from:"Hamid"

RE: URGENT: Modem Authentication Failure [7:61292]

2003-01-19 Thread Hamid Ali Asgari

Yes, I know. But the problem is that on just one platform I have this
problem.(On the 3660s). I have tried replacing the modules (NM-16AMs).
Very strange. Any comments?

Hamid



 Wll Hamid ,
 The Local means you must be able to use the Local Username xxx and
 PAssword yxyxyxyxy on the local router config. as a last resource
 which is the case now

 So u shd be able to log in to the router itself, if AAA/ACS is not
 available.

 IS this happening on all the routers/Switches or only this router ???/
 Thanks
 Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61329t=61292
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: URGENT: Modem Authentication Failure [7:61292]

2003-01-18 Thread Hamid Ali Asgari

The tacacs config has not been changed. Neither on the router, nor the
server.
Besides on the router, I don't get the Call Handle error.

Any comments?

Hamid




 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 I do not have lots of debug experience in that area, but maybe can help
 a little.

 The message

 Call Handle failed for Modem 5/2
 Does not seem to worry, see

 Configuring Dialin with the NM-8AM or NM-16AM Analog Modem Module
 Sample Debugs Output
 http://www.cisco.com/warp/public/471/nm-xam_dialin.html#9
 Where it is standard debug output for a succeeded call.

 The message
 Received authen response status FAIL (3)

 Does worry me. Triple check that nothing changed in the radius/tacacs
 config.

 Common Problems in Debugging TACACS+, PAP and CHAP
 http://www.cisco.com/warp/public/480/tacacs_pppdebug.html

 Martijn

 - -Oorspronkelijk bericht-
 Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Hamid
 Ali Asgari Verzonden: zaterdag 18 januari 2003 8:34
 Aan: [EMAIL PROTECTED]
 Onderwerp: URGENT: Modem Authentication Failure [7:61292]


 Hi everybody,

 Today I have encountered a strabge problem. I have a 3660 router with
 NM-16AM modules. Nothing has been changed. Suddenly we got complains
 from users tht they cannot connect. I have checked the AAA server. But
 there is nothing wrong. Here is my debug log: -
 ---
 Call Handle failed for Modem 5/2
 %LINK-3-UPDOWN: Interface Async163, changed state to up
 TPLUS: Queuing AAA Authentication request 634 for processing
 TPLUS: processing authentication start request id 634
 TPLUS: Authentication start packet created for 634(testuser)
 TPLUS: Using server XY.XY.XY.250
 TPLUS(027A): connected to server XY.XY.XY.250
 TPLUS: response received for AAA request 634
 TPLUS: Received authen response status FAIL (3)
 %LINK-5-CHANGED: Interface Async163, changed state to reset
 %LINK-3-UPDOWN: Interface Async163, changed state to down

 Call Handle failed for Modem 5/2
 %LINK-3-UPDOWN: Interface Async163, changed state to up
 TPLUS: Queuing AAA Authentication request 637 for processing
 TPLUS: processing authentication start request id 637
 TPLUS: Authentication start packet created for 637(testuser)
 TPLUS: Using server XY.XY.XY.250
 TPLUS(027D): connected to server XY.XY.XY.250
 TPLUS: response received for AAA request 637
 TPLUS: Received authen response status FAIL (3)
 %LINK-5-CHANGED: Interface Async163, changed state to reset

 - ---
 Any comments?

 I couldn't find what the FAIL(13) error code means. And also I don't
 know what causes Call Handle failed for Modem 5/2. I get this for a
 lot of my modems on my console.Thanks in advance, Hamid
 Nondisclosure violations to [EMAIL PROTECTED]

 -BEGIN PGP SIGNATURE-
 Version: PGP 8.0

 iQA/AwUBPikla3dq56XWk+VyEQKphACfa6B8lpmTQ3Yt6D18Vb8Kxk6aEdUAoNbu
 ITDsRaSUCQlsXdkQFM5zARCH
 =EO/E
 -END PGP SIGNATURE-




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61296t=61292
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: URGENT: Modem Authentication Failure [7:61292]

2003-01-18 Thread Hamid Ali Asgari

Yes, I have guessed that. I created a local account on the router, and
still I had the same problem. (Ihave configured aaa for local
authentication).
Do you know what error code 13 means? ( FAIL (13) )



 HI Hamid,

 This seems to be a password or Username Authentication Failure)
 you can try to delete and re-enter the username and password for that
 group on the ACS/AAA server.

 Also is there a Firewall before accessing/Authenticating to the ACS
 server?

 This is not passing the User Authentication proccess per yr debug. Let
 us know yr findings
 Thanks
 Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61308t=61292
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

URGENT: Modem Authentication Failure [7:61292]

2003-01-17 Thread Hamid Ali Asgari

Hi everybody,

Today I have encountered a strabge problem. I have a 3660 router with
NM-16AM modules. Nothing has been changed. Suddenly we got complains from
users tht they cannot connect. I have checked the AAA server. But there is
nothing wrong. Here is my debug log:
---
Call Handle failed for Modem 5/2
%LINK-3-UPDOWN: Interface Async163, changed state to up
TPLUS: Queuing AAA Authentication request 634 for processing
TPLUS: processing authentication start request id 634
TPLUS: Authentication start packet created for 634(testuser)
TPLUS: Using server XY.XY.XY.250
TPLUS(027A): connected to server XY.XY.XY.250
TPLUS: response received for AAA request 634
TPLUS: Received authen response status FAIL (3)
%LINK-5-CHANGED: Interface Async163, changed state to reset
%LINK-3-UPDOWN: Interface Async163, changed state to down

Call Handle failed for Modem 5/2
%LINK-3-UPDOWN: Interface Async163, changed state to up
TPLUS: Queuing AAA Authentication request 637 for processing
TPLUS: processing authentication start request id 637
TPLUS: Authentication start packet created for 637(testuser)
TPLUS: Using server XY.XY.XY.250
TPLUS(027D): connected to server XY.XY.XY.250
TPLUS: response received for AAA request 637
TPLUS: Received authen response status FAIL (3)
%LINK-5-CHANGED: Interface Async163, changed state to reset

---
Any comments?

I couldn't find what the FAIL(13) error code means. And also I don't know
what causes Call Handle failed for Modem 5/2. I get this for a lot of my
modems on my console.Thanks in advance,
Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61292t=61292
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: rate-limit [7:57604]

2002-11-18 Thread Hamid Ali Asgari

As mentioned in the RAte-limit White Paper on CCO,
Set the normal burst size to 1.5/8 the trafiic rate. ( devide by 8 for bit
to byte conversion, multiply by 1.5 as  the white paper says). It almost
works fine this way.

HTH,
Hamid
Ismail M Saeed  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Dear All,
 I am a little bit confused about the calculation criteria used in
rate-limit
 command and the traffic metering function (Bc  Be)
 I need help




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=57636t=57604
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Online users on 3600!! [7:57554]

2002-11-17 Thread Hamid Ali Asgari

www.cisco.com/go/mib

HTH,
Hamid


Mahmood  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 How can I find how many users are online on the 3600 router with snmp.What
 OID
 I should use?

 Mahmood




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=57575t=57554
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VoIP+QoS+xDSL+H.323Gatekeeper [7:57121]

2002-11-08 Thread Hamid Ali Asgari

Related to the topic, but maybe not to your question.

 How do you manage the call accounting from the gatekeeper? As far as I
 know the gatekeeper calculates the AcctSessionTime from the time beetwenn
 the LCF (Location Confirm) and the Call Disengage Request. Well this
 results that the call duration logged from the gatekeeper would be longer
 that the call duration logged from the gateways.(it will include the call
 setup time as well).
I have faced this problem once but didn't find the solution.

Thanks,
Hamid


 That is correct--I hear silence when the data pvc is saturated.
 However, further tests performed just recently indicate that the amount
 of data saturating the link corresponds to the amount of lost voice
 packets.

 That is why I thought this was a QoS issue.  It almost appears that
 some of the call control packets are going down the data pvc instead of
 the voice pvc.  But I don't want to comit to such a statement for fear
 of biasing other opinions in the newsgroup, as others may have the
 real cause to the problem already figured out.

 I did explore an access-list config to match on port 1720 and there
 were some hits, but again are there other voice payload and/or voice
 signaling packets traversing the data pvc?  I don't know.

 --Mark
 Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=57142t=57121
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: Book Recommendation/Relevance? [7:57131]

2002-11-08 Thread Hamid Ali Asgari

Take a look at the following book. Haven't read it myself, but I have
heard that's its a great book:
Internetworking with TCP/IP: Principles, Protocols, and Architecture (4th
Edition)by Douglas Comer

Hope this helps,
Hamid

***
 Group,

 I was contemplating my Christmas list recently.  I see that Stevens'
 TCP Illustrated series is available in box set.  Anyone who's read
 from this series care to comment on the relevance of the material?
 Obviously, TCP and IP haven't changed all that much since '94, but I
 was wondering how much coverage was given to recent extensions.  I
 wonder that because the editorial review on bookpool makes reference to
 several extensions such as window scaling and so forth and also to
 specific releases of varios OSes.

 I'm also open to alternative recommendations.  Read anything good
 lately?

 Thanks all,

 Scott
 Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=57143t=57131
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Multilink [7:55957]

2002-10-21 Thread Hamid Ali Asgari

I think you have forgotten to configure the vurtual-template interface and
bind it to multilink. Here is a sample:

multi-link virtual-template 1
!
Interface virtual-template 1
ip address 1.2.4.3
peer default address pool pppML
encapsulatiopn ppp

!

Hamed Sedighi  wrote in message
news:200210200421.EAA09928;groupstudy.com...
 Hi,

 As I wanted to enable Multilink, I added PPP Multilink command at the
end
 of a Group-Async in my Router config.
 But it does not active in my Router. How can I enable Multilink?
 Please send me a sample of a Router config that is ready to use
Multilink.

 Regards,
 Hamed Sedighi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=56037t=55957
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: what program can decrypte secret password? [7:55680]

2002-10-16 Thread Hamid Ali Asgari


If you mean the enable secret, no there isn't any program and you can't
decrypt it.
Hamid

 Hi..  My network tool (solarwind) can only decrypte the 7 series cisco
 password but it can't decrypte the secret password? Do you know any
 program  can decrypte it?

 Besides,  do u know we can only issue telnet command on PIX
 configuration  mode not exec mode?







 _
 Internet access plans that fit your lifestyle -- join MSN.
 http://resourcecenter.msn.com/access/plans/default.asp
 Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=55693t=55680
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: FW: URGENT: WRONG IOS-Problem booting a 3662 [7:55504]

2002-10-15 Thread Hamid Ali Asgari


I have tried 3 different IOSs. And I also have put out all the modules.
Currently there are no modules on the router. But still doesn't work.
Hamid

 The image is working on other 3662 routers, but do are they the EXACT
 same configuration.

 Do they all have exactly the same network modules and WIC cards in
 them?

 Are all of the module and cards the same code revision?

 I would try a different version of the IOS.

 -Original Message-
 From: Hamid Ali Asgari [mailto:[EMAIL PROTECTED]]
 Sent: Sunday, October 13, 2002 11:21 PM
 To: [EMAIL PROTECTED]
 Subject: Re: FW: URGENT: WRONG IOS-Problem booting a 3662 [7:55504]


 As I told ALL the images I used, are currently working on other 3662
 routers

 Hamid



 3660 uses different ios then the rest of 3600 family.  Seem like you
 have ios for the wrong platform

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf
 Of
 Hamid Ali Asgari
 Sent: Sunday, October 13, 2002 5:04 PM
 To: [EMAIL PROTECTED]
 Subject: URGENT: WRONG IOS-Problem booting a 3662 [7:55504]

 Hi group,

 I have a Cisco 3662 router with 128 of RAM and 16 Mb of flash memory.
 The
 problem is that I cannot make the router boot !!!. Each time I boot
 the
 router I get the folowing error.
 I don't know why this error is displayed. I have tried replacing the
 IOS several times. I have repleaced the flash memory but still it
 doesn't work.
 Does it have anything to do with Smart Init? I don't know what it is
 and how it can be disabled
 Any input would be welcome,

 Thanks,
 Hamid

 PS: The IOS that I have tested are currently running on other 3662s.

 *

 System Bootstrap, Version 12.0(6r)T, RELEASE SOFTWARE (fc1)
 Copyright (c) 1999 by cisco Systems, Inc.
 C3660 processor with 131072 Kbytes of main memory
 Main memory is configured to 64 bit mode with parity disabled

 program load complete, entry point: 0x80008000, size: 0xc26c18
 Self decompressing the image :

 

 

 

 

 

 

 

 

 

 

 

 

 
 ###!

 

 ###
 [OK]
 Smart Init is enabled
 smart init is sizing iomem
  IDMEMORY_REQ TYPE
 B3  0X0009FC00 Dual Port Fast Ethernet
 6F  0X00012580 Sixteen port A/D Modem
 6F  0X00012580 Sixteen port A/D Modem
0X0028 OIR memory
0X0010A6F8 public buffer pools
0X00211000 public particle pools
 TOTAL:  0X0065FDF8

 If any of the above Memory Requirements are
 UNKNOWN, you may be using an unsupported
 configuration or there is a software problem and
 system operation may be compromised.
 Rounded IOMEM up to: 7Mb.
 Using 5 percent iomem. [7Mb/128Mb]


 Wrong system software for this hardware
 System Bootstrap, Version 12.0(6r)T, RELEASE SOFTWARE (fc1)
 Copyright (c) 1999 by cisco Systems, Inc.
 C3660 processor with 131072 Kbytes of main memory
 Main memory is configured to 64 bit mode with parity disabled

 PCMCIA Slot0: No Card Present

 System Bootstrap, Version 12.0(6r)T, RELEASE SOFTWARE (fc1)
 Copyright (c) 1999 by cisco Systems, Inc.
 C3660 processor with 131072 Kbytes of main memory
 Main memory is configured to 64 bit mode with parity disabled

 PCMCIA Slot1: No Card Present

 System Bootstrap, Version 12.0(6r)T, RELEASE SOFTWARE (fc1)
 Copyright (c) 1999 by cisco Systems, Inc.
 C3660 processor with 131072 Kbytes of main memory
 Main memory is configured to 64 bit mode with parity disabled
 Nondisclosure violations to [EMAIL PROTECTED]
 Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=55626t=55504
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

URGENT: WRONG IOS-Problem booting a 3662 [7:55504]

2002-10-13 Thread Hamid Ali Asgari


Hi group,

I have a Cisco 3662 router with 128 of RAM and 16 Mb of flash memory. The
problem is that I cannot make the router boot !!!. Each time I boot the
router I get the folowing error.
I don't know why this error is displayed. I have tried replacing the IOS
several times. I have repleaced the flash memory but still it doesn't
work.
Does it have anything to do with Smart Init? I don't know what it is and
how it can be disabled
Any input would be welcome,

Thanks,
Hamid

PS: The IOS that I have tested are currently running on other 3662s.

*

System Bootstrap, Version 12.0(6r)T, RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
C3660 processor with 131072 Kbytes of main memory
Main memory is configured to 64 bit mode with parity disabled

program load complete, entry point: 0x80008000, size: 0xc26c18
Self decompressing the image :
###!
###
[OK]
Smart Init is enabled
smart init is sizing iomem
  IDMEMORY_REQ TYPE
B3  0X0009FC00 Dual Port Fast Ethernet
6F  0X00012580 Sixteen port A/D Modem
6F  0X00012580 Sixteen port A/D Modem
0X0028 OIR memory
0X0010A6F8 public buffer pools
0X00211000 public particle pools
TOTAL:  0X0065FDF8

If any of the above Memory Requirements are
UNKNOWN, you may be using an unsupported
configuration or there is a software problem and
system operation may be compromised.
Rounded IOMEM up to: 7Mb.
Using 5 percent iomem. [7Mb/128Mb]


Wrong system software for this hardware *

System Bootstrap, Version 12.0(6r)T, RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
C3660 processor with 131072 Kbytes of main memory
Main memory is configured to 64 bit mode with parity disabled

PCMCIA Slot0: No Card Present

System Bootstrap, Version 12.0(6r)T, RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
C3660 processor with 131072 Kbytes of main memory
Main memory is configured to 64 bit mode with parity disabled

PCMCIA Slot1: No Card Present

System Bootstrap, Version 12.0(6r)T, RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
C3660 processor with 131072 Kbytes of main memory
Main memory is configured to 64 bit mode with parity disabled




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=55504t=55504
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: FW: URGENT: WRONG IOS-Problem booting a 3662 [7:55504]

2002-10-13 Thread Hamid Ali Asgari


As I told ALL the images I used, are currently working on other 3662 routers

Hamid



 3660 uses different ios then the rest of 3600 family.  Seem like you
 have ios for the wrong platform

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
 Hamid Ali Asgari
 Sent: Sunday, October 13, 2002 5:04 PM
 To: [EMAIL PROTECTED]
 Subject: URGENT: WRONG IOS-Problem booting a 3662 [7:55504]

 Hi group,

 I have a Cisco 3662 router with 128 of RAM and 16 Mb of flash memory.
 The
 problem is that I cannot make the router boot !!!. Each time I boot the
 router I get the folowing error.
 I don't know why this error is displayed. I have tried replacing the
 IOS several times. I have repleaced the flash memory but still it
 doesn't work.
 Does it have anything to do with Smart Init? I don't know what it is
 and how it can be disabled
 Any input would be welcome,

 Thanks,
 Hamid

 PS: The IOS that I have tested are currently running on other 3662s.

 *

 System Bootstrap, Version 12.0(6r)T, RELEASE SOFTWARE (fc1)
 Copyright (c) 1999 by cisco Systems, Inc.
 C3660 processor with 131072 Kbytes of main memory
 Main memory is configured to 64 bit mode with parity disabled

 program load complete, entry point: 0x80008000, size: 0xc26c18
 Self decompressing the image :
 
 
 
 
 
 
 
 
 
 
 
 
 
 ###!
 
 ###
 [OK]
 Smart Init is enabled
 smart init is sizing iomem
  IDMEMORY_REQ TYPE
 B3  0X0009FC00 Dual Port Fast Ethernet
 6F  0X00012580 Sixteen port A/D Modem
 6F  0X00012580 Sixteen port A/D Modem
0X0028 OIR memory
0X0010A6F8 public buffer pools
0X00211000 public particle pools
 TOTAL:  0X0065FDF8

 If any of the above Memory Requirements are
 UNKNOWN, you may be using an unsupported
 configuration or there is a software problem and
 system operation may be compromised.
 Rounded IOMEM up to: 7Mb.
 Using 5 percent iomem. [7Mb/128Mb]


 Wrong system software for this hardware
 System Bootstrap, Version 12.0(6r)T, RELEASE SOFTWARE (fc1)
 Copyright (c) 1999 by cisco Systems, Inc.
 C3660 processor with 131072 Kbytes of main memory
 Main memory is configured to 64 bit mode with parity disabled

 PCMCIA Slot0: No Card Present

 System Bootstrap, Version 12.0(6r)T, RELEASE SOFTWARE (fc1)
 Copyright (c) 1999 by cisco Systems, Inc.
 C3660 processor with 131072 Kbytes of main memory
 Main memory is configured to 64 bit mode with parity disabled

 PCMCIA Slot1: No Card Present

 System Bootstrap, Version 12.0(6r)T, RELEASE SOFTWARE (fc1)
 Copyright (c) 1999 by cisco Systems, Inc.
 C3660 processor with 131072 Kbytes of main memory
 Main memory is configured to 64 bit mode with parity disabled
 Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=55517t=55504
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Sniffing Async/Serial Ports on the Router [7:54919]

2002-10-04 Thread Hamid Ali Asgari


Hi group,

I am looking for a solution to monitor/sniff the traffic on Serial/Async
ports.
Any suggestions would be appreciated,

Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54919t=54919
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Caslow Book [7:53654]

2002-09-20 Thread Hamid Ali Asgari


No third edition and still not published.

But there will be a book Called: Bridges, Routers and Switches Illustrated
by Caslow on 2003 (not sure about the date).




Ben W  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Does anybody know if Caslow's book Cisco Certification: Bridges, Routers
and
 Switches for CCIE's is going to be updated for new CCIE topics in a 3rd
 edition?  And if so when it will come out?  Is the 2nd edition good
enough?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53728t=53654
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: priviledge levels [7:53723]

2002-09-20 Thread Hamid Ali Asgari


viewing the Running-Config requires level 15 privilege which allows the user
to change the config.

But try the Startup-Config. You can assign it to any privilege level. If
they are not going to change the config, most of times the startup-config
and the running are the same.

HTH

Hamid
Adam Hickey  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 All,

 I want to configure a special priviledge level for our NOC in all our
cisco
 devices to basically have all commands except config. Looking at cco, if
you
 allow sh run at any priv level other than , the user will only be able to
see
 the commands they can configure which defeats the purpose. Anyone know a
way
 around this - so the NOC can have say a level 14 access and be able to see
 the
 entire running-config without being able to configure anything?

 thx
 Adam




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53729t=53723
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: bandwith restriction [7:53066]

2002-09-12 Thread Hamid Ali Asgari


The access-list defines the group of IP addresses, and the rate-limit limit
the bandwidth for all the IPs in that ACL (The aggregate), meaning that if
you have defined 4 IPs in that ACL, one of the IPs could reach the BW limit
if the other don't transmit. I have used rate-limit for such scenarios many
times and it worked fine, the only point was defining the BURST SIZE so that
the client could reach its maximum limit. If the Busrt Size is not defined
well and you create a limit of 1 Mbps, the client might not even reach 900
Kbps.

On my experience, Rate-limit treats the whole ACL and all IPs defined in
that ACL as one entity, I don't get what you mean by the amount of
bandwidth specified in the statement will be given on a case-by-case basis.

HTH

Hamid


sisco  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 buy sitara network box! great graphical bandwidth usage per ip address and
 you can even restrict the application ports like kazaa,ftp


 s vermill  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Hamid Ali Asgari wrote:
  
   Create an access-list  and include all the IP addresses of that
   group in
   that access-list.
  
   Use rate-limit on the interface to limit the BW for that
   access-list
  
 
  Does rate-limiting work like that?  I thought that if the condition is
met
  (i.e. the address is within the range specified in the ACL), the amount
of
  bandwidth specified in the statement will be given on a case-by-case
 basis.
  Or does it truly divide the bandwidth amongst all who are allowed by the
 ACL?
 
  We once tried to simulate the throughput of a DS3 by creating a policy
for
  rate-limiting on a 100 Mbps ethernet.  Unfortunately, the machine
running
  ttcp to generate the dummy traffic couldn't sustain 45 Mbps.  I think
they
  ultimately went with two machines, which resulted in more than 45 Mbps
of
  traffic but less than 90 Mbps.  I seem to recall that the policy ended
up
  allowing *each* machine up to 45 Mbps - but I could be wrong.
  Unfortunately, the engineer responsible for that experiment has left for
  greener pastures.
 
  Anyone refresh my memory?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53192t=53066
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: bandwith restriction [7:53066]

2002-09-11 Thread Hamid Ali Asgari


Create an access-list  and include all the IP addresses of that group in
that access-list.

Use rate-limit on the interface to limit the BW for that access-list

HTH
Hamid
kaushalender  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 hi groupand routers guru's,

 I have 2610 router.We have coustomer to whom we r providing bandwith.I
 have a range of ip address for those cutomers.Now we want that we difne
 a group of ip address and restrict that group to 64 kbps that means any
 ip from that group start to access the bandwith should not get more than
 64kbps if two cutomer are simulteniously browsing than 64 kbps should be
 diveded in 32+32 so on. How can i do that plz help

 Thnx in advance
 Kaushalender




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53075t=53066
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Gatekeeper not completing calls [7:52315]

2002-08-29 Thread Hamid


You have to configure the gateways so that they register the required
dial-peers with the gatekeeper. For example:



Dial-peer voice 101 pots

 destination-pattern 320T

 register   --- This makes the gateway register this dial-peer with the
gatekeeper.

 Port 0/0



When the gateway is registering with the gatekeeper, it will register all
configured dial-peers (with the register command) with the GK.



If you are using tech-prefixes, you can do it through tech-prefixes as well.
Take a look at:

http://www.cisco.com/warp/public/788/voip/gk-call-routing.html



Hope this helps,

Hamid



Tunji Suleiman  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I set up two gateways with session target to each other and made calls
 between them successfully. I introduced gatekeeper and the gateways
 registered successfully to the gatekeeper, but do not complete calls. I
will
 appreciate pointers from voice gurus. Below are my configs and sh gate end
 output. TIA.

 Tunji

 hostname VG1
 !
 !
 interface FastEthernet0
 ip address 217.197.175.25 255.255.255.224
 speed 100
 full-duplex
 h323-gateway voip interface
 h323-gateway voip id LOCAL-GK ipaddr 217.197.175.17 1719
 h323-gateway voip h323-id VG1
 !
 !
 ip classless
 ip route 0.0.0.0 0.0.0.0 217.197.175.1
 !
 !
 voice-port 0/0
 station-id number 3201101
 !
 voice-port 0/1
 station-id number 3201102
 !
 !
 dial-peer voice 10 voip
 destination-pattern 420T
 session target ras
 !
 dial-peer voice 1 pots
 destination-pattern 320T
 port 0/0
 !
 dial-peer voice 2 pots
 destination-pattern 320T
 port 0/1
 !
 gateway
 !


 hostname VG2
 !
 !
 interface Ethernet0/0
 ip address 217.197.175.1 255.255.255.224
 half-duplex
 h323-gateway voip interface
 h323-gateway voip id LOCAL-GK ipaddr 217.197.175.17 1719
 h323-gateway voip h323-id VG2
 !
 !
 ip classless
 ip route 0.0.0.0 0.0.0.0 192.168.1.1
 !
 !
 voice-port 1/0/0
 station-id number 4202101
 !
 voice-port 1/0/1
 station-id number 4202102
 !
 !
 dial-peer voice 1 voip
 destination-pattern 320T
 session target ras
 !
 dial-peer voice 10 pots
 destination-pattern 420T
 port 1/0/0
 !
 dial-peer voice 20 pots
 destination-pattern 420T
 port 1/0/1
 !
 gateway
 !

 hotname LOCAL-GK
 !
 !
 interface Ethernet0/0
 ip address 217.197.175.17 255.255.255.224
 half-duplex
 !
 ip classless
 ip route 0.0.0.0 0.0.0.0 217.197.175.1
 !
 !
 dial-peer cor custom
 !
 !
 !
 !
 gatekeeper
 zone local LOCAL-GK mydomain.com 217.197.175.17
 zone remote REMOTE-GK remotedomain.com 215.215.77.251 1719
 zone prefix REMOTE-GK 009*
 zone prefix LOCAL-GK 320* gw-priority 10 VG1
 zone prefix LOCAL-GK 420* gw-priority 10 VG2
 lrq forward-queries
 no shutdown


 LOCAL-GK#sh gate end
 GATEKEEPER ENDPOINT REGISTRATION
 
 CallSignalAddr  Port  RASSignalAddr   Port  Zone Name   TypeF
 --- - --- - -   --
 217.197.175.1   1720  217.197.175.1   52318 LOCAL-GKVOIP-GW
 H323-ID: VG2
 217.197.175.25  1720  217.197.175.25  57092 LOCAL-GKVOIP-GW
 H323-ID: VG1
 Total number of active registrations = 2


 _
 Join the worlds largest e-mail service with MSN Hotmail.
 http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=52318t=52315
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Call Manager Windows2000 Advanced Server [7:51659]

2002-08-19 Thread Hamid


Hi,

Reading the Installation notes of Call Manager, I found that it mentiones
only Cisco Media Convergence Server (MCS), customer-provided Compaq DL320 or
DL380, or IBM xSeries server. Is it reaaly limited to these 3 platforms 

And by the way, could you Install Call Manager on a Windows 2000 Advanced
Server or does it force you to use a special Edition?


Thanks in advance,

Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51659t=51659
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Mac Layer access list [7:48324]

2002-07-08 Thread Hamid


I have tried this before, but no results.

Tha MAC access lists can be used in two cases:
-When you are bridging
- When using CAR

HTH,
Hamid

Dennis Laganiere  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I looked through the CCO, the groupstudy archive and my stack of cisco
press
 books, but I can't find any information about setting up an ACL for MAC
 addresses.  Has anybody done it before?

 Here's what I'm trying to do: I've got a wireless access point that lets
 just anybody join.  I want to put a router upstream to block all but a
 limited number of pre-defined MAC addresses.  Any thoughts?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=48329t=48324
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

VoIP Question [7:48281]

2002-07-07 Thread Hamid


Hi,
I am setting up a VoIP network with a gatekeeper and a some gateways. This
network is generally used for terminating calls.

I want to hide the IP address of my gateways from the customers who are
sending me(originating calls) traffic.

Any ideas how I can hide the gateways from my customers?

Thanks in advance,
Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=48281t=48281
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Study Guide for the Written Exam [7:47793]

2002-06-30 Thread Hamid


Hi,

Any recommended readings for the written exam ? I have already studied the
following books:

- Routing TCP/IP by Doyle
- Cisco LAN Switchinf (CCIE Professional Developement Series) By
HamiltonClark

- Cisco Certification, by Caslow


I was just wondering wether these books were enough for the written exam or
not.

Any input would be welcome,

Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47793t=47793
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: rate limit plz help [7:47133]

2002-06-22 Thread Hamid


Your burst size is too BIG !!!

According to cisco's documents
the bust size (Y in Bytes) = X (average bits/s) /8 * 1.5

Your burst size is to high allowing the user to exceed the limit. For 64 k
yopu should use:

rate-limit input 64000 12000 12000 conform-action transmit exceed-action
drop

Same for the other.

Hope this helps

Hamid


kaushalender  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 hi group,

 I have a customer who has take 64 up link and burstable 128 downlink
 .Problem is that i give sh int command it is showing

   5 minute input rate 148000 bits/sec, 218 packets/sec
5 minute output rate 62000 bits/sec, 36 packets/sec

 But i have configure following on serial

 interface Serial0/2
 mtu 2048
 bandwidth 512
   ip address 216.252.243.1 255.255.255.252
   ip access-group 107 in
   ip access-group 107 out
   no ip proxy-arp
   ip wccp web-cache redirect out
   ip wccp web-cache redirect in
   rate-limit input 64000 71680 71680 conform-action transmit
 exceed-action drop
   rate-limit output 64000 131072 131072 conform-action transmit
 exceed-action drop
   encapsulation ppp

 can some body help me to tell .why this is happening when i have
 configured 64 kbps on uplick of customer which input traffic for my
 router is showing 148kbps
 and out traffic 62 kbps why in traffic is exceeding

 Thanx in advance
 kaushalender




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47194t=47133
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: can some please explain me some of this commands [7:47140]

2002-06-22 Thread Hamid


aaa authentication login default group local tacacs+ ( instead of tacacs+
local)

and create a local account for yourself. This way only if the username is
not found on the local user database (the config) tacacs is used. And leave
the login configs on the line con 0 to its default.

This way you will be asked for your username/password when using the
consiole and then you can enter the enable.

Its not a good idea to leave the console without authentcation.

HTH

Hamid,




GEORGE  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Im trying to configure authentication on my routers so far so good ,
 however I would not like to have any type of authentication via
 console., just in case and also if the tacacs goes down I can still get
 in with local account I created.. so far if I place this on the console
 line =line con 0 no authentication none
 It would let me in , and if I place nothing I get promted for the
 username and password on my tacacs , but wont let me enter my enable
 password.?
 Maybe if I understood each line I could  configure it better...

 aaa new-model
 aaa authentication login default group tacacs+ local
 aaa authentication login local local
 aaa authentication login no_tacacs none
 aaa authentication enable default group tacacs+ none
 aaa authorization exec default group tacacs+ none
 aaa authorization network default group tacacs+
 aaa accounting exec default start-stop group tacacs+
 aaa accounting network default start-stop group tacacs+local




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47195t=47140
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IDS Questions [7:46639]

2002-06-15 Thread Hamid


Maybe a silly question, Can anyone tell me what shunning is?


John Kaberna  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I don't see why you'd get flamed for that except maybe from a die-hard
Cisco
 employee and even then I doubt it.  I prefer Snort a lot more than Cisco's
 IDS because of price and I do prefer the fact that you have nearly an
entire
 industry of security people that work on Snort.  There are very few
seasoned
 security people that don't have a fair amount of experience with Snort.
 There are few shops out there that rely solely on Cisco IDS.  If I had the
 choice though, I would probably run them both.  It wouldn't hurt and it
sure
 would make you feel good to catch an alarm on one IDS that was missed by
the
 other.


 Peter Walker  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  I hope I dont get flamed for this
 
   ... but I would like to ask a similar but different question.
 
  What reason is there to choose Cisco IDS over Snort. I just dont see
Cisco
  IDS as having much in the way of advantages over Snort other than a
Cisco
  label and a high price tag (and yes both of those can be percieved as
  advantages)
 
  Of all of the Cisco kit I have worked with the IDS system is the only
one
 I
  cant see myself recommending to someone.
 
  Peter Walker
 
  --On Friday, June 14, 2002 7:13 PM -0400 Ken Diliberto  wrote:
 
   Brian,
  
   We can both justify and afford a commercial IDS but choose Snort.
What
 do
   see as drawbacks to Snort?
  
 
   Brian Zeitz  06/14/02 03:02PM 
 
 
   So the most people who want IDS who cannot afford
   / justify (just yet) and IDS box are using Snort?  I have a pix 515UR,
   and if I read correctly, it has the capabilities to interface to an
IDS
   box, but it is not an IDS box itself.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46677t=46639
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Access List Problem!! [7:46262]

2002-06-12 Thread Hamid Ali Asgari


The answer is NO.

While defining access-lists you have to use wildcards, meaning that the
range you are using must be blocks in 2^n (2 powered by n). Wildcards
difine the important and non-important bits is the IP address. They use
the same method and algorithm subnet masks use but in a reverse manner. In
a subnet mask you define the important bits ( the bits which you want to
exactly the same the IP address) with ONES, and the non-important bits
with ZEROs.
In wildcards, you define the important bits with zeros, and the
non-important bits with ones. For the same reson you cannot have a network
address with 37 hosts, you cannot define a access-list with a wildcard to
include 37 contigous addresses.
Here is an example: if you want to define an access-list for
11001101.01011101.1110001010.11010111 and you want all the bits to be same
but the last 3 bits your mask will be: ...0111
(0.0.0.7)
Hope this helps,
Hamid



Mahmood said:
 Thanx in advance dear friends,
 But is there any way to do this in one line?

 Thanx again


 - Original Message -
 From: Daniel Cotts
 To: 'Mahmood' ;
 Sent: Tuesday, June 11, 2002 7:17 PM
 Subject: RE: Access List Problem!! [7:46262]


 Break it into pieces.
 Deny the range of 192.168.32.0 to 192.168.32.31
 Deny the range of 192.168.32.32 to 192.168.32.36
 Deny the host 192.168.32.37
 Since 192.168.32.0 is not a valid host address I see no problem with
 including it.

  -Original Message-
  From: Mahmood [mailto:[EMAIL PROTECTED]]
  Sent: Tuesday, June 11, 2002 10:02 AM
  To: [EMAIL PROTECTED]
  Subject: Access List Problem!! [7:46262]
 
 
  Hi,
  My question is taht : How Can I Deny this range: 192.168.32.1 to
  192.168.32.37
  ?
 
  Thanks in advance
 
  Mahmood
 Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46327t=46262
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Problem at 2509 access server, please need a help [7:46146]

2002-06-09 Thread Hamid


I don't think the problem is from the IOS. Try bypassing the startup-config
and re-check the config.  ofr parameters such as timeouts and aaa configs.

HTH
Hamid


Mohannad Khuffash  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Dear all,
 I have a problem with Cisco 2509-RJ access server as follow:
 When i reboot the router to it load the IOS installed in the flash, a
 warning message is appear
 (Configurations from version 12.0 may not be correctly under stood)
 after loading, the (Press RETURN to get started) normal  message is pop up
 at the console, but when i press Enter nothing happen only the message (
 Press RETURN to get started) appear again.

 I thought that the problem may be from the IOS installed where it give me
a
 warning at the beginning, so when i tried to go to the ROMON mode to
install
 a new IOS (i can't reach the router through any other interface) by press
 Ctrl+Break i got the following mode :


 

 and the only available command are
  ?
 B [filename] [TFTP Server IP address | TFTP Server Name]
  Load and execute system image from ROM or from TFTP server
 C [address]  Continue execution [optional address]
 D /S M L V   Deposit value V of size S into location L with modifier M
 E /S M L Examine location L with size S with modifier M
 G [address]  Begin execution
 HHelp for commands
 IInitialize
 KStack trace
 L [filename] [TFTP Server IP address | TFTP Server Name]
  Load system image from ROM or from TFTP server, but do not
  begin execution
 OShow configuration register option settings
 PSet the break point
 SSingle step next instruction
 T function   Test device (? for help)

 Deposit and Examine sizes may be B (byte), L (long) or S (short).
 Modifiers may be R (register) or S (byte swap).
 Register names are: D0-D7, A0-A6, SS, US, SR, and PC

 so how can i upgrade the IOS in this mode, or is there any other method to
 solve the problem.

 Thanks
 --




 Mohannad N. Khuffash
 Network Administrator
 Palestine Telecom
 Tel : 00970-09-2390509




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46152t=46146
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE written and configuration Issues [7:45976]

2002-06-07 Thread Hamid


Hi,

I am studying for the written exam. I was wondering wether configuration
issues would be asked at the exam?(commands , etc.)

Thanks in advance

Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45976t=45976
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Recommended Reading for CCIE Written [7:45837]

2002-06-06 Thread Hamid


Reza,

Do you know when exactly will the new test be online? I haven't found
anything about the exact date?

Hamid


Reza  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hamid,
 I am also planning to take the exam before the end of this month and
before
 Cisco brings the new monster test on line. I have read all the books that
 you mention here except, CCIE LAN Switching ,by Hamilton
 I am also doing the Boson practice#3 and have the CCXX material. I am sure
 you know about Token Ring paper.

 Good luck and let me know how you do.
 Reza

 Hamid  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Hi,
  I am studying for the written exam and I am going to take the exam in 3
or
 4
  weeks.
 
  I have used the following books:
  - CCIE LAN Switching ,by Hamilton
  - Routing TCP/IP Vol. 1, by Doyle
  - Routers, Switches  Bridges for CCIEs, by Caslow
  - Some other matterials such as Exam Cram , 
 
  I was wondering wether I should study any other books for the Exam?
 
  Any input would be welcome.
 
  Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45919t=45837
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How to check bandwidth [7:45812]

2002-06-05 Thread Hamid


Try TTCP

Hamid



Ashok C. Braganza  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Can anyone tell me, how to check bandwidth, here is my  router conf (
 bandwidth 128)  How to verify? Is there any cisco command?

 interface ATM0/0
  no ip address
  atm vc-per-vp 256
  no atm ilmi-keepalive
  atm voice aal2 aggregate-svc upspeed-number 0
  dsl operating-mode auto
  no fair-queue
 !
 interface ATM0/0.1 point-to-point
  description J***
  bandwidth 128
  ip address 10.100.1.1 255.255.255.252
  pvc 1/41
   protocol ip 10.100.1.2
   ubr 128
   oam-pvc manage
  !

 Thanks

 ashok braganza




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45835t=45812
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Password privilege [7:45818]

2002-06-05 Thread Hamid


But you can assign the Privilege level 2 to see the startup-config.

Hamid


Jimmy  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi all :

   I have set a username test with privilege 2 for
 show running-config.

However when I login using test and perform show
 running-config ; only 1st line and last line of the
 configuration can be seen. Any idea ?


 username cisco password 7 104D000A0618
 username test privilege 2 password 7 021201481F
 ip subnet-zero
 no ip domain-lookup

 privilege exec level 2 show running-config
 privilege exec level 2 show


 And the result is as below :


 Building configuration...

 Current configuration:
 !
 !
 !
 !
 end

 ABC-Demo-S'pore#

 cheers
 Jimmy


 __
 Do You Yahoo!?
 Yahoo! - Official partner of 2002 FIFA World Cup
 http://fifaworldcup.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45836t=45818
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Analyzing Radius Logs [7:45838]

2002-06-05 Thread Hamid


Hi,

I have a VoIP gateway and a Radius server. The Radius server is used to log
the voice calls in its accounting log. Here is the gateways configuration:

!
aaa accounting connection default start-stop group radius
!
gw-accounting h323
gw-accounting voip
!
radius-server host 10.10.100.23 auth-port 1812 acct-port 1813
radius-server retransmit 3
!

Since I am using using a 12.2.T IOS,  VSA logging is enabled by default, So
the log contains VSA attributes.

I am trying to write a script (for example in perl, or any other
language...) to analyze the accounting log (the detail file).

Can anyone tell me how the script has to be written (any algorithmsor
samples,...)?

Thanks in advance,
Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45838t=45838
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How many committed access rate policies with access-lists [7:45840]

2002-06-05 Thread Hamid


Once is a project, I was using CAR on a 7200 with 5 Fast etherner
sub-interfaces. I was using various access-lists (all of them were
Extended). CAR was limiting bith Recieving and Transmitting (SEND) traffic.
With No NPEs or additional modelus installed, the CPU time went to 40-50% in
peek times. The total BW was about 4 Mbps.

HTH
Hamid

Cisco Breaker  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi all,

 My questions are regarding to CAR aka rate-limit. I have use rate-limit
with
 access-list but I never wonder how many policies can I create with
 access-lists.

 How many committed access rate policies with access-lists can be applied
to
 an interface?

 Documentations says 100 policies (can be either access-list or other type
as
 I understand) to subinterface not to an interface. Is it limited to
standard
 or extended access-list number limit 99? Can I use 99 standard access list
 and 99 extended access lists and apply each one of them to a different
(200)
 CAR policy. Or am I limited to 100 policies only as stated.

 Also if I can use 200 policies how much cpu utilization could I see on a
 3600 or 7200? Documentations only states that it would be a significant
 impact to use extended access-lists with car.

 I would really appreciate if anyone  answers these questions.

 Best regards,




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45840t=45840
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Written passed - Boson [7:45535]

2002-05-31 Thread Hamid


What matterials do you mean by 29.95$?

Hamid
Kaminski, Shawn G  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 You spent $80.00 on Boson tests when you could have gotten materials that
 cover the exact same topics for $29.95? Shame on you!

 Congrats!

 Shawn K.

  -Original Message-
  From: Pierre-Alex Guanel [SMTP:[EMAIL PROTECTED]]
  Sent: Friday, May 31, 2002 12:46 PM
  To: [EMAIL PROTECTED]
  Subject: CCIE Written passed - Boson  [7:45535]
 
  I took the CCIE written yesterday afternoon and passed (80%)
 
  I was expecting more, but I flunked the performance/QoS section of the
  exam,
  which I neglected somewhat during preparation.
 
  I used both Boson #1 and Boson #3. Those 2 tests are complementary and
are
  NOT substitute for each other. Boson #3 focuses on SNA issues where as
  Boson
  #1 focuses on the other networking topics.
  If you can, you should purchase both tests.
 
  For preparation I did a pre-test on Boson #3 and discovered how little
SNA
  and ATM I knew. For 3 weeks, I studied SNA and ATM using CCO + hands-on
  until the whole thing felt natural. Then, on the 4th week of preparation
I
  repeated the same strategy with Boson #1. I dicovered 3 areas of
  networking
  where I had some weaknesses. I only had time to work on 2 of them
  thoroughly
  before the test.
 
  Thank you to Bernard and Dennis for excellent test materials and to all
  those who gracefully took the time to answer my questions. I
particularly
  want to thank Priscilla and Leigh Anne who both put me back on track
  several
  times during the last two years and Daniel Cotts for squeezing some time
  out
  of his busy schedule to spend some time discussing Cisco with me.
 
 
  Pierre-Alex




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45542t=45535
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

DSL Clock [7:40791]

2002-04-08 Thread Hamid


Hi Group.

I have a DSL connection with a DSL modem connected on my NM-4T module .
modem generates its internal clock at 528000 bps.
and other side ( customer ) is same modem with this clock
I want to know  at this clock ( 528kbps ) , at a time the total ( SEND +
RECIVE ) can not be over 528kbps or they are separate ,
(SEND=528K , RECIVE=528K )

plz help me .
Reza




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=40791t=40791
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

DSL clock [7:40794]

2002-04-08 Thread Hamid


Hi Group.

I have a DSL connection with a DSL modem connected on my NM-4T module .
modem generates its internal clock at 528000 bps.
and other side ( customer ) is same modem with this clock
I want to know  at this clock ( 528kbps ) , at a time the total ( SEND +
RECIVE ) data can not be over 528kbps or they are separate ,
(at a time SEND=528K , RECIVE=528K )

plz help me .
Reza




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=40794t=40794
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Book on IPv6 [7:40515]

2002-04-04 Thread Hamid Ali Asgari


Hi,

I am looking for a book on IPv6. Any suggestions?

Thanks

Hamid


__
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=40515t=40515
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: EIGRP Question: Change of Feasible Distance (FD) - Please [7:39984]

2002-03-31 Thread Hamid Ali Asgari


But what if a route's metric changes, so that the minimum distance to
the destination increases beyond the FD. In this case will the FD be
updated or not?

If the answer is yes, (as I assume it to be) why does Dyole say that
because the route didn't become active the FD didn't change.(Chapter
8, before figure 8.15)

Thanks,
Hamid

--- Steven A. Ridder  wrote:
 The FD is the lowest distance a router has to a specific network. 
 A router
 may have more than one path to said network, but the lowest
 distance is FD
 and it is entered into the routing table.  More than one route to
 said
 network can still exist and it will be entered in the EIGRP
 topology table
 as a back-up route.
 
 Without reading of the examples, I am guesing that a route's metric
 in the
 EIGRP topology table has changed.  Even if it goes lower than it
 was
 previously, if it's not lower than the FD (the route in the routing
 table)
 than the FD to that netwtork doesn't change.  If it is lower, than
 it will
 change the FD as it will become the new FD.
 
 --
 
 RFC 1149 Compliant.
 Get in my head:
 http://sar.dynu.com
 
 
 Hamid Ali Asgari  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Hi,
 
  Studying EIGRP, I got to a question: When is the Feasible
 Distance
  (FD) for a destination updated. In Jeff Doyles Routing TCP/IP,
  chapter 8, it says that as a result of a local computation the
  following may occur:
 
  -If the feasible successor with the lowest distance is different
 from
  the existing successor, the feasible successor will become the
  successor.
  -If the new distance is lower than the FD, the FD will be
 updated.
  -If the new distance is different from the existing distance,
 updates
  will be sent to all neighbors.
 
  So I asume that as a result of a local computation the FD may be
  updated (reduced).
 
  Later in this chapter, before figure 8.15 it says: Because the
  distance to 10.1.7.0 has increased and the route did not become
  active, the FD is unchanged at Lilienthal.
 
  In EIGRP's White Paper on cisco's web site, after figure 3 it
 says:
  When the link between Routers One and Three goes down, Router One
  examines each path it knows to Network A and finds that it has a
  feasible successor through Router Four. Router One uses this
 route,
  using the metric through Router Four as the new feasible
 distance.
 
  In the book , Network Design and Case Studies by Cisco , Chapter
 3
  Designing Large Scale Ip netwoks,  Subtitle :  Enhanced EIGRP
  Convergence , It is mentioned that the
  FD can only change during an active-to-passive transition .
 
  I am totally confused about the FD and what triggers an update
 for
  it. I don't get it. Is a ROUTE ACTIVATION required for a FD
 update
  necessarily?
 
  If the router receives a better advertisement , and if the FD is
  lower , I feel FD can change during a local computation itself .
 
  Could any one explain?
 
  Thanks in advance,
 
  Hamid
 
  __
  Do You Yahoo!?
  Yahoo! Greetings - send holiday greetings for Easter, Passover
  http://greetings.yahoo.com/
[EMAIL PROTECTED]


__
Do You Yahoo!?
Yahoo! Greetings - send holiday greetings for Easter, Passover
http://greetings.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39984t=39984
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

EIGRP Question: Change of Feasible Distance (FD) - Please [7:39953]

2002-03-30 Thread Hamid Ali Asgari


Hi,

Studying EIGRP, I got to a question: When is the Feasible Distance
(FD) for a destination updated. In Jeff Doyles Routing TCP/IP,
chapter 8, it says that as a result of a local computation the
following may occur:

-If the feasible successor with the lowest distance is different from
the existing successor, the feasible successor will become the
successor.
-If the new distance is lower than the FD, the FD will be updated.
-If the new distance is different from the existing distance, updates
will be sent to all neighbors.

So I asume that as a result of a local computation the FD may be
updated (reduced).

Later in this chapter, before figure 8.15 it says: Because the
distance to 10.1.7.0 has increased and the route did not become
active, the FD is unchanged at Lilienthal.

In EIGRP's White Paper on cisco's web site, after figure 3 it says:
When the link between Routers One and Three goes down, Router One
examines each path it knows to Network A and finds that it has a
feasible successor through Router Four. Router One uses this route,
using the metric through Router Four as the new feasible distance. 

In the book , Network Design and Case Studies by Cisco , Chapter 3
Designing Large Scale Ip netwoks,  Subtitle :  Enhanced EIGRP
Convergence , It is mentioned that the
FD can only change during an active-to-passive transition . 

I am totally confused about the FD and what triggers an update for
it. I don't get it. Is a ROUTE ACTIVATION required for a FD update
necessarily?

If the router receives a better advertisement , and if the FD is
lower , I feel FD can change during a local computation itself .

Could any one explain?

Thanks in advance,

Hamid

__
Do You Yahoo!?
Yahoo! Greetings - send holiday greetings for Easter, Passover
http://greetings.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39953t=39953
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: EIGRP Question: Change of Feasible Distance (FD) - Please [7:39978]

2002-03-30 Thread Hamid Ali Asgari


But what if a route's metric changes, so that the minimum distance to
the destination increases beyond the FD. In this case will the FD be
updated or not?

If the answer is yes, (as I assume it to be) why does Dyole say that
because the route didn't become active the FD didn't change.(Chapter
8, before figure 8.15)

Thanks,
Hamid


--- Steven A. Ridder  wrote:
 The FD is the lowest distance a router has to a specific network. 
 A router
 may have more than one path to said network, but the lowest
 distance is FD
 and it is entered into the routing table.  More than one route to
 said
 network can still exist and it will be entered in the EIGRP
 topology table
 as a back-up route.
 
 Without reading of the examples, I am guesing that a route's metric
 in the
 EIGRP topology table has changed.  Even if it goes lower than it
 was
 previously, if it's not lower than the FD (the route in the routing
 table)
 than the FD to that netwtork doesn't change.  If it is lower, than
 it will
 change the FD as it will become the new FD.
 
 --
 
 RFC 1149 Compliant.
 Get in my head:
 http://sar.dynu.com
 
 
 Hamid Ali Asgari  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Hi,
 
  Studying EIGRP, I got to a question: When is the Feasible
 Distance
  (FD) for a destination updated. In Jeff Doyles Routing TCP/IP,
  chapter 8, it says that as a result of a local computation the
  following may occur:
 
  -If the feasible successor with the lowest distance is different
 from
  the existing successor, the feasible successor will become the
  successor.
  -If the new distance is lower than the FD, the FD will be
 updated.
  -If the new distance is different from the existing distance,
 updates
  will be sent to all neighbors.
 
  So I asume that as a result of a local computation the FD may be
  updated (reduced).
 
  Later in this chapter, before figure 8.15 it says: Because the
  distance to 10.1.7.0 has increased and the route did not become
  active, the FD is unchanged at Lilienthal.
 
  In EIGRP's White Paper on cisco's web site, after figure 3 it
 says:
  When the link between Routers One and Three goes down, Router One
  examines each path it knows to Network A and finds that it has a
  feasible successor through Router Four. Router One uses this
 route,
  using the metric through Router Four as the new feasible
 distance.
 
  In the book , Network Design and Case Studies by Cisco , Chapter
 3
  Designing Large Scale Ip netwoks,  Subtitle :  Enhanced EIGRP
  Convergence , It is mentioned that the
  FD can only change during an active-to-passive transition .
 
  I am totally confused about the FD and what triggers an update
 for
  it. I don't get it. Is a ROUTE ACTIVATION required for a FD
 update
  necessarily?
 
  If the router receives a better advertisement , and if the FD is
  lower , I feel FD can change during a local computation itself .
 
  Could any one explain?
 
  Thanks in advance,
 
  Hamid
 
  __
  Do You Yahoo!?
  Yahoo! Greetings - send holiday greetings for Easter, Passover
  http://greetings.yahoo.com/
[EMAIL PROTECTED]


__
Do You Yahoo!?
Yahoo! Greetings - send holiday greetings for Easter, Passover
http://greetings.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39978t=39978
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FD change in EIGRP [7:39918]

2002-03-29 Thread Hamid Ali Asgari


Hi group,

I was studying EIGRP on Jeff Doyle's Roting TCP/IP and came to a
question: When is the FD for a destination updated and what triggeres
the FD to be updated?

In the followong scenario would FD change or not:

In an EIGRP environment, a Router (RTC) has 2 feasible successors to
network 10.1.7.0; RTA  RTB. Currently RTA is the seccessor so RTC's
FD to 10.1.7.0 is the locally calculated metric through RTA. RTA's
link to 10.1.7.0 fails and RTB becomes the new successor. Now will
the FD on RTC change (increase) or not?

Any inputs will be appreciated,

Hamid


__
Do You Yahoo!?
Yahoo! Greetings - send holiday greetings for Easter, Passover
http://greetings.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39918t=39918
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FD change in EIGRP [7:39922]

2002-03-29 Thread Hamid Ali Asgari


I found the answer on EIGRP's white paper: Yes the FD will be
updated.

But on Jeff Doyle's Routing TCP/IP, chapter 8 before figure 8.15 it
says that the FD will remain unchanged at Lilienthal:

Because the distance to 10.1.7.0 has increased and the route did not
become active, the FD is unchanged at Lilienthal.

Can anybody explain why FD remain's unchanged?

Thanks,

Hamid

__
Do You Yahoo!?
Yahoo! Greetings - send holiday greetings for Easter, Passover
http://greetings.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39922t=39922
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Strange Problem: Everything works fine but the Router can NOT [7:34170]

2002-02-01 Thread Hamid Ali Asgari


Hi group,

I have a router which is the main gateway of my network. All the
hosts on my network can successfully ping everywhere on the internet,
but the ROUTER itself has always a success rate at 50%. Bellow is the
ping result:

Router#ping   
Protocol [ip]: 
Target IP address: 193.0.0.193
Repeat count [5]: 10
Datagram size [100]: 
Timeout in seconds [2]: 
Extended commands [n]: 
Sweep range of sizes [n]: 
Type escape sequence to abort.
Sending 10, 100-byte ICMP Echos to 193.0.0.193, timeout is 2 seconds:
!.!.!.!.!.
Success rate is 50 percent (5/10), round-trip min/avg/max =

Same time my computer which is exactly behind the router can ping
193.0.0.193 without any errors.


No routing protocol is running on the router and it's using simple
static routes and all of its interfaces have VALID IP addresses.

Any idea what the problem is ???

Thanks in advance,


__
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions! 
http://auctions.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34170t=34170
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Strange Problem: Everything works fine but the Router can [7:34172]

2002-02-01 Thread Hamid


I tried adding a static route with 193.0.0.193 255.255.255.255 to the router
but still the problem is not resolved.

The problem is that every host in the internet is pinged with exactly 50%
seccess rate. I have only one default route so I don't think there is any
load balancing.

Any commnets???

Thanks

Hamid

Brian  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 The every other packet behavior sometimes indicates multiple static
 routes, do a sh ip ro for the dest and see whats there..

 On Sat, 2 Feb 2002, Hamid Ali Asgari wrote:

  Hi group,
 
  I have a router which is the main gateway of my network. All the
  hosts on my network can successfully ping everywhere on the internet,
  but the ROUTER itself has always a success rate at 50%. Bellow is the
  ping result:
 
  Router#ping
  Protocol [ip]:
  Target IP address: 193.0.0.193
  Repeat count [5]: 10
  Datagram size [100]:
  Timeout in seconds [2]:
  Extended commands [n]:
  Sweep range of sizes [n]:
  Type escape sequence to abort.
  Sending 10, 100-byte ICMP Echos to 193.0.0.193, timeout is 2 seconds:
  !.!.!.!.!.
  Success rate is 50 percent (5/10), round-trip min/avg/max =
 
  Same time my computer which is exactly behind the router can ping
  193.0.0.193 without any errors.
 
 
  No routing protocol is running on the router and it's using simple
  static routes and all of its interfaces have VALID IP addresses.
 
  Any idea what the problem is ???
 
  Thanks in advance,
 
 
  __
  Do You Yahoo!?
  Great stuff seeking new owners in Yahoo! Auctions!
  http://auctions.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34172t=34172
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Strange Problem: Everything works fine but the Router can [7:34177]

2002-02-01 Thread Hamid


As I mentioned before, there is no load balancing. Here are my route
statements. (my CLASS C IPs have been replaced by 172.16.1.0, but actually
there is no 172.16.1.0 network)

Router#sh run | include ip route
ip route 0.0.0.0 0.0.0.0 Serial4/0
ip route 193.0.0.193 255.255.255.255 Serial4/0
ip route 172.16.1.128 255.255.255.192 192.168.10.20
ip route 172.16.1.184 255.255.255.248 FastEthernet0/0.4 172.16.1.180
ip route 172.16.1.248 255.255.255.252 172.16.1.20
ip route 172.16.1.136 255.255.255.248 172.16.1.130
ip route 172.16.1.144 255.255.255.240 172.16.1.130
ip route 172.16.1.160 255.255.255.224 172.16.1.130


Brian  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Lets see all your ip route route statements, and are you running routing
 protocols?

 Brian

 On Sat, 2 Feb 2002, Hamid wrote:

  I tried adding a static route with 193.0.0.193 255.255.255.255 to the
 router
  but still the problem is not resolved.
 
  The problem is that every host in the internet is pinged with exactly
50%
  seccess rate. I have only one default route so I don't think there is
any
  load balancing.
 
  Any commnets???
 
  Thanks
 
  Hamid
 
  Brian  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   The every other packet behavior sometimes indicates multiple static
   routes, do a sh ip ro for the dest and see whats there..
  
   On Sat, 2 Feb 2002, Hamid Ali Asgari wrote:
  
Hi group,
   
I have a router which is the main gateway of my network. All the
hosts on my network can successfully ping everywhere on the
internet,
but the ROUTER itself has always a success rate at 50%. Bellow is
the
ping result:
   
Router#ping
Protocol [ip]:
Target IP address: 193.0.0.193
Repeat count [5]: 10
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 10, 100-byte ICMP Echos to 193.0.0.193, timeout is 2
seconds:
!.!.!.!.!.
Success rate is 50 percent (5/10), round-trip min/avg/max =
   
Same time my computer which is exactly behind the router can ping
193.0.0.193 without any errors.
   
   
No routing protocol is running on the router and it's using simple
static routes and all of its interfaces have VALID IP addresses.
   
Any idea what the problem is ???
   
Thanks in advance,
   
   
__
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions!
http://auctions.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34177t=34177
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Limiting the number of VoIP calls on a per GATEWAY Basis [7:33266]

2002-01-25 Thread Hamid Ali Asgari


Hi group,
I have a VoIP environment with 10 gateways. The calls are being
routed between these gatewats and evrything is working fine. The
problem is that I want to limit the number of calls on per gateway
basis, that is for example gateway A should only have only 10 active
calls from gateway B, leaving the remaining lines for the other
gateways.

Any idea how this could be done? 
Thanks,
Hamid

__
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions! 
http://auctions.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=33266t=33266
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Accounting / Authentication for Voice over IP [7:30581]

2001-12-31 Thread Hamid Ali Asgari


Hi group

I am new to VoIP. I have configured two voice gateways in my lab adn
they are working fine. It's a very simple scenario and the calls are
originated from one and terminated on the other one.

Currently, everyone who dials the phone number of the voice ports can
dial a number and the gateways establish a call.

My question is that how can I provide a way of authentocation /
accounting (something like asking for a PIN number)?

Any inputs would be welcome

Thanks is advance,
Hamid

__
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=30581t=30581
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Trunking - VLANS - with NORTEL switch [7:27255]

2001-11-24 Thread Hamid


Hi group
In my network I have a CISCO 3600 Router and a NORTEL Baystack 450 switch.
its a manageble switch. I want to make VLAN and a make this switch VLANs
oprate as
routers's FastEthernet subinterfaces.
I have do it with CATALYST 2924 switches. I made some VLANS and my router's
FastEthernet
port on switch use TRUNk protocol to route between VLANS.
I want to use TRUNK protocol on Nortel switch but I dont know how.
I asked the NORTEL support but they have not answer.
please help me.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27255t=27255
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

DTR-Drop [7:26672]

2001-11-19 Thread Hamid


Hi

Can anyone tell me what  DTR_DROP is and it is caused?

Thanks

Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=26672t=26672
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Need Assitance on my Access-Server logs [7:26622]

2001-11-17 Thread Hamid Ali Asgari


Hi 

I have a Cisco 3660 access-server with 6 NM-16AMs. The problem is
that my clients are being disconnected too frequently and sometimes
their connect-speeds are very low (21600 bps). Here are some of my
show command outputs:

RamRam#show modem call stats 5

.
(the results have been cut out)

 lostCarr  dtrDrop  rmtLink   retrain
Total 300707 863   0

Can everyone tell me what these resukts whould mean (especially
DTRDROP and what would cause a DTR DROP)?

I have asked for the Tel. lines to be tested and they said that they
are OK. Are there any problems with modems or not?

Any input would be appreciated.

Thanks

Hamid


__
Do You Yahoo!?
Find the one for you at Yahoo! Personals
http://personals.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=26622t=26622
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Strange Routing problem !!! [7:26196]

2001-11-14 Thread Hamid


Hi ,

I want to make a policy routing on one of Interfaces, and I have defined a
route-map for it:( IP addresses are changed)

!
route-map TEST permit 2
match ip address 133
set interface tunnel 0
!
access-list 133 permit ip 192.168.100.0 0.0.0.255 any
access-list 134 deny ip 192.168.100.0 0.0.0.255 any
access-list 134 prmit ip any any
!
interface fastethernet0/0.7
ip address 192.168.100.1 255.255.255.0
ip policy route-map TEST
encapsulation isl 7
!
ip route 0.0.0.0 0.0.0.0 serial 4/0
--
The problem is that policy routing dosn't work at all. The packets are not
routed to the tunnel interface at all, instead they are routed through the
default route (serial 4/0). First I thought the problem is with the
access-list, so I applied the 134 access-list for outbound traffic on my
sreial interfaces, THE PACKETS MATCHED THE ACCESS-LIST AND GOT DROPPED.

I don't what causes the problem, is it an IOS bug or I am doing something
wrong.

Any input would be appreciated,

Thanks
Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=26196t=26196
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CBWFQ (Class-Based Weighted Fair Queing) Question [7:26197]

2001-11-14 Thread Hamid


Hi

Studying CBWFQ, I was wondering if it guarantees bandwidth or just limits
the bandwidth:


class-map my-map
  match access-group 151

policy-map my-policy
  class my-map
   bandwidth 2048

int fast0/0
service-policy input my-policy

access-list 151 permit ip 213.213.213.0 0.0.0.255 any
--
In this case is the 213.213.213.0 bandwidth limited to 2 Mbps ?

Thanks is advance

Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=26197t=26197
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Strange Routing problem !!! [7:26196]

2001-11-14 Thread Hamid


Richard
NO, the traffic generated by the router is not in mind. I am taliking about
a couple of hosts located in a VLAN.

Richard Newman  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hamid,
 Are you sourcing your traffic from the router? By default any traffic
 sourced from the router will not be policy routed. You need to add a IP
 LOCAL POLICY ROUTE-MAP routemap.

 Hope this helps.

 -Richard Newman



 Hamid  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Hi ,
 
  I want to make a policy routing on one of Interfaces, and I have defined
a
  route-map for it:( IP addresses are changed)
 
  !
  route-map TEST permit 2
  match ip address 133
  set interface tunnel 0
  !
  access-list 133 permit ip 192.168.100.0 0.0.0.255 any
  access-list 134 deny ip 192.168.100.0 0.0.0.255 any
  access-list 134 prmit ip any any
  !
  interface fastethernet0/0.7
  ip address 192.168.100.1 255.255.255.0
  ip policy route-map TEST
  encapsulation isl 7
  !
  ip route 0.0.0.0 0.0.0.0 serial 4/0
  --
  The problem is that policy routing dosn't work at all. The packets are
not
  routed to the tunnel interface at all, instead they are routed through
the
  default route (serial 4/0). First I thought the problem is with the
  access-list, so I applied the 134 access-list for outbound traffic on my
  sreial interfaces, THE PACKETS MATCHED THE ACCESS-LIST AND GOT DROPPED.
 
  I don't what causes the problem, is it an IOS bug or I am doing
something
  wrong.
 
  Any input would be appreciated,
 
  Thanks
  Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=26212t=26196
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Question about CAR , the BURST size and MTU [7:23754]

2001-10-22 Thread Hamid


Hi group

Reviewing cisco's white paper on CAR (rate-limit) I found that cisco uses a
bucket to determine the traffic rate. Cisco recommends the burst size to be
:

Burst size =Desired Rate(in bits) /8 * 1.5

and it says that if the burst size is smaller the client won't reach the
desired rate.

My question is that how should be the burst(bucket) size be calculated so
that the client reaches the specified data rate. Dosn't the burst size have
anything to do with the MTU? For example, whould the burst size be the same
if you are limiting tiny voice packets or normal traffic with an 1500 MTU.
Actually I am looking for a relation between the MTU and the packet size.

Thanx in advance

Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=23754t=23754
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Configuring DNS for router [7:21764]

2001-10-03 Thread Hamid


Config t
ip name-server a.b.c.d
ip name-server k.l.m.n


Hamid

Lists Wizard  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi Group,

 Does any body remember the command to configure the DNS server for the
 router? I tried to find the command using CLI help feature but I could
not.
 Any help is highly appreciated.

 Thanks

 Lists Wizard




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=21806t=21764
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Strange CAR behaviour ! ! ! Is is an IOS bug ??? [7:21271]

2001-09-27 Thread Hamid


Hi group,

I have set CAR on one of my sub-interfaces on my 3661 router, the problem is
that it only limits the OUTPUT packets. Here are my configs:

interface FastEthernet0/0.3
 description 32/128 kbps test
 encapsulation isl 3
 ip address 213.217.37.245 255.255.255.252
 no ip redirects
 no ip directed-broadcast
 rate-limit input 32000 8000 8000 conform-action transmit exceed-action drop
 rate-limit output 128000 8000 8000 conform-action transmit exceed-action
drop
end

And bellow are the results when I stated pinging (ping -f ) a host on VLAN 3
(213.217.37.246) from my linux server
Router#sh int rate-limit
FastEthernet0/0.3 32/128 test
  Input
matches: all traffic
  params:  32000 bps, 8000 limit, 8000 extended limit
  conformed 0 packets, 0 bytes; action: transmit
  exceeded 0 packets, 0 bytes; action: drop
  last packet: 1867294456ms ago, current burst: 0 bytes
  last cleared 00:32:57 ago, conformed 0 bps, exceeded 0 bps
  Output
matches:
  params:  128000 bps, 8000 limit, 8000 extended limit
  conformed 9943 packets, 10337248 bytes; action: transmit
  exceeded 312 packets, 449888 bytes; action: drop
  last packet: 392ms ago, current burst: 2760 bytes
  last cleared 00:37:28 ago, conformed 36000 bps, exceeded 1000 bps

Any idea why the input limit doesn't work?

Thanks in advance




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=21271t=21271
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Strange CAR behaviour ! ! ! Is is an IOS bug ??? [7:20819]

2001-09-23 Thread Hamid


Hi group,

I have set CAR on one of my sub-interfaces on my 3661 router, the problem is
that it only limits the OUTPUT packets. Here are my configs:

interface FastEthernet0/0.3
 description 32/128 kbps test
 encapsulation isl 3
 ip address 213.217.37.245 255.255.255.252
 no ip redirects
 no ip directed-broadcast
 rate-limit input 32000 8000 8000 conform-action transmit exceed-action drop
 rate-limit output 128000 8000 8000 conform-action transmit exceed-action
drop
end

And bellow are the results when I stated pinging (ping -f ) a host on VLAN 3
(213.217.37.246) from my linux server
Router#sh int rate-limit
FastEthernet0/0.3 32/128 test
  Input
matches: all traffic
  params:  32000 bps, 8000 limit, 8000 extended limit
  conformed 0 packets, 0 bytes; action: transmit
  exceeded 0 packets, 0 bytes; action: drop
  last packet: 1867294456ms ago, current burst: 0 bytes
  last cleared 00:32:57 ago, conformed 0 bps, exceeded 0 bps
  Output
matches:
  params:  128000 bps, 8000 limit, 8000 extended limit
  conformed 9943 packets, 10337248 bytes; action: transmit
  exceeded 312 packets, 449888 bytes; action: drop
  last packet: 392ms ago, current burst: 2760 bytes
  last cleared 00:37:28 ago, conformed 36000 bps, exceeded 1000 bps

Any idea why the input limit doesn't work?

Thanks in advance




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=20819t=20819
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Book on Quality of Service [7:20146]

2001-09-17 Thread Hamid


Hi group,

I am looking for a good book about QoS and Cisco routers, any suggestions?

Thanx in advance

Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=20146t=20146
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: InterVLAN routing VLAN Sub-Interfaces [7:16445]

2001-09-16 Thread Hamid


Ok Agreed.

But what if the routers finds 2 matchings for one IP address while
performing an ARP broadcast?

Hamid

*

Peter Van Oene  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Keep in mind that one routes between IP subnets, not VLANs. VLANs are a
 layer two concept.  From there you should be able to answer you own first
 question.  In the second case, given IP subnets have unique ranges, only
on
 PC will be on the valid subnet and hence be able to communicate to the
rest
 of the network.  Neither PC will be disabled as far as I know, but only
one
 will function.  Using DHCP is highly recommended to overcome this manual
 configuration errors, not to mention it scales better.

 Pete


 *** REPLY SEPARATOR  ***

 On 8/18/2001 at 3:55 AM Hamid wrote:

 Hi
 
 I was studying the InterVlan routing documents and I got to some
questions.
 In a scenario like the attached file:
 
 1. How does the external Router decide how to route the packets between
the
 VLANs, is the INTERVLAN routing based on the IP address assigned to
 sub-inteface?
 
 2. In these scenarios, how does the router detect a conflicting IP
address?
 For example, if each IP subnet is assigned to a VLAN( 10.10.1.0 to VLAN 1
 and 10.10.2.0 to VLAN 2), if two computers on both VLANs are assigned the
 same IP address (for example 10.10.1.5), how is the confilit detected and
 which computer is disabled?
 
 
 Thanks
 
 Hamid
 
 
 [demime removed a uuencoded section named 50a.jpg which was 1310 lines]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=20125t=16445
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Avoiding IP conflicts in a MULTI-VLAN environment [7:20124]

2001-09-16 Thread Hamid


Hi group

I am setting up a network with some NT4 servers, a Catalyst 2948 switch ,
and a 7204 VXR router and some access servers. The network consists a 7
VLANs, and all the servers and routers are on multi-VLAN or TRUNK interfaces
on the switch. The LAN consists of many computers with different operating
systems such as UNIX, LINUX and  Win2k. lots of computers that will be
connected to this LAN are laptops so I can't implemets PORT SECURITY on the
Catalyst.

The problem is that I want to prevent my clients to make IP Conflicts in my
network. Correct me if I am wrong, but someone had told me that when an IP
conflict occurs , the computer with the greater ARP version wins (or
something like that !), so the RED HAT 7.1 LINUX operating systems would
take down my NT servers.

Any ideas or soloutions  how I could prevent these conflicts?

Thanks in advance

Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=20124t=20124
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Problem Using external routers to route between VLANs [7:16781]

2001-08-22 Thread Hamid


Hi group,

I was wondering if it is A MUST for the external routers's interface to be a
100Mb interface, is it possible to do the InterVlan routing on an ethernet
port (10Mb) on a 2600 router?

I tried to setup a simple scenario with my 2600 router in my home lab,
setting the port connected to the 2600 router to TRUNK mode with isl
encapsulation , and allowing all vlans. But when I tried to confgure the
router's sub-interfaces I the following errors:

Router3(config)#int ethernet 0/0.2
Router3(config-subif)#ip address 10.10.2.1 255.255.255.0

Configuring IP routing on a LAN subinterface is only allowed if that
subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q,
or ISL vLAN.

The other problem was that inthe SUBIF configuration mode I didn't have the
ENCAPSULATION command available.

Bellow is the output of the show version command:
Router3#sh ver
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IO3-M), Version 12.2(3), RELEASE SOFTWARE
(fc1)
Copyright (c) 1986-2001 by cisco Systems, Inc.
Compiled Wed 18-Jul-01 17:11 by pwade
Image text-base: 0x80008088, data-base: 0x809C818C

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router3 uptime is 6 hours, 3 minutes
System returned to ROM by reload
System image file is flash:c2600-io3-mz.122-3.bin

cisco 2610 (MPC860) processor (revision 0x203) with 28672K/4096K bytes of
memory.
Processor board ID JAD04390FCB (93659888)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
1 Ethernet/IEEE 802.3 interface(s)
2 Serial(sync/async) network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102


Any idea what the problem is?

Thanx in advance

Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=16781t=16781
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

InterVLAN routing VLAN Sub-Interfaces [7:16445]

2001-08-18 Thread Hamid


Hi

I was studying the InterVlan routing documents and I got to some questions.
In a scenario like the attached file:

1. How does the external Router decide how to route the packets between the
VLANs, is the INTERVLAN routing based on the IP address assigned to
sub-inteface?

2. In these scenarios, how does the router detect a conflicting IP address?
For example, if each IP subnet is assigned to a VLAN( 10.10.1.0 to VLAN 1
and 10.10.2.0 to VLAN 2), if two computers on both VLANs are assigned the
same IP address (for example 10.10.1.5), how is the confilit detected and
which computer is disabled?


Thanks

Hamid


[demime removed a uuencoded section named 50a.jpg which was 1310 lines]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=16445t=16445
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Avoiding IP conflicts in a MULTI-VLAN environment [7:16470]

2001-08-18 Thread Hamid Ali Asgari


Hi group

I am setting up a network with some NT4 servers, a Catalyst 2948 switch ,
and a 7204 VXR router and some access servers. The network consists of  7
VLANs, and all the servers and routers are on multi-VLAN or TRUNK interfaces
on the switch. The LAN consists of many computers with different operating
systems such as UNIX, LINUX and  Win2k. Lots of computers that will be
connected to this LAN are laptops so I can't implement PORT SECURITY on the
Catalyst.

The problem is that I want to prevent my clients to make IP Conflicts in my
network. Correct me if I am wrong, but someone had told me that when an IP
conflict occurs , the computer with the greater ARP version wins (or
something like that !), so the RED HAT 7.1 LINUX operating systems would
take down my NT servers.

Any ideas or soloutions  how I could prevent these conflicts?

Thanks in advance

Hamid








-
Do You Yahoo!?
Make international calls for as low as $0.04/minute with Yahoo! Messenger.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=16470t=16470
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Strange Behavior on my IOS ! ! ! [7:16144]

2001-08-15 Thread Hamid


Hi group

I have recently upgraded the IOS on my C3660 router to a IOS 12.2.3
ENTERPRISE/FW/IDS PLUS IPSEC 56.  The previous version was 12.0.7 XK.

No configurations have been changed. The router has 4 NM-16AM modules which
currently acts as an Access Server.

The problem is none of my clients can login using their MSN Messenger or
Yahoo Messenger, they can't chech their E-mails with programs like Outlook
either.

I have checked the configs, there are no access lists applied to the Async
interfaces. I still can login to my Messengers in the LAN.

I have returned the previous IOS and everything worked fine ! ! !

Any idea what the problem is?

Thanx in advance

Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=16144t=16144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Re: CODE RED protection ! ! ! [7:15989]

2001-08-15 Thread Hamid


Hi

The problem is that I do have web servers on my network, blocking port 80
would stop these web servers .

Hamid
 wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 my company just got hit by code red last week. the only logical thing to
 deploy on your routers is to block all access to port 80 in and out of all
 the interfaces by ACL.

 Unless you have the luxury of running IOS 12.1 and above on all your
 routers, you will not be able to use NBAR. Deployed the ACLs onto all
 interfaces to control all port 80 traffic.

 Use ip route-cache flow and show ip cache flow on your interfaces to
 detect the IP addresses that are propagating http traffic to port 80. You
 will have to look out for port 0050 under destination port when you
perform
 a show ip cache flow.

 Cheers.

 - Original Message -
 From:  Dennis Bailey
 To:  [EMAIL PROTECTED]
 Sent: Tue, 14 Aug 2001 15:34:19 -0400
 Subject:  Re: CODE RED protection ! ! ! [7:15989]
 Depending upon the router platform you can use NBAR.

  I am just really depressed right now because there are costumers getting
 involved in our business.  I knew I wasn't the only one who liked to get
 dressed up but now think of the pressure that there will be with
 professionals out there..


 Hamid  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Hi group
 
  I have some costumers whom I belive are infected with CODE RED. Any
ideas
  how I can deny any traffic related to CODE RED on my router?
 
  Thanks
 
  Hamid
 --
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




 Check any e-mail over the Web for free at MailBreeze
 (http://www.mailbreeze.com)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=16145t=15989
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Strange Behavior on my IOS ! ! ! [7:16144]

2001-08-15 Thread Hamid


I have checked these settings, PINGs, Trace Routes results are fine.
Everything seems to work fine and the DNS is resolving, As I mentioned
before they can browse the Internet without any problems.

Hamid

Kevin Welch  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Without knowing more its hard to say...  personally I would blame this
 issue on user error or possibly a DNS problem by the limited information
 available.   Have you been able to duplicate the problem yourself?  Run
 pings, traceroutes, check name resolution, etc... Start with the
 troubleshooting basics and see where that leads you.

 -- Kevin

  Hi group
 
  I have recently upgraded the IOS on my C3660 router to a IOS 12.2.3
  ENTERPRISE/FW/IDS PLUS IPSEC 56.  The previous version was 12.0.7 XK.
 
  No configurations have been changed. The router has 4 NM-16AM modules
  which currently acts as an Access Server.
 
  The problem is none of my clients can login using their MSN Messenger
  or Yahoo Messenger, they can't chech their E-mails with programs like
  Outlook either.
 
  I have checked the configs, there are no access lists applied to the
  Async interfaces. I still can login to my Messengers in the LAN.
 
  I have returned the previous IOS and everything worked fine ! ! !
 
  Any idea what the problem is?
 
  Thanx in advance
 
  Hamid
  Nondisclosure violations to [EMAIL PROTECTED]


 
 understand, v.:
 To reach a point, in your investigation of some subject, at which
 you cease to examine what is really present, and operate on the basis of
 your own internal model instead.

 -
 This email was sent using SquirrelMail.
Webmail for nuts!
 http://squirrelmail.org/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=16151t=16144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Connecting two Routers through their Serial Interfaces [7:16209]

2001-08-15 Thread Hamid


Hi group,

Can anyone tell me if it's possible if you want to connect two routers
Bach-to Back using their serial interfaces.

And if possible how should I configure the serial inetrfaces.

Thanks in advace

Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=16209t=16209
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CODE RED protection ! ! ! [7:15989]

2001-08-14 Thread Hamid


Hi group

I have some costumers whom I belive are infected with CODE RED. Any ideas
how I can deny any traffic related to CODE RED on my router?

Thanks

Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=15989t=15989
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Port Management on Catalist Switches [7:15600]

2001-08-10 Thread Hamid


Hi group

How can I limitrs the bandwidth on a specific port in a 2900XL switch with
IOS 12

Thanx in advance




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=15600t=15600
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Multilink Virtual-Templates [7:15091]

2001-08-07 Thread Hamid


Hi group

 I have configured my access server to allow multilinks. I have created a
virtual template for the multilink users as follows:

!
interface Virtual-Template1
 description Template for Multilink users
 ip unnumbered Loopback1
 no ip directed-broadcast
 ip tcp header-compression passive
 peer default ip address pool ip-pool1
 ppp authentication pap ms-chap dial-in
 ppp multilink
!
AS-Alpha#sh ip local pool
 Pool Begin End
 ip-pool1   61.11.243.100  61.11.243.150
 ip-pool2   213.217.32.100213.217.32.150

The problem is that I have 2 type of users, which I have to assign different
classes of IP addresss. (as the above IP pools). The async lines are
different., the first group dials into the Group-Async 1 interfaces and the
second group dials into the Group-Async2 interfaces.

Can anyone tell me how I can assign these multilink users with different IP
address classes?

Thanx

Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=15091t=15091
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OSPF Link State [7:15006]

2001-08-06 Thread Hamid


Hi Group,

Can anyone tell me how OSPF recognizes a link failure? Does it use the HELLO
packets?

Thanx

Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=15006t=15006
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

URGENT: Routing Issue [7:14618]

2001-08-01 Thread Hamid


Hi Group,

I have a Router (RTA) with a Serial port connected to leased line to an ISP
. There are two other Routers in my LAN each connected by their serial ports
to an ISP. RTA is the defualt gateway for my network. Since RTA is connected
to three internet backbones (1 for its serial port, and the other 2
routers), I want to assure network connectivity while providing load
balancing, I want to configure RTA so that it will route simultaneously
between these three ROUTES to the internet.

Can anyone tell me how I should config the RTA router?

Thanks in advance

Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=14618t=14618
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco Secure [7:12407]

2001-07-15 Thread Hamid


Hi group,

Does abyone know where I can get an Evaluation copy of CISCO SECURE IDS
(Formerly known as NetRanger).

I already have the IOS , but I don't know where to find the Director?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12407t=12407
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

48 bit MAC address Access-lists [7:10497]

2001-06-30 Thread Hamid


Hello group

How can I deny a couple of MAC addresses on an interface using an
access-list.( I have put all of the MAC addresses into an access-list)

Thanks in advance

Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=10497t=10497
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco Express forwarding and Memory Requirements --- Please [7:8876]

2001-06-17 Thread Hamid


Hi

I have a C2600 router with 32 MB of memory connected to my backbone. This
router should share the bandwidth among three Cisco routers connected
through the LAN (Fast-Ethernet ports). For example, a 3 Mbps bandwidth
should be shared between these routers so the traffic going through each of
these routers should be limited to 1 Mbps.

I wanted to use CAR using the MAC address of the Fast-Ethernet ports to
limit the bandwidth for each router, but I had to enable CEF on the Ethernet
interface. I not sure what performance impacts would CEF cause on the C2600
router and I was wondering if the C2600 router could handle this.

I am not sure if I am using the best solution, so it would be appreciated if
I could have your advice.

Thanks In advance

Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=8876t=8876
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Maximum Security * [7:7159]

2001-06-04 Thread Hamid


Hi

I want to provide maximum security for my network which is connected with a
Cisco 3600 router to the Internet.

The network consists of a web-server, mail server, a cache server (Squid) ,
a security server (TACACS+ Server) and an accounting/billing  server. All
these servers are LINUX servers.

Security considerations are already made on Linux servers, and I am going to
configure the Cisco routers.

A Cisco 3600 router will be acting as an Access Server for dial-up clients
and another C3600 router will be connected to the Internet backbone. Both
routers must be configured to provide maximum security. (Security
considerations should be made for the dial-up clients as well as the
Internet)

Any suggestions on the following topics would be welcome to make this as
secure as possible :

-Router configuration ( Both routers)
-Assigning valid/invalid IP addresses to the Servers.
- Network Plan / Design / Topology
-Special configuration on the Linux servers.

Thanks in Advance.

Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=7159t=7159
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

WAN problem with ATM - Please help !!! [7:6212]

2001-05-29 Thread Hamid


Hi

I have to 1601 Routers in 2 branch offices connecting them to a 3640 router
in a Central office over ATM. I have configured EIGRP routing and the
encapsulation is ATM-dxi.

The is that, both of the branch offices have connectivity to the central
sites and have no problems with the central office. But the branch offices
can't see each other.
I have tested it it on the 1601 routers, none of them can see eachother. I
don't think the problem is about the ROUTING because changing the
encapsulation to FRAME-RELAY solves everything. Everything works allright
with FRAME-RELAY encapsulation. But it won't work with ATM-dxi.

Can someone tell me please what the problem is?

Thanks in advance

Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=6212t=6212
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

DHCP Server and Dialin users [7:6012]

2001-05-25 Thread Hamid


Hi

I have an access server with IOS 12. I want to use my router as a DHCP
server too. The problem is that my router provides IPs to the DHCP clients
in the LAN but the I doesn't assign any IP's to the dial-up clients.

Can anybody tell me how I can configure my router?

Thanks in advance

Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=6012t=6012
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Voice over IP Documents and sample configs [7:5221]

2001-05-21 Thread Hamid


Hi

Can anybody tell me where I can find some sample configs for VoIP and a good
and complete document for it.

Thanks

Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=5221t=5221
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Bandwith Allocation/Dedication and Routing [7:4798]

2001-05-16 Thread Hamid


Hello

I have a satelite conection with a 8Mbps recive and a 2 Mbps sending
bandwidth. I have two departmets in two different IP subnets (for example:
217.80.26.0 and 217.80.27.0) to which I want to provide a dedicated 1/4 Mbps
banwidth. (Each should have a dedicated 1 Mbps send and a dedicated 4 Mbps
recive bandwidth)

I am using a 2600 router as a gateway for each Department and my 3600 (with
1 FastEthernet Interface) Router is connected to the Satelite Dish , and all
of my routers are using IOS 12.

Can Anyone tell me how I can set my 3600 router to provide dedicated
bandwidth for each subnet?

Thanks in advance

Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=4798t=4798
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Bandwitdh Allocation and Routing [7:4797]

2001-05-16 Thread Hamid


Hi

Can anybody tell me how I can dedicate a bandwith for some destination
addresses?

I have a 3662 cisco router with IOS 12.1. This router is the main gateway of
my network. My network has three segments to which I want to alloocate a
bandwith.
I have a 6 Mb bandwith which I want to share beyween these three segments
whish are in differesnt segments.

Well, I want to provide a dedicated 2 Mb bandwidth to each segment. From the
3662 router side, these 3 segments are in 3 different subnets but in one
physical segment. (all tf these three segments are routed through the one
FastEthernet interface).

Thanks in advance !

Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=4797t=4797
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Modem Configuration for Dial out ********* [7:340]

2001-04-12 Thread Hamid


Hi

I am trying to make one of my modems on a NM-16AM module over an async line
to
Dial-out. The problem is thst I can't get the modem Dial at all. I tried
dialing manually by entering the AT mode ( modem at-mode 6/15) and here are
the results:

AT
OK
ATZ
OK
ATD 20365
ERROR
ATDP 20345
ERROR
ATDT 203456
ERROR

line 208
 modem InOut
 modem autoconfigure discovery
 transport input all
 flowcontrol hardware

Router#show modem configuration 6/15
IDLE   000:00:00LAST DIALMODEM HW: PC 2W United States4 RTS 5 CTS 6
DSR - CD 20 DTR - RIMODULATION   IDLEMODEM BPS33600  AT%G0MODEM
FLOW   OFFAT\G0MODEM MODE   AUTAT\N3BASE MODEV34
AT%M2V.23 OPR.OFFAT%F0AUTO ANS.ON ATS0=1SERIAL BPS
38400  ATBPS ADJUST   OFFAT\J0SPT BPS ADJ. 0  AT\W0ANSWER
MESSGSOFFATQ2SERIAL FLOW  OFFAT\Q0PASS XON/XOFFOFF
AT\X0PARITY   8N ATBREAK5  AT\K5EXIT CHAR
043ATS2=43ANS DUMB MODEOFFAT#E0CMD ECHO ON ATE1
--More--

ANS DUMB MODEOFFAT#E0CMD ECHO ON ATE1RESULTS  ON
ATQ0RESULT TYPE  MNPX   ATV1\V2CONNECT MSG  MDMATW2CONN MNP-
0  AT-M0SPEED MATCH  1  AT%L1EQUALIZER1 
AT:E1FALLBACK
2  AT-Q2DATA ECHOOFFAT\E0INACT TIMER  00 AT\T0AUTO
RETRAIN ON AT%E1COMPRESSION  ALLAT%C3MAX BLK SIZE 256
AT\A3AUTO BUFF0  AT\C0AUTO CHAR000AT%A0PAUSE TIME
002ATS8=2DTR  2  ATD2CARR DET 1  ATC1DSR
0  AT\D0RING IND 1  AT\R1LEASE LINE   0  ATL0LNG SPC
DISC OFFATY0BUSIED OUT   IDLE   AT*Y0 --More--

LNG SPC DISC OFFATY0BUSIED OUT   IDLE   AT*Y0DISC DELAY   000
AT%D0RDLB ENABLE  OFFATT5DIAL MODE4  ATX4PULSE DIAL
60%ATP0PULSE MODE   N  AT%W0V23 HD EQU   ON AT%O1GUARD
TONE   0  ATG0DATA CALL TONE   OFFAT-C02ND FC   OFF
AT-F0NM BIT VALUE 0  AT-E0PAR CHK  0  AT-P0MANUAL DIAL
0  AT:D0UPSHIFT BPS  OFFAT*H0CELLULAR OFF   
AT)M0LINETYPE
000AT@M0DETECT PHASE ON AT-J1MNP EXT SVC  2  AT-K2UNIV
V.231  AT-V1CONNECT MSG  1STAT@C0DUMB MODEOFF
AT-H0BELL ON ATB1CALL ABT DISAB   OFFAT-Y0 --More--

REVERSE ANS  OFFAT-W0MIN CONN SPD 300AT@UMU-LAW/A_LAW
MU-L
AT"A0REM CHAR 042AT*S42
Ok
-
---
Well, I guess the problem is with the AT commnads because the modem doesn't
dial at all. (the line dosn't get occupied). If it helps I am using it on a
3661 router with IOS 12.0

Can anyone help me with this problem.

Thanks in advance




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=340t=340
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Modem Config [7:284]

2001-04-11 Thread Hamid


Hi
I am using a NM-16AM modeles on a 3661 Router with IOS 12.0.7(XK). When I
enter the AT mode of one of my modems (for example 6/1) I get the following
results:
AT
OK

ATZ
OK

ATDT 123456
ERROR

Can anyone tell me what thw reason is?
The modem is connected to the Telephone Line properly and I have set it to
default by the ATF command.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=284t=284
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Diao Out from Router [7:64]

2001-04-10 Thread Hamid


Hi

Can anybody tell me what's wrong with my configuration? I want to dial out
from my 3661 Cisco Router( with IOS 12.0.7(XK) ) and use that as my uplink
So this line should be connected PERMANENTLY. I have set the configurations
as below but it does not DIAL at all:
!
line 208
 no exec
 script startup Dial
 script dialer Dial
 script reset Reset-Modem
 modem InOut
 modem autoconfigure discovery
 transport input all
 stopbits 1
 flowcontrol hardware
!
chat-script Dial "" "AT" "OK" "ATDT\T" TIMEOUT 60 "CONNECT"
chat-script Reset-Modem "" "ATZ" "OK"
!
interface Async208
 description Used for Dial-out
 ip address negotiated
 no ip directed-broadcast
 encapsulation ppp
 dialer in-band
 dialer string 2845904
 dialer-group 1
 async default routing
 async mode dedicated
 no peer default ip address
 ppp pap sent-username hamid password 7 051F031C325F5D1A0A160406
end




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64t=64
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: *** DHCP Help!!!!! * [7:61]

2001-04-10 Thread Hamid


Hi
Yes you can

Actually you have to setup one DHCP-Proxy per segment, and the DHCP server
will assign the client's IP address due to the DHCO-Proxy's net address.
"Turtle"  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi

 I need advice on the following config

 interface fa0/0.1
 ! DHCP Server segment (Server IP = 10.1.1.254)
 ip address 10.1.1.1 255.255.255.0
 encapsulation 10
 !
 interface fa0/0.2
 ! Engineering Department
 ip address 10.1.2.1 255.255.255.0
 encapsulation 20
 ip helper-address 10.1.1.0
 !
 interface fa0/0.3
 ! Accounting Department
 ip address 10.1.3.1 255.255.255.0
 encapsulation 30
 ip helper-address 10.1.1.0
 !
 interface fa0/0.4
 ! R  D Department
 ip address 10.1.3.1 255.255.255.0
 encapsulation 40
 ip helper-address 10.1.1.0


 My DHCP server will reside in VLAN 10 and all other users will reside in
 VLAN 20, 30  40

 Is it possible to have the DHCP server to issue the correct IP to the
 respective VLANs?

 E.g. if VLAN 20 user power up the PC, he will get 10.1.2.5 (dynamic - as
an
 example) and VLAN 30 user will get 10.1.3.2 (dynamic - as an example)
using
 a single DHCP server reside in VLAN 10

 Can the router or the server make the necessary config to support this?

 Basically i need to have different IP segment for the users in different
 segment

 Any help will be appreciated!


 Regards
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65t=61
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

******************* HELP !!!! [7:114]

2001-04-10 Thread Hamid


Hi

I am trying to make my 3661 Router to Dial out on an ASYNC line PERMANENTLY
for my uplink . I have not set any access lists and below is the
configurations.(I couldn't even make the router Dial).

Can anyone tell me what I have to Change or add :

!
line 208
 no exec
 script startup Dial
 script dialer Dial
 script reset Reset-Modem
 modem InOut
 modem autoconfigure discovery
 transport input all
 stopbits 1
 flowcontrol hardware
!
chat-script Dial "" "AT" "OK" "ATDT\T" TIMEOUT 60 "CONNECT"
chat-script Reset-Modem "" "ATZ" "OK"
!
interface Async208
 description Used for Dial-out
 ip address negotiated
 no ip directed-broadcast
 encapsulation ppp
 dialer in-band
 dialer string 2845904
 dialer-group 1
 async default routing
 async mode dedicated
 no peer default ip address
 ppp pap sent-username hamid password 7 051F031C325F5D1A0A160406
end




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=114t=114
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Dial out with a CISCO router

2001-04-09 Thread Hamid


Hi

Does anyone know how to set up a CISCO to dial out on an async line and use
that Interface as a Default Gateway?
_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

89 matches

Mail list logo