Voice
Hi all, I am looking for in depth information of the MGCP protocol any help will be appreciated. Thank you in advance Gil _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Redundant BGP Route Reflector Peers
Hi, Since you are using network statements you need must have the BGP updates in the Routing table so, what you need to do is to redistribute the BGP table into the OSPF table and the OSPF table into the BGP table and then you will be and to advertise the route-reflectors clients with either network statements or through aggregate statement that need only need the updates to appear in the BGP table. Enjoy Gil -Original Message- From: Horton, Jeff [mailto:[EMAIL PROTECTED]] Sent: ??? 13 ? 2001 23:11 To: '[EMAIL PROTECTED]' Subject: Redundant BGP Route Reflector Peers Hello all, I was trying to build a BGP scenario in the lab where I had two routers, R1 R2 that are both route reflectors. R3, R4, and R5 are route-reflector clients. R1 and R2 are both in cluster ID 100. Peer groups are set up for both route reflectors and route reflector clients. The idea was that should R1 or R2 fail, the routes would still be reflected to the clients. R1 and R2 are able to ping R3, R4, and R5 just fine. Loopbacks are 1.1.1.1, 2.2.2.2, 3.3.3.3, etc. On RR clients R3 , R4, and R5 I also have 30.30.30.3, 40.40.40.4, 50.50.50.5 that are advertised in BGP. I seem to have mixed results and I am not quite sure where I have gone wrong. R3 routes seem to be reflected but not R4 or R5. I would appreciate suggestions. Thanks, Jeff R1 router ospf 1 network 1.1.1.0 0.0.0.255 area 0 network 172.168.14.0 0.0.0.255 area 0 network 172.168.125.0 0.0.0.255 area 0 ! router bgp 1 no synchronization bgp cluster-id 100 neighbor reflectors peer-group neighbor reflectors remote-as 1 neighbor reflectors update-source Loopback0 neighbor clients peer-group neighbor clients remote-as 1 neighbor clients ebgp-multihop 255 neighbor clients update-source Loopback0 neighbor clients route-reflector-client neighbor 2.2.2.2 peer-group reflectors neighbor 3.3.3.3 peer-group clients neighbor 4.4.4.4 peer-group clients neighbor 5.5.5.5 peer-group clients no auto-summary ! R2 router ospf 1 network 2.2.2.0 0.0.0.255 area 0 network 172.168.125.0 0.0.0.255 area 0 ! router bgp 1 no synchronization bgp cluster-id 100 neighbor clients peer-group neighbor clients remote-as 1 neighbor clients update-source Loopback0 neighbor clients route-reflector-client neighbor reflectors peer-group neighbor reflectors remote-as 1 neighbor reflectors update-source Loopback0 neighbor 1.1.1.1 peer-group reflectors neighbor 3.3.3.3 peer-group clients neighbor 4.4.4.4 peer-group clients neighbor 5.5.5.5 peer-group clients no auto-summary ! R3 router ospf 1 network 3.3.3.0 0.0.0.255 area 0 network 192.168.23.0 0.0.0.255 area 0 ! router bgp 1 no synchronization network 3.3.3.0 mask 255.255.255.0 network 30.30.30.0 mask 255.255.255.0 neighbor 1.1.1.1 remote-as 1 neighbor 1.1.1.1 update-source Loopback0 neighbor 1.1.1.1 next-hop-self neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 update-source Loopback0 neighbor 2.2.2.2 next-hop-self no auto-summary R4 router ospf 1 network 4.4.4.0 0.0.0.255 area 0 network 172.168.14.0 0.0.0.255 area 0 network 192.168.23.0 0.0.0.255 area 0 ! router bgp 1 no synchronization network 4.4.4.0 mask 255.255.255.0 network 40.40.40.4 mask 255.255.255.0 neighbor 1.1.1.1 remote-as 1 neighbor 1.1.1.1 update-source Loopback0 neighbor 1.1.1.1 next-hop-self neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 update-source Loopback0 neighbor 2.2.2.2 next-hop-self no auto-summary R5 router ospf 1 network 5.5.5.0 0.0.0.255 area 0 network 172.168.125.0 0.0.0.255 area 0 ! router bgp 1 no synchronization network 5.5.5.0 mask 255.255.255.0 network 50.50.50.0 mask 255.255.255.0 neighbor 1.1.1.1 remote-as 1 neighbor 1.1.1.1 update-source Loopback0 neighbor 1.1.1.1 next-hop-self neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 update-source Loopback0 neighbor 2.2.2.2 next-hop-self no auto-summary _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Redundant BGP Route Reflector Peers
Hi, Since you are using network statements you need must have the BGP updates in the Routing table so, what you need to do is to redistribute the BGP table into the OSPF table and the OSPF table into the BGP table and then you will be and to advertise the route-reflectors clients with either network statements or through aggregate statement that need only need the updates to appear in the BGP table. Enjoy Gil -Original Message- From: Horton, Jeff [mailto:[EMAIL PROTECTED]] Sent: ??? 13 ? 2001 23:11 To: '[EMAIL PROTECTED]' Subject: Redundant BGP Route Reflector Peers Hello all, I was trying to build a BGP scenario in the lab where I had two routers, R1 R2 that are both route reflectors. R3, R4, and R5 are route-reflector clients. R1 and R2 are both in cluster ID 100. Peer groups are set up for both route reflectors and route reflector clients. The idea was that should R1 or R2 fail, the routes would still be reflected to the clients. R1 and R2 are able to ping R3, R4, and R5 just fine. Loopbacks are 1.1.1.1, 2.2.2.2, 3.3.3.3, etc. On RR clients R3 , R4, and R5 I also have 30.30.30.3, 40.40.40.4, 50.50.50.5 that are advertised in BGP. I seem to have mixed results and I am not quite sure where I have gone wrong. R3 routes seem to be reflected but not R4 or R5. I would appreciate suggestions. Thanks, Jeff R1 router ospf 1 network 1.1.1.0 0.0.0.255 area 0 network 172.168.14.0 0.0.0.255 area 0 network 172.168.125.0 0.0.0.255 area 0 ! router bgp 1 no synchronization bgp cluster-id 100 neighbor reflectors peer-group neighbor reflectors remote-as 1 neighbor reflectors update-source Loopback0 neighbor clients peer-group neighbor clients remote-as 1 neighbor clients ebgp-multihop 255 neighbor clients update-source Loopback0 neighbor clients route-reflector-client neighbor 2.2.2.2 peer-group reflectors neighbor 3.3.3.3 peer-group clients neighbor 4.4.4.4 peer-group clients neighbor 5.5.5.5 peer-group clients no auto-summary ! R2 router ospf 1 network 2.2.2.0 0.0.0.255 area 0 network 172.168.125.0 0.0.0.255 area 0 ! router bgp 1 no synchronization bgp cluster-id 100 neighbor clients peer-group neighbor clients remote-as 1 neighbor clients update-source Loopback0 neighbor clients route-reflector-client neighbor reflectors peer-group neighbor reflectors remote-as 1 neighbor reflectors update-source Loopback0 neighbor 1.1.1.1 peer-group reflectors neighbor 3.3.3.3 peer-group clients neighbor 4.4.4.4 peer-group clients neighbor 5.5.5.5 peer-group clients no auto-summary ! R3 router ospf 1 network 3.3.3.0 0.0.0.255 area 0 network 192.168.23.0 0.0.0.255 area 0 ! router bgp 1 no synchronization network 3.3.3.0 mask 255.255.255.0 network 30.30.30.0 mask 255.255.255.0 neighbor 1.1.1.1 remote-as 1 neighbor 1.1.1.1 update-source Loopback0 neighbor 1.1.1.1 next-hop-self neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 update-source Loopback0 neighbor 2.2.2.2 next-hop-self no auto-summary R4 router ospf 1 network 4.4.4.0 0.0.0.255 area 0 network 172.168.14.0 0.0.0.255 area 0 network 192.168.23.0 0.0.0.255 area 0 ! router bgp 1 no synchronization network 4.4.4.0 mask 255.255.255.0 network 40.40.40.4 mask 255.255.255.0 neighbor 1.1.1.1 remote-as 1 neighbor 1.1.1.1 update-source Loopback0 neighbor 1.1.1.1 next-hop-self neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 update-source Loopback0 neighbor 2.2.2.2 next-hop-self no auto-summary R5 router ospf 1 network 5.5.5.0 0.0.0.255 area 0 network 172.168.125.0 0.0.0.255 area 0 ! router bgp 1 no synchronization network 5.5.5.0 mask 255.255.255.0 network 50.50.50.0 mask 255.255.255.0 neighbor 1.1.1.1 remote-as 1 neighbor 1.1.1.1 update-source Loopback0 neighbor 1.1.1.1 next-hop-self neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 update-source Loopback0 neighbor 2.2.2.2 next-hop-self no auto-summary _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Voice Over IP
Hi, In regard to the IOS versions, although it is not necessary for the routers to run the same IOS version I have encountered many time handshake problems in cases like yours and in VPN so it is something that worth checking. Gil -Original Message- From: Amit Gupta [mailto:[EMAIL PROTECTED]] Sent: ??? ? 28 ? 2000 07:44 To: [EMAIL PROTECTED] Subject: Voice Over IP Hi everybody, I need assistance on the VoIP problem I am facing : We are planning to have a VoIP setup on the already existing data link between our local and remote office. Both sites have Cisco 3640 routers configured for it. The router on the local site has IOS 11.3(9)T and the remote router has 12.0(5)T1 on it. Is it necessary for the routers at both ends be running a similar version of IOS for the Voice calls to be successful. What kind of upgrade is required? Secondly the loopback test (hairpinning) was successful for the local site but a similar test at the remote site was unsuccessful. Could that be due to any signalling problems ? Thanks Regards Amit __ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco secure IDS
Hi all, I am currently in the process of configuring the machine with the CSPM 2.2, I was wondering if someone from the group has any experience with that machine, although it works I am still having some unresolved issues in that matter. The Sensor, a 4220 IDS machine is snooping the network and it suppose to either reset, block or both. From my tests I have discovered some problems with it operation like: 1. Tcp resets don't work well, it doesn't intercept all the TCP connections and reset them. 2. Connection shunning is very limited and it allows the first connection to pass through. 3. The shunning that the Sensor is issuing aren't port specific. 4. The shunning cannot be configure to be performed on the PIX it self, a thing that limits the effect of the IDS in a very dramatic way. 5. The logging are very poor in details. Those are my impressions and I hope that someone prove me wrong. Waiting for some input Gil CCNA/CCDA/CCSE _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP trainning course (more advancet the better)
HI, Golbalknowledge has a great course in Toronto called Advanced BGP, most recommended. -Original Message- From: Adam Obszynski [mailto:[EMAIL PROTECTED]] Sent: ??? ? 21 ? 2000 12:37 To: [EMAIL PROTECTED] Subject: BGP trainning course (more advancet the better) Is somebody here who nows place when BGP course trainning can be attended ? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS+ PIX command accounting.o
What is your os version? -Original Message- From: Nimesh Vakharia [mailto:[EMAIL PROTECTED]] Sent: ??? 15 ? 2000 05:42 To: '[EMAIL PROTECTED]' Cc: [EMAIL PROTECTED] Subject: TACACS+ PIX command accounting.o I have looked through most of the Cisco Docs and can't seem to find a way to do command accounting/command authorization on the PIX firewall.! any ideas? thanks in advance, Nimesh. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco Local Director Help!!
Hi, I don't really know the local director but I know a lot of other layer 7 switches and how they perform SLB so I will try any way. If I understand correctly you have a couple of web server connected to different vlans, although I don't understand why is that so this configuration can work. The only thing that has to be done is to configure them to work under the same group and VIP after that they will share the same metric and health check configurations. So what is left for you to do is to make sure that all the real servers or how ever they are called in the local director can establish a tcp connection to the VIP and that the health checks are fine and the SLB will should work because of the metric value. I hope it will help GIL -Original Message- From: Wannabe CCIE [mailto:[EMAIL PROTECTED]] Sent: ??? 15 ? 2000 13:47 To: [EMAIL PROTECTED] Subject: Cisco Local Director Help!! Dear All, I have recently configured a Cisco Local Director which load balances between 2 webservers but am having trouble with the cabling,if I divide the switch into 2 Vlans, how do I get the webservers attached to the local director in one Vlan to talk the other Vlan. I hope this explanation is clear..Please feel free to send any form of help whatsoever... Thanx Regards, Miss Bola _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router(boot)
Hi, It means one of two, either your router didn't find the IOS or it booted into the wrong registry state. My guess is that if you will check where your router booted into you will see that you are in registry 0x2148 and not in the normal one 0x2102. After changing it I suggest that you will try to finding out who toughed the router because this registry state is usually used for breaking into the router. I hope it helps Gil -Original Message- From: Itskas [mailto:[EMAIL PROTECTED]] Sent: ??? ??? 11 ? 2000 11:24 To: [EMAIL PROTECTED] Subject: Router(boot) Hi, My router 2513 shows "Router(boot)". Can anyone help me in this regard. -- Regards, Kashif _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Secure IDS
Hi all, I am going to install a Cisco IDS system, the director that I am going to use is the build in CSPM 2.2 one. Does any body have any experience with that system that can share is knowledge with me and give me some pointers. I have installed the CSPM and got it to talk with the sensor but I am still working on how exactly the policy should be configured with the CSPM. Any help will be appriciated. Thank you in advance Gil _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: tough VPN question
Hi, Does the network configured to work with the 10.x.x.x addresses as a C class ? If you do it sometimes cause a lot of problems with NBT so just for argument sake try configuring two computers with a true C class or a True B class and than try. I hope it helps Gil -Original Message- From: Jim Bond [mailto:[EMAIL PROTECTED]] Sent: ??? ? 07 ? 2000 08:19 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: tough VPN question Hello, I'm trying to set up a IPSec between a PIX (branch office) and router (central office). All PCs at branch office share 1 ip address. IPSec seems to be working fine because clients can ping/telnet/email/map drives from/to central office. The problem is they can't logon NT domain. They can ping domain controller though. Any idea why they can't log on NT domain? (The machines were already added to domain) Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
cisco's radius attributes
Hi all, I building a billing system to a a cisco Ras connected to a stillbelted radius and an LDAP server, what I need to know is if any body know what is the specific name for the fixed ip attribute that Cisco uses. Thank you in advance Gil _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP community tagging
Hi, In BGP you can tag routes to ensure consistent filtering or route selection policy, you can tag inbound and outbound updates or when you redistribute and by that select best path. The communities are built out of 32bit value and split in to two parts the first 16 bit contain ASN of the AS that defines community meaning. The second part defines the local meaning. I hope it clears it up for you Gil -Original Message- From: suaveguru [mailto:[EMAIL PROTECTED]] Sent: ??? ??? 27 ?? 2000 11:06 To: [EMAIL PROTECTED] Subject: BGP community tagging hi anyone knows what community tagging is in bgp ? I have people asking me to remove them from community tagging , anyone knows what it is? suaveguru __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: bgp path selection criteria
Hi I hope I understand your problem correctly but I will try, first of all the local preference is a more powerful attribute than the AS_path. There is a significant difference between them, local preference is not a transitive attribute which means that when your update leaves your AS it strips off the local preference value and the other AS will not take it in to account in the path selection, the local preference attribute is only transitive in side the AS. The prepend option is used to "cheat" the other BGP router to think that the way is longer. When using that option you can only hope that there isn't any more powerful attribute than shortest path. There is no attribute that will change other AS's path selection, every AS makes his own paths decision, that's way your local preference setting didn't took effect on the path selection of your clients. I hope it answer your question Gil -Original Message- From: Yee, Jason [mailto:[EMAIL PROTECTED]] Sent: ??? ? 21 ?? 2000 10:39 To: '[EMAIL PROTECTED]' Subject: bgp path selection criteria hi , Anyone here knows which BGP path criteria takes precedence ? AS_PATH or local preference From what I read it is local preference , but in actual fact it is not so , why I said this is because I have a customer who prepends their prefixes many times then advertise them to us but on our side we set local preference to customers' routes to 90 which in fact will always come back to us if we do this but this is not happening Instead the prefixes go to another providers' link because their AS-PATH is shorter why is that so? Jason _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP community tagging
Hi The following is a lab configuration with some comunity and some other BGP staff, I hopw it will help. hostname Lab ! ! ! ! interface Loopback0 ip address 197.12.1.1 255.255.255.0 ! interface Loopback1 ip address 197.12.8.1 255.255.255.0 ! interface Ethernet0 ip address 192.168.20.12 255.255.255.0 media-type 10BaseT ! interface Ethernet1 ip address 192.168.12.50 255.255.255.240 media-type 10BaseT ! router eigrp 12 network 192.168.12.0 network 197.12.1.0 network 197.12.8.0 ! router bgp 65001 bgp confederation identifier 12 bgp confederation peers 65002 65003 65004 aggregate-address 197.12.0.0 255.255.0.0 as-set summary-only attribute-map setcom redistribute eigrp 12 route-map intoBGP neighbor 192.168.20.20 remote-as 20 neighbor 192.168.20.20 send-community neighbor 192.168.20.20 route-map prepend out neighbor 192.168.20.20 unsuppress-map R3R4 neighbor 192.168.20.20 filter-list 12 out neighbor 197.12.2.1 remote-as 65002 neighbor 197.12.2.1 ebgp-multihop 255 neighbor 197.12.2.1 update-source Loopback0 neighbor 197.12.2.1 next-hop-self neighbor 197.12.2.1 send-community neighbor 197.12.2.1 unsuppress-map R1R2 ! ip classless ip bgp-community new-format ip as-path access-list 12 permit ^$ ! access-list 1 permit 197.12.0.0 access-list 10 permit 197.12.0.0 0.0.255.255 access-list 12 permit 197.12.8.0 access-list 12 permit 197.12.1.0 access-list 12 permit 197.12.3.0 access-list 12 permit 197.12.2.0 access-list 34 permit 197.12.5.0 access-list 34 permit 197.12.4.0 access-list 34 permit 197.12.7.0 access-list 34 permit 197.12.6.0 route-map R1R2 permit 10 match ip address 12 ! route-map setcom permit 10 set community 12:100 ! route-map R3R4 permit 10 match ip address 34 ! route-map intoBGP permit 10 match ip address 10 set origin igp ! route-map prepend permit 10 match ip address 1 set as-path prepend 12 12 ! route-map prepend permit ! ! ! line con 0 line aux 0 line vty 0 4 login ! end Enjoy Gil -Original Message- From: suaveguru [mailto:[EMAIL PROTECTED]] Sent: ??? ??? 27 ?? 2000 16:08 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: BGP community tagging thanks I appreciate it , will you be able to give me an example to illustrate what you say? --- [EMAIL PROTECTED] wrote: Hi, In BGP you can tag routes to ensure consistent filtering or route selection policy, you can tag inbound and outbound updates or when you redistribute and by that select best path. The communities are built out of 32bit value and split in to two parts the first 16 bit contain ASN of the AS that defines community meaning. The second part defines the local meaning. I hope it clears it up for you Gil -Original Message- From: suaveguru [mailto:[EMAIL PROTECTED]] Sent: ??? ??? 27 ?? 2000 11:06 To: [EMAIL PROTECTED] Subject: BGP community tagging hi anyone knows what community tagging is in bgp ? I have people asking me to remove them from community tagging , anyone knows what it is? suaveguru __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco design making
Hi all, I was wondering if somebody know (or have) where can I find the block scheme of the Cisco router design making, from the first time the packet enters the router to the time it get out of it. Thank you in advance Gil _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NAT with VPN doesn't work with PIX
Hi, First of all, who is the termination point ? the ROUTER or the PIX ? What kind of VPN client topology you are using, a mode-config or no mode-config, if you are using a mode config what is the ip pool range that you have assigned ??? In the case that you are using a config-mode with nat don't forget to add the "sysopt pl-compatible" command. Second of all, he statement that you wrote about the NAT that it is either enabled or disabled is not correct you can assign an ACL to a nat statement and to determine by it the nat policy. GIL -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: ??? ? 26 ??? 2000 18:32 To: [EMAIL PROTECTED] Subject: NAT with VPN doesn't work with PIX Here's an interesting situation I've run across, and I'm curious to see if anyone has seen anything similar. I've got a PIX firewall that is doing static translation of several servers in our DMZ. These servers each have one NIC, with an inside 172.16.x.x address. On the outside, they have a 64.x.x.x address that works fine. Normally, when people who dial into our network, or are at corporate headquarters query DNS for these servers, they'll get the inside address, 172.16.x.x. When people outside the company query DNS for the same server, they get the outside address 64.x.x.x. This seems to work fine. The problem comes when a user VPN's into our network. They already have a connection with their ISP, and are using the ISP's name servers. Therefore, when they try to resolve our server name, they get the 64.x.x.x address. However, since they are VPN'ed into our network, the 64.x.x.x address is not valid. This problem exists even if we provide them with a DNS server internally...it seems that they resolve from their ISP's servers first. The only thing I've thought of so far is to have two different names for each box, but our developers are screaming about that idea. Is there anyway for the PIX to do address translation on some boxes, but not all? If we could leave these servers in the DMZ with only an outside address, that would be fantastic. Is this possible with PIX? I've been told that address translation is an all or nothing proposition. Thanks for any suggestions yall can provide. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
USER AUTHENTICATION ON PIX FW
Hi all, Doen any body know how to configure cut-through proxy for user authentication on the PIX firewall. I have PIX 515 with OS VERSION 5.1.2. Thanks GIL **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ATM CONFIG
Hi all, I need to configure an ATM connection between two sites. On one site their is a Cisco 7206 router with an ATM card connected to something called ACE a RAD box that connects me to the other side, on the other side their is an ACE box that connect to a Cisco Catalyst 2900XL switch L3 with an ATM card as well. What I need to do is, and I don't have a clue how to do, to configure them both to talk IP. I need your help in configuring it. I tried configuring it in the switch but in the VPI part he is telling me that I can only enter the value of 0. Help will be most appriciated. thank you in advance GIL CCNA/CCDA **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX515 and IPsec
Hi, The only thing that you need to do is to order an activation key form the Cisco web site for the encryption and to enter it when you are upgrading the OS. GIL CCNA/CCDA -Original Message- From: John lay [mailto:[EMAIL PROTECTED]] Sent: ??? ? 12 ?? 2000 15:36 To: [EMAIL PROTECTED] Subject: PIX515 and IPsec Hi Guys, I ordered the PIX515 with the IPsec License. What should I do to enable the IPsec License on the PIX ? Thanx ___ Say Bye to Slow Internet! http://www.home.com/xinbox/signup.html **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: pix
Hi, You need to add a static statement to the internal server but something that goes like that: Static (inside,outside/dmz-I didn't really understood from you mail where it is located) 10.10.1.150 10.10.1.150. The conduit you already have. The static statement that I wrote actually say that IP address can be reach but the appropriate conduit. This is the way I usually do it. GIL CCNA,CCDA -Original Message- From: SH Wesson [mailto:[EMAIL PROTECTED]] Sent: ??? ??? 11 ?? 2000 13:14 To: [EMAIL PROTECTED] Subject: pix I am using a Cisco PIX 520 with an inside interface and an outside interface. I have the following scenario: Internal server has an address of 10.10.1.150, the external server has an ip address of 128.200.111.100. The external server is in the dmz zone. The internal server has been assigned a global address 0f 128.200.111.150 that maps to the inside server of ip address 10.10.1.150. I want the external server of 128.200.111.100 to be able to communicate with the inside server only through port 135. I assigned a static ip address to the inside host with the following command: static (inside,outside) 128.200.111.150 10.10.1.150 netmask 255.255.255.255 0 0 I assigned the permission for the external server to be able to access the inside server only via port 135 using the following command. conduit permit tcp host 128.200.111.100 eq 135 host 128.200.111.150 eq 135 Is this the right way of doing it? If I'm doing it wrong, can someone show me how to do this. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP on 2600?
Hi, It is true that untill now you couldn't install 128MB of DRAM on a 2600 router, but a few weeks ago Cisco lonch another two 2600 router types the 2650 and the 2651 both more powreful routers with more DRAM capacity until 128MB of DRAM a thing you could have done until now only from the 3640 router. BUT NO MORE. GIL CCNA/CCDA -Original Message- From: Aaron Moreau-Cook [mailto:[EMAIL PROTECTED]] Sent: ??? 09 ?? 2000 13:23 To: [EMAIL PROTECTED] Subject: BGP on 2600? I read a few weeks back that someone has a 2600 series router with 128mb RAM in in. Can someone confirm, or deny that you can put 128mb RAM in a 2600? Thanks **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX security manager
As far as I know and i had the same problem you need sp4. GIL CCNA/CCDA -Original Message- From: zhencai [mailto:[EMAIL PROTECTED]] Sent: ??? ? 06 ?? 2000 22:45 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: PIX security manager Dear friends, I'm trying to load PIX security manger 1.1 on a NT4 (SP5) machine but it asked for SP4. I tried to modify NT registry to make security manager think it's dealing with SP4 but no success. Is there a work around? I hate to reload everything. Thanks a lot. Zhen Cai ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
dsl
Hi all, I am quit new in the DSL products so I need some of your help locating a product. I need to know is what's the smallest Cisco routers that has: 1) 1 LAN interface 2) 1 DSL interface 3) Support IOS FW and IPSec 10x GIL CCNA/CCDA ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Subnet Question
It is true in regard of wild-cards. -Original Message- From: Albert Ip [mailto:[EMAIL PROTECTED]] Sent: ??? ? 03 ?? 2000 19:14 To: 'Chuck Larrieu'; Aaron Moreau-Cook; [EMAIL PROTECTED] Subject: RE: Subnet Question Chuck, Just tried it on a 3662 with IOS 12.1T and it didn't work. Rotuer(config-if)#ip address 10.1.1.1 0.255.255.0 Bad mask 0x00 for address 10.1.1.1 Too bad, it would had made a interesting trouble-shooting lab. Albert -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 03, 2000 3:06 AM To: Aaron Moreau-Cook; [EMAIL PROTECTED] Subject: RE: Subnet Question I hate questions like this. Can, May, Always, Never. RFC 1812 strongly discourages this practice. On the other hand, the world won't end if you do. You may even create a permanent income for yourself by setting up your network like this. ;- All the TCP stacks I have worked with allow this on the host side. It occurs to me I've never tried this on a Cisco router, even after the long discussion on the topic a few months ago. Next time I'm in the routers, I'll see what happens and report. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Aaron Moreau-Cook Sent: Saturday, September 02, 2000 5:48 PM To: [EMAIL PROTECTED] Subject:Subnet Question Question taken from the CCNA Exam Cram book by Walters, Rees, and Coe. A subnet mask can have a value of 0.255.255.0 A) True B) False The Cisco answer would dictate that it is false, and in all functionality it is true. Hypothetically though it could be true, I rememeber this discusion a while ago, but I'm looking to see if I am smoking the proverbial crack. Thanks all! Aaron Moreau-Cook Finally taking his CCNA test this coming Friday ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Dialer Interface * VERY URGENT *
Hi, As far as I know you need the dialer in-band to enable the dialer interface. The other command is a parameter for the interface it will disapper as well if you will remive the dialer inband command. GIL -Original Message- From: NRS Hariharan [mailto:[EMAIL PROTECTED]] Sent: ??? ??? 04 ?? 2000 09:08 To: [EMAIL PROTECTED] Subject: Dialer Interface * VERY URGENT * Hi all, I have installed a 2503 router for ISDN dial back for a leased line.The vendor who configured it has included the following commands in the dilaer interface . (1) #dialer in-band and (2) #dialer wait-for-carrier-time 60 Since the above commands should not be used for ISDN i removed them . But when I saved the new config and saw the file,the following commands were also missing fom the dialer interface which was there previously : #dialer idle-timeout #dialer string x Class xx #dilaer hold-queue xx #dialer load-threshold xxx either #dialer-group x and the only commands which were present from the previous config were : #ip address negotiate #no ip directed-broadcast #encapsulation ppp #ppp authentication pap callin #ppp pap sent-user password Can anyone provide a solution for the above Thanks in advance hari Get free email and a permanent address at http://www.netaddress.com/?N=1 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN CLIENT
Hi, I have configured a system which contain net to net VPN with des encryption between a secure PIX and a Cisco router. On each of them I have configured a VPN client connection with extended authentication against a Radius server. The net to net VPN works fine and the clients with the Cisco secure client software works fine as well. What I need is to configure the Windows 2000 IPSEC VPN client and I have no idea how it works, some help will be most appreciated. 10x in advance GIL CCNA/CCDA ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP on Cisco 1601 with 12.0(3)T IOS
What feature pack you are using ??? -Original Message- From: Hans Stout [mailto:[EMAIL PROTECTED]] Sent: ??? ? 31 ?? 2000 03:13 To: [EMAIL PROTECTED] Subject: BGP on Cisco 1601 with 12.0(3)T IOS Hello colleagues, I have two Cisco 1601's running IOS version 12.0(3)T on which I try to implement BGP as a routing protocol. When I am in config mode, I can see that BGP is an option, but when I type 'router bgp 10', the system returns 'unknown routing protocol'. Are there any special requirements to run BGP ? Thanks for your help in advance ! Regards, Georg Pauwen _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Activation Key
Hi, Just login first. http://www.cisco.com/kobayashi/sw-center/internet/pix-56bit-license-request. shtm GIL CCNA/CCDA -Original Message- From: Parris, Brian [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 29, 2000 8:29 PM To: '[EMAIL PROTECTED]' Subject: Activation Key Can somebody tell me how to get an activation key for VPN-Des so I can set up my PIX with VPN. I tried [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] but that was 2 days ago and still haven't gotten a reply. Thanks, Brian ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: qn on ospf
I agree with you, as far as I know area 0 is the backbone area and can not be configured as a stub area. GIL CCNA/CCDA -Original Message- From: Andrew Larkins [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 30, 2000 12:13 PM To: Yee, Jason; '[EMAIL PROTECTED]' Subject: RE: qn on ospf From what I have read, I believe that area 0 can not be a stub Regards Andrew -Original Message- From: Yee, Jason [mailto:[EMAIL PROTECTED]] Sent: 30 August 2000 11:39 To: '[EMAIL PROTECTED]' Subject: qn on ospf hi, anyone can help with this : Router r1 uses a subnet mask 255.255.255.0 and sits on a boundary of area 0 and area 1 based on the sample router configuration : Router ospf 76 network 145.12.32.0 0.0.15.255 area 1 network 145.12.96.0 0.0.15.255 area 0 Area 0 range 145.12.96.0 255.255.224.0 Area 1 range 145.12.32.0 255.255.224.0 Identify the true statements An interface on this router with the addr 145.12.32.124 is in area 1 All networks within the range 145.12.64.0 to 145.12.95.0 will be summarized from area 0 into area 1 All networks within the range 145.12.32.0 to 145.12.63.0 will be summarized from area 1 into area 0 Area 0 can act as a stub or transit area for routes including networks in the range 145.12.96.0 to 255.255.224.0 The effect of the 4th line is reduce the number of route table entries thanks ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: cannot see route in bgp table?
Hi, Your problem is as follows: 1.First you need to do a different test in order for you to see your own networks in the BGP table and it goes like that "show ip bgp neighbors *.*.*.* (peer ip) advertised-routes". If you still don't see you advertisements add the following statments: ip route 202.77.96.0 255.255.224.0 null 0, because you are using the network statments and network statments only advertise the routes that are in the routing table, so with the route to null you make sure that those networks are always in the routing table even if those networks are unavailable. GIL CCNA/CCDA -Original Message- From: Yee, Jason [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 29, 2000 7:46 AM To: '[EMAIL PROTECTED]' Subject: cannot see route in bgp table? Dear Sir, Here is the configuration for our router. The problem is that, we cannot see our Class-C Network (202.77.96-202.77.127) in BGP routing table: KARG1sh ip bgp 202.137.0.0 BGP routing table entry for 202.137.0.0/20, version 2 Paths: (1 available, best #1, table Default-IP-Routing-Table) Advertised to non peer-group peers: 202.161.128.181 Local 202.137.2.174 from 0.0.0.0 (202.137.2.134) Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, local, best KARG1sh ip bgp 202.77.96.0 % Network not in table These Class-C Network cannot go to outside world. attatched is my router configuration C7200-confg.txt This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Firewall user connections
They mean the number of concurrent connection. GIL CCNA/CCDA -Original Message- From: Hans Stout [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 29, 2000 1:11 PM To: [EMAIL PROTECTED] Subject: PIX Firewall user connections Hi colleagues, I have a question regarding the PIX Firewall: when they mention the number of user connections, what does that actually mean ? Does e.g. the 520 model allow 250,000+ user to be connected simultaneously ? Also, the new 506 PIX model does not specify the number of user connections allowed, does this mean that there is no limit ? Thanks for your help in advance. Georg Pauwen _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Origin attribute in bgp
Hi, When you talk about BGP's origin it means, from where the route was taken and placed into the BGP table, if the paths are originated via IGP,EGP or incomplete. When a route is injected into BGP Via redistribution, statically or dynamically, the origin of the route will be incomplete because when you redistribute you loose all the information of the update and it is being marked as a question mark. * 212.117.151.1730 9116 5585 8584 i * 212.150.206.0/23 212.150.56.5 179207680 0 8584 i * 212.150.221.0212.150.56.5 0 0 8584 i * 212.150.228.0/22 212.150.56.5 179207680 0 8584 i * 212.117.151.1730 9116 5585 8584 i * 212.179.0.0/17 212.117.151.1730 9116 5585 8551 i * 212.179.128.0/19 212.117.151.1730 9116 5585 8551 i * 212.179.160.0/19 212.117.151.1730 9116 5585 8551 i * 212.179.192.0/19 212.117.151.1730 9116 5585 8551 i * 212.179.224.0/19 212.117.151.1730 9116 5585 8551 i * 213.8.0.0/16 212.117.151.1730 9116 5585 5486 i * 213.8.108.0/22 212.117.151.1730 9116 5585 5486 i * 213.8.202.0/23 212.117.151.1730 9116 5585 5486 ? * 213.8.208.0/21 212.117.151.1730 9116 5585 5486 ? * 213.57.0.0/16212.117.151.1730 9116 5585 8584 12849 i * 216.72.32.0/21 212.150.56.5592384 0 8584 i * 212.117.151.1730 9116 5585 8584 i * 216.72.40.0/22 212.150.56.5592384 0 8584 i * 212.117.151.1730 9116 5585 8584 i The origin attribute is one of the most powerful decision making attributes, he is the second most powerful one. There is the capability of controlling the origin with a set origin command through a route map as followed: access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 permit ip 197.7.0.0 0.0.255.255 any ! route-map BGP permit 10 match ip address 101 set origin igp You can configure it for specific networks with an ACL or for AS's with regular expressions in an as path list. I hope it helps GIL CCNA,CCDA -Original Message- From: Yee, Jason [mailto:[EMAIL PROTECTED]] Sent: Monday, August 28, 2000 8:34 AM To: '[EMAIL PROTECTED]' Subject: Origin attribute in bgp hi , Anyone knows what the origin attribute in bgp used for and how is it used? thanks Jason ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Origin attribute in bgp
When you talk about BGP's origin it means, from where the route was taken and placed into the BGP table, if the paths are originated via IGP,EGP or incomplete. When a route is injected into BGP Via redistribution, statically or dynamically, the origin of the route will be incomplete because when you redistribute you loose all the information of the update and it is being marked as a question mark. * 212.117.151.1730 9116 5585 8584 i * 212.150.206.0/23 212.150.56.5 179207680 0 8584 i * 212.150.221.0212.150.56.5 0 0 8584 i * 212.150.228.0/22 212.150.56.5 179207680 0 8584 i * 212.117.151.1730 9116 5585 8584 i * 212.179.0.0/17 212.117.151.1730 9116 5585 8551 i * 212.179.128.0/19 212.117.151.1730 9116 5585 8551 i * 212.179.160.0/19 212.117.151.1730 9116 5585 8551 i * 212.179.192.0/19 212.117.151.1730 9116 5585 8551 i * 212.179.224.0/19 212.117.151.1730 9116 5585 8551 i * 213.8.0.0/16 212.117.151.1730 9116 5585 5486 i * 213.8.108.0/22 212.117.151.1730 9116 5585 5486 i * 213.8.202.0/23 212.117.151.1730 9116 5585 5486 ? * 213.8.208.0/21 212.117.151.1730 9116 5585 5486 ? * 213.57.0.0/16212.117.151.1730 9116 5585 8584 12849 i * 216.72.32.0/21 212.150.56.5592384 0 8584 i * 212.117.151.1730 9116 5585 8584 i * 216.72.40.0/22 212.150.56.5592384 0 8584 i * 212.117.151.1730 9116 5585 8584 i The origin attribute is one of the most powerful decision making attributes, he is the fourth most powerful one. There is the capability of controlling the origin with a set origin command through a route map as followed: access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 permit ip 197.7.0.0 0.0.255.255 any ! route-map BGP permit 10 match ip address 101 set origin igp You can configure it for specific networks with an ACL or for AS's with regular expressions in an as path list. I hope it helps GIL CCNA,CCDA -Original Message- From: Yee, Jason [mailto:[EMAIL PROTECTED]] Sent: Monday, August 28, 2000 8:34 AM To: '[EMAIL PROTECTED]' Subject: Origin attribute in bgp hi , Anyone knows what the origin attribute in bgp used for and how is it used? thanks Jason ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: hold time and keepalive interval in BGP?
Hi, Their are two sets of values one is Cisco's default and the other is of the RFC's. Cisco: Connect Retry: 120sec. Hold-time: 90sc. keepAlive: 30sec. RFC: ConnectRetry: 120sec. Hold-time: 180sec. KeepAlive: 60sec. Gil CCNA,CCDA -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] Sent: Sunday, August 27, 2000 10:52 PM To: [EMAIL PROTECTED] Subject: Re: hold time and keepalive interval in BGP? Does anybody know the default value of hold time and keepalive interval in BGP4? Have you looked at the RFC? What problem are you trying to solve by changing these timers? There's quite a bit of thought that goes into the default values, and it may be more appropriate to use other protocol mechanisms rather than changing timers. Route flap dampening, for example, interacts heavily with the keepalive and hold timers. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP !!!
Title: BGP !!! Hi, First of all BGP is NOT distance vector protocol nor link state, it is a path vector protocol. Second it is not a routing protocol, routing tables and bgp tables are two different thing. I hope it clears some things. Gil CCNA/CCDA -Original Message-From: Raees Ahmed Shaikh [mailto:[EMAIL PROTECTED]]Sent: Monday, August 28, 2000 2:48 PMTo: '[EMAIL PROTECTED]'Subject: BGP !!! I was always hearing about the great BGP as a very scalar protocol with lots of advantages, and suddenly I was a little shocked to learn that it was a variant of the distance-vector-protocol I have read many books praising the qualities of link-state protocols and mentioning the disadvantages of distance vector protocols I am a bit confused as a matter of preference what should I generally speak about distance vector protocol V/s Link state protocols. Lots of lessons and surprises to be learnt more, Thanks and Regards, Pls .If somebody can elaborate and explain that will be great. Shaikh Raees Ahmed, Microsoft Certified Systems Engineer, Cisco Certified Network Associate, Systems Network, IT Division.
RE: BGP Remote router ID
The remote router ID is 10.9.1.2, the router uses as his router ID the lowest ip address of the loopback as his router ID if their is no loopbacks he goes to the lowest ip address of one of the interfaces. Gil -Original Message- From: Lists Wizard [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 24, 2000 6:21 PM To: [EMAIL PROTECTED] Subject: BGP Remote router ID Hello to all, what is the remote router ID in the output of the command bellow. GSR16#sh ip bgp neighbors BGP neighbor is 192.168.6.2, remote AS 65500, external link Index 1, Offset 0, Mask 0x2 BGP version 4, remote router ID 10.9.1.2 Thanks This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NO. of CCIE
From where you bring that number ?? Last I checked in the Cisco site there was a little over 4000. -Original Message- From: Gavin Payne [mailto:[EMAIL PROTECTED]] Sent: Sunday, August 27, 2000 10:46 AM To: 'wind'; [EMAIL PROTECTED] Subject: RE: NO. of CCIE Thats the number of CCIE's with specialisations. Apparently there are over 30,000 normal CCIEs -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of wind Sent: 27 August 2000 08:46 To: [EMAIL PROTECTED] Subject: NO. of CCIE Hi; I checked with Cisco web site, they indicated that the no. of CCIE is just 4996. As of July 31, 2000. http://www.cisco.com/warp/public/625/ccie/ccie_program/ccie_pr esent.html Thanks Vincent Chong CCxx ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Global Pool addresses on PIX
Hi, You can not do such a thing because you are assigning those addresses twice and it cause conflicts. Just imagine to path of the packet and the header of the packet how will it the PIX know how to treat it ??? GIL -Original Message- From: Wibowo Nur Susetio [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 23, 2000 5:05 AM To: '[EMAIL PROTECTED]' Subject: Global Pool adrresses on PIX Dear CISCO'ers May I define a global pool addresses that has already defined for static global address, what the effect for this configuration. Is there any rule to making a global pool and PAT address?? Please advise ... global (outside) 1 209.165.201.101-209.165.201.110 netmask 255.255.255.240 static (dmz1,outside) 209.165.201. 101 192.168.1.15 netmask 255.255.255.255 0 0 static (dmz1,outside) 209.165.201. 102 192.168.1.16 netmask 255.255.255.255 0 0 static (dmz1,outside) 209.165.201. 105 192.168.1.10 netmask 255.255.255.255 0 0 static (dmz1,outside) 209.165.201. 110 192.168.1.11 netmask 255.255.255.255 0 0 access-list acl_out permit tcp any host 209.165.201.101 eq smtp access-list acl_out permit tcp any host 209.165.201.102 eq smtp access-list acl_out permit tcp any host 209.165.201.105 eq www access-list acl_out permit tcp any host 209.165.201.110 eq domain access-group acl_out in interface outside I looking forward to hearing from you all Thank you WNS ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN access with NT domain login
Hi, You can not do directly but what you can do is to install some kind of RADIUS or TACACS+ on you domain controller and configure it to take his user database from the NT. GIL -Original Message- From: Todd Plambeck [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 23, 2000 8:36 AM To: [EMAIL PROTECTED] Subject: VPN access with NT domain login I have a PIX-515 terminating VPN tunnels. The configuration is working fine, but would like to know if it is possible to have each user authenticate with the domain controller. The goal is to have each remote user logon to the domain to access the domains resources. Any suggestions would be greatly appreciated. Todd ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Default Route in BGP
Hi, You can also send your peer a gateway with a the MED command. GIL -Original Message- From: Pablo Thoma [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 17, 2000 9:43 AM To: [EMAIL PROTECTED] Subject: Re: Default Route in BGP Or you can use the router bgp config command: default-information originate which does the same as 1) but for all neighbors. Luobin Yang wrote: I remember somebody mentioned how to create default routes in BGP4. I found the following way to inject default routes into BGP. 1. use the command default-originate. this command is used in the neighbor command. It originates a default route for the neighbor bgp speaker. 2. use the network 0.0.0.0 under bgp router configuration context, make sure the default route has been defined statically. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: crypto cisco pregen-dh-pairs
What command?? -Original Message- From: Ajaz Nawaz [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 16, 2000 3:33 PM To: [EMAIL PROTECTED] Subject: crypto cisco pregen-dh-pairs BTW I sorted the 40 bit des encryption. Now what does the above command do ? ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX
Hi, PIX's failover is the same box and the same software but different activation key. GIL CCNA CCDA -Original Message- From: Atif Awan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 16, 2000 11:24 PM To: [EMAIL PROTECTED] Subject: PIX does anyone know whether a failover is a separate PIX box or is it the same box with a different software ? Regards Atif ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Why couldn't ping to this address?
It is probably because you don't have routes to the ip addresses of the loopback interfaces and when you are pinging in a standard manner you are pinging with the source ip address of the ethernet, when you are pinging with extended the remote peer don't have a route back to the source ip address. I hope it helps and I hope I got the full picture. GIL CCNA,CCDA -Original Message- From: Brian [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 17, 2000 4:08 PM To: Luobin Yang Cc: [EMAIL PROTECTED] Subject: Re: Why couldn't ping to this address? On Thu, 17 Aug 2000, Luobin Yang wrote: I have the following problem, two routers are connected by ethernet. Here are my configurations for RouterA and RouterB RouterA: interface ethernet0 ip address 172.16.20.1 255.255.255.0 no shut int loopback0 ip address 192.68.11.1 255.255.255.0 router bgp 1 neighbor 172.16.20.2 remote-as 1 network 192.68.11.0 mask 255.255.255.0 RouterB: interface ethernet 0 ip address 172.16.20.2 255.255.255.0 no shut int loopback0 ip address 192.68.1.1 255.255.255.255 router bgp 1 neighbor 172.16.20.1 remote-as 1 When i use extended ping from 192.68.1.1 to 192.68.11.1 , it failed. But if i use standard ping from RouterB to 192.68.11.1 , it works. Does anybody know the reason why? How is RouterA suppose to know how to get to 192.68.1.1 (The return packets)? Do you think BGP is going to do that for you? Try "sh ip bgp neigh 172.16.20.1 adv" on Router B..does it show its advertising 192.68.1.1? Probably not. You should add a network statment so that it gets advertised. Also your mask on RouterA is 255.255.255.0 for the loopback (do you really need to bind an entire /24 to loopback)? On routerB its just a /32...stick with /32's or non-overlapping networks imho Brian ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- Brian Feeny, CCNA, CCDA [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Catalyst Upgrade
Hi, As far as I know you can not becouse the hardware is diffarent. GIL -Original Message- From: Saud Shaikh [mailto:[EMAIL PROTECTED]] Sent: Monday, August 14, 2000 8:42 AM To: [EMAIL PROTECTED] Subject: Catalyst Upgrade Can the Standard Edition on a Cisco Catalyst 1924 be upgraded to Enterprise Edition for VLAN config and CLI. Can anyone describe the upgrade process. Thanx Saud ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: help DDR trap
Are they located on the same segment and if they do, do they both share the 50.0.0.0 as a supernet ??? GIL -Original Message- From: bujie [mailto:[EMAIL PROTECTED]] Sent: Friday, July 28, 2000 10:00 AM To: [EMAIL PROTECTED] Subject: help DDR trap Please Two routers's serial interfaces encapsulated with ppp, async physical layer,dialer in-band ,dialer group 1,dialer-list 1 protocol ip permit , dial string 123, async dynamic routing,line chat-script,async mode dedicate, eigrp 50.0.0.0, They can connect. But one router can not get the other's route table! Why? ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Is there a command to test a connection using a specific port
First I guess you tried it but remove just for the test the ACL and see if you are still being blocked if you do couple of things are possible, first the services is not running properly try telneting the localhost to that TCP port (I am assuming it is a TCP port), second it might be a queuing problem if you are using queuing. If you see that ACL is the problem it is possible that the order of the ACL statments are in conflict or the returning port is being blocked, you can try adding a log to the ACL statments. You can test the connection with a specific port by just using telnet x.x.x.x y y=port number (only TCP) For your second question yes you can apply ACL's on switches but only L-3 switches and with certain OS. I hope it helps GIL CCNA,CCDA -Original Message- From: Chee Tong Sim [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 09, 2000 8:00 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Is there a command to test a connection using a specific port Dear friends, 1)Is there a command to test a connection using a specific port? I have a X windows client which was removed from segment to another in the remote site, the client use specific port to talk to server after the relocation, the client cannot talk to the server in our site. But we can ping to the client from our site, so we suspect the access list problem Because there are too many router in between and two back bone switch, we checked all access list but nothing found wrong. Is there a cisco command to test a connection between two site using specific port?? 2) I have a back bone switch with RSM module, so I have two configuration file, 1 for router and 1 for switch. I understand the router module but not switch module. Can access-list applied on the switches module?? or is there a way to block the specific port connection in the switches module?? Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
do somebody know question
Well hello again all Do somebody happen to know what the compress command on the serial interface means ?? 10x GIL CCNA,CCDA ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 10 gigabit ethernet and wireless lan
Hi, You can try looking for it in the following link: http://www.cisco.com/networkers/nw99_pres/index.htm#extendingciscoiosinfrast GIL CCNA, CCDA -Original Message- From: bahadir korkmaz [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 10, 2000 3:15 PM To: [EMAIL PROTECTED] Subject: 10 gigabit ethernet and wireless lan hi. is there someone who has power point presentations about 10 gigabit ethernet and wireless lans. thanks. Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Static, Conduit question.
Hi, I suppose these aren't the real addresses and the real addresses are valid ones what actualy you did hear is allowed every one to reach those addresses, but you need to disable the nat with NAT 0 command or if these are the real addresses to use static nat statments. I hope it helps.. GIL CCNA,CCDA -Original Message- From: Richard Tran [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 10, 2000 7:37 AM To: [EMAIL PROTECTED] Subject: PIX: Static, Conduit question. We have an ip address(a.b.c.d) registered with an internet domain name. This domain is served both as our email and website domain. We have one internal web(192.168.1.222) and one internal mail server(192.168.1.223). I have a question about the pix configuration below. static (inside,outside) a.b.c.d 192.168.1.222 netmask 255.255.255.255 0 0 static (inside,outside) a.b.c.d 192.168.1.223 netmask 255.255.255.255 0 0 conduit permit tcp host a.b.c.d eq www any conduit permit tcp host a.b.c.d eq smtp any Is this the right configuration for the pix to redirect the appropriate traffic to the internal servers? Any response is greatly appreciated. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Booting In Bootrom with the TFTP command (Urgent)
Hi, It seems like your image is corrupted and you lost the ability to load it my suggestion is load it with XMODEM if you need the procedure send me an E-mail and I will get it for you. GIL CCNA,CCDA -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 09, 2000 6:57 PM To: [EMAIL PROTECTED] Subject: Booting In Bootrom with the TFTP command (Urgent) Scenario: A Cisco 2500 series router boots in bootrom mode, has serial link connectivity, but no images found in flash. Flash is presently in RO mode. We attempt to bring the IOS onto the box, but fail. We believe the flash is fubarred. Any attempts to tftp fail w/ "not programmable" We believe that this is due to the RO limitaion of the present flash memory. There is the limitation of the 2500 series where the image is run from flash, not NVRAM. Is our presumption correct about the corrupt Flash module? Excerpt from techs worklog. I had the site console into the router and remove the aaa new-model settings. I was then able to telnet into the router via the s0 interface. The router was in boot mode. I checked the flash and there wasn't an image there. I tried to TFTP a new image over but I got and error message (ERR: Device in READ-ONLY state) so I believe that the flash was damaged by the lightning hit. I inserted a "boot system tftp" command into the config so the router could use the IOS image from site. I reloaded the router. I can't telnet to it anymore, but I can ping the serial. on site the TFTP-server process is using 2.34% of the cpu, so it appears to be sending the image over. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Network Drawing Program
There is an Israeli company named NETFORMX that have an excellent product to do just that check their product on there web site www.netformx.com GIL -Original Message- From: Evan You [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 08, 2000 10:41 PM To: [EMAIL PROTECTED] Subject: Network Drawing Program Hi all, I am in the process of looking for a program that will draw a network based on a database information. Basically, I have thousands of circuits mostly leased lines and FR that I need to draw to do analysis work. I am looking to diversify as much of the network as possible so there is not a single point of failure in the network. Currently, we are using a database system that has all the circuit information but it's very cumbersome to analyze. If I am able to see the circuits drawn automatically on demand it would be a lot easier. For example, if I wanted to see all circuits that went into a specific sets of common equipment (router, ATM switch, FRADS, MUXES, DXCs) then I could easily see the single points of failure in a network. I've looked into Granite Systems but they are too expensive and there is a limitation on the total numbers of circuits can be drawn at once. If anyone knows of any other application, I would be greatly appreciated. Thanks, Evan You - CCNA ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: about dialer rotary group
Hi, The dialer rotary group binds the interface to the dialer which you created. interface Group-Async1ip unnumbered FastEthernet0/0encapsulation pppdialer in-banddialer idle-timeout 3600dialer rotary-group 1async mode interactivepeer default ip address pool SUPERno fair-queueno cdp enableppp authentication chap pa multilinkgroup-range 65 94!interface Dialer1ip unnumbered FastEthernet0/0encapsulation pppno ip mroute-cachedialer in-banddialer idle-timeout 3600dialer-group 1peer default ip address pool SUPERno fair-queueno cdp enableppp authentication chap pa multilink If you will take a look of the attached statments you can see that the rotary group statments are being used to point to the dialer which means that the interface will use the dialer config file as well. I hope it helps GIL CCNA, CCDA -Original Message-From: gary [mailto:[EMAIL PROTECTED]]Sent: Wednesday, August 09, 2000 9:31 AMTo: [EMAIL PROTECTED]Subject: about dialer rotary group I am studying the BCRAN, there is"dialer rotary group, andone can tell me what does dialer rotary group mean
RE: Strange Problem.
Hi, what in the topology ?? -Original Message-From: net974 at Yahoo [mailto:[EMAIL PROTECTED]]Sent: Wednesday, August 09, 2000 7:11 AMTo: [EMAIL PROTECTED]Subject: Strange Problem. Hi, I'm facinga strang problem in my network. Suddenly all the computer disapper from the network neghibour hood, but when I ping the system they respond back. After some time all the thing come back to normal. all system then available in the network. What could be the reason for this how i can sort it out. TIA GmThis email was scanned using ESPG @ PubliCom Haifa.
RE: erased flash
What it means is that the bootstrap cannot find the IOS file on the flash and the system can not open it probably the binary file is corrupted just download another into the router, you can do it with XMODEM. GIL CCNA, CCDA -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 09, 2000 12:28 PM To: [EMAIL PROTECTED] Subject: erased flash Hi all, I need a help from you guys. I have a problem with one of the cisco router(1700 series). The router automatically goes into rommon mode and says that "can not open flash: unable to determine flash: The flash is corrupted or what? What can be the cause of this problem Thanks in advance Hitesh ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
trunk
Hi all, I need help in configuring a trunk built out of two fastEthernet ports on a Cisco 7206 router..can somebody please advise. 10x GIL ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router Security commands
I recommend to disable source routing and the following services: tcp and udp small server, the finger service and the CDP. All of the above are tools that can be use for getting information on your network, hack into it and crash it. have a good day GIL -Original Message- From: Donald B Johnson Jr [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 01, 2000 2:23 AM To: John lay; [EMAIL PROTECTED] Subject: Re: Router Security commands The ip redirects will stop icmp redirects that your router will perform. The ip directed-broadcast will stop passing broadcasts as unicast. There are about 6 or 7 ports passe. The ip proxy-arp will stop the router from routing for a host that doesn't have a gateway configured. Duck - Original Message - From: John lay [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, July 29, 2000 1:47 PM Subject: Router Security commands Guys, The following are recommended commands to be confgiured on all operating interfcases or a router. Could someone explain it to me or give me a URL which clairfy them. no ip redirects no ip directed-broadcast no ip proxy-arp Thanks a lot ___ Say Bye to Slow Internet! http://www.home.com/xinbox/signup.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
