port NM-Analog RAS



2.
Windows NT server  Cisco 3640  Remote Site Windows 98 PC
  dialout 16 port NM-Analog RAS


Are these methods possible.

Please let me know.

regards
jagan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=20253t=20133
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: Alert: Some sort of IIS worm seems to be propagating [7:20360]

[Farhan Ahmed]

-Original Message-
From: Simon Clausen [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 12:49 AM
To: [EMAIL PROTECTED]
Subject: Re: Alert: Some sort of IIS worm seems to be propagating


Sent on behalf of Rich Zuris ([EMAIL PROTECTED]) due to his network
being taken offline by the worm.

Following is a list of recorded changes made to NT4 SP6a with Q299444
rollup security patches.

The following is appended to EVERY HTML file on the machine:
window.open(readme.eml, null,
resizable=no,top=6000,left=6000)

Just about every directory on the machine has one or more files with
extension .eml, mostly readme.eml but also other names that seem to
correspond to directory or other filenames.  Total of 1234 .eml files
created, totalling 98Mb (about 78Kb each).  Also got 55 files with
extension .nws, containing exact same content.  Both .eml and .nws files
can be opened by Outlook Express.

Virus makes numerous outbound connections to port 80 to propagate itself
to other servers.

Virus sets IE5 to IE4 compatibility mode (apparently to circumvent
security) and crashes Explorer.exe when IE is launched.  IExplore.exe
appears to be hacked, and there is now a hidden IExplore .exe (note the
space before the extension) in same directory.

Virus code in stealth executable file with name tftp###, where ### is
any numeric string.  File has no extension, but it is definitely a
Windows executable.  This file is placed into \Program Files\Common
Files\System\MSADC, and in same directory, Admin.dll appears to be
hacked.

IIS console hacked:  New MMC.EXE placed in \WINNT directory, which may
override original version in \WINNT\System32.

EXE files placed into TEMP directory.  Note that most/all hacked EXE
files are flagged Hidden.

Riched20.dll files placed in random directories (not on PATH, not
containing executables).

NT Account Guest was made a member of the NT Administrators group!

Regards,

Simon Clausen

-Original Message-
From: Windows NTBugtraq Mailing List
[mailto:[EMAIL PROTECTED]] On Behalf Of Russ
Sent: Wednesday, 19 September 2001 1:21 AM
To: [EMAIL PROTECTED]
Subject: Alert: Some sort of IIS worm seems to be propagating


-BEGIN PGP SIGNED MESSAGE-

There have been numerous reports of IIS attacks being generated by
machines over a broad range of IP addresses. These infected machines
are using a wide variety of attacks which attempt to exploit already
known and patched vulnerabilities against IIS.

It appears that the attacks can come both from email and from the
network.

A new worm, being called w32.nimda.amm, is being sent around. The
attachment is called README.EXE and comes as a MIME-type of
audio/x-wav together with some html parts. There appears to be no text
in this message when it is displayed by Outlook when in Auto-Preview
mode (always a good indication there's something not quite right with an
email.)

The network attacks against IIS boxes are a wide variety of attacks.
Amongst them appear to be several attacks that assume the machine is
compromised by Code Red II (looking for ROOT.EXE in the /scripts and
/msadc directory, as well as an attempt to use the /c and /d virtual
roots to get to CMD.EXE). Further, it attempts to exploit numerous other
known IIS vulnerabilities.

One thing to note is the attempt to execute TFTP.EXE to download a file
called ADMIN.DLL from (presumably) some previously compromised box.

Anyone who discovers a compromised machine (a machine with ADMIN.DLL in
the /scripts directory), please forward me a copy of that .dll ASAP.

Also, look for TFTP traffic (UDP69). As a safeguard, consider doing the
following;

edit %systemroot/system32/drivers/etc/services.

change the line;

tftp 69/udp

to;

tftp 0/udp

thereby disabling the TFTP client. W2K has TFTP.EXE protected by Windows
File Protection so can't be removed.

More information as it arises.

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

-BEGIN PGP SIGNATURE-
Version: PGP Personal Privacy 6.5.2

iQCVAwUBO6dmcRBh2Kw/l7p5AQHJCgQA1JHwqF5RjJX+QVMMDUChVqn6yReQXqEH
Tm8Ujms5+6ia0tcT1qmZWJV48eHYNzV3+AyyO6Gn8ds/NVYJUupDHB1Yy1DY/po6
iycY2qnARDJP6KNmHI0bAdBUBtsnVo5P9itElIoqKbAorQjamKI2eqd4TdE0yfIO
hSW7yN2lhJc=
=YAwc
-END PGP SIGNATURE-



Delivery co-sponsored by Trend Micro, Inc.


TREND MICRO SCANMAIL FOR EXCHANGE 2000 -- SECOND to NONE

If you are worried about email viruses, you need Trend Micro ScanMail
for Exchange. ScanMail is the first antivirus solution that seamlessly
integrates with the Microsoft Exchange 2000 virus-scanning API 2.0.
ScanMail ensures 100% inbound and outbound email virus scanning and
provides remote software management. Download a FREE 30-day trial copy
of ScanMail and find out why it is the best:
http://www.antivirus.com/banners/tracking.asp?si=8BI;=240UL;=/smex2000

1603R Crash No Console Access [7:20049]

[Farhan Ahmed]

 hello everone,
 
 After an upgrade of Ios and Dram (kingston) on a 1603 R router by one of
our guys,
 the
 router crash and i cannot getinto the router the console is not
 responding
 the back led is showing ok the link led is ok BUT the front led is
 blingking
 countinously , sometimes 7 , 8 or in the begiinnng v fast then stays
 blinking
 
 i ve tried to xmodem the new ios but no luck
 also search on cco and still but nothing
 
 does anyone has clue
 
 
 
 Best Regards
 
 Have A Good Day!!
 
 ***
 Farhan Ahmed*
   MCSE+I, MCP Win2k, CCDA, CCNA, CSE
 Network Engineer
 Mideast Data Systems Abudhabi Uae.
 
 ***
 
 
 
 Privileged/Confidential Information may be contained in this message or
 Attachments hereto.  Please advise immediately if you or your employer
 do
 not consent to Internet email for messages of this
 kind.Opinions,Conclusions
 and other information in this message that do not relate to the Official
 business of this company shall be understood as neither given nor
 Endorsed
 by it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=20049t=20049
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Active Directory Ports PIX [7:19772]

[Farhan Ahmed]

u can join the domain and then stop replication , it will still work as a
stand alone domain controller.

-Original Message-
From: Evans, TJ [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 16, 2001 7:50 AM
To: [EMAIL PROTECTED]
Subject: RE: Active Directory Ports  PIX [7:19772]


You also need to specify what is where ...
... AD servers in DMZ / outside or the client PC's in the DMZ / outside?
Hopefully, AD inside ... but then again, hopefully you would use a VPN for
the outside boxes to connect.


One possible, semi-allowable exception - multiple firewalls; either layered
or separate .. AD is supposed to be all encrypted, no?

Separate:
Running on theory here ... you would still hopefully use a PIX2PIX VPN!
But ... I believe TCP ports 135-139 and 445 are used, dunno if all are
needed tho'.  

Layered:
We have one client that has the primary firewall, which has the AD server
and some Web/APP server ... they also have another PIX behind the first PIX,
which then houses some DB servers.  I believe, the DB servers were able to
join the domain w/o any config changes as they were outbound connections.
One issue we had - the DB server registered themselves in DDNS with their
INTERNAL addresses  so all of the other boxes
using AD provided DNS could not reach them  address to reach them.


Thanks!
TJ

 -Original Message-
From:   Patrick Ramsey [mailto:[EMAIL PROTECTED]] 
Sent:   Thursday, September 13, 2001 11:24 AM
To: [EMAIL PROTECTED]
Subject:Re: Active Directory Ports  PIX [7:19772]

Allowing a server access to all domain functions completely defies putting
it in a DMZ...  That means if any one person broke into a box in the dmz, he
has access to the entire domain not a good idea..

-Patrick

 Dave Luancing  09/13/01 10:36AM 
Does anyone know what ports need to be opened in a PIX
to allow servers to join the domain and replicate.

Thanks,
 Dave

__
Terrorist Attacks on U.S. - How can you help?
Donate cash, emergency relief information
http://dailynews.yahoo.com/fc/US/Emergency_Information/

*
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. 

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter. 

*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=20094t=19772
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PPP Authentication CHAP [7:18093]

[Farhan Ahmed]

nothing to do with that..

-Original Message-
From: Jaspreet Bhatia [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 13, 2001 12:30 AM
To: [EMAIL PROTECTED]
Subject: Re: PPP Authentication CHAP [7:18093]


Hello Gaz,
I was facing a very similar issue.This is what I did and
it may seem
strange but it worked for me .I turned on service password-encryption and
then CHAP
authentication strated working .

See if it works for you

Jaspreet

Gaz wrote:

 Hi,

 Can you help me plz guys been trying to get me 1601 with ISDN WIC to work
 for yonks. From debug's it looks like CHAP AUTH is failing but I don't
know
 why ?!

 I have enclosed sh ver, sh run and debug dialer, debug ppp auth chap.

 Any help would be greatly appreciated.

 Thanx in advance.

 Sh ver

 1601#sh ver
 Cisco Internetwork Operating System Software
 IOS (tm) 1600 Software (C1600-SY-L), Version 12.0(7)T,  RELEASE SOFTWARE
 (fc2)
 Copyright (c) 1986-1999 by cisco Systems, Inc.
 Compiled Mon 06-Dec-99 18:03 by phanguye
 Image text-base: 0x0803DCE8, data-base: 0x02005000

 ROM: System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY DEPLOYMENT
 RELEASE
  SOFTWARE (fc2)
 ROM: 1600 Software (C1600-BOOT-R), Version 11.1(7)AX, EARLY DEPLOYMENT
 RELEASE S
 OFTWARE (fc2)

 1601 uptime is 1 hour, 30 minutes
 System returned to ROM by power-on
 System image file is flash:/c1600-1207T.bin

 cisco 1601 (68360) processor (revision C) with 13824K/4608K bytes of
memory.
 Processor board ID 04909005, with hardware revision 
 Bridging software.
 X.25 software, Version 3.0.0.
 Basic Rate ISDN software, Version 1.1.
 1 Ethernet/IEEE 802.3 interface(s)
 1 Serial(sync/async) network interface(s)
 1 ISDN Basic Rate interface(s)
 System/IO memory with parity disabled
 2048K bytes of DRAM onboard 16384K bytes of DRAM on SIMM
 System running from FLASH
 7K bytes of non-volatile configuration memory.
 8192K bytes of processor board PCMCIA flash (Read ONLY)

 Configuration register is 0x2102

 Sh run

 Building configuration...

 Current configuration:
 !
 version 12.0
 service timestamps debug datetime msec
 service timestamps log uptime
 no service password-encryption
 service udp-small-servers
 service tcp-small-servers
 !
 hostname 1601
 !
 enable secret 5 $1$FgI.$bygzIO/R77k37T.qfBWhH.
 !
 username xx password 0 x
 !
 !
 !
 !
 ip subnet-zero
 no ip domain-lookup
 !
 isdn switch-type basic-net3
 isdn voice-call-failure 0
 !
 !
 !
 interface Ethernet0
  ip address 10.10.1.1 255.255.255.0
  no ip directed-broadcast
  ip nat inside
  no ip route-cache
  no ip mroute-cache
 !
 interface Serial0
  physical-layer async
  bandwidth 64000
  ip unnumbered Ethernet0
  no ip directed-broadcast
  encapsulation ppp
  no ip route-cache
  no ip mroute-cache
  keepalive 10
  dialer in-band
  dialer wait-for-carrier-time 120
  async mode interactive
  fair-queue 64 16 0
  ppp authentication chap callin
 !
 interface BRI0
  bandwidth 64
  ip address negotiated
  no ip directed-broadcast
  ip nat outside
  encapsulation ppp
  no ip route-cache
  no ip mroute-cache
  no keepalive
  dialer idle-timeout 150
  dialer string 08451400101
  dialer-group 2
  isdn switch-type basic-net3
  ppp authentication chap
 !
 ip nat inside source list 100 interface BRI0 overload
 ip classless
 ip route 0.0.0.0 0.0.0.0 BRI0
 no ip http server
 !
 access-list 100 permit ip 10.10.1.0 0.0.0.255 any
 access-list 101 deny   udp any any eq snmp
 access-list 101 deny   udp any any eq ntp
 access-list 101 permit ip any any
 access-list 110 deny   udp 10.10.1.0 0.0.0.255 eq netbios-ns any log
 dialer-list 1 protocol ip list 110
 dialer-list 2 protocol ip permit
 !
 line con 0
  exec-timeout 0 0
  transport input none
 line 1
  modem InOut
  transport input all
  stopbits 1
  speed 115200
  flowcontrol hardware
 line vty 0
  exec-timeout 0 0
  login local
  length 25
 line vty 1 4
  exec-timeout 0 0
   login local
 !

 1601#sh deb
 Dial on demand:
   Dial on demand events debugging is on
 PPP:
   PPP protocol negotiation debugging is on
 ISDN:
   ISDN Q931 packets debugging is on
   ISDN Q931 packets debug DSLs. (On/Off/No DSL:1/0/-)
   DSL  0 -- 1
   1 -

 1601#ping 4.1.1.1

 Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 4.1.1.1, timeout is 2 seconds:

 *Mar  1 01:42:51.533: BRI0 DDR: Dialing cause ip (s=10.10.1.1, d=4.1.1.1)
 *Mar  1 01:42:51.537: BRI0 DDR: Attempting to dial 08451400101
 *Mar  1 01:42:51.549: ISDN BR0: TX -  SETUP pd = 8  callref = 0x04
 *Mar  1 01:42:51.553: Bearer Capability i = 0x8890
 *Mar  1 01:42:51.553: Channel ID i = 0x83
 *Mar  1 01:42:51.557: Called Party Number i = 0x80, '08451400101'
 *Mar  1 01:42:51.747: ISDN BR0: RX   CONNECT_ACK pd = 8  callref = 0x04
 01:43:43: %LINK-3-UPDOWN: Interface BRI0:2, changed state to up
 01:43:43: %ISDN-6-CONNECT: Interface BRI0:2 is now connected to
08451400101
 *Mar  1 01:42:53.561: BR0:2 PPP: Treating connection as a callout
 *Mar  1 01:42:53.565: BR0:2 PPP: 

RE: Troubleshooting ethernet interface on a 2501 router [7:19545]

[Farhan Ahmed]

set keep alives
also tryy shut and no shut

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 12, 2001 10:03 AM
To: [EMAIL PROTECTED]
Subject: Troubleshooting ethernet interface on a 2501 router [7:19543]


Hello All:

When I remove the UTP cable off the ethernet transceiver my router responds 
with a Ethernet0  is UP, line protocol is down...however when I reconnect 
the cable...it won't come back upwhy is that and how do I fix it?  This 
is strictly in a lab environment..but I'm trying to find out why it can't 
synch up again.  Is there a setting that I have to retype to tell it the
line
is connected??

Any thoughts on this is greatly appreciated.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=19545t=19545
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 1603R Crash [7:19378]

[Farhan Ahmed]

hello everone,
 
After an upgrade of Ios and Dram on a 1603 R router by one of our guys, the
router crash and i cannot getinto the router the console is not responding
the back led is showing ok the link led is ok BUT the front led is blingking
countinously , sometimes 7 , 8 or in the begiinnng v fast then stays
blinking
 
i ve tried to xmodem the new ios but no luck
also search on cco and still but nothing
 
does anyone has clue
 


Best Regards 

Have A Good Day!! 

*** 
Farhan Ahmed* 
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE 
Network Engineer 
Mideast Data Systems Abudhabi Uae. 

*** 



Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.Opinions,Conclusions
and other information in this message that do not relate to the Official
business of this company shall be understood as neither given nor Endorsed
by it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=19544t=19378
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Redistributing IGP's to BGP NOT working!! [7:19706]

[Farhan Ahmed]

rta should have two interface one running ibgp and one ebgp
rtb and rtc should be bgp peers with sync off

-Original Message-
From: Brian [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 13, 2001 7:35 AM
To: [EMAIL PROTECTED]
Subject: Re: Redistributing IGP's to BGP NOT working!! [7:19706]


igp and bgp networks identical with same mask?

What about sync

Bri

- Original Message -
From: Cisco Nuts 
To: 
Sent: Wednesday, September 12, 2001 7:11 PM
Subject: Redistributing IGP's to BGP NOT working!! [7:19706]


 Hello,
 I have configured 3 routers with BGP.RTA and RTB are in AS100...RTC on
 AS300
 RTA has netw. 150.10.0.0 configed on Loopback0
 RTB netw. 160.10.0.0 and RTC netw. 170.10.0.0 likewise
 RTC connected to RTA and RTA connected to RTB
 Have the networks advertised on each router
 Have the redistribute connected configed on RTA
 Also have RIP running b/w RTA and RTB with networks 150.10.0.0 and
 160.10.0.0 configed. Have the redistribute rip command on RTA
 Problem is:
 Cannot ping 160.10.0.1 from RTC and
 Cannot ping 160.10.0.1 from RTA
 Cannot ping 170.10.0.1 from RTB

 I took out rip and configured static routes on RTA and RTB and the
 redistribute static command on RTA...Still same problem.

 Question is:  What is the trick to redistribute IGP or static routes to
BGP
 so that RTC can get those networks?? Please advise.

 Thank you.
 Kind regards.

 _
 Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=19729t=19706
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: mail servers behind the pix [7:19381]

[Farhan Ahmed]

static (inside,outside) global ip local ip mask
conduit permit global ip eq 25

change to dmz if u have it on dmz insead

-Original Message-
From: fmxiao [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 11, 2001 10:41 AM
To: [EMAIL PROTECTED]
Subject: mail servers behind the pix [7:19381]


hi all,

how to configurate the pix, so that a mail server (NT 4 w/ Exchange) can
communicate with other mail servers on the Internet behind the pix?

thx. adv.
roy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=19384t=19381
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Multihoming BGP with two seperate ISP's via single router [7:19370]

[Farhan Ahmed]

actually only one outsie route is allowed in pix so u might think of putting
a nother router in between pix and yr bgp router


-Original Message-
From: Jeff Smith [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 11, 2001 7:24 AM
To: [EMAIL PROTECTED]
Subject: Re: Multihoming BGP with two seperate ISP's via single router
[7:19361]


Bob,
Is your PIX default gateway the router in question?  If yes, it should not 
even know what is going on in terms of bgp at the edge.  The bgp changes 
should not affect its routing, as long as there is a path available beyond 
that router when the change occurs, which you said there is.  I have always 
used static routes between PIX-router, are you running a protocol?

Jeff


From: Bob 
Reply-To: Bob 
To: [EMAIL PROTECTED]
Subject: Multihoming BGP with two seperate ISP's via single router that 
[7:19328]
Date: Mon, 10 Sep 2001 18:01:04 -0400

Hello,

I am multihoming BGP with two seperate ISP's via single router that is
connected to a PIX.
When I shutdown the one of my serial ports to one of the ISP's you can
see the BGP table
removing paths. All trace's show that the router starts routing to the
ISP
that is still active, but all the workstations on the inside of the pix
interface can no
longer route. I've read where the PIX Firewall does not support the use
of BGP, and that I
could use RIP between them. Does anyone have an example of this
configuration? My searches
on this subject within Cisco's knowledgebase have not been very
successfull. Or if you can
think of another solution for my setup, please let me know.

Thank you,
_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=19370t=19370
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Load Balancing using BGP challenge problem [7:19339]

[Farhan Ahmed]

then u should think abt running 2 static routes
and forget abt bgp cuz its really doesnt exsist

-Original Message-
From: suaveguru [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 11, 2001 4:53 AM
To: [EMAIL PROTECTED]
Subject: Load Balancing using BGP challenge problem [7:19339]


hi all

I have been cracking my head with this load-balancing
issue but still no answer . 


It goes as such 

Customer A has two providers to Internet  

The first provider runs BGP with Customer A and is
only a Receive-Only Inbound link over Satellite 

The second provider is a terrestrial link full-duplex
but the customer does not run BGP with them but purely
a default route 

Question is how can I use BGP to balance the traffic
between the two providers for the Inbound traffic to
the customer.


I have been contemplating on using AS-PATH prepend but
was not so ready to use it because the customer does
not have their own AS-NUMBER and is using private AS
number provided by the first satellite provider and
the first provider simply strip private AS-Numbers at
their router

Any form of input will be greatly appreciated



__
Do You Yahoo!?
Get email alerts  NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=19371t=19339
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

1603R Crash [7:19378]

[Farhan Ahmed]

hello everone,
 
After an upgrade of Ios and Dram on a 1603 R router by one of our guys, the
router crash and i cannot getinto the router the console is not responding
the back led is showing ok the link led is ok BUT the front led is blingking
countinously , sometimes 7 , 8 or in the begiinnng v fast then stays
blinking
 
i ve tried to xmodem the new ios but no luck
also search on cco and still but nothing
 
does anyone has clue
 


Best Regards 

Have A Good Day!! 

*** 
Farhan Ahmed* 
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE 
Network Engineer 
Mideast Data Systems Abudhabi Uae. 

*** 



Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.Opinions,Conclusions
and other information in this message that do not relate to the Official
business of this company shall be understood as neither given nor Endorsed
by it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=19378t=19378
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: I have a customer who... food for thought - static routes [7:17824]

[Farhan Ahmed]

u might need to consider a radius server and map routes to the usernames

-Original Message-
From: Chuck Larrieu [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 30, 2001 10:29 AM
To: [EMAIL PROTECTED]
Subject: I have a customer who... food for thought - static routes
[7:17819]


I have a customer who... don't you love it when a post begins with those
words?

In my case, I am hoping this can serve as food for thought, a springboard
for discussion. So here goes

My customer is a high tech firm whose name you would all recognize, if I
were to exhibit ill manners by revealing it.

My project ( well, I'm just the junior assistant engineer ) is to develop
and proof configurations for a private remote access network. DSL at the
home, ATM at the central site. Not a VPN. This circuit does not touch the
internet.

In any case, the client is expecting 500-1000 home users on this network.

Here's the kicker. the client refuses to allow routing protocols on either
the home user routers ( Cisco 827's ) or the central site router ( Cisco
7206 ) That means how many static routes at the host site? :-0

Food for thought - what are some of the reasons the customer might not want
a routing protocol of any kind on this network? When discussing with the
customer engineer in charge of this project, I was given a couple of
reasons, and upon hearing them I saw the point and agreed the concerns were
valid.

BTW, the point was not that the customer hates me and wants me to spend the
next three weeks typing in static routes. Nor is it that the customer does
not get it. It is not a matter of good or bad design.

So, in light of the old saw that static routes are not scalable, and should
be avoided, what might be some reasons that a designer would demand a
network of this size and relative complexity, with users being added,
subtracted, and relocated, thus creating long term employment for the router
administrator, be composed entirely of static routes? What are the plusses?
What is the downside?

Your analyses, please.

Chuck

P.S. I think I'm going to try again. Maybe On Demand Routing would solve my
problem and the customer's. Oops, that's right. The major component of ODR
is not allowed on this network either. ( hint )




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=17824t=17824
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: please clear my concept on frame-relay and ISDN [7:17649]

[Farhan Ahmed]

i think they put a ta on serial interface and change the layer 2 to isdn
instead 
if u dont have a isdn interface

-Original Message-
From: Susan Stone [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 29, 2001 1:06 PM
To: [EMAIL PROTECTED]
Subject: please clear my concept on frame-relay and ISDN [7:17649]


Hi.. Dear all,

I don!t understand this.  Hope u can clear my concept. I have a 1700 router

in remote office(Milan) which is connected to a main router in London via a 
Frame-relay link in interface s0.1. My IT colleague (Milan) told me that the

frame-relay line was cancelled last week by ISP!s mistake and the link has 
been running on ISDN since the 20th August.  Until now it is still in ISDN.

Now I found that the Milan(remote) router is still connecting main router 
via the same interface s0.1.  When I type !'sh int s0.1!( shown below, it 
still show me that it is a frame-relay.
1)How do I know whether it is on ISDN or not, what command?
2)What is the difference between frame-relay line and lease line.   Can I 
say that previously the line is a frame-relay leased line and now it is a 
frame-relay ISDN line??
3)How can they change the line into a ISDN using the same interface? I 
thought it should have a ISDN back up interface??  Can the ISP vendor change

the circuit to ISDN at their site without coming the Milan office?  Or the 
Remote(Milan) office change a ISDN!s CSU/DSU and made it to a ISDN line?

MILAN1sh int s0.1
Serial0.1 is up, line protocol is up
  Hardware is PowerQUICC Serial
  Description: --- Links to LON1, Ser1/0.12 ---
  Internet address is 60.100.201.152/30
  MTU 1500 bytes, BW 256 Kbit, DLY 2 usec,
 reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation FRAME-RELAY



_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=17652t=17649
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

inside, outside and dmz [7:17627]

[Farhan Ahmed]

comments below,

isnt it better to keep mailservers and other servers inside and allowing
only the ports that are required from outside , instead of putting them into
dmz and allow more ports ,in the case of microsoft exchange servers web
servers with database connection etc...
what is the real benefit?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=17627t=17627
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Pix Route issue [7:17242]

[Farhan Ahmed]

only one route is allowed..

Best Regards

Have A Good Day!!

***
Farhan Ahmed*
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE
Network Engineer
Mideast Data Systems Abudhabi Uae.

***



Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.


 -Original Message-
 From: Bob Nawrocki [mailto:[EMAIL PROTECTED]]
 Sent: Saturday, August 25, 2001 8:30 PM
 To: [EMAIL PROTECTED]
 Subject: Pix Route issue [7:17242]
 
 
 We have a Pix firewall that is serving as a default gateway 
 to the Internet
 as well as providing ipsec tunnel connectivity to several 
 remote offices for
 serveral hosts on a subnet. On the same subnet we have a 2600 
 providing a
 point to point wan link.  I added a route to the Pix on the 
 inside interface
 to point to the 2600 for the wan route.  I am still not able 
 to connect to
 that subnet unless i add a specific route on the hosts.  When 
 running debug
 logging on the Pix I get the following output:
 
 106011: Deny inbound (No xlate) icmp src inside:10.111.1.55 dst
 inside:10.112.3.3 (type 8, code 0)
 
 Any thoughts?
 
 Bob Nawrocki
 CCNP CCDP

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Farhan Ahmed.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=17293t=17242
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Pix Route issue [7:17242]

[Farhan Ahmed]

two networks connect to inside interface the inside interface  add is
10.1.1.4

route inside 10.1.2.0 255.0.0.0 10.1.1.4 1
route inside 10.1.3.0 255.0.0.0 10.1.1.4 1



Best Regards

Have A Good Day!!

***
Farhan Ahmed*
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE
Network Engineer
Mideast Data Systems Abudhabi Uae.

***



Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.


 -Original Message-
 From: Bob Nawrocki [mailto:[EMAIL PROTECTED]]
 Sent: Saturday, August 25, 2001 8:30 PM
 To: [EMAIL PROTECTED]
 Subject: Pix Route issue [7:17242]
 
 
 We have a Pix firewall that is serving as a default gateway 
 to the Internet
 as well as providing ipsec tunnel connectivity to several 
 remote offices for
 serveral hosts on a subnet. On the same subnet we have a 2600 
 providing a
 point to point wan link.  I added a route to the Pix on the 
 inside interface
 to point to the 2600 for the wan route.  I am still not able 
 to connect to
 that subnet unless i add a specific route on the hosts.  When 
 running debug
 logging on the Pix I get the following output:
 
 106011: Deny inbound (No xlate) icmp src inside:10.111.1.55 dst
 inside:10.112.3.3 (type 8, code 0)
 
 Any thoughts?
 
 Bob Nawrocki
 CCNP CCDP

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Farhan Ahmed.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=17294t=17242
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Unable to detect source for attack [7:17095]

[Farhan Ahmed]

command

debug ip packet detail

Best Regards

Have A Good Day!!

***
Farhan Ahmed*
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE
Network Engineer
Mideast Data Systems Abudhabi Uae.

***



Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.


 -Original Message-
 From: suaveguru [mailto:[EMAIL PROTECTED]]
 Sent: Friday, August 24, 2001 9:54 AM
 To: [EMAIL PROTECTED]
 Subject: Unable to detect source for attack [7:17095]
 
 
 hi all,
 
 I am not able to detect the type of an ip attack on an
 interface . All I can detect is the source and
 destination ip addresees using ip accounting but I
 could not block the ip addresses because they are all
 in use . All I can do is to find out what kind of
 traffic is causing the attack for e.g. tcp, udp , sync
 etc. but what tools could I use?
 
 
 regards,
 suaveguru
 
 __
 Do You Yahoo!?
 Make international calls for as low as $.04/minute with 
 Yahoo! Messenger
 http://phonecard.yahoo.com/

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Farhan Ahmed.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=17228t=17095
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: traceroute [7:16494]

[Farhan Ahmed]

ctrl+shift+6
then press x

Best Regards

Have A Good Day!!

***
Farhan Ahmed*
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE
Network Engineer
Mideast Data Systems Abudhabi Uae.

***



Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.


 -Original Message-
 From: kaushalenders [mailto:[EMAIL PROTECTED]]
 Sent: Sunday, August 19, 2001 3:45 PM
 To: [EMAIL PROTECTED]
 Subject: traceroute [7:16494]
 
 
 hi ,
 how can we quit in between when router is tracerouteing any 
 destination from
 traceroute or cancel the traceroute
 
 thanx
 kaushlender

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Farhan Ahmed.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=16495t=16494
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX static map question [7:15983]

[Farhan Ahmed]

clear xlate

to make your changes in affect

sequence doesnt matter


Best Regards

Have A Good Day!!

***
Farhan Ahmed*
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE
Network Engineer
Mideast Data Systems Abudhabi Uae.

***



Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.


 -Original Message-
 From: Munzir Khan [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, August 16, 2001 10:12 AM
 To: [EMAIL PROTECTED]
 Subject: RE: PIX static map question [7:15983]
 
 
 Question for MAJDI  EVANS
 
 just a quick question, Is it really require to restart the 
 pix firewall to
 take effect the new settings??
 
 another question is defining static map for 
 INSIDE/DMZ/OUTSIDE should be in
 sequence or it does not mater whatever sequence you make.
 
 for example 
 
 static (inside,outside) 212.x.x.10 192.168.0.30 netmask 
 255.255.255.255. 0.0 
 
 static (inside, DMZ) 
 static (inside) 
 static (inside,outisde) 
 
 see above it is not in sequence i have the same case, I 
 applied the settings
 you have suggested but it is not even ping to that IP from 
 outside ... also
 tell me Conduit need to be also arranged by the Ip addresses ???
 
 please suggest!!! 

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Farhan Ahmed.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=16258t=15983
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Code Red?? Virus Problems for DDR and Pix [7:15160]

[Farhan Ahmed]

just nat



Best Regards

Have A Good Day!!

***
Farhan Ahmed*
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE
Network Engineer
Mideast Data Systems Abudhabi Uae.

***



Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.


 -Original Message-
 From: Gareth Hinton [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, August 08, 2001 1:30 AM
 To: [EMAIL PROTECTED]
 Subject: Code Red?? Virus Problems for DDR and Pix [7:15160]
 
 
 Had some problem site today where router was constantly 
 dialling different
 sites. I must admit this was not a Cisco router, it was a 
 Bintec but I think
 a problem which would be the same with a Cisco, so thought 
 I'd mention it
 here.
 I shoved a sniffer on the ethernet interface of the router 
 (Bintec debug is
 poor), and found that three servers on the LAN were 
 constantly sending http
 port 80 packets to (almost) random addresses. I say random, 
 because they did
 seem to be within the Class A range even though the ethernet 
 was using a 24
 bit mask.
 There was no reason for this traffic apparently, other than one of the
 variants of Code Red virus on the three servers. Once all the 
 Microsoft
 patches were installed and the servers re-booted, the problem 
 disappeared.
 I'll be honest that I haven't had a good look which of the 
 variants it was,
 as the rest of the day has been pretty busy.
 
 
 Also had another problem which I don't know whether is 
 connected or not.
 We've had a sudden flow of support customers with Pix 506 which keep
 re-booting (very regularly - few minutes).
 We've replaced a few of them, upgrading the code from the 
 deferred 5.3.1 to
 5.3.2 and waiting to hear whether that alone has cured the problem.
 In the lab, I couldn't get the box to fall over even with the 
 deferred code
 on. Tried using the sniffed packets from above server faults 
 with traffic
 generator to generate 100% network traffic, but still stayed up.
 
 Something I did notice was that the customers config used the outside
 interface within the global range, and had no overload.
 
 i.e.  (IP addresses changed)
 
 ip address outside 192.49.146.243 255.255.255.248
 global (outside) 1 192.49.146.243-192.49.146.246
 
 whereas I used something more like:
 
 ip address outside 192.49.146.243 255.255.255.248
 global (outside) 1 192.49.146.244-192.49.146.245
 global (outside) 1 192.49.146.246
 
 I know I could now use the outside interface with the 
 accepted commands, but
 I am not convinced that the customers config is a workable method.
 
 Can anybody advise on whether or not the customers config 
 would actually do
 PAT, or whether it would allow four NAT sessions then stop.
 I won't rattle on any more as I suspect the number of people 
 reading this
 far is limited, but may have further input if the thread continues.
 
 Regards,
 
 Gaz

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Farhan Ahmed.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=15591t=15160
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: dial in to AUX port on 2611 [7:15417]

[Farhan Ahmed]

try
modem autoconfigure-discovery

or reverse telnet to port
2001 if its line 1 on yr router
u can see by
sh line command
get yr strings from 56k.com
and do it manually

also do
debug confmodem b4 modem autoconfigure-discovery
to c whats happening with modem


- Original Message -
From: No Data 
To: 
Sent: Thursday, August 09, 2001 9:06 PM
Subject: Re: dial in to AUX port on 2611 [7:15417]


 try this.
 modemcap edit usrmodem misc FS0=1C1D3H1R2B1

 then under the line config

 modem autoconfigure type usrmodem
 speed 38400

 Make sure dips 3 and 8 are down and the rest up.

 hth
 Ben

 --- Mr. Richard L. Pickard
  wrote:
  I have a US Robotics Sportster 14,000 modem
  connected to my 2611 router via
  the AUX port.
  The router does not answer the call.  I have an
  enable  enable secret
  password set.
  I am certain of the satin crossover cable and all
  other physical layer
  issues.
 
  Here is my config:
 
  line con 0
   transport input none
  line aux 0
   password cisco
   login
   modem InOut
   transport input all
   speed 115200
   flowcontrol hardware
  line vty 0 1
   password cisco
   login
  line vty 2 4
   login
 
 
  Anybody have any ideas?
 [EMAIL PROTECTED]


 __
 Do You Yahoo!?
 Make international calls for as low as $.04/minute with Yahoo! Messenger
 http://phonecard.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=15496t=15417
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN Problems [7:15236]

[Farhan Ahmed]

This is usually due to a D-channel error. If this error occurs
systematically, report it to your ISDN service provider
- Original Message -
From: Paul 
To: 
Sent: Wednesday, August 08, 2001 3:38 PM
Subject: Re: ISDN Problems [7:15236]


 Check your switch type is right. It might also be an IOS problem might be
 worth upgrading your IOS.

 http://www.cisco.com/warp/public/129/isdn_disc_code.html

 Cheers, Paul
   - Original Message -
   From: Albert Lu
   To: [EMAIL PROTECTED]
   Sent: Wednesday, August 08, 2001 11:59 AM
   Subject: ISDN Problems [7:15236]


   Hello group,

   I'm having a little trouble with my ISDN config.

   Now, this is what I'm getting after a single ping. It looks like it's
   telling me Mandatory IE missing.

   Could someone please take a look.

   Thanks

   Albert

   !
   interface BRI0
ip address 196.1.1.1 255.255.255.0
no ip directed-broadcast
encapsulation ppp
no ip route-cache
no ip mroute-cache
dialer map ip 196.1.1.2 name RouterB broadcast 
dialer-group 1
isdn switch-type basic-ni
ppp authentication chap
ppp multilink
   !
   no ip classless
   !
   dialer-list 1 protocol ip permit
   !
   !

   RouterA#ping
   Protocol [ip]: ip
   Target IP address: 196.1.1.2
   Repeat count [5]: 1
   Datagram size [100]:
   Timeout in seconds [2]:
   Extended commands [n]:
   Sweep range of sizes [n]:
   Type escape sequence to abort.
   Sending 1, 100-byte ICMP Echos to 196.1.1.2, timeout is 2 seconds:

   21:05:10: ISDN BR0: TX -  SETUP pd = 8  callref = 0x65
   21:05:10: Bearer Capability i = 0x8890
   21:05:10: Channel ID i = 0x83
   21:05:10: Called Party Number i = 0x80, ''
   21:05:10: ISDN BR0: RX   CONNECT pd = 8  callref = 0xCC
   21:05:10: Channel ID i = 0x8A
   21:05:10: ISDN BR0: RX   DISCONNECT pd = 8  callref = 0x65
   21:05:10: .
   Success rate is 0 percent (0/1)
   RouterA#Cause i = 0x80E034 - Mandatory IE missing
   21:05:10: ISDN BR0: RX   RELEASE_COMP pd = 8  callref = 0x65
   21:05:10: ISDN BR0: RX   RELEASE pd = 8  callref = 0xCC
   21:05:10: ISDN BR0: RX21:05:10: Cause i = 0x8090 - Normal
call clearing


   _
   Do You Yahoo!?
   Get your free @yahoo.com address at http://mail.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=15341t=15236
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MCSE need help [7:15235]

[Farhan Ahmed]

reinstall office

microsoft as usuall
- Original Message -
From: parky chan 
To: 
Sent: Wednesday, August 08, 2001 2:54 PM
Subject: MCSE need help [7:15235]


 Dear all
 My office applicate is Easy Clear but when i use this
 function to print out
 document ,
 it prompt
 OLE error code 0x80040154  class not registered OLE object is being
 ignored Record
 number :4 

 then prompt fatal error  Error number is 1925 
 How to solve this problem 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=15343t=15235
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Can't ping outside of PIX [7:15205]

[Farhan Ahmed]

u cannot ping until

u put 

conduit permit  statements




-Original Message-
From: Allen May [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 08, 2001 6:29 PM
To: [EMAIL PROTECTED]
Subject: Re: Can't ping outside of PIX [7:15205]


Looks ok to me but I tend to agree with cheekin.  Try subnetting to a .128
to divide your IP range in 2 so you have half for the global range and half
for the equipment on the LAN.  If nothing else, just to see if that
eliminates your problem for troubleshooting purposes.


- Original Message -
From: cheekin 
To: 
Sent: Wednesday, August 08, 2001 8:27 AM
Subject: Re: Can't ping outside of PIX [7:15205]


 I think you will need to give a different range of IP address for the
global
 statement.  The global statement and the outside interface are using the
 same ip address.

 I also think that the route inside statement is not necessary in this
case.
 You can use sh route to display the routing table.

 PIX gurus, correct me if I am wrong.


 cheekin

 - Original Message -
 From: Pierre-Alex
 To:
 Sent: Wednesday, August 08, 2001 11:34
 Subject: Can't ping outside of PIX [7:15205]


  I have spent the all day on the problem below and I still can't see what
I
  did wrong.
 
  Can you help?
 
  The PC can ping the inside ip address of the firewall
  The Firewall can ping the default-gateway and anything on the Internet
  But I cannot get the PC to ping the outside IP address of the firewall
  (208.136.247.214)
  or anything outside like (206.26.90.8).
 
 
  |PC|(1)--(2)|PIX|(3)-(4)--DSL MODEM
 
  PC (1): ip address 10.1.1.12
  subnet mask: 255.255.255.0
default gateway: 10.1.1.10
 
  PIX (2): ip adddress 10.1.1.10
 subnet mask: 255.255.255.0
 
  PIX (3i ip address 208.136.247.214
  subnet mask: 255.255.255.0
 
  DSL MODEM (4): ip address 208.136.247.1
  subnet mask: 255.255.255.0
 
 
 
  PIX Version 4.0.7
  enable password 8Ry2YjIyt7RRXU24 encrypted
  passwd kIQggKv8.UiICW/r encrypted
  hostname pixfirewall
  failover
  names
  syslog output 20.3
  no syslog console
  interface ethernet outside 10baset
  interface ethernet inside 10baset
  ip address inside 10.1.1.10 255.255.255.0
  ip address outside 208.136.247.214 255.255.255.0
  arp timeout 14400
  global 1 208.136.247.214-208.136.247.214
  nat 1 0.0.0.0 0.0.0.0
  age 10
  no rip outside passive
  no rip outside default
  no rip inside passive
  no rip inside default
  route outside 0.0.0.0 0.0.0.0 208.136.247.1 1
  route inside  0.0.0.0 0.0.0.0 10.1.1.12
  timeout xlate 24:00:00 conn 12:00:00 udp 0:02:00
  timeout rpc 0:10:00 h323 0:05:00 uauth 0:05:00
  no snmp-server location
  no snmp-server contact
  mtu outside 1500
  mtu inside 1500
  : end
  [OK]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=15323t=15205
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: vtp, spanning tree [7:14961]

[Farhan Ahmed]

u wrote

 The selection of the root
 bridge and which interfaces are blocking might not be optimized for all
the
 applications and devices in the large, switched network.

 With per-VLAN spanning tree, each VLAN becomes a single spanning tree with
 its own root bridge and own set of blocked ports. This way you can
optimize
 traffic flow and reduce the amount of work to converge to a spanning tree.

my question

does the root bridge helps in data path flow...? i dont think so..
also if u can define the data flow in the network
with and without vlan

regards


have a good day!!

fa

- Original Message -
From: Picciani Francesco Saverio 
To: 
Sent: Tuesday, August 07, 2001 5:09 PM
Subject: R: vtp, spanning tree [7:14961]


 I thing that the main benefit of having per-VLAN spanning tree is that a
 problem on a VLAN does not impact the other VLANs also if they lay on the
 same ISL trunk.

 -Messaggio originale-
 Da: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
 Inviato: lunedl 6 agosto 2001 20.05
 A: [EMAIL PROTECTED]
 Oggetto: Re: vtp, spanning tree [7:14961]


 At 02:13 PM 8/5/01, Cisco Troubleshooter wrote:
 can any body tell,
 
 why we need spanning tree protocol per vlan

 If you have a large, switched network, all the switches are in the same
 spanning tree. Converging the spanning tree can take a long time. In
 addition, traffic flow may not be optimized. The selection of the root
 bridge and which interfaces are blocking might not be optimized for all
the
 applications and devices in the large, switched network.

 With per-VLAN spanning tree, each VLAN becomes a single spanning tree with
 its own root bridge and own set of blocked ports. This way you can
optimize
 traffic flow and reduce the amount of work to converge to a spanning tree.
 It's somewhat analogous to dividing a routed network into areas or
 autonomous systems.

 Also, at least with Catalyst 1900 switches, if you allow all VLANs to
 travel across both trunks, you will have a loop. If you don't configure
 per-VLAN spanning tree, you will have a broken network. You would think
 spanning tree would just work around this problem, but it doesn't seem to
 when VLANs are configured.


 and vtp why it is needed what purpose it serves

 VTP is a management protocol that allows switches to share information
 about VLAN names and IDs. It reduces configuration because you can
 configure VLAN names and IDs on just one or two server switches. The rest
 of the switches act as clients and pick up the info when they boot.

 By default, the switches do not keep track of which switches have which
 VLANs configured, however. I disagree with the other responder who said
VTP
 reduces bandwidth usage on links and switches. It's VTP pruning that does
 that.

 If you configure VTP pruning, then an added VTP message gets sent. The
 added message includes VLAN membership information. With VTP pruning, the
 switches become a bit smarter and do not forward traffic for a VLAN across
 a link or to a switch that has no ports in that VLAN. This must be
 configured. Without pruning, VTP just shares info about VLAN names and
IDs.

 Priscilla


 thnx in advance
 
 jd
 
 __
 Do You Yahoo!?
 Make international calls for as low as $.04/minute with Yahoo! Messenger
 http://phonecard.yahoo.com/
 

 Priscilla Oppenheimer
 http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=15110t=14961
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Netmeeting and PIX [7:15002]

[Farhan Ahmed]

try this

fixup protocol h323 1720


Best Regards

Have A Good Day!!

***
Farhan Ahmed*
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE
Network Engineer
Mideast Data Systems Abudhabi Uae.

***



Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.


 -Original Message-
 From: Patrick Donlon [mailto:[EMAIL PROTECTED]]
 Sent: Monday, August 06, 2001 2:09 PM
 To: [EMAIL PROTECTED]
 Subject: Netmeeting and PIX [7:15002]
 
 
 Does anyone know if PIX will work with Netmeeting audio and 
 video traffic
 through using NAT? Currently we've upgraded from 5.31 to 
 6.10(101) on our
 PIX, the netmeeting call is set-up and features such as chat 
 work but no
 audio and video. We have voip traffic passing through the PIX 
 from CCMs with
 out any problems. Any tips or work arounds appreciated
 
 regards
 
 Pat

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Farhan Ahmed.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=15043t=15002
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: New WIC 2T - Qurery [7:14951]

[Farhan Ahmed]

u need a smart serial cable 4 it.
- Original Message -
From: Rashid Lohiya 
To: 
Sent: Sunday, August 05, 2001 7:52 PM
Subject: New WIC 2T - Qurery [7:14951]


 Hi,

 I have just acquired a 2nd user WIC-2T Card for my 3600 Router, but it
does
 not have the regular 60pin interfaces, which I was expecting to see.

 Instead it has 2 x smaller, thinner female interfaces with 2 nuts on each
 end for the cable connector to screw into.

 The card is marked WIC 2T, and the two interfaces are labeled Serial 0 and
 Serial 1.

 Has anyone else seen this type of interface?

 Can anyone give me a cisco part number for the type of cable I would need?
 Will I be able to connect each of these connectors to a DCE/DTE crossover
 cable to connect to a regular 60pin connector?

 Is this normal or is this some special or new type of card?

 Pls. let me know

 Thanks

 --
 Rashid Lohiya
 [EMAIL PROTECTED]
 020 8509 2990
 07785 362626
 www.pioneer-computers.com
 London UK

 www.rashidl.co.uk




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=14960t=14951
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Load Balancing... [7:14865]

[Farhan Ahmed]

- Original Message -
From: Santosh Koshy 
To: 
Sent: Sunday, August 05, 2001 4:06 AM
Subject: Re: Load Balancing... [7:14865]


 Peter,

 Here is the problem i am trying to solve

 - I am located in Canada
 - We have a data center in US. All our users use SAP, Web, FTP, and other
 such applications across the border
 - We currently have one T1 circuit running to the US
 - After monitoring Traffic flow and Utilization we have come to the
 conclusion that the bandwisth is not adequate, and that we have no
 redundancy
 - We have decided to go with 4 links (from 2 different vendors)
 - We use OSPF in Canada.
 - All unknown routes (0.0.0.0 0.0.0.0) are pushed to the US router

 I was thinking of doing the following
 - Terminating all of these links into one router, and use per-packet
load
 balancing to push these packets across the border
 - Use the following config
 ! disable fast switching
 no ip route-cache
 no ip mroute-cache
 ! Use route statements to do per-packet load balancing
 ip route 0.0.0.0 0.0.0.0 link1
 ip route 0.0.0.0 0.0.0.0 link2
 ip route 0.0.0.0 0.0.0.0 link3
 ip route 0.0.0.0 0.0.0.0 link4

 My only worry is that with the above solution; I will be acheiving
 per-packet load balancing, but at the cost of a single point of failure
 (the Router)

 All suggestions are welcome... Thanks a lot guys,
 Santosh Koshy


 Peter Van Oene  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Since Howard is in London, allow me to ask What problem are you trying
to
  solve?
 
 
  *** REPLY SEPARATOR  ***
 
  On 8/3/2001 at 10:07 PM Santosh Koshy wrote:
 
  Hi All,
  
  I have a slight dilemma to which I cannot seem to find a definitive
  answer.. We have 4 circuits going from Canada to the US...
  
  Is it necessary to terminate all the circuits into one router to do
  per-packet load balancing.
  
  --
  Santosh Koshy
  WAN Administrator




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=14966t=14865
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: config for access server to callback PC modem [7:14769]

[Farhan Ahmed]

remove  this async dynamic address
  use one only  peer default ip address dhcp  
or
  peer default ip address pool ip-pool  ,,,
ip pool ip-pool 192.168.1.2 192.168.1.2
 
use one only
ppp callback initiate
or
ppp callback accept


 
 add
autoselect duriing-login

- Original Message -
From: Sim, CT (Chee Tong) 
To: 'Farhan Ahmed' 
Cc: 
Sent: Friday, August 03, 2001 12:46 PM
Subject: config for access server to callback PC modem


 Hi.. Farhan and Dear all,

 I tried to config for access server to callback PC modem, but it doesn't
 work, could you please check for me what's wrong with the config below.

 Sim

 access_server#sh run
 Building configuration...

 Current configuration:
 !
 version 11.2
 service timestamps debug uptime
 service password-encryption
 no service udp-small-servers
 no service tcp-small-servers
 !
 hostname access_server
 !
 enable secret 5 $
 !
 username sim callback-dialstring 99 password XXX
 ip host modem1 2001 50.200.100.11
 ip host modem2 2002 50.200.100.11
 ip host modem3 2003 50.200.100.11
 ip dhcp-server 50.200.100.11
 chat-script script dialout ABORT ERROR ABORT BUSY  AT OK ATDT\T
 TIMEOUT 30 CONNECT
  \c
 !
 interface Loopback0
  ip address 192.198.255.10 255.255.255.255
  no logging event subif-link-status
 !
 interface Ethernet0
  ip address 50.200.100.11 255.255.252.0
  no ip directed-broadcast
  no logging event subif-link-status
  load-interval 180
 !
 interface Serial0
  no ip address
  no logging event subif-link-status
  no fair-queue
 !
 interface Async1
  ip unnumbered Ethernet0
  encapsulation ppp
  no logging event subif-link-status
  async dynamic address
  async mode interactive
  peer default ip address dhcp
  ppp callback initiate
  ppp authentication pap
 !
 ip classless
 ip route 0.0.0.0 0.0.0.0 50.200.100.1 permanent
 logging trap debugging
 logging facility local3
 logging 50.200.100.22
 snmp-server community public RO
 !
 line con 0
 line 1
  password 7 XX
  autoselect ppp
  script callback dialout
  login local
  modem InOut
  modem autoconfigure discovery
  length 0
  transport input all
  speed 115200
  flowcontrol hardware
 line 2
  location modem2
  no exec
  password 7 
  login
  modem InOut
  transport input all
  speed 115200
  flowcontrol hardware
 line 3 8
 line aux 0
  password 7 X
  autoselect ppp
  login local
  modem InOut
  transport input all
  speed 38400
  flowcontrol hardware
 line vty 0 4
  no exec
  exec-timeout 0 0
  password 7 XX
  login
 !
 end

 access_server#
 access_server#

 -Original Message-
 From: Farhan Ahmed [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, August 01, 2001 5:47 PM
 To: 'Sim, CT (Chee Tong)'
 Subject: RE: me again
 Importance: High



 no need

 just replace the command
 async mode interactive from dedicated

 autoselect ppp
 try
 also
 autoselect during login
 if u have any prob

 Best Regards

 Have A Good Day!!

 ***
 Farhan Ahmed*
   MCSE+I, MCP Win2k, CCDA, CCNA, CSE
 Network Engineer
 Mideast Data Systems Abudhabi Uae.

 ***



 Privileged/Confidential Information may be contained in this message or
 Attachments hereto.  Please advise immediately if you or your employer do
 not consent to Internet email for messages of this kind.  Opinions,
 Conclusions and other information in this message that do not relate to
the
 Official business of this company shall be understood as neither given nor
 Endorsed by it.


  -Original Message-
  From: Sim, CT (Chee Tong) [mailto:[EMAIL PROTECTED]]
  Sent: Wednesday, August 01, 2001 10:49 AM
  To: 'Farhan Ahmed'
  Subject: me again
 
 
  Hi.. Farhan, me again
 
  May I ask about your script chat script dialout ABORT ERROR
  ABORT BUSY 
  AT OK ATDT \T TIMEOUT 30 CONNECT \c
  Do you have to specify the the phone no eg 99 to callback
  after atdt??
 
  What it means by sending you debug ppp negiotation,
  authentication?  Does
  it refer the debug output on my access server when people dial in.
 
  Any configuration need to be done on the WIN98 (mine is
  WIN98) OS and modem
  in order to let access server callback.  Do we need to use AT
  command to
  configured the PC's modem???
 
  Thanks for your help
  Sim
  -Original Message-
  From: Sim, CT (Chee Tong)
  Sent: Wednesday, August 01, 2001 1:46 PM
  To: 'Farhan Ahmed'
  Subject: RE: how to configure callback for 2 numbers [7:14121]
 
 
  Farhan,
 
  Thanks you your kind help. I think my access-server IOS version not
  up-to-date is it???  I found my account cannot download IOS
  software.  May I
  borrow your account?  Or Please let me know how to get a account to
  download?
 
  Sim
 
  access_server#sh ver
  Cisco Internetwork Operating System Software
  IOS (tm) 2500 Software (C2500-I-L), Version 11.2(18)P,
  RELEASE SOFTWARE
  (fc1)
  Copyright (c) 1986-1999 by cisco Systems, Inc.
  Compiled Mon 12-Apr-99 13:29 by ashah
  Image

RE: design issues [7:14454]

[Farhan Ahmed]

i couldnt understand


Best Regards

Have A Good Day!!

***
Farhan Ahmed*
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE
Network Engineer
Mideast Data Systems Abudhabi Uae.

***



Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.


 -Original Message-
 From: Mohammed Saro [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, August 01, 2001 11:21 AM
 To: [EMAIL PROTECTED]
 Subject: design issues [7:14454]
 
 
 i have acase and i want some1 to help me to solve it a 
 company has two sites
 they want to have dedicated line with 128 kbps on site 1 and 
 to make an ISDN
 dial backup to the ISP then site 2 is connected to site 1 
 with dedicated line
 of 128kbps and they have ISDN line their but they face 
 sometimes problems
 with
 their line in site 1 so they need in case of failure of the 
 ddicated liune
 betwenn their site 1 and the ISP and the failure of site 1 
 ISDN backup to
 dial
 the ISP they want the ISDN line of site 2 to dial to the ISP 
 and will be in
 this case the gateway of two sites
 
 
 the question now how can i trigger dial on ISDN line in site 
 2 in case of
 failure of dedicated then failure of ISDNline of site 1 with 
 the caution that
 the bri interface always up up spoofing
 
 
 Mohammed Saro
 Network Engineer

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Farhan Ahmed.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=14462t=14454
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Intermittent connectivity loss [7:14416]

[Farhan Ahmed]

u may ve virus
code red

Best Regards

Have A Good Day!!

***
Farhan Ahmed*
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE
Network Engineer
Mideast Data Systems Abudhabi Uae.

***



Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.


 -Original Message-
 From: Santosh Koshy [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, August 01, 2001 4:37 PM
 To: [EMAIL PROTECTED]
 Subject: Re: Intermittent connectivity loss [7:14416]
 
 
 This may sound stupid... but have the obvious been checked
 
 1) duplex settings
 2) speed settings
 3) portfast enabled (only on user ports)
 
 Don Oxman  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  I must admit this is my first question posted to the group, 
 though I've
 been
  a lurker for a long time.  Here it is:
 
  We have workstations on 10 different floors (each floor 
 divided in half,
  each half a different subnet), all connected to 5505's (20 
 in total).
 From
  the 5505's fiber goes to a 6509, then ultimately to the WAN 
 via ATM.  The
  servers all plug into the 6509.  So far, so good.
 
  For the past 3 days we have had workstations (not all, but 
 about 50%)on
  every floor lose connectivity to the network, whereby all 
 of our NT and
  NetWare servers are unavailable and web browsing is gone.  This has
 happened
  a total of 6 times, and there doesn't appear to be a 
 pattern to the time
 or
  network utilization.  Most times the users have to reboot, though
 sometimes
  they can reconnect without a reboot.
 
  Can anyone help steer me in the right direction?  Our WAN 
 guys can't help,
  and I have a feeling that it's going to be up to me to 
 figure this one
 out.
 
  Thanks a lot.
 
  --Don
 
  _
  Get your FREE download of MSN Explorer at 
http://explorer.msn.com/intl.asp

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Farhan Ahmed.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=14486t=14416
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ppp pap sent-username command [7:14140]

[Farhan Ahmed]

anyone knows..
when to use this command and for what purpose..?

ppp pap sent-username

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Farhan Ahmed.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=14140t=14140
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX Firewall HCT02-5 [7:14134]

[Farhan Ahmed]

oye
virus




***
Farhan Ahmed*
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE
Network Engineer
Mideast Data Systems Abudhabi Uae.

***



Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.


 -Original Message-
 From: nadeem mujahid [mailto:[EMAIL PROTECTED]]
 Sent: Monday, July 30, 2001 2:21 PM
 To: [EMAIL PROTECTED]
 Subject: PIX Firewall HCT02-5 [7:14134]
 
 
 Hi! How are you?
 
 I send you this file in order to have your advice
 
 See you later. Thanks

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Farhan Ahmed.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=14144t=14134
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: how to configure callback for 2 numbers [7:14121]

[Farhan Ahmed]

that was wrong command
wait i  m sending u the full config
u need to have ios 11.3 2 t or higher
4 win95 callback

Best Regards

Have A Good Day!!

***
Farhan Ahmed*
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE
Network Engineer
Mideast Data Systems Abudhabi Uae.

***



Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.


 -Original Message-
 From: Sim, CT (Chee Tong) [mailto:[EMAIL PROTECTED]]
 Sent: Monday, July 30, 2001 1:56 PM
 To: [EMAIL PROTECTED]
 Subject: RE: how to configure callback for 2 numbers [7:14121]
 
 
 Yes.. I tried this before, but it come out these errors..  
 what's wrong??/
 
 
 access_server(config)#username sim password simiscute
 callback-dialstring 99
 % Overly long Password truncated after 25 characters
 access_server(config)#username sim password simiscute 
 callback-dialstring
 99
 % Overly long Password truncated after 25 characters
 access_server(config)#username sim password simiscute 
 [callback-dialstring
 99]
 % Overly long Password truncated after 25 characters
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]]
 Sent: Monday, July 30, 2001 5:23 PM
 To: [EMAIL PROTECTED]; Sim, CT (Chee Tong)
 Subject: RE: how to configure callback for 2 numbers [7:14121]
 
 
 
 Specify the call back number in the username configuration:
 
 username yourname password yourpassword callback-dialstring 88
 username yourmate password hispassword callback-dialstring 77
 
 CM
 
 
 -Original Message-
 From: [EMAIL PROTECTED]  on behalf of
 Sim, CT (Chee Tong) 
 Sent: 30 July 2001 08:04
 To:   [EMAIL PROTECTED] 
 Subject:  how to configure callback for 2 numbers [7:14121]
 
 
 
  --
  From:   Sim, CT (Chee Tong)[SMTP:[EMAIL PROTECTED]]
  Sent:   Monday, July 30, 2001 9:04:53 AM
  To: [EMAIL PROTECTED]
  Subject:how to configure callback for 2 numbers [7:14121]
  Auto forwarded by a Rule
  
 Dear all,
 
 I want to make my access-server to callback my home phone no 
 888-888 and my
 colleage phone no 777-777, once we use these two number to dial to the
 access-server, , after verification, the access server will 
 cut the line and
 call back, no other number can be callbacked. 
 
 Part of my config is as follow, Please tell me what else I 
 need to configure
 in order to make it work.  eg callback-dialstring and etc
 
 interface Async1
  ip unnumbered Ethernet0
  encapsulation ppp
  no logging event subif-link-status
  async dynamic address
  async mode interactive
  peer default ip address dhcp
  ppp callback accept
  ppp authentication pap
 !
 line 1
  password 7 00059805050058
  autoselect ppp
  login local
  modem InOut
  length 0
  transport input all
  speed 115200
  flowcontrol hardware
 
 
 
 
 ==
 De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
 is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
 onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en 
 de afzender direct te informeren door het bericht te retourneren. 
 ==
 The information contained in this message may be confidential 
 and is intended to be exclusively for the addressee. Should you 
 receive this message unintentionally, please do not use the contents 
 herein and notify the sender immediately by return e-mail.
 
 
 ==
 ==
 De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
 is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
 onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en 
 de afzender direct te informeren door het bericht te retourneren. 
 ==
 The information contained in this message may be confidential 
 and is intended to be exclusively for the addressee. Should you 
 receive this message unintentionally, please do not use the contents 
 herein and notify the sender immediately by return e-mail.
 
 
 ==

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Farhan Ahmed.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=14141t=14121
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct

RE: X.25 interface maximum rate [7:14146]

[Farhan Ahmed]

u can define window and packet size to control the data transf
if i see yr config  it ll be helpfull


Best Regards

Have A Good Day!!

***
Farhan Ahmed*
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE
Network Engineer
Mideast Data Systems Abudhabi Uae.

***



Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
 Sent: Monday, July 30, 2001 3:37 PM
 To: [EMAIL PROTECTED]
 Subject: X.25 interface maximum rate [7:14146]
 
 
 Hello Group,
 
 Can somebody tell me the maximum speed an X.21 interface can 
 suport or 
 a URL that has detail information on this. I have an X.21 interface 
 connection to a 2MB link and it would flap after about 48hrs of 
 operation with a lot of input, CRC errors.
 
 A Bit Error Rate test has been performed on the link and the link 
 quality was confirmed to be good.
 
 Please help!!!
 
 Regards,
 
 
 Preye.

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Farhan Ahmed.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=14152t=14146
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN Backup [7:14148]

[Farhan Ahmed]

router a--routerb

ok

username routerb password same

int e0/0 - 10.4.10.50 255.255.255.0

int so/0 - 192.168.1.1 255.255.255.252 
backup interface dialer0
backup delay 60 40
backup load 128 20

int dialer 1
ip unnumbered e0
dialer group 1
dialer string  
dialer remote name routerb
dialer pool 1
encapsulation ppp
ppp authentication chap
dialer load threshold 128 either
ppp multilink
dilaer hold-queue 10


int bri 0
encapsulation ppp
ppp authentication chap
dialer pool-member 1




dilaer-list 1 protocol ip list 101

access list 101 permit ip any any

router eigrp 100
redistribute static
network 10.4.10.0 
network 192.168.1.0
passive interface dialer 0

ip route ( your remote network ) 192.168.1.2


let me know 


Best Regards

Have A Good Day!!

***
Farhan Ahmed*
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE
Network Engineer
Mideast Data Systems Abudhabi Uae.

***



Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.


 -Original Message-
 From: Uttam Majumdar [mailto:[EMAIL PROTECTED]]
 Sent: Monday, July 30, 2001 4:10 PM
 To: [EMAIL PROTECTED]
 Subject: ISDN Backup [7:14148]
 
 
 Hi All,
 
 I am not able communicate between 2 routers when connected using the
 ISDN backup of a leased connection. My router IP's are -
 
 Router A
 S0/0 - 192.168.1.1 255.255.255.252
 E0/0 - 10.4.10.50 255.255.255.0
 ISDN - IP Unnumbered.
 
 Router B
 S0 - 192.168.1.2 255.255.255.252
 E0 - 10.4.0.30 255.255.255.0
 ISDN - IP Unnumbered.
 
 I hv used RIP for Networks - 10.0.0.0  192.168.0.0
 Also hv used backup with dialer map.
 
 Please treat urgent Friends
 
 Thanks
 
 Uttam
 
 [GroupStudy.com removed an attachment of type text/x-vcard 
 which had a name
 of karuna_nrich.vcf]

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Farhan Ahmed.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=14159t=14148
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: how to configure callback for 2 numbers [7:14121]

[Farhan Ahmed]

try this
dont paste 

username caller1 callback-dialstring   password caller1
username caller2 callback-dialstring   password caler2

chat script dialout ABORT ERROR ABORT BUSY  AT OK ATDT \T TIMEOUT 30
CONNECT \c

interface loopback1
ip address 192.168.1.1

interface group-async 1
encapsulation ppp
ip unnumbered interface loopback1
ppp authentication pap 
async mode dedicated
peer default ip address pool ip-pool
ppp callback accept
group range 1 1


ip pool ip-pool 192.168.1.2 192.168.1.2

line 1
modem inout
no exec
script callback dialout
transport input all
modem autoconfigure discovery
stopbits 1
flow control hardware



u need to have ios 11.3 2 t or higher
4 win95 callback

send me debug ppp negotioation, authentication
if u have any problem
let me know


Best Regards

Have A Good Day!!

***
Farhan Ahmed*
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE
Network Engineer
Mideast Data Systems Abudhabi Uae.

***



Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.


 -Original Message-
 From: Sim, CT (Chee Tong) [mailto:[EMAIL PROTECTED]]
 Sent: Monday, July 30, 2001 1:56 PM
 To: [EMAIL PROTECTED]
 Subject: RE: how to configure callback for 2 numbers [7:14121]
 
 
 Yes.. I tried this before, but it come out these errors..  
 what's wrong??/
 
 
 access_server(config)#username sim password simiscute
 callback-dialstring 99
 % Overly long Password truncated after 25 characters
 access_server(config)#username sim password simiscute 
 callback-dialstring
 99
 % Overly long Password truncated after 25 characters
 access_server(config)#username sim password simiscute 
 [callback-dialstring
 99]
 % Overly long Password truncated after 25 characters
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]]
 Sent: Monday, July 30, 2001 5:23 PM
 To: [EMAIL PROTECTED]; Sim, CT (Chee Tong)
 Subject: RE: how to configure callback for 2 numbers [7:14121]
 
 
 
 Specify the call back number in the username configuration:
 
 username yourname password yourpassword callback-dialstring 88
 username yourmate password hispassword callback-dialstring 77
 
 CM
 
 
 -Original Message-
 From: [EMAIL PROTECTED]  on behalf of
 Sim, CT (Chee Tong) 
 Sent: 30 July 2001 08:04
 To:   [EMAIL PROTECTED] 
 Subject:  how to configure callback for 2 numbers [7:14121]
 
 
 
  --
  From:   Sim, CT (Chee Tong)[SMTP:[EMAIL PROTECTED]]
  Sent:   Monday, July 30, 2001 9:04:53 AM
  To: [EMAIL PROTECTED]
  Subject:how to configure callback for 2 numbers [7:14121]
  Auto forwarded by a Rule
  
 Dear all,
 
 I want to make my access-server to callback my home phone no 
 888-888 and my
 colleage phone no 777-777, once we use these two number to dial to the
 access-server, , after verification, the access server will 
 cut the line and
 call back, no other number can be callbacked. 
 
 Part of my config is as follow, Please tell me what else I 
 need to configure
 in order to make it work.  eg callback-dialstring and etc
 
 interface Async1
  ip unnumbered Ethernet0
  encapsulation ppp
  no logging event subif-link-status
  async dynamic address
  async mode interactive
  peer default ip address dhcp
  ppp callback accept
  ppp authentication pap
 !
 line 1
  password 7 00059805050058
  autoselect ppp
  login local
  modem InOut
  length 0
  transport input all
  speed 115200
  flowcontrol hardware
 
 
 
 
 ==
 De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
 is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
 onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en 
 de afzender direct te informeren door het bericht te retourneren. 
 ==
 The information contained in this message may be confidential 
 and is intended to be exclusively for the addressee. Should you 
 receive this message unintentionally, please do not use the contents 
 herein and notify the sender immediately by return e-mail.
 
 
 ==
 ==
 De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
 is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
 onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en 
 de afzender direct te informeren door het bericht te retourneren

RE: Frame Relay - slow link? overutilized? [7:14163]

[Farhan Ahmed]

send me  sh int 
clear counters before sending and wait for 5  min to get new stats

your router is not receiving lmi packets properly
how many sites u have?

 Num Status Enq. Sent 401101   Num Status msgs Rcvd 400894
   Num Update Status Rcvd 0  Num Status Timeouts 2 

Best Regards

Have A Good Day!!

***
Farhan Ahmed*
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE
Network Engineer
Mideast Data Systems Abudhabi Uae.

***



Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.


 -Original Message-
 From: Provost, Robert [mailto:[EMAIL PROTECTED]]
 Sent: Monday, July 30, 2001 6:18 PM
 To: [EMAIL PROTECTED]
 Subject: Frame Relay - slow link? overutilized? [7:14163]
 
 
 We have a frame relay network with some sites complaining 
 about slowness
 issues.  Everyone is blaming the bandwidth without testing.  
 Is there anyway
 I can prove what is causing the latency?  Here are some 
 outputs from the
 remote site router.  Can someone help me decipher?
 
 Thanks,
 Rob Provost
 
 router#sh run
 Building configuration...
  
 Current configuration:
 !
 version 12.0
 service timestamps debug uptime
 service timestamps log uptime
 service password-encryption
 !
 hostname router
 !
 enable password X XXX
 !
 ip subnet-zero
 !
 !
 !
 interface Ethernet0
  ip address 172.16.1.1 255.255.255.0
  ip helper-address 10.1.1.2
  no ip directed-broadcast
 !
 interface Serial0
  description router DLCI 200
  no ip address
  no ip directed-broadcast
  encapsulation frame-relay IETF
  service-module 56k clock source line
  service-module 56k network-type dds
  frame-relay lmi-type cisco
 !
 interface Serial0.1 point-to-point
  description HQ DLCI 100
  ip address 10.254.12.6 255.255.255.252
  no ip directed-broadcast
  frame-relay interface-dlci 100
 !
 router rip
  version 2
  network 10.0.0.0
 !
 ip classless
 ip route 0.0.0.0 0.0.0.0 10.254.12.5
 !
 !
 line con 0
  transport input none
 line vty 0 4
  password X X
  login
 !
 end
  
 router#sh interfaces serial 0
 Serial0 is up, line protocol is up
   Hardware is QUICC Serial (with onboard CSU/DSU)
   Description: router DLCI 200
   MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255, 
 load 1/255
   Encapsulation FRAME-RELAY IETF, loopback not set, keepalive 
 set (10 sec)
   LMI enq sent  401099, LMI stat recvd 400892, LMI upd recvd 
 0, DTE LMI up
   LMI enq recvd 0, LMI stat sent  0, LMI upd sent  0
   LMI DLCI 1023  LMI type is CISCO  frame relay DTE
   Broadcast queue 0/64, broadcasts sent/dropped 276474/0, interface
 broadcasts 2
 09741
   Last input 00:00:00, output 00:00:00, output hang never
   Last clearing of show interface counters never
   Input queue: 0/75/0 (size/max/drops); Total output drops: 0
   Queueing strategy: weighted fair
   Output queue: 0/1000/64/0 (size/max total/threshold/drops)
  Conversations  0/10/256 (active/max active/max total)
  Reserved Conversations 0/0 (allocated/max allocated)
   5 minute input rate 1000 bits/sec, 1 packets/sec
   5 minute output rate 1000 bits/sec, 1 packets/sec
  4243911 packets input, 2199323988 bytes, 0 no buffer
  Received 0 broadcasts, 0 runts, 2 giants, 0 throttles
  52784 input errors, 35055 CRC, 9168 frame, 0 overrun, 0 
 ignored, 8561
 abort
  1472502 packets output, 215379554 bytes, 0 underruns
  0 output errors, 0 collisions, 69 interface resets
  0 output buffer failures, 0 output buffers swapped out
  1 carrier transitions
  DCD=up  DSR=up  DTR=up  RTS=up  CTS=up
  
 router#sh controllers serial
  
 QUICC Serial (with onboard CSU/DSU) unit 0
 idb at 0x25158A8, driver data structure at 0x251710C
 SCC Registers:
 General [GSMR]=0x2:0x0030, Protocol-specific [PSMR]=0x0
 Events [SCCE]=0x, Mask [SCCM]=0x001F, Status [SCCS]=0x0006
 Transmit on Demand [TODR]=0x0, Data Sync [DSR]=0x7E7E
 Interrupt Registers:
 Config [CICR]=0x00368461, Pending [CIPR]=0xC004
 Mask   [CIMR]=0xC812, In-srv  [CISR]=0x
 Command register [CR]=0x6C0
 Port A [PADIR]=0x, [PAPAR]=0xCCC3
[PAODR]=0x, [PADAT]=0xF5FE
 Port B [PBDIR]=0x00F13F, [PBPAR]=0x0010CE
[PBODR]=0x00, [PBDAT]=0x034ADD
 Port C [PCDIR]=0x000A, [PCPAR]=0x
[PCSO]=0x0830,  [PCDAT]=0x03C4, [PCINT]=0x
  
 SCC GENERAL PARAMETER RAM (at 0xFF00F00)
 Rx BD Base [RBASE]=0x560, Fn Code [RFCR]=0x18
 Tx BD Base [TBASE]=0x5A0, Fn Code [TFCR]=0x18
 Max Rx Buff Len [MRBLR]=1528
 Rx State [RSTATE]=0x18008240, BD Ptr [RBPTR]=0x590
 Tx State [TSTATE]=0x18000348, BD Ptr [TBPTR]=0x5A0
  
 SCC HDLC PARAMETER RAM (at 0xFF00F38)
 CRC

RE: configure AS5300 for ISDN call receive [7:14156]

[Farhan Ahmed]

u have pri e1/t1?

any way i ll show u abt t1

username remoteroutera password same
username remoterouterb password same

config t
isdn switch-type primary-5ess (use your isdn switch ask yr teleco)

controller t1 0 ( there are 4  all togethere 0-3)
framing esf
linecode b8zs
pri-group timeslots 1-24
clock source line primary


ok now u have to make a dialer. to make and receive calls

interface dialer 1 (make as many u like)2,3,4,5,6-23
ppp authentication chap
dialer group 1
dialer string 
dialer remote-name remoteroutera ( remote router host name)
no peer default ip address 
dialer threshold 128 either
dialer pool 1
dialer idle timeout 120
encapsulation ppp
ppp multilink

now d channel config

int s0:23 (0---22)
encapsulation ppp
dialer pool-member1


dialer list 1 protocol ip permit

ip route remote netwrk  bri int of remote router



Best Regards

Have A Good Day!!

***
Farhan Ahmed*
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE
Network Engineer
Mideast Data Systems Abudhabi Uae.

***



Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.


 -Original Message-
 From: Sunil Subash [mailto:[EMAIL PROTECTED]]
 Sent: Monday, July 30, 2001 5:30 PM
 To: [EMAIL PROTECTED]
 Subject: configure AS5300 for ISDN call receive [7:14156]
 
 
 Hi there,
 Does any one knows how to configure my cisco AS5300 to accept 
 isdn call?
 
 thanks in advance,
 ss

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Farhan Ahmed.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=14189t=14156
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Frame Relay - slow link? overutilized? [7:14163]

[Farhan Ahmed]

auh--
u have a big setup..
most of the frame relay problem happens of remote site pushing too much data
that the central site can handle
u r using default queing  strategy.
and u send me only the remote site config

u need to ccalculate what is the total cir and Be(excess bust speed of all
remote sites comming into your vc
u need to provide fine details


Best Regards

Have A Good Day!!

***
Farhan Ahmed*
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE
Network Engineer
Mideast Data Systems Abudhabi Uae.

***



Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.


 -Original Message-
 From: Provost, Robert [mailto:[EMAIL PROTECTED]]
 Sent: Monday, July 30, 2001 7:22 PM
 To: [EMAIL PROTECTED]
 Subject: RE: Frame Relay - slow link? overutilized? [7:14163]
 
 
 Here is the sh int after cleared counters and 5 minute wait.  
 We have 320+
 sites.  Most sites are 56k lines, some frac T1, some DSL.  
 Most have one PVC
 back to HQ.  HQ has three routers on the Frame w/a total of 7 T1s.
 
 Thanks for your help,
 
 Rob
 
 
 router#sh int
 Ethernet0 is up, line protocol is up
   Hardware is QUICC Ethernet, address is 0001.42a5.c6ec (bia 
 0001.42a5.c6ec)
   Internet address is 10.253.X.X/24
   MTU 1500 bytes, BW 1 Kbit, DLY 1000 usec, rely 255/255, 
 load 1/255
   Encapsulation ARPA, loopback not set, keepalive set (10 sec)
   ARP type: ARPA, ARP Timeout 04:00:00
   Last input 00:00:01, output 00:00:00, output hang never
   Last clearing of show interface counters 00:07:13
   Queueing strategy: fifo
   Output queue 0/40, 0 drops; input queue 0/75, 0 drops
   5 minute input rate 0 bits/sec, 0 packets/sec
   5 minute output rate 0 bits/sec, 0 packets/sec
  186 packets input, 19777 bytes, 0 no buffer
  Received 177 broadcasts, 0 runts, 0 giants, 0 throttles
  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
  0 input packets with dribble condition detected
  438 packets output, 207446 bytes, 0 underruns
  0 output errors, 0 collisions, 0 interface resets
  0 babbles, 0 late collision, 0 deferred
  0 lost carrier, 0 no carrier
  0 output buffer failures, 0 output buffers swapped out
 Serial0 is up, line protocol is up
   Hardware is QUICC Serial (with onboard CSU/DSU)
   Description: router DLCI 200
   MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255, 
 load 1/255
   Encapsulation FRAME-RELAY IETF, loopback not set, keepalive 
 set (10 sec)
   LMI enq sent  44, LMI stat recvd 44, LMI upd recvd 0, DTE LMI up
   LMI enq recvd 0, LMI stat sent  0, LMI upd sent  0
   LMI DLCI 1023  LMI type is CISCO  frame relay DTE
   Broadcast queue 0/64, broadcasts sent/dropped 25/0, 
 interface broadcasts
 18
   Last input 00:00:00, output 00:00:00, output hang never
   Last clearing of show interface counters 00:07:14
   Input queue: 0/75/0 (size/max/drops); Total output drops: 0
   Queueing strategy: weighted fair
   Output queue: 0/1000/64/0 (size/max total/threshold/drops)
  Conversations  0/10/256 (active/max active/max total)
  Reserved Conversations 0/0 (allocated/max allocated)
   5 minute input rate 1000 bits/sec, 1 packets/sec
   5 minute output rate 0 bits/sec, 0 packets/sec
  421 packets input, 167457 bytes, 0 no buffer
  Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
  117 packets output, 9694 bytes, 0 underruns
  0 output errors, 0 collisions, 0 interface resets
  0 output buffer failures, 0 output buffers swapped out
  0 carrier transitions
  DCD=up  DSR=up  DTR=up  RTS=up  CTS=up
  
 Serial0.1 is up, line protocol is up
   Hardware is QUICC Serial (with onboard CSU/DSU)
   Description: HQ DLCI 100
   Internet address is 10.254.X.X/30
   MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255, 
 load 1/255
   Encapsulation FRAME-RELAY IETF
 
 -Original Message-
 From: Farhan Ahmed [mailto:[EMAIL PROTECTED]]
 Sent: Monday, July 30, 2001 10:52 AM
 To: 'Provost, Robert'; [EMAIL PROTECTED]
 Subject: RE: Frame Relay - slow link? overutilized? [7:14163]
 Importance: High
 
 
 send me  sh int 
 clear counters before sending and wait for 5  min to get new stats
 
 your router is not receiving lmi packets properly
 how many sites u have?
 
  Num Status Enq. Sent 401101   Num Status msgs Rcvd 400894
Num Update Status Rcvd 0  Num Status Timeouts 2 
 
 Best Regards
 
 Have A Good Day!!
 
 ***
 Farhan Ahmed*
   MCSE+I, MCP Win2k, CCDA, CCNA, CSE
 Network Engineer
 Mideast Data

RE: Frame Relay - slow link? overutilized? [7:14163]

[Farhan Ahmed]

lmi has local significance why dont u send us hub config
Best Regards

Have A Good Day!!

***
Farhan Ahmed*
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE
Network Engineer
Mideast Data Systems Abudhabi Uae.

***



Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.


 -Original Message-
 From: Provost, Robert [mailto:[EMAIL PROTECTED]]
 Sent: Monday, July 30, 2001 11:39 PM
 To: [EMAIL PROTECTED]
 Subject: RE: Frame Relay - slow link? overutilized? [7:14163]
 
 
 I'm confused.  My remote site LMI type is Cisco, HQ is ANSI.  
 I am passing
 LMI and the site is up, just slow.  If my LMI type was 
 mismatched, wouldn't
 it not work at all?  I cleared the counters and over the last 
 couple of
 hours have received no CRCs, FECNs, BECNs, dropped packets, etc.  
 
 Here is some statistics from my Frame Relay provider.  Their 
 reporting also
 shows no FECNs, BECNs, discarded packets, etc.
 
 
 PVC Usage to CIR Ratio Exceptions  
 
 Hour Day %Peak 5 Min Crit Thresh 
 6Thu290.80150.00 
 7Wed150.11150.00 
 12   Tue150.41150.00 
 12   Fri173.33150.00 
 15   Mon172.14150.00 
 16   Thu150.92150.00 
 
 Any suggestions?
 
 TIA,
 Rob
 
 
 -Original Message-
 From: Jim Dixon [mailto:[EMAIL PROTECTED]]
 Sent: Monday, July 30, 2001 11:40 AM
 To: Provost, Robert
 Subject: RE: Frame Relay - slow link? overutilized? [7:14163]
 
 
 Robert, 
 
 What kind of router is at HQ?  Is it the one below?
 What kind is at the remote end?  Is IT the one below?
 Which end are we looking at in other words?
 
 Are Both Routers CISCO?  Is the Frame Relay Network providing 
 CISCO LMI?
 (that is my FIRST question)
 
 If so then check cables.  CRC's are most often a layer one issue.
 
 Jim
 
 -Original Message-
 From: Provost, Robert [mailto:[EMAIL PROTECTED]]
 Sent: Monday, July 30, 2001 10:22 AM
 To: [EMAIL PROTECTED]
 Subject: RE: Frame Relay - slow link? overutilized? [7:14163]
 
 
 Here is the sh int after cleared counters and 5 minute wait.  
 We have 320+
 sites.  Most sites are 56k lines, some frac T1, some DSL.  
 Most have one PVC
 back to HQ.  HQ has three routers on the Frame w/a total of 7 T1s.
 
 Thanks for your help,
 
 Rob
 
 
 router#sh int
 Ethernet0 is up, line protocol is up
   Hardware is QUICC Ethernet, address is 0001.42a5.c6ec (bia 
 0001.42a5.c6ec)
   Internet address is 10.253.X.X/24
   MTU 1500 bytes, BW 1 Kbit, DLY 1000 usec, rely 255/255, 
 load 1/255
   Encapsulation ARPA, loopback not set, keepalive set (10 sec)
   ARP type: ARPA, ARP Timeout 04:00:00
   Last input 00:00:01, output 00:00:00, output hang never
   Last clearing of show interface counters 00:07:13
   Queueing strategy: fifo
   Output queue 0/40, 0 drops; input queue 0/75, 0 drops
   5 minute input rate 0 bits/sec, 0 packets/sec
   5 minute output rate 0 bits/sec, 0 packets/sec
  186 packets input, 19777 bytes, 0 no buffer
  Received 177 broadcasts, 0 runts, 0 giants, 0 throttles
  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
  0 input packets with dribble condition detected
  438 packets output, 207446 bytes, 0 underruns
  0 output errors, 0 collisions, 0 interface resets
  0 babbles, 0 late collision, 0 deferred
  0 lost carrier, 0 no carrier
  0 output buffer failures, 0 output buffers swapped out
 Serial0 is up, line protocol is up
   Hardware is QUICC Serial (with onboard CSU/DSU)
   Description: router DLCI 200
   MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255, 
 load 1/255
   Encapsulation FRAME-RELAY IETF, loopback not set, keepalive 
 set (10 sec)
   LMI enq sent  44, LMI stat recvd 44, LMI upd recvd 0, DTE LMI up
   LMI enq recvd 0, LMI stat sent  0, LMI upd sent  0
   LMI DLCI 1023  LMI type is CISCO  frame relay DTE
   Broadcast queue 0/64, broadcasts sent/dropped 25/0, 
 interface broadcasts
 18
   Last input 00:00:00, output 00:00:00, output hang never
   Last clearing of show interface counters 00:07:14
   Input queue: 0/75/0 (size/max/drops); Total output drops: 0
   Queueing strategy: weighted fair
   Output queue: 0/1000/64/0 (size/max total/threshold/drops)
  Conversations  0/10/256 (active/max active/max total)
  Reserved Conversations 0/0 (allocated/max allocated)
   5 minute input rate 1000 bits/sec, 1 packets/sec
   5 minute output rate 0 bits/sec, 0 packets/sec
  421 packets input, 167457 bytes, 0 no buffer
  Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
  117 packets

RE: delay command [7:14071]

[Farhan Ahmed]

try 
dialer hold-queue 
and hold the traffic and see when yr app times out...

Best Regards

Have A Good Day!!

***
Farhan Ahmed*
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE
Network Engineer
Mideast Data Systems Abudhabi Uae.

***



Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.


 -Original Message-
 From: kwock99 [mailto:[EMAIL PROTECTED]]
 Sent: Sunday, July 29, 2001 10:12 AM
 To: [EMAIL PROTECTED]
 Subject: delay command [7:14071]
 
 
 I am trying to look for an router command to delay sending 
 out the traffic
 through a serial interface. Hopefully, it would simulate the 
 real life case
 when traffic passing through the WAN interface. By tuning the 
 delay figure,
 we
 would find out how long the application at both end can take 
 before timeout.
 
 I have tested the delay command. Here is the syntax and description:
 
 delay tens-of-microseconds
 
 tens-of-microseconds: Integer that specifies the delay in tens of
 microseconds
 for an interface or network segment. To see the default 
 delay, use the show
 interfaces command.
 
 I have set the maximum value for the tens-of-microseconds on 
 the serial
 interfaces and perform the ping test at the both end. There 
 is no actual
 delay
 on the ping test reponse time.
 
 
 PC1 - (R1) S0 -- S0 (R2) -- PC 2
Delay max   Delay max
DTE DCE
 
 
 Thanks
 
 Francis Tsui

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Farhan Ahmed.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=14073t=14071
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: delay command [7:14071]

[Farhan Ahmed]

what kind of devices..
u ve any urls?

Best Regards

Have A Good Day!!


 -Original Message-
 From: Michael L. Williams [mailto:[EMAIL PROTECTED]]
 Sent: Sunday, July 29, 2001 7:42 PM
 To: [EMAIL PROTECTED]
 Subject: Re: delay command [7:14071]
 
 
 There are devices you can purchase that will add latency to a 
 connection (as
 you describe below).  I don't remember the exact name of it, 
 but if you
 search the archives, you'll find it.  There have been 
 discussions in this
 group about such a device.
 
 Mike W.
 
 kwock99  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  I am trying to look for an router command to delay sending 
 out the traffic
  through a serial interface. Hopefully, it would simulate 
 the real life
 case
  when traffic passing through the WAN interface. By tuning the delay
 figure,
  we
  would find out how long the application at both end can take before
 timeout.
 
  I have tested the delay command. Here is the syntax and description:
 
  delay tens-of-microseconds
 
  tens-of-microseconds: Integer that specifies the delay in tens of
  microseconds
  for an interface or network segment. To see the default 
 delay, use the
 show
  interfaces command.
 
  I have set the maximum value for the tens-of-microseconds 
 on the serial
  interfaces and perform the ping test at the both end. There 
 is no actual
  delay
  on the ping test reponse time.
 
 
  PC1 - (R1) S0 -- S0 (R2) -- PC 2
 Delay max   Delay max
 DTE DCE
 
 
  Thanks
 
  Francis Tsui

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Farhan Ahmed.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=14086t=14071
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: when 25 booting, the message is repeat again and a [7:13983]

[Farhan Ahmed]

may be, this problem occurs  if you have just replaced your system EPROMs.

 1 Power down the system.

 2 Inspect each EPROM. Make sure each EPROM is correctly positioned in the
socket (with notches properly aligned) in the correct socket.

 3 If a pin is bent, straighten it carefully. Reinstall the EPROM and power
up the system. If a pin breaks off, the EPROM must be replaced.

 4 If an EPROM has been installed backward and power has been applied to it,
the EPROM has been damaged and must be replaced.

Best Regards

Have A Good Day!!

Farhan Ahmed
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE, CCNA
Network Engineer
Mideast Data Systems Abudhabi Uae.




Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.


 -Original Message-
 From: xie rootstock [mailto:[EMAIL PROTECTED]]
 Sent: Friday, July 27, 2001 7:13 PM
 To: [EMAIL PROTECTED]
 Subject: when 25 booting, the message is repeat again and a [7:13950]
 
 
 System Bootstrap, Version 11.0(10c), SOFTWARE
 Copyright (c) 1986-1996 by cisco Systems
 2500 processor with 2048 Kbytes of main memory
 Local Timeout (control reg=0x118) Error, address: 0x213202C 
 at 0x101772A (PC)
 
 what is the metter anyway!! please help, I bough this router 
 for only 1
 day.

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Farhan Ahmed.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13983t=13983
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: access list.. [7:13564]

[Farhan Ahmed]

hi ejay..

sunet calc wont calc wild mask or does it?

Best Regards
 -Original Message-
 From: Hire, Ejay [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, July 26, 2001 12:42 AM
 To: [EMAIL PROTECTED]
 Subject: RE: access list.. [7:13564]
 
 
 No, Solution2 is correct. 
 The objective was to permit x.x.240-255.0-255 per the 
 original message :
 What mask would be used if you want to create an
 access list where the IP addresses (128.252.0.0 to
 128.252.240.0) would be blocked
 pls support with explanation,
 
 You can check it with the subnet calculator from B0s0n Software.
 
 -ejay
 
 -Original Message-
 From: Farhan Ahmed [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, July 25, 2001 2:23 PM
 To: 'Hire, Ejay'; [EMAIL PROTECTED]
 Subject: RE: access list.. [7:13564]
 
 
 solution2; will permit 1-240 range and the deny statement 
 will deny the rest
 thats opposite
 
 to get a wild mask
 we put higher minus lower
 
  255.255.255.255
  255.255.240. 0
0  015   255
 
 so the router will permit 1-240 instead
 
 -Original Message-
 From: Hire, Ejay [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, July 25, 2001 9:22 PM
 To: 'Farhan Ahmed'; [EMAIL PROTECTED]
 Subject: RE: access list.. [7:13564]
 
 
 Objective:  
 Create an Access list to block the source address range 128.252.0.0 to
 128.252.240.0
 
 Solution 1:
 access-list 1 deny 128.252.0.00.0.127.255 Blocks 
 128.252.0-127.0-255
 access-list 1 deny 128.252.128.0  0.0.63.255  Blocks 
 128.252.128-191.0-255
 access-list 1 deny 128.252.192.0  0.0.31.255  Blocks 
 128.252.192-223.0-255
 access-list 1 deny 128.252.224.0  0.0.15.255  Blocks 
 128.252.224-239.0-255
 access-list 1 permit any Allows all other 
 traffic to
 pass.
 
 Solution 2:
 access-list 1 permit 128.252.240.0 0.0.15.255 Permits 
 128.252.240-255.0-255
 access-list 1 deny 128.252.0.0 0.0.255.255 Denies traffic 
 from 128.252 that
 is not permitted by the previous line
 access-list 1 permit any
 
 Notes:
 Both Solutions work, but solution 2 has less lines and will 
 result in less
 processor utilization in most scenarios.
 
 -Ejay
 
 
 
 -Original Message-
 From: Farhan Ahmed [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, July 24, 2001 2:29 PM
 To: [EMAIL PROTECTED]
 Subject: access list.. [7:13564]
 
 
 What mask would be used if you want to create an
 access list where the IP addresses (128.252.0.0 to
 128.252.240.0) would be blocked
 pls support with explanation,

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Farhan Ahmed.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13835t=13564
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Catalyst 5509 [7:13848]

[Farhan Ahmed]

Console (enable) set ip permit 172.16.0.0 255.255.0.0 telnet

172.16.0.0 with mask 255.255.0.0 added to telnet permit list.
Console (enable) set ip permit 172.20.52.32 255.255.255.224 snmp

172.20.52.32 with mask 255.255.255.224 added to snmp permit list.
Console (enable) set ip permit 172.20.52.3 all

172.20.52.3 added to IP permit list.
 
Console (enable) show ip permit

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_6_1/config/s
nmp.htm

Best Regards

Have A Good Day!!

Farhan Ahmed
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE, CCNA
Network Engineer
Mideast Data Systems Abudhabi Uae.




Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.


 -Original Message-
 From: Andy Low [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, July 26, 2001 1:24 PM
 To: [EMAIL PROTECTED]
 Subject: Catalyst 5509 [7:13848]
 
 
 Hi,
 
 Anyone knows how to enable ACL or some form of telnet control 
 to the switch.
 Is there any instructions on how to control the SNMP query as well.
 
 Thanks,
 
 Andy

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Farhan Ahmed.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13853t=13848
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Async comes up but encapsulation fails [7:13834]

[Farhan Ahmed]

use
autoselect ppp

where is the dialer info??

Best Regards

Have A Good Day!!

Farhan Ahmed
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE, CCNA
Network Engineer
Mideast Data Systems Abudhabi Uae.




Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.


 -Original Message-
 From: Ahmed Mamoor Amimi [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, July 26, 2001 5:32 PM
 To: [EMAIL PROTECTED]
 Subject: Re: Async comes up but encapsulation fails [7:13834]
 
 
 Both the routers get connected but can't ping both side and says
 encapsualtion failed
 the config on both side for async port is
 
 interface Async1
  ip address 192.168.4.2 255.255.255.0
  no ip directed-broadcast
  encapsulation ppp
  keepalive 10
  dialer in-band
  dialer wait-for-carrier-time 5
  dialer map ip 192.168.4.1 35
  dialer-group 1
  async default routing
  async mode dedicated
 !
 router rip
  network 192.168.4.0
  network 192.168.5.0
 !
 line aux 0
  login local
  modem InOut
  modem autoconfigure type usr_sportster
  transport input all
  stopbits 1
  speed 38400
  flowcontrol hardware
 =
 help me!!
 
 Bruce McNamara  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Have you verified the the encapsulation type on either 
 side?  We use CHAP
 as
  it is professed to be more secure using the 
 chanllenge-response method.

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Farhan Ahmed.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13883t=13834
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

wrong study notes at cramsession.com [7:13905]

[Farhan Ahmed]

Dallas2(config-if)#dialer in-band (enables v25bis on sync and chat-scripts
on async)
Adding Modems to Router - The router has a built-in modem compatibility
database (modemcap) to issue the correct initialization strings. Use the
following command to have the router search and configure the new modem:
Dallas2(config-line)# modemcap autoconfigure discovery
You can also use a preset or user defined modem database.













http://cramsession.brainbuzz.com/cramsession/cisco/bcran/guide.asp




Best Regards

Have A Good Day!!

***
Farhan Ahmed*
  MCSE+I, MCP Win2k, CCDA, CCNA, CSE, CCNA
Network Engineer
Mideast Data Systems Abudhabi Uae.

***



Privileged/Confidential Information may be contained in this message or
Attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
Conclusions and other information in this message that do not relate to the
Official business of this company shall be understood as neither given nor
Endorsed by it.
  

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Farhan Ahmed.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13905t=13905
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: access list.. [7:13564]

[Farhan Ahmed]

solution2; will permit 1-240 range and the deny statement will deny the rest
thats opposite

to get a wild mask
we put higher minus lower

 255.255.255.255
 255.255.240. 0
   0  015   255

so the router will permit 1-240 instead

-Original Message-
From: Hire, Ejay [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 25, 2001 9:22 PM
To: 'Farhan Ahmed'; [EMAIL PROTECTED]
Subject: RE: access list.. [7:13564]


Objective:  
Create an Access list to block the source address range 128.252.0.0 to
128.252.240.0

Solution 1:
access-list 1 deny 128.252.0.00.0.127.255 Blocks 128.252.0-127.0-255
access-list 1 deny 128.252.128.0  0.0.63.255  Blocks 128.252.128-191.0-255
access-list 1 deny 128.252.192.0  0.0.31.255  Blocks 128.252.192-223.0-255
access-list 1 deny 128.252.224.0  0.0.15.255  Blocks 128.252.224-239.0-255
access-list 1 permit any Allows all other traffic to
pass.

Solution 2:
access-list 1 permit 128.252.240.0 0.0.15.255 Permits 128.252.240-255.0-255
access-list 1 deny 128.252.0.0 0.0.255.255 Denies traffic from 128.252 that
is not permitted by the previous line
access-list 1 permit any

Notes:
Both Solutions work, but solution 2 has less lines and will result in less
processor utilization in most scenarios.

-Ejay



-Original Message-
From: Farhan Ahmed [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 2:29 PM
To: [EMAIL PROTECTED]
Subject: access list.. [7:13564]


What mask would be used if you want to create an
access list where the IP addresses (128.252.0.0 to
128.252.240.0) would be blocked
pls support with explanation,

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Farhan Ahmed.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13790t=13564
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ACS2.6 users on Cluster Servers!! [7:13481]

[Farhan Ahmed]

Cisco Secure ACS operates as a Windows NT or Windows 2000 service and
controls the authentication, authorization, and accounting (AAA) of users
accessing networks. Cisco Secure ACS operates with Windows NT Server version
4.0 and Windows 2000 Server. Provided that Microsoft Clustering Services are
not installed, Cisco Secure ACS operates on Windows 2000 Advanced Server and
Windows 2000 Datacenter Server.

u might look 4 some 3rd part clustering software
like doubletake

-Original Message-
From: Magdy H. Ibrahim [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 2:28 PM
To: [EMAIL PROTECTED]
Subject: ACS2.6 users on Cluster Servers!! [7:13481]


Hi guys,

I installed ACS2.6 on 2 nodes cluster , using Win2k to provide high
availability , so when any ACS service stop on one node the ACS will
failover to the other node .
The problem I'm facing is that the ACS configuration replicated well when
ACS moves from one node to the other , but the users database not !! , So
are there any way to replicate the users database from Windows registry , If
answer is yes , which key I'll need to copy ?
Any suggestions will be appriciated .

Thanks in advance,

Magdy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13487t=13481
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

vpn speed [7:13499]

[Farhan Ahmed]

lets say we have 2 cisco 1720 with vpn accelerator card and both have a 64k
connection to internet
 what would be the speed of the tunnel




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13499t=13499
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Ciscco IDS [7:13516]

[Farhan Ahmed]

how its possible for ids to read the contents of packet for eg
confidential doc and generate an alaram

what if somebody using vpn from inside network to somewhere else to transfer
confidential information

what does it means that ipsec is ,,,




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13516t=13516
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

access list.. [7:13564]

[Farhan Ahmed]

What mask would be used if you want to create an
access list where the IP addresses (128.252.0.0 to
128.252.240.0) would be blocked
pls support with explanation,




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13564t=13564
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ccna challenge question [7:13565]

[Farhan Ahmed]

Last Weeks CCNA(tm) Challenge Question 
Question
Using classful assumptions, what is the directed broadcast address for
172.18.2.0 with the mask 255.255.254.0?

a) 172.18.2.255

b) 172.18.3.255

c) 172.18.255.255

d) 172.18.0.0
Answer
b)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13565t=13565
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: access list.. [7:13564]

[Farhan Ahmed]

def mask

-Original Message-
From: MikeN [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 10:36 PM
To: [EMAIL PROTECTED]
Subject: Re: access list.. [7:13564]


To answer this question, we would need to know what the subnet masks are.

Thanks,
MikeN

Farhan Ahmed  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 What mask would be used if you want to create an
 access list where the IP addresses (128.252.0.0 to
 128.252.240.0) would be blocked
 pls support with explanation,




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13569t=13564
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Problem with Fastethernet 2610 router [7:13497]

[Farhan Ahmed]

u need to setup static route in both direction u just put only 1 route to
the 1st vlan u need more rotes in both direc
on the other vlans u should have static routes to router via x

-Original Message-
From: Kiran Kumar M [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 10:28 PM
To: [EMAIL PROTECTED]
Subject: Re: Problem with Fastethernet 2610 router [7:13497]


Thanks for your mail. 

No, the default route is already there. It is already defined in that
router. Infact I just copied it from the working router.

Thanks,
Kiran


On Tue, 24 Jul 2001, Patrick Ramsey wrote:

 sounds like you have missed a default route on the 2610.
 
 The 2610 will not be able to see any other vlans unless the vlan it is
plugged into has an ip address assigned to it acting as a gateway.  Then
you need to set that ip address as the 2610's default gateway.  (or at least
specify a specific route to the other vlans)
 
 If this is a router conencted to the internet, you would defiantely want
to keep the default gw out it's serial interface.
 
 -Patrick
 
 
  Kiran Kumar M  07/24/01 10:27AM 
 Hai,
 
 I am facing a strange problem. I am using a cisco 2610 router in my
 network. In that I am having one fastethernet, and 2 WIC2T . When I am
 connecting to the L3 switch, it is able to ping to that particular VLAN,
 and unable to ping to other VLANS or outside of that VLAN. If I use
 another router with ethernet card (becuase I am not having another
 ethernet card in first router), with the same setup it is able to
 communicate with the outside world. So I concluded that it is not the
 problem with L3 switch. I tried to find it on cisco site, but unable to
 locate the solution.
 
 Thanks in advance,
 Kiran




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13568t=13497
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Problem with Fastethernet 2610 router [7:13497]

[Farhan Ahmed]

cAN U SEND YR CONFIGS

-Original Message-
From: Kiran Kumar M [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 10:40 PM
To: Farhan Ahmed
Cc: [EMAIL PROTECTED]
Subject: RE: Problem with Fastethernet 2610 router [7:13497]



It is not at all the routing problem. Because it is perfectly working with
the same configuration with other router with out any changes.

Thanks,
Kiran
On Tue, 24 Jul 2001, Farhan Ahmed wrote:

 u need to setup static route in both direction u just put only 1 route to
 the 1st vlan u need more rotes in both direc
 on the other vlans u should have static routes to router via x
 
 -Original Message-
 From: Kiran Kumar M [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, July 24, 2001 10:28 PM
 To: [EMAIL PROTECTED]
 Subject: Re: Problem with Fastethernet 2610 router [7:13497]
 
 
 Thanks for your mail. 
 
 No, the default route is already there. It is already defined in that
 router. Infact I just copied it from the working router.
 
 Thanks,
 Kiran
 
 
 On Tue, 24 Jul 2001, Patrick Ramsey wrote:
 
  sounds like you have missed a default route on the 2610.
  
  The 2610 will not be able to see any other vlans unless the vlan it is
 plugged into has an ip address assigned to it acting as a gateway.  Then
 you need to set that ip address as the 2610's default gateway.  (or at
least
 specify a specific route to the other vlans)
  
  If this is a router conencted to the internet, you would defiantely want
 to keep the default gw out it's serial interface.
  
  -Patrick
  
  
   Kiran Kumar M  07/24/01 10:27AM 
  Hai,
  
  I am facing a strange problem. I am using a cisco 2610 router in my
  network. In that I am having one fastethernet, and 2 WIC2T . When I am
  connecting to the L3 switch, it is able to ping to that particular VLAN,
  and unable to ping to other VLANS or outside of that VLAN. If I use
  another router with ethernet card (becuase I am not having another
  ethernet card in first router), with the same setup it is able to
  communicate with the outside world. So I concluded that it is not the
  problem with L3 switch. I tried to find it on cisco site, but unable to
  locate the solution.
  
  Thanks in advance,
  Kiran




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13574t=13497
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Problem with Fastethernet 2610 router [7:13497]

[Farhan Ahmed]

WHAT DO u mean by another router with ethernet card

nd unable to ping to other VLANS or outside of that VLAN. If I use
  another router with ethernet card (becuase I am not having another
  ethernet card in first router),
-Original Message-
From: Kiran Kumar M [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 10:40 PM
To: Farhan Ahmed
Cc: [EMAIL PROTECTED]
Subject: RE: Problem with Fastethernet 2610 router [7:13497]



It is not at all the routing problem. Because it is perfectly working with
the same configuration with other router with out any changes.

Thanks,
Kiran
On Tue, 24 Jul 2001, Farhan Ahmed wrote:

 u need to setup static route in both direction u just put only 1 route to
 the 1st vlan u need more rotes in both direc
 on the other vlans u should have static routes to router via x
 
 -Original Message-
 From: Kiran Kumar M [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, July 24, 2001 10:28 PM
 To: [EMAIL PROTECTED]
 Subject: Re: Problem with Fastethernet 2610 router [7:13497]
 
 
 Thanks for your mail. 
 
 No, the default route is already there. It is already defined in that
 router. Infact I just copied it from the working router.
 
 Thanks,
 Kiran
 
 
 On Tue, 24 Jul 2001, Patrick Ramsey wrote:
 
  sounds like you have missed a default route on the 2610.
  
  The 2610 will not be able to see any other vlans unless the vlan it is
 plugged into has an ip address assigned to it acting as a gateway.  Then
 you need to set that ip address as the 2610's default gateway.  (or at
least
 specify a specific route to the other vlans)
  
  If this is a router conencted to the internet, you would defiantely want
 to keep the default gw out it's serial interface.
  
  -Patrick
  
  
   Kiran Kumar M  07/24/01 10:27AM 
  Hai,
  
  I am facing a strange problem. I am using a cisco 2610 router in my
  network. In that I am having one fastethernet, and 2 WIC2T . When I am
  connecting to the L3 switch, it is able to ping to that particular VLAN,
  and unable to ping to other VLANS or outside of that VLAN. If I use
  another router with ethernet card (becuase I am not having another
  ethernet card in first router), with the same setup it is able to
  communicate with the outside world. So I concluded that it is not the
  problem with L3 switch. I tried to find it on cisco site, but unable to
  locate the solution.
  
  Thanks in advance,
  Kiran




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13575t=13497
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Problem with Fastethernet 2610 router [7:13497]

[Farhan Ahmed]

what do u mean by safe side?

-Original Message-
From: Kiran Kumar M [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 11:04 PM
To: Farhan Ahmed
Subject: RE: Problem with Fastethernet 2610 router [7:13497]



Nothing Actually second line is not required if we are defining the
first. But it was defined on safe side.. some time we remove the routing
after incresing the links..

Thanks,
Kiran


On Tue, 24 Jul 2001, Farhan Ahmed wrote:

 whats the diff bw these 2   
 ip route 0.0.0.0 0.0.0.0 192.168.2.1
 ip route 192.168.2.0 255.255.255.0 192.168.2.1
 !
 -Original Message-
 From: Kiran Kumar M [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, July 24, 2001 10:57 PM
 To: Farhan Ahmed
 Cc: [EMAIL PROTECTED]
 Subject: RE: Problem with Fastethernet 2610 router [7:13497]
 
 
 
 Sure. It is very simple configuration.
 
 2610 Router:
 
 Current configuration:
 !
 version 12.0
 service timestamps debug uptime
 service timestamps log uptime
 no service password-encryption
 !
 hostname Router
 !
 enable secret 5 x
 enable password 
 !
 ip subnet-zero
 ip domain-name xx.xxx
 ip name-server xxx.xxx.xxx.xxx
 !
 !
 interface Loopback0
  no ip address
  no ip directed-broadcast
 !
 interface Ethernet0/0
  ip address 192.168.2.2 255.255.255.0
  no ip directed-broadcast
 !
 interface Serial0/0
  no ip directed-broadcast
  encapsulation ppp
  no ip route-cache
  no ip mroute-cache
  shutdown
 !
 interface Serial0/1
  ip address 192.168.1.61 255.255.255.252
  no ip directed-broadcast
  encapsulation ppp
  no ip route-cache
  no ip mroute-cache
 !
 ip classless
 ip route 0.0.0.0 0.0.0.0 192.168.2.1
 ip route 192.168.2.0 255.255.255.0 192.168.2.1
 !
 !
 !
 line con 0
  transport input none
 line aux 0
 line vty 0 4
  password xx
  login
 !
 end
 
 Here I replaced the passwords and IP address ( Actually I am using public
 IP address, here I mention the private IP addresses).
 
 The very same is following on 2620 router also. Except one change. That is
 Ethernet is replaced with Fast ethernet.
 
 Thanks,
 Kiran
 
 
 On Tue, 24 Jul 2001, Farhan Ahmed wrote:
 
  cAN U SEND YR CONFIGS
  
  -Original Message-
  From: Kiran Kumar M [mailto:[EMAIL PROTECTED]]
  Sent: Tuesday, July 24, 2001 10:40 PM
  To: Farhan Ahmed
  Cc: [EMAIL PROTECTED]
  Subject: RE: Problem with Fastethernet 2610 router [7:13497]
  
  
  
  It is not at all the routing problem. Because it is perfectly working
with
  the same configuration with other router with out any changes.
  
  Thanks,
  Kiran
  On Tue, 24 Jul 2001, Farhan Ahmed wrote:
  
   u need to setup static route in both direction u just put only 1 route
 to
   the 1st vlan u need more rotes in both direc
   on the other vlans u should have static routes to router via x
   
   -Original Message-
   From: Kiran Kumar M [mailto:[EMAIL PROTECTED]]
   Sent: Tuesday, July 24, 2001 10:28 PM
   To: [EMAIL PROTECTED]
   Subject: Re: Problem with Fastethernet 2610 router [7:13497]
   
   
   Thanks for your mail. 
   
   No, the default route is already there. It is already defined in that
   router. Infact I just copied it from the working router.
   
   Thanks,
   Kiran
   
   
   On Tue, 24 Jul 2001, Patrick Ramsey wrote:
   
sounds like you have missed a default route on the 2610.

The 2610 will not be able to see any other vlans unless the vlan it
is
   plugged into has an ip address assigned to it acting as a gateway.
 Then
   you need to set that ip address as the 2610's default gateway.  (or at
  least
   specify a specific route to the other vlans)

If this is a router conencted to the internet, you would defiantely
 want
   to keep the default gw out it's serial interface.

-Patrick


 Kiran Kumar M  07/24/01 10:27AM 
Hai,

I am facing a strange problem. I am using a cisco 2610 router in my
network. In that I am having one fastethernet, and 2 WIC2T . When I
am
connecting to the L3 switch, it is able to ping to that particular
 VLAN,
and unable to ping to other VLANS or outside of that VLAN. If I use
another router with ethernet card (becuase I am not having another
ethernet card in first router), with the same setup it is able to
communicate with the outside world. So I concluded that it is not
the
problem with L3 switch. I tried to find it on cisco site, but unable
 to
locate the solution.

Thanks in advance,
Kiran




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13582t=13497
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Problem with Fastethernet 2610 router [7:13497]

[Farhan Ahmed]

nothing wrong but its illogical
same route pointing to one host none of them will work if that host is down
so there is no point of safe side.. right?

-Original Message-
From: Kiran Kumar M [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 11:12 PM
To: Farhan Ahmed
Subject: RE: Problem with Fastethernet 2610 router [7:13497]



Here right now I am testing on only one interface, imagine If I have 10
WAN and 2 ethernet.. Then This kind of setting will be useful. We
generally follow it, so it was there.. What is the wrong in that ?


On Tue, 24 Jul 2001, Farhan Ahmed wrote:

 what do u mean by safe side?
 
 -Original Message-
 From: Kiran Kumar M [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, July 24, 2001 11:04 PM
 To: Farhan Ahmed
 Subject: RE: Problem with Fastethernet 2610 router [7:13497]
 
 
 
 Nothing Actually second line is not required if we are defining the
 first. But it was defined on safe side.. some time we remove the routing
 after incresing the links..
 
 Thanks,
 Kiran
 
 
 On Tue, 24 Jul 2001, Farhan Ahmed wrote:
 
  whats the diff bw these 2   
  ip route 0.0.0.0 0.0.0.0 192.168.2.1
  ip route 192.168.2.0 255.255.255.0 192.168.2.1
  !
  -Original Message-
  From: Kiran Kumar M [mailto:[EMAIL PROTECTED]]
  Sent: Tuesday, July 24, 2001 10:57 PM
  To: Farhan Ahmed
  Cc: [EMAIL PROTECTED]
  Subject: RE: Problem with Fastethernet 2610 router [7:13497]
  
  
  
  Sure. It is very simple configuration.
  
  2610 Router:
  
  Current configuration:
  !
  version 12.0
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  !
  hostname Router
  !
  enable secret 5 x
  enable password 
  !
  ip subnet-zero
  ip domain-name xx.xxx
  ip name-server xxx.xxx.xxx.xxx
  !
  !
  interface Loopback0
   no ip address
   no ip directed-broadcast
  !
  interface Ethernet0/0
   ip address 192.168.2.2 255.255.255.0
   no ip directed-broadcast
  !
  interface Serial0/0
   no ip directed-broadcast
   encapsulation ppp
   no ip route-cache
   no ip mroute-cache
   shutdown
  !
  interface Serial0/1
   ip address 192.168.1.61 255.255.255.252
   no ip directed-broadcast
   encapsulation ppp
   no ip route-cache
   no ip mroute-cache
  !
  ip classless
  ip route 0.0.0.0 0.0.0.0 192.168.2.1
  ip route 192.168.2.0 255.255.255.0 192.168.2.1
  !
  !
  !
  line con 0
   transport input none
  line aux 0
  line vty 0 4
   password xx
   login
  !
  end
  
  Here I replaced the passwords and IP address ( Actually I am using
public
  IP address, here I mention the private IP addresses).
  
  The very same is following on 2620 router also. Except one change. That
is
  Ethernet is replaced with Fast ethernet.
  
  Thanks,
  Kiran
  
  
  On Tue, 24 Jul 2001, Farhan Ahmed wrote:
  
   cAN U SEND YR CONFIGS
   
   -Original Message-
   From: Kiran Kumar M [mailto:[EMAIL PROTECTED]]
   Sent: Tuesday, July 24, 2001 10:40 PM
   To: Farhan Ahmed
   Cc: [EMAIL PROTECTED]
   Subject: RE: Problem with Fastethernet 2610 router [7:13497]
   
   
   
   It is not at all the routing problem. Because it is perfectly working
 with
   the same configuration with other router with out any changes.
   
   Thanks,
   Kiran
   On Tue, 24 Jul 2001, Farhan Ahmed wrote:
   
u need to setup static route in both direction u just put only 1
route
  to
the 1st vlan u need more rotes in both direc
on the other vlans u should have static routes to router via x

-Original Message-
From: Kiran Kumar M [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 10:28 PM
To: [EMAIL PROTECTED]
Subject: Re: Problem with Fastethernet 2610 router [7:13497]


Thanks for your mail. 

No, the default route is already there. It is already defined in
that
router. Infact I just copied it from the working router.

Thanks,
Kiran


On Tue, 24 Jul 2001, Patrick Ramsey wrote:

 sounds like you have missed a default route on the 2610.
 
 The 2610 will not be able to see any other vlans unless the vlan
it
 is
plugged into has an ip address assigned to it acting as a gateway.
  Then
you need to set that ip address as the 2610's default gateway.  (or
at
   least
specify a specific route to the other vlans)
 
 If this is a router conencted to the internet, you would
defiantely
  want
to keep the default gw out it's serial interface.
 
 -Patrick
 
 
  Kiran Kumar M  07/24/01 10:27AM 
 Hai,
 
 I am facing a strange problem. I am using a cisco 2610 router in
my
 network. In that I am having one fastethernet, and 2 WIC2T . When
I
 am
 connecting to the L3 switch, it is able to ping to that particular
  VLAN,
 and unable to ping to other VLANS or outside of that VLAN. If I
use
 another router with ethernet card (becuase I am not having another
 ethernet card in first router), with the same setup

RE: last modem question ever (I can only hope) [7:13586]

[Farhan Ahmed]

try this
telnet 192.168.1.201 20(yourline#)
at
OK  READY
02:02:56: TTY3: DSR was dropped
02:02:56: tty3: Modem: READY-HANGUP
02:02:57: TTY3: dropping DTR, hanging up
02:02:57: tty3: Modem: HANGUP-IDLE
02:03:02: TTY3: restoring DTR

It looks to me like it connects (both from the debug
and the pretty lights on the modems themselves) but
that ppp negotiation does not start.  Hardwarewise Ive
got a 3640 with a wic-2a/s and a 1720 with a wic-2a/s
attached to v.34 usr courier modems.  Here is the
relevent parts of the config from the router that is
dialing out.

!
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname PHX_Router
!
!
username dialto password 0 password
username dialfrom password 0 password
ip subnet-zero
!
isdn voice-call-failure 0
chat-script dialout ABORT ERROR  ATFC1D2 OK
ATDT \T TIMEOUT 60 \c
call rsvp-sync
!
!
interface Serial2/0
 physical-layer async
 no ip address
 encapsulation ppp
 dialer in-band
 dialer pool-member 2
 async mode dedicated
!
interface Serial2/1
 physical-layer async
 no ip address
!
interface Dialer2
 ip address 10.145.1.2 255.255.255.0
 encapsulation ppp
 dialer pool 2
 dialer remote-name dialto
 dialer string 2546593
 dialer hold-queue 100
 dialer-group 2
 pulse-time 0
 ppp authentication chap
!
ip classless
ip route 192.168.1.0 255.255.255.0 Dialer2
no ip http server
!
dialer-list 2 protocol ip permit
!
!
!
!
!
!
dial-peer cor custom
!
!
!
!
line con 0
 exec-timeout 0 0
 transport input none
line 65 66
 no exec
 script dialer dialout
 modem InOut
 modem autoconfigure type usr_courier
 transport input all
 stopbits 1
 speed 115200
line aux 0
line vty 0 4
 password password
 login
!
end


and here is the config from the modem it is dialing
into.

version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
!
username dialto password 0 password
username dialfrom password 0 password
!
!
!
!
memory-size iomem 25
ip subnet-zero
no ip domain-lookup
!
chat-script dial ABORT ERROR  ATFC1D2 OK ATDT
\T TIMEOUT 60 \c
chat-script resetusr 
atfs0=1e0r2d2c1b1h1m4k1q0w OK
!
!
!
interface Loopback0
 ip address 192.168.1.1 255.255.255.255
!
interface Serial0
 no ip address
!
interface Serial1
 physical-layer async
 no ip address
 encapsulation ppp
 dialer in-band
 dialer map ip 10.145.1.2 name Phx_Router broadcast
 dialer-group 1
 async mode dedicated
 ppp authentication chap
!
interface Serial2
 physical-layer async
 no ip address
!
interface FastEthernet0
 ip address 10.129.0.132 255.255.0.0
 speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial1
no ip http server
!
dialer-list 1 protocol ip permit
!
line con 0
 transport input none
line 2 3
 no exec
 script dialer dial
 script reset resetusr
 modem InOut
 transport input all
 stopbits 1
 speed 115200
line aux 0
line vty 0 4
 login
!
no scheduler allocate
end


I think im missing something pretty basic here, as in
I basically dont know what to do now.  Any help or
ideas would be greatly appreciated at this point.

Ben

__
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13589t=13586
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: last modem question ever (I can only hope) [7:13586]

[Farhan Ahmed]

try putting flowcontrol hardware

-Original
 hostname PHX_Router
 !
 !
 username dialto password 0 password
 username dialfrom password 0 password
 ip subnet-zero
 !
 isdn voice-call-failure 0
 chat-script dialout ABORT ERROR  ATFC1D2 OK
 ATDT \T TIMEOUT 60 \c
 call rsvp-sync
 !
 !
 interface Serial2/0
  physical-layer async
  no ip address
  encapsulation ppp
  dialer in-band
  dialer pool-member 2
  async mode dedicated
 !
 interface Serial2/1
  physical-layer async
  no ip address
 !
 interface Dialer2
  ip address 10.145.1.2 255.255.255.0
  encapsulation ppp
  dialer pool 2
  dialer remote-name dialto
  dialer string 2546593
  dialer hold-queue 100
  dialer-group 2
  pulse-time 0
  ppp authentication chap
 !
 ip classless
 ip route 192.168.1.0 255.255.255.0 Dialer2
 no ip http server
 !
 dialer-list 2 protocol ip permit
 !
 !
 !
 !
 !
 !
 dial-peer cor custom
 !
 !
 !
 !
 line con 0
  exec-timeout 0 0
  transport input none
 line 65 66
  no exec
  script dialer dialout
  modem InOut
  modem autoconfigure type usr_courier
  transport input all
  stopbits 1
  speed 115200
 line aux 0
 line vty 0 4
  password password
  login
 !
 end
 
 
 and here is the config from the modem it is dialing
 into.
 
 version 12.1
 service timestamps debug uptime
 service timestamps log uptime
 no service password-encryption
 !
 hostname Router
 !
 !
 username dialto password 0 password
 username dialfrom password 0 password
 !
 !
 !
 !
 memory-size iomem 25
 ip subnet-zero
 no ip domain-lookup
 !
 chat-script dial ABORT ERROR  ATFC1D2 OK
 ATDT
 \T TIMEOUT 60 \c
 chat-script resetusr 
 atfs0=1e0r2d2c1b1h1m4k1q0w OK
 !
 !
 !
 interface Loopback0
  ip address 192.168.1.1 255.255.255.255
 !
 interface Serial0
  no ip address
 !
 interface Serial1
  physical-layer async
  no ip address
  encapsulation ppp
  dialer in-band
  dialer map ip 10.145.1.2 name Phx_Router broadcast
  dialer-group 1
  async mode dedicated
  ppp authentication chap
 !
 interface Serial2
  physical-layer async
  no ip address
 !
 interface FastEthernet0
  ip address 10.129.0.132 255.255.0.0
  speed auto
 !
 ip classless
 ip route 0.0.0.0 0.0.0.0 Serial1
 no ip http server
 !
 dialer-list 1 protocol ip permit
 !
 line con 0
  transport input none
 line 2 3
  no exec
  script dialer dial
  script reset resetusr
  modem InOut
  transport input all
  stopbits 1
  speed 115200
 line aux 0
 line vty 0 4
 
=== message truncated ===


__
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13596t=13586
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: access list.. [7:13564]

[Farhan Ahmed]

should be 0.0.15.255
but how?

-Original Message-
From: Ayers, Michael [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 25, 2001 12:27 AM
To: [EMAIL PROTECTED]
Subject: RE: access list.. [7:13564]


Your statement (access-list 101 deny ip 128.252.0.0 0.0.255.255
128.252.240.0 0.0.255.255), will AND off the 240 part, and still block all
of the class b



Thank You,


Michael Ayers
Network Engineer
  OneNeck IT Services
(480) 539-2203
(800) 272-3077


 -Original Message-
From:   MikeN [mailto:[EMAIL PROTECTED]] 
Sent:   Tuesday, July 24, 2001 12:49 PM
To: [EMAIL PROTECTED]
Subject:Re: access list.. [7:13564]

Okay.. default masks meaning classful class B.
128.252.0.0 with a subnet mask of 255.255.0.0
 and
128.252.240.0  with a subnet mask of 255.255.0.0

On a router you would use the wildcard mask (inverse) of the subnet mask:

access-list 101 deny ip 128.252.0.0 0.0.255.255 128.252.240.0 0.0.255.255
access-list 101 permit ip any any
Then apply it to the interface with ip access-group 101 in or out depending
on what interface it is applied to.

It is easy to envision what the wildcard mask is and what it does if we view
the decimal numbers in binary format:
wildcard mask 0.0.255.255 = ...
0's = interesting part of the address is to the router; 1's = portion of
address the router isn't going to care aboutthis portion of the accress
could be any number.

If you list the ip address in binary above the wildcard mask, it looks like
this:
   128   . 252 .  0.  0
1000.1100..
...
0  .  0.252 . 252

The router will only view the portion of the address NOT blocked by 1's as
interesting: 128.252.x.x

You will need to grasp this concept before moving on to subnetting and
supernetting.

There are some excellent explanations for how this works in the Cisco Press
CCNA books.

To confirm, this is for routers and not the PIX ACLs.

HTH
MikeN


Farhan Ahmed  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 What mask would be used if you want to create an
 access list where the IP addresses (128.252.0.0 to
 128.252.240.0) would be blocked
 pls support with explanation,
Privileged/Confidential Information may be contained in this message or
attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
conclusions and other information in this message that do not relate to the
official business of this company shall be understood as neither given nor
endorsed by it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13606t=13564
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: access list..cool up [7:13564]

[Farhan Ahmed]

Tac Certified Doc

Using Wildcard Masks in Access List Definitions
Question: How do I configure an access list to disallow network 10.90.0.0
255.255.0.0 from accessing 10.80.0.0 255.255.0.0, but allow it to access
others? 

I''ve entered the following commands: 

access list 101 deny ip 10.90.0.0 255.255.0.0 10.80.0.0 255.255.0.0

access list 101 permit ip any any

int vlan 90

ip access-group 101 out

But when I do a show run, I see the following: 

access-list 102 deny ip 0.0.0.0 255.255.0.0 0.0.0.0 255.255.0.0

access-list 102 permit ip any any

Why does this happen? 
Answer: 

The problem is that you are using subnet masks rather than wildcard masks 

in your access list definition.



A wildcard mask is just the opposite of a subnet mask: each time there is

a binary 1 in a subnet mask, you have to replace it with a 0 to get the 

equivalent wildcard mask. In other words, if you have a subnet mask of 

255.255.0.0, the equivalent wilcard mask is 0.0.255.255. The same idea
applies

to subnet mask of 255.255.255.252, which becomes 0.0.0.3 as a wildcard mask.




For your access list, you should enter the following lines to your
configuration:



access-list 101 deny ip 10.90.0.0 0.0.255.255 10.80.0.0 0.0.255.255

access-list 101 permit ip any any



Then type sh run to verify that the above lines are unchanged.


Last Modified: 30-NOV-99 

 

All contents copyright ) 1992--2001 Cisco Systems, Inc. Important Notices
and Privacy Statement.

-Original Message-
From: fgh [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 25, 2001 12:40 AM
To: [EMAIL PROTECTED]
Subject: Re: access list.. [7:13564]


He wants to block the range 128.252.0.0-128.252.240.0 and permit all else.

access-list 1 deny 128.252.0.0 0.0.240.255
access-list 1 permit any

I have a CCIE and a sniffer instructor sitting next to me and they verified
that the above commands work for blocking the range and permitting
everything else.



- Original Message -
From: Ayers, Michael 
To: 'fgh' ; 
Sent: Tuesday, July 24, 2001 3:04 PM
Subject: RE: access list.. [7:13564]


 That should be 0.0.15.255, but that allows 240, and you have it backwards,
 you need to permit the first line (access-list 1 deny 128.252.0.0
 0.0.15.255), and then deny the class b , then permit all else

  -Original Message-
 From: fgh [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, July 24, 2001 1:02 PM
 To: [EMAIL PROTECTED]
 Subject: Re: access list.. [7:13564]

 access-list 1 deny 128.252.0.0 0.0.240.255
 access-list 1 permit any

 the 1st line blocks that range and the 2nd line allows all other traffic


  i think? not positive though


 - Original Message -
 From: Farhan Ahmed
 To:
 Sent: Tuesday, July 24, 2001 1:28 PM
 Subject: access list.. [7:13564]


  What mask would be used if you want to create an
  access list where the IP addresses (128.252.0.0 to
  128.252.240.0) would be blocked
  pls support with explanation,
 Privileged/Confidential Information may be contained in this message or
 attachments hereto.  Please advise immediately if you or your employer do
 not consent to Internet email for messages of this kind.  Opinions,
 conclusions and other information in this message that do not relate to
the
 official business of this company shall be understood as neither given nor
 endorsed by it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13610t=13564
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: access list.. [7:13564]

[Farhan Ahmed]

we wanted to block till 240

1-240



-Original Message-
From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 25, 2001 1:33 AM
To: [EMAIL PROTECTED]
Subject: RE: access list.. [7:13564]


Wouldn't the right answer be this:

ip access-list 101 deny 128.252.240.0 0.0.0.255

ip access-list 101 permit 128.252.240.0 0.0.240.255

ip access-list 101 deny 128.252.0.0 0.0.255.255

ip access-list 101 permit any

Line 1 would block .240
Line 2 would allow .240 thru .255
Line 3 would block .0 thru .255
Line 4 would allow the rest

Hth,

Ole

~~~
 Ole Drews Jensen
 Systems Network Manager
 CCNA, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
~~~ 
 http://www.RouterChief.com
~~~
 NEED A JOB ???
 http://www.oledrews.com/job
~~~


-Original Message-
From: Ayers, Michael [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 4:06 PM
To: [EMAIL PROTECTED]
Subject: RE: access list.. [7:13564]


Only problem, your scenario should be too block all from 0 to 239 to make an
easy solution.




 -Original Message-
From:   Ayers, Michael  
Sent:   Tuesday, July 24, 2001 1:40 PM
To: 'Farhan Ahmed'; Ayers, Michael; [EMAIL PROTECTED]
Subject:RE: access list.. [7:13564]

0.0.15.255 =    

I only care what the first 20 bits are.  So 128.252 are 16 bits, we can
ignore them (they match visually).  The last octet is all 1, so we can
ignore that also don't care.

We also don't care what the last 4 bits are, so we do care what the first 4
are.  If we use 128.252.240.0,

we get 1000 1100  000 in binary.
We only want to focus on the 3rd octet .  

SO 
CARE  Don't Care Decimal Number
240
0001241
0010242
0011243
0100244
0101245
0110246 
0111247
1000248
1001249
1010250
1011251
1100252
1101253
1110254
255

 -Original Message-
From:   Farhan Ahmed [mailto:[EMAIL PROTECTED]] 
Sent:   Tuesday, July 24, 2001 1:35 PM
To: 'Ayers, Michael'; [EMAIL PROTECTED]
Subject:RE: access list.. [7:13564]

should be 0.0.15.255
but how?

-Original Message-
From: Ayers, Michael [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 25, 2001 12:27 AM
To: [EMAIL PROTECTED]
Subject: RE: access list.. [7:13564]


Your statement (access-list 101 deny ip 128.252.0.0 0.0.255.255
128.252.240.0 0.0.255.255), will AND off the 240 part, and still block all
of the class b



Thank You,


Michael Ayers
Network Engineer
  OneNeck IT Services
(480) 539-2203
(800) 272-3077


 -Original Message-
From:   MikeN [mailto:[EMAIL PROTECTED]] 
Sent:   Tuesday, July 24, 2001 12:49 PM
To: [EMAIL PROTECTED]
Subject:Re: access list.. [7:13564]

Okay.. default masks meaning classful class B.
128.252.0.0 with a subnet mask of 255.255.0.0
 and
128.252.240.0  with a subnet mask of 255.255.0.0

On a router you would use the wildcard mask (inverse) of the subnet mask:

access-list 101 deny ip 128.252.0.0 0.0.255.255 128.252.240.0 0.0.255.255
access-list 101 permit ip any any
Then apply it to the interface with ip access-group 101 in or out depending
on what interface it is applied to.

It is easy to envision what the wildcard mask is and what it does if we view
the decimal numbers in binary format:
wildcard mask 0.0.255.255 = ...
0's = interesting part of the address is to the router; 1's = portion of
address the router isn't going to care aboutthis portion of the accress
could be any number.

If you list the ip address in binary above the wildcard mask, it looks like
this:
   128   . 252 .  0.  0
1000.1100..
...
0  .  0.252 . 252

The router will only view the portion of the address NOT blocked by 1's as
interesting: 128.252.x.x

You will need to grasp this concept before moving on to subnetting and
supernetting.

There are some excellent explanations for how this works in the Cisco Press
CCNA books.

To confirm, this is for routers and not the PIX ACLs.

HTH
MikeN


Farhan Ahmed  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 What mask would be used if you want to create an
 access list where the IP addresses (128.252.0.0 to
 128.252.240.0) would be blocked
 pls support with explanation,
Privileged/Confidential Information may be contained in this message or
attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  

RE: access list.. [7:13564]

[Farhan Ahmed]

i think b4 it was ok

-Original Message-
From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 25, 2001 1:46 AM
To: [EMAIL PROTECTED]
Subject: RE: access list.. [7:13564]


Oops, I made an error - sorry.

It should be:

ip access-list 101 deny 128.252.240.0 0.0.0.255

ip access-list 101 permit 128.252.240.0 0.0.15.255

ip access-list 101 deny 128.252.0.0 0.0.255.255

ip access-list 101 permit any

Line 1 would block .240
Line 2 would allow .240 thru .255
Line 3 would block .0 thru .255
Line 4 would allow the rest

Hth,

Ole

~~~
 Ole Drews Jensen
 Systems Network Manager
 CCNA, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
~~~ 
 http://www.RouterChief.com
~~~
 NEED A JOB ???
 http://www.oledrews.com/job
~~~



-Original Message-
From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 4:33 PM
To: [EMAIL PROTECTED]
Subject: RE: access list.. [7:13564]


Wouldn't the right answer be this:

ip access-list 101 deny 128.252.240.0 0.0.0.255

ip access-list 101 permit 128.252.240.0 0.0.240.255

ip access-list 101 deny 128.252.0.0 0.0.255.255

ip access-list 101 permit any

Line 1 would block .240
Line 2 would allow .240 thru .255
Line 3 would block .0 thru .255
Line 4 would allow the rest

Hth,

Ole

~~~
 Ole Drews Jensen
 Systems Network Manager
 CCNA, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
~~~ 
 http://www.RouterChief.com
~~~
 NEED A JOB ???
 http://www.oledrews.com/job
~~~


-Original Message-
From: Ayers, Michael [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 4:06 PM
To: [EMAIL PROTECTED]
Subject: RE: access list.. [7:13564]


Only problem, your scenario should be too block all from 0 to 239 to make an
easy solution.




 -Original Message-
From:   Ayers, Michael  
Sent:   Tuesday, July 24, 2001 1:40 PM
To: 'Farhan Ahmed'; Ayers, Michael; [EMAIL PROTECTED]
Subject:RE: access list.. [7:13564]

0.0.15.255 =    

I only care what the first 20 bits are.  So 128.252 are 16 bits, we can
ignore them (they match visually).  The last octet is all 1, so we can
ignore that also don't care.

We also don't care what the last 4 bits are, so we do care what the first 4
are.  If we use 128.252.240.0,

we get 1000 1100  000 in binary.
We only want to focus on the 3rd octet .  

SO 
CARE  Don't Care Decimal Number
240
0001241
0010242
0011243
0100244
0101245
0110246 
0111247
1000248
1001249
1010250
1011251
1100252
1101253
1110254
255

 -Original Message-
From:   Farhan Ahmed [mailto:[EMAIL PROTECTED]] 
Sent:   Tuesday, July 24, 2001 1:35 PM
To: 'Ayers, Michael'; [EMAIL PROTECTED]
Subject:RE: access list.. [7:13564]

should be 0.0.15.255
but how?

-Original Message-
From: Ayers, Michael [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 25, 2001 12:27 AM
To: [EMAIL PROTECTED]
Subject: RE: access list.. [7:13564]


Your statement (access-list 101 deny ip 128.252.0.0 0.0.255.255
128.252.240.0 0.0.255.255), will AND off the 240 part, and still block all
of the class b



Thank You,


Michael Ayers
Network Engineer
  OneNeck IT Services
(480) 539-2203
(800) 272-3077


 -Original Message-
From:   MikeN [mailto:[EMAIL PROTECTED]] 
Sent:   Tuesday, July 24, 2001 12:49 PM
To: [EMAIL PROTECTED]
Subject:Re: access list.. [7:13564]

Okay.. default masks meaning classful class B.
128.252.0.0 with a subnet mask of 255.255.0.0
 and
128.252.240.0  with a subnet mask of 255.255.0.0

On a router you would use the wildcard mask (inverse) of the subnet mask:

access-list 101 deny ip 128.252.0.0 0.0.255.255 128.252.240.0 0.0.255.255
access-list 101 permit ip any any
Then apply it to the interface with ip access-group 101 in or out depending
on what interface it is applied to.

It is easy to envision what the wildcard mask is and what it does if we view
the decimal numbers in binary format:
wildcard mask 0.0.255.255 = ...
0's = interesting part of the address is to the router; 1's = portion of
address the router isn't going to care aboutthis portion of the accress
could be any number.

If you list the ip address in binary above the wildcard mask, it looks like
this:
   128   . 252 .  0.  0
1000.1100..
...
0

RE: Cabling info needed [7:13317]

[Farhan Ahmed]

cisco.com/go/tools

-Original Message-
From: Omer Ehsan Dar [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 23, 2001 10:53 AM
To: [EMAIL PROTECTED]
Subject: Cabling info needed [7:13317]


Hi all, 
Where can I find good cabling info related to LAN networking and the
cisco switches in particular.
Thanks
Omer Ehsan dar




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13318t=13317
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

pix 525 gigabit restriction [7:13327]

[Farhan Ahmed]

does any body know why cisco restrict to use only 1 gigabit interface on pix
models?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13327t=13327
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: sh system command ? [7:13330]

[Farhan Ahmed]

current traffic rate

-Original Message-
From: Phil Barker [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 23, 2001 1:28 PM
To: [EMAIL PROTECTED]
Subject: sh system command ? [7:13330]


Hi,
   The 'show system' command on a Cat 5500 contains a
current traffic level and a peak level. How long are
these values valid for. e.g is the current traffic
value over a five minute period ?
Is the peak value from when the Supy is booted up
?

PS : checked cisco.com but cannot find an answer.

Regards,

Phil.


Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
or your free @yahoo.ie address at http://mail.yahoo.ie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13331t=13330
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: what's wrong with CCIE today? [7:13151]

[Farhan Ahmed]

u should have used 3 tacacs servers 


Sean Young  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 What's wrong with CCIEs today?  I know that I am making a general
 assumptions; however,this is the second time that it has happend to the
 company that I work for.  We have several tacacs servers that use to
 authenticate users.  These tacacs servers are running on a combination of
 Linux and Solaris platforms.  While I was away at the Networker
 Conference, one of our tacacs servers (solaris) die due to hardware
 failure and the amazingly the tacacs process on the Linux die.  Because
 of this, everyone has to login to the routers and switches via local
 account.  We hire these CCIEs to maintain the network while I am away for
 a few weeks.  None of these CCIEs have any background with tacacs servers
 running on Unix platforms.  As to our problems, the simple to do is just
 to restart the tacacs process byfirst:  killall tac_plus and second
 /usr/sbin/tac_plus -C /etc/tacacs/tac_plus.cfg but these CCIEs guys
 have absolutely no clues.  Furthermore, they don't even know how to use
 editing in Unix (i.e vi or emacs) and ended up screwing up my tacacs
 configuration files.  We have a few employees that need tacacs account
 but these CCIEs guys have no clues how to addnew users to a configuration
 file which if anyone has done tacacs on the unix platform know that you
 just modify the configuration file tac_plus.conf and restart tacacs
 process.   These CCIE guys say that they come from a windows environment
 so they don't have too much with Unix platforms.  I also notice that a
 lot of CCIEs these days lack the Unix skills that are required for the
 Service Providers environment.  Most don't even know how to tunnel
 X-application through Secure Shell (SSH).  I still remember those days
 when Cisco Engineers are very well verse in both unix and routers
 skills.  I long for those days again. Comments anyone?

 

 Get your FREE download of MSN Explorer at http://explorer.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13336t=13151
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 1601, dial-in server... [7:13285]

[Farhan Ahmed]

!
interface Dialer 1
 description connected to Dial-inPCs(modem)
 ip unnumbered Ethernet 0
 ip tcp header-compression passive
 encapsulation ppp
 dialer in-band
 dialer-group 1
 ppp authentication chap
 no cdp enable
 peer default ip address pool Cisco1601-Group-1
!

!
interface Serial 0
 physical-layer async
 no shutdown
 description connected to Dial-inPCs(modem)
 ip unnumbered Ethernet 0
 async mode dedicated
 dialer rotary-group 1
 
!
!
ip local pool Cisco1601-Group-1 10.1.1.1 10.1.1.1
ip classless

!


!
line 1
 autoselect ppp
 modem InOut
 transport input all
 stopbits 1
 speed 38400
 flowcontrol hardware


-Original Message-
From: Arun [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 23, 2001 4:39 PM
To: [EMAIL PROTECTED]
Subject: Re: 1601, dial-in server... [7:13285]


hi
try this link
http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Internetworking:PPP;
s=Implementation_and_Configuration


Regards
Justin  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 hey all :)
 Im trying to configure my 1601, to recieve calls via async serial port,
and
 initiate a ppp connection, like an access server..
 i can make it dial out and connect to my isp. etc, but i cant seem to get
 it to do the opossite.
 i've looked on cisco.com and im starting to think its not possible on
these
 type of routers ?
 anyone done this ??

 thanks :)
 Justin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13346t=13285
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: FrameRelay Over Utilized [7:13349]

[Farhan Ahmed]

send me debug frame-relay lmi output

-Original Message-
From: Jeff [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 23, 2001 5:20 PM
To: [EMAIL PROTECTED]
Subject: FrameRelay Over Utilized [7:13349]


Hello,
If I have a frame relay switch which is being over utilized will that cause
the connection to drop.  After looking in the log I see dlci 501 state
changed
to inactive, line protocol on interface s0/0.1 changed to down, dlci 501
active, this keeps going and going through out the log.  The local telco
insists that the circuit is overutilized and this is why the connection is
dropping.  I think it is a telco or csu problem.  Also doing a show
interface
is showing 3000 crc errors and 500 interface resets for the past 3 days.  Is
there any way to tell for sure whether it is overutilization or a telco
problem??




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13352t=13349
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: FrameRelay Over Utilized [7:13349]

[Farhan Ahmed]

also these outputs

show interfaces serial
show controllers serial 
debug serial interface

-Original Message-
From: Jeff [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 23, 2001 5:20 PM
To: [EMAIL PROTECTED]
Subject: FrameRelay Over Utilized [7:13349]


Hello,
If I have a frame relay switch which is being over utilized will that cause
the connection to drop.  After looking in the log I see dlci 501 state
changed
to inactive, line protocol on interface s0/0.1 changed to down, dlci 501
active, this keeps going and going through out the log.  The local telco
insists that the circuit is overutilized and this is why the connection is
dropping.  I think it is a telco or csu problem.  Also doing a show
interface
is showing 3000 crc errors and 500 interface resets for the past 3 days.  Is
there any way to tell for sure whether it is overutilization or a telco
problem??




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13355t=13349
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Urgent... [7:13351]

[Farhan Ahmed]

first do
backup delay 30 600
just to wait isdn 4 30 sec

use eigrp
and floating static put cost above 90 
let me know

-Original Message-
From: sakella locuz [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 23, 2001 5:37 PM
To: [EMAIL PROTECTED]
Subject: Urgent... [7:13351]


Hi everybody,

I am in a big problem..request ur assistance immediately...
This is the configuration now working on 2 routers connected over a leased
line also has a ISDN backup. While the leased line is working we tried the
backup by switching of the leased line modem. The ISDN connection came up
but
there was nothing traversing over the connection.

We checked the status, connection is absolutely OK, also we found that the
leased circuit configuration when removed totally and connected over ISDN
data
flows smoothly.

Kindly reply with exact problem...enclosed is the running config..

-- show running-config --

 Building configuration...

Current configuration:

!

version 12.0

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname BOBKHYD

!

enable secret 5

!

username bobk password 0

username BOBKBOM password 0

ip subnet-zero

!

isdn switch-type basic-net3

!

!

!

interface Ethernet0/0

 ip address 10.4.10.50 255.255.255.0

 no ip directed-broadcast

 no keepalive

!

interface Serial0/0

 ip address 192.168.1.1 255.255.255.252

 no ip directed-broadcast

 no ip mroute-cache

 backup delay 0 600

 backup interface Dialer1

 backup load 60 40

 no fair-queue

!

interface BRI0/0

 description connected to BOBKBOM

 no ip address

 no ip directed-broadcast

 encapsulation ppp

 dialer rotary-group 1

 isdn switch-type basic-net3

 no cdp enable

!

interface Serial0/1

 no ip address

 no ip directed-broadcast

 shutdown

!

interface Dialer1

 description connected to BOBKBOM

 bandwidth 64

 ip unnumbered Ethernet0/0

 no ip directed-broadcast

 encapsulation ppp

 no ip split-horizon

 dialer in-band

 dialer idle-timeout 600

 dialer map ip 10.4.0.30 name BOBKBOM broadcast 0222805890

 dialer hold-queue 10

 dialer-group 1

 no cdp enable

 ppp authentication chap

!

ip classless

ip route 10.4.0.0 255.255.255.0 Serial0/0

ip route 10.4.0.0 255.255.255.0 Dialer1 100

ip http server

!

dialer-list 1 protocol ip permit

!

line con 0

 exec-timeout 0 0

 transport input none

line aux 0

line vty 0 4

 password

 login

!

end

-- show running-config --

Building configuration...

Current configuration:

!

version 12.1

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname BOBKBOM

!

enable secret 5

!

username bobk password 0

username BOBKHYD password 0

!

!

!

!

memory-size iomem 25

ip subnet-zero

!

isdn switch-type basic-net3

!

!

!

!

!

!

!

!

!

interface Serial0

 description connected to bobkhyd

 bandwidth 64000

 ip address 192.168.1.2 255.255.255.252

 no fair-queue

!

interface BRI0

 description connected to BOBKHYD

 no ip address

 encapsulation ppp

 dialer rotary-group 1

 isdn switch-type basic-net3

 no cdp enable

!

interface FastEthernet0

 description connected to fastethernetLAN

 ip address 10.4.0.30 255.255.255.0

 no keepalive

 speed auto

!

interface Dialer1

 description connected to BOBKHYD

 ip unnumbered FastEthernet0

 encapsulation ppp

 no ip split-horizon

 dialer in-band

 dialer idle-timeout 600

 dialer map ip 10.4.0.50 name BOBKHYD broadcast 0403391011

dialer hold-queue 10

 dialer-group 1

no cdp enable

 ppp authentication chap

!

ip classless

ip route 10.4.10.0 255.255.255.0 Serial0

ip route 10.4.10.0 255.255.255.0 Dialer1 100

ip http server

!

dialer-list 1 protocol ip permit

!

voice-port 2/0

!

voice-port 2/1

!

!

line con 0

 transport input none

line aux 0

line vty 0 4

 password

 login

!

no scheduler allocate

end



-Surya-




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13358t=13351
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: certificate system again [7:13401]

[Farhan Ahmed]

what is the scenario

-Original Message-
From: Jim Bond [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 23, 2001 10:01 PM
To: [EMAIL PROTECTED]
Subject: OT: certificate system again [7:13401]


Hello,

I posted this message on certificate newsgroup but
didn't get any response. Since there are many experts
here, allow me to ask this question again:

We're trying to set up a certificate system, I'm
wondering which one is better?
Entrust, Microsoft, VeriSign and Netscape?

Thanks in advance.

Jim

__
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13414t=13401
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Working Frame Relay Point-to-Point Config [7:13245]

[Farhan Ahmed]

Deleted means that the Frame Relay switch doesn't have this DLCI programmed
for the router. But it was programmed at some point in the past. This could
also be caused by the DLCIs being reversed on the router, or by the PVC
being deleted by the telco in the Frame Relay cloud. Configuring a DLCI
(that the switch doesn't have) will show up as a 0x4

-Original Message-
From: Albert Lu [mailto:[EMAIL PROTECTED]]
Sent: Sunday, July 22, 2001 4:56 PM
To: [EMAIL PROTECTED]
Subject: Working Frame Relay Point-to-Point Config [7:13245]


Hello Group,

Could someone point me to (or send me) a working config for a Frame switch
and routers attached to it, using point-to-point connections. I'm currently
stuck on this for my routers, as the PVCs are there but in a deleted state.
I probably should have included my configs in this email, but I'm not at my
routers at the moment, and I'm sure it's something simple that I have
missed.

Thanks for your help.

Albert


_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13247t=13245
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: peer to peer IPX [7:13246]

[Farhan Ahmed]

ofcourse u can its a protocol

-Original Message-
From: Mr. Richard L. Pickard [mailto:[EMAIL PROTECTED]]
Sent: Sunday, July 22, 2001 5:03 PM
To: [EMAIL PROTECTED]
Subject: peer to peer IPX [7:13246]


7/22/2001   7:45am  Sunday

It is possible to run IPX between WIN 95 workstations without a server on
the
segment?

Richard
[EMAIL PROTECTED]

//




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=13248t=13246
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]