from:"Greg Reaume"

Re: VLAN routing on 2600

2001-02-05 Thread Greg Reaume


Don't forget the 2650 series as well  plus IOS.

""Groupstudy"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> The 2620 and 2621 have fast ethernet ports and support trunking with IP
Plus
> IOS.
>
> - Original Message -
> From: Kevin Wigle <[EMAIL PROTECTED]>
> To: Daniel Cotts <[EMAIL PROTECTED]>; 'kz' <[EMAIL PROTECTED]>;
> <[EMAIL PROTECTED]>
> Sent: Saturday, February 03, 2001 8:13 PM
> Subject: Re: VLAN routing on 2600
>
>
> > except 2600's don't do the fe thing..
> >
> >
> > - Original Message -
> > From: "Daniel Cotts" <[EMAIL PROTECTED]>
> > To: "'kz'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> > Sent: Friday, 02 February, 2001 10:26
> > Subject: RE: VLAN routing on 2600
> >
> >
> > > Those with 100Mbs ports.
> > >
> > > > -Original Message-
> > > > From: kz [mailto:[EMAIL PROTECTED]]
> > > > Sent: Friday, February 02, 2001 4:33 AM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: VLAN routing on 2600
> > > >
> > > >
> > > > Hi
> > > >
> > > > Is it possible to perform VLAN routing on 2600 routers?
> > > >
> > > > thanx
> > > > kz
> > > >
> > > > _
> > > > FAQ, list archives, and subscription info:
> > > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct
> > > > and Nondisclosure violations to [EMAIL PROTECTED]
> > > >
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX, VPN & DHCP

2001-02-15 Thread Greg Reaume


Hi All,

I was wondering if it's possible to forward DHCP packets through a PIX-PIX
VPN tunnel?  I have 1 DHCP server and would like to start using it for my
branch offices seeing as they have more problems with DHCP and no IT staff
to support it.

I haven't found any documentation on this.  Has anyone done this?

Thanks in advance,

Greg


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX, VPN & DHCP

2001-02-19 Thread Greg Reaume


Hi All,

I was wondering if it's possible to forward DHCP packets through a PIX-PIX
VPN tunnel?  I have 1 DHCP server and would like to start using it for my
branch offices seeing as they have more problems with DHCP and no IT staff
to support it.

I haven't found any documentation on this.  Has anyone done this?

Thanks in advance,

Greg



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Repost: PIX, VPNs & DHCP

2001-02-19 Thread Greg Reaume


Hi All,

I was wondering if it's possible to forward DHCP packets through a PIX-PIX
VPN tunnel?  I have 1 DHCP server and would like to start using it for my
branch offices seeing as they have more problems with DHCP and no IT staff
to support it.

I haven't found any documentation on this.  Has anyone done this?

Thanks in advance,

Greg



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CiscoPress.com

2000-12-02 Thread Greg Reaume


Website is back up but I'm just getting Oracle ODBC driver errors on every
page.  Can't see anything.  I've already e-mailed [EMAIL PROTECTED]
because there is no [EMAIL PROTECTED]  No response yet.

Is anyone else having the same problem?


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

WIC-2A/S & Courier Modems?

2000-12-03 Thread Greg Reaume


Hi There,

I have a 1750 with a WIC-2A/S (2 Asynchronous/Synchronous Serial) and 2 USR
Courier V.Everything modems attached via 2 DB25-SmartSerial cables.  The
courier modems have a synchronous mode I'd like to use and was wondering if
anyone here has tried this configuration before.  I've tried putting the
couriers in sync mode and using in-band v.25 dialer on the dialer interface
but I keep getting a message saying encapsulation failed in the debug.  I've
tried both PPP & HDLC and got same message.

I don't have too much experience with dial-up so I may be doing something
wrong as far as configuration goes.  I've just done ISDN before.  If anyone
could provide a sample config or suggestion to get me on the right track I'd
really appreciate it.  I've already spent the last 3 days scouring CCO for
some configs but all dial-up stuff with chat-scripts and the like are for
asynchronous and I can't seem to find much on sync.  I'd like to use PPP if
possible and bond the two channels.

TIA,

Greg


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: WIC-2A/S & Courier Modems?

2000-12-03 Thread Greg Reaume


Sorry, I forgot to mention that I do, of course, have the same modems on the
other end of the POTS connection hanging off a WIC-2A/S on a 2600.

Also, for reference I've included the link to the Courier's documentation.
The section about sync mode is chapter 12.

ftp://ftp.usr.com/usr/dl05/1024494.pdf

TIA,

Greg



""Greg Reaume"" <[EMAIL PROTECTED]> wrote in message
90eh6d$j21$[EMAIL PROTECTED]">news:90eh6d$j21$[EMAIL PROTECTED]...
Hi There,

I have a 1750 with a WIC-2A/S (2 Asynchronous/Synchronous Serial) and 2 USR
Courier V.Everything modems attached via 2 DB25-SmartSerial cables.  The
courier modems have a synchronous mode I'd like to use and was wondering if
anyone here has tried this configuration before.  I've tried putting the
couriers in sync mode and using in-band v.25 dialer on the dialer interface
but I keep getting a message saying encapsulation failed in the debug.  I've
tried both PPP & HDLC and got same message.

I don't have too much experience with dial-up so I may be doing something
wrong as far as configuration goes.  I've just done ISDN before.  If anyone
could provide a sample config or suggestion to get me on the right track I'd
really appreciate it.  I've already spent the last 3 days scouring CCO for
some configs but all dial-up stuff with chat-scripts and the like are for
asynchronous and I can't seem to find much on sync.  I'd like to use PPP if
possible and bond the two channels.

TIA,

Greg


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CiscoPress.com

2000-12-04 Thread Greg Reaume


I don't understand why they wouldn't build & test this thing in the
background while the old one was still up.  It blows me away that they would
post a site with no database content.  Why even put it up!?  That under
construction message seemed to be fine with them to have it up before, why
the rush now!?


""Bharat Suneja"" <[EMAIL PROTECTED]> wrote in message
90gd2n$2om$[EMAIL PROTECTED]">news:90gd2n$2om$[EMAIL PROTECTED]...
CiscoPress.com is back up, no ODBC erros, 6:17 AM on Monday. But the
products have probably not been populated in the database.. nothing shows up
in any of the catalogs - CCNA, CCDA, CCNP, et al. They're working on it I
guess.. but how's this any different or better than the previous site. I
fail to see any difference. :-)

Bharat Suneja

""Greg Reaume"" <[EMAIL PROTECTED]> wrote in message
90ba00$p6t$[EMAIL PROTECTED]">news:90ba00$p6t$[EMAIL PROTECTED]...
> Website is back up but I'm just getting Oracle ODBC driver errors on every
> page.  Can't see anything.  I've already e-mailed [EMAIL PROTECTED]
> because there is no [EMAIL PROTECTED]  No response yet.
>
> Is anyone else having the same problem?
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Configuring NAT

2000-12-04 Thread Greg Reaume


I have looked into doing something similar in one of my branch offices.  We
would be getting ADSL provided with an ADSL modem and dynamic IP.  We are
getting a PIX-506 to provide firewalling for that office and VPN tunnel
services to our datacentre.  The outside interface connected to the ADSL
modem, the inside interface connected to the LAN segment.

PIXOS 5.2 (I believe) supports something Cisco calls EasyIP.  EasyIP
*apparently* can use a DHCP client on an interface you specifiy.  I know
that IOS does use EasyIP but I'm not 100% sure that IOS supports the same
feature, but am quite confident I've read that it does in my research of the
PIX-506.  You will need a minimum of IOS 12.1 or a 12.0(T) image to support
EasyIP.  (Corrections are of course welcome)

As far as the rest of the configuration goes, the equipment looks right,
though you may want to look into a WIC-1FE.  This is a WIC with a Fast
Ethernet interface and I've read about this WIC coming out for the 1700
series soon, it may be supported in an upcoming revision of IOS for the
2600s.  Having this WIC would allow you to eliminate the 2509 altogether.

You stated that you want to setup NAT on the 2620.  I assume this will be a
NAT 'overloading' or PAT implementation.  Be careful here, you may want to
move your NAT implementation to the 2509.  The outside interface of your
2509 will have the external IP and of course you will want to give the
inside interface an internal one.  The interface on the 2620 attached to the
2509 will also have an internal IP as well as the interface connected to
your LAN segment.  If you implement NAT on the 2620, you will be NATing all
your internal addresses to one other internal address and passing that
traffic with that address to the 2509.  Once at the 2509, you would have to
NAT the traffic again to get it on an external, routeable IP.  (Is NATing
twice even possible?)  With the NAT on the 2509 only, you could just route
all your LAN traffic destined for the WAN to the 2509 vanila style and let
it translate them once to one external IP.

That's my thoughts, open to correction or suggestions of course.

HTH,

Greg


""Tanner_Green"" <[EMAIL PROTECTED]> wrote in message
90hkbt$qpp$[EMAIL PROTECTED]">news:90hkbt$qpp$[EMAIL PROTECTED]...
Crude Network Diagram Segment

To Internet
/
   /
+---+
| ADSL Modem |
+---+
|
|  IP Address that changes on E0
|
+---+
|   Cisco 2509|
+---+
   |
   |  Serial Link
   |
+---+
|   Cisco 2620|
+---+
   |
   /
  /
To Ethernet Lan  Network 10.0.0.0 255.0.0.0
25-50 users.

--

Problem:  How do you configure a Cisco 2509 to
   accommodate a dynamic IP from an
   ADSL modem?
--
Requirements

I am trying to accomplish the above as a lab exercise.
I have been unsuccessful and would appreciate advice.
I want to:

A.) Have the 2509 obtain and store the changing dynamic
  IP  from the ADSL modem.
B.) Route between the 2509 and 2620 via a serial link
C.) Have the 2620 setup as NAT router for the local
  LAN of 240 users.
--
Goal

Trying to use the above equipment to simulate the process
of a Cisco 675, Cayman 3220 or similar SOHO router.
--
Constraints

Cannot purchase routers listed in above goal.
--
Questions

1.)  Can this be done?  I am unable to find anything
  on CCO that gives a sample config of this type.

Ref:
http://www.cisco.com/warp/public/701/60.html
http://www.cisco.com/warp/public/556/index.shtml

2.)  Can this be done with one router?  Appears no
  but the dumb question is the one that you
  done ask.

3.)  Is there a better way to do this?

-

Thank you for your help.










_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cat3500xl multi vlan config question

2000-12-21 Thread Greg Reaume


...a router with VLAN support that is.  Most hardware platforms will do as
long as they have fast ethernet port and plus image IOS.

Greg

"Jason Baker" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
you need a router to route between vlan's

Regards,

Jason Baker
Network Engineer
MCSE, CCNA



-Original Message-
From: Pete [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 21, 2000 2:50 PM
To: [EMAIL PROTECTED]
Subject: Cat3500xl multi vlan config question
Importance: High


Hey,

First off, I'm not too familiar with Cisco 3500 xl switches. I configured a
switch with 3 VLANs, I assigned an IP address to each VLAN, I also added the
necessary ports in each VLAN.
After everything is said and done the 3rd VLAN (servers) didn't have
connectivity to the other VLANs.
I couldn't find a command to allow me to assign a default route to each
VLAN.

Does anyone have any ideas how I can make the VLAN's work?

Sincerely,
Peter Kurdziel
CCNA,CCDA,MCSE,MCP+I
http://www.inotez.com
Cisco Q&A
http://www.inotez.com/discus


_NetZero Free Internet Access and Email__
   http://www.netzero.net/download/index.html

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Ethernet WIC for 1700 router

2000-12-22 Thread Greg Reaume


My understanding was the part number would be WIC-1FE since the 1700 series
runs fast ethernet interfaces.  ISL can only be done with fast ethernet
interfaces but I haven't seen any documentation yet about wheather or not
the 1700 series supports ISL at all.  Can anyone else clear this up?

Greg


"Andrew Larkins" <[EMAIL PROTECTED]> wrote in message
8F5F72F80EF5D311ADE600A0C9DCF862BEAC77@UBDCCOMJHBEX">news:8F5F72F80EF5D311ADE600A0C9DCF862BEAC77@UBDCCOMJHBEX...
Does anyone have an idea if the new wic-1enet supports ISL


Andrew Larkins
BCom, CCNA, CCDA
Bytes Technology Group
Tel: +2711 800-9300
Fax: +2711 800-9496
Cell: +2783-656-7214
Email: [EMAIL PROTECTED]
OR   [EMAIL PROTECTED]


"This message may contain information which is confidential and subject to
legal privilege.  If you are not the intended recipient, you may not peruse,
use, disseminate, distribute or copy this message.  If you have received
this message in error, please notify the sender immediately by email,
facsimile or telephone and return and/or destroy the original message."


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DHCP server and IP Nat On 2621

2000-12-26 Thread Greg Reaume


No offense intended, but whatever happened to good old fashioned RTFM.  :)

When I had to implement a config such as you state, it took me approx. 5
minutes to find an information source on CCO and about 1 hour to get it
setup and to work out my mistakes.

I think that the lessons learned by going through the steps and thinking for
yourself are much more valueable than getting a "quick fix" from a
newsgroup.  What if you have problems and nobody will troubleshoot them for
you?  You will not truly understand the technology or it's implementation,
and you will be dead in the water.  You'll just end up having to go through
the same steps after to learn about it as you should've in the first place.

Try starting with a search for EasyIP (Phase 2), DHCP Server, or NAT on CCO.

Good luck, happy hunting.

Greg


"muhammad hafiz" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all,
>
> Could any one send me the following configuration:
>
> 1)I want to make DHCP server on 2621.
>
> 2) I have 2621 router and I want to do the  IP Nating
> on e0, the scenario is
>
>
> Switchrouter (2621)|switch router---Internet
> My site   client site
>
> 2621 port e0 to client switch
>
> public ip is 130.0.0.x
> dhcp server ip 130.0.0.x
> our ip 192.168.0.x
>
> pl send me step by step configuration ASAP.
>
> Rashid
>
>
> __
> Do You Yahoo!?
> Yahoo! Shopping - Thousands of Stores. Millions of Products.
> http://shopping.yahoo.com/
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: urgent PIX help AGAIN

2000-10-03 Thread Greg Reaume


I just installed a PIX-506 and 10 was the max.  I believe, though am not
certain, this is the case accross all hardware platforms running 5.2
software.

HTH

Greg


"Jim Bond" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Thank you!
>
> One more question: when I configure PIX as DHCP
> server, it only allows 10 addresses in the pool.
> Here is what I got:
>
> pixfirewall(config)# dhcpd address
> 10.1.1.101-10.1.1.150 inside
> Number of addresses exceeds limit
>
> Is 10 max?
>
> Thanks in advance.
>
>
>
> Jim
>
> --- Todd Plambeck <[EMAIL PROTECTED]> wrote:
> > In the new version of PIX software 5.2(1) you can
> > nat to an interface.
> > Instead of the old command "global (outside) 1
> > x.x.x.x"  use the command
> > " global (outside) 1 interface ". You can read up on
> > this new feature at:
> >
> >
>
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/pixrn522.h
tm#xtocid752631
> >
> > I hope this helps.
> >
> > Todd
> > CCNP/CCDP
> >
> > Jim Bond wrote:
> >
> > > Hello,
> > >
> > > I have only 1 ip address assigned by my ISP, how
> > can I
> > > use PIX to do NAT? Looks like PIX requires at
> > least 2
> > > outside ip addresses, one for outside interface,
> > one
> > > for PAT. Is there a way to use only 1 ip address?
> > >
> > > Thanks in advance.
> > >
> > > Jim
> > >
> > > __
> > > Do You Yahoo!?
> > > Yahoo! Photos - 35mm Quality Prints, Now Get 15
> > Free!
> > > http://photos.yahoo.com/
> > >
> > > **NOTE: New CCNA/CCDA List has been formed. For
> > more information go to
> > > http://www.groupstudy.com/list/Associates.html
> > > _
> > > UPDATED Posting Guidelines:
> > http://www.groupstudy.com/list/guide.html
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com
> > > Report misconduct and Nondisclosure violations to
> > [EMAIL PROTECTED]
> >
>
>
> __
> Do You Yahoo!?
> Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free!
> http://photos.yahoo.com/
>
> **NOTE: New CCNA/CCDA List has been formed. For more information go to
> http://www.groupstudy.com/list/Associates.html
> _
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CISCO SWITCH

2000-10-09 Thread Greg Reaume


I would guess you would have to use some solution like the "Auto-Switch"
previously mentioned or any of the NICs with load balancing / fault
tolerance support.  You would then most likely configure spanning-tree
redundancy between the two switches.  That's a little messy though.

I like the RPS with a hot standby processor card suggestion.  Just my
opinion.  I have a 3548-XL with RPS and I've never had either PS or any
ports fail.  All in the name of disaster prevention though I guess.  =)

Good luck,

Greg

""Pushkar Shirolkar"" <[EMAIL PROTECTED]> wrote in message
8rt3fo$c71$[EMAIL PROTECTED]">news:8rt3fo$c71$[EMAIL PROTECTED]...
> hi,
>
> i have a requirement that says that i need to have a redundant cisco
switch
> .. i.e. there is a LAN and the if the switch fails .. the other switch
> should take over. this is possible in the cisco 6000 series of switches
...
> but is there some lower end solution .. that costs less and also my
> requirement of ports on the switch is also less ... say about 24 ports ...
> is there any product available which does so .. in 3500 or 2900 series ?
> like using ISL (inter-switch link) .. but for the lower end switches ...
>
> Please reply ASAP
>
> thanx
> Pushkar
>
>
> **NOTE: New CCNA/CCDA List has been formed. For more information go to
> http://www.groupstudy.com/list/Associates.html
> _
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: WHIZZ KIDS WHO HAVE THE CCIE number

2000-10-16 Thread Greg Reaume

I work 28+ hours a week as the Senior Network Analyst for one of Canada's
largest insurance brokerages.

I go to college full time in a telecommunications program that was just
moved into a $38mil new building with Cisco R&S up to the wazoo.  I finished
last year, my first year, with a perfect 4.0 GPA.

I'm studying for Cisco certs, writing my NA & DA in Jan while all this is
going on.

I regularly attend parties, go out to clubs, and have an extremely
understanding steady girlfriend of a year and a half now.

I turned 20 on October 10.

I can very safely say that I don't believe that I've missed out on one bit
of my adolesence throughout this whole process.  In fact, I believe the kind
of people that I can relate to with the current knoledge I have, have just
imparted upon me life lessons and critical teachings that I think everyone
in life should have at this stage.  I count myself extrememly lucky to have
worked the people I have, and to have had the kind of mentors that I have
had in the past few years.

Computers haven't been my only focus in life so far.  During high school I
was overactively involved in the theater program, which was a 2 credit
course which lasted 4 hours a day for a whole semester.  After that I got
involved in community theater and pride myself in being able to sing, dance
and act in front of a few hundred people in a broadway style musical.
Before my interest in theater I also played saxophone for the local Senior
All-Star Jazz Band and am on their CD for that year.  That would be 3
different types of saxophones by the way.  :)

I thuroughly enjoy my yearly trips to Montreal for the International Jazz
Festival and the opportunities I've had to travel France, Italy, & Germany
with my high school arts programs.  I consider myself to be quite cultured,
and enjoy aspects of life that I believe many people take for granted.

This sort of pace at my age, for me, just puts things into perspective and
allows me to say "Wow, just look at the world out there."  I have always
felt, and will always feel like there is so much I have done, but that will
always pale in comparison to the things I have not done, seen, or
experienced.  Then I can turn around and take advantage of the opportunities
I have to further myself in that wonderful world.

It's not for everyone but if you're one of those people who can balance your
life very well, then maybe it's for you.

I've heard many people say this, and I very strongly believe in it and
constantly use it as a principal motivation.  "Nothing easy, is ever worth
doing."

Regards and best of luck,

Greg

""Steven V. Snead"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I just can't image what these kid are going to be able to do in the future.
When you were 16 the internet was not what it is today the information these
kid have today at there finger tips is awesome also faster. All I can say is
he will be saying the same thing when he is 20 and see a 12 year getting
into it. I'm not sure how these kids do socially though nor how mature they
are. That does come with age.

again my two cents,

Steven V. Snead, MCSE, CCNA

-Original Message-
From: Denis Baldwin [mailto:[EMAIL PROTECTED]]
Sent: Friday, October 13, 2000 10:58 AM
To: 'Michael Le'
Cc: [EMAIL PROTECTED]
Subject: RE: WHIZZ KIDS WHO HAVE THE CCIE number

There is a kid in my mother's neighboorhood that is 16 and just got his
CCNA.  HE is going for his CCIE now.  I'm 20 and I feel so far behind in the
game, just getting my CCNA now.

Denis

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Michael Le
Sent: Friday, October 13, 2000 1:04 PM
To: Brian; McCallum, Robert
Cc: '[EMAIL PROTECTED]'
Subject: Re: WHIZZ KIDS WHO HAVE THE CCIE number

I don't know if he is the youngest to ever get it, but
he's younger than any of the other responds.
I know a guy at Cisco who was 17 when he got his CCIE.
He's got R/S and ISP Dial. He's around 21 now I think.
He used to work on the TAC but is now a consultant for
Cisco.

Mike

--- Brian <[EMAIL PROTECTED]> wrote:
>
> 18, works for global data systems in louisiana
> http://www.globaldatasys.com
>
> Brian
>
>
> On Fri, 13 Oct 2000, McCallum, Robert wrote:
>
> > Here is a little poser for you all.  Who is / was
> the youngest CCIE and what
> > was his / her age when they attained the CCIE?
> >
> > Robert McCallum
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> >
>
> ---
> Brian Feeny, CCNP, CCDP   [EMAIL PROTECTED]
> Network Administrator
> ShreveNet Inc. (ASN 11881)
>
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]

__

Re: ISL Trunk on a 2500

2000-10-25 Thread Greg Reaume


Could you not also get a 2500 with 2 ethernet interfaces and connect one
interface to each VLAN?  It would be pretty much the same as connecting two
routers with 1FE each via Serial, would it not?

Greg


"Juan Blanco" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Folks,

I need help, I have 3 2500 router and 1 2900 switch, I want to be able
to route between two vlans, I don't have a 100mb/s Ethernet interface on any
of my routers.

Questions:

1 There is a 100mb/s interface available for the 2500

2 If there is not a 100mb/s for the 2500 then there is a workaround
to be able to do the same thing.


Thanks in advance for your response.


Juan



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NAT with VPN doesn't work with PIX

2000-10-26 Thread Greg Reaume


I'm not sure about the all or nothing question as far as address translation
goes but I may have another suggestion you can look into.

At my company we have a PIX on the edge of our network with no DMZ, just
Inside & Outside.  We are statically NATing all of our servers which need to
be accesible to the outside.  Internally they are 192.168.x.x and have
external addresses on the outside.  We have no internal DNS servers so the
problem we were running into of course was that all resolutions to those
server, whether the request was inside or outside, returned the external IP.
I called Cisco to give them the problem and they told me to look into the
'alias' command.  What it does is allows an internal client to attempt a
connection to an external IP but when that external IP is just a NAT
translation for an internal server, it redirects the traffic to that server
without going outside.  This allows for us to keep our existing setup and
topology and always use external address for our clients inside and outside
even though the server are internally addressed inside.

I know it sounds a little confusing but look into it.  It's fairly basic to
understand when you see the config, and extremely easy to implement.  It was
a little tempermental, missing the odd resolution, when I first implemented
it on 4.2 but since an upgrade, it has been absolutely fine.

HPH,

Greg
<[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Here's an interesting situation I've run across, and I'm curious to see if
anyone has seen anything similar.

I've got a PIX firewall that is doing static translation of several servers
in our DMZ.  These servers each have one NIC, with an inside 172.16.x.x
address.  On the outside, they have a 64.x.x.x address that works fine.
Normally, when people who dial into our network, or are at corporate
headquarters query DNS for these servers, they'll get the inside address,
172.16.x.x.  When people outside the company query DNS for the same server,
they get the outside address 64.x.x.x.  This seems to work fine.

The problem comes when a user VPN's into our network.  They already have a
connection with their ISP, and are using the ISP's name servers.  Therefore,
when they try to resolve our server name, they get the 64.x.x.x address.
However, since they are VPN'ed into our network, the 64.x.x.x address is not
valid.

This problem exists even if we provide them with a DNS server
internally...it seems that they resolve from their ISP's servers first.

The only thing I've thought of so far is to have two different names for
each box, but our developers are screaming about that idea.

Is there anyway for the PIX to do address translation on some boxes, but not
all?  If we could leave these servers in the DMZ with only an outside
address, that would be fantastic.  Is this possible with PIX?  I've been
told that address translation is an all or nothing proposition.

Thanks for any suggestions yall can provide.

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

repost: Cisco Testing online

2000-10-27 Thread Greg Reaume


I apologize if this gets posted twice.  It hadn't shown up on my end for
over an hour.

Message:

What's the deal with this?  Is it free for a CCO user?  Do they record this
in any way or is it just practice?  Can you only take the tests once?

Any response is appreciated.

Greg


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN & NAT

2000-11-02 Thread Greg Reaume


Sorry,  when I clicked on the link when first posted I got a request error.
Not a document not found, but a 'request error'.  I guess there were
problems at the time, now it works.  Thanks for the link.  :)

Greg


""Chuck Larrieu"" <[EMAIL PROTECTED]> wrote in message
8tt5l2$dlg$[EMAIL PROTECTED]">news:8tt5l2$dlg$[EMAIL PROTECTED]...
one more reason to read my posts first - the link I sent is fine. can go in
as either guest or registered. info looks to be about the same. here it is
again.

http://www.cisco.com/tac/newsflash/vpn2.html


Chuck


"Greg Reaume" <[EMAIL PROTECTED]> wrote in message
news:8tt4o9$cic$[EMAIL PROTECTED]...
> This link doesn't work.  Mind reposting a checked one?  :)
>
> Thx.
>
> "Duane Morgan" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> I don't know who was trying to configure this, but this link might help:
>
> http://www.cisco.com/tac/newflash/vpn2.html
>
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN 3DES ON 2MB Link with 25XX

2000-08-02 Thread Greg Reaume


Hi Christophe,

I have been looking into a similar solution except I have 5 branches
accessing ALL their services from the head office and everything needs to
be encrypted.  I arranged the establishment of a PVC over fibre for 2 of
the branches to the head office and have setup a router at one of those
branches to also connect 2 other branches through it.  This still leaves me
with the problem of encrypting traffic from 1 branch to the head office.

I called my local Cisco rep and gave them my scenario.  They recommended a
router based encryption solution at first but then I said I wanted 3DES and
there would be approx 30 people using the connection from the branch.  They
told me the throughput on a 25/2600 series router is only about 256Kb@3DES.
That means I can't utilize my 2Mb fibre connection between offices.  =(
They suggested I use the brand new PIX506.  I told them at first I didn't
have that kind of money but they explained that Cisco realized their
shortcomings in the SOHO firewall market and designed this PIX with that
segment in mind.  It has 7Mb throughput @3DES and costs only $2300 CDN,
less than my 2600 routers here.  I just found my solution but I have yet to
implement it.  It's still in proposal right now.  I'm planning on putting a
PIX506 in the branch and moving the PIX520 we already have at our website
branch to the head office.

Hope this helps.  Don't quote ME on the stats because I got them from a
rep.

------
   Greg Reaume
   Network Analyst

   Cowan Dalton Inc.
   25 Bruce Street, P.O. Box 2007
   Kitchener, ON, N2H 6K8

   Office: (519)578-9001 x355
   Fax: (519)578-0549
   Cell: (905)741-4734
   E-Mail: [EMAIL PROTECTED]
   Pager: (416)714-7405 / (519)220-6114
  [EMAIL PROTECTED]


--- Original message ---

Hello,

I wish to setup a 3DES VPN between two sites (a local and a remote site) on
a 2MB serial link using 2 2502 cisco routeurs. I will have 30 people
working on the remote site using telnet session, NT file and print with
servers in the local site.

Do you think the 25XX could handle such calculation (3DES processing) for
such amount of user. If yes is someone already setup such thing ?

regards,
Christophe.

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

WIC-2A/S back-to-back cables?

2000-09-06 Thread Greg Reaume



Hi there,

I have a lab that has 2 2621s with a WIC-2A/S in each.

Does anyone know what cables I need to connect these two routers
back-to-back (DCE-DTE) to simulate a frame relay cloud?  Or, if possible,
please provide the cables and layout needed to connect 3 routers with this
interface to have 2 end points and 1 switch?

TIA

--
   Greg Reaume


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco 805 Router serial port

2000-09-07 Thread Greg Reaume


Hi there,

Were you able to find a cable config for what you were looking for?  Do you
understand the interface and req'd cables enough to provide me with a
back-to-back fr cloud sim config or a back-to-back-to-back fr switched
config?

The reason I ask is because I have 2/3 2621s with WIC-2A/S cards in them
that seem to have this "SmartSerial" interface you are referring to on your
805.  These are lab routers and I need to find the cables and config to
achieve a fr sim lab.  Prefferably with all 3 routers to sim a fr switch and
2 end points.

Any information you could provide me with would be very much appreciated.

TIA,

Greg


"Hurin" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have a new 805 that has me stumped. All other serial interfaces Ive
> seen use a DB-60 connector but this one has one Ive not seen before in
> fact its not DB-anything. Checked the online cisco docs and have seen
> no mention of this connector before. Show interfaces does have a
> serial port for S0 but cant for the life of me figgure out what cable
> is used here.
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associate-Announcement.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Know of any good internetworking programs? [7:41468]

2002-04-15 Thread Greg Reaume


Hi all,

I am currently a college student that will be receiving a diploma in
Telecommunications Technology (http://www.telecomtech.org) from Sheridan
College (http://www.sheridanc.on.ca) in Dec 2002.  I have decided that I
wish to pursue a bachelors degree and possibly a masters thereafter,
specifically an engineering degree.  After browsing local university program
calendars I find that most programs with any telecommunications content are
generally labeled, "Electrical Engineering with a 'Specialization' in
Telecommunications."  I spoke to my current professors, who both have these
degrees, and they say that the telecommunications content is a joke for the
application in todays market unless you are looking only to deal with layer
1 technologies.

Though my current program has provided me with an exceptional base of
conceptual and technical knowledge, I feel the need to go deeper and truly
understand the engineering detail of all this.  I want to attend a program,
International if I must, that was built from the ground up as an
Internetwork Engineering program.  A program with content focus above layer
1.  I understand that all good engineering programs will contain advanced
math and that all telecommunications oriented programs will contain
electronics and physical layer material, though I do not want this to
dominate the curriculum.  I have found such programs as Internet Engineering
(http://www.uow.edu.au/discover/courses/yr2002/benginternet.html) and
Telecommunications Engineering
(http://www.uow.edu.au/discover/courses/yr2002/cour736.html) in my brief and
mostly futile searches, though only in 1 Australian University, Wollongong
University.

I post this here because I know that there are many knowledgeable and
industry-aware poeple here, some of whom have made quite a name for
themselves in our field.  I figure that with the wealth of knowledge
observing this forum there must be someone, that who themselves or through
their associations, know of 'the' program I am looking for.  I would greatly
appreciate any leads or information anyone may be able to provide.

Thanks for your time,

Greg

PS.  I think this industry is in serious need of some type of educational
search engine.  In the short time I've spent on educational search pages
I've found not one that specifically lists even a category acutely
appropriate for the internetworking field.  I am quite confident, being in a
field related program and seeing the obvious void in this area, that such a
definative resource would be a hit among seasoned academics and
post-secondary students alike, wishing to extend their knowledge.  Just a
thought for anyone up to the challenge.  :)


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=41468&t=41468
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How to restrict hubs in a LAN [7:54937]

2002-10-06 Thread Greg Reaume

John,

If WindowsXP is bridging two NICs it actually runs spanning-tree. It is a
very nice feature for L1 redundancy. Though in your scenario I don't really
see why they think that's necessary. I'm planning to use this functionality
in the upcoming Windows.NET server to multihome all my servers, as long as
it supports the concept of a loopback or virtual interface for L3
connectivity, to two different switches to protect against 48 servers
failing because a switch burns out. I just wish MS had an add-on for
Windows2K Server with this functionality so I don't have to wait.

Check out these links:

http://www.microsoft.com/WindowsXP/pro/techinfo/administration/homenetbridge
/default.asp

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/c
ableguy/cg0102.asp

Correct me if I'm wrong but, from what I gather in your previous postings,
loops seem to be your main concern. You say that it may very well be
justified that these users need up to 5 PCs in their cube, or that you don't
really want to get into that fight (whichever way you want to put it). You
also say that it is very hard to run new drops. Why don't you take the
approach of supporting them then, and instead of going through the work of
running new drops, provide them with a small switch that runs spanning-tree.

A 1548M (8-port desktop chassis) would do nicely for around $1K list. It
allows for up to 4 local VLANs so the techs can do whatever they want on
their own little switch. It also runs CDP so you can keep track of where
they are through management tools like CiscoWorks, etc. If they want to clog
up their link to the rest of the network with 5 PCs doing whatever, why not
let them (as long as they do it safely)?

Check here for more info on the 1548M:
http://www.cisco.com/en/US/products/hw/switches/ps211/index.html

HTH

Greg Reaume

""JohnZ""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Well, when I wrote the orginal post I knew I will have these questions.
Basically the first layer of support or help desk if you will have more PCs
then the drops in their cubes. This is an old building not meant for an IS
staff so there is some frustration on their part. I am not going to question
if there is a legit need for folks to have 5 PCs when there is infact a
seperate staging area to set up and test pcs for users. Any ways they know
enough to be dangerous and there is no standard on hubs and I have seen
where folks have created loops. Now with Windows XP I have seen some configs
where 2 nics have been bridged via software I am not sure with what intent.
Although it's been made clear many times not to use hubs but this is never
enforced and I did not want to spend my time daily trying to hunt down the
lawless. So that's when I thought if I could config the switch this will
discourage the hub usage or bridging within pcs. I hope that answers most of
the questions here.
""David j""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> See inline..
> Chuck's Long Road wrote:
> >
> > as much of a rulemeister as I am, I still have to look at this
> > from the user
> > standpoint. Why are users throwing their own hubs onto the
> > network? Is there
> > a business case to be made? Is facilities too slow getting
> > requested cable
> > pulls done?
> >
> > what is the concern with a user plugging a hub in at the desk
> > and then
> > connected a couple of extra PC's? if the problem is one of dual
> > homing by
> > accident or otherwise, I can see the issue with spanning tree
> > recalculations. But in a single home situation,  what do you
> > see as the
> > issues?
> >
>
> I see one issue: collisions, if you have a switched network you don't want
> to deal with collisions that hubs normally produce. I have to recognize,
> though, that hubs sometimes are very convenient and I'm the first on using
> them.
>
> > when you say that "politically, it's a mess" what does that
> > mean? high
> > powered sales people throwing their weight around? management
> > does not
> > respect your input or concerns? something bad is happening, and
> > it's rolling
> > downhill?
> >
> In some environments it's politically unacceptable, I know some hospitals
in
> which you have to fill in a lot papers before being allowed to use a PC,
so
> in that environments this could perfectly be part of the policy.
>
> > I'm not questioning the wisdom or the necessity for doing what
> > others have
> > suggested. I'm just wondering why it is necessary for the
> > network manager /
> > network staff to unilaterally cut off user access.
> >
> >
> >

Re: Route-map question (urgent) [7:54910]

2002-10-06 Thread Greg Reaume


Yasser,

Be careful here...  you don't know if the only segment for which he wants
HTTP redirected is the one connected via fa2/0, there may be more.  Offering
a solution without knowing all his requirements will just lead him into
deeper confusion.


Nabil,

The best way to find your answer is to go and learn this thoroughly for
yourself.  And as always, never put yourself in a position where you are
urgently required to do something you've never done without a lifeline setup
prior to your need.  No manager that I have worked with has ever blamed
someone for saying, "I've never done that before and I'd feel more
comfortable taking some time to understand it".  If the need is that urgent
that there is no time to spare, you should be able to call TAC under your
service contract, right?  :)

Good luck.

Greg Reaume


""YASSER ALY""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
No, you need to do the follwoing

access-list 101 permit tcp any any eq 80

route-map http_traffic permit 10

match ip address 101

set next-hop 10.10.10.141

route-map nttp_traffic permit 20

!

int fa2/0

ip policy route-map http_traffic



>From: "[EMAIL PROTECTED]" >Greetings, > >Need help with a
route-map question. I need to force all http traffic >to go to
10.10.10.141 address, does my config below allow me to do just >that? > >
>access-list extended 101 permit tcp any host 10.10.10.141 eq 80
>access-list extended 101 permit ip any any > >route-map http_traffic
permit 10 > match ip address 101 > >int fa2/0 (10.10.10.141 address is
behind this interface) >ip policy route-map http_traffic >
>Thanks...Nabil > >"I have never let my schooling interfere
misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Join the worlds largest e-mail service with MSN Hotmail. Click Here




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54975&t=54910
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How to restrict hubs in a LAN [7:54937]

2002-10-06 Thread Greg Reaume


Great!  Just what I needed.  Thanks for the clarification.

Now that I think about it, the ability to set TCP/IP properties on the
'Network Bridge' item is a dead giveaway.  :)

Greg Reaume


""Erick B.""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Greg,

Windows XP does this by default in some situations. If
you have a PC with a Ethernet NIC and firewire
adapter, it will bridge the 2 interfaces together and
create a logical L3 interface that the protocols are
bound to all by default.

--- Greg Reaume  wrote:
> John,
>
> If WindowsXP is bridging two NICs it actually runs
> spanning-tree. It is a
> very nice feature for L1 redundancy. Though in your
> scenario I don't really
> see why they think that's necessary. I'm planning to
> use this functionality
> in the upcoming Windows.NET server to multihome all
> my servers, as long as
> it supports the concept of a loopback or virtual
> interface for L3
> connectivity, to two different switches to protect
> against 48 servers
> failing because a switch burns out. I just wish MS
> had an add-on for
> Windows2K Server with this functionality so I don't
> have to wait.
>
> Check out these links:
>
>
http://www.microsoft.com/WindowsXP/pro/techinfo/administration/homenetbridge
> /default.asp
>
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/c
> ableguy/cg0102.asp
>
>
>
> Correct me if I'm wrong but, from what I gather in
> your previous postings,
> loops seem to be your main concern. You say that it
> may very well be
> justified that these users need up to 5 PCs in their
> cube, or that you don't
> really want to get into that fight (whichever way
> you want to put it). You
> also say that it is very hard to run new drops. Why
> don't you take the
> approach of supporting them then, and instead of
> going through the work of
> running new drops, provide them with a small switch
> that runs spanning-tree.
>
> A 1548M (8-port desktop chassis) would do nicely for
> around $1K list. It
> allows for up to 4 local VLANs so the techs can do
> whatever they want on
> their own little switch. It also runs CDP so you can
> keep track of where
> they are through management tools like CiscoWorks,
> etc. If they want to clog
> up their link to the rest of the network with 5 PCs
> doing whatever, why not
> let them (as long as they do it safely)?
>
> Check here for more info on the 1548M:
>
http://www.cisco.com/en/US/products/hw/switches/ps211/index.html
>
> HTH
>
> Greg Reaume
>
>
>
> ""JohnZ""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Well, when I wrote the orginal post I knew I will
> have these questions.
> Basically the first layer of support or help desk if
> you will have more PCs
> then the drops in their cubes. This is an old
> building not meant for an IS
> staff so there is some frustration on their part. I
> am not going to question
> if there is a legit need for folks to have 5 PCs
> when there is infact a
> seperate staging area to set up and test pcs for
> users. Any ways they know
> enough to be dangerous and there is no standard on
> hubs and I have seen
> where folks have created loops. Now with Windows XP
> I have seen some configs
> where 2 nics have been bridged via software I am not
> sure with what intent.
> Although it's been made clear many times not to use
> hubs but this is never
> enforced and I did not want to spend my time daily
> trying to hunt down the
> lawless. So that's when I thought if I could config
> the switch this will
> discourage the hub usage or bridging within pcs. I
> hope that answers most of
> the questions here.
> ""David j""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > See inline..
> > Chuck's Long Road wrote:
> > >
> > > as much of a rulemeister as I am, I still have
> to look at this
> > > from the user
> > > standpoint. Why are users throwing their own
> hubs onto the
> > > network? Is there
> > > a business case to be made? Is facilities too
> slow getting
> > > requested cable
> > > pulls done?
> > >
> > > what is the concern with a user plugging a hub
> in at the desk
> > > and then
> > > connected a couple of extra PC's? if the problem
> is one of dual
> > > homing by
> > > accident or otherwise, I can see the issue with
> spanning tree
> > > recalculations. But in a single home situation,
> what do you
> > >

Re: Route-map question (urgent) [7:54910]

2002-10-06 Thread Greg Reaume


Yasser,

I agree, everyone should be conscious that any advice received through a
source such as this, although quite skilled, can only be advice given based
on the information one has provided.  This advice is only as accurate and
comprehensive as one's presented question or scenario.

About the postings, I know that I use Outlook Express through Outlook (news
button), and I do see the postings that I make in each thread.  However, I
can only choose to either post to thread, or reply directly to sender.  If I
want to do both I must manually add the destinations to the message.

Greg Reaume


""YASSER ALY""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Greg,

  Thank you for what you have said. My suggestions were based on the
scenario that Nabil mentioned. Being the fact that his real life scenario
is different that what he said fall under his attention to consider. It's
just something to give some light for him but you do have a point that he
should read more before considering doing something he never did before.

BTW, is it normal that somebody's postings to the list not to be sent to
his e-mail. Eachtime I send to the list either a question or a reply I
don't get a clue that it has been received until someone like you replies
quoting what I have said,

Regards,

Yasser

>From: "Greg Reaume" >Yasser, > >Be careful here... you don't know if the
only segment for which he wants >HTTP redirected is the one connected via
fa2/0, there may be more. Offering >a solution without knowing all his
requirements will just lead him into >deeper confusion. > > >Nabil, >
>The best way to find your answer is to go and learn this thoroughly for
>yourself. And as always, never put yourself in a position where you are
>urgently required to do something you've never done without a lifeline
setup >prior to your need. No manager that I have worked with has ever
blamed >someone for saying, "I've never done that before and I'd feel
more >comfortable taking some time to understand it". If the need is that
urgent >that there is no time to spare, you should be able to call TAC
under your >service contract, right? :) > >Good luck. > >Greg Reaume > >
>""YASSER ALY"" wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >No, you need to do the
follwoing > >access-list 101 permit tcp any any eq 80 > >route-map
http_traffic permit 10 > >match ip address 101 > >set next-hop
10.10.10.141 > >route-map nttp_traffic permit 20 > >! > >int fa2/0 > >ip
policy route-map http_traffic > > > > >From:
"[EMAIL PROTECTED]" >Greetings, > >Need help with a >route-map
question. I need to force all http traffic >to go to >10.10.10.141
address, does my config below allow me to do just >that? > > >
>access-list extended 101 permit tcp any host 10.10.10.141 eq 80 >
>access-list extended 101 permit ip any any > >route-map http_traffic
>permit 10 > match ip address 101 > >int fa2/0 (10.10.10.141 address is
>behind this interface) >ip policy route-map http_traffic > >
>Thanks...Nabil > >"I have never let my schooling interfere
>misconduct and Nondisclosure violations to [EMAIL PROTECTED] >
>
> >Join the worlds largest e-mail service with MSN Hotmail. Click Here >
misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Join the worlds largest e-mail service with MSN Hotmail. Click Here




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54981&t=54910
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map question (urgent) [7:54910]

2002-10-07 Thread Greg Reaume


That is something that you could do using NAT statements (port address
translation/port forwarding/network address port translation, etc.):

!
int fa0/0
 desc external interface
 ! ip below used as an example, I apologize if it, although unlikely,
matches anyone's config.
 ip add 216.253.64.2 255.255.255.252
 ip nat outside
!
int fa0/1
 desc internal interface
 ip add 192.168.1.1 255.255.255.0
 ip nat inside
!
ip nat inside source static tcp 192.168.1.10 80 216.253.64.2 80
ip nat inside source static tcp 192.168.1.20 21 216.253.64.2 21
!

Of course, if this router is acting in this fashion when it comes to NAT, it
would be assumed that it will also run the firewall feature-set and be
secured appropriately.  You would have to permit this particular traffic in
your external access-lists.

HTH

Greg Reaume


""Harold Monroe""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
This is something I've been wondering about also. As I understand it when
you "set ip next-hop" it forces the packet to go out a particular interface.

How about if you want the destination address changed for a particular type
of traffic so HTTP traffic goes to an HTTP server and FTP to an FTP server.

For example, if you have only one Public IP Address and if HTTP comes in you
want its destination address changed to 192.168.1.10, if FTP change its
destination address to 192.168.1.20

-Original Message-
From: Stefan Razeshu [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 07, 2002 4:16 AM
To: [EMAIL PROTECTED]
Subject: Re: Route-map question (urgent) [7:54910]

I think the response for this question is:

The access list:
access-list 101 permit tcp any eq www any
!-you need to detect your incoming www traffic.
!-You can use also your network address for the first "any".
!-route map statement
route-map http_access permit 10
match ip address 101
set ip next-hop 10.10.10.141

The policy map statement need to be place on the interface
that is facing
your network not to the interface near by the host
10.10.10.141.
Regards,
Stefan

PS. I think we need to help each other not to give life
lessons.
It is a Cisco study list not the church.
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55065&t=54910
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: protocol monitoring software [7:55110]

2002-10-08 Thread Greg Reaume


Sam,

OVER HERE!  LOOK HERE!  PICK ME!

:)  Seriously though, take a look at NetFlow.  Nice flow based accounting
exported at flow conclusion by the router to a 'collector'.  It records, on
a per-flow basis, src AS, src IP, src port, dst AS, dst IP, dst port, pkts
in flow, B in flow, start time, stop time, etc, etc, etc.  I'm sure you get
the idea; this is pretty powerful stuff!

You can have your collector aggregate all the flow exports over a given time
period, or you can have your router do it before it sends the info to the
collector.  Cisco sells their own commercial products to collect and analyze
and they also partner with 3rd party commercial vendors to provide you with
collectors and analyzers.  The best stuff though, IMHO, are the tools from
the open source community.  Cisco acknowledges these tools and even lists
where you can get them on their website, however, they are obviously not
supported.

Start here:

http://www.cisco.com/go/netflow

http://net.doit.wisc.edu/~plonka/FlowScan/

http://www.splintered.net/sw/flow-tools/

http://www.columbia.edu/acis/networks/advanced/CUFlow/


There are good examples of implementations here:

http://wwwstats.net.wisc.edu/

http://www.canet3.net/stats/map.html


And of course, although they have no relation to NetFlow, no disscussion of
network monitoring tools is complete without Tobi's Tools:

http://www.smokeping.org

http://www.mrtg.org

http://www.rrdtool.org


HTH,

Greg Reaume


""Cliff Stewart""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Sam,

Have you taken a look at NBAR? Take a look at the
Cisco IOS Quality of Service Solutions Configuration Guide
it should work for you.

-Cliff

-Original Message-
From: "sam sneed"
To: [EMAIL PROTECTED]
Date: Tue Oct 08 10:19:08 PDT 2002
Subject: protocol monitoring software [7:55110]

>Hello,
>
>  I am looking for software that will monitor what kind of traffic is going
>through my network and report it.I am only concerned with what is going
>through my firewall so I will place the monitoring station on a hub with
the
>firewall or use SPAN port. Here are requirements:
>
>Doesn't use netflow to collect data, want to use libpcap to capture data.
>Want breakdown of what type of traffice by bytes and %'s ie. HTTP, FTP,
SMTP
>etc.
>Do not want to use NTOP, too much of a pain in the ass to get it to work
>longer than 20 minutes without a seg fault.
>Would like the output in graphical form preferbably embeded in a web page.
>
>If anyone has come across this please let me know. I'm contemplating
writing
>my own software but would rather not.
>
>Thanks.
___
GO.com Mail
Get Your Free, Private E-mail at http://mail.go.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55147&t=55110
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: protocol monitoring software [7:55110]

2002-10-08 Thread Greg Reaume


Mark,

No, unfortunately NetFlow isn't supported on the PIX, like many other
things.

Really though, you don't want to run it there.  Because NetFlow exports the
level of detail that it does, you can gather all your stats for your entire
network just by running it on all your edge routers.  All you need to make
sure of is that a flow originates behind a NetFlow enabled router, and that
it is destined for a prefix that either resides on a subnet of another
NetFlow enabled router in your AS, or a prefix which is beyond your AS (in
which case you catch that too because you're running NetFlow at your
ASBR(s)).  You don't want to run this in your core or anywhere else there
are not hosts.

If you want to single out a /32 (or a particular port on a host or group of
hosts) and view the activity as perceived by NetFlow, you can use the
'flow-tools'.  The flow-tools is a package I listed a link to below and it
includes a number of handy little tools.  'flow-filter' will allow you to
filter on any attribute in the flow record and output the info to stdio.

HTH,

Greg Reaume


""Mark W. Odette II""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Is there something similar to this NetFlow for the PIX??

I could use a tool that monitors each flow of traffic, perhaps even with
the ability to specify a specific host to monitor its flows across the
IPSec tunnel of two PIXen.

Any suggestions appreciated.

Mark

-Original Message-
From: Greg Reaume [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 08, 2002 11:50 PM
To: [EMAIL PROTECTED]
Subject: Re: protocol monitoring software [7:55110]

Sam,

OVER HERE!  LOOK HERE!  PICK ME!

:)  Seriously though, take a look at NetFlow.  Nice flow based
accounting
exported at flow conclusion by the router to a 'collector'.  It records,
on
a per-flow basis, src AS, src IP, src port, dst AS, dst IP, dst port,
pkts
in flow, B in flow, start time, stop time, etc, etc, etc.  I'm sure you
get
the idea; this is pretty powerful stuff!

You can have your collector aggregate all the flow exports over a given
time
period, or you can have your router do it before it sends the info to
the
collector.  Cisco sells their own commercial products to collect and
analyze
and they also partner with 3rd party commercial vendors to provide you
with
collectors and analyzers.  The best stuff though, IMHO, are the tools
from
the open source community.  Cisco acknowledges these tools and even
lists
where you can get them on their website, however, they are obviously not
supported.

Start here:

http://www.cisco.com/go/netflow

http://net.doit.wisc.edu/~plonka/FlowScan/

http://www.splintered.net/sw/flow-tools/

http://www.columbia.edu/acis/networks/advanced/CUFlow/


There are good examples of implementations here:

http://wwwstats.net.wisc.edu/

http://www.canet3.net/stats/map.html


And of course, although they have no relation to NetFlow, no disscussion
of
network monitoring tools is complete without Tobi's Tools:

http://www.smokeping.org

http://www.mrtg.org

http://www.rrdtool.org


HTH,

Greg Reaume


""Cliff Stewart""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Sam,

Have you taken a look at NBAR? Take a look at the
Cisco IOS Quality of Service Solutions Configuration Guide
it should work for you.

-Cliff

-Original Message-
From: "sam sneed"
To: [EMAIL PROTECTED]
Date: Tue Oct 08 10:19:08 PDT 2002
Subject: protocol monitoring software [7:55110]

>Hello,
>
>  I am looking for software that will monitor what kind of traffic is
going
>through my network and report it.I am only concerned with what is going
>through my firewall so I will place the monitoring station on a hub
with
the
>firewall or use SPAN port. Here are requirements:
>
>Doesn't use netflow to collect data, want to use libpcap to capture
data.
>Want breakdown of what type of traffice by bytes and %'s ie. HTTP, FTP,
SMTP
>etc.
>Do not want to use NTOP, too much of a pain in the ass to get it to
work
>longer than 20 minutes without a seg fault.
>Would like the output in graphical form preferbably embeded in a web
page.
>
>If anyone has come across this please let me know. I'm contemplating
writing
>my own software but would rather not.
>
>Thanks.
___
GO.com Mail
Get Your Free, Private E-mail at http://mail.go.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55152&t=55110
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: protocol monitoring software [7:55110]

2002-10-08 Thread Greg Reaume


Here's the 'man' page on flow-tools.  It gives a good overview of NetFlow,
the different versions and their assoc export fields, and what 'goodies'
flow-tools includes.

http://www.splintered.net/sw/flow-tools/docs/flow-tools.html

Read this.

Greg Reaume


""Greg Reaume""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Mark,

No, unfortunately NetFlow isn't supported on the PIX, like many other
things.

Really though, you don't want to run it there.  Because NetFlow exports the
level of detail that it does, you can gather all your stats for your entire
network just by running it on all your edge routers.  All you need to make
sure of is that a flow originates behind a NetFlow enabled router, and that
it is destined for a prefix that either resides on a subnet of another
NetFlow enabled router in your AS, or a prefix which is beyond your AS (in
which case you catch that too because you're running NetFlow at your
ASBR(s)).  You don't want to run this in your core or anywhere else there
are not hosts.

If you want to single out a /32 (or a particular port on a host or group of
hosts) and view the activity as perceived by NetFlow, you can use the
'flow-tools'.  The flow-tools is a package I listed a link to below and it
includes a number of handy little tools.  'flow-filter' will allow you to
filter on any attribute in the flow record and output the info to stdio.

HTH,

Greg Reaume


""Mark W. Odette II""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Is there something similar to this NetFlow for the PIX??

I could use a tool that monitors each flow of traffic, perhaps even with
the ability to specify a specific host to monitor its flows across the
IPSec tunnel of two PIXen.

Any suggestions appreciated.

Mark

-Original Message-
From: Greg Reaume [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 08, 2002 11:50 PM
To: [EMAIL PROTECTED]
Subject: Re: protocol monitoring software [7:55110]

Sam,

OVER HERE!  LOOK HERE!  PICK ME!

:)  Seriously though, take a look at NetFlow.  Nice flow based
accounting
exported at flow conclusion by the router to a 'collector'.  It records,
on
a per-flow basis, src AS, src IP, src port, dst AS, dst IP, dst port,
pkts
in flow, B in flow, start time, stop time, etc, etc, etc.  I'm sure you
get
the idea; this is pretty powerful stuff!

You can have your collector aggregate all the flow exports over a given
time
period, or you can have your router do it before it sends the info to
the
collector.  Cisco sells their own commercial products to collect and
analyze
and they also partner with 3rd party commercial vendors to provide you
with
collectors and analyzers.  The best stuff though, IMHO, are the tools
from
the open source community.  Cisco acknowledges these tools and even
lists
where you can get them on their website, however, they are obviously not
supported.

Start here:

http://www.cisco.com/go/netflow

http://net.doit.wisc.edu/~plonka/FlowScan/

http://www.splintered.net/sw/flow-tools/

http://www.columbia.edu/acis/networks/advanced/CUFlow/


There are good examples of implementations here:

http://wwwstats.net.wisc.edu/

http://www.canet3.net/stats/map.html


And of course, although they have no relation to NetFlow, no disscussion
of
network monitoring tools is complete without Tobi's Tools:

http://www.smokeping.org

http://www.mrtg.org

http://www.rrdtool.org


HTH,

Greg Reaume


""Cliff Stewart""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Sam,

Have you taken a look at NBAR? Take a look at the
Cisco IOS Quality of Service Solutions Configuration Guide
it should work for you.

-Cliff

-Original Message-
From: "sam sneed"
To: [EMAIL PROTECTED]
Date: Tue Oct 08 10:19:08 PDT 2002
Subject: protocol monitoring software [7:55110]

>Hello,
>
>  I am looking for software that will monitor what kind of traffic is
going
>through my network and report it.I am only concerned with what is going
>through my firewall so I will place the monitoring station on a hub
with
the
>firewall or use SPAN port. Here are requirements:
>
>Doesn't use netflow to collect data, want to use libpcap to capture
data.
>Want breakdown of what type of traffice by bytes and %'s ie. HTTP, FTP,
SMTP
>etc.
>Do not want to use NTOP, too much of a pain in the ass to get it to
work
>longer than 20 minutes without a seg fault.
>Would like the output in graphical form preferbably embeded in a web
page.
>
>If anyone has come across this please let me know. I'm contemplating
writing
>my own software but would rather not.
>
>Thanks.
___
GO.com Mail
Get Your Free, Private E-mail at http://mail.go.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55153&t=55110
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: protocol monitoring software [7:55110]

2002-10-08 Thread Greg Reaume


I sent this and then it showed up in my newsreader as removed from server.
?  My apologies if I double post.

Greg

"Greg Reaume"  wrote in message news:...
Here's the 'man' page on flow-tools.  It gives a good overview of NetFlow,
the different versions and their assoc export fields, and what 'goodies'
flow-tools includes.

http://www.splintered.net/sw/flow-tools/docs/flow-tools.html

Read this.

Greg Reaume


""Greg Reaume""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Mark,

No, unfortunately NetFlow isn't supported on the PIX, like many other
things.

Really though, you don't want to run it there.  Because NetFlow exports the
level of detail that it does, you can gather all your stats for your entire
network just by running it on all your edge routers.  All you need to make
sure of is that a flow originates behind a NetFlow enabled router, and that
it is destined for a prefix that either resides on a subnet of another
NetFlow enabled router in your AS, or a prefix which is beyond your AS (in
which case you catch that too because you're running NetFlow at your
ASBR(s)).  You don't want to run this in your core or anywhere else there
are not hosts.

If you want to single out a /32 (or a particular port on a host or group of
hosts) and view the activity as perceived by NetFlow, you can use the
'flow-tools'.  The flow-tools is a package I listed a link to below and it
includes a number of handy little tools.  'flow-filter' will allow you to
filter on any attribute in the flow record and output the info to stdio.

HTH,

Greg Reaume


""Mark W. Odette II""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Is there something similar to this NetFlow for the PIX??

I could use a tool that monitors each flow of traffic, perhaps even with
the ability to specify a specific host to monitor its flows across the
IPSec tunnel of two PIXen.

Any suggestions appreciated.

Mark

-Original Message-
From: Greg Reaume [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 08, 2002 11:50 PM
To: [EMAIL PROTECTED]
Subject: Re: protocol monitoring software [7:55110]

Sam,

OVER HERE!  LOOK HERE!  PICK ME!

:)  Seriously though, take a look at NetFlow.  Nice flow based
accounting
exported at flow conclusion by the router to a 'collector'.  It records,
on
a per-flow basis, src AS, src IP, src port, dst AS, dst IP, dst port,
pkts
in flow, B in flow, start time, stop time, etc, etc, etc.  I'm sure you
get
the idea; this is pretty powerful stuff!

You can have your collector aggregate all the flow exports over a given
time
period, or you can have your router do it before it sends the info to
the
collector.  Cisco sells their own commercial products to collect and
analyze
and they also partner with 3rd party commercial vendors to provide you
with
collectors and analyzers.  The best stuff though, IMHO, are the tools
from
the open source community.  Cisco acknowledges these tools and even
lists
where you can get them on their website, however, they are obviously not
supported.

Start here:

http://www.cisco.com/go/netflow

http://net.doit.wisc.edu/~plonka/FlowScan/

http://www.splintered.net/sw/flow-tools/

http://www.columbia.edu/acis/networks/advanced/CUFlow/


There are good examples of implementations here:

http://wwwstats.net.wisc.edu/

http://www.canet3.net/stats/map.html


And of course, although they have no relation to NetFlow, no disscussion
of
network monitoring tools is complete without Tobi's Tools:

http://www.smokeping.org

http://www.mrtg.org

http://www.rrdtool.org


HTH,

Greg Reaume


""Cliff Stewart""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Sam,

Have you taken a look at NBAR? Take a look at the
Cisco IOS Quality of Service Solutions Configuration Guide
it should work for you.

-Cliff

-Original Message-
From: "sam sneed"
To: [EMAIL PROTECTED]
Date: Tue Oct 08 10:19:08 PDT 2002
Subject: protocol monitoring software [7:55110]

>Hello,
>
>  I am looking for software that will monitor what kind of traffic is
going
>through my network and report it.I am only concerned with what is going
>through my firewall so I will place the monitoring station on a hub
with
the
>firewall or use SPAN port. Here are requirements:
>
>Doesn't use netflow to collect data, want to use libpcap to capture
data.
>Want breakdown of what type of traffice by bytes and %'s ie. HTTP, FTP,
SMTP
>etc.
>Do not want to use NTOP, too much of a pain in the ass to get it to
work
>longer than 20 minutes without a seg fault.
>Would like the output in graphical form preferbably embeded in a web
page.
>
>If anyone has come across this please let me know. I'm contemplating
writing
>my own software but would rather not.
>
>Thanks.
__

Re: protocol monitoring software [7:55110]

2002-10-09 Thread Greg Reaume


Sam,

Since NetFlow is an L3 technology, it won't be supported on the 3500XL.  You
don't need it here anyway.  You enable NetFlow at any L3 device which a
workstation may use as its gateway to the rest of the network/Internet, and
at your ASBR(s).  As for the 2948G-L3, I'm not sure if its supported under
CatOS; I coudn't tell you for sure one way or another without looking into
it further.  I do know that in IOS, NetFlow requires that you have an IP+
feature-set.

Greg Reaume


""sam sneed""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
So everyone seems to recommend Netflow. I don't know much about it but I'll
only ask these basic questions and research the rest:

My switches are 3548XL  and 2948g-L3 switches. Is netflow supported on these
by default or do I have to buy some feature package?
Could I just enable it on these models?

2948>sh ver
Cisco Internetwork Operating System Software
IOS (tm) L3 Switch/Router Software (CAT2948G-IN-M), Version 12.0(7)WX5(15a)
RELEASE SOFTWARE

Cisco3500-3>sh ver
Cisco Internetwork Operating System Software
IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)XU, RELEASE
SOFTWARE (fc1)

thanks a bunch.



""Greg Reaume""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Sam,
>
> OVER HERE!  LOOK HERE!  PICK ME!
>
> :)  Seriously though, take a look at NetFlow.  Nice flow based accounting
> exported at flow conclusion by the router to a 'collector'.  It records,
on
> a per-flow basis, src AS, src IP, src port, dst AS, dst IP, dst port, pkts
> in flow, B in flow, start time, stop time, etc, etc, etc.  I'm sure you
get
> the idea; this is pretty powerful stuff!
>
> You can have your collector aggregate all the flow exports over a given
time
> period, or you can have your router do it before it sends the info to the
> collector.  Cisco sells their own commercial products to collect and
analyze
> and they also partner with 3rd party commercial vendors to provide you
with
> collectors and analyzers.  The best stuff though, IMHO, are the tools from
> the open source community.  Cisco acknowledges these tools and even lists
> where you can get them on their website, however, they are obviously not
> supported.
>
> Start here:
>
> http://www.cisco.com/go/netflow
>
> http://net.doit.wisc.edu/~plonka/FlowScan/
>
> http://www.splintered.net/sw/flow-tools/
>
> http://www.columbia.edu/acis/networks/advanced/CUFlow/
>
>
> There are good examples of implementations here:
>
> http://wwwstats.net.wisc.edu/
>
> http://www.canet3.net/stats/map.html
>
>
> And of course, although they have no relation to NetFlow, no disscussion
of
> network monitoring tools is complete without Tobi's Tools:
>
> http://www.smokeping.org
>
> http://www.mrtg.org
>
> http://www.rrdtool.org
>
>
> HTH,
>
> Greg Reaume
>
>
> ""Cliff Stewart""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Sam,
>
> Have you taken a look at NBAR? Take a look at the
> Cisco IOS Quality of Service Solutions Configuration Guide
> it should work for you.
>
> -Cliff
>
> -Original Message-
> From: "sam sneed"
> To: [EMAIL PROTECTED]
> Date: Tue Oct 08 10:19:08 PDT 2002
> Subject: protocol monitoring software [7:55110]
>
> >Hello,
> >
> >  I am looking for software that will monitor what kind of traffic is
going
> >through my network and report it.I am only concerned with what is going
> >through my firewall so I will place the monitoring station on a hub with
> the
> >firewall or use SPAN port. Here are requirements:
> >
> >Doesn't use netflow to collect data, want to use libpcap to capture data.
> >Want breakdown of what type of traffice by bytes and %'s ie. HTTP, FTP,
> SMTP
> >etc.
> >Do not want to use NTOP, too much of a pain in the ass to get it to work
> >longer than 20 minutes without a seg fault.
> >Would like the output in graphical form preferbably embeded in a web
page.
> >
> >If anyone has come across this please let me know. I'm contemplating
> writing
> >my own software but would rather not.
> >
> >Thanks.
> ___
> GO.com Mail
> Get Your Free, Private E-mail at http://mail.go.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55208&t=55110
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VLAN routing on 2600

PIX, VPN & DHCP

PIX, VPN & DHCP

Repost: PIX, VPNs & DHCP

CiscoPress.com

WIC-2A/S & Courier Modems?

Re: WIC-2A/S & Courier Modems?

Re: CiscoPress.com

Re: Configuring NAT

Re: Cat3500xl multi vlan config question

Re: Ethernet WIC for 1700 router

Re: DHCP server and IP Nat On 2621

Re: urgent PIX help AGAIN

Re: CISCO SWITCH

Re: WHIZZ KIDS WHO HAVE THE CCIE number

Re: ISL Trunk on a 2500

Re: NAT with VPN doesn't work with PIX

repost: Cisco Testing online

Re: VPN & NAT

Re: VPN 3DES ON 2MB Link with 25XX

WIC-2A/S back-to-back cables?

Re: Cisco 805 Router serial port

OT: Know of any good internetworking programs? [7:41468]

Re: How to restrict hubs in a LAN [7:54937]

Re: Route-map question (urgent) [7:54910]

Re: How to restrict hubs in a LAN [7:54937]

Re: Route-map question (urgent) [7:54910]

Re: Route-map question (urgent) [7:54910]

Re: protocol monitoring software [7:55110]

Re: protocol monitoring software [7:55110]

Re: protocol monitoring software [7:55110]

Re: protocol monitoring software [7:55110]

Re: protocol monitoring software [7:55110]

33 matches

Site Navigation

Mail list logo

Footer information