RE: Cisco Security Advisory: Cisco IOS Interface Blocked by [7:73707]

[George Murage]

The Advisory affects *ALL* routers and switches running IOS versions below
12.3

The access-lists are a work-around / stop-gap measure until you upgrade your
IOS to a release that has a fix for the vulnerability. However, with what I
have seen and heard over the last few weeks, use the access-lists and
*don't* upgrade your IOS without proper planning. I have seen some
overzealous network engineers crash their routers by loading the wrong IOS
for the hardware(DRAM/Flash) they currently have.

HTH
George Murage


-Original Message-
From: Mr piyush shah [mailto:[EMAIL PROTECTED] 
Sent: Monday, August 04, 2003 2:51 PM
To: [EMAIL PROTECTED]
Subject: Cisco Security Advisory: Cisco IOS Interface Blocked by IPv4
[7:73471]

Dear all
Recently there was an article on Cisco Security
Advisory which stated that all Cisco routers/switches
having IOS as their operating system,their Interfaces
will be blocked by IPv4 Packets.In this regard,i have
a querry.
Is it that all the router having IOS will be blocked
or certain specific IOS ?
Also they have given fixes at the bottom of that
article which states about access-list,do one need to
go ahead with implementation of these Acess-lists?
Kindly help.
Thanks in advance.

 Piyush




Send free SMS using the Yahoo! Messenger. Go to
http://in.mobile.yahoo.com/new/pc/
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73707t=73707
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Multicasting [7:72403]

[George Murage]

It seems nobody has really answered this.

To begin with, I agree that you do not need IGMP on the tunnels, only on
Ethernet ports where there are possible receivers of the mcast traffic.

In addition, it is not necessary that your SP runs mcast on his router since
you are using GRE tunnels. 

PIM-DM uses SPTs so the moment it starts receiving (S,G) traffic from a
mcast source it will send out the traffic to all interfaces on its outgoing
interface list. For PIM-DM that is all interfaces that have multicast
enabled and have a PIM-DM neighbour or a mcast receiver. So the first thing
you need to do is check if you can see your PIM-DM neighbour at the other
end of the SP cloud with the show ip pim neighbor command.

Please keep us posted on how this progresses.

Kind regards
George Murage


-Original Message-
From: Doan Nguyen [mailto:[EMAIL PROTECTED] 
Sent: Thursday, August 07, 2003 11:44 PM
To: [EMAIL PROTECTED]
Subject: Re: Multicasting [7:72403]

If you're using PIM Dense-Sparse mode you will need to designate an RP
router because the DR needs to know where to send the (*,G) to join and the
source DR needs to register the SA messages to the RP.

What you can do for this case is 


R1-SP1---SP2-R2


make either R1 or R2 the RP.
Assign a static RP-to-group mapping to the router that is not the RP to
point to the one that is assigned the RP.  If you're using static RP mapping
then all you need on your tunnel interface is PIM-SM.
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73719t=72403
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Logging ICMP on a PIX [7:73232]

[George Murage]

Just out of curiosity, why do you want to log *all* ICMP traffic through
your PIX? At logging level 4, you should see logs for selected ICMP traffic
that is characteristic of a reconnaissance attack.

Anyway, I hope you have a large disk(s) on your Syslog server :-)

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Thursday, July 31, 2003 2:44 PM
To: [EMAIL PROTECTED]
Subject: RE: Logging ICMP on a PIX [7:73232]

Tried 

debug icmp trace

And logged that information to console/syslog debugging level?

Martijn 

6.2
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/gl.h
tm#1028090
level 
 Specify the syslog message level as a number or string. The level you
specify means that you want that level and those less than the level. For
example, if level is 3, syslog displays 0, 1, 2, and 3 messages. Possible
number and string level values are: 

0-emergencies-System unusable messages 
1-alerts-Take immediate action 
2-critical-Critical condition 
3-errors-Error message 
4-warnings-Warning message 
5-notifications-Normal but significant condition 
6-informational-Information message 
7-debugging-Debug messages and log FTP commands and WWW URLs 
 


-Oorspronkelijk bericht-
Van: Patrick Donlon [mailto:[EMAIL PROTECTED]
Verzonden: woensdag 30 juli 2003 10:23
Aan: [EMAIL PROTECTED]
Onderwerp: Logging ICMP on a PIX [7:73232]


Do anyone know how to log ICMP traffic that is allowed through a PIX?? I can
see denied ICMP no problem.

I can log all my other traffic with logging trap debug set, but it can't see
ICMP traffic passing through the firewall. Is this normally behaviour for
6.2(2)?

Cheers

Pat




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73275t=73232
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE # 12026 - Longish [7:73135]

[George Murage]

Congratulations and thanks for the tips!

-Original Message-
From: Akusika Papaa [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, July 30, 2003 7:49 AM
To: [EMAIL PROTECTED]
Subject: RE: CCIE # 12026 - Longish [7:73135]

Congratulation and great job.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
NKP
Sent: Tuesday, July 29, 2003 11:11 AM
To: [EMAIL PROTECTED]
Subject: CCIE # 12026 - Longish [7:73135]


Hi All ,
Its  my turn to send the e-mail today . Tht subject says it all .
It has been almost 8 months of rigorous preparation and I managed to clear
it in the first  lab  attempt in Bangalore .

   My close  friend and a study partner who had cleared his lab just a week
before  had given me a call when I reached back to the hotel after the lab ,
he had checked my results online and informed me before i could check the
results.

  I am not a regular participator on this Forum , but here are some tips and
pointers  which I had used for preparation , which I would like to share
with all of you without violating the NDA.

1) Create a Study Group of like minded Friends who are preparing for the
labs , its been my friends who have elevated me to this level . We used to
work on different scenarios of different practice labs from morning till
night and compare our answers. We had a study group of 4 persons from
different parts of India who used to stay with me in my vacant apartment ,
and I am highly obliged to all of my friends who have got me to this level .
It would not have been possible without them . Try to meet as many CCIE's
who have cleared or CCIEs who are pursuing   there labs , ( without breaking
NDA ) I have always learnt a new  things from every candidate and CCIE's
whom i have met as regarding there preparation strategy.

2) Some of the must have books for preparation  are :
  a) Routing TCP/IP Part 1 and 2 by Jeff Doyle
  b)  Troublehooting IP Routing Protocols   - Gem of a Book , written by
CCIE's in the TAC
  c) CCIE Practical Studies part 1 by Karl Solie
  d) Cisco OSPF Command and Configuration Handbook by William Parkhurst
  e) Cisco BGP 4 Command and Configuration Handbook by William Parkhurst
  g) CCIE Practical Studies Security ( by Dmitry Bokotey, etc...)
  h) Cisco CCIE lab Study Guide ( Hutnik and Satarlee)

 No matter how many books you invest in , it will always seem to be less. I
have a collection of almost all the major published books of Cisco Press for
the CCNP and CCIE R/s  and Security , but there are still topics which you
have to look for elsewhere . Some of the practice labs which we had referred
to were of Ipexpert and ccbootcamp labs , but we did not do all the labs in
them .

3) Build a Home Lab , You can practice for unlimited hours and work on
different scenarios . Most of the equipments required have been listed here
many times , so i wont go in details of them .

4) Rent  online racks as well . We had mainly used racktimerenatals and
bradshawlabs for practicing on ATM and 3550 . They are both good and cheap
  overall adding the total hours of the home lab and online racks , I
must have practiced for more then  800  hours in the last 8 months.

5) DOC CD , know it inside out . During the last weeks of preparation I
tried not to refer to any books and only refer to the DOC CD only for
anything i did not know. Also know how to search for a topic on it , as you
can not use the search on the home page on it . The Doc CD will be your best
Pal in the labs .
   make this URL your  homepage http://www.cisco.com/univercd/home/home.htm


6)  The good thing in Bangalore is that they have practice labs which can be
rented ot during the weekdays out here in which you get to use the same
equipments at the premises of the testing lab , so I had booked that for 2
days last month and a day just before the exam , I felt more comfortable
with the ambience over there and the phycological pressure of the first
attempt was not there .

7)  Lastly this groupstudy is an asset for all everyone preparing for the
lab , I must have collected more then 500 to 600 postings in the past 4 to 5
months  and created different folders in outlook as per the subjects and
stored them for reference , I got to learn a lot from groupstudy and from
@!#$.com , the posting of some of the regular  lab trainers of CCIE are
a  boon in disguise . Go through each and every postings , even if they
might not be relevant for exam point of view, they might  be useful later on
in the production environment.

  My lab was on  Saturday,July 26th and i had reached one hour early at
Cisco campus for the lab. It started right on time and the lab was straight
and simple to configure . I had almost completed the lab by the lunch break
, and it was over 30 minutes after the coming back from lunch. I then
revised the whole test and found that there were a few errors and corrected
them . Practice speed typing , use aliases , use other time savers which
come only through practice 

RE: Accesss List(deny ping) [7:72147]

[George Murage]

Ok, I am a bit puzzled by what you are trying to achieve. 

If the ISDN link is a backup and your configuration is working properly the
FR link and the ISDN should not be both up except when the FR link is
restored and the ISDN link's has not been closed yet which is just a
temporary condition. 

Moreover, as long as the FR link is up all traffic should be routed via this
link; this includes the ping to 202.x.y.z.

However, I worked on a setup where I had to test if the backup was working
without bringing down the FR link. In this case the FR link and ISDN had to
use two different networks, see the diagram below

HQ LAN---Router-HQFR-FR---Router-A
172.18.0.0/16 |  172.16.0.1/30  172.16.0.2/30  |
|  l0=172.16.0.4/32  |
|-ISDN---ISDN|
172.17.0.1/30  172.17.0.2/30

On router A I put a static route to 172.18.0.0/16 via 172.16.0.4/32 with a
higher metric than the IGP metric to make it the less preferred route. The
IGP advertises routes that are a longer match than the 172.18.0.0/16 static
route.

Then I put another static route to 172.16.0.4/32 via 172.17.0.1/30 

The dialer map cmd uses the 172.17.0.1 IP so that the ISDN line is activated
only when the less-preferable route is the only route available. However, to
test the dial-up all you need to do is ping 172.16.0.4, from router A. This
will always bring up the ISDN line. You can setup the same on Router-HQ, so
that you have static route to a loop back interface on Router A, using
172.17.0.2

An access-list will not help as the FR link will always be chosen to forward
the traffic and the ping packet will be dropped after the next-hop address
has already been determined.

I am not sure if you can achieve the same using PBR; I have never tired it
myself.

Any comments from the others?

Regards
George Murage

 





-Original Message-
From: Md Nazri [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 11, 2003 11:32 AM
To: [EMAIL PROTECTED]
Subject: Accesss List(deny ping) [7:72147]

hi all,

I got one scenario, where we got 2 routers, one is A and another is HQ, 
connection between A  HQ are via Frame Relay and ISDN as a backup.
ISDN is using loopback address 202.x.y.z.

Question:
when both Frame Relay and ISDN are up,
how do I create access list in router A to deny ping to 202.x.y.z via Frame
Relay(Serial port) but only allow it via ISDN Bri port in router A.


tq

rgds
nazri




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72233t=72147
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Help !!! [7:72096]

[George Murage]

The cmd autoselect ppp instructs the interface to only start the ppp
protocol if it detects incoming PPP packets. So the calling device must
initiate the PPP negotiation.

However, for this to work on the router, the async. interface must be set to
allow the incoming connection to chose the type of session it wants to
start. This is done using the async mode interactive cmd. This is useful
where your asynch. interface is used to connect different types of incoming
sessions such as PPP, SLIP, ARAP etc
 
The default is async mode dedicated where the async. interface is set to
start one type of network session such as PPP for all incoming calls.

HTH
George Murage

P.S This is a pretty loose explanation but you can get the details from
Cisco documentation CD - or from somebody on this list who has used the cmds
recently :-) 

-Original Message-
From: H T [mailto:[EMAIL PROTECTED] 
Sent: Thursday, July 10, 2003 2:11 PM
To: [EMAIL PROTECTED]
Subject: Help !!! [7:72096]

what does it mean?
and
Why I am getting this message?

TestR(config-line)#autoselect ppp
%Autoselect w/o the interface command 'Async mode interactive' is useless


Cheers




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72100t=72096
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCDP requirements: pointless to do CID if you don't already [7:72032]

[George Murage]

Hi,

You do not need BCRAN to be CCNP. Just BSCI, Switching and CID.

I am also trying to beat the 25th July deadline!

Please see:

http://www.cisco.com/en/US/learning/le3/le2/le37/le5/learning_certification_
type_home.html


Thanks and regards
George Murage


-Original Message-
From: MCMORDIE Shane (BMB) [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 08, 2003 5:21 PM
To: [EMAIL PROTECTED]
Subject: CCDP requirements: pointless to do CID if you don't already
[7:72027]

Hi,

I'm aiming at CCDP but I don't have BCRAN.   Am I correct in thinking
that there is no point in me registering for CID before registration
finally ends on July 25th - because to go this route to CCDP, BCRAN is
also needed - but is no longer available?

Therefore better for me to forget CID and go straight to ARCH?

Thanks,

Shane


 DISCLAIMER 

This e-mail and any attachment thereto may contain information which is
confidential and/or protected by intellectual property rights and are
intended
for the sole use of the recipient(s) named above.
Any use of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any form) by
other persons than the designated recipient(s) is prohibited.
If you have received this e-mail in error, please notify the sender either
by
telephone or by e-mail and delete the material from any computer.

Thank you for your cooperation.

For further information about Proximus mobile phone services please see our
website at http://www.proximus.be or refer to any Proximus agent.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72032t=72032
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN Port goes to Deactivated mode [7:72022]

[George Murage]

I have experienced the same problem and would really like to see what the
others have to say.


While testing, I put my router with a BRI-1B-S/T card behind a PBX with an
NTI card and the problem vanished. 

This led me to believe that the problem has something to do with the telco.

I *think* the telco switch may not be able to detect, in a timely fashion
that your isdn line is active, because European ISDN switches normally
deactivate layer 1 or layer 2 of an idle isdn line.

Removing and re-inserting the cable sort of resets the layers 1 and 2. Has
the same effect as typing clear int brix/y on the router.

Regards
George Murage

-Original Message-
From: H T [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 08, 2003 5:49 PM
To: [EMAIL PROTECTED]
Subject: Re: ISDN Port goes to Deactivated mode [7:72022]

Hi,
can you show us your running config of both sides, so we can know where
would be the problem?


cheers,
Heiman.



Mr piyush shah  wrote in message
news:[EMAIL PROTECTED]
 Dear all
 I am having 128 kbps Leased Line with ISDN backup.As
 the Link goes Down ,ISDN should trigger,however in my
 case the ISDN link does not come up and goes to
 deactivated mode.What could be the problem .I have
 seen that upon removing the ISDN link and inserting
 back it gives the status as ACTIVE.What could be the
 problm?
 Kindly help as I am not able to use backup link due to
 this reason.

 I have attached herewitht the log of sh isdn status
 command for your kind pwerusal

 Thanks in advance.

 Regards


 Piyush

 router-1#sh ISDN status

 ISDN BRI0 interface
 dsl 0, interface ISDN Switchtype = basic-net3
 Layer 1 Status:
 DEACTIVATED
 Layer 2 Status:
 TEI = 85, Ces = 1, SAPI = 0, State =
 TEI_ASSIGNED
 I_Queue_Len 0, UI_Queue_Len 0
 Layer 3 Status:
 0 Active Layer 3 Call(s)
 Activated dsl 0 CCBs = 0
 The Free Channel Mask:  0x8003
 Total Allocated ISDN CCBs = 0

 
 Send free SMS using the Yahoo! Messenger. Go to
 http://in.mobile.yahoo.com/new/pc/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72035t=72022
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Multimedia/Voice over VSAT [7:71706]

[George Murage]

I can only comment about voice over VSAT. The propagation delay which could
be anything from 600ms to 1200ms (depending on the VSAT configuration) makes
the voice calls sound like long-distance international calls. So the users
have to be aware of the you-talk-then-i-talk phenomenon. 

As for the asymmetrical path, that should really not be a problem, you
should just ensure that your routing protocol is aware that the VSAT path
consists on two simplex links connected to 2 different ports. I am assuming
here that your VSAT uses a DVB-IP receiver for downlink traffic and an SCPC
modem for uplink traffic.

George Murage


- jvd wrote:

jvd, it's nice to have you on the list.

It looks like you post using the Web site. A lot of people do GroupStudy via
e-mail. They can't tell what your messages refer to. They seem like orphans.
When posting from the Web, please press the Quote button first and then add
comments, and your messages will arrive with some context. Thanks.

 
 Hello Pieter,
 
 As you know delay is one of the problems with VSAT. You can do
 nothing about hops to the satellite and back. What you need is
 some prioritization/QoS in your network for the voice traffic.
 There are various ways to do this.

But is prioritization and QoS even worthy bothering with for traffic going
to a satellite? Wouldn't that be sort of like priorizing which bus leaves
the New York bus station first to avoid delay going to San Francisco? The
few minutes saved by letting the San Fran bus leave before the Philadelphia
bus are completely irrelvant compared the many days it takes to get to San
Fran.

On routers, the few nanoseconds saved by outputting voice first are
irrelvant compared to the hundreds of milliseconds to reach the satellite.

 
 I don't have personal experience with AutoQoS but it's a new
 feature supported on the Cisco routers and switches - check it
 out: (you may need a CCO login)
 http://www.cisco.com/en/US/partner/tech/tk543/tk759/tk879/tech_protoco
 l_home.html
 
 My other suggestion is for if you want to get into the details
 to configure your equipment manually, is to have a look at the
 QDM (QoS Device Manager). This is a web based tool that is free
 from Cisco's website.
 http://www.cisco.com/en/US/partner/products/sw/netmgtsw/ps2063/index.h
 tml
 
 And then my final suggestion is to have a look at RSVP
 (Resource Reservation Protocol). This protocol will reserve
 bandwith for your application along the transmission path.
 
 Regards,
 Jans
 
 PS. Nice to see fellow SAfricans on the forum.

I thought you were from Brazil?! Now I am curious! :-)

Priscilla




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71773t=71706
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Multimedia/Voice over VSAT [7:71706]

[George Murage]

I can only comment about voice over VSAT. The propagation delay which could
be anything from 600ms to 1200ms (depending on the VSAT configuration) makes
the voice calls sound like long-distance international calls. So the users
have to be aware of the you-talk-then-i-talk phenomenon. 

As for the asymmetrical path, that should really not be a problem, you
should just ensure that your routing protocol is aware that the VSAT path
consists on two simplex links connected to 2 different ports. I am assuming
here that your VSAT uses a DVB-IP receiver for downlink traffic and an SCPC
modem for uplink traffic.

George Murage


- jvd wrote:

jvd, it's nice to have you on the list.

It looks like you post using the Web site. A lot of people do GroupStudy via
e-mail. They can't tell what your messages refer to. They seem like orphans.
When posting from the Web, please press the Quote button first and then add
comments, and your messages will arrive with some context. Thanks.

 
 Hello Pieter,
 
 As you know delay is one of the problems with VSAT. You can do
 nothing about hops to the satellite and back. What you need is
 some prioritization/QoS in your network for the voice traffic.
 There are various ways to do this.

But is prioritization and QoS even worthy bothering with for traffic going
to a satellite? Wouldn't that be sort of like priorizing which bus leaves
the New York bus station first to avoid delay going to San Francisco? The
few minutes saved by letting the San Fran bus leave before the Philadelphia
bus are completely irrelvant compared the many days it takes to get to San
Fran.

On routers, the few nanoseconds saved by outputting voice first are
irrelvant compared to the hundreds of milliseconds to reach the satellite.

 
 I don't have personal experience with AutoQoS but it's a new
 feature supported on the Cisco routers and switches - check it
 out: (you may need a CCO login)
 http://www.cisco.com/en/US/partner/tech/tk543/tk759/tk879/tech_protoco
 l_home.html
 
 My other suggestion is for if you want to get into the details
 to configure your equipment manually, is to have a look at the
 QDM (QoS Device Manager). This is a web based tool that is free
 from Cisco's website.
 http://www.cisco.com/en/US/partner/products/sw/netmgtsw/ps2063/index.h
 tml
 
 And then my final suggestion is to have a look at RSVP
 (Resource Reservation Protocol). This protocol will reserve
 bandwith for your application along the transmission path.
 
 Regards,
 Jans
 
 PS. Nice to see fellow SAfricans on the forum.

I thought you were from Brazil?! Now I am curious! :-)

Priscilla




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71775t=71706
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Computer for ISP [7:66736]

[George]

actually this is question i have to answer in my assignment. i am also not
able to understand it correctly as its not clear.
we can assume any server. can u help me in this

Scott Roberts  wrote in message
news:[EMAIL PROTECTED]
 well georgeW,

 your questions seem a little hidden. what are you asking? why an ISP would
 need a server? for dns is the first example that comes to mind.

 btw, 4 more?

 scott

 George  wrote in message
 news:[EMAIL PROTECTED]
  A computer is to be purchased for an Internet Service Provider (ISP)
that
 is
  to be used as one of the server at the network backbone. What may be the
  role of this server for the ISP?
 
  Can this server be put for other server related applications?
 
  What will be configuration of this server giving reason for selection of
  various components ( economicaly wise and performance wise )




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66824t=66736
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Computer for ISP [7:66736]

[George]

A computer is to be purchased for an Internet Service Provider (ISP) that is
to be used as one of the server at the network backbone. What may be the
role of this server for the ISP?

Can this server be put for other server related applications?

What will be configuration of this server giving reason for selection of
various components ( economicaly wise and performance wise )




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66736t=66736
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: CCIP Announcement - This ends the speculation! [7:65912]

[George Murage]

There has been some speculation on the fate of the CCIP track since the
beta testing of exam 642-661 - Configuring BGP on Cisco Routers. Well,
this is what Cisco has to say about it. 

Cisco Systems recently adjusted the CCIP (Cisco Certified Internetwork 
Professional) program to meet the changing needs of the service 
provider market.  With this adjustment, the CCIP curriculum will 
follow in the CCDP and CCNP tradition of four exams and four courses.  
The elective approach will be phased out and the existing QoS course 
will be a part of the CCIP program. For those customers interested in 
pursuing the elective areas, the Cisco Qualified Specialist program 
will offer focused training and certification in multiple areas of 
high demand.

http://www.cisco.com/warp/public/10/wwtraining/ecampaign/blast 
http://www.cisco.com/warp/public/10/wwtraining/ecampaign/blast2

Question is what happens to those who have the old CCIP with an
elective.

Then there is an overlap in course material. A good portion of the BSCI
course covers BGP, which is covered again in the new exam Configuring
BGP on Cisco Routers.

However, IMHO, I think the cert is welcome. By making MPLS and some
advanced BGP concepts mandatory it is more reflective of the skills
required in a SP environment.

GM




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65912t=65912
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PDM Question [7:65954]

[Hartnell, George]

Hi there,

I've got a 515UR failover I jus' upgraded from 5.3(1) to 6.1(4).  I'd like
to pop PDM on that system(s) and try that interface out.

I'm a command line kind of guy, so am comfortable with CLI, but, I've heard
that PDM is a worthy utility.

Any words of wisdom on PDM installation?

Best, G.

Nations have recently been led to borrow billions for war;
no nation has ever borrowed largely for education...
no nation is rich enough to pay for both war and civilization.
We must make our choice; we cannot have both. -- Abraham Flexner




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65954t=65954
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Management VLANs, RealWorld [7:63162]

[Uncle George]

Hello again!

Now is the/my time to play multi-vendor dot1q tagging.  One vendor being
Cisco, of course.  Other vendors will be represented by a nameless
nitial  --- F at the high-end and S at the edge.

We've all heard about a/the management VLAN, and I've certainly struggled
with my little network over migration to that 192.168.x.x model of
management VLAN addressing.  (little: 20 sites/~200 nodes/site, gig-e
fiber)   I've a couple of Yea, but what about in the real world, there,
bub? kind of questions.

With less than 250 switches, now, should the management VLAN *remain* a flat
network across the enterprise?  Or, should each site, which are L3 segmented
by the core router, have it's own 192.168.x.y/24 IP segment?

This is a deceptively complex question, including things like DHCP servers,
router availability,  security, (Should VLAN 1 be the management VLAN at
all?), bandwidth utilization (by user VLANs across the trunk, too.), vendor
compatibility (but, here, F and S are capable of changing mgmt. VLANs), and,
perhaps not entirely least (or last), ease of configuration and maintenance
upon the hapless network administrative staff.

I'd be interested to hear how the ole pros do it.  And why.

Best, Uncle G.

''It is no use saying, 'We are doing our best.' You have got to
succeed in doing what is necessary.'' - Sir Winston Churchill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63162t=63162
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Repost: Engineering Study Soapbox [7:63165]

[Uncle George]

Valentine's day marked the 20th anniversary of this event.  I thought it
might bear repetition.

--
Upon learing by rote testing products:
--

Here's a little story from the Bering Sea.  Bear with me and you'll see why
the 'thread' fits.

The Anacortes, Washington fishing family had been very successful in the
late 1980's.  Early 1990 saw four brand-new crab boats ready to plunder the
king crab population in an area the coast guard describes as 'the major
leagues' compared to North Atlantic fishing ground weather conditions.

Not too far out of Dutch Harbor, Alaska, two of those boats capsized,
killing all 15 [14, gfh] crew members aboard, including the son of one of
the
surviving vessels.  While the craft were carrying out a load of 800lb.
'pots, photos of the loaded boats before their doomed departure showed
nothing visible to point toward load instability.

Investigations, of course, followed.  Over a year later, as the
investigation was closing, without answers, almost as an afterthought, a
shipyard worker approached one investigator.  I don't know if it really
matters, but we had some extra bottom paint, and we added an extra 12 inches
around the hull of both boats, he told them.

Anti-fouling bottom paint, to combat marine organisms, makes a very visible
waterline on the hull of a vessel.  Normally, this would be considered a
'bonus' for an owner.  This time, however, was different.

The engineering specifications had the craft designed with bottom paint to a
certain level on the hull.  The 25 year-old skipper had loaded the crab pots
*to the waterline as indicated by the additional 12 inches of paint*.  No
one, not the planners, not the skipper, not the investigators, had thought
that the paint-line, so visible in the after-the-fact photos, was so 'out of
spec.' Twelve inches deeper on a 150 foot boat equals tons of additional
displacement. The boats flipped like tops; there was not even time for a
'mayday'.

There are a couple of lessons here.  The first, and most obvious, is follow
the engineering specifications without error.  The second, and more
relevant to this thread, was that the skipper was operating by rote.  He
apparently did not understand that the stability of the vessel was not due
to a line in the water, but to exact engineering specifications that were
inviolate physics.

So, does learning to pass the CCxx test(s) require rote learning?  Yes.
Does that rote learning style make you a safe skipper?  Probably not.

Know your engineering, as much as possible.  The Why's it do that? are
perhaps more important than just knowing it does...

Very best, G.
VP OG




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63165t=63165
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: how to break out of the sequence when in write term or [7:61124]

[George Hansen]

try 'q'. I'm not sure if it works with 'no pager'.

George

-Original Message-
From: eric nguyen [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 15, 2003 10:35 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: how to break out of the sequence when in write term or show
running in Pix firewall


Hi All,

My pix configuration is about 800 lines long.  Everytime, I do a show
running or

write term and I would like to break somewhere in the configuration it
is not

possible for me to send the Control ^C to stop listing of the
configuration.  Control

^C works on both Cisco routers and switches but apparently not on Pix
firewalls.

Now I can use pager command to set the page break or no pager not to
set the

page break.  However, in either case, it is not possible to send the
break sequence 

to break out of the show running configuration.  This is very
frustrating.

Why doesn't Cisco make this damn thing work?  I am running version
6.2(2)

 



-
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61124t=61124
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Ccie is a rip off! [7:58458]

[George Bethel]

The CCIE written is not a certification, it is a
qualification exam.  No matter how dificult you think
it is, if you can't pass the written you're not ready
for the lab.  



--- wexo__la  wrote:
 Someone should say this already :
 There is no experties-checking in any ccie written
 exam!
 The ccie is a rip-off!
 50% memory questions (like what vip version is
 eprom-value:01e00 and other
 shit.. 
 I got the official exam certification guide I am a
 ccip/ccdp/ccnp and I
 never got so miss-leaded! this book from july 2002
 (very new) and it says
 (page 4) the exam is 100 question + does not include
 the fddi and many more
 ... it is missleading in many areas
 +
 the question and cd-test is 80% less
 hard then the actual test and it tells
 you that they are harder!
 i payed the price for getting the book for an idea
 of the test and i got the
 wrong idea! 
 i think that cisco is doing something very wrong
 with this
 The material are quite broad and you can ask many
 hard questions on the
 technologies But there are so many of them about
 how many slots in
 this..?,what version support that..?,what ip
 precedence number is
 flush.. that gets you thinking cisco is not Concern
 about checking your
 experties but something complitly different - that
 gets people like us
 talking about the exams like it is something to brag
 about!
[EMAIL PROTECTED]


__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58482t=58458
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Amazon routers [7:57802]

[George Coles]

Does anyone have experience with Amazon routers from ACC? I need to put a
7206 in-line to replace a failing Amazon and the commands are difficult to
match up to the Cisco world.  Any help would eb appreciated.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=57802t=57802
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

2980G config [7:56960]

[Bethel George]

Could someone post the show config or show port output from a 2980G?  




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=56960t=56960
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Tech Tips [7:55030]

[George Jiang]

George
CCIE #9781

-Original Message-
From: Persio Pucci [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 07, 2002 1:38 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Tech Tips


Hey folks,

where did the Tech Tips go that I cannot find it anywhere in the new Cisco
site? Did anybody find it already? :(

Regards,

Persio




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=55030t=55030
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Multicast scenario [7:50994]

[george]

What type of server would be good to set up a multicast scenario and
test it out.?
Apple server streaming video, or a advance 2000 server.
What have you done.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=50994t=50994
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco 1000TX GBICs [7:50316]

[Hartnell, George]

and have nothing good to say about them.

What sweet nothings would those be?

On another, but similar, note, what 3d party GBICs for 1000LX single mode
are out there for the Cat 3548 switches?  And, are there any sweet
nothings about using those in a Cisco platform?

Very best, G.


 -Original Message-
 From: Ken Diliberto [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, July 31, 2002 2:55 PM
 To: [EMAIL PROTECTED]
 Subject: Cisco 1000TX GBICs [7:50316]
 
 
 Anyone have experience with the 1000TX GBICs from Cisco?  We have used
 the stacking GBICs and have nothing good to say about them.  The TX
 GBICs are over $100 less (retail).
 
 Ken




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=50403t=50316
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

switch command [7:50413]

[GEORGE]

Is their a command to view all the ip addresses connected to my switch.
I do a show arp shows a couple
Or how often does ip addresses get  added   to the switch?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=50413t=50413
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

can reach host [7:50422]

[GEORGE]

I having problems pinging a host on a different vlan. However I can
access other host that are connected to the same switch?? Trunking is
enable
What can I look for . the device is on native vlan , while I am on vlan
2




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=50422t=50422
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Can't Disable Spanning Tree on 2980G [7:50009]

[George Siaw]

Hi Folks,

Is anybody willing to trade in a November Lab date this year for next
February?

Regards,
George.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=50107t=50009
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

what does this command do? [7:50112]

[GEORGE]

IP host RouterB 191.8.150.1 191.8.2.1




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=50112t=50112
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: Looking for BSCN in PDF format [7:50039]

[GEORGE]

You should try half.com I seen it around $15 bucks used.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Kevin O'Gilvie
Sent: Monday, July 29, 2002 3:40 PM
To: [EMAIL PROTECTED]
Subject: RE: Looking for BSCN in PDF format [7:50039]

You tell him Juan,

No pirates here!!
Just techies trying to sail..Alot of us are just trying to swim..Or at
least 
learning to float!!

LOL!!


From: Juan Blanco 
Reply-To: Juan Blanco 
To: [EMAIL PROTECTED]
Subject: RE: Looking for BSCN in PDF format [7:50039]
Date: Mon, 29 Jul 2002 20:09:19 GMT

Jeff,
Give us a break, on this group we are very negative to this type of
behaviors, I just went and spent $120 in two books, I did not go to the
movies, I did not go outI just went and bought the books because I
need
them, like myself most of the people in this group do the same thing,
they
sacrificed them self and buy whatever is require to learn the
technology
which will help them to move up to new levels, the same way the authors
of
many books whom worked very hard to put together a book that will help
everyone. My advise to you is, in this field you can't be worried about
how
much a book cost.This is very costly field, very costly my wife is 
ready
give the divorced and kick me out the house with my rack, routers,
switches
and course many, many books...

Good luck in getting your BSCN'S PDF..

jb

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bond, Jeffrey T
Sent: Monday, July 29, 2002 1:29 PM
To: [EMAIL PROTECTED]
Subject: Looking for BSCN in PDF format [7:50039]


Does anyone have a copy of BSCN in pdf format that they wouldn't mind
sharing.


thanks


Jeff
_
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=50217t=50039
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

multicast address [7:50221]

[GEORGE]

Where can I find the multicast address , rip, irgp use.?
I know Ospf is 224.0.5  224.0.6




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=50221t=50221
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

nbar message [7:49466]

[GEORGE]

I get this message when I try to apply a policy to my fast Ethernet
interface on a 7513
service-policy is supported only on VIP interfaces with DCEF
enabled




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49466t=49466
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: nbar message [7:49466]

[GEORGE]

Got it!!!

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Steven A. Ridder
Sent: Tuesday, July 23, 2002 2:04 PM
To: [EMAIL PROTECTED]
Subject: Re: nbar message [7:49466]

turn on dcef or cef.


GEORGE  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I get this message when I try to apply a policy to my fast Ethernet
 interface on a 7513
 service-policy is supported only on VIP interfaces with DCEF
 enabled




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49485t=49466
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

mop enable [7:49487]

[GEORGE]

This command I looked it up at Cisco web site and it says it's a
maintenance operation protocol
But what does it do exactly?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49487t=49487
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Help with vlan!! [7:49127]

[GEORGE]

I currently have just 2 vlan's in my network. The native 1 and vlan 2. I
have a 7513 doing the routing with a fast Ethernet and 3500xl and 2900xl
in my network. I have one vtp server and I added vlan 2  it  works! .
then I created another vlan 3 on the router with ip 10.0.4.1  isl
encapsulation on it and add it to the  vtp server. (3508xl) and name it
lab ,  doesn't work! I have trunking all the way here is a diagram of my
network
(port1)
  7513-3524trunking2900xl---trunking---2900xl-users 
 
on the 2900xl that the users are connected I place switchport access
vlan 3 on all the ports and  made it a client with the proper vtp
domain.. The other 2900 xl that's connected to my 3524 is also a client
with the correct vtp domain however when I do a show vlan I show vlan 3
but a different vlan name not lab
 
my question is what im I doing wrong?
Do I have to configure  a vtp server for each vlan?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49127t=49127
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: Help with vlan!! [7:49127]

[GEORGE]

I got it to work!!!
The only thing I had to change was on the transparent mode add the vlan
and the name and it work, those this have to happen every time you add a
new vlan to the switch network?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Arlante, Neil
Sent: Thursday, July 18, 2002 10:40 AM
To: [EMAIL PROTECTED]
Subject: RE: Help with vlan!! [7:49127]

did u tried these:

is it really trunking betw 3524 and 2900xl, or betw different switches?
sh
trunk

compare vtp revision numbers if they are the same...sh vtp domain

see if vtp advertisements are sent and received... sh vtp statistics

HTH,


-Original Message-
From: GEORGE [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 18, 2002 10:44 PM
To: [EMAIL PROTECTED]
Subject: Help with vlan!! [7:49127]


I currently have just 2 vlan's in my network. The native 1 and vlan 2. I
have a 7513 doing the routing with a fast Ethernet and 3500xl and 2900xl
in my network. I have one vtp server and I added vlan 2  it  works! .
then I created another vlan 3 on the router with ip 10.0.4.1  isl
encapsulation on it and add it to the  vtp server. (3508xl) and name it
lab ,  doesn't work! I have trunking all the way here is a diagram of my
network
(port1)
  7513-3524trunking2900xl---trunking---2900xl-users 
 
on the 2900xl that the users are connected I place switchport access
vlan 3 on all the ports and  made it a client with the proper vtp
domain.. The other 2900 xl that's connected to my 3524 is also a client
with the correct vtp domain however when I do a show vlan I show vlan 3
but a different vlan name not lab
 
my question is what im I doing wrong?
Do I have to configure  a vtp server for each vlan?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49141t=49127
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

cisco command [7:49152]

[GEORGE]

Is their a cisco command that will show you the serial number of the
router




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49152t=49152
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: FW: Help with vlan!! [7:49127]

[GEORGE]

The switches were set to client and only one was set to server,however
when I added the vlan name  to the server it did not propogate to the
other switches I wonder why? How many vtp severs can I have in one
domain


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
MADMAN
Sent: Thursday, July 18, 2002 1:06 PM
To: [EMAIL PROTECTED]
Subject: Re: FW: Help with vlan!! [7:49127]

You have to be either transparent or server mode to add a VLAN.  Were
you in client mode originally?

  Dave

GEORGE wrote:
 
 I got it to work!!!
 The only thing I had to change was on the transparent mode add the
vlan
 and the name and it work, those this have to happen every time you add
a
 new vlan to the switch network?
 
 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf
Of
 Arlante, Neil
 Sent: Thursday, July 18, 2002 10:40 AM
 To: [EMAIL PROTECTED]
 Subject: RE: Help with vlan!! [7:49127]
 
 did u tried these:
 
 is it really trunking betw 3524 and 2900xl, or betw different
switches?
 sh
 trunk
 
 compare vtp revision numbers if they are the same...sh vtp domain
 
 see if vtp advertisements are sent and received... sh vtp statistics
 
 HTH,
 
 -Original Message-
 From: GEORGE [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, July 18, 2002 10:44 PM
 To: [EMAIL PROTECTED]
 Subject: Help with vlan!! [7:49127]
 
 I currently have just 2 vlan's in my network. The native 1 and vlan 2.
I
 have a 7513 doing the routing with a fast Ethernet and 3500xl and
2900xl
 in my network. I have one vtp server and I added vlan 2  it  works! .
 then I created another vlan 3 on the router with ip 10.0.4.1  isl
 encapsulation on it and add it to the  vtp server. (3508xl) and name
it
 lab ,  doesn't work! I have trunking all the way here is a diagram of
my
 network
 (port1)
   7513-3524trunking2900xl---trunking---2900xl-users
 
 on the 2900xl that the users are connected I place switchport access
 vlan 3 on all the ports and  made it a client with the proper vtp
 domain.. The other 2900 xl that's connected to my 3524 is also a
client
 with the correct vtp domain however when I do a show vlan I show vlan
3
 but a different vlan name not lab
 
 my question is what im I doing wrong?
 Do I have to configure  a vtp server for each vlan?
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

Emotion should reflect reason not guide it




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49161t=49127
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

boot sequence [7:49174]

[GEORGE]

If a router has the configuration setting ser to 0x102 , what would be
the sequence?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49174t=49174
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: cisco command [7:49152]

[GEORGE]

Try it on a mc3810v3 did not work

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, July 18, 2002 2:33 PM
To: [EMAIL PROTECTED]
Subject: RE: cisco command [7:49152]

hi
use the show diag command in previleged mode

regards
deepak




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49173t=49152
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: PIX Design Considerations [7:48979]

[GEORGE]

I would say place an internal router behind the pix so I can route
Your internal network, or vlans's that's the way we design it here
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Jeffrey Reed
Sent: Tuesday, July 16, 2002 7:19 PM
To: [EMAIL PROTECTED]
Subject: PIX Design Considerations [7:48979]

Im still pretty green with PIX in general and was talking today about
introducing a PIX into an existing network. The customer has a router
(not
controlled by them) that has three public class C subnets defined. They
are
not using VLANs, so the router has an interface and two sub-interfaces
going
into a switches network. We want to put the PIX in between the outside
router and the LAN. I know this group has said several times the PIX is
not
a router. Do I need to have another router between the PIX and the LAN
to
perform routing between subnets? I assume the PIX will not facilitate
routing between the internal subnets. Can you define multiple interfaces
on
the internal interface of the PIX if we didnt need to route between the
internal VLANs?

Any suggestions would be appreciated!

Jeffrey Reed
Classic Networking, Inc.
Cell 717-805-5536
Office 717-737-8586
FAX 717-737-0290




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49022t=48979
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Please help me with my new baby(Pix 501) [7:48760]

[GEORGE]

conduit permit icmp any any



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Juan Blanco
Sent: Sunday, July 14, 2002 9:24 AM
To: [EMAIL PROTECTED]
Subject: Please help me with my new baby(Pix 501) [7:48760]

Team,
I just got my new baby Pix 501 (wow...how small it is, it looks like a
toy)Below is my configuration, my problem is that Pat does not seems
to
be able to work, I have cable-modem and they only provided one ip, I am
able
to ping from the firewall to any pc on my LAN, I am able to ping from
the
firewall to any ip on the Internet but I am not able to ping from any PC
on
my LAN to any ip on the Internet, Be aware that this id the first time I
am
using a Cisco Firewall, This morning I got the book Cisco Secure PIX
Firewall. Your help is very appreciated as always...Another
question,
The ios on this baby is the same on the high end firewalls, If I am able
to
learn as much as my brain can take will I be able to configure a
high-end
pix and feel comfortable.


Thanks, (What I am doing wrong..)


JB

pixfirewall# show config
: Saved
:
PIX Version 6.1(1)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password MTz0ptrM4U8gsjGv encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
pager lines 24
interface ethernet0 10baset
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute
ip address inside 192.168.74.11 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 192.168.74.11 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 5
ssh timeout 5
dhcpd auto_config outside
terminal width 80




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49024t=48760
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

nbar [7:49030]

[GEORGE]

Is nbar supported on layer 3 switches?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49030t=49030
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: blocking spam with cisco routers [7:48971]

[GEORGE]

Thanks for your replies

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Don Queen
Sent: Wednesday, July 17, 2002 2:47 PM
To: [EMAIL PROTECTED]
Subject: Re: blocking spam with cisco routers [7:48971]

You'll need a mail relay program like Worldsecure(now Tumbleweed)  that
searches the content of the message before relaying it to the internal
e-mail server. As others have stated, other e-mail servers will open
smtp
connections to your mail server in order to send mail. Most spammers
change
IP addresses constantly to avoid being blocked by devices such as
routers.
- Original Message -
From: Nigel Taylor 
To: 
Sent: Wednesday, July 17, 2002 10:22 AM
Subject: Re: blocking spam with cisco routers [7:48971]


 George,
  Priscilla brings up a good point in that this will not be
easy.
 The most important issue here
 is as Priscilla pointed out, is going to revolve around the
architecture
of
 your networks or the network
 you use for connectivity(to the rest of the world). Some other
questions
 that may apply are very specific
 to your email services.  If you have your own domain and don't relay
any
 mail for specific purposes, then
 this will help, however mail directly address to your domain's users
will
be
 delivered.  The problem here
 is how do you determine who is allowed to send you email.  This is
somewhat
 of an impossible task because
 there's no real way of identifying your SMTP-specific Community of
 Interest (COI).

  The reason being that smtp(tcp) connections are made from any
 server-to-server(your server) for the
 delivery of mail.  I'm sure your smtp requirements are much like the
typical
 domain, in which filtering inbound mail
 falls outside the area of the routed network.  It's one thing to
filter a
 specific hosts or number of host to
 prevent the spread of a new virus. This would still only be
accomplished
 through monitoring of existing smtp
 traffic flows,  in which you could address the issue by resolving the
source
 of the infected mail traffic.
 Again, the traffic is only identified based on a criteria which can
now
be
 tracked or filtered.

 Where I'm going with this is that the only effective way of containing
 spam is by identifying who is sending it and
 most importantly what subject lines are being used in the SPAM email
 received.  This is important because you might
 not want to block or filter all mail inbound from hotmail.com so
finding
 another way to identify the spam is very
 important. I'm not sure of the flexibility of  Micro$oft's exchange to
 filter mail based on subject lines but,  I know
 that sendmail(the best mail server) through the use of the cf file
can
 aide in this process.  There is assistance in the
 form of various programs that does do this type of filtering, however
the
 need to providing the rules for the filter still
 falls within the area of monitoring and prevention

 Currently, we use Solaris on all of our mail servers(16 of them).  We
do
 relay mail for all or most of our users and
 with some scripting and MySql was able compile a database of the
domains
and
 subject lines of typical spam specific
 emails. All inbound email is processed through this script which will
tag
 the spam email and forwards it into a separate
 mail server queue for profiling(to check the validity), before being
 forwarded to the user.  We have just begun to use a program
 called SPAM Assassin which uses our daily updated list of spammers
and
 subject lines.

 HTH

 Nigel

 P.S.  Please note the use of Howard-isms in this email..:-



 - Original Message -
 From: Priscilla Oppenheimer
 To:
 Sent: Tuesday, July 16, 2002 10:50 PM
 Subject: Re: blocking spam with cisco routers [7:48971]


  Brad Ellis wrote:
  
   Yup, use an access list filtering IPs on port 25 (only allow
   yours through)
 
  Yes, but, other SMTP servers for legitimate reasons are also going
to be
  opening TCP sessions to port 25 because they have e-mail to send to
your
  users. It's not as easy as it sounds.
 
  I guess it depends on the ISP's network architecture too. We have a
  challenge where I work in that our users are on cable modems that
connect
 to
  the cable provider (which isn't technically us). Their e-mail
requests
 come
  into our network on the same interface that all Internet traffic
comes
in
 on.
 
  Priscilla
 
 
  
   thanks,
   -Brad Ellis
   CCIE#5796 (RS / Security)
   [EMAIL PROTECTED]
   Cisco home labs:  www.optsys.net
   GEORGE  wrote in message
   [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hi all I have a question ,I configured my e-mail server to
   only accept
local e-mail, and deny other relay , however im still
   vulnerable to
spam. My question is how do the ips block other e-mail going
   to their
smtp
Do they do it by access-list? Allowing only the local network
   with port
25?
Or just the e-mail server?
If cisco routers have to be involved does anyone h

dhcp and subinterfaces [7:49070]

[GEORGE]

If I have subinterfaces configured for my vlans' and I wanted a dhcp
server for one vlan can I create the dhcp server and assign it to that
subinterfaces pertaining the vlan in question. I don't have a server on
that vlan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49070t=49070
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

blocking spam with cisco routers [7:48971]

[GEORGE]

Hi all I have a question ,I configured my e-mail server to only accept
local e-mail, and deny other relay , however im still vulnerable to
spam. My question is how do the ips block other e-mail going to their
smtp
Do they do it by access-list? Allowing only the local network with port
25?
Or just the e-mail server?
If cisco routers have to be involved does anyone have some links. Im
behind a pix and would like to allow only my network to use smtp.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=48971t=48971
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ccie written [7:48860]

[GEORGE]

Do they allow  the use of a calculator I the ccie written exam?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=48860t=48860
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Unable to access MS Outlook using IPSec Lan-to-Lan [7:48482]

[George Kallingal]

We have an IPSec LAN-to-LAN connection between two Cisco VPN 3000
Concentrators and for some strange reason, MS Outlook is unable to connect
to the Exchange server on the other side of the tunnel.  All other traffic
seems to travel fine, and we know for a fact that the mailboxes are
accessible locally.

Has anyone experienced such a problem and found a solution?

George




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=48482t=48482
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ipx question [7:48505]

[GEORGE]

How do you find the ipx address of a novell 4.11?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=48505t=48505
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

mc3810? [7:48519]

[GEORGE]

Does the mc3810 support voice over ip as well as voice atm ,or just the
mc3810 v3.
What would be better to be to practice more this model or a 2600 series?
The mc3810  on a standalone what parts are required? If I wanted only to
to regular analog phones FXS interface? I a bit confiused as to the
parts that are necessary?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=48519t=48519
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

calculating subnets? [7:48552]

[GEORGE]

Does anyone have some cool or useful links to calculate subnetting
including broadcast .




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=48552t=48552
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

pix question [7:47556]

[GEORGE]

I have the 3des encryption disabled do I have to purchase a license to
enable it?
 
VPN-3DES:   Disabled




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47556t=47556
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: Cisco VPN client and NAT [7:47430]

[GEORGE]

Yes linksys has that option, I ran into that problem
Its under the advance option

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Lidiya White
Sent: Wednesday, June 26, 2002 9:34 PM
To: [EMAIL PROTECTED]
Subject: RE: Cisco VPN client and NAT [7:47430]

IP Security Through Network Address Translation Support
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/827/827rl
nts/820feat.htm

I think Linksys just has an option for a checkmark on IPSec through
NAT.  

-- Lidiya White


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Alex Lee
Sent: Wednesday, June 26, 2002 8:20 AM
To: [EMAIL PROTECTED]
Subject: Re: Cisco VPN client and NAT [7:47430]

So how does the Linksys or cisco 800 handles the IPSec thru PAT then ?
Thanks.

 Alex Lee

Lidiya White  wrote in message
news:[EMAIL PROTECTED]...
 PIX doesn't support IPSec transparency/IPSec over TCP. Concentrators
do.
 It all depends on the device that is between your client and PIX, that
 is doing PAT.
 IPSec uses ESP protocol, that doesn't have ports, so how can you
perform
 PAT (port address translation) for a protocol that doesn't understand
 port concept?
 Some routers can pass IPSec through the PAT (like Linksys, Cisco 800).
 So if the router/device that is doing PAT is IPSec aware, then you
 should be able to pass IPSec through. If not, then you have to make
sure
 that one-to-one address translation happens for your VPN clients, not
 one-to-many (PAT)...
 Hope this helps...




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47559t=47430
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

nbar command.... [7:47605]

[GEORGE]

I was configuring nbar for my network and when typing 
Match protocol I got this commands 
The one that I like the most and look for info on cisco site was 
Fastrack Has anyone used it here?
Does anyone have a url or sample config..
 
 
arpIP ARP
  bgpBorder Gateway Protocol
  bridge Bridging
  bstun  Block Serial Tunnel
  cdpCisco Discovery Protocol
  citrix Citrix Traffic
  compressedtcp  Compressed TCP
  cuseemeCU-SeeMe desktop video conference
  custom-01  Custom protocol custom-01
  custom-02  Custom protocol custom-02
  custom-03  Custom protocol custom-03
  custom-04  Custom protocol custom-04
  custom-05  Custom protocol custom-05
  custom-06  Custom protocol custom-06
  custom-07  Custom protocol custom-07
  custom-08  Custom protocol custom-08
  custom-09  Custom protocol custom-09
  custom-10  Custom protocol custom-10
  dhcp   Dynamic Host Configuration
  dlsw   Data Link Switching
  dnsDomain Name Server lookup
  egpExterior Gateway Protocol
  eigrp  Enhanced Interior Gateway Routing Protocol
  exchange   MS-RPC for Exchange
  fasttrack  FastTrack Traffic - KaZaA, Morpheus, Grokster...
  finger Finger
  ftpFile Transfer Protocol
  gopher Gopher
  greGeneric Routing Encapsulation
  http   World Wide Web traffic
  icmp   Internet Control Message
  imap   Internet Message Access Protocol
  ip IP
  ipinip IP in IP (encapsulation)
  ipsec  IP Security Protocol (ESP/AH)
  ipv6   IPV6
  ircInternet Relay Chat
  kerberos   Kerberos
  l2tp   L2F/L2TP tunnel
  ldap   Lightweight Directory Access Protocol
  llc2   llc2
  napsterNapster Traffic
  netbiosNetBIOS
  netshowMicrosoft Netshow
  nfsNetwork File System
  nntp   Network News Transfer Protocol
  notes  Lotus Notes(R)
  novadigm   Novadigm EDM
  ntpNetwork Time Protocol
  padPAD links
  pcanywhere Symantec pcANYWHERE
  pop3   Post Office Protocol
  pppoe  PPP over Ethernet
  pptp   Point-to-Point Tunneling Protocol
  printerprint spooler/lpd
  qllc   qllc protocol
  rcmd   BSD r-commands (rsh, rlogin, rexec)
  realaudio  Real Audio streaming protocol
  ripRouting Information Protocol
  rsrb   Remote Source-Route Bridging
  rsvp   Resource Reservation Protocol
  rtpReal Time Protocol
  secure-ftp FTP over TLS/SSL
  secure-httpSecured HTTP
  secure-imapInternet Message Access Protocol over TLS/SSL
  secure-irc Internet Relay Chat over TLS/SSL
  secure-ldapLightweight Directory Access Protocol over TLS/SSL
  secure-nntpNetwork News Transfer Protocol over TLS/SSL
  secure-pop3Post Office Protocol over TLS/SSL
  secure-telnet  Telnet over TLS/SSL
  smtp   Simple Mail Transfer Protocol
  snapshot   Snapshot routing support
  snmp   Simple Network Mangement Protocol
  socks  SOCKS
  sqlnet SQL*NET for Oracle
  sqlserver  MS SQL Server
  sshSecured Shell
  streamwork Xing Technology StreamWorks player
  stun   Serial Tunnel
  sunrpc Sun RPC
  syslog System Logging Utility
  telnet Telnet
  tftp   Trivial File Transfer Protocol
  vdoliveVDOLive streaming video
  vofr   voice over Frame Relay packets
  xwindows   X-Windows remote access




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47605t=47605
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: frame relay question [7:47498]

[GEORGE]

Thanks now I get it
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Chuck
Sent: Thursday, June 27, 2002 12:12 PM
To: [EMAIL PROTECTED]
Subject: Re: frame relay question [7:47498]

to the frame switch, each link can have the exact same dlci. if you have
fooled with using cisco routers as frame switches, you will get the idea
how
this is possible. the programming instruction says ( in English ) any
frames using this port are dlci xx and if they are incoming, send them
out
that port as dlci yy

essentially, a frame PCV is a series of links, each of which has a
unique
identifier.

cust_1---dlci_16--port_1_frameswitch_port_2dlci_397---port_7_framesw
itch
_port_9---dlci_120cust_1
cust_2---dlci_16--port_3_frameswitch_port_4dlci_397---port_8_framesw
itch
_port_8---dlci_120cust_2

the only thing that has to be unique in this situation is the port on
the
frame switch. along each link of the pvc, the dlci is unique only to
that
link. If any of these links were carrying multiple PVC's then there
would be
multiple and unique DLCI's for each PVC on that link.

so yes, from the telco standpoint, it is far easier for the switch tech
to
use the same methodology, and far easier for the telco to have some
standard
practice. my experience is the telco's really hate it when customers
start
asking for unique dlci numbering systems. plus it is likely that it will
take longer for your link to get working right, and you will have to
spend
time arguing with the switch tech.



Kelly Cobean  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 You know, this brings up a good question...My company has sites all
across
 the country, and for every spoke site, we were able to get the exact
same
 DLCI, and at the hubs, we were able to get a range of DLCI's in
increments
 of 5 going out to each of the spokes.  How is this possible?  I
completely
 understand that the DLCI is locally significant, and that it only
defines
 the connection between the Frame switch and the customer CPE, but what
are
 the odds of the exact same DLCI on so many different switches being
 available?  Maybe there is something relevant to the fact that the
carrier's
 network is actually using ATM that makes this possible?  Thanks!

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 Chuck
 Sent: Wednesday, June 26, 2002 3:09 PM
 To: [EMAIL PROTECTED]
 Subject: Re: frame relay question [7:47498]


 good questions.

 in theory, you may request any dlci you wish, so long as it is in the
legal
 range for the carrier. this would be numbers 16 through 996? for some,
or
 through 1004? for others

 in fact, if you have a good rapport with your carrier, and they in
turn
have
 their act together, this is common practice.

 OTOH, in my experience, telcos just want to get the work done, and
they
will
 configure the dlci starting with 16 because it's easy to remember. the
 switch techs just bang out their configs with no conscious thought
 intervention.

 if you have nothing fancy going on ( and it appears you don't ) the
only
 required configuration on your router is setting the frame relay
 encapsulation, and setting the ip address. at that point the circuit
will
 come up. you can check this using the show frame pvc, show frame lmi
and
 show ip interface brief commands. lmi will detect and use the single
pvc
 with no other tweaks required. if you have multiple pvcs on a circuit,
you
 would, of course have to use frame map commands, or use point-to-point
 subinterfaces in conjunction with the frame interface-dlci command.

 best wishes.


 GEORGE  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  I have a newbie question, regarding frame-relay. When I order a
frame
  relay circuit for two locations
  Do the telco provide the dlci? Or I make it up? Once the frame relay
is
  installed on both locations I guess using the dlci numbers it makes
the
  connection , besides the ip and all other stuff
  Can someone explain it please
  thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47607t=47498
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

frame relay question [7:47498]

[GEORGE]

I have a newbie question, regarding frame-relay. When I order a frame
relay circuit for two locations
Do the telco provide the dlci? Or I make it up? Once the frame relay is
installed on both locations I guess using the dlci numbers it makes the
connection , besides the ip and all other stuff
Can someone explain it please
thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47498t=47498
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: T1 Cat5 Crossover Pinout (WIC-1DSU-T1) [7:47332]

[George Siaw]

Hi Kevin,

Don't know if this will help but try
rj45-8pin--T1-crossover-rj45-8pin.htm link found on page below:
http://ftp.digi.com/support/techsupport/common/cables/async/

Let us know if it works.


Regards,
George.




-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Kevin Love
Sent: 25 June 2002 01:50
To: [EMAIL PROTECTED]
Subject: T1 Cat5 Crossover Pinout (WIC-1DSU-T1) [7:47332]

Hey Team,

I am trying to pass data through a WIC-1DSU-T1 to test it.  In order to
do
this, I need to put a couple of modular routers back-to-back.  I can
handle
the configuration if I can just get the right cable.  I have cable and a
crimper.  Does anybody have any idea what pinout I would need to use to
do
this correctly?  I have checked Cisco's web site and can't find
anything.

Thanks for your help!

Kevin Love
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47386t=47332
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ISDN Problem [7:47411]

[George Sherman]

I have two routers connect throgh an ISDN switch.
System image file is flash:c2500-js56i-l.121-12.bin
 
When I change the address to 135.11.35.0 /24  I can not ping. I verified
that the call went through
11R3#ping 135.11.35.2
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 135.11.35.2, timeout is 2 seconds:
.
Success rate is 0 percent (0/5)
R11R3#sh isdn act


ISDN ACTIVE CALLS


CallCalling  Called   Remote  Seconds Seconds Seconds
Charges
TypeNumber   Number   NameUsedLeftIdle
Units/Currency


In  8995101 899520136 114   5


 
If I change the address to 135.11.35.0 /27 it works well and if I change
to 135.110.35.0 /24 it works.  I am puzzled any ideas?
 
 
R11R3#sh run int bri0
Building configuration...
 
Current configuration : 182 byte
!
interface BRI0
 ip address 135.11.35.1 255.255.255.0
 dialer string 8995101
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 8995201 8995201
 isdn spid2 8995202 8995202
end
 
 
R11R4#sh run int bri0
Building configuration...
 
Current configuration : 182 bytes
!
interface BRI0
 ip address 135.11.35.2 255.255.255.0
 dialer string 8995201
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 8995101 8995101
 isdn spid2 8995102 8995102
end
 
 
 
HERE IS THE COMPLETE CONFIGURATION:
R11R3#sh run
Building configuration...
 
Current configuration : 1967 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R11R3
!
enable secret 5 $1$LX3.$7TGAHxWdu5Zw8iWCkIHhf1
enable password lab
!
username r4 password 0 r4
!
!
!
!
ip subnet-zero
ip tcp synwait-time 5
no ip domain-lookup
ip host R11R1 135.11.1.1
ip host R11R3 135.11.3.3
ip host R11R4 135.11.4.4
ip host R11R6 135.11.6.6
ip host R11R7 135.11.7.7
ip host R11R8 135.11.8.8
ip host R11R16 135.11.16.16
!
isdn switch-type basic-5ess
!
!
crypto isakmp policy 10
 hash md5
 authentication pre-share
crypto isakmp key cisco address 135.11.34.5
!
!
crypto ipsec transform-set tor7 esp-des
!
crypto map toR7 10 ipsec-isakmp
 set peer 135.11.34.5
 set transform-set tor7
 match address 101
!
!
!
!
interface Loopback0
 ip address 135.11.3.3 255.255.255.0
!
interface Loopback2
 no ip address
!
interface Ethernet0
 ip address 135.11.56.3 255.255.255.0
 crypto map toR7
!
interface Serial0
 no ip address
 shutdown
 no fair-queue
!
interface Serial1
 no ip address
 shutdown
!
interface Serial2
 no ip address
 shutdown
!
interface Serial3
 no ip address
 shutdown
!
interface BRI0
 ip address 135.11.35.1 255.255.255.0
 dialer string 8995101
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 8995201 8995201
 isdn spid2 8995202 8995202
!
router igrp 10
 network 135.11.0.0
!
ip classless
ip http server
!
access-list 101 permit ip host 135.11.3.3 host 135.11.7.7
dialer-list 1 protocol ip permit
!
alias exec ct config t
alias exec sc show controllers serial
alias exec sci show cdp interface
alias exec scn sh cdp neighbor
alias exec sip show ip route
alias exec sipx show ipx route
alias exec cip clear ip route *
alias exec cib clear ip bgp *
alias exec sib show ip bgp
!
line con 0
 exec-timeout 0 0
 password lab
 logging synchronous
 login
line aux 0
 exec-timeout 0 0
 password lab
 logging synchronous
 login
line vty 0 4
 exec-timeout 0 0
 password lab
 logging synchronous
 login
!
end
 
R11R3#
 
R11R4#sh run
Building configuration...
 
Current configuration : 2781 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R11R4
!
enable secret 5 $1$wnCW$4qHyuNAOZk3Z2FYnq7IUG0
enable password lab
!
username cisco password 0 cisco
username r3 password 0 cisco
!
!
!
!
ip subnet-zero
ip tcp synwait-time 5
no ip domain-lookup
ip host R11R1 135.11.1.1
ip host R11R3 135.11.3.3
ip host R11R6 135.11.6.6
ip host R11R7 135.11.7.7
ip host R11R8 135.11.8.8
ip host R11R16 135.11.16.16
ip host R11R4 135.11.4.4
!
isdn switch-type basic-5ess
!
!
!
!
!
interface Loopback0
 ip address 135.11.4.4 255.255.255.0
!
interface Ethernet0
 ip address 135.11.36.4 255.255.255.240
!
interface Serial0
 ip address 135.11.14.4 255.255.255.224
 ip rip send version 2
 no fair-queue
 clockrate 64000
!
interface Serial1
 bandwidth 64000
 ip address 135.11.34.4 255.255.255.248
 encapsulation frame-relay
 ip ospf priority 0
 frame-relay map ip 135.11.34.3 403 broadcast
 frame-relay map ip 135.11.34.5 401 broadcast
 frame-relay lmi-type ansi
!
interface Serial2
 no ip address
 shutdown
!
interface Serial3
 no ip address
 shutdown
!
interface BRI0
 ip address 135.11.35.2 255.255.255.0
 dialer string 8995201
 

rif calculator [7:47444]

[GEORGE]

I saw some time ago a link posted here for  calculating rifs, would
someone kindly e-mail it?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47444t=47444
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

can some please explain me some of this commands [7:47140]

[GEORGE]

Im trying to configure authentication on my routers so far so good ,
however I would not like to have any type of authentication via
console., just in case and also if the tacacs goes down I can still get
in with local account I created.. so far if I place this on the console
line =line con 0 no authentication none
It would let me in , and if I place nothing I get promted for the
username and password on my tacacs , but wont let me enter my enable
password.?
Maybe if I understood each line I could  configure it better...
 
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login local local
aaa authentication login no_tacacs none
aaa authentication enable default group tacacs+ none
aaa authorization exec default group tacacs+ none
aaa authorization network default group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+local




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47140t=47140
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: authentication and router [7:46932]

[GEORGE]

I wouldn't like any username prompt at the console

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Blair, Philip S
Sent: Thursday, June 20, 2002 3:20 PM
To: [EMAIL PROTECTED]
Subject: FW: authentication and router [7:46932]

At the password prompt, if you enter your configured enable password you
get
access?

Sounds like it's working as you have it configured, how did you want it
to
work?

Philip

-Original Message-
From: GEORGE [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 18, 2002 5:37 PM
To: [EMAIL PROTECTED]
Subject: authentication and router [7:46932]


I just configured my router to authenticate with cisco secure every
works ok, except if I try to
Console I get a password promt, and I stop cisco secure I get a password
promt
Now I tried to enter my enable password and wont work
Am I missing something here
 
 
 
aaa new-model
aaa authentication login default group tacacs+ enable
aaa authentication login local local
aaa authentication login no_tacacs enable
aaa authentication ppp default if-needed group tacacs+
aaa authorization exec default group tacacs+ local
aaa authorization network default group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
 
 
 
line con0 
line authentication no_tacacs




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47141t=46932
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

authentication and router [7:46932]

[GEORGE]

I just configured my router to authenticate with cisco secure every
works ok, except if I try to
Console I get a password promt, and I stop cisco secure I get a password
promt
Now I tried to enter my enable password and wont work
Am I missing something here
 
 
 
aaa new-model
aaa authentication login default group tacacs+ enable
aaa authentication login local local
aaa authentication login no_tacacs enable
aaa authentication ppp default if-needed group tacacs+
aaa authorization exec default group tacacs+ local
aaa authorization network default group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
 
 
 
line con0 
line authentication no_tacacs




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46932t=46932
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

help with vpn and pix [7:46487]

[GEORGE]

Hi you all , imp trying to use this config from Cisco web site  
 http://www.cisco.com/warp/public/110/pix3000.htmland I has some
questions.
Suppose if my network has for inside address 10.254.2.1 255.255.255.248
Those the vpn ip pool have to be in the same network as the inside
address, because I only have one ip address left to use and would like
tohave other users use the vpn tunnel
Can I use another network like?
10.0.1.0
Which not use internally?
 
This is a diagram of my network
 (10.254.2.2)  (10.254.2.1)/27
 
7513pix--outside
 |
LAN   |
 Network
10.200.0.0 
 
 
 
Now be looking at Cisco example  they have a permit access-list which
includes the inside network and they specify another network with a /24 
mine is /27 do I have to re subnet?
Imp kind of confused.
Help..




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46487t=46487
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

vpns [7:46259]

[GEORGE]

Im looking for a configuration example between a pix and a 2000
professional?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46259t=46259
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FXS cards - 1751 [7:45977]

[George Siaw]

Guy,

Any ideas why there are only to voice ports to be configured?

Runcorn-1750sh ver
Cisco Internetwork Operating System Software 
IOS (tm) C1700 Software (C1700-K8SV3Y7-M), Version 12.2(8)T1,  RELEASE
SOFTWARE (fc2)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Sat 30-Mar-02 15:07 by ccai
Image text-base: 0x80008108, data-base: 0x80F66930

ROM: System Bootstrap, Version 12.0(3r)T1, RELEASE SOFTWARE (fc1)

Runcorn-1750 uptime is 0 minutes
System returned to ROM by power-on
System image file is flash:c1700-k8sv3y7-mz.122-8.T1.bin

cisco 1750 (MPC860T) processor (revision 0x801) with 36864K/12288K bytes
of memory.
Processor board ID JAD06090DEV (2308858941), with hardware revision 
MPC860T processor: part number 0, mask 32
Bridging software.
X.25 software, Version 3.0.0.
1 FastEthernet/IEEE 802.3 interface(s)
1 ATM network interface(s)
4 Voice FXS interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)

Configuration register is 0x210


Regards,
George.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45977t=45977
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Difference between stacking and interconnecting switches [7:46061]

[George Kallingal]

This may be a very basic question, but can someone explain what is the
difference between stacking and interconnecting.  

I am looking into purchasing two Catalyst 2950T-24s.  Now I know that you
can connect the two catalysts using a crossover cable, but is that using the
uplink port or any of the ethernet ports.  Looking at some of the
documentation for the 2950, I see references to stacking.  

I need to lay off the coffee


George




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46061t=46061
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Using Catalyst 2950 switch [7:46062]

[George Kallingal]

I want to use the Catalyst 2950T-24 in my Windows NT/2000 and Linux network.
According to the specs, it states that it does provide 10/100 autosensing.
I wanted to know if anyone has run into problem with the autosensing
feature.  Or should duplex be hardcoded?

Thanks.

George




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46062t=46062
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PPTP outbound through PIX [7:46078]

[George Kallingal]

Is it possible to allow outbound connection to a Microsoft VPN Server (using
MS PPTP) from a client machine behind a PIX 520 (IOS 5.2)?

If so, what are the commands needed to configure the PIX.

Diagram:


client PC - PIX  Internet --- VPN server


Thanks.

George




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46078t=46078
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

pix and vpn [7:45934]

[GEORGE]

I don't have a vpn accelerator card installed on my pix can I configure
vpn ?
Im trying to configure internet users ability to connect to my internal
network
Probably use this config
http://www.cisco.com/warp/customer/110/pptpcrypto3.html
any suggestions..?
 
 
0: ethernet0: address is 0090.2710.27df, irq 11
1: ethernet1: address is 0090.270d.c12c, irq 10
2: ethernet2: address is 0090.2710.46a2, irq 15
Licensed Features:
Failover:   Enabled
VPN-DES:Enabled
VPN-3DES:   Disabled
Maximum Interfaces: 6
Cut-through Proxy:  Enabled
Guards: Enabled
URL-filtering:  Enabled
Inside Hosts:   Unlimited
Throughput: Unlimited
IKE peers:  Unlimited




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45934t=45934
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

access-list question? [7:45585]

[GEORGE]

If I wanted to apply a access list to allow only  networks from 
192.168.1.0 to 192.168.7.0 and apply it to the vty lines
 
is this correct
 
access-list 101 allow tcp  192.168.1.0 0.0.6.255 eq 23 any
?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45585t=45585
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: Question on Pix and lossing internet conectivity [7:45465]

[GEORGE]

Im going to try it thanks!!!

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, May 30, 2002 5:36 PM
To: [EMAIL PROTECTED]
Subject: RE: Question on Pix and lossing internet conectivity [7:45465]

i had the same problem; it has nothing to do with 5 c classes of ip or
in my
case 1 IP on the outside for X number of internal users. Either
something is
wrong with the pix 6.2 Code, or it has very aggressive timeouts. Some of
the
problems you will see are short time outs on downloads, AIM dying
without
explanation, and people not getting patted when going to the internet.

this fixed my problem... (the timeout XLATE, didnt not fix it, but its
there
because i was not cool with the default of 3HRS)

timeout xlate 6:00:00
timeout conn 12:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
0:05:00 sip 0:30:00 sip_media 0:02:00


even if you have the default 0:00 (never timeout) it still does timeout
like
in one minute.. also nats dont work (really patting)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45567t=45465
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Question on Pix and lossing internet conectivity [7:45465]

[GEORGE]

I recently upgraded my pix to version 6.2 and  lately I noticed that
some users behind the firewall
Complain that they cant access the internet , or as we should say
outside the firewall
Now whats is interesting is that this problem can be fixed by issuing
the following command
 
Clear xlate
Which as I understand clear all translations. Now I have a sufficient
pool of outside ip's assign to all my users to  be exact 5 class C's.
Does anyone here know why this is happening? A particular command can be
enter whitin the pix to fix this clearly this is a issue that has happen
since I installed 6.2
And the only reason for that is because im planning to use N2h2 on the
pix.
Any comments would hep
Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45465t=45465
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

TAACS+ [7:45136]

[GEORGE]

Is there a way to allow only a certain group defined in your taacas
config to access a router or a Cisco device. I'm asking this because im
using taacas for my dialup users and would like to create another group
like techs to have rights to access a Cisco device




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45136t=45136
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ppp multilink over adsl????? [7:44704]

[George Siaw]

Guys,

Will anybody know is ppp multilink is possible over an adsl link and
does it work similar to isdn?

Regards,
George.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44704t=44704
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Logic and Lab Rats [7:44653]

[Hartnell, George]

Shucks, folks, 'most everyone knows that the real world has its moments.

Users.  They generally provide considerable exposure to that which is
perceived as real.

'Course, it's always nice to have a test-bed; but I think lab rat is a
different definition.

So, perhaps to lighten things up, here's a little ditty from the past.
=


Psychologists have recently decided to refrain from using white rats as
experimental animals.  So, instead, they decided to use lawyers.

It seems the psycs wanted to avoid an emotional attachment... ;-)



But, on real-world experience (get the thread!?), the psychological
community found that there was a hidden advantage in the change.


There are some things that white rats just won't do.


Happy M-o-n-d-a-y

Best, G.
VP OCG




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44662t=44653
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Help with pix!! [7:44668]

[GEORGE]

Hi users I was wondering if can someone help me out this this problem I
been experiencing
Users behind the firewall can open a session on this web site
http://www.oit.ohio-state.edu/userpass.html
it has a link to a telnet session to a particular port 1607
I create an access-list allowing some networks to access this site and
the application
I then applied it to the inside interface but no luck.
Here are some commands
I did a nslookup to site itself to figure out the ip address
128.146.60.10




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44668t=44668
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Help..... QPM [7:44519]

[George Siaw]

Guys,

Just wondering if any of you will like know where to download an
evaluation copy of the Quality of Service Policy Manager? An immediate
response will be very much appreciated.


Regards,
George.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44519t=44519
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco CallManager - ip phone registration [7:44530]

[George Siaw]

Would anybody know of how resolve and ip phone which just wouldn't
register to the CCM. I can ping from CCM server and all but it keep
going on and on a registering.

George.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44530t=44530
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco CallManager - ip phone registration [7:44530]

[George Siaw]

Thanks for your response. Checked the phones configs and it's all as
expected i.e. IP's for cm server, tftp server etc are just fine.

Any ideas??

-Original Message-
From: Paul Beckman [mailto:[EMAIL PROTECTED]] 
Sent: 20 May 2002 17:39
To: 'George Siaw'
Subject: RE: Cisco CallManager - ip phone registration [7:44530]

Check you TFTP address.

-Original Message-
From: George Siaw [mailto:[EMAIL PROTECTED]] 
Sent: Monday, May 20, 2002 11:03 AM
To: [EMAIL PROTECTED]
Subject: Cisco CallManager - ip phone registration [7:44530]


Would anybody know of how resolve and ip phone which just wouldn't
register
to the CCM. I can ping from CCM server and all but it keep going on and
on a
registering.

George.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44536t=44530
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco CallManager - IP phone registration [7:44530]

[George Siaw]

The below were the error message spilling out of CM eventvwr. No matter
how many times I resetted the phone, phone registration was rejected by
CM. The resolution however was to search and delete any trace of this
troublesome phone from CM and voila it worked as a clockwork.

Thanks guys!!

Error: DeviceTransientConnection - Transient connection attempt.
  Connecting Port: 2000
  Device name [Optional].: SEP003094C28F86
  Device IP address.: 192.168.0.137
  Device type. [Optional]: 7
  Reason Code [Optional].: 1
  App ID: Cisco CallManager
  Cluster ID: xxx-ccm-Cluster
  Node ID: 192.168.0.65
Explanation: A connection was established and immediately dropped before
completing registration. Incomplete registration may indicate a device
is rehoming in the middle of registration. The alarm could also indicate
a device misconfiguration, database error, or an illegal/unknown device
trying to attempt a connection.
Recommended Action: No action is required if this event was issued as a
result of a normal device rehome.. 


-Original Message-
From: Rogell, Dennis [mailto:[EMAIL PROTECTED]] 
Sent: 20 May 2002 18:44
To: 'George Siaw'
Subject: RE: Cisco CallManager - IP phone registration [7:44530]

Are your phones pointing to the correct call manager, the reason I am
asking
is in my cipt class someone had the phone pointing to the backup instead
of
the primary


Dennis Rogell CNE,NNSS,NNSE, CCNP
nextiraone
Email : [EMAIL PROTECTED]
Phone: (954) 846-5128

 -Original Message-
 From: George Siaw [SMTP:[EMAIL PROTECTED]]
 Sent: Monday, May 20, 2002 09:51
 To:   [EMAIL PROTECTED]
 Subject:  RE: Cisco CallManager - ip phone registration [7:44530]
 
 Thanks for your response. Checked the phones configs and it's all as
 expected i.e. IP's for cm server, tftp server etc are just fine.
 
 Any ideas??
 
 -Original Message-
 From: Paul Beckman [mailto:[EMAIL PROTECTED]] 
 Sent: 20 May 2002 17:39
 To: 'George Siaw'
 Subject: RE: Cisco CallManager - ip phone registration [7:44530]
 
 Check you TFTP address.
 
 -Original Message-
 From: George Siaw [mailto:[EMAIL PROTECTED]] 
 Sent: Monday, May 20, 2002 11:03 AM
 To: [EMAIL PROTECTED]
 Subject: Cisco CallManager - ip phone registration [7:44530]
 
 
 Would anybody know of how resolve and ip phone which just wouldn't
 register
 to the CCM. I can ping from CCM server and all but it keep going on
and
 on a
 registering.
 
 George.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44547t=44530
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Help..... QOS Policy Manager [7:44548]

[George Siaw]

Guys,

I know the below message has already been pasted and I am however back
at it as result of it's urgency. Would anybody know where or how I could
get an evaluation copy of the above product?

Your quick response will be very much appreciated.

Thanks fellas.


-Original Message-
From: George Siaw [mailto:[EMAIL PROTECTED]] 
Sent: 20 May 2002 14:01
To: '[EMAIL PROTECTED]'
Subject: Help. QPM
Importance: High
Sensitivity: Private

Guys,

Just wondering if any of you will like know where to
download an evaluation copy of the Quality of Service Policy Manager? An
immediate response will be very much appreciated.


Regards,
George.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44548t=44548
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

accessing server slow over t1 [7:44355]

[GEORGE]

Hi group I have an issue that has come up , and maybe someone can guide
me in making a design much better.
In my central office I have a ls1010 which connects to several 3810 mc
at each campus , its basically an atm network. My question is how come
when im at the campus it take like a minute to access my server in the
central office. By the way to each location I have t1' and the ls1010 is
in turn connected to a 7500 router via oc3 connection, which in turn has
fast Ethernet cards that go to my lan , server,
How can I speed the access of remote users?
Should I use route maps?
Guarantee bandwith?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44355t=44355
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

as5200 question? [7:44379]

[GEORGE]

I created a local pool for my dialup users. However once the user dial
in he does obtain an unique ip address but his gateway is the same and
he is unable to ping any router or switch or server once inside the
network
How can I change the setting so that he gets a unique gateway?
Any useful links?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44379t=44379
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: 2900 series swithc [7:44092]

[GEORGE]

This is what I have





User Access Verification

Password:
MC-2916XL-56460en
Password:
MC-2916XL-56460#show version
Cisco Internetwork Operating System Software
IOS (tm) C2900XL Software (C2900XL-H-M), Version 11.2(8)SA, RELEASE
SOFTWARE (fc
1)
Copyright (c) 1986-1997 by cisco Systems, Inc.
Compiled Thu 11-Dec-97 11:06 by rheaton
Image text-base: 0x3000, data-base: 0x001A08D0

ROM: Bootstrap program is MALIBU boot loader

MC-2916XL-56460 uptime is 17 weeks, 3 days, 7 hours, 18 minutes
System restarted by power-on
Running default software


cisco WS-C2916M-XL (PowerPC403GA) processor (revision 0x11) with
4096K/1024K byt
es of memory.
Processor board ID FAA0204W019, with hardware revision 0x00
Last reset from power-on
16 Ethernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:E0:1E:DC:F9:80
Configuration register is 0xF

MC-2916XL-56460#

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Daniel Cotts
Sent: Monday, May 13, 2002 3:42 PM
To: [EMAIL PROTECTED]
Subject: RE: 2900 series swithc [7:44092]

Do a sh ver and see what sort of OS is loaded. Then check out the
Software
Center on CCO for release notes and etc. I believe that you can update
your
OS on those switches to Enterprise gratis. Be sure to note how much DRAM
you
have. Older switches had 4MB, newer switches 8MB. Older switches are
approx
14 inches front to back. Newer at about 10.
All the above assumes that you have a 2900XL switch and not a 2901 or
2926.

 -Original Message-
 From: GEORGE [mailto:[EMAIL PROTECTED]]
 Sent: Monday, May 13, 2002 2:37 PM
 To: [EMAIL PROTECTED]
 Subject: 2900 series swithc [7:44092]
 
 
 Im trying to trunk a 2900 switch but does not have the 
 switchport option
 ?
 Can the 2900 series handle trunking?
 Or only the 2900 xl?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44149t=44092
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: 2900 series switch [7:44092]

[GEORGE]

I figured pretty much why I can do trunking on this switch
Imp running a very low ios and basically I cant upgrade because I have 4
mb of ram the minimum is 8 of dram


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, May 14, 2002 2:07 AM
To: [EMAIL PROTECTED]
Subject: FW: 2900 series swithc [7:44092]

This is what I have





User Access Verification

Password:
MC-2916XL-56460en
Password:
MC-2916XL-56460#show version
Cisco Internetwork Operating System Software
IOS (tm) C2900XL Software (C2900XL-H-M), Version 11.2(8)SA, RELEASE
SOFTWARE (fc
1)
Copyright (c) 1986-1997 by cisco Systems, Inc.
Compiled Thu 11-Dec-97 11:06 by rheaton
Image text-base: 0x3000, data-base: 0x001A08D0

ROM: Bootstrap program is MALIBU boot loader

MC-2916XL-56460 uptime is 17 weeks, 3 days, 7 hours, 18 minutes
System restarted by power-on
Running default software


cisco WS-C2916M-XL (PowerPC403GA) processor (revision 0x11) with
4096K/1024K byt
es of memory.
Processor board ID FAA0204W019, with hardware revision 0x00
Last reset from power-on
16 Ethernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:E0:1E:DC:F9:80
Configuration register is 0xF

MC-2916XL-56460#

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Daniel Cotts
Sent: Monday, May 13, 2002 3:42 PM
To: [EMAIL PROTECTED]
Subject: RE: 2900 series swithc [7:44092]

Do a sh ver and see what sort of OS is loaded. Then check out the
Software
Center on CCO for release notes and etc. I believe that you can update
your
OS on those switches to Enterprise gratis. Be sure to note how much DRAM
you
have. Older switches had 4MB, newer switches 8MB. Older switches are
approx
14 inches front to back. Newer at about 10.
All the above assumes that you have a 2900XL switch and not a 2901 or
2926.

 -Original Message-
 From: GEORGE [mailto:[EMAIL PROTECTED]]
 Sent: Monday, May 13, 2002 2:37 PM
 To: [EMAIL PROTECTED]
 Subject: 2900 series swithc [7:44092]
 
 
 Im trying to trunk a 2900 switch but does not have the 
 switchport option
 ?
 Can the 2900 series handle trunking?
 Or only the 2900 xl?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44220t=44092
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

where can i get this ios [7:44222]

[GEORGE]

I  trying to upgrade my cisco 2900 switch and according to the
documentation I need at least 
This ios 11.2(8)SA4 (Enterprise Edition) to be able to run trunking.
However, on Cisco web site I can find it only up to ios 12.0 which I
can't install because I don't have sufficient dram ,4mbs does someone
here have this ios ?or where can I find it




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44222t=44222
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

2900 series swithc [7:44092]

[GEORGE]

Im trying to trunk a 2900 switch but does not have the switchport option
?
Can the 2900 series handle trunking?
Or only the 2900 xl?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44092t=44092
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ios question? [7:43882]

[GEORGE]

I use Cisco routers  and switches  throughout my hole network,. I been
learning as I go and read the posts here so  far I feel confident in
operating certain hardware models .However, we I have a need to
understand more is the ios, from what I read so far each model and
depending on what you planning to configure you would need a certain
ios, being that one would have the required flash and memory. My
question is there are many ios out there for a particular model and most
have for example 12.1(8a)E2 , whatever, which one should I choose, What
does does number mean?. Can someone here explain me this, and if some
one  has some links that goes over basic stuff it would be great




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=43882t=43882
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Pix load balance? [7:42974]

[GEORGE]

Can you load balance to pix firewalls?
Has anyone done this?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=42974t=42974
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Can this be done [7:43000]

[GEORGE]

I have an Nt server with a 350 pci wireless card and network
connectivity .The nt box has a nic to the local network, I would like to
share internet connectivity , via probably a proxy services?
Has anyone done this before, or can point me to a link with a similar
configuration 
thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=43000t=43000
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: Can this be done [7:43000]

[GEORGE]

Turn routing on the proxy? Or on the wireless card, still confused

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Patrick Ramsey
Sent: Wednesday, May 01, 2002 12:53 PM
To: [EMAIL PROTECTED]
Subject: Re: Can this be done [7:43000]

Turn routing on, place the card into adhoc mode, place your other card
into
adhoc mode, set your ssid's/encryption/etc... you should be good to
go...

-Patrick

 GEORGE  05/01/02 02:34PM 
I have an Nt server with a 350 pci wireless card and network
connectivity .The nt box has a nic to the local network, I would like to
share internet connectivity , via probably a proxy services?
Has anyone done this before, or can point me to a link with a similar
configuration 
thanks
  Confidentiality Disclaimer   
This email and any files transmitted with it may contain confidential
and
/or proprietary information in the possession of WellStar Health System,
Inc. (WellStar) and is intended only for the individual or entity to
whom
addressed.  This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable
law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and
may
subject you to criminal and/or civil liability. If you have received
this
email in error, please notify the sender by reply email and then delete
this
email and its attachments from your computer. Thank you.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=43020t=43000
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

n2n2 and pix [7:42852]

[GEORGE]

Has anyone here used filtering with the pix, particular the filtering
product n2n2?
Wanted to inquiry as far as performance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=42852t=42852
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Wanted!! Cisco CallManager 3.1 or 3.2 S/W for H/lab [7:42539]

[George Siaw]

Please reply directed. I am interested in  purchasing a proper CCM CDs
preferably with the installation books. Will pay for shipment and I am
UK based.

George.

P.S.
Anybody sat the 3.2 exams? Your views please.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=42539t=42539
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: MBA or CCIE [7:41809]

[Hartnell, George]

Sagely advice from some good sources, especially the last one.
---

Try not to become a man of success, but rather try to 
become a man of value. - Albert Einstein

Recognition is the greatest motivator. - Gerard C. Eakedale

Sometimes one pays most for the things one gets for nothing. If 
I had my life to live over again, I'd be a plumber. - Albert 
Einstein 

The advantage of a classical education is that it enables you to despise
the wealth which it prevents you from achieving.   Russell Green

The man who starts out simply with the idea of getting rich 
won't succeed; you must have a larger ambition. - John D. 
Rockefeller

I'd like to live as a poor man with lots of money. 
- Pablo Picasso

Money often costs too much. - Ralph Waldo Emerson

The best way to become boring is to say everything. - Voltaire

It's good to shut up sometimes. - Marcel Marceau



Happy Friday!
Best, G.
VP OGC




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=41958t=41809
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: ip/tv [7:41758]

[george gittins]

Hi Larry did you have a chance to send the info to you  ip/tv manager .
he can contact me directly
George Gittins
Internet Systems Manager
Weslaco, Tx 78599
Phone (956)9696557

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Larry Letterman
Sent: Wednesday, April 17, 2002 11:41 AM
To: [EMAIL PROTECTED]
Subject: Re: ip/tv [7:41758]


George,

I'll get the info for you from my IPTV studio manager. He runs several
hundred
iPTV servers for the main campus. As soon as I hear from him I'll forward it
along...

Larry Letterman
Cisco Systems
[EMAIL PROTECTED]
- Original Message -
From: george gittins
To:
Sent: Wednesday, April 17, 2002 11:01 AM
Subject: ip/tv [7:41758]


 I work for a school district and the person who had my position was
working
 in setting up ip/tv .However when i got aboard the capture card is missing
i
 only posses the software. my question is , and for larry letterman , can i
 buy a regular video capture card so i can install ip/tv.will this work?

 George Gittins
 Internet Systems Manager
 Weslaco, Tx 78599
 Phone (956)9696557




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=41978t=41758
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

WANTED!!!! Cisco CallManager Starter Kit [7:41755]

[George Siaw]

Guys,

I have had to revise my earlier request owing to a slight change in my
requirement. The Cisco callmanager starter kit will suffice what I will
like to achieve in a home lab.

So, if anyone has any to sell, by all means reply directly to me.

Cheers - George.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=41755t=41755
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ip/tv [7:41758]

[george gittins]

I work for a school district and the person who had my position was working
in setting up ip/tv .However when i got aboard the capture card is missing i
only posses the software. my question is , and for larry letterman , can i
buy a regular video capture card so i can install ip/tv.will this work?

George Gittins
Internet Systems Manager
Weslaco, Tx 78599
Phone (956)9696557




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=41758t=41758
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

WANTED!! MCS-7822/ COMPAQ DL320 [7:41630]

[George Siaw]

Guys,

I urgently need to buy a secondhand callmanager kit and just wondering
if any of you have one to sell or point me in the right direction.

Thanks -  George.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=41630t=41630
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Written Beta Announcement [7:41340]

[George Bethel]

What do you need it for?  Wanna see if you are still sharp?  You must have
got tired of changing light bulbs.  I ain't heard from Rob since he left.
Guess he is having fun in New Mexico or wherever he is.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Sunday, April 14, 2002 1:39 AM
To: [EMAIL PROTECTED]
Subject: RE: CCIE Written Beta Announcement [7:41340]


How much are the beta exams ?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=41455t=41340
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IE Written [7:41321]

[George Bethel]

I live in the metroplex.  There is work to be had in Dallas.  The
criteria for getting it is more difficult.  By all means go for
the CCIE.  It takes 6-18 months for the sharp people and if it takes
longer don't let it get you down.  One of the best engineers I know
took 7 attempts to pass the lab and the worst CCIE I know passed the
first time.  However, don't think that being a CCIE is the end of your
troubles.  CCIE will lend a little credibility and open some doors,
it is still the experience that counts.



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 12, 2002 10:10 AM
To: [EMAIL PROTECTED]
Subject: IE Written [7:41321]


I hope no one jumps on me about this but I am in Dallas and as most of you
know the market here is horrible.  And that is an understatement.  I am
wanting to go for my IE written in about 3 months but I only have a year of
experience.  I know that is not enough by Cisco standards but it may be my
only option right now for another job.  What do ya'll(had to throw that in)
think my chances are?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=41357t=41321
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

aironet access point 340 [7:41339]

[george gittins]

Wondering where i can find  links to where i can configure the access point
through the  console with command line?

George Gittins
Internet Systems Manager
Weslaco, Tx 78599
Phone (956)9696557




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=41339t=41339
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ip/tv [7:40845]

[george gittins]

im discussing here at my company to deploy ip/tv . has anyone tried it
what do i need. i was reading at cisco web site that you need a nt server
which will have the digitizer card...

George Gittins
Internet Systems Manager
Weslaco, Tx 78599
Phone (956)9696557




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=40845t=40845
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]