Re: VLAN routing on 2600
Don't forget the 2650 series as well plus IOS. ""Groupstudy"" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The 2620 and 2621 have fast ethernet ports and support trunking with IP Plus > IOS. > > - Original Message - > From: Kevin Wigle <[EMAIL PROTECTED]> > To: Daniel Cotts <[EMAIL PROTECTED]>; 'kz' <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]> > Sent: Saturday, February 03, 2001 8:13 PM > Subject: Re: VLAN routing on 2600 > > > > except 2600's don't do the fe thing.. > > > > > > - Original Message - > > From: "Daniel Cotts" <[EMAIL PROTECTED]> > > To: "'kz'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > Sent: Friday, 02 February, 2001 10:26 > > Subject: RE: VLAN routing on 2600 > > > > > > > Those with 100Mbs ports. > > > > > > > -Original Message- > > > > From: kz [mailto:[EMAIL PROTECTED]] > > > > Sent: Friday, February 02, 2001 4:33 AM > > > > To: [EMAIL PROTECTED] > > > > Subject: VLAN routing on 2600 > > > > > > > > > > > > Hi > > > > > > > > Is it possible to perform VLAN routing on 2600 routers? > > > > > > > > thanx > > > > kz > > > > > > > > _ > > > > FAQ, list archives, and subscription info: > > > > http://www.groupstudy.com/list/cisco.html > > > > Report misconduct > > > > and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > > > > _ > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX, VPN & DHCP
Hi All, I was wondering if it's possible to forward DHCP packets through a PIX-PIX VPN tunnel? I have 1 DHCP server and would like to start using it for my branch offices seeing as they have more problems with DHCP and no IT staff to support it. I haven't found any documentation on this. Has anyone done this? Thanks in advance, Greg _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX, VPN & DHCP
Hi All, I was wondering if it's possible to forward DHCP packets through a PIX-PIX VPN tunnel? I have 1 DHCP server and would like to start using it for my branch offices seeing as they have more problems with DHCP and no IT staff to support it. I haven't found any documentation on this. Has anyone done this? Thanks in advance, Greg _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Repost: PIX, VPNs & DHCP
Hi All, I was wondering if it's possible to forward DHCP packets through a PIX-PIX VPN tunnel? I have 1 DHCP server and would like to start using it for my branch offices seeing as they have more problems with DHCP and no IT staff to support it. I haven't found any documentation on this. Has anyone done this? Thanks in advance, Greg _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CiscoPress.com
Website is back up but I'm just getting Oracle ODBC driver errors on every page. Can't see anything. I've already e-mailed [EMAIL PROTECTED] because there is no [EMAIL PROTECTED] No response yet. Is anyone else having the same problem? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
WIC-2A/S & Courier Modems?
Hi There, I have a 1750 with a WIC-2A/S (2 Asynchronous/Synchronous Serial) and 2 USR Courier V.Everything modems attached via 2 DB25-SmartSerial cables. The courier modems have a synchronous mode I'd like to use and was wondering if anyone here has tried this configuration before. I've tried putting the couriers in sync mode and using in-band v.25 dialer on the dialer interface but I keep getting a message saying encapsulation failed in the debug. I've tried both PPP & HDLC and got same message. I don't have too much experience with dial-up so I may be doing something wrong as far as configuration goes. I've just done ISDN before. If anyone could provide a sample config or suggestion to get me on the right track I'd really appreciate it. I've already spent the last 3 days scouring CCO for some configs but all dial-up stuff with chat-scripts and the like are for asynchronous and I can't seem to find much on sync. I'd like to use PPP if possible and bond the two channels. TIA, Greg _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: WIC-2A/S & Courier Modems?
Sorry, I forgot to mention that I do, of course, have the same modems on the other end of the POTS connection hanging off a WIC-2A/S on a 2600. Also, for reference I've included the link to the Courier's documentation. The section about sync mode is chapter 12. ftp://ftp.usr.com/usr/dl05/1024494.pdf TIA, Greg ""Greg Reaume"" <[EMAIL PROTECTED]> wrote in message 90eh6d$j21$[EMAIL PROTECTED]">news:90eh6d$j21$[EMAIL PROTECTED]... Hi There, I have a 1750 with a WIC-2A/S (2 Asynchronous/Synchronous Serial) and 2 USR Courier V.Everything modems attached via 2 DB25-SmartSerial cables. The courier modems have a synchronous mode I'd like to use and was wondering if anyone here has tried this configuration before. I've tried putting the couriers in sync mode and using in-band v.25 dialer on the dialer interface but I keep getting a message saying encapsulation failed in the debug. I've tried both PPP & HDLC and got same message. I don't have too much experience with dial-up so I may be doing something wrong as far as configuration goes. I've just done ISDN before. If anyone could provide a sample config or suggestion to get me on the right track I'd really appreciate it. I've already spent the last 3 days scouring CCO for some configs but all dial-up stuff with chat-scripts and the like are for asynchronous and I can't seem to find much on sync. I'd like to use PPP if possible and bond the two channels. TIA, Greg _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CiscoPress.com
I don't understand why they wouldn't build & test this thing in the background while the old one was still up. It blows me away that they would post a site with no database content. Why even put it up!? That under construction message seemed to be fine with them to have it up before, why the rush now!? ""Bharat Suneja"" <[EMAIL PROTECTED]> wrote in message 90gd2n$2om$[EMAIL PROTECTED]">news:90gd2n$2om$[EMAIL PROTECTED]... CiscoPress.com is back up, no ODBC erros, 6:17 AM on Monday. But the products have probably not been populated in the database.. nothing shows up in any of the catalogs - CCNA, CCDA, CCNP, et al. They're working on it I guess.. but how's this any different or better than the previous site. I fail to see any difference. :-) Bharat Suneja ""Greg Reaume"" <[EMAIL PROTECTED]> wrote in message 90ba00$p6t$[EMAIL PROTECTED]">news:90ba00$p6t$[EMAIL PROTECTED]... > Website is back up but I'm just getting Oracle ODBC driver errors on every > page. Can't see anything. I've already e-mailed [EMAIL PROTECTED] > because there is no [EMAIL PROTECTED] No response yet. > > Is anyone else having the same problem? > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Configuring NAT
I have looked into doing something similar in one of my branch offices. We would be getting ADSL provided with an ADSL modem and dynamic IP. We are getting a PIX-506 to provide firewalling for that office and VPN tunnel services to our datacentre. The outside interface connected to the ADSL modem, the inside interface connected to the LAN segment. PIXOS 5.2 (I believe) supports something Cisco calls EasyIP. EasyIP *apparently* can use a DHCP client on an interface you specifiy. I know that IOS does use EasyIP but I'm not 100% sure that IOS supports the same feature, but am quite confident I've read that it does in my research of the PIX-506. You will need a minimum of IOS 12.1 or a 12.0(T) image to support EasyIP. (Corrections are of course welcome) As far as the rest of the configuration goes, the equipment looks right, though you may want to look into a WIC-1FE. This is a WIC with a Fast Ethernet interface and I've read about this WIC coming out for the 1700 series soon, it may be supported in an upcoming revision of IOS for the 2600s. Having this WIC would allow you to eliminate the 2509 altogether. You stated that you want to setup NAT on the 2620. I assume this will be a NAT 'overloading' or PAT implementation. Be careful here, you may want to move your NAT implementation to the 2509. The outside interface of your 2509 will have the external IP and of course you will want to give the inside interface an internal one. The interface on the 2620 attached to the 2509 will also have an internal IP as well as the interface connected to your LAN segment. If you implement NAT on the 2620, you will be NATing all your internal addresses to one other internal address and passing that traffic with that address to the 2509. Once at the 2509, you would have to NAT the traffic again to get it on an external, routeable IP. (Is NATing twice even possible?) With the NAT on the 2509 only, you could just route all your LAN traffic destined for the WAN to the 2509 vanila style and let it translate them once to one external IP. That's my thoughts, open to correction or suggestions of course. HTH, Greg ""Tanner_Green"" <[EMAIL PROTECTED]> wrote in message 90hkbt$qpp$[EMAIL PROTECTED]">news:90hkbt$qpp$[EMAIL PROTECTED]... Crude Network Diagram Segment To Internet / / +---+ | ADSL Modem | +---+ | | IP Address that changes on E0 | +---+ | Cisco 2509| +---+ | | Serial Link | +---+ | Cisco 2620| +---+ | / / To Ethernet Lan Network 10.0.0.0 255.0.0.0 25-50 users. -- Problem: How do you configure a Cisco 2509 to accommodate a dynamic IP from an ADSL modem? -- Requirements I am trying to accomplish the above as a lab exercise. I have been unsuccessful and would appreciate advice. I want to: A.) Have the 2509 obtain and store the changing dynamic IP from the ADSL modem. B.) Route between the 2509 and 2620 via a serial link C.) Have the 2620 setup as NAT router for the local LAN of 240 users. -- Goal Trying to use the above equipment to simulate the process of a Cisco 675, Cayman 3220 or similar SOHO router. -- Constraints Cannot purchase routers listed in above goal. -- Questions 1.) Can this be done? I am unable to find anything on CCO that gives a sample config of this type. Ref: http://www.cisco.com/warp/public/701/60.html http://www.cisco.com/warp/public/556/index.shtml 2.) Can this be done with one router? Appears no but the dumb question is the one that you done ask. 3.) Is there a better way to do this? - Thank you for your help. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cat3500xl multi vlan config question
...a router with VLAN support that is. Most hardware platforms will do as long as they have fast ethernet port and plus image IOS. Greg "Jason Baker" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... you need a router to route between vlan's Regards, Jason Baker Network Engineer MCSE, CCNA -Original Message- From: Pete [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 21, 2000 2:50 PM To: [EMAIL PROTECTED] Subject: Cat3500xl multi vlan config question Importance: High Hey, First off, I'm not too familiar with Cisco 3500 xl switches. I configured a switch with 3 VLANs, I assigned an IP address to each VLAN, I also added the necessary ports in each VLAN. After everything is said and done the 3rd VLAN (servers) didn't have connectivity to the other VLANs. I couldn't find a command to allow me to assign a default route to each VLAN. Does anyone have any ideas how I can make the VLAN's work? Sincerely, Peter Kurdziel CCNA,CCDA,MCSE,MCP+I http://www.inotez.com Cisco Q&A http://www.inotez.com/discus _NetZero Free Internet Access and Email__ http://www.netzero.net/download/index.html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ethernet WIC for 1700 router
My understanding was the part number would be WIC-1FE since the 1700 series runs fast ethernet interfaces. ISL can only be done with fast ethernet interfaces but I haven't seen any documentation yet about wheather or not the 1700 series supports ISL at all. Can anyone else clear this up? Greg "Andrew Larkins" <[EMAIL PROTECTED]> wrote in message 8F5F72F80EF5D311ADE600A0C9DCF862BEAC77@UBDCCOMJHBEX">news:8F5F72F80EF5D311ADE600A0C9DCF862BEAC77@UBDCCOMJHBEX... Does anyone have an idea if the new wic-1enet supports ISL Andrew Larkins BCom, CCNA, CCDA Bytes Technology Group Tel: +2711 800-9300 Fax: +2711 800-9496 Cell: +2783-656-7214 Email: [EMAIL PROTECTED] OR [EMAIL PROTECTED] "This message may contain information which is confidential and subject to legal privilege. If you are not the intended recipient, you may not peruse, use, disseminate, distribute or copy this message. If you have received this message in error, please notify the sender immediately by email, facsimile or telephone and return and/or destroy the original message." _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DHCP server and IP Nat On 2621
No offense intended, but whatever happened to good old fashioned RTFM. :) When I had to implement a config such as you state, it took me approx. 5 minutes to find an information source on CCO and about 1 hour to get it setup and to work out my mistakes. I think that the lessons learned by going through the steps and thinking for yourself are much more valueable than getting a "quick fix" from a newsgroup. What if you have problems and nobody will troubleshoot them for you? You will not truly understand the technology or it's implementation, and you will be dead in the water. You'll just end up having to go through the same steps after to learn about it as you should've in the first place. Try starting with a search for EasyIP (Phase 2), DHCP Server, or NAT on CCO. Good luck, happy hunting. Greg "muhammad hafiz" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > > Could any one send me the following configuration: > > 1)I want to make DHCP server on 2621. > > 2) I have 2621 router and I want to do the IP Nating > on e0, the scenario is > > > Switchrouter (2621)|switch router---Internet > My site client site > > 2621 port e0 to client switch > > public ip is 130.0.0.x > dhcp server ip 130.0.0.x > our ip 192.168.0.x > > pl send me step by step configuration ASAP. > > Rashid > > > __ > Do You Yahoo!? > Yahoo! Shopping - Thousands of Stores. Millions of Products. > http://shopping.yahoo.com/ > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: urgent PIX help AGAIN
I just installed a PIX-506 and 10 was the max. I believe, though am not certain, this is the case accross all hardware platforms running 5.2 software. HTH Greg "Jim Bond" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Thank you! > > One more question: when I configure PIX as DHCP > server, it only allows 10 addresses in the pool. > Here is what I got: > > pixfirewall(config)# dhcpd address > 10.1.1.101-10.1.1.150 inside > Number of addresses exceeds limit > > Is 10 max? > > Thanks in advance. > > > > Jim > > --- Todd Plambeck <[EMAIL PROTECTED]> wrote: > > In the new version of PIX software 5.2(1) you can > > nat to an interface. > > Instead of the old command "global (outside) 1 > > x.x.x.x" use the command > > " global (outside) 1 interface ". You can read up on > > this new feature at: > > > > > http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/pixrn522.h tm#xtocid752631 > > > > I hope this helps. > > > > Todd > > CCNP/CCDP > > > > Jim Bond wrote: > > > > > Hello, > > > > > > I have only 1 ip address assigned by my ISP, how > > can I > > > use PIX to do NAT? Looks like PIX requires at > > least 2 > > > outside ip addresses, one for outside interface, > > one > > > for PAT. Is there a way to use only 1 ip address? > > > > > > Thanks in advance. > > > > > > Jim > > > > > > __ > > > Do You Yahoo!? > > > Yahoo! Photos - 35mm Quality Prints, Now Get 15 > > Free! > > > http://photos.yahoo.com/ > > > > > > **NOTE: New CCNA/CCDA List has been formed. For > > more information go to > > > http://www.groupstudy.com/list/Associates.html > > > _ > > > UPDATED Posting Guidelines: > > http://www.groupstudy.com/list/guide.html > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com > > > Report misconduct and Nondisclosure violations to > > [EMAIL PROTECTED] > > > > > __ > Do You Yahoo!? > Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! > http://photos.yahoo.com/ > > **NOTE: New CCNA/CCDA List has been formed. For more information go to > http://www.groupstudy.com/list/Associates.html > _ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CISCO SWITCH
I would guess you would have to use some solution like the "Auto-Switch" previously mentioned or any of the NICs with load balancing / fault tolerance support. You would then most likely configure spanning-tree redundancy between the two switches. That's a little messy though. I like the RPS with a hot standby processor card suggestion. Just my opinion. I have a 3548-XL with RPS and I've never had either PS or any ports fail. All in the name of disaster prevention though I guess. =) Good luck, Greg ""Pushkar Shirolkar"" <[EMAIL PROTECTED]> wrote in message 8rt3fo$c71$[EMAIL PROTECTED]">news:8rt3fo$c71$[EMAIL PROTECTED]... > hi, > > i have a requirement that says that i need to have a redundant cisco switch > .. i.e. there is a LAN and the if the switch fails .. the other switch > should take over. this is possible in the cisco 6000 series of switches ... > but is there some lower end solution .. that costs less and also my > requirement of ports on the switch is also less ... say about 24 ports ... > is there any product available which does so .. in 3500 or 2900 series ? > like using ISL (inter-switch link) .. but for the lower end switches ... > > Please reply ASAP > > thanx > Pushkar > > > **NOTE: New CCNA/CCDA List has been formed. For more information go to > http://www.groupstudy.com/list/Associates.html > _ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: WHIZZ KIDS WHO HAVE THE CCIE number
I work 28+ hours a week as the Senior Network Analyst for one of Canada's largest insurance brokerages. I go to college full time in a telecommunications program that was just moved into a $38mil new building with Cisco R&S up to the wazoo. I finished last year, my first year, with a perfect 4.0 GPA. I'm studying for Cisco certs, writing my NA & DA in Jan while all this is going on. I regularly attend parties, go out to clubs, and have an extremely understanding steady girlfriend of a year and a half now. I turned 20 on October 10. I can very safely say that I don't believe that I've missed out on one bit of my adolesence throughout this whole process. In fact, I believe the kind of people that I can relate to with the current knoledge I have, have just imparted upon me life lessons and critical teachings that I think everyone in life should have at this stage. I count myself extrememly lucky to have worked the people I have, and to have had the kind of mentors that I have had in the past few years. Computers haven't been my only focus in life so far. During high school I was overactively involved in the theater program, which was a 2 credit course which lasted 4 hours a day for a whole semester. After that I got involved in community theater and pride myself in being able to sing, dance and act in front of a few hundred people in a broadway style musical. Before my interest in theater I also played saxophone for the local Senior All-Star Jazz Band and am on their CD for that year. That would be 3 different types of saxophones by the way. :) I thuroughly enjoy my yearly trips to Montreal for the International Jazz Festival and the opportunities I've had to travel France, Italy, & Germany with my high school arts programs. I consider myself to be quite cultured, and enjoy aspects of life that I believe many people take for granted. This sort of pace at my age, for me, just puts things into perspective and allows me to say "Wow, just look at the world out there." I have always felt, and will always feel like there is so much I have done, but that will always pale in comparison to the things I have not done, seen, or experienced. Then I can turn around and take advantage of the opportunities I have to further myself in that wonderful world. It's not for everyone but if you're one of those people who can balance your life very well, then maybe it's for you. I've heard many people say this, and I very strongly believe in it and constantly use it as a principal motivation. "Nothing easy, is ever worth doing." Regards and best of luck, Greg ""Steven V. Snead"" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I just can't image what these kid are going to be able to do in the future. When you were 16 the internet was not what it is today the information these kid have today at there finger tips is awesome also faster. All I can say is he will be saying the same thing when he is 20 and see a 12 year getting into it. I'm not sure how these kids do socially though nor how mature they are. That does come with age. again my two cents, Steven V. Snead, MCSE, CCNA -Original Message- From: Denis Baldwin [mailto:[EMAIL PROTECTED]] Sent: Friday, October 13, 2000 10:58 AM To: 'Michael Le' Cc: [EMAIL PROTECTED] Subject: RE: WHIZZ KIDS WHO HAVE THE CCIE number There is a kid in my mother's neighboorhood that is 16 and just got his CCNA. HE is going for his CCIE now. I'm 20 and I feel so far behind in the game, just getting my CCNA now. Denis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael Le Sent: Friday, October 13, 2000 1:04 PM To: Brian; McCallum, Robert Cc: '[EMAIL PROTECTED]' Subject: Re: WHIZZ KIDS WHO HAVE THE CCIE number I don't know if he is the youngest to ever get it, but he's younger than any of the other responds. I know a guy at Cisco who was 17 when he got his CCIE. He's got R/S and ISP Dial. He's around 21 now I think. He used to work on the TAC but is now a consultant for Cisco. Mike --- Brian <[EMAIL PROTECTED]> wrote: > > 18, works for global data systems in louisiana > http://www.globaldatasys.com > > Brian > > > On Fri, 13 Oct 2000, McCallum, Robert wrote: > > > Here is a little poser for you all. Who is / was > the youngest CCIE and what > > was his / her age when they attained the CCIE? > > > > Robert McCallum > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > > --- > Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] > Network Administrator > ShreveNet Inc. (ASN 11881) > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __
Re: ISL Trunk on a 2500
Could you not also get a 2500 with 2 ethernet interfaces and connect one interface to each VLAN? It would be pretty much the same as connecting two routers with 1FE each via Serial, would it not? Greg "Juan Blanco" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Folks, I need help, I have 3 2500 router and 1 2900 switch, I want to be able to route between two vlans, I don't have a 100mb/s Ethernet interface on any of my routers. Questions: 1 There is a 100mb/s interface available for the 2500 2 If there is not a 100mb/s for the 2500 then there is a workaround to be able to do the same thing. Thanks in advance for your response. Juan _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT with VPN doesn't work with PIX
I'm not sure about the all or nothing question as far as address translation goes but I may have another suggestion you can look into. At my company we have a PIX on the edge of our network with no DMZ, just Inside & Outside. We are statically NATing all of our servers which need to be accesible to the outside. Internally they are 192.168.x.x and have external addresses on the outside. We have no internal DNS servers so the problem we were running into of course was that all resolutions to those server, whether the request was inside or outside, returned the external IP. I called Cisco to give them the problem and they told me to look into the 'alias' command. What it does is allows an internal client to attempt a connection to an external IP but when that external IP is just a NAT translation for an internal server, it redirects the traffic to that server without going outside. This allows for us to keep our existing setup and topology and always use external address for our clients inside and outside even though the server are internally addressed inside. I know it sounds a little confusing but look into it. It's fairly basic to understand when you see the config, and extremely easy to implement. It was a little tempermental, missing the odd resolution, when I first implemented it on 4.2 but since an upgrade, it has been absolutely fine. HPH, Greg <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Here's an interesting situation I've run across, and I'm curious to see if anyone has seen anything similar. I've got a PIX firewall that is doing static translation of several servers in our DMZ. These servers each have one NIC, with an inside 172.16.x.x address. On the outside, they have a 64.x.x.x address that works fine. Normally, when people who dial into our network, or are at corporate headquarters query DNS for these servers, they'll get the inside address, 172.16.x.x. When people outside the company query DNS for the same server, they get the outside address 64.x.x.x. This seems to work fine. The problem comes when a user VPN's into our network. They already have a connection with their ISP, and are using the ISP's name servers. Therefore, when they try to resolve our server name, they get the 64.x.x.x address. However, since they are VPN'ed into our network, the 64.x.x.x address is not valid. This problem exists even if we provide them with a DNS server internally...it seems that they resolve from their ISP's servers first. The only thing I've thought of so far is to have two different names for each box, but our developers are screaming about that idea. Is there anyway for the PIX to do address translation on some boxes, but not all? If we could leave these servers in the DMZ with only an outside address, that would be fantastic. Is this possible with PIX? I've been told that address translation is an all or nothing proposition. Thanks for any suggestions yall can provide. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
repost: Cisco Testing online
I apologize if this gets posted twice. It hadn't shown up on my end for over an hour. Message: What's the deal with this? Is it free for a CCO user? Do they record this in any way or is it just practice? Can you only take the tests once? Any response is appreciated. Greg _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN & NAT
Sorry, when I clicked on the link when first posted I got a request error. Not a document not found, but a 'request error'. I guess there were problems at the time, now it works. Thanks for the link. :) Greg ""Chuck Larrieu"" <[EMAIL PROTECTED]> wrote in message 8tt5l2$dlg$[EMAIL PROTECTED]">news:8tt5l2$dlg$[EMAIL PROTECTED]... one more reason to read my posts first - the link I sent is fine. can go in as either guest or registered. info looks to be about the same. here it is again. http://www.cisco.com/tac/newsflash/vpn2.html Chuck "Greg Reaume" <[EMAIL PROTECTED]> wrote in message news:8tt4o9$cic$[EMAIL PROTECTED]... > This link doesn't work. Mind reposting a checked one? :) > > Thx. > > "Duane Morgan" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED]... > I don't know who was trying to configure this, but this link might help: > > http://www.cisco.com/tac/newflash/vpn2.html > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN 3DES ON 2MB Link with 25XX
Hi Christophe, I have been looking into a similar solution except I have 5 branches accessing ALL their services from the head office and everything needs to be encrypted. I arranged the establishment of a PVC over fibre for 2 of the branches to the head office and have setup a router at one of those branches to also connect 2 other branches through it. This still leaves me with the problem of encrypting traffic from 1 branch to the head office. I called my local Cisco rep and gave them my scenario. They recommended a router based encryption solution at first but then I said I wanted 3DES and there would be approx 30 people using the connection from the branch. They told me the throughput on a 25/2600 series router is only about 256Kb@3DES. That means I can't utilize my 2Mb fibre connection between offices. =( They suggested I use the brand new PIX506. I told them at first I didn't have that kind of money but they explained that Cisco realized their shortcomings in the SOHO firewall market and designed this PIX with that segment in mind. It has 7Mb throughput @3DES and costs only $2300 CDN, less than my 2600 routers here. I just found my solution but I have yet to implement it. It's still in proposal right now. I'm planning on putting a PIX506 in the branch and moving the PIX520 we already have at our website branch to the head office. Hope this helps. Don't quote ME on the stats because I got them from a rep. ------ Greg Reaume Network Analyst Cowan Dalton Inc. 25 Bruce Street, P.O. Box 2007 Kitchener, ON, N2H 6K8 Office: (519)578-9001 x355 Fax: (519)578-0549 Cell: (905)741-4734 E-Mail: [EMAIL PROTECTED] Pager: (416)714-7405 / (519)220-6114 [EMAIL PROTECTED] --- Original message --- Hello, I wish to setup a 3DES VPN between two sites (a local and a remote site) on a 2MB serial link using 2 2502 cisco routeurs. I will have 30 people working on the remote site using telnet session, NT file and print with servers in the local site. Do you think the 25XX could handle such calculation (3DES processing) for such amount of user. If yes is someone already setup such thing ? regards, Christophe. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
WIC-2A/S back-to-back cables?
Hi there, I have a lab that has 2 2621s with a WIC-2A/S in each. Does anyone know what cables I need to connect these two routers back-to-back (DCE-DTE) to simulate a frame relay cloud? Or, if possible, please provide the cables and layout needed to connect 3 routers with this interface to have 2 end points and 1 switch? TIA -- Greg Reaume ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 805 Router serial port
Hi there, Were you able to find a cable config for what you were looking for? Do you understand the interface and req'd cables enough to provide me with a back-to-back fr cloud sim config or a back-to-back-to-back fr switched config? The reason I ask is because I have 2/3 2621s with WIC-2A/S cards in them that seem to have this "SmartSerial" interface you are referring to on your 805. These are lab routers and I need to find the cables and config to achieve a fr sim lab. Prefferably with all 3 routers to sim a fr switch and 2 end points. Any information you could provide me with would be very much appreciated. TIA, Greg "Hurin" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have a new 805 that has me stumped. All other serial interfaces Ive > seen use a DB-60 connector but this one has one Ive not seen before in > fact its not DB-anything. Checked the online cisco docs and have seen > no mention of this connector before. Show interfaces does have a > serial port for S0 but cant for the life of me figgure out what cable > is used here. > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associate-Announcement.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Know of any good internetworking programs? [7:41468]
Hi all, I am currently a college student that will be receiving a diploma in Telecommunications Technology (http://www.telecomtech.org) from Sheridan College (http://www.sheridanc.on.ca) in Dec 2002. I have decided that I wish to pursue a bachelors degree and possibly a masters thereafter, specifically an engineering degree. After browsing local university program calendars I find that most programs with any telecommunications content are generally labeled, "Electrical Engineering with a 'Specialization' in Telecommunications." I spoke to my current professors, who both have these degrees, and they say that the telecommunications content is a joke for the application in todays market unless you are looking only to deal with layer 1 technologies. Though my current program has provided me with an exceptional base of conceptual and technical knowledge, I feel the need to go deeper and truly understand the engineering detail of all this. I want to attend a program, International if I must, that was built from the ground up as an Internetwork Engineering program. A program with content focus above layer 1. I understand that all good engineering programs will contain advanced math and that all telecommunications oriented programs will contain electronics and physical layer material, though I do not want this to dominate the curriculum. I have found such programs as Internet Engineering (http://www.uow.edu.au/discover/courses/yr2002/benginternet.html) and Telecommunications Engineering (http://www.uow.edu.au/discover/courses/yr2002/cour736.html) in my brief and mostly futile searches, though only in 1 Australian University, Wollongong University. I post this here because I know that there are many knowledgeable and industry-aware poeple here, some of whom have made quite a name for themselves in our field. I figure that with the wealth of knowledge observing this forum there must be someone, that who themselves or through their associations, know of 'the' program I am looking for. I would greatly appreciate any leads or information anyone may be able to provide. Thanks for your time, Greg PS. I think this industry is in serious need of some type of educational search engine. In the short time I've spent on educational search pages I've found not one that specifically lists even a category acutely appropriate for the internetworking field. I am quite confident, being in a field related program and seeing the obvious void in this area, that such a definative resource would be a hit among seasoned academics and post-secondary students alike, wishing to extend their knowledge. Just a thought for anyone up to the challenge. :) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41468&t=41468 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to restrict hubs in a LAN [7:54937]
John, If WindowsXP is bridging two NICs it actually runs spanning-tree. It is a very nice feature for L1 redundancy. Though in your scenario I don't really see why they think that's necessary. I'm planning to use this functionality in the upcoming Windows.NET server to multihome all my servers, as long as it supports the concept of a loopback or virtual interface for L3 connectivity, to two different switches to protect against 48 servers failing because a switch burns out. I just wish MS had an add-on for Windows2K Server with this functionality so I don't have to wait. Check out these links: http://www.microsoft.com/WindowsXP/pro/techinfo/administration/homenetbridge /default.asp http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/c ableguy/cg0102.asp Correct me if I'm wrong but, from what I gather in your previous postings, loops seem to be your main concern. You say that it may very well be justified that these users need up to 5 PCs in their cube, or that you don't really want to get into that fight (whichever way you want to put it). You also say that it is very hard to run new drops. Why don't you take the approach of supporting them then, and instead of going through the work of running new drops, provide them with a small switch that runs spanning-tree. A 1548M (8-port desktop chassis) would do nicely for around $1K list. It allows for up to 4 local VLANs so the techs can do whatever they want on their own little switch. It also runs CDP so you can keep track of where they are through management tools like CiscoWorks, etc. If they want to clog up their link to the rest of the network with 5 PCs doing whatever, why not let them (as long as they do it safely)? Check here for more info on the 1548M: http://www.cisco.com/en/US/products/hw/switches/ps211/index.html HTH Greg Reaume ""JohnZ"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Well, when I wrote the orginal post I knew I will have these questions. Basically the first layer of support or help desk if you will have more PCs then the drops in their cubes. This is an old building not meant for an IS staff so there is some frustration on their part. I am not going to question if there is a legit need for folks to have 5 PCs when there is infact a seperate staging area to set up and test pcs for users. Any ways they know enough to be dangerous and there is no standard on hubs and I have seen where folks have created loops. Now with Windows XP I have seen some configs where 2 nics have been bridged via software I am not sure with what intent. Although it's been made clear many times not to use hubs but this is never enforced and I did not want to spend my time daily trying to hunt down the lawless. So that's when I thought if I could config the switch this will discourage the hub usage or bridging within pcs. I hope that answers most of the questions here. ""David j"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > See inline.. > Chuck's Long Road wrote: > > > > as much of a rulemeister as I am, I still have to look at this > > from the user > > standpoint. Why are users throwing their own hubs onto the > > network? Is there > > a business case to be made? Is facilities too slow getting > > requested cable > > pulls done? > > > > what is the concern with a user plugging a hub in at the desk > > and then > > connected a couple of extra PC's? if the problem is one of dual > > homing by > > accident or otherwise, I can see the issue with spanning tree > > recalculations. But in a single home situation, what do you > > see as the > > issues? > > > > I see one issue: collisions, if you have a switched network you don't want > to deal with collisions that hubs normally produce. I have to recognize, > though, that hubs sometimes are very convenient and I'm the first on using > them. > > > when you say that "politically, it's a mess" what does that > > mean? high > > powered sales people throwing their weight around? management > > does not > > respect your input or concerns? something bad is happening, and > > it's rolling > > downhill? > > > In some environments it's politically unacceptable, I know some hospitals in > which you have to fill in a lot papers before being allowed to use a PC, so > in that environments this could perfectly be part of the policy. > > > I'm not questioning the wisdom or the necessity for doing what > > others have > > suggested. I'm just wondering why it is necessary for the > > network manager / > > network staff to unilaterally cut off user access. > > > > > >
Re: Route-map question (urgent) [7:54910]
Yasser, Be careful here... you don't know if the only segment for which he wants HTTP redirected is the one connected via fa2/0, there may be more. Offering a solution without knowing all his requirements will just lead him into deeper confusion. Nabil, The best way to find your answer is to go and learn this thoroughly for yourself. And as always, never put yourself in a position where you are urgently required to do something you've never done without a lifeline setup prior to your need. No manager that I have worked with has ever blamed someone for saying, "I've never done that before and I'd feel more comfortable taking some time to understand it". If the need is that urgent that there is no time to spare, you should be able to call TAC under your service contract, right? :) Good luck. Greg Reaume ""YASSER ALY"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... No, you need to do the follwoing access-list 101 permit tcp any any eq 80 route-map http_traffic permit 10 match ip address 101 set next-hop 10.10.10.141 route-map nttp_traffic permit 20 ! int fa2/0 ip policy route-map http_traffic >From: "[EMAIL PROTECTED]" >Greetings, > >Need help with a route-map question. I need to force all http traffic >to go to 10.10.10.141 address, does my config below allow me to do just >that? > > >access-list extended 101 permit tcp any host 10.10.10.141 eq 80 >access-list extended 101 permit ip any any > >route-map http_traffic permit 10 > match ip address 101 > >int fa2/0 (10.10.10.141 address is behind this interface) >ip policy route-map http_traffic > >Thanks...Nabil > >"I have never let my schooling interfere misconduct and Nondisclosure violations to [EMAIL PROTECTED] Join the worlds largest e-mail service with MSN Hotmail. Click Here Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54975&t=54910 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to restrict hubs in a LAN [7:54937]
Great! Just what I needed. Thanks for the clarification. Now that I think about it, the ability to set TCP/IP properties on the 'Network Bridge' item is a dead giveaway. :) Greg Reaume ""Erick B."" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Greg, Windows XP does this by default in some situations. If you have a PC with a Ethernet NIC and firewire adapter, it will bridge the 2 interfaces together and create a logical L3 interface that the protocols are bound to all by default. --- Greg Reaume wrote: > John, > > If WindowsXP is bridging two NICs it actually runs > spanning-tree. It is a > very nice feature for L1 redundancy. Though in your > scenario I don't really > see why they think that's necessary. I'm planning to > use this functionality > in the upcoming Windows.NET server to multihome all > my servers, as long as > it supports the concept of a loopback or virtual > interface for L3 > connectivity, to two different switches to protect > against 48 servers > failing because a switch burns out. I just wish MS > had an add-on for > Windows2K Server with this functionality so I don't > have to wait. > > Check out these links: > > http://www.microsoft.com/WindowsXP/pro/techinfo/administration/homenetbridge > /default.asp > > http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/c > ableguy/cg0102.asp > > > > Correct me if I'm wrong but, from what I gather in > your previous postings, > loops seem to be your main concern. You say that it > may very well be > justified that these users need up to 5 PCs in their > cube, or that you don't > really want to get into that fight (whichever way > you want to put it). You > also say that it is very hard to run new drops. Why > don't you take the > approach of supporting them then, and instead of > going through the work of > running new drops, provide them with a small switch > that runs spanning-tree. > > A 1548M (8-port desktop chassis) would do nicely for > around $1K list. It > allows for up to 4 local VLANs so the techs can do > whatever they want on > their own little switch. It also runs CDP so you can > keep track of where > they are through management tools like CiscoWorks, > etc. If they want to clog > up their link to the rest of the network with 5 PCs > doing whatever, why not > let them (as long as they do it safely)? > > Check here for more info on the 1548M: > http://www.cisco.com/en/US/products/hw/switches/ps211/index.html > > HTH > > Greg Reaume > > > > ""JohnZ"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Well, when I wrote the orginal post I knew I will > have these questions. > Basically the first layer of support or help desk if > you will have more PCs > then the drops in their cubes. This is an old > building not meant for an IS > staff so there is some frustration on their part. I > am not going to question > if there is a legit need for folks to have 5 PCs > when there is infact a > seperate staging area to set up and test pcs for > users. Any ways they know > enough to be dangerous and there is no standard on > hubs and I have seen > where folks have created loops. Now with Windows XP > I have seen some configs > where 2 nics have been bridged via software I am not > sure with what intent. > Although it's been made clear many times not to use > hubs but this is never > enforced and I did not want to spend my time daily > trying to hunt down the > lawless. So that's when I thought if I could config > the switch this will > discourage the hub usage or bridging within pcs. I > hope that answers most of > the questions here. > ""David j"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > See inline.. > > Chuck's Long Road wrote: > > > > > > as much of a rulemeister as I am, I still have > to look at this > > > from the user > > > standpoint. Why are users throwing their own > hubs onto the > > > network? Is there > > > a business case to be made? Is facilities too > slow getting > > > requested cable > > > pulls done? > > > > > > what is the concern with a user plugging a hub > in at the desk > > > and then > > > connected a couple of extra PC's? if the problem > is one of dual > > > homing by > > > accident or otherwise, I can see the issue with > spanning tree > > > recalculations. But in a single home situation, > what do you > > >
Re: Route-map question (urgent) [7:54910]
Yasser, I agree, everyone should be conscious that any advice received through a source such as this, although quite skilled, can only be advice given based on the information one has provided. This advice is only as accurate and comprehensive as one's presented question or scenario. About the postings, I know that I use Outlook Express through Outlook (news button), and I do see the postings that I make in each thread. However, I can only choose to either post to thread, or reply directly to sender. If I want to do both I must manually add the destinations to the message. Greg Reaume ""YASSER ALY"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Greg, Thank you for what you have said. My suggestions were based on the scenario that Nabil mentioned. Being the fact that his real life scenario is different that what he said fall under his attention to consider. It's just something to give some light for him but you do have a point that he should read more before considering doing something he never did before. BTW, is it normal that somebody's postings to the list not to be sent to his e-mail. Eachtime I send to the list either a question or a reply I don't get a clue that it has been received until someone like you replies quoting what I have said, Regards, Yasser >From: "Greg Reaume" >Yasser, > >Be careful here... you don't know if the only segment for which he wants >HTTP redirected is the one connected via fa2/0, there may be more. Offering >a solution without knowing all his requirements will just lead him into >deeper confusion. > > >Nabil, > >The best way to find your answer is to go and learn this thoroughly for >yourself. And as always, never put yourself in a position where you are >urgently required to do something you've never done without a lifeline setup >prior to your need. No manager that I have worked with has ever blamed >someone for saying, "I've never done that before and I'd feel more >comfortable taking some time to understand it". If the need is that urgent >that there is no time to spare, you should be able to call TAC under your >service contract, right? :) > >Good luck. > >Greg Reaume > > >""YASSER ALY"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >No, you need to do the follwoing > >access-list 101 permit tcp any any eq 80 > >route-map http_traffic permit 10 > >match ip address 101 > >set next-hop 10.10.10.141 > >route-map nttp_traffic permit 20 > >! > >int fa2/0 > >ip policy route-map http_traffic > > > > >From: "[EMAIL PROTECTED]" >Greetings, > >Need help with a >route-map question. I need to force all http traffic >to go to >10.10.10.141 address, does my config below allow me to do just >that? > > > >access-list extended 101 permit tcp any host 10.10.10.141 eq 80 > >access-list extended 101 permit ip any any > >route-map http_traffic >permit 10 > match ip address 101 > >int fa2/0 (10.10.10.141 address is >behind this interface) >ip policy route-map http_traffic > > >Thanks...Nabil > >"I have never let my schooling interfere >misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > >Join the worlds largest e-mail service with MSN Hotmail. Click Here > misconduct and Nondisclosure violations to [EMAIL PROTECTED] Join the worlds largest e-mail service with MSN Hotmail. Click Here Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54981&t=54910 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Route-map question (urgent) [7:54910]
That is something that you could do using NAT statements (port address translation/port forwarding/network address port translation, etc.): ! int fa0/0 desc external interface ! ip below used as an example, I apologize if it, although unlikely, matches anyone's config. ip add 216.253.64.2 255.255.255.252 ip nat outside ! int fa0/1 desc internal interface ip add 192.168.1.1 255.255.255.0 ip nat inside ! ip nat inside source static tcp 192.168.1.10 80 216.253.64.2 80 ip nat inside source static tcp 192.168.1.20 21 216.253.64.2 21 ! Of course, if this router is acting in this fashion when it comes to NAT, it would be assumed that it will also run the firewall feature-set and be secured appropriately. You would have to permit this particular traffic in your external access-lists. HTH Greg Reaume ""Harold Monroe"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... This is something I've been wondering about also. As I understand it when you "set ip next-hop" it forces the packet to go out a particular interface. How about if you want the destination address changed for a particular type of traffic so HTTP traffic goes to an HTTP server and FTP to an FTP server. For example, if you have only one Public IP Address and if HTTP comes in you want its destination address changed to 192.168.1.10, if FTP change its destination address to 192.168.1.20 -Original Message- From: Stefan Razeshu [mailto:[EMAIL PROTECTED]] Sent: Monday, October 07, 2002 4:16 AM To: [EMAIL PROTECTED] Subject: Re: Route-map question (urgent) [7:54910] I think the response for this question is: The access list: access-list 101 permit tcp any eq www any !-you need to detect your incoming www traffic. !-You can use also your network address for the first "any". !-route map statement route-map http_access permit 10 match ip address 101 set ip next-hop 10.10.10.141 The policy map statement need to be place on the interface that is facing your network not to the interface near by the host 10.10.10.141. Regards, Stefan PS. I think we need to help each other not to give life lessons. It is a Cisco study list not the church. [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55065&t=54910 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: protocol monitoring software [7:55110]
Sam, OVER HERE! LOOK HERE! PICK ME! :) Seriously though, take a look at NetFlow. Nice flow based accounting exported at flow conclusion by the router to a 'collector'. It records, on a per-flow basis, src AS, src IP, src port, dst AS, dst IP, dst port, pkts in flow, B in flow, start time, stop time, etc, etc, etc. I'm sure you get the idea; this is pretty powerful stuff! You can have your collector aggregate all the flow exports over a given time period, or you can have your router do it before it sends the info to the collector. Cisco sells their own commercial products to collect and analyze and they also partner with 3rd party commercial vendors to provide you with collectors and analyzers. The best stuff though, IMHO, are the tools from the open source community. Cisco acknowledges these tools and even lists where you can get them on their website, however, they are obviously not supported. Start here: http://www.cisco.com/go/netflow http://net.doit.wisc.edu/~plonka/FlowScan/ http://www.splintered.net/sw/flow-tools/ http://www.columbia.edu/acis/networks/advanced/CUFlow/ There are good examples of implementations here: http://wwwstats.net.wisc.edu/ http://www.canet3.net/stats/map.html And of course, although they have no relation to NetFlow, no disscussion of network monitoring tools is complete without Tobi's Tools: http://www.smokeping.org http://www.mrtg.org http://www.rrdtool.org HTH, Greg Reaume ""Cliff Stewart"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Sam, Have you taken a look at NBAR? Take a look at the Cisco IOS Quality of Service Solutions Configuration Guide it should work for you. -Cliff -Original Message- From: "sam sneed" To: [EMAIL PROTECTED] Date: Tue Oct 08 10:19:08 PDT 2002 Subject: protocol monitoring software [7:55110] >Hello, > > I am looking for software that will monitor what kind of traffic is going >through my network and report it.I am only concerned with what is going >through my firewall so I will place the monitoring station on a hub with the >firewall or use SPAN port. Here are requirements: > >Doesn't use netflow to collect data, want to use libpcap to capture data. >Want breakdown of what type of traffice by bytes and %'s ie. HTTP, FTP, SMTP >etc. >Do not want to use NTOP, too much of a pain in the ass to get it to work >longer than 20 minutes without a seg fault. >Would like the output in graphical form preferbably embeded in a web page. > >If anyone has come across this please let me know. I'm contemplating writing >my own software but would rather not. > >Thanks. ___ GO.com Mail Get Your Free, Private E-mail at http://mail.go.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55147&t=55110 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: protocol monitoring software [7:55110]
Mark, No, unfortunately NetFlow isn't supported on the PIX, like many other things. Really though, you don't want to run it there. Because NetFlow exports the level of detail that it does, you can gather all your stats for your entire network just by running it on all your edge routers. All you need to make sure of is that a flow originates behind a NetFlow enabled router, and that it is destined for a prefix that either resides on a subnet of another NetFlow enabled router in your AS, or a prefix which is beyond your AS (in which case you catch that too because you're running NetFlow at your ASBR(s)). You don't want to run this in your core or anywhere else there are not hosts. If you want to single out a /32 (or a particular port on a host or group of hosts) and view the activity as perceived by NetFlow, you can use the 'flow-tools'. The flow-tools is a package I listed a link to below and it includes a number of handy little tools. 'flow-filter' will allow you to filter on any attribute in the flow record and output the info to stdio. HTH, Greg Reaume ""Mark W. Odette II"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Is there something similar to this NetFlow for the PIX?? I could use a tool that monitors each flow of traffic, perhaps even with the ability to specify a specific host to monitor its flows across the IPSec tunnel of two PIXen. Any suggestions appreciated. Mark -Original Message- From: Greg Reaume [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 08, 2002 11:50 PM To: [EMAIL PROTECTED] Subject: Re: protocol monitoring software [7:55110] Sam, OVER HERE! LOOK HERE! PICK ME! :) Seriously though, take a look at NetFlow. Nice flow based accounting exported at flow conclusion by the router to a 'collector'. It records, on a per-flow basis, src AS, src IP, src port, dst AS, dst IP, dst port, pkts in flow, B in flow, start time, stop time, etc, etc, etc. I'm sure you get the idea; this is pretty powerful stuff! You can have your collector aggregate all the flow exports over a given time period, or you can have your router do it before it sends the info to the collector. Cisco sells their own commercial products to collect and analyze and they also partner with 3rd party commercial vendors to provide you with collectors and analyzers. The best stuff though, IMHO, are the tools from the open source community. Cisco acknowledges these tools and even lists where you can get them on their website, however, they are obviously not supported. Start here: http://www.cisco.com/go/netflow http://net.doit.wisc.edu/~plonka/FlowScan/ http://www.splintered.net/sw/flow-tools/ http://www.columbia.edu/acis/networks/advanced/CUFlow/ There are good examples of implementations here: http://wwwstats.net.wisc.edu/ http://www.canet3.net/stats/map.html And of course, although they have no relation to NetFlow, no disscussion of network monitoring tools is complete without Tobi's Tools: http://www.smokeping.org http://www.mrtg.org http://www.rrdtool.org HTH, Greg Reaume ""Cliff Stewart"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Sam, Have you taken a look at NBAR? Take a look at the Cisco IOS Quality of Service Solutions Configuration Guide it should work for you. -Cliff -Original Message- From: "sam sneed" To: [EMAIL PROTECTED] Date: Tue Oct 08 10:19:08 PDT 2002 Subject: protocol monitoring software [7:55110] >Hello, > > I am looking for software that will monitor what kind of traffic is going >through my network and report it.I am only concerned with what is going >through my firewall so I will place the monitoring station on a hub with the >firewall or use SPAN port. Here are requirements: > >Doesn't use netflow to collect data, want to use libpcap to capture data. >Want breakdown of what type of traffice by bytes and %'s ie. HTTP, FTP, SMTP >etc. >Do not want to use NTOP, too much of a pain in the ass to get it to work >longer than 20 minutes without a seg fault. >Would like the output in graphical form preferbably embeded in a web page. > >If anyone has come across this please let me know. I'm contemplating writing >my own software but would rather not. > >Thanks. ___ GO.com Mail Get Your Free, Private E-mail at http://mail.go.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55152&t=55110 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: protocol monitoring software [7:55110]
Here's the 'man' page on flow-tools. It gives a good overview of NetFlow, the different versions and their assoc export fields, and what 'goodies' flow-tools includes. http://www.splintered.net/sw/flow-tools/docs/flow-tools.html Read this. Greg Reaume ""Greg Reaume"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Mark, No, unfortunately NetFlow isn't supported on the PIX, like many other things. Really though, you don't want to run it there. Because NetFlow exports the level of detail that it does, you can gather all your stats for your entire network just by running it on all your edge routers. All you need to make sure of is that a flow originates behind a NetFlow enabled router, and that it is destined for a prefix that either resides on a subnet of another NetFlow enabled router in your AS, or a prefix which is beyond your AS (in which case you catch that too because you're running NetFlow at your ASBR(s)). You don't want to run this in your core or anywhere else there are not hosts. If you want to single out a /32 (or a particular port on a host or group of hosts) and view the activity as perceived by NetFlow, you can use the 'flow-tools'. The flow-tools is a package I listed a link to below and it includes a number of handy little tools. 'flow-filter' will allow you to filter on any attribute in the flow record and output the info to stdio. HTH, Greg Reaume ""Mark W. Odette II"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Is there something similar to this NetFlow for the PIX?? I could use a tool that monitors each flow of traffic, perhaps even with the ability to specify a specific host to monitor its flows across the IPSec tunnel of two PIXen. Any suggestions appreciated. Mark -Original Message- From: Greg Reaume [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 08, 2002 11:50 PM To: [EMAIL PROTECTED] Subject: Re: protocol monitoring software [7:55110] Sam, OVER HERE! LOOK HERE! PICK ME! :) Seriously though, take a look at NetFlow. Nice flow based accounting exported at flow conclusion by the router to a 'collector'. It records, on a per-flow basis, src AS, src IP, src port, dst AS, dst IP, dst port, pkts in flow, B in flow, start time, stop time, etc, etc, etc. I'm sure you get the idea; this is pretty powerful stuff! You can have your collector aggregate all the flow exports over a given time period, or you can have your router do it before it sends the info to the collector. Cisco sells their own commercial products to collect and analyze and they also partner with 3rd party commercial vendors to provide you with collectors and analyzers. The best stuff though, IMHO, are the tools from the open source community. Cisco acknowledges these tools and even lists where you can get them on their website, however, they are obviously not supported. Start here: http://www.cisco.com/go/netflow http://net.doit.wisc.edu/~plonka/FlowScan/ http://www.splintered.net/sw/flow-tools/ http://www.columbia.edu/acis/networks/advanced/CUFlow/ There are good examples of implementations here: http://wwwstats.net.wisc.edu/ http://www.canet3.net/stats/map.html And of course, although they have no relation to NetFlow, no disscussion of network monitoring tools is complete without Tobi's Tools: http://www.smokeping.org http://www.mrtg.org http://www.rrdtool.org HTH, Greg Reaume ""Cliff Stewart"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Sam, Have you taken a look at NBAR? Take a look at the Cisco IOS Quality of Service Solutions Configuration Guide it should work for you. -Cliff -Original Message- From: "sam sneed" To: [EMAIL PROTECTED] Date: Tue Oct 08 10:19:08 PDT 2002 Subject: protocol monitoring software [7:55110] >Hello, > > I am looking for software that will monitor what kind of traffic is going >through my network and report it.I am only concerned with what is going >through my firewall so I will place the monitoring station on a hub with the >firewall or use SPAN port. Here are requirements: > >Doesn't use netflow to collect data, want to use libpcap to capture data. >Want breakdown of what type of traffice by bytes and %'s ie. HTTP, FTP, SMTP >etc. >Do not want to use NTOP, too much of a pain in the ass to get it to work >longer than 20 minutes without a seg fault. >Would like the output in graphical form preferbably embeded in a web page. > >If anyone has come across this please let me know. I'm contemplating writing >my own software but would rather not. > >Thanks. ___ GO.com Mail Get Your Free, Private E-mail at http://mail.go.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55153&t=55110 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: protocol monitoring software [7:55110]
I sent this and then it showed up in my newsreader as removed from server. ? My apologies if I double post. Greg "Greg Reaume" wrote in message news:... Here's the 'man' page on flow-tools. It gives a good overview of NetFlow, the different versions and their assoc export fields, and what 'goodies' flow-tools includes. http://www.splintered.net/sw/flow-tools/docs/flow-tools.html Read this. Greg Reaume ""Greg Reaume"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Mark, No, unfortunately NetFlow isn't supported on the PIX, like many other things. Really though, you don't want to run it there. Because NetFlow exports the level of detail that it does, you can gather all your stats for your entire network just by running it on all your edge routers. All you need to make sure of is that a flow originates behind a NetFlow enabled router, and that it is destined for a prefix that either resides on a subnet of another NetFlow enabled router in your AS, or a prefix which is beyond your AS (in which case you catch that too because you're running NetFlow at your ASBR(s)). You don't want to run this in your core or anywhere else there are not hosts. If you want to single out a /32 (or a particular port on a host or group of hosts) and view the activity as perceived by NetFlow, you can use the 'flow-tools'. The flow-tools is a package I listed a link to below and it includes a number of handy little tools. 'flow-filter' will allow you to filter on any attribute in the flow record and output the info to stdio. HTH, Greg Reaume ""Mark W. Odette II"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Is there something similar to this NetFlow for the PIX?? I could use a tool that monitors each flow of traffic, perhaps even with the ability to specify a specific host to monitor its flows across the IPSec tunnel of two PIXen. Any suggestions appreciated. Mark -Original Message- From: Greg Reaume [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 08, 2002 11:50 PM To: [EMAIL PROTECTED] Subject: Re: protocol monitoring software [7:55110] Sam, OVER HERE! LOOK HERE! PICK ME! :) Seriously though, take a look at NetFlow. Nice flow based accounting exported at flow conclusion by the router to a 'collector'. It records, on a per-flow basis, src AS, src IP, src port, dst AS, dst IP, dst port, pkts in flow, B in flow, start time, stop time, etc, etc, etc. I'm sure you get the idea; this is pretty powerful stuff! You can have your collector aggregate all the flow exports over a given time period, or you can have your router do it before it sends the info to the collector. Cisco sells their own commercial products to collect and analyze and they also partner with 3rd party commercial vendors to provide you with collectors and analyzers. The best stuff though, IMHO, are the tools from the open source community. Cisco acknowledges these tools and even lists where you can get them on their website, however, they are obviously not supported. Start here: http://www.cisco.com/go/netflow http://net.doit.wisc.edu/~plonka/FlowScan/ http://www.splintered.net/sw/flow-tools/ http://www.columbia.edu/acis/networks/advanced/CUFlow/ There are good examples of implementations here: http://wwwstats.net.wisc.edu/ http://www.canet3.net/stats/map.html And of course, although they have no relation to NetFlow, no disscussion of network monitoring tools is complete without Tobi's Tools: http://www.smokeping.org http://www.mrtg.org http://www.rrdtool.org HTH, Greg Reaume ""Cliff Stewart"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Sam, Have you taken a look at NBAR? Take a look at the Cisco IOS Quality of Service Solutions Configuration Guide it should work for you. -Cliff -Original Message- From: "sam sneed" To: [EMAIL PROTECTED] Date: Tue Oct 08 10:19:08 PDT 2002 Subject: protocol monitoring software [7:55110] >Hello, > > I am looking for software that will monitor what kind of traffic is going >through my network and report it.I am only concerned with what is going >through my firewall so I will place the monitoring station on a hub with the >firewall or use SPAN port. Here are requirements: > >Doesn't use netflow to collect data, want to use libpcap to capture data. >Want breakdown of what type of traffice by bytes and %'s ie. HTTP, FTP, SMTP >etc. >Do not want to use NTOP, too much of a pain in the ass to get it to work >longer than 20 minutes without a seg fault. >Would like the output in graphical form preferbably embeded in a web page. > >If anyone has come across this please let me know. I'm contemplating writing >my own software but would rather not. > >Thanks. __
Re: protocol monitoring software [7:55110]
Sam, Since NetFlow is an L3 technology, it won't be supported on the 3500XL. You don't need it here anyway. You enable NetFlow at any L3 device which a workstation may use as its gateway to the rest of the network/Internet, and at your ASBR(s). As for the 2948G-L3, I'm not sure if its supported under CatOS; I coudn't tell you for sure one way or another without looking into it further. I do know that in IOS, NetFlow requires that you have an IP+ feature-set. Greg Reaume ""sam sneed"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... So everyone seems to recommend Netflow. I don't know much about it but I'll only ask these basic questions and research the rest: My switches are 3548XL and 2948g-L3 switches. Is netflow supported on these by default or do I have to buy some feature package? Could I just enable it on these models? 2948>sh ver Cisco Internetwork Operating System Software IOS (tm) L3 Switch/Router Software (CAT2948G-IN-M), Version 12.0(7)WX5(15a) RELEASE SOFTWARE Cisco3500-3>sh ver Cisco Internetwork Operating System Software IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)XU, RELEASE SOFTWARE (fc1) thanks a bunch. ""Greg Reaume"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Sam, > > OVER HERE! LOOK HERE! PICK ME! > > :) Seriously though, take a look at NetFlow. Nice flow based accounting > exported at flow conclusion by the router to a 'collector'. It records, on > a per-flow basis, src AS, src IP, src port, dst AS, dst IP, dst port, pkts > in flow, B in flow, start time, stop time, etc, etc, etc. I'm sure you get > the idea; this is pretty powerful stuff! > > You can have your collector aggregate all the flow exports over a given time > period, or you can have your router do it before it sends the info to the > collector. Cisco sells their own commercial products to collect and analyze > and they also partner with 3rd party commercial vendors to provide you with > collectors and analyzers. The best stuff though, IMHO, are the tools from > the open source community. Cisco acknowledges these tools and even lists > where you can get them on their website, however, they are obviously not > supported. > > Start here: > > http://www.cisco.com/go/netflow > > http://net.doit.wisc.edu/~plonka/FlowScan/ > > http://www.splintered.net/sw/flow-tools/ > > http://www.columbia.edu/acis/networks/advanced/CUFlow/ > > > There are good examples of implementations here: > > http://wwwstats.net.wisc.edu/ > > http://www.canet3.net/stats/map.html > > > And of course, although they have no relation to NetFlow, no disscussion of > network monitoring tools is complete without Tobi's Tools: > > http://www.smokeping.org > > http://www.mrtg.org > > http://www.rrdtool.org > > > HTH, > > Greg Reaume > > > ""Cliff Stewart"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Sam, > > Have you taken a look at NBAR? Take a look at the > Cisco IOS Quality of Service Solutions Configuration Guide > it should work for you. > > -Cliff > > -Original Message- > From: "sam sneed" > To: [EMAIL PROTECTED] > Date: Tue Oct 08 10:19:08 PDT 2002 > Subject: protocol monitoring software [7:55110] > > >Hello, > > > > I am looking for software that will monitor what kind of traffic is going > >through my network and report it.I am only concerned with what is going > >through my firewall so I will place the monitoring station on a hub with > the > >firewall or use SPAN port. Here are requirements: > > > >Doesn't use netflow to collect data, want to use libpcap to capture data. > >Want breakdown of what type of traffice by bytes and %'s ie. HTTP, FTP, > SMTP > >etc. > >Do not want to use NTOP, too much of a pain in the ass to get it to work > >longer than 20 minutes without a seg fault. > >Would like the output in graphical form preferbably embeded in a web page. > > > >If anyone has come across this please let me know. I'm contemplating > writing > >my own software but would rather not. > > > >Thanks. > ___ > GO.com Mail > Get Your Free, Private E-mail at http://mail.go.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55208&t=55110 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]