VOIP Class Recommendation [7:73480]

[Henry D.]

Does anyone have any recommendations for taking a class/training on the VOIP
stuff ?
I'm looking for something Cisco oriented, but if someone has something good
to
recommend on more general implementation options, and design for different
protocols like SIP/H.323/MGCP, etc, that would be good too. Basically I'm
looking
to get more familiar with the AS53xx series, the interconnections with PSTN,
gatekeeper, SIP proxies, added value services, etc. Not looking for CIPT
stuff,
but rather gateway type solutions.

Thanks so much !




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73480t=73480
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: netbios [7:71084]

[Henry D.]

Since your question already assumes these port ranges, it would
mean your question is really whether NetBIOS over TCP/IP can
be routed. And as such, it can, just like any other IP traffic.

koh jef  wrote in message
news:[EMAIL PROTECTED]
 hi guys,

 can netbios,using port 137, 138 and 139 be routed thru WAN ???




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71105t=71084
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Beta exams [7:70659]

[Henry D.]

To be honest, I don't like them :-(

I took few beta exams and never got to pass any of them. When I went for
the final version once available, I had no problems clearing any of them.
And I don't think the problem was with my preparations either. The few exams
I took were rather poorly structured, with many questions having multiple
right answers.
Literally, you could have a question and 4 answers, with 2 of the answers
being
exactly the same, how do they score that beats me.

So, my advice, if you get it for free, go ahead and test yourself but if you
have to pay
anything, save yourself the few bucks and time and prepare for the final
thing.


Rodrigo Baldez  wrote in message
news:[EMAIL PROTECTED]
 Just a curiosity..
 What are the most diferences between the normal cisco exams and the
 temporary beta ones? Besides the price, are they more difficult? More
 questions? I heard that you don4t receive a grade when you finishes any
 beta,  and so you can only know few weeks ahead is that true?

 Regars,
 rodrigo




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70682t=70659
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Help with Cisco 3745 configuration [7:69765]

[Henry D.]

hmm, let's not forget we're not routing just for the routing sake. There is
much
more then just setting up these few routers to make them talk to each other.
What will be routed data wise, what type of connectivity, applications,
topology, protocols, business requirements, etc, etc.
If you understand all that, and have some prior Cisco experience you might
be able to pull
it off without sepending too much time on the project. But if not, and your
skills
are lacking (whether router or design) then $5500 might be the way to go.
Unless
of course that fee doesn't cover the planning/investigaiton/design steps
then you might
be better off spending time on it yourself and re-learning/refreshing your
skills.

How much is your day's work actually worth ? :-) Add it all up and see
what's better for you
or your employer :-)



J B  wrote in message
news:[EMAIL PROTECTED]
 Hi, Everyone
 I just been awarded the responsibility of installing 4 3745 Cisco routers.
 The local phone company wanted $5500 dollars for the installation and my
 employer thinks is to much.  I was looking at the Cisco website for sample
 configurations but I couldn't find them.  I need to share the T1 channels
 link for voice and data.  I haven't done Cisco for like 2 years.  Can
 someone help me with some guidance to find some information in how to do
that.

 Thanks
 JBary




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=69791t=69765
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: A career in MPLS..... [7:66609]

[Henry D.]

Let me say up front, I don't have much experience in MPLS, I have
only played with it in the lab and not all that extensively either.
But CN is simply trying to get an idea of what to expect to go that road.
Is nrf saying not to advance in this field by studying Cisco's way of
emphasising MPLS ? You know, we all have our doubts, he's brave enough
to come to this group and ask questions. As far as L3VPN's, why not
concentrate
on that at least to start with. It's still one reason to do the MPLS thing.
By just
doing that he'll need to touch on many aspects of MPLS anyway. He will still
use either LDP or RSVP, he still will use the LSP establishment, he might as
well
learn the TE options available for establishment of those LSP's. He'll need
to learn
how to use the LSP's for pushing traffic over them. He'll learn what and how
the
labels get pushed/popped. Then why not study it that way. He's not advancing
his
MPLS skills, he might not have any yet. He's simply trying to see if he will
be able to utilize any of the skills he will have to learn to make it worth
it his while.

Well, maybe someone else with more experience in MPLS arena and someone more
objective can give a better insight as to whether there is a demand for
these skills.



nrf  wrote in message
news:[EMAIL PROTECTED]
 Cisco Nuts  wrote in message
 news:[EMAIL PROTECTED]
  Hello group, How does one feel about a career in MPLS...I mean doing
MPLS
  as part of your core job day in and out.Is it worth it? Since our
  network does not use MPLS (maybe never will) inspite of being one of the
  Big Four Tier 1 SP's

 Let me guess.  Do you work for Sprint?

 are there other SP's that use MPLS in their
  backbone??

 Yeah, there are some.

 I have just given myself a month or so break from my CCIE Lab
  Prep.(yeah!yeah! most would consider me stupid on this)  to study MPLS
  for the CCIP  and am thinking if I should pursue this subject just like
I
  did for BGP.know it inside out cold.and maybe consider a new
  career/job in MPLS (obviously along with BGP, MBGP, MCast etc...) Does
  anyone know of how MPLS is viewed out there?   I mean, in terms of
  implementation, popularity and last but not the least , $$$ ???
;-Which
  of the Big SP's or Enterprise networks have implemented MPLS? Has it
been
  worth the advantages that MPLS proposes??Thank you.Sincerely,CN

 The way I see it is this.  MPLS is potentially powerful technology for it
 can be used as a lingua-franca among a carrier's network and transport
layer
 and also as a way to impose circuit-switching discipline upon IP and
 therefore offer circuit-switching services with a pure IP network.

 But MPLS is by no means a slam-dunk.   Certain carriers, most notably
 Sprint, have elected not to go down the MPLS path because they believe the
 technology is immature (and they are correct) and also because they
believe
 that they can garner the benefits of MPLS by other means (also correct).
 The point is that while MPLS offers great potential, it also presents
 problems, so implementing it is not a no-brainer.

 And furthermore, I don't particularly like the way that Cisco is pushing
 MPLS, particularly in its cert program.  In my opinion, I think Cisco's
cert
 programs emphasize the least useful parts of MPLS while neglecting the
more
 useful parts.  For example, I don't understand why Cisco pushes LDP the
way
 it does, for LDP merely builds LSP's that correspond to the route table,
but
 what's so useful about having LDP's that look like the route table?  It is
 far more useful to build LSP's that differ from the route table, but the
 methods of doing that are not really covered very much (if at all) in the
 Cisco curricula.  Also, I don't understand why Cisco places such an
emphasis
 on L3VPN's, as if L3VPNs were the only important service that MPLS
enables.
 L3VPN's are only one of the new services that you can enable, and in my
 opinion, one of the less important ones.  Far more important are the L2VPN
 capabilities and the ability to unify IP, ATM, and optical into a single
 management plane.The point I'm making is that if you merely study MPLS
 according to the Cisco curricula, you really haven't learned much about it
 that's actually useful.

 
  
 
  Add photos to your messages with MSN 8. Get 2 months FREE*.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66628t=66609
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: A career in MPLS..... [7:66609]

[Henry D.]

I don't mean to start any type of argument here, especially with someone
who obviously has more experience than I do. Yes, you've been
contributing to this study group many times. But also many times
your contributions are rather rethorical than practical and at the same
time you seem to draw attention to what your opinion is rather than to
give an educated and objective view backed by any type of real life
examples. So yes, I'm saying that some times you don't quite stick
to the subject at hand. I don't see how your view on Cisco's curriculum
in re to MPLS can be taken seriously without you putting actual examples
of how you came to that conclusion. Even if the knowledge required for
achieving
Cisco's recognition in re to MPLS was not as advanced as one would hope,
shouldn't we look at positives of the whole process ? There are still things
to be learnt, and emphasising them rather than the weaknesses would be a
better idea. You won't become an expert just by passing the test or taking a
trainig
class, but at the same token, you can still learn a lot while achieving
those CCXX
goals.

Anyway, I'm sure there will be a good response coming, so let me be done
with this subject. I had an early start today and I'm tired now.

Good night !


nrf  wrote in message
news:[EMAIL PROTECTED]
 Henry D.  wrote in message
 news:[EMAIL PROTECTED]
  Let me say up front, I don't have much experience in MPLS, I have
  only played with it in the lab and not all that extensively either.
  But CN is simply trying to get an idea of what to expect to go that
road.

 I believe that was precisely what I answered.

  Is nrf saying not to advance in this field by studying Cisco's way of
  emphasising MPLS ?

 What I said is that if you want to advance in that field, you will need
 substantially more than what Cisco wants you to know about it.  Read my
post
 again.

 You know, we all have our doubts, he's brave enough
  to come to this group and ask questions. As far as L3VPN's, why not
  concentrate
  on that at least to start with.

 I never said not to learn L3VPN's.  Read my post again.  What I said is
that
 study of L3VPN's shouldn't be emphasized to the degree that Cisco seems to
 emphasize it.

  It's still one reason to do the MPLS thing.
  By just
  doing that he'll need to touch on many aspects of MPLS anyway. He will
 still
  use either LDP or RSVP, he still will use the LSP establishment, he
might
 as
  well
  learn the TE options available for establishment of those LSP's. He'll
 need
  to learn
  how to use the LSP's for pushing traffic over them. He'll learn what and
 how
  the
  labels get pushed/popped. Then why not study it that way. He's not
 advancing
  his
  MPLS skills, he might not have any yet. He's simply trying to see if he
 will
  be able to utilize any of the skills he will have to learn to make it
 worth
  it his while.

 No doubt all learning is good.  Again, read my post again.  I never said
 that he shouldn't learn it.  What I said is that he shouldn't necessarily
 learn it the Cisco way.

 
  Well, maybe someone else with more experience in MPLS arena and someone
 more
  objective can give a better insight as to whether there is a demand for
  these skills.

 Are you implying that I'm not objective - that I have some kind of agenda?

 
 
 
  nrf  wrote in message
  news:[EMAIL PROTECTED]
   Cisco Nuts  wrote in message
   news:[EMAIL PROTECTED]
Hello group, How does one feel about a career in MPLS...I mean doing
  MPLS
as part of your core job day in and out.Is it worth it? Since
our
network does not use MPLS (maybe never will) inspite of being one of
 the
Big Four Tier 1 SP's
  
   Let me guess.  Do you work for Sprint?
  
   are there other SP's that use MPLS in their
backbone??
  
   Yeah, there are some.
  
   I have just given myself a month or so break from my CCIE Lab
Prep.(yeah!yeah! most would consider me stupid on this)  to study
MPLS
for the CCIP  and am thinking if I should pursue this subject just
 like
  I
did for BGP.know it inside out cold.and maybe consider a new
career/job in MPLS (obviously along with BGP, MBGP, MCast etc...)
Does
anyone know of how MPLS is viewed out there?   I mean, in terms of
implementation, popularity and last but not the least , $$$ ???
  ;-Which
of the Big SP's or Enterprise networks have implemented MPLS? Has it
  been
worth the advantages that MPLS proposes??Thank you.Sincerely,CN
  
   The way I see it is this.  MPLS is potentially powerful technology for
 it
   can be used as a lingua-franca among a carrier's network and transport
  layer
   and also as a way to impose circuit-switching discipline upon IP and
   therefore offer circuit-switching services with a pure IP network.
  
   But MPLS is by no means a slam-dunk.   Certain carriers, most notably
   Sprint, have elected not to go down the MPLS path because they believe
 the
   technology is immature (and they are correct) and also

Re: This is even better - RIP / OSPF redistribution [7:66057]

[Henry D.]

hmm, don't know the whole story, but once you redistribute ospf into rip and
you mess up filtering on the interface, wouldn't that allow you to see the
redistributed routes on the router connecting to that interface ?
It's just another way to see whether what you implemented actually does
work...


The Long and Winding Road  wrote in
message news:[EMAIL PROTECTED]
 Again, a CCIE practice lab -

 R5 - the task calls for mutual redistribution of OSPF and RIP

 The next task says that no routes are to be advertised out the RIP
 interface - only in.

 So tell me, why are we even bothering with the OSPF into RIP
redistribution?

 I'm not sure I can fall asleep tonight, I'm laughing so hard.

 Goodnight.

 --
 TANSTAAFL
 there ain't no such thing as a free lunch




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66084t=66057
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Getting out of hand?? [7:65676]

[Henry D.]

Peter,

I have many times come to the similar conclusion in regards to Cisco's
ways of screwing up the whole certification recognition. It's no more
one of the ways to validate individual's knowledge of technologies and
Cisco products...However, as hard as I have worked to get the #
I don't think I can afford to simply not recertify. Sure, there may be no
reson right now as I'm still employed, but I might need it later on.
The cert is still one of the things people look at before deciding to invite
you for the interview, I don't necessarily say this is good, but that's what
it is
and at least for that one reason it makes it worth it to recertify for me.

Well, don't get too discouraged..


Peter van Oene  wrote in message
news:[EMAIL PROTECTED]
 At 07:31 PM 3/18/2003 +, Priscilla Oppenheimer wrote:
 Maccubbin, Duncan wrote:
  
   How is the industry supposed to keep up with this??
 
 What's the issue? Not sure I'm seeing your point. What's wrong with Cisco
 announcing that their product received some sort of certificaton?

 Exactly.. I think the poster mistook the possibly ambiguous announcement
as
 yet another CCXX cert.

 Now, if you were concerned that Cisco has too many ways for people to get
 certified and that the situation is getting out of hand, I might agree.

 I really am surprised at how many folks pour their heart/money into
getting
 one after another.   I'm also amazed at how many folks will try and devote
 a good portion of interview time to showing me their various certificates.
 After the first couple I pretty much grasp that you have enough short term
 memory to get through a multiple choice exam and we should really get back
 to talking about technologies.

 Cisco makes big bucks on these certifications.  The recert requirements
 create a beautiful residual revenue stream making this business unit very
 attractive internally to Cisco.  Since they doubled the cost of the CCIE
 recert, purely for profit, I have decided to let my certification lapse vs
 give in to this obvious cash grab.  Kudos to Cisco for making their VAR
 channels one of their more lucrative revenue sources.

 Priscilla
 
 
  
   Cisco also announced today highly prestigious certification
   support across
   the entire PIX Family of security appliances. Certifications
   earned include
   the Common Criteria Evaluation Assurance Level 4 (EAL4)
   certification, and
   both ICSA Labs firewall and IPSec certifications. These
   certifications
   provide customers with independent and objective validation
   that a company's
   product meets certain levels of quality and reliability, and
   are among the
   industry's most respected and stringent criteria for
   certification.
   Providing customers broad certification support across the
   Cisco PIX family
   within a common operating system increases operational
   efficiencies and
   lowers support and management costs.
  
  
   Duncan Maccubbin
   US Network Support, Cable and Wireless
   CCNA, CCNP, CSS1, MCSE4
   Work (703)287-6975
   [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65744t=65676
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: I see Cisco still hasn't fixed that bug [7:64813]

[Henry D.]

Chuck, you might want to read up on classful properties of
this command...here's a tip:

http://www.cisco.com/en/US/customer/tech/tk648/tk365/technologies_tech_note0
9186a0080094374.shtml#ipnetwork



The Long and Winding Road  wrote in
message news:[EMAIL PROTECTED]
 you know the one. you're working with subnets of a classful network. let's
 say 10.0.0.0. you enter the command ip default-network 10.1.1.0 and what
 shows up in the running config is ip route 10.0.0.0 255.0.0.0 10.1.1.0.

 Then try as you might, the command no ip route 10.0.0.0 255.0.0.0 10.1.1.0
 does not work. The error message states there is no matching route. Have
to
 reload before you can get the command to take.

 This one has been the bane of many a poor CCIE Lab candidate. Maybe that's
 why Cisco leaves it in there.

 --
 TANSTAAFL
 there ain't no such thing as a free lunch




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64869t=64813
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Best Book/DOCs on MPLS [7:64257]

[Henry D.]

I dunno about best but there are some titles published by Cisco Press
www.ciscopress.com , also www.juniper.net has some good papers.
Besides that, there are many web sites out there that cover the subject
and the nitty-griddy RFC's :-)

 wrote in message news:[EMAIL PROTECTED]
 Hi All,

 Dose anyone recommend a good book on MPLS or dose anyone know a good
 link.

 Thanks
 Tarry




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64303t=64257
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Who likes BGP? [7:64132]

[Henry D.]

I agree with the part that there are many human related problems
with BGP configs and policies implementations. But that's the case
with other protocols as well. In BGP's case it's probably showing more
of people's carelesness or misunderstanding of the working of the protocol
since as you mentioned there are rare instances of protocol implementations
besides the Internet. All the things you can implement facing the customer
are fine and dandy, you can protect yourself and the customer has to adhere
to certain policies as well. I think there is a problem with the scope of
some
networks, if you have to deal with filtering and such of hundreds or
thousands
of prefixes then you will see there is a good chance for mistakes. This is
probably even more a case with inter-provider peerings, where you are really
limited to what you can do as the work load on you would be quite
substantial.
Even if you did the proper work, there are cases for updates and revisiting
where
you can run into additional problems.

All in all, I don't think the problem is with the protocol,
it's the diveristy of the networks that need to be supported,
lack of consistent information and obviously the human factor.


Logan, Harold  wrote in message
news:[EMAIL PROTECTED]
 In my uneducated opinion, it seems to me like there are much larger
concerns
 out there than BGP security. I say uneducated because I haven't worked for
 an ISP, nor have I worked for any other organization that would run BGP.
My
 BGP experience consists of reading and lab work, that's it. I'm a Cisco
 Network Academy instructor, and the majority of my experience is from lab
 work and consulting. I'm teaching my first CCNP Routing class starting
next
 week, so any input from those in the know would be appreciated. Hell, I'll
 appreciate input from those not in the know, I'm not picky... just don't
 expect me to take it as gospel truth.

 When I tell a router to peer with another BGP speaker, I can put
 restrictions on it. I can tell it what AS paths I'll accept from that
peer,
 and what prefixes I'll accept from that peer. If I'm an ISP peering with a
 customer who has the class C network 210.5.5.0 assigned to them, do I not
 have a responsibility to configure my BGP router to ignore any BGP
 advertisements from that customer that are not advertising 210.5.5.0? I
know
 that no one is going to hold me to it, it's not like the IETF has a squad
of
 mercenaries who are going to kick the door in and check my configs, but
 doesn't that responsibility fall to both the customer and the ISP?

 Sorry if I'm off base here, but that's my basic understanding of how
things
 work; the customer has a responsibility to only advertise their networks,
 and the ISP has a responsibility to only accept advertisements for that
 customer's networks. Does the same relationship exist among ISPs, or do
 things get too complex to filter updates at that point?

 It seems like the security hole in BGP is the human that configures a
BGP
 router to accept any route it gets. Thoughts?

 Hal Logan CCAI, CCDP, CCNP: Voice
 Network Specialist / Adjunct Faculty
 Computing  Engineering Technology
 Manatee Community College


  -Original Message-
  From: Edwin R. Gonzalez [mailto:[EMAIL PROTECTED]
  Sent: Friday, February 28, 2003 11:39 PM
  To: [EMAIL PROTECTED]
  Subject: Who likes BGP? [7:64132]
 
 
  Hey,
 
  It's your friendly neighborhood CISCO MAN!
  Sorry, it's Friday night, I'm still at work with a coffee
  buzz that might last me until the morning.
 
  I came across this article that might be of interest to
  some people, check it out;
  http://news.com.com/2100-1009-990608.html?tag=fd_lede1_hed
 
 
 
  --
  _
  The harder you work, the luckier you get!
  _
  The only place success comes before
  work is in the dictionary!!!
  _




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64167t=64132
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Can you claim Cisco Tests as a tax exemption? [7:64042]

[Henry D.]

I suppose if you're able to itemize deductions there should be no problem,
I do it all the time, that also includes books, any travel expenses related
to
taking the exams or improving my professional skills, buying the equipment,
etc.
As long as you have a prove, such as credit crad statements you should be
good to go.

Mossburg, Geoff (MAN-Corporate)  wrote in
message news:[EMAIL PROTECTED]
 Does anyone know if it's legal to claim the price of a Cisco test and/or
 Cisco class as an exemption on your Federal taxes? From what I'm reading
in
 the IRS's Publication 529, Miscellaneous Deductions, it sure seems like
 it!
 Geoff Mossburg




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64102t=64042
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MBGP/MPLS VPN question [7:64036]

[Henry D.]

I don't think they should have a problem. The VRF should be created just for
you so there should be no conflict. I never used this service from any of my
providers so I cannot be certain. But as far as I'm concerned they shouldn't
even care what addressing you're using between the sites. They provide the
tunnel
and shouldn't care much for your addressing scheme unless you ask them too,
and as long as your contract is properly setup I think it would be no big
deal.


Lo Ching  wrote in message
news:[EMAIL PROTECTED]
 Dear All,

 We have some ip address that use internally,eg, 30.x or 40.x but it is not
 in private address range. Can I still use this range when connect to the
 IP-VPN provider that using MPLS technology? I know that MPLS can allow
 overlapping of customer address by using VRF and RD. I wonder any
technical
 conflict issue on Normal BGP in this case.

 Thanks in advance.

 rgds,
 Lo Ching




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64041t=64036
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Loopback Testing [7:63515]

[Henry D.]

Actually, Frame Relay switches don't forward the loop messages received on
local
port to the remote port. You can only loop between each end router and it's
local
Frame Relay switch. So, unless this is a cross-over simulation, you won't be
able to achieve end-to-end loop. So, you can do loopback tests between each
end router and it's Frame Switch. As long as those tests show fine - and
your
configuration is correct :-)  - and you still have issues it might simply be
the telco
problem. But most often than not, you gotta prove it to them by running
these tests.


Curious  wrote in message
news:[EMAIL PROTECTED]
 I want to do a loopback testing between my router and a remote router over
a
 Frame Circuit.
 Tell me what i need to configure
 Both routers are Cisco 2600 and running 12.0 IOS.

 thanks,


 --
 Curious

 MCSE, CCNP




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63526t=63515
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco CWDM Experiences [7:62841]

[Henry D.]

Actually, this CWDM seems to be Cisco specific and is incompatible with
DWDM,
looks like mostly because of the wavelengths used in this solution. Cisco
has a 2-slot
chassis that pretty much you populate with OADM or MUX cards. These cards in
turn
are crossconnected to switches by SMF and you use special CWDM GBIC's
for that. The GBIC's are what provides different lambda. These GBIC's seem
to be supported
on multiple platforms with proper IOS/CatOS ranging from 2900 to 6500
series.

Here's the link:

http://www.cisco.com/en/US/customer/netsol/ns110/ns112/ns113/ns197/networkin
g_solutions_package.html

Looks like mostly plug-n-play as long as proper attenuation is considered
and you get the correct modules/GBIC's mix in there.

Henry D.  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi everyone,

 I'm looking at some of the CWDM docs and this solution seems
 to be a really good (read easy) way to increase the bandwidth between
 sites with existing SMF. I don't have any DWDM experience, but looking
 at this solution it would seem you don't need to do much in order
 to achieve pretty substantial bandwidth increase.

 Does anyone have any experience with this technology ?
 Pretty much just looking to see how well this stuff really works
 in the field. It doesn't seem like you can do much to monitor/manage
 this solution which kind of makes me skeptical.

 Any inputs welcomed !




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62865t=62841
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco CWDM Experiences [7:62841]

[Henry D.]

Hi everyone,

I'm looking at some of the CWDM docs and this solution seems
to be a really good (read easy) way to increase the bandwidth between
sites with existing SMF. I don't have any DWDM experience, but looking
at this solution it would seem you don't need to do much in order
to achieve pretty substantial bandwidth increase.

Does anyone have any experience with this technology ?
Pretty much just looking to see how well this stuff really works
in the field. It doesn't seem like you can do much to monitor/manage
this solution which kind of makes me skeptical.

Any inputs welcomed !




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62841t=62841
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Enterprise Design Probelm / Study [7:61351]

[Henry D.]

Consider yourself lucky, that's a great thing you get to work on a project
of
that scale, especially if you get to be one of the major players in putting
the puzzle
together. I wish I could be part of it as well. Good luck !

The Long and Winding Road  wrote in
message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Have I got a good one!

 Just got through reading an RFP for a large organization. Over 30 sites,
 12,000 ports, and 2000 phones. Complete rebuild of the network LAN and WAN
 infrastructure. Add to that throwing out all their old PBX and key systems
 and building for VoIP and video, in addition to current data traffic. New
 switches, new routers, client asking for generous redundancy. L3 switching
 up the wazoo ( that's a technical term meaning lotsa money to spend )

 The thrill of the design is something else. Customer wants a centralized
 Call Manager, but also wants certainty in case of failure at any of the
 usual places.

 This oughta keep me out of trouble for a few weeks.

 TTFN

 Chuck

 --
 TANSTAAFL
 there ain't no such thing as a free lunch




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61401t=61351
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: catalyst 6513 conversion from cos to ios [7:60388]

[Henry D.]

I did this a little while back, all worked out pretty well during the
process.
As long as you follow the doc describing this on CCO you should be ok
(I know it's not all that clear but read it few times and you'll get it).

I think the problem with this upgrade could be rather poor documentation.
You have to make sure you get the right images for your particular
platform, making sure you apply proper images in regards to your
SUP1/SUP2 and MSFC1/MSFC2 and any other requirements, like the
boot image requirement of 12.0.7XE (I think, don't remember now) on MSFC.

The setup I used it with had rather simple L2/L3 implementation so I had no
major issues
with config convertion but I could see that as a problem if your setup is
more
convulted (if possible, testing it in your lab should be required).
Besides, maybe anyone here knows of any such tool to convert a
config from CatOS to IOS for 6000 series ???

Good luck !

Thomas  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Has anyone ever converted a catalyst 6513 from COS to IOS.  If so did
anyone
 encounter any problems.  Any issues I should be aware of.  Thanks in
 advance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=60391t=60388
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Off Topic but interesting - RS networking future? [7:59261]

[Henry D.]

Since we're just throwing out our thoughts here...

I tend to disagree, following your logic, if the IP network
becomes such a commodity, I think this would just create more
jobs for people like us, I mean R/S guys. You seem to think that once the IP
network
is used for the services such as Voice, the Voice people
will have taken the jobs. This may be so to some degree. But from the
last few years of my experience, I doubt there will be a data network
acting as reliably as PSTN any time soon - as you mention about
broadband. For this reason, I think R/S folks with few extra skills
will still be in demand for the telcos, someone has to keep on making
this thing work, fixing, upgrading, estimating, reporting, understanding
data networks, etc.

I agree that VOIP on the Net will not change how the telcos work.
It's one thing to have a customer use the Internet for placing calls,
the customer's expectations are already set low, knowing the Quality will
not be as great. But when you pick up the receiver at home, you expect
current quality, no delays, no noise, no whatever. Internet is simply too
unpredictable for Carrier class Voice.



nrf  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 The Long and Winding Road  wrote in
 message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  right up NRF's alley. Certainly for those considering their futures,
  something worth considering as part of the mix.
 
  http://cookreport.com/11.10.shtml
 
  Can't afford the un-snipped version right now, but since I work for a
 telco,
  and I recognize the issues described, and have read all the top
corporate
  executive e-mails that are doled out to us worker bees, I enjoyed the
  counter arguments presented here.

 There are two parts to this report that I think bear mentioning.  One is
the
 future of VoIP.  The other is the value (or lack thereof) of present
 broadband rollouts.

 VoIP is certainly transforming the way that the PSTN will operate, if
slowly
 (very very slowly).  Note, I didn't say voice over the Internet, but
rather
 voice over IP.  I believe, for numerous reasons, telcos will choose not to
 merge their phone services to the Internet, but will rather build out an
IP
 network through which they will deliver services.  Stick a telephony
feature
 server on top of a functioning IP network (again, not the Internet, but a
 private IP network), and you now have a phone system.

 But that further speaks to the commoditization of IP skills in general and
 R/S skills specifically.  IP networks will simply become a utility, like
 electric power.  How many electric power engineers does a typical company
 have?  Unless you're the electric company, probably zero - electricity is
 just something that reliably comes out of the wall socket and you use it
to
 plug in your refrigerator.  The value-add (ergo the jobs) will go to the
 people who understand the services that can be layered on top.  That's not
 to say that there will be no jobs for people who know R/S (and only R/S),
 only that there will be less of them and they will be less pay for them.
I
 do not see a bright future for R/S skills as the IP network becomes more
and
 more commoditized.

 About broadband - it is absolutely true that the telcos have basically
 provided something that consumers do not want.  Yet I disagree with the
idea
 that the telcos simply need to provide a more symmetric offering to entice
 consumers.  In my experience, consumers do not want broadband regardless
of
 whether it is assymetric or symmetric or whatever.  The 2 problems with
 broadband?  Price and reliability.  Let's face it, dial is reliable,
whereas
 broadband can and does goes down for weeks at a time (happened to me a
bunch
 of times).  Furthermore, the Hart/Winston study showed that most people
 think that $40-50 a month is too much money to pay.  No wonder that
despite
 the fact that broadband is now available at over 80% of households,  the
 take rate for broadband is less than 15% where it is available.

 Here is the Hart/Winston study.  Yes, it's a year old, but not a whole lot
 has changed in a year.  The most damning quote:  Forty-eight percent have
 no interest regardless of price and another 21 percent are willing to pay
at
 most $20 per month...

 http://www.comptel.org/press/nov29_2001_voices.html

 The biggest problem with broadband?  Simple.  There is no mass-market app
 that actually requires broadband.  Most people are perfectly happy with
 dial.  After all, what do they do on the Internet - surf a few pages, send
a
 few emails, do some instant messaging - all low-impact apps.  Most regular
 people (who are mostly nontechnical) simply don't see why they should pay
 more and put up with a less reliable technology in order to do the things
 they do a little faster.  And again, it's not because they don't know what
 it means to have a fast connection.  A lot of these people work in offices
 that have good connections, and yet they still don't want it for

Re: Last Minute Thought - OSPF authentication issue? [7:58352]

[Henry D.]

It would seem you wanted to use md5 authentication but you used
plain text authentication keys. In this situation - when there are no md5
authentication keys specified - I think the routers will use null key,
meaning
no authentication will take place...


The Long and Winding Road  wrote in
message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 check this out.

 R10
 --
 Neighbor ID Pri   State   Dead Time   Address
Interface
 222.222.222.7 1   FULL/DR 00:01:58149.22.4.7  Serial0
 222.222.222.111   FULL/DR 00:00:38149.22.252.2
Ethernet0
 Router_10#

 interface Serial0
  ip address 149.22.4.10 255.255.255.0
  encapsulation frame-relay
  no ip route-cache
  ip ospf authentication message-digest
  ip ospf authentication-key 7 qwertyzzyzx

 R7
 -
 Neighbor ID Pri   State   Dead Time   Address
Interface
 222.222.222.101   FULL/BDR00:01:57149.22.4.10 Serial1
 Router_7#

 interface Serial1
  ip address 149.22.4.7 255.255.255.0
  encapsulation frame-relay
  no ip route-cache
  ip ospf authentication message-digest
  ip ospf authentication-key 7 cisco

 By my reckoning, the adjacency should NOT form because of the mismatched
 passwords. Both routers have the area 0 authentication message-digest
 command under the ospf process.

 This is exactly what I don't want to know at this point in my life :-)

 --
 TANSTAAFL
 there ain't no such thing as a free lunch




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58353t=58352
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: time needs to be spent on CCIE study [7:55803]

[Henry D.]

It all depends on many factors. Your learning capabilities, work experience,
access to equipment, personal life, etc. You should test yourself and be
honest
with yourself in your studies. There are materials available on the net in
regards
to different lab scenarios, some are free and some will cost you money - and
you need to
spend money. Once you do them and you feel confident with all the
technologies as well as
the methodology used in figuring out not only technical stuff but also the
way the questions
are being asked , you'll know you're ready.

As you're looking for some more specific time frames, to give you an idea I
myself
went from very light networking/cisco skills to CCNP/CCDP within 7 months of
study.
Then another 2 months to CCIE written test. To pass the lab it took more
than one try,
over 1 year after the written I became CCIE certified. Also, during all this
time I was working
with Cisco gear in networking field.

Some people do it quicker some take longer, I think my time frame would be
about average
you'd need, but it's just one man's opinion.

Paul So  wrote in message
news:200210171322.NAA10361;groupstudy.com...
 Hi all,

 Would like some experience sharing from those who passed their written or
 lab exam.

 How long did you prepare before the written exam and how much long before
 your first lab attempt?
 How many hours did you study every day and during the weekend?
 How did you plan your study strategies?

 I gained my CCNP a year ago and am considering to take on this hardwork
 towards CCIE. It seems to be difficult to start all over again after a
year
 break. I have read the blueprint and have a list of recommended books and
 reference, also a list of equipment which should have as home lab. All I
 need to do now  is to create a good study strategy and time allocation
plan.

 I would appreciate any experience you ever had during your studying, they
 would be absolutely valuable for me.

 Thanks in advance

 Paul




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=55818t=55803
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: traceroute blocked port [7:53657]

[Henry D.]

Well if that's the case then you'll have a hard time finding where it's
blocked.
Ususally, transit providers don't do this, so it should be the ISP/Provider
on either
end of the connection. However, there are some transit providers, especially
in countries where VOIP is prohibited or highly regulated (Middle East for
example)
that don't allow this type of traffic. Looks like you have more work to do
on your hands...:-(

Osama Kamal  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I am having a problem with a blocked port somewhere on the internet down
to
 my router, my ISP is denying any blocking from their side, is there is any
 way to know where exactly the port is blocked?

 Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53722t=53657
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: traceroute blocked port [7:53657]

[Henry D.]

I guess you'd need to have someone from outside claiming that the traceroute
is blocked
to actually send you the output of the trace, it should show there :-)

On the other hand, you might want to try it yourself from other networks.
Go to www.traceroute.org, pick a route server/looking glass and try from
there.

Osama Kamal  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I am having a problem with a blocked port somewhere on the internet down
to
 my router, my ISP is denying any blocking from their side, is there is any
 way to know where exactly the port is blocked?

 Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53659t=53657
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX Failover [7:51491]

[Henry D.]

Whenever you type a command on the active unit it's being replicated to the
standby
unit. So yes, it will automatically update standby unit but it's not written
to memory
unless you write to memory on the active first.

Steven A. Ridder  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Speaking of stateful PIX's, if I make a change on 1 PIX, and it has
failover
 on, will it automatically make a change on the other PIX?


 Gaz  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  In article , [EMAIL PROTECTED]
  says...
   Hi,
  
   In a Stataful configuration, and two PIX are interconnected via a
   dedicated Failover Fastethernet, in case of the Active unit's Internal
   interface fails, is there any method to shift traffic to the Standby
   unit's Internal interface to maintain connectivity, thanks.
  
   Leo
   Best Regards.
  Not sure what you mean there. That's what failover does unless I'm
  misunderstanding your question.
 
  You configure the main IP address for the interface and you configure a
  failover address. If the Pix's decide that the active one has a problem
  (power,interface down etc) the secondary pix takes over the main IP
  address.
  If the primary is still contactable it will have the failover IP address
  on its inside interface.
 
  That's why it's safe to telnet to the main IP address and you know that
  you're on the active Pix, but by console you need to do a show fail to
  make sure the device you're on is primary active or secondary active
  before you make changes.
 
  Regards,
 
  Gaz




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51521t=51491
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CSPFA Beta Exams [7:50984]

[Henry D.]

I just came back from taking the first out of 3, MCNS beta.
I have no comparison to the 2.0 version, never really was
planning to take these tests but since they're free then why not...

Anyway, I studied for the test using the MCNS 2.0 Ciscopress book
for the last 4 evenings. I can say there is not all that much different on
this
new exam than what you get from the old book. Just follow the blueprint,
I think it really represents the scope of what you need to know for the
test.

And finally, I think with a little bit of luck I passed this test. Out of 97
questions,
there were maybe 5 that didn't make any sense. There were few that I just
didn't know
answers to, but overall the exam wasn't bad at all.

Worth noting again is that there was no options for comments at all.

Good luck everyone.



Roberts, Larry  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Just curious if anyone else has taken this exam yet?
 Wanted to see if your opinion of it is the same as mine! This being the
 first beta I have taken for Cisco, I can only hope the other 2 are better!


 Thanks

 Larry




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51056t=50984
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Recertification [7:50372]

[Henry D.]

Just the written, thank God !

:-)

Reza  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hello Group,
 I know that CCIE,s have to recertify every 2 years. For recertification do
 you have to take the Lab or the Written?

 Thanks
 Reza




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=50374t=50372
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Serial Interface Bandwidth [7:50381]

[Henry D.]

That would work if you have integrated CSU, the timeslots would be there.
If you connect say with V.35 to an external CSU/DSU then you won't get the
timeslot information. The only way to figure out the bandwidth then would be
to stress-test the circuit and see how far you can get the bandwidth
utilization
on this interface.

Turpin, Mark  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 A show interface serial 'x'
 where x = the serial interface's number will tell you
 a couple things that are important.

 1) the 5 minute load average for input/output
 2) the timeslots used

 You can use the timeslots to determine the bandwidth
 that is technically available, and the load average
 to get an idea of what is currently being used.

 hth,
 -mark

 -Original Message-
 From: Curious [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, August 01, 2002 9:43 AM
 To: [EMAIL PROTECTED]
 Subject: Serial Interface Bandwidth [7:50381]


 I want to know the current bandwidth of my serial Interface of Router.
Lets
 say i have a fractional T1, how would i know what bandwidth i have for my
 serial interface.

 thanks,
  The information transmitted is intended only for the person or entity to
 which it is addressed and may contain confidential and/or privileged
 material. Any review, retransmission, dissemination or other use of, or
 taking of any action in reliance upon, this information by persons or
 entities other than the intended recipient is prohibited. If you received
 this in error, please contact the sender and delete the material from all
 computers.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=50400t=50381
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Experiences? My Road Ahead... [7:50139]

[Henry D.]

Robert,

In 1999 when I started looking into CCNA cert I didn't know much about
switching, routing or Cisco equipment all together. I decided to go thru
CCNP/CCDP
tracks, as my experience was very limited. By late 2001 and after few tries
at the lab
I got my number. It doesn't require all those years of experience. Having
few
years of working with the gear and some protocols already,
should really help you out. With some dedication and support you can achieve
CCIE status within a year or so if you got what it takes :-)

And as others have mentioned, this is just a beginning..

Robert D. Cluett  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 All (CCIE's and CCIE Written)

 I was wondering if you could help me understand what it is I am in for.  I
 have 3 years of experience at tier 3 IP support with Verizon.  OSPF
mostly.
 I have experience with various Cisco and Nortel routers and switches.  My
 question is this, knowing OSPF and circuit troublshooting is excellent
 knowledge, but I know that is only a fraction of what the CCIE demands.  I
 recently passed the CCNA, and have jumped into the studying for the
routing
 exam.  The only thing which seems tough is the BGP (I have not touched it
 before).  So, my question is, what can I expect from this road ahead.  Is
it
 feasable to eventually obtain my CCIE or is the CCIE for those people who
 have the 10 years of experience working for an ISP?  Any advice would
help!

 Rob Cluett, CCNA




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=50159t=50139
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Can't Disable Spanning Tree on 2980G [7:50009]

[Henry D.]

John,

It might be just a display issue on the switch, I just checked couple of my
6500's and for the VLAN's that have the STP disabled with active ports
I see the same results. I think when you plug in a laptop to any available
port
on the same VLAN you'll see that it doesn't go thru STP phases and
automatically
goes into forwarding...

John Neiberger  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I have an interesting problem that I'm not able to resolve.  On a
 particular 2980G I need to completely disable spanning tree.  After
 issuing the command 'set spantree disable all' I would expect not to see
 any ports participating in STP.  However, look at this:

 SCORP0201-A (enable) show spantree
 VLAN 1
 Spanning tree disabled

 Bridge ID MAC ADDR  00-08-e2-b3-8c-00
 Bridge ID Priority  32768
 Bridge Max Age 20 sec   Hello Time 2  sec   Forward Delay 15 sec

 Port Vlan Port-StateCost  Prio Portfast
 Channel_id
   - -  
 --
  3/1 1not-connected   100   32 disabled 0

  3/2 1not-connected   100   32 disabled 0

  3/3 1forwarding  100   32 disabled 0

  3/4 1forwarding  100   32 disabled 0

  3/5 1not-connected   100   32 disabled 0

  3/6 1not-connected   100   32 disabled 0

  3/7 1not-connected   100   32 disabled 0

  3/8 1not-connected   100   32 disabled 0

  3/9 1forwarding  100   32 disabled 0

  3/101forwarding  100   32 disabled 0

  3/111not-connected   100   32 disabled 0

  3/121not-connected   100   32 disabled 0

  3/131not-connected   100   32 disabled 0

  3/141not-connected   100   32 disabled 0

 --More--

 Initially it says that STP on VLAN1 is disabled, but then goes on to
 show several ports in VLAN 1 that are still running spanning tree.  STP
 was successfully disabled on the other VLANs but I just can't get this
 to go away and we really need to get this done thanks to another
 annoying issue that no one has resolved yet.

 We have certain Dell machines that will BSOD if the network isn't
 immediately available.  STP portfast isn't fast enough so I've been
 disabling STP altogether.

 Any thoughts on this?  Am I missing something very obvious?  I've
 checked CCO and there appears to be no STP-related bugs on the 2948.
 Unfortunately, they don't have separate info for the 2980G.

 Thanks,
 John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=50025t=50009
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Source quench from network element. [7:49990]

[Henry D.]

Priscilla,

Isn't there statement in the RFC's that Source Quench message should be sent
if the host is overwhelmed with data ? Is that really being used in the real
world
applications ?

On the other note, I have seen HP-UX machines keep on responding with these
messages
to ICMP Echo requests, solution was to apply certain patch.

Priscilla Oppenheimer  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 LIM Chin Chye wrote:
 
  How can I eliminate a source quench generate by a network
  element? This
  element is directly connected to the Cisco 7200 series router,
  but it
  replies a error, Source Quench received. when ICMP attempt.

 The network element replies with Source Quench Received? That doesn't make
 sense unless you SENT it a Source Quench. You're probably seeing the
result
 of what it sent which was a Source Quench, not Source Quench Received.

  Appreciate for
  advices, thanks!
 
 

 What is the network element??

 There's probably no easy way to get it to stop sending a Source Quench
other
 than to stop bugging it with your ICMP messages. It's probably built into
 the operating system on the network element to send source quench when
 too many messages of a certain type are received. Mac OS used to do this.
I
 don't know what other OSs do it, but if you tell us the OS maybe there's a
 registry change or something.

 Per RFC 1821, routers should not send source quench, but end hosts still
can
 per RFC 1122. It's not anything to worry about. You should probably just
 ignore it.

 Priscilla




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=50062t=49990
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Here we go again ( Pix 515) [7:49492]

[Henry D.]

sorry, just couldn't resist - hahaha

besides, if you're capable of doing all these multiple things with and on
the networks,
you're not just an NT guy even though your work title might say that :-)

Kevin O'Gilvie  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hey,

 No flames aginst NT admins.
 In these tuff times Network Admins need to know all
 FW's, Servers, PC's, Mac's, Switches, Routers, even Cabling..
 In order to survive.
 Like myself!!


 From: Juan Blanco
 Reply-To: [EMAIL PROTECTED]
 To: 'Kevin O'Gilvie' , [EMAIL PROTECTED]
 Subject: RE: Here we go again ( Pix 515) [7:49492]
 Date: Thu, 25 Jul 2002 11:14:08 -0400
 
 Team,
 The way I see it, dhcp on the firewall is only for small number of users,
 when it comes to mid-size-up network you don't want to use a firewall for
a
 DHCPCan you see an NT administrator making changes in your firewall
 because he/she is having problems with DHCP(This network will be
 available to hackers in the Theater near You)
 
 My two cents.
 
 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 Kevin O'Gilvie
 Sent: Thursday, July 25, 2002 10:27 AM
 To: [EMAIL PROTECTED]
 Subject: Re: Here we go again ( Pix 515) [7:49492]
 
 
 I wouldnt put dhcp on the firewall for 300 users.
 But for 10 or 15 I would.
 
 Thanks,
 
 -Kevin
 
 
  From: Gaz
  Reply-To: Gaz
  To: [EMAIL PROTECTED]
  Subject: Re: Here we go again ( Pix 515) [7:49492]
  Date: Wed, 24 Jul 2002 22:37:12 GMT
  
  What's everybody's view on using the Pix as a DHCP server?
  
  I used it once, only because after arriving on site to install the Pix
 the
  customer mentioned that his old Firewall was doing DHCP and he had no
 plans
  to do it on anything else.
  Seemed to go fine, but would like to know if people have come across
  limitations/issues.
  
  I tend to agree with the view Right box for the job, i.e. don't make
 the
  Pix do things it's not made for, but if pushed into the situation, how
 does
  it compare.
  
  Cheers,
  
  Gaz
  
  Kevin O'Gilvie  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hi Kelly,
   
You are absolutely right, and I love your strategy.
That is the way I did it 2 years ago, but the only thing now is
 finding
  a
vpn solution for the Macs. I used Pix for the PC's last time round
but
  never
had to do this for the Mac's. Any ideas?
   
   
From: Kelly Cobean
Reply-To: Kelly Cobean
To: [EMAIL PROTECTED]
Subject: RE: Here we go again ( Pix 515) [7:49492]
Date: Wed, 24 Jul 2002 02:18:38 GMT

Man, you aren't asking much, are you? ;-)

Ok, here's the order I'd do things in...

First things first, get that firewall in place.  You don't list
what
  their
internet connectivity is, but if they bought a PIX, it's safe to
 assume
that
they have a persistent connection, and that being true, they're
 really
hanging it out there for someone to cut off, so to speak.  Network
  security
is always a primary concern, and the firewall won't take alot of
time
  to
set
up.  Not setting it up could be very costly.  If they already have
a
light(er)-weight firewall like a Linux host running IP chains or IP
  tables,
replacing this first will save your users down-time later because
you
  can
pre-configure your internet rulebase/access in preparation for your
  private
addressing.

Next, I'd do the DHCP and Private Addressing.  These go hand in
hand,
  and
since your firewall is now in place, you can do the NAT/PAT
  translations
  as
needed and not have to rethink these later.

Third, get Exchange up and running.  If it's going on a different
  system
than Quick mail is running on, great!  Now you can get them running
 in
parallel, and move users accounts over one at a time or in batches.
  There
are probably tools out there to do the mailbox format conversion.
 Now
  that
your network is secure at layer3/4, you can focus on the
nitty-gritty
  of
the
user data. (Oh yeah, don't forget that backup!!!)

It's a 10,000 foot view, but that's how I'd do it.  I'm not really
a
  MAC
guy, but I'd venture a guess that most or all of your MAC's run
 TCP/IP
  and
support DHCP, so from an L3/4 standpoint, they're really no
different
  than
your PC's.

When doing multiple projects like this, I tend to work along the
OSI
  model.
If the wiring is horrible, or the NIC's are all old 10Base2 nics
and
  have
transceivers to hook them to your BaseT network, take care of the
 layer
  1
stuff first.  Next, if the network is all unmanaged hubs, and your
  network
is one gigantic broadcast domain, start installing switches to
quiet
  down
the network.  Next, get VLANs/routing/security in place for
Layer3/4.
Next,
work on the upper layers where all of your apps and data live and
  talk.
Just my $0.02 worth.

HTH,

Re: Here we go again ( Pix 515) [7:49492]

[Henry D.]

I haven't used DHCP server on the PIX, reading the documentation
it seems you gotta be careful with how many Active Hosts you'll have.
Looks like some low end PIX's do only 32 Active Hosts. On the other
hand, I suppose the only reason for having PIX do DHCP would be
for small offices, where some of these number limitations should be no
problem.
There are obviously other drawbacks besides any scalability, I wouldn't want
my LAN Windows Administrator touch the PIX just because he needs to
check/clear the DHCP assignments :-(



Gaz  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 What's everybody's view on using the Pix as a DHCP server?

 I used it once, only because after arriving on site to install the Pix the
 customer mentioned that his old Firewall was doing DHCP and he had no
plans
 to do it on anything else.
 Seemed to go fine, but would like to know if people have come across
 limitations/issues.

 I tend to agree with the view Right box for the job, i.e. don't make the
 Pix do things it's not made for, but if pushed into the situation, how
does
 it compare.

 Cheers,

 Gaz

 Kevin O'Gilvie  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Hi Kelly,
 
  You are absolutely right, and I love your strategy.
  That is the way I did it 2 years ago, but the only thing now is finding
a
  vpn solution for the Macs. I used Pix for the PC's last time round but
 never
  had to do this for the Mac's. Any ideas?
 
 
  From: Kelly Cobean
  Reply-To: Kelly Cobean
  To: [EMAIL PROTECTED]
  Subject: RE: Here we go again ( Pix 515) [7:49492]
  Date: Wed, 24 Jul 2002 02:18:38 GMT
  
  Man, you aren't asking much, are you? ;-)
  
  Ok, here's the order I'd do things in...
  
  First things first, get that firewall in place.  You don't list what
 their
  internet connectivity is, but if they bought a PIX, it's safe to assume
  that
  they have a persistent connection, and that being true, they're really
  hanging it out there for someone to cut off, so to speak.  Network
 security
  is always a primary concern, and the firewall won't take alot of time
to
  set
  up.  Not setting it up could be very costly.  If they already have a
  light(er)-weight firewall like a Linux host running IP chains or IP
 tables,
  replacing this first will save your users down-time later because you
can
  pre-configure your internet rulebase/access in preparation for your
 private
  addressing.
  
  Next, I'd do the DHCP and Private Addressing.  These go hand in hand,
and
  since your firewall is now in place, you can do the NAT/PAT
translations
 as
  needed and not have to rethink these later.
  
  Third, get Exchange up and running.  If it's going on a different
system
  than Quick mail is running on, great!  Now you can get them running in
  parallel, and move users accounts over one at a time or in batches.
 There
  are probably tools out there to do the mailbox format conversion.  Now
 that
  your network is secure at layer3/4, you can focus on the nitty-gritty
of
  the
  user data. (Oh yeah, don't forget that backup!!!)
  
  It's a 10,000 foot view, but that's how I'd do it.  I'm not really a
MAC
  guy, but I'd venture a guess that most or all of your MAC's run TCP/IP
 and
  support DHCP, so from an L3/4 standpoint, they're really no different
 than
  your PC's.
  
  When doing multiple projects like this, I tend to work along the OSI
 model.
  If the wiring is horrible, or the NIC's are all old 10Base2 nics and
have
  transceivers to hook them to your BaseT network, take care of the layer
1
  stuff first.  Next, if the network is all unmanaged hubs, and your
 network
  is one gigantic broadcast domain, start installing switches to quiet
down
  the network.  Next, get VLANs/routing/security in place for Layer3/4.
  Next,
  work on the upper layers where all of your apps and data live and
talk.
  Just my $0.02 worth.
  
  HTH,
  Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I
  Network Engineer
  ATT Government Solutions, Inc.
  
  -Original Message-
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
  Kevin O'Gilvie
  Sent: Tuesday, July 23, 2002 9:07 PM
  To: [EMAIL PROTECTED]
  Subject: Here we go again ( Pix 515) [7:49492]
  
  
  Dear All,
  
  I am jumping into a similar mess as when I started at my current
company,
  but this time the Macs out number the PC's. Well here is the scoop:
  180 Macs
  50 PC's
  Static Ip's
  No DHCP
  No FW
  Quick Mail Server
  and a whole bunch of other nasty things..
  - They just purchases a Pix 515
  - They just bought Exchange 5.5
  
  My projects are:
  Set up DHCP
  Set up Pix
  Set up Private Addressing
  Set up Exchange
  Migrate them from Quick Mail
  etc etc
  I have done this before but maybe you guys can help as to how I should
go
  about this the quickest.
  
  Thanks,
  
  Kevin
  
  
  _
  Send and receive Hotmail on your mobile device: http://mobile.msn.com
  

Re: Catalyst Switches and CDP [7:48603]

[Henry D.]

This appears to be a code version issue. I have the same symptoms
on the 6509 running 5.5(3)CatOS while another 6509 running
6.3(5) CatOS is showing the neighors by their system names/hostnames.
Even though they're not running IOS I think it still relates.
It appears to be just a display/cosmetic issue. Or maybe they're trying
to force you to go for detail option and all the other good info :-)

John Neiberger  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 When displaying cdp neighbors on a switch -- specifically, our new 6513
 -- instead of a helpful device name I get a completely worthless device
 ID.  In some cases the hostname of the device is appended to this ID but
 I'd really like to get rid of it entirely and I haven't figured out how
 to do this by checking CCO.

 Is there a way to get the remote device's hostname to show up without
 the meaningless device ID?

 Thanks,
 John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=48631t=48603
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ATM IMA interface problems [7:47849]

[Henry D.]

This is going to be of no help to you but when we used these
cards to bundle multiple T1's we had nothing good
to say about the way it worked. There were multiple issues, i.e
looping one T1 would cause the whole bundle to go down. Clearing
groups like removing one T1 from the bundle was causing problems
as well. After a while we simply trashed the whole thing and went with
the actual telco solution from a vendor specializing in this type of setup.
I was hoping the issue was the premature realease of the code supporting the
feature
but hearing it now from you just proves that Cisco doesn't really cut it
when it comes
to the telco equipment or equivalent :(

 wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hello all, I'm having a problem with my IMA interface on a 7206 running
 12.2(5) (c7200-ds-mz.122-5.bin).  When I switched from UBR to VBR-NRT the
 pvc I was working on disappeared from the running config and no data will
 pass through that circuit.  I tried to add the pvc back into the config
but
 all I get is this in the log:

 %ATM-3-FAILCREATEVC: ATM failed to create VC(VCD=39, VPI=1, VCI=140) on
 Interface ATM4/ima0, (Cause of the failure: vpi/vci pair already in use)

 I tried removing the interface and adding it back in with the same
results.
 I've done a 'clear interface' on many frame relay links before with no ill
 effects but I'm hesistant to do the same thing here since, at times, the
IMA
 interface is another beast altogether from your standard interface.  The
 only other option I'm aware of is to reboot the router which is very
 difficult because it's right at the core.

 Has anyone tried the 'clear interface atm4/ima0' command without causing
 problems or is there another way to clear the vpi/vci config from memory
so
 it will accept the pvc correctly again without rebooting?

 Thanks!!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47881t=47849
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP NLRI [7:47337]

[Henry D.]

Think of it as a route with additional info. BGP uses such things as AS
number,
MED value, communities, etc. NLRI consists of the prefix plus that extra
info.

rick  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I am having some trouble understanding NLRI as opposed to
 straight network routing updates.
 Anyone got a pointer to information that might clear up NLRI
 some?

 Thanks

 --
 --Rick




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47368t=47337
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Question about the 350 series AP [7:45971]

[Henry D.]

Mine included everything.

Roberts, Larry  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 OK,

 Can someone confirm/deny that the 350 will only accept in-line power?
 Does it come with the in-line power injector, or is this a separate item?
 I have read everything I can and all points say it only has in-line power,
 but none say whether this is included ( I can't image it wouldn't be )


 Thanks

 Larry




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46040t=45971
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX + VPN Router or Just VPN Router? [7:45315]

[Henry D.]

What you are describing doesn't really make sense. You say
you have connections back to the core site from all remotes.
If that was the case there would be no reason for the pix at remote
sites or an obvious reason for vpn tunnels between remotes and the core
site.
In that case, you could just put the core pix in front of the core site and
the remotes,
terminate the remotes before the core pix, and no need for all the other
mess.

But I have a feeling there is more involved than we know at the
moment.:(


Jeffrey Reed  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I am curious about recommendations on remote office connections when VPNs
 are involved. Today, in two separate occasions I ran into designs that
 showed remote sites with a small 1720 router and a PIX 506. The 506
 terminated one end of a tunnel back to the core PIX and the 1720
facilitated
 the frame connection. All traffic will be going back to the core, then if
 needed, to the Internet through the central sites main connection.

 Why cant you just use the 1720s ability to terminate a tunnel and drop
all
 non-encrypted traffic and eliminate the need for the PIX? This would
reduce
 the costs of both the initial purchase as well as ongoing support. What
are
 the downsides to a design without a PIX at the remote site?

 Thanks!!

 Jeff




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45316t=45315
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP's neighbor advertisement-interval command [7:44521]

[Henry D.]

You're correct, however if there are route changes happening constantly
you don't want the router to keep sending updates as it might exhaust the
peers.
The interval is used so there is a limit of how often the updates are sent
regardless
of how often the routes actually change.

cebuano  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi ,all.
 Can someone give a better explanation about this BGP command
 neighbor advertisement-interval? I know you can change the default
 values of 30 sec for external and 5 sec for internal peers.
 But I always thought that BGP sends routing updates ONLY when
 something about the route changes, either an UPDATE or WITHDRAWN
 message. Any explanation better than CCO or Parkhurst's is greatly
 appreciated.

 Elmer




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44531t=44521
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP's neighbor advertisement-interval command [7:44521]

[Henry D.]

I'm not certain on this one but assuming the same logic I'd say
that the advertisement for the prefix with the metric of next-hop changing
would
take place once, it would trigger a 10 minute countdown, and if there is
another
change in the metric within the countdown it would send new advertisement
with the new metric at the
end of the 10 minute interval.

From BGP Command reference:
This command will cause BGP to advertise a MED that corresponds to the IGP
metric associated with the next hop of the route. This command applies to
generated, IBGP-, and EBGP-derived routes.If this command is used, multiple
BGP speakers in a common autonomous system (AS) can advertise different MEDs
for a particular prefix. Also, note that if the IGP metric changes, BGP will
readvertise the route every 10 minutes.


cebuano  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Henry,
 Thanks for the verification. Although I'd like to add another command
 to the picture --- set metric-type internal.
 The documentation says if the IGP metric changes, BGP will readvertise
 the route every 10 minutes.
 There is no mention how long BGP will readvertise the affected
 routes. Any ideas?

 Thanks.
 Elmer
 - Original Message -
 From: Henry D.
 To:
 Sent: Monday, May 20, 2002 12:04 PM
 Subject: Re: BGP's neighbor advertisement-interval command [7:44521]


  You're correct, however if there are route changes happening constantly
  you don't want the router to keep sending updates as it might exhaust
the
  peers.
  The interval is used so there is a limit of how often the updates are
sent
  regardless
  of how often the routes actually change.
 
  cebuano  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   Hi ,all.
   Can someone give a better explanation about this BGP command
   neighbor advertisement-interval? I know you can change the default
   values of 30 sec for external and 5 sec for internal peers.
   But I always thought that BGP sends routing updates ONLY when
   something about the route changes, either an UPDATE or WITHDRAWN
   message. Any explanation better than CCO or Parkhurst's is greatly
   appreciated.
  
   Elmer




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44551t=44521
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE in 3-6 Months from cisco Interesting [7:43306]

[Henry D.]

I agree with all of the people that because of the economy
most CCIE's won't see big salaries from few years back.
I also agree that paper CCIE doesn't really compare to
a paper MCSE, SCSA or whatever else. A CCIE needs
to have some hands-on. The problem is that lab testing has little
to do with real life environment. On top of that, there is so much
info out there on what's being tested on the lab that people have much
work cut down for them to pass the tests. This creates a limit of what
you really need to know for the lab and how you get to that level,
this limit however is not how a CCIE will be judged in real life
environment.
So, yes the salaries are gone, and yes there are some CCIE's who will have
trouble designing a simple network. I think as long as people don't cheat
themselves they will know whether they are worthy of this certification.
You need to take a look at yourself and forget about the little paper you
put on the wall or on your cubicle. The paper means nothing, it's what's in
you what really counts. And as far as that goes you can still make a
great living being a CCIE !

CCIE #8472


Johnzaggat  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Join Cisco and get CCIE in 3-6 months. Must be a typo.


http://www.cisco.com/pcgi-bin/jobs/JobAgent?rm=jobdetailreq_id=703608keywo
 rds=+




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=43336t=43306
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: passed MCAST/QOS exam [7:40345]

[Henry D.]

Congrats !

Reinhold Fischer  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 hi all,

 today i took the multicast and qos exam (640-905). In my opinion it is the
 hardest of the three exams to achieve the CCIP/MPLS cert.

 For preparation i have used the Ciscopress 'developing ip multicast
 networks' book and read up the relevant sections of the Quality of Service
 Solutions Configuration Guide and the Multicast section of the IP Routing
 and IP Confguration Config Guide. If i had to take the exam again i would
 try to get my hands on the original course documentation as there were
loads
 of questions that probably best would be answered with knowledge of the
 original course text.

 good luck to you in all your studies !

 Cheers

 Reinhold




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=40367t=40345
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Re: MPLS in the Enterprise [7:36670]

[Henry D.]

Interesting, let me also bring few things up here, not that
I have much experience in MPLS/VPN but who does ? :-)

I suppose one of the problems with this particular service is that
not all SP's or Enterprises fully understand the potential, or technology
in general. First, SP's might not be able to provide overall cheaper
connectivity
for the Ent's if their network doesn't span around the existing Ent's POP's.
I suppose when considering the service, one needs to realize all the
advantages
of it and compare it to what they have now. As with any technology, there
are many
ways to implement it. One might be able to just start the service for
interconnecting
the HUB locations for example. Another advantage could be the Internet
traffic which no more
has to travel thru dedicated lines which are shared thru the whole
Enterprise.

Referring to John's original post, the CE equipment doesn't have to
participate
in the MPLS, so the MPLS looks like any other connection to the rest of your
network.
Now, it's a choice or not, depending on the service and possibly other
customer requirements,
whether CE participates in MPLS. In general, SP would take care of the
routing between
the sites, the routing would be totally independent of their other
MPLS/VPN's or Internet
routing which gives the Enterprise traffic protection in the form of
invisibility to other SP
customers or Internet users when required.

It all depends, the best thing is to study the technology and the the
details of offerings.
I personally have no real time experience in this whole new area but I hope
in theory
I should be pretty close to what one needs to be aware of.


John Neiberger  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 To make things even more interesting...

 While discussing this with a few different vendors I decided
 that this particular solution is smoke-and-mirrors, at least in
 our area.  We'd have to buy new point-to-point circuits that
 all point to a _single_ POP.

 MPLS isn't even needed in this case because every location
 would be hitting the same POP!  Unless, of course, they have a
 whole bunch of routers at the POP but then we're really using
 MPLS to get from one side of the room to the other.

 We'd be better off simply buying a couple of frame DS3 circuits
 for our hub and repointing all the branch PVCs to those
 circuits.  Cheaper and we accomplish the same thing without
 using another vendor and without buying a whole bunch of new
 circuits.

 In fact, one vendor that I asked about this proposed this very
 solution, except he was suggesting we use their facilities.
 They offered to set up a couple of routers exclusively for our
 company to connect to.  Again, we don't really accomplish much
 with that solution since we can do that at our own facility if
 we want to.

 John



  On Sat, 9 Mar 2002, Kent Yu ([EMAIL PROTECTED]) wrote:

  John,
 
  I think you brought an interesting topic.
 
  With all these pitches about Layer 3 VPN, the question has
 been
  bothering me
  for a while, how many enterprises out there really need to
 have an
  any-to-any solution? Less than 0.5% is my guess. Most of the
 enterprise
  client/server  applications fit into the hub-spoke topology
 pretty well,
  really have no reasons to get direct connections among their
 branches.
 
 
 
  Theoretically, MPLS should give the service providers the
 ability to
  provide
  more scalable and cheaper fully meshed VPN solution, as the
 SPs do not
  have
  to manage those hundreds of thousands PVCs, ect. From the
 enterprises'
  perspective, if this gives them a reliable and affordable
 alternative to
  the
  traditional hub-spoke frame relay network, it sounds
 attractive, but
  seems
  to me all the current implementations are even more
 expensive, not to
  mention their reliability probably is no where near the
 legacy frame
  network, at least not for a while.
 
 
 
  The vendors want to sell their MPLS VPN solutions to SPs, the
 SPs who
  built
  the network want to sell it enterprises , but my guess is
 that 99%
  enterprises will not buy it, not till...
 
 
 
  My .02
 
  Kent
 
  John Neiberger  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   Okay, I'm about to show how clueless I am when it comes to
 MPLS
  
   I've been getting calls from multiple providers lately all
 trying to
   suggest that I migrate our 100-site frame relay network to
 their MPLS
   network, suggesting that we'll have any-to-any connectivity
 and the
   ability to prioritize traffic classes within the MPLS
 network.
  
   Are any of you doing something like this?  I'm going to
 read up on it
   but I'm having trouble visualizing it.  Does this basically
 turn our
   network into a giant multipoint network?  Do our branch
 routers need
  to
   be aware of MPLS or do providers make this transparent
 somehow?  How
   does this affect routing?
  
   It seems that if we have any-to-any connectivity then the
 branch
   routers 

Re: More Confused!!! Re: Neighbor commands...Yes or No?? [7:33560]

[Henry D.]

I think you're still confused. Both physical frame interface
and multipoint sub-interface are by default OSPF Non_Broadcast type.
This means for OSPF to function you'd need to configure neighbor command
in either scenario.

With the config you showed on RTA (the HUB router) you wouldn't even be able
to ping both spokes as there are no maps defined (aside from missing
netmask), and if relying only on inverse-arp,
it would map only one spoke and no more. The rule is that inverse-arp will
map
only one Layer3 to the same Layer2, i.e one IP to DLCI X, one IPX to DLCI X,
one IP to DLCI Y, etc.

You're showing routes in the spokes, but we really don't know all of the
configs
when these routes show up in the routing table.

What's the configs, output of sh frame-relay pvc, sh frame-relay map ?


Cisco Nuts  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 OK, I have finally found out this and concluded that:

 Neighbor commands are ONLY required in an OSPF point-to-multipoint
 Non-Broadcast mode in a FR hub-and-spoke topology.

 Not required in a NBMA mode or any other modefor that matter.



 From: Cisco Nuts Reply-To: Cisco Nuts To: [EMAIL PROTECTED]
 Subject: More Confused!!! Re: Neighbor commands...Yes or No?? [7:33547]
 Date: Tue, 29 Jan 2002 01:38:45 -0500  Hello!!  I am even more
 confused now! :-(  Just finished configuring 3 routers in a FR
 hub-and-spoke topology with OSPF in the default non-broadcast mode with
 NO neighbor commands on the hub router and FR map commands on both the
 spokes to get to one another. It works!! I mean without the neighbor
 commands on the hub router, the spoke routers are learning about the
 networks on the other spoke, that too in a different area. Why?? 
 Thanks!  Here is some output: BTW: RTA is the hub and RTB and RTC the
 spokes. FR configed. on physical interfaces:  RTB routing table:  O
 IA 192.168.10.192/27 [110/70] via 192.168.10.243, 00:01:20, Serial0 O IA
 192.168.10.128/26 [110/74] via 192.168.10.243, 00:01:20, Serial0  RTA
 config:  RTA#sh ru int s0 Building configuration...  Current
 configuration : 214 bytes ! interface Serial0  bandwidth 1544  ip
 address 192.168.10.241 255.255  encapsulation frame-relay  ip ospf
 priority 10  logging event subif-link-status  logging event
 dlci-status-change  no fair-queue end  RTC routing table:  O IA
 192.168.10.64/26 [110/74] via 192.168.10.241, 00:17:50, Serial0 O IA
 192.168.10.0/26 [110/74] via 192.168.10.242, 00:17:50, Serial0   From:
 Henry Dziewa To: Cisco Nuts Subject: Re: Neighbor commands...Yes
 or No?? [7:33486] Date: Mon, 28 Jan 2002 20:11:07 -0500   Well, it's
 your loss:)  Hub and spoke, in order for the spoke to talk to
 another spoke you need to map the remote spoke's IP to the same DLCI
 used for mapping to HUB router on both spokes. The HUB router already
 has the mapping to both so it knows where everyone is.  By default,
 physical frame interfaces are ospf non-broadcast, this means  that
 you'd need to configure neighbor statement, preferably on the HUB
 router.   - Original Message - From: Cisco Nuts To:
 Sent: Monday, January 28, 2002 3:42 PM Subject: Re: Neighbor
 commands...Yes or No?? [7:33486] And that's exactly what I am
 asking my friend.   First, it's the layer 2 issue..that of fr map
 statements to get from onespoke to another via the hubaka Mr.
 Caslow. And there is the ospf issue of either issuing the
 neighbor commands or not   in the default non-broadcast mode when
 using physical fr intfs. Is it one of both? And that is the
 confusing issue for me. :-) Can you help?   From:
 Henry D.   Reply-To: Henry D.   To: [EMAIL PROTECTED]  
 Subject: Re: Neighbor commands...Yes or No?? [7:33486]   Date: Mon,
 28 Jan 2002 14:38:06 -0500  There are 2 different issues.  
1. Layer 2 to Layer 3 mapping.   2. Routing  You
 need to separate these 2 in order to understand how it all works.  
 If I gave you all the answers then it wouldn't be fair to you as you
 need   to grasp it for yourself, especially if planning to gor for
 CCIE.  Cisco Nuts wrote in message   
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello,
 Would someone clarify this for me as I am getting very confused :-(  
In a Frame-Relay hub-and-spoke config. using physical interfaces
 and  frame-relay map statements at the spokes and using OSPF, do
 we need to configure neighbor commands? Yes or No? From
 what I understand, OSPF works in a Non-Broadcast mode by default  
 and  neighbor commands are only needed if not a full-mesh. In
 this case,  will   the frame-relay map commands suffice to
 get from one spoke to another thru   the hub router?
 Thank you. 
 _   
  MSN Photos is the easiest way to share and print your photos:
 http://photos.msn.com/support/worldwide.aspx  
 archives, and subscription info:   
 http://ww

Re: MD5 encrypting vty passords [7:33533]

[Henry D.]

That specifies type 7 encryption, you can enable it before or after
you configured your vty's. enable secret  is used to enter
password which will be encrypted with MD5. If using MD5 don't use it in
conjunction with enable password  command as that would create
another enable password and would make your MD5 password as prone
to discoveries as type 7.

bergenpeak  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Is the MD5 encryption used when one enables the service
 password-encryption
 before entering the vty password?

 What encryption mechanism is used when a password is entered as type 7?

 Thanks


 Henry D. wrote:
 
  It's not possible to use MD5 on vty's.
  I suppose the reason would be that MD5 enable
  password is not all that much more secure than type
  7 passwords. When you type them they both are being
  sent over the network in clear text anyway. The only reason
  for using MD5 would be so anyone who sees your config
  wouldn't be able to crack the MD5 password as easily as type 7.
  But on the other hand, if you have access to the config, you're either
  already in enabled mode or you store it in insecure place. If insecure
 place
  then there may be other ways to break into or your equipment anyways.
  You see, there is no perfect simple solution, you got to rely on many
steps
  to protect what needs to be protected.
 
  Charlie Wehner  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   Is there any way to MD5 encrypt vty passords?
  
   If so, how?
  
   If not, why not?
  
   Thanks,
   Charlie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=33564t=33533
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP Backdoor! Lab on Friday, Please HELP! [7:33423]

[Henry D.]

I suspect your ISIS between Glori and Bilbo is either not working
or this specific route is not exchanged with ISIS. Can we see the whole
config for these bad boys ? Also, what happens when you shut the BGP
session between Bilbo and Elrand, do you get the ISIS route then ?

You don't need backdoor command on Erland either.

Wilson, Christian  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I am struggling with BGP backdoor.  I seem to get the more complicated
 aspects of BGP, but this backdoor command is really getting me down.  I
test
 on Friday and would appreciate any help.  In the configs below, BILBO and
 GLORI have EBGP connections to ELROND.  BILBO and GLORI have a ISIS
 connection between each other.  ISIS is actually running on all the
routers
 as an IGP.  All the routers know about the network 3.0.0.0 from ISIS.
GLORI
 injects 3.0.0.0 into BGP using the network command and the update is sent
 across the EBGP connection to ELROND, who in turn passes the update across
 his EBGP connection to BILBO.  BILBO has the network 3.0.0.0 backdoor
 added to his configuration, but the BGP route still appears in the routing
 table instead of the ISIS route.  I have omitted a lot of the config files
 because they are huge and harsh to read through, but I tried to include
all
 relevant text.  I have tried this so many ways and times that I am
beginning
 to have doubts about myself since such a seemingly simple task is stumping
 me.  Please help!!

 hostname Bilbo

 interface Serial0/0
  no ip address
  encapsulation frame-relay
 !
 interface Serial0/0.1 multipoint
  ip address 150.150.10.1 255.255.255.0
  ip router isis
  ip ospf network point-to-multipoint
 !
 interface Serial0/0.2 point-to-point
  ip address 150.150.20.1 255.255.255.0
  ip router isis
  ipx network 200
  ipx nlsp a1 enable
  frame-relay interface-dlci 940
 !
 router bgp 100
  network 3.0.0.0 backdoor
  neighbor 150.150.20.2 remote-as 200

 Bilbo#b
 BGP table version is 2, local router ID is 200.200.9.1
 Status codes: s suppressed, d damped, h history, * valid,  best, i -
 internal
 Origin codes: i - IGP, e - EGP, ? - incomplete

Network  Next HopMetric LocPrf Weight Path
 * 3.0.0.0  150.150.20.2   0 200 300 i

 Bilbo#i
 i L2 1.0.0.0/8 [115/20] via 150.150.20.2, Serial0/0.2
 C2.0.0.0/8 is directly connected, Virtual-TokenRing2
 B3.0.0.0/8 [20/0] via 150.150.20.2, 00:26:45
 i L2 4.0.0.0/8 [115/20] via 150.150.10.2, Serial0/0.1
 O E1 5.0.0.0/8 [110/128] via 150.150.10.3, 00:29:29, Serial0/0.1
 O E1 200.200.220.0/24 [110/128] via 150.150.10.3, 00:29:29, Serial0/0.1



 hostname Elrond

 interface Serial0/0.1 point-to-point
  ip address 150.150.20.2 255.255.255.0
  no ip directed-broadcast
  ip router isis
  ipx network 200

 interface Serial0/0.3 point-to-point
  ip address 150.150.21.1 255.255.255.0
  no ip directed-broadcast
  ip router isis
  ipx network 21

 router bgp 200
  network 3.0.0.0 backdoor
  neighbor 150.150.20.1 remote-as 100
  neighbor 150.150.21.2 remote-as 300

 Elrond#b
 BGP table version is 2, local router ID is 200.200.240.1
 Status codes: s suppressed, d damped, h history, * valid,  best, i -
 internal
 Origin codes: i - IGP, e - EGP, ? - incomplete

Network  Next HopMetric LocPrf Weight Path
 * 3.0.0.0  150.150.21.2 0 0 300 i


 hostname GLORI

 interface Serial0/0
  ip address 150.150.10.2 255.255.255.0
  no ip directed-broadcast
  ip router isis
  encapsulation frame-relay

 interface Serial0/0.2 point-to-point
  ip address 150.150.21.2 255.255.255.0
  no ip directed-broadcast
  ip router isis
  ipx network 21

 router bgp 300
  network 3.0.0.0
  neighbor 150.150.21.1 remote-as 200

 GLORI#b
 BGP table version is 2, local router ID is 200.200.230.1
 Status codes: s suppressed, d damped, h history, * valid,  best, i -
 internal
 Origin codes: i - IGP, e - EGP, ? - incomplete

Network  Next HopMetric LocPrf Weight Path
 * 3.0.0.0  0.0.0.0  0 32768 i

 GLORI#i
 i L2 1.0.0.0/8 [115/30] via 150.150.10.1, Serial0/0
 C3.0.0.0/8 is directly connected, Virtual-TokenRing3
 C4.0.0.0/8 is directly connected, Virtual-TokenRing4
 i L2 5.0.0.0/8 [115/84] via 150.150.10.1, Serial0/0
 i L2 200.200.220.0/24 [115/84] via 150.150.10.1, Serial0/0
 i L2 6.0.0.0/8 [115/84] via 150.150.10.1, Serial0/0
 i L2 200.200.241.0/24 [115/84] via 150.150.10.1, Serial0/0




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=33435t=33423
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Neighbor commands...Yes or No?? [7:33486]

[Henry D.]

There are 2 different issues.

1. Layer 2 to Layer 3 mapping.
2. Routing

You need to separate these 2 in order to understand how it all works.
If I gave you all the answers then it wouldn't be fair to you as you need
to grasp it for yourself, especially if planning to gor for CCIE.

Cisco Nuts  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hello,
 Would someone clarify this for me as I am getting very confused :-(
 In a Frame-Relay hub-and-spoke config. using physical interfaces and
 frame-relay map statements at the spokes and using OSPF, do we need to
 configure neighbor commands? Yes or No?
 From what I understand, OSPF works in a Non-Broadcast mode by default and
 neighbor commands are only needed if not a full-mesh. In this case, will
the
 frame-relay map commands suffice to get from one spoke to another thru the
 hub router?
 Thank you.


 _
 MSN Photos is the easiest way to share and print your photos:
 http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=33490t=33486
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Lab Kit.... [7:33412]

[Henry D.]

It could be possible to only use 4 routers and still be able
to do some complicated labs. But what real CCIE lab is about is
to put a lot of stuff in one physical topology, mixing all of this
together, confusing you which protocol or interface you still
need to get to, what and how the redistribution will play in this whole
mess, making all of it depend on many other things you might
have configured earlier and being able to keep on going without
breaking later what worked before. From my own experience
as well as most of the real preparation labs you'll find will
require more routers. I used 9 routers and 1 switch.
This allowed me to do most labs from all the resources I was
able to find on the web.

Good Luck !

And yeah, it worked for me !

Joel Satterley  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Can anyone advise on the base set of equipment for running test labs as a
 prep
 for the CCIE lab ?

 I'm thinking -

 4 x eth + tok routers (3 with at least one serial + 1 with three or more)
 2 x Cat switches (2900 + 4000)
 1 x Token ring switch.
 3 x PC's

 Anything else (apart from modems + ISDN, got plenty of that).




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=33526t=33412
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Can ping from one side only!! why? [7:33527]

[Henry D.]

In your scenario, packet originates on router Remote
with destination of router RTA - with IP address of the network
connecting RTA to BBR. Remote knows to use TS because
of the RIP information and sends packet to TS, TS knows how to get
there because it has statics so it forwards the packet to
BBR, BBR is directly connected to the network so it
knows where RTA is and forwards it out to RTA. RTA
gets the packets but it doesn't know where Remote router is
so the packet gets dropped. Now, if Remote was for example
pinging IP of BBR on the same subnet as RTA this would work
because BBR knows thru static default how to get back to Remote.
In case of RTA, it has no default route information even though you
used redistribution under OSPF. The problem is that OSPF will
not start advertising default route unless specifically configured to do
so with default-information originate command.

The same goes when trying from TS router, RTA has no information
on how to get back to the network you have configured between
BBR and TS.

Hope it helps.


Cisco Nuts  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hello,
 I have router RTA connected to router BBR running ospf 100. Router BBR has
a
 static route of 0.0.0.0 to router TS. Router BBR also has a redistribute
 static command under ospf.

 Router TS is connected to router Remote both running Rip. Static routes
are
 configured on TS for RTA's and BBR's networks. This is redistributed under
 Rip with a default metric of 2. Also, the router TS has a defult-network
 command to inject a default route to router Remote.

 On router Remote, I see the networks of routers RTA and BBR discovered via
 RIP
 R4.0.0.0/8 [120/2] via 10.10.1.2, 00:00:18, Ethernet0
 R5.0.0.0/8 [120/2] via 10.10.1.2, 00:00:18, Ethernet0

 I can ping these addresses successfully.

 But I cannot ping these same addresses from the TS. Why?? The packet from
 Remote goes thru TS to get to routers RTA and BBR. Then how come I cannot
 ping these same addresses from TS?? Also, I cannot ping any networks on
 Remote from RTA

 The solution I came up with was:
 1.) Configure a default-information originate command on the router BBR
 which then injects a default route on RTA which allows me to ping networks
 on router Remote. This works!

 2.) Configure on router BBR the serial network address between router BBR
 and TS under OSPF. This allows me to ping the networks of RTA from the TS.
 This works!

 So the question is more of a packet flow from router Remote from where
pings
 work to RTA and BBR but not from router TS.

 Can someone help me understand this?
 Thank you.







 _
 Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=33529t=33527
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MD5 encrypting vty passords [7:33533]

[Henry D.]

It's not possible to use MD5 on vty's.
I suppose the reason would be that MD5 enable
password is not all that much more secure than type
7 passwords. When you type them they both are being
sent over the network in clear text anyway. The only reason
for using MD5 would be so anyone who sees your config
wouldn't be able to crack the MD5 password as easily as type 7.
But on the other hand, if you have access to the config, you're either
already in enabled mode or you store it in insecure place. If insecure place
then there may be other ways to break into or your equipment anyways.
You see, there is no perfect simple solution, you got to rely on many steps
to protect what needs to be protected.

Charlie Wehner  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Is there any way to MD5 encrypt vty passords?

 If so, how?

 If not, why not?

 Thanks,
 Charlie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=33539t=33533
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Can ping from one side only!! why? [7:33527]

[Henry D.]

Can you post the relevant configs then ?

Cisco Nuts  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hello,
 I have router RTA connected to router BBR running ospf 100. Router BBR has
a
 static route of 0.0.0.0 to router TS. Router BBR also has a redistribute
 static command under ospf.

 Router TS is connected to router Remote both running Rip. Static routes
are
 configured on TS for RTA's and BBR's networks. This is redistributed under
 Rip with a default metric of 2. Also, the router TS has a defult-network
 command to inject a default route to router Remote.

 On router Remote, I see the networks of routers RTA and BBR discovered via
 RIP
 R4.0.0.0/8 [120/2] via 10.10.1.2, 00:00:18, Ethernet0
 R5.0.0.0/8 [120/2] via 10.10.1.2, 00:00:18, Ethernet0

 I can ping these addresses successfully.

 But I cannot ping these same addresses from the TS. Why?? The packet from
 Remote goes thru TS to get to routers RTA and BBR. Then how come I cannot
 ping these same addresses from TS?? Also, I cannot ping any networks on
 Remote from RTA

 The solution I came up with was:
 1.) Configure a default-information originate command on the router BBR
 which then injects a default route on RTA which allows me to ping networks
 on router Remote. This works!

 2.) Configure on router BBR the serial network address between router BBR
 and TS under OSPF. This allows me to ping the networks of RTA from the TS.
 This works!

 So the question is more of a packet flow from router Remote from where
pings
 work to RTA and BBR but not from router TS.

 Can someone help me understand this?
 Thank you.







 _
 Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=33540t=33527
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: tunneling with previously undefined endpoint? [7:32057]

[Henry D.]

If I get this correctly you can use dynamic-map feature
as seen in the example here:

http://www.cisco.com/warp/customer/707/ios_804.html

the-other-jason  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Help, I can't think of a way to do this . :-(

 We have two IPSec appliances at work that require known, routable
 addresses on their non-secure ethernet interfaces.

 We want to create a kit engineers can take home for remote IPSec access
 into the network from personal cable/dsl connections. Our typical home
 networks have a cheapo router running NAT. The router is getting a real
 outside address from a service provider via DHCP (point C in the
 drawing). On the inside, we use private addressing (point B).

 The problem is to configure an IPSec appliance with a real address but
 connect it via the private address LAN at home. The obvious way to do
 this is with a tunnel, so we've managed to scavenge a couple of old
 2500s for this purpose...


 IPSec   cheapo  IPSec
 appliance --2500--router--ISP--Internet--3660--2500--appliance
   A B   C D

 Ideally, we want a tunnel from the left side of the left 2500 to either
 the 3660 or the right 2500  so that we can give the left IPSec
 appliance some of our address space.  With GRE, however, you have to
 specify the endpoint addresses in advance, and of course we don't know
 what address the ISP will give one via DHCP 

 After some reading, I _think_ PPPoE, L2F, PPTP, and L2TP won't help us
much

 Does anyone have any ideas?

 Jason




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=32059t=32057
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Regarding E1 controllers [7:31126]

[Henry D.]

It wouldn't work at all if framing was incorrect. You may be encountering
a bug of some sort. I 'd make sure you have the lates IOS installed and that
you PA revision is not too old. Some of these bad boys caused us problems
when we first started using them but not any more.

K.RAMESH BABU  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi ,

 Having cisco7206 with Multichannel E1/PRI cards at service provider
 environment .Terminated different 2Mbps customers on these cards.
 Sometimes I find some customer ckt goes down and when I go for
 checking sh controller e1  ,I find LOSS OF FRAME alarm.
 By changing framing settings under controller configuration and again
 revert back for the same framing settings once or twice, ckt is coming
 up.Why this is happening so ? Is it related to some buffers problem
 or some thing else?

 Pls write me back if anyone has similar problem or anyone knows the
 reason.

 Thanks  regards
 Ramesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=31189t=31126
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Kindly assist. (IPSEC over ISDN + HSRP) [7:31116]

[Henry D.]

With the mix of dial profiles and correct crypto maps there shouldn't be a
problem.

Pius  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi,

 I am using ISDN routers to connect to 2 remote sites, the headquarter has
2
 router which will be running HSRP.

 The primary router and the remote sites' router are using IPSEC
 tunnel.however, the backup router is not using IPSEC.

 The primary router has 2 BRI interface running 128k connecting to the 2
 remote sites router, however, the backup router has only 1 BRI interface.

 Is this configuration possible? i.e. when the primary fail, can the backup
 router connected to the remote sites without using IPSEC using 1 channel
 each?

 Thanks,
 Pius




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=31194t=31116
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Activating VPN slows connection drastically, Why? [7:30043]

[Henry D.]

I don't know much about CheckPoint's VPN solutions but the logical
things that could cause degradation in performance could be either
client PC's that now with VPN are required to encrypt/decrypt data,
the end point machine that has to do the same things, some issues within
the infrastructure beyond the VPN Checkpoint machine, all or some
of the above issues could cause problems. Simply more information
is required for better analysis.


Chuck Larrieu  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 can you clarify for me?

 HQinternet827bunch of PC's

 PC's are running the Checkpoint VPN client. VPN tunnels go from PC to HQ
 Checkpoint device, with the 827 doing only routing/bridging ( depending on
 how the ISP is set up )

 Is this correct?

 When you say the connection slows down does that mean that prior to
using
 the VPN client, connection to HQ was fast? Or were you gauging by internet
 access, as the PC's cannot access HQ without the client?

 You will want to differentiate what is slow and what is fast. Then it will
 be easier to focus in on a cause.

 Chuck


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 Bruce Williams
 Sent: Monday, December 24, 2001 12:38 PM
 To: [EMAIL PROTECTED]
 Subject: Activating VPN slows connnection drastically, Why? [7:30043]


 We have a DSL line connected through a Cisco 800 series router. The
 connection is very fast until the checkpoint client software is activated
to
 access a checkpoint firewall vpn in the corporate office. This slows down
 the connection drastically. What in the VPN could cause this? I just want
to
 get an idea where to start troubleshooting?

 Bruce Williams
 Verizon
 mailto:[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=30068t=30043
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Help with Voice over IP over ATM [7:25163]

[Henry D.]

You need to have VAD disabled in your dial-peers.

William Lijewski  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I have been looking for what is probably a one line command for about 2
days
 now.

 In the lab I am working on you are to do Voice over IP over ATM SVC's.
They
 want it so if no one is talking it still sends empty voice packets.  Right
 now if no one is talking you can hear it go dead silent until someone
speeks
 again.  How do you get the empty voice packets to be transmitted so the
line
 is constantly active even if no one is talking?

 I have looked in the Caslow book, searched the Cisco documentation CD, and
 I'm just having no luck.  Any help would be great.

 Thanks,
 Bill L.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=25184t=25163
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP Confederations [7:24940]

[Henry D.]

If you think about it, in the config you specify bgp process
as confed id, which means if you need to peer over IBGP
you actually peer with confed ID and not the real AS number.
So, yes you do need confed id specified on each BGP in confed cluster.

McCallum, Robert  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi,

 If you have 4 routers within an confederation r1,r2,r3r4.  R1 has and
EBGP
 connection to another As so therefore has the bgp confederation id and
 confed peer statements on it.  My question is do all of the IBGP router
 (r2,r3r4) require the confed statements on them even if they are only
IBGP
 routers??

 14 days to go!! Starting to have some fun !!

 Robert McCallum




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=24945t=24940
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP Confederations [7:24940]

[Henry D.]

Disregard my last post, I got it all messed up..
In confed cluster you peer over IBGP using a different
AS than the confed ID, or real AS number.

Henry D.  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 If you think about it, in the config you specify bgp process
 as confed id, which means if you need to peer over IBGP
 you actually peer with confed ID and not the real AS number.
 So, yes you do need confed id specified on each BGP in confed cluster.

 McCallum, Robert  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Hi,
 
  If you have 4 routers within an confederation r1,r2,r3r4.  R1 has and
 EBGP
  connection to another As so therefore has the bgp confederation id and
  confed peer statements on it.  My question is do all of the IBGP router
  (r2,r3r4) require the confed statements on them even if they are only
 IBGP
  routers??
 
  14 days to go!! Starting to have some fun !!
 
  Robert McCallum




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=24948t=24940
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: To Passive or Not to Passive [7:24771]

[Henry D.]

In regards to Q number one. I think it would be much better not to
specify passive interface under OSPF as long as your network statement
does not include the IP of the interface in question. The reason for that,
at least
in my head, is that if I were a proctor I might think you don't understand
how
OSPF works.
For question 2, passive should be a norm on interfaces you don't want to
form
neighboorship or sending routing updates. Make sure you understand that
passive
works differenty for RIP than for EIGRP.

McCallum, Robert [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Dear all,

 Before I take the leap into the lab (2 weeks to go now), I have a question
 which has dogged me for a while now.  Scenario below.


 Router 1  has the following interfaces, Lo0, Eth0/0, S0/0, S0/1 and say
 Fast0/1.

 Router 2 has the following interfaces Lo0, Lo1, Eth 0/1, S0/0.

 Between Router 1 (s0/0) and Router 2 (s0/0) we are running say OSPF.  On
 router 1 (e0/0 and s0/1) we are running RIP.
 On Router 2 (e0/1 and lo1) we are also running Rip.

 Router 1 (lo0, s0/1) and Router 2 (lo0) are running Eigrp.

 Now for the questions

 1. On router 1 OSPF process is running  Q: should I put lo0,e0/0, fast0/1
 and s0/1 as passive interface ???  This worries me quite a bit as the
 argument of if you dont put the network command under ospf then ospf will
 not run on that interface...BUT I have been told that you should ALWAYS
put
 every
 in use interface into passive if it is not being used under the routing
 process.

 2.  This is not a question but a sanity check that for EIGRP and RIP then
 the norm rules of passive interfaces apply.

 Thanks for anyones help in clearing this annoying matter up.

 Robert McCallum
 Ext 730 3448
 DDI : 01415663448
 Mobile : 07818002241




 Message Posted at:
 http://www.groupstudy.com/form/read.php?f=7i=24771t=24771
 --
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Questions about PIX firewall [7:24634]

[Henry D.]

Yeah, there is a GUI but you'll be better off just trying to get used
to the CLI. It's just better, trust me.
By HA I suppose you mean High Availability, there is a good link
describing how failover works:

http://www.cisco.com/warp/customer/110/failover.html

We've had good experience with failover, I think it rocks !

dovelet  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi all,

 Our company wants to use PIX 515 firewall but I never use it before. I
have
 some questions and I hope someone can help me.

 1. To configure a PIX, is there any GUI interface or need to use Command
 Line Interface? If it has GUI interface, is it bundle with a PIX or need
to
 purchase separately?
 2. We plan to use 2 PIX for HA solution. Is it stable?
 3. Is there any materials to describe the PIX failover?

 Regards,
 Dovelet




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=24675t=24634
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IPsec question!!! [7:24020]

[Henry D.]

The good book to read for (in my opinion) great IPSec
coverage is Enhanced IP Services For Cisco Networks
by Donald C. Lee - ISBN 1-57870-106-6

Hussam Adili  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Dear All,

 I have a question about IPsec tunnel mode. As I understood that it will
 encrypt  the original  packet with its IP header and it will use another
 IP header (the o/p interface address header) to route the packet over
 the Internet (any open network).

 Does this mean that the source address can be a non-routerable IP
 address and it can reach the destination address (which is also
 non-routable) through the IPsec tunnel ? Or, for such senario we need to
 use GRE tunnel first between the non-routable network addresses , then
 encrypt using IPsec?

 Your help is appreciated
 -
 Regards
 Hussam




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=24069t=24020
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Slow wan link. TCP traffic ok, UDP not okay. Please help! [7:24074]

[Henry D.]

And yes, you need to have anonymous login allowed if you don't
want to specify a specific username:

r2#debug ip ftp
FTP transactions debugging is on
r2#term mon
r2#copy startup-config ftp:
Address or name of remote host []? 192.168.168.101
Destination filename [startup-config]?
Writing startup-config !
1543 bytes copied in 0.300 secs
r2#
00:52:04: FTP: 220 3Com 3CDaemon FTP Server Version 2.0
00:52:04: FTP: --- USER anonymous
00:52:04: FTP: 331 User name ok, need password
00:52:04: FTP: --- PASS [EMAIL PROTECTED]
00:52:04: FTP: 230 User logged in
00:52:04: FTP: --- TYPE I
00:52:04: FTP: 200 Type set to I.
00:52:04: FTP: --- PASV
00:52:04: FTP: 227 Entering passive mode (192,168,168,101,4,70)
00:52:04: FTP: --- STOR startup-config
00:52:04: FTP: 125 Using existing data connection
00:52:04: FTP: 226 Closing data connection; File transfer successful.
00:52:04: FTP: --- QUIT
00:52:04: FTP: 221 Service closing control connection

Ouellette, Tim  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Yeah, try copying a 12 meg msfc .bin over a WAN link that has latency of
 125ms.  So I only get to send 8 packets per seccond each as 512 bytes.
 (1000ms/125ms = 8)

 tftp at the application layer is the one who sends the acks.  For some
 reason I can't do a a copy flash ftp.  I'm guessing because I don't have
 anonymous login allowed on my ftp? Does that sound right?

 Tim


  -Original Message-
  From: Chuck Larrieu [SMTP:[EMAIL PROTECTED]]
  Sent: Tuesday, October 23, 2001 12:44 AM
  To: [EMAIL PROTECTED]
  Subject: Re: Slow wan link. TCP traffic ok, UDP not okay. Please
  help! [7:23853]
 
  validating this thought, I have had reason to upgrade my router pod IOS
  images of late. Cisco's router Software Loader uses TFTP to copy new
  images
  into flash via a direct ehternet to ethernet connection. copying 16 meg
  images takes an inordinate amount of time, especially considering there
  are
  only two devices on the network involved.
 
  it would appear, then, that the router writes each packet to flash
before
  requesting the next packet. at least that goes a long way towards
  explaining
  why the copies take several minutes on a 10baseT link with just the two
  devices connected via a crossover cable.
 
  thanks for the insight
 
  Chuck
 
 
  Priscilla Oppenheimer  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   One more (serious!) comment. I asked a protocol guru about the
question
  of
   TFTP being so slow. He agreed with the poster that the TFTP throughput
   seems awfully low, but he agreed with me too that TFTP is not
optimized
  for
   throughput. He also mentioned one other stupidity with TFTP
   implementations. He said that some actually write the 512-byte block
of
   data to the hard disk before ACKing and asking for the next block. So
a
   slow hard disk would cause problems.
  
   TFTP and UDP don't have a PSH bit like TCP has. With TCP, the sender
  would
   output a bunch of data and then perhaps set the PSH bit which would
tell
   TCP to give the data (in RAM) to the application. At that point, you
  might
   see a short hiccup as FTP wrote the data to the hard drive (not
  necessarily
   because FTP could still keep the data in memory until the session is
   closed; it's implementation-dependent.)
  
   TFTP is also implementation-dependent, but with some implementations,
  it's
   one block at a time that is written to storage and then ACKed before
  more
   data is sent.
  
   Since FTP works well, you have proof that the problem isn't with the
   network. Can't you pass this onto the server or application people!?
;-)
  
   Priscilla
  
   At 02:34 PM 10/18/01, Priscilla Oppenheimer wrote:
   At 02:23 PM 10/18/01, Ouellette, Tim wrote:
Priscilla,
  
  
  

Thanks for the response.   Any idea as to why the TFTP protcol over
  our
   WAN
will run at 4k/sec and FTP at 165k/sec.  I just figured that the
  smaller
packet size of UDP would help.
   
   Nope. That would not help. It would make the throughput worse.
   
  I also thought that UDP is connectionless and
thefor requires no ACKS.
   
   TFTP has ACKs.
   
   Other sites on our WAN I can transfer large files
via TFTP and they run at very good speeds.
   
   Have you done the same sort of comparison  of FTP versus TFTP at
those
   sites. I bet FTP has much better throughput.
   
I'm just concerned about this one
site. Any other ideas?
   
   See the message from Phil Barker. It made some good points about TFTP
  and
   UDP in general not being tuned for WANs. The next step would be to
put
  a
   Sniffer on it and see what's really happening. But there may not be
   anything abnormal happening. TFTP just kinda sucks.
   
   
Tim


  -Original Message-
  From: Priscilla Oppenheimer [SMTP:[EMAIL PROTECTED]]
  Sent: Thursday, October 18, 2001 1:23 PM
  To:   [EMAIL PROTECTED]
  Subject:  Re: Slow wan link. TCP 

Re: Route Reflectors and Peer Groups [7:23765]

[Henry D.]

Hi there,

Did you ever get an answer, or figured this out ?

I can't quite get a clearer understanding of what they're talking about in
the
excerpt you submitted either. I was looking at the BGP case studies on
cisco's
web site and I still can't get it.

Thanks
Lupi, Guy  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Below is an excerpt from a Cisco case study on multiple route reflectors
 within a cluster:

 An important thing to note, is that peer-groups were not used in the above
 configuration. If the clients inside a cluster do not have direct IBGP
peers
 among one another and they exchange updates through the RR, peer-goups
 should not be used. If peer groups were to be configured, then a potential
 withdrawal to the source of a route on the RR would be sent to all clients
 inside the cluster and could cause problems.

 The router sub-command bgp client-to-client reflection is enabled by
default
 on the RR. If BGP client-to-client reflection were turned off on the RR
and
 redundant BGP peering was made between the clients, then using peer groups
 would be alright.

 Does anyone know what they mean? I know in IOS versions 12.0 and lower
there
 were issues with route reflection using peer groups, but I am trying to
 figure out what they are trying to say here. What do they mean by a
 potential withdrawal to the source of a route on the RR? Any help would be
 appreciated.

 Guy H. Lupi
 NOC Engineer
 Eureka GGN
 270 Madison Avenue, 5th Floor
 NY, NY 10016




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=23823t=23765
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Design Question - Spanning-tree Protocol. [7:23614]

[Henry D.]

Hmm, I think your STP/EtherChannel might be misconfigured. EtherChannel
should be
treated as a single logical link. With an STP running on top of it your both
links
should be forwarding. So in case one of the physical links fails, there is
no
need to re-calculate anything with STP.
Are you sure they are configured for etherchannel and not just trunking ?


Urooj's Hi-speed Internet  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi Folks,
 I have a design in which Cisco 3548 XL's are GBIC-stacked on various
floors
 of a campus and are uplinked to a core Cat 6509 switch. The uplink from
 every floor stack is ether-channeled to the core via two parallel
equal-cost
 paths. One uplink path starts forwarding and the other goes into
 blocking mode from each floor stack.

 Here is my confusion... If only one link of a 400 MBps full-duplex
 ether-channel fails from the forwarding path , will it invoke
spanning-tree
 recalculation ??? Or will the 'now' sub-optimal path still remain in
 forwarding mode and the now more-bandwidth path remain in blocking mode
???

 Since spanning-tree recalculation causes a lot of ripples throughout the
 switched network, I would assume that the latter were true. However, I
would
 like to hear views from people who would think that the former scenario is
 more probable.

 Thanks very much.

 Aziz




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=23637t=23614
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IPX transport control [7:23389]

[Henry D.]

My wife works for a pretty big Enterprise company. They have about
300 sites, all of them have IPX running. All WAN stuff is IPX EIGRP in
addition to IP and some SNA. To me it would suggest that bigger Enterprise
companies are still in need for network people with good IPX understanding,
especially those who know how to control it :)
This may be considered by some a legacy stuff, but legacy is what makes
those
who know it even more valuable...


Priscilla Oppenheimer  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Thanks. That sounds right to me. By default the router discards a packet
if
 the IPX hop count reaches 16. But I discovered that you can configure the
 number of hops with the ipx maximum-hops command. There wouldn't be any
 need in a RIP network, because RIP can't learn about a network with 16 or
 more hops. (16 means infinity.) But routers running EIGRP and NLSP can
 learn about paths that are more than 15 hops away, so it might make sense
 in those cases.

 Does anyone care about IPX anymore? IPX RIP? EIGRP for IPX? NLSP for IPX?

 Any feedback would be appreciated. Thanks.

 Priscilla

 At 09:50 PM 10/18/01, Henry D. wrote:
 I'm no expert at this but from I was able to get from cisco's web site is
 that the router discards the packet if the control field is set to 16 or
up
 for ipx rip.
 In mixed environment, with both NLSP and RIP running, the router might
 have routes of greater than 16 if it learnt those routes using NLSP,the
 important thing
 would be the servers' configuration. If the server supports only RIP,
then
 obviously
 the hop count would still be an issue and the server would discard the
RIP
 update
 with 16 and up. To take the full benefit from NLSP and its hop count
 enhancement
 I'd think one would have to run NLSP in the whole network, including the
 servers.
 
 Again, i'm not experienced with IPX...
 Priscilla Oppenheimer  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   The IPX header has a transport control field which is really a hop
   count. The sender sets it to zero. Each router adds one to it.
  
   Novell documentation used to show it as a 4-bit field with 4 bits
 reserved
   before it. Recent documentation shows it as an 8-bit field. Older
 document
   ion said a router would trash a frame if it arrived with a transport
   control field already at 15 (0x). Recently I read this weird thing
on
   Novell's site:
  
   A RIP router discards the packet if the value in this field is greater
 than
   15.
  
   An NLSP router discards the packet if the value in this field is
greater
   than the value of the Hop Count Limit parameter, which is 127 by
default.
  
   Is this believable? From what we know about the router having two
 separate
   tasks (forwarding and learning the topology), I think the hop-count
 limits
   happen when installing routes. I could believe that RIP and NLSP are
   different. But when a router goes to forward a frame, is it really
going
 to
   behave differently with respect to hop count if it's running NLSP
versus
   RIP? Does it even care which protocol installed the route. The FIB
 probably
   wouldn't even say which protocol installed the route?
  
   Chuck likes to remind us about these differences so maybe he has some
   comments.
  
   Thanks
  
   Priscilla
  
  
  
  
  
   
  
   Priscilla Oppenheimer
   http://www.priscilla.com
 

 Priscilla Oppenheimer
 http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=23517t=23389
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IPX transport control [7:23389]

[Henry D.]

I'm no expert at this but from I was able to get from cisco's web site is
that the router discards the packet if the control field is set to 16 or up
for ipx rip.
In mixed environment, with both NLSP and RIP running, the router might
have routes of greater than 16 if it learnt those routes using NLSP,the
important thing
would be the servers' configuration. If the server supports only RIP, then
obviously
the hop count would still be an issue and the server would discard the RIP
update
with 16 and up. To take the full benefit from NLSP and its hop count
enhancement
I'd think one would have to run NLSP in the whole network, including the
servers.

Again, i'm not experienced with IPX...
Priscilla Oppenheimer  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 The IPX header has a transport control field which is really a hop
 count. The sender sets it to zero. Each router adds one to it.

 Novell documentation used to show it as a 4-bit field with 4 bits reserved
 before it. Recent documentation shows it as an 8-bit field. Older document
 ion said a router would trash a frame if it arrived with a transport
 control field already at 15 (0x). Recently I read this weird thing on
 Novell's site:

 A RIP router discards the packet if the value in this field is greater
than
 15.

 An NLSP router discards the packet if the value in this field is greater
 than the value of the Hop Count Limit parameter, which is 127 by default.

 Is this believable? From what we know about the router having two separate
 tasks (forwarding and learning the topology), I think the hop-count limits
 happen when installing routes. I could believe that RIP and NLSP are
 different. But when a router goes to forward a frame, is it really going
to
 behave differently with respect to hop count if it's running NLSP versus
 RIP? Does it even care which protocol installed the route. The FIB
probably
 wouldn't even say which protocol installed the route?

 Chuck likes to remind us about these differences so maybe he has some
 comments.

 Thanks

 Priscilla





 

 Priscilla Oppenheimer
 http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=23466t=23389
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Linux Syslogd and multiple device question [7:21910]

[Henry D.]

Install syslog-ng, much better for handling what you're describing.

Telemachus Luu  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi,

 I have multiple nodes and have set up logging to a syslog server.
 Currently, in my /etc/syslog.conf, I have local0.debug through
local7.debug
 being used writing to separate log files.  On the first 8 devices, I have
 set logging facility local0 throught local7 for each device accordingly.
 However, how can I setup logging for the device beyond the 8th?  I know I
 can setup the same facility and parse out the info by IP, but I would
prefer
 to have separate files for each device.  Any suggestions?

 Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=21928t=21910
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Tacacs [7:2602]

[Henry D.]

I'm not an expert in TACACS but I know you can have more than 1 server
specified in the routers. I mainly used it just for authentication, in which
case there was no problem whatsoever with this setup. If first specified
server is not reachable, the other is being used.
I don't think there would be an issue if I used authorization/accounting
features either. There would simply be no need to try to fall back to the
main server in case it came up while using the backup server on the current
session.

BTW, what do you mean by terminating L2F tunnels ?
Do you just authenticate, or you also use the authorization/accounting
features on the tunnel ?
If so, could you elaborate a bit more on this topic ?


Kevin Wigle  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Dear Group,

 A Tacacs question.

 Is it possible to configure Tacacs+ to use 2 different home gateways?

 Specifically, gate1 to be used to terminate L2F tunnels.

 If that fails, use gate2.

 And, another question if that is possible..

 When gate1 is reachable again, will the users on gate2 be disconnected or
 stay
 there until they disconnect while new connections go to gate1 again?

 tia

 Kevin Wigle
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=2630t=2602
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Need your opinion

[Henry D]

Hi all,

Need your opinion here. Currently I'm (quite paper)
CCNP. I don't have home lab nor any OSPF and BGP real
world experience. I have limited experience in frame
relay, RIP, EIGRP. Now if I take all CCIE related
courses (OSPF  BGP workshop, ECP1, CCIE preparation
training from horizon-mts, Cvoice, CATM, etc, take one
week CCIE prep lab), and spare 3 times lab exams, what
do you think of my chance to become CCIE ?

Thank's for any input. 



__
Do You Yahoo!?
Yahoo! Photos - Share your holiday photos online!
http://photos.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]