VOIP Class Recommendation [7:73480]
Does anyone have any recommendations for taking a class/training on the VOIP stuff ? I'm looking for something Cisco oriented, but if someone has something good to recommend on more general implementation options, and design for different protocols like SIP/H.323/MGCP, etc, that would be good too. Basically I'm looking to get more familiar with the AS53xx series, the interconnections with PSTN, gatekeeper, SIP proxies, added value services, etc. Not looking for CIPT stuff, but rather gateway type solutions. Thanks so much ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73480t=73480 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: netbios [7:71084]
Since your question already assumes these port ranges, it would mean your question is really whether NetBIOS over TCP/IP can be routed. And as such, it can, just like any other IP traffic. koh jef wrote in message news:[EMAIL PROTECTED] hi guys, can netbios,using port 137, 138 and 139 be routed thru WAN ??? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71105t=71084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Beta exams [7:70659]
To be honest, I don't like them :-( I took few beta exams and never got to pass any of them. When I went for the final version once available, I had no problems clearing any of them. And I don't think the problem was with my preparations either. The few exams I took were rather poorly structured, with many questions having multiple right answers. Literally, you could have a question and 4 answers, with 2 of the answers being exactly the same, how do they score that beats me. So, my advice, if you get it for free, go ahead and test yourself but if you have to pay anything, save yourself the few bucks and time and prepare for the final thing. Rodrigo Baldez wrote in message news:[EMAIL PROTECTED] Just a curiosity.. What are the most diferences between the normal cisco exams and the temporary beta ones? Besides the price, are they more difficult? More questions? I heard that you don4t receive a grade when you finishes any beta, and so you can only know few weeks ahead is that true? Regars, rodrigo Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70682t=70659 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help with Cisco 3745 configuration [7:69765]
hmm, let's not forget we're not routing just for the routing sake. There is much more then just setting up these few routers to make them talk to each other. What will be routed data wise, what type of connectivity, applications, topology, protocols, business requirements, etc, etc. If you understand all that, and have some prior Cisco experience you might be able to pull it off without sepending too much time on the project. But if not, and your skills are lacking (whether router or design) then $5500 might be the way to go. Unless of course that fee doesn't cover the planning/investigaiton/design steps then you might be better off spending time on it yourself and re-learning/refreshing your skills. How much is your day's work actually worth ? :-) Add it all up and see what's better for you or your employer :-) J B wrote in message news:[EMAIL PROTECTED] Hi, Everyone I just been awarded the responsibility of installing 4 3745 Cisco routers. The local phone company wanted $5500 dollars for the installation and my employer thinks is to much. I was looking at the Cisco website for sample configurations but I couldn't find them. I need to share the T1 channels link for voice and data. I haven't done Cisco for like 2 years. Can someone help me with some guidance to find some information in how to do that. Thanks JBary Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69791t=69765 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: A career in MPLS..... [7:66609]
Let me say up front, I don't have much experience in MPLS, I have only played with it in the lab and not all that extensively either. But CN is simply trying to get an idea of what to expect to go that road. Is nrf saying not to advance in this field by studying Cisco's way of emphasising MPLS ? You know, we all have our doubts, he's brave enough to come to this group and ask questions. As far as L3VPN's, why not concentrate on that at least to start with. It's still one reason to do the MPLS thing. By just doing that he'll need to touch on many aspects of MPLS anyway. He will still use either LDP or RSVP, he still will use the LSP establishment, he might as well learn the TE options available for establishment of those LSP's. He'll need to learn how to use the LSP's for pushing traffic over them. He'll learn what and how the labels get pushed/popped. Then why not study it that way. He's not advancing his MPLS skills, he might not have any yet. He's simply trying to see if he will be able to utilize any of the skills he will have to learn to make it worth it his while. Well, maybe someone else with more experience in MPLS arena and someone more objective can give a better insight as to whether there is a demand for these skills. nrf wrote in message news:[EMAIL PROTECTED] Cisco Nuts wrote in message news:[EMAIL PROTECTED] Hello group, How does one feel about a career in MPLS...I mean doing MPLS as part of your core job day in and out.Is it worth it? Since our network does not use MPLS (maybe never will) inspite of being one of the Big Four Tier 1 SP's Let me guess. Do you work for Sprint? are there other SP's that use MPLS in their backbone?? Yeah, there are some. I have just given myself a month or so break from my CCIE Lab Prep.(yeah!yeah! most would consider me stupid on this) to study MPLS for the CCIP and am thinking if I should pursue this subject just like I did for BGP.know it inside out cold.and maybe consider a new career/job in MPLS (obviously along with BGP, MBGP, MCast etc...) Does anyone know of how MPLS is viewed out there? I mean, in terms of implementation, popularity and last but not the least , $$$ ??? ;-Which of the Big SP's or Enterprise networks have implemented MPLS? Has it been worth the advantages that MPLS proposes??Thank you.Sincerely,CN The way I see it is this. MPLS is potentially powerful technology for it can be used as a lingua-franca among a carrier's network and transport layer and also as a way to impose circuit-switching discipline upon IP and therefore offer circuit-switching services with a pure IP network. But MPLS is by no means a slam-dunk. Certain carriers, most notably Sprint, have elected not to go down the MPLS path because they believe the technology is immature (and they are correct) and also because they believe that they can garner the benefits of MPLS by other means (also correct). The point is that while MPLS offers great potential, it also presents problems, so implementing it is not a no-brainer. And furthermore, I don't particularly like the way that Cisco is pushing MPLS, particularly in its cert program. In my opinion, I think Cisco's cert programs emphasize the least useful parts of MPLS while neglecting the more useful parts. For example, I don't understand why Cisco pushes LDP the way it does, for LDP merely builds LSP's that correspond to the route table, but what's so useful about having LDP's that look like the route table? It is far more useful to build LSP's that differ from the route table, but the methods of doing that are not really covered very much (if at all) in the Cisco curricula. Also, I don't understand why Cisco places such an emphasis on L3VPN's, as if L3VPNs were the only important service that MPLS enables. L3VPN's are only one of the new services that you can enable, and in my opinion, one of the less important ones. Far more important are the L2VPN capabilities and the ability to unify IP, ATM, and optical into a single management plane.The point I'm making is that if you merely study MPLS according to the Cisco curricula, you really haven't learned much about it that's actually useful. Add photos to your messages with MSN 8. Get 2 months FREE*. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66628t=66609 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: A career in MPLS..... [7:66609]
I don't mean to start any type of argument here, especially with someone who obviously has more experience than I do. Yes, you've been contributing to this study group many times. But also many times your contributions are rather rethorical than practical and at the same time you seem to draw attention to what your opinion is rather than to give an educated and objective view backed by any type of real life examples. So yes, I'm saying that some times you don't quite stick to the subject at hand. I don't see how your view on Cisco's curriculum in re to MPLS can be taken seriously without you putting actual examples of how you came to that conclusion. Even if the knowledge required for achieving Cisco's recognition in re to MPLS was not as advanced as one would hope, shouldn't we look at positives of the whole process ? There are still things to be learnt, and emphasising them rather than the weaknesses would be a better idea. You won't become an expert just by passing the test or taking a trainig class, but at the same token, you can still learn a lot while achieving those CCXX goals. Anyway, I'm sure there will be a good response coming, so let me be done with this subject. I had an early start today and I'm tired now. Good night ! nrf wrote in message news:[EMAIL PROTECTED] Henry D. wrote in message news:[EMAIL PROTECTED] Let me say up front, I don't have much experience in MPLS, I have only played with it in the lab and not all that extensively either. But CN is simply trying to get an idea of what to expect to go that road. I believe that was precisely what I answered. Is nrf saying not to advance in this field by studying Cisco's way of emphasising MPLS ? What I said is that if you want to advance in that field, you will need substantially more than what Cisco wants you to know about it. Read my post again. You know, we all have our doubts, he's brave enough to come to this group and ask questions. As far as L3VPN's, why not concentrate on that at least to start with. I never said not to learn L3VPN's. Read my post again. What I said is that study of L3VPN's shouldn't be emphasized to the degree that Cisco seems to emphasize it. It's still one reason to do the MPLS thing. By just doing that he'll need to touch on many aspects of MPLS anyway. He will still use either LDP or RSVP, he still will use the LSP establishment, he might as well learn the TE options available for establishment of those LSP's. He'll need to learn how to use the LSP's for pushing traffic over them. He'll learn what and how the labels get pushed/popped. Then why not study it that way. He's not advancing his MPLS skills, he might not have any yet. He's simply trying to see if he will be able to utilize any of the skills he will have to learn to make it worth it his while. No doubt all learning is good. Again, read my post again. I never said that he shouldn't learn it. What I said is that he shouldn't necessarily learn it the Cisco way. Well, maybe someone else with more experience in MPLS arena and someone more objective can give a better insight as to whether there is a demand for these skills. Are you implying that I'm not objective - that I have some kind of agenda? nrf wrote in message news:[EMAIL PROTECTED] Cisco Nuts wrote in message news:[EMAIL PROTECTED] Hello group, How does one feel about a career in MPLS...I mean doing MPLS as part of your core job day in and out.Is it worth it? Since our network does not use MPLS (maybe never will) inspite of being one of the Big Four Tier 1 SP's Let me guess. Do you work for Sprint? are there other SP's that use MPLS in their backbone?? Yeah, there are some. I have just given myself a month or so break from my CCIE Lab Prep.(yeah!yeah! most would consider me stupid on this) to study MPLS for the CCIP and am thinking if I should pursue this subject just like I did for BGP.know it inside out cold.and maybe consider a new career/job in MPLS (obviously along with BGP, MBGP, MCast etc...) Does anyone know of how MPLS is viewed out there? I mean, in terms of implementation, popularity and last but not the least , $$$ ??? ;-Which of the Big SP's or Enterprise networks have implemented MPLS? Has it been worth the advantages that MPLS proposes??Thank you.Sincerely,CN The way I see it is this. MPLS is potentially powerful technology for it can be used as a lingua-franca among a carrier's network and transport layer and also as a way to impose circuit-switching discipline upon IP and therefore offer circuit-switching services with a pure IP network. But MPLS is by no means a slam-dunk. Certain carriers, most notably Sprint, have elected not to go down the MPLS path because they believe the technology is immature (and they are correct) and also
Re: This is even better - RIP / OSPF redistribution [7:66057]
hmm, don't know the whole story, but once you redistribute ospf into rip and you mess up filtering on the interface, wouldn't that allow you to see the redistributed routes on the router connecting to that interface ? It's just another way to see whether what you implemented actually does work... The Long and Winding Road wrote in message news:[EMAIL PROTECTED] Again, a CCIE practice lab - R5 - the task calls for mutual redistribution of OSPF and RIP The next task says that no routes are to be advertised out the RIP interface - only in. So tell me, why are we even bothering with the OSPF into RIP redistribution? I'm not sure I can fall asleep tonight, I'm laughing so hard. Goodnight. -- TANSTAAFL there ain't no such thing as a free lunch Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66084t=66057 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Getting out of hand?? [7:65676]
Peter, I have many times come to the similar conclusion in regards to Cisco's ways of screwing up the whole certification recognition. It's no more one of the ways to validate individual's knowledge of technologies and Cisco products...However, as hard as I have worked to get the # I don't think I can afford to simply not recertify. Sure, there may be no reson right now as I'm still employed, but I might need it later on. The cert is still one of the things people look at before deciding to invite you for the interview, I don't necessarily say this is good, but that's what it is and at least for that one reason it makes it worth it to recertify for me. Well, don't get too discouraged.. Peter van Oene wrote in message news:[EMAIL PROTECTED] At 07:31 PM 3/18/2003 +, Priscilla Oppenheimer wrote: Maccubbin, Duncan wrote: How is the industry supposed to keep up with this?? What's the issue? Not sure I'm seeing your point. What's wrong with Cisco announcing that their product received some sort of certificaton? Exactly.. I think the poster mistook the possibly ambiguous announcement as yet another CCXX cert. Now, if you were concerned that Cisco has too many ways for people to get certified and that the situation is getting out of hand, I might agree. I really am surprised at how many folks pour their heart/money into getting one after another. I'm also amazed at how many folks will try and devote a good portion of interview time to showing me their various certificates. After the first couple I pretty much grasp that you have enough short term memory to get through a multiple choice exam and we should really get back to talking about technologies. Cisco makes big bucks on these certifications. The recert requirements create a beautiful residual revenue stream making this business unit very attractive internally to Cisco. Since they doubled the cost of the CCIE recert, purely for profit, I have decided to let my certification lapse vs give in to this obvious cash grab. Kudos to Cisco for making their VAR channels one of their more lucrative revenue sources. Priscilla Cisco also announced today highly prestigious certification support across the entire PIX Family of security appliances. Certifications earned include the Common Criteria Evaluation Assurance Level 4 (EAL4) certification, and both ICSA Labs firewall and IPSec certifications. These certifications provide customers with independent and objective validation that a company's product meets certain levels of quality and reliability, and are among the industry's most respected and stringent criteria for certification. Providing customers broad certification support across the Cisco PIX family within a common operating system increases operational efficiencies and lowers support and management costs. Duncan Maccubbin US Network Support, Cable and Wireless CCNA, CCNP, CSS1, MCSE4 Work (703)287-6975 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65744t=65676 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: I see Cisco still hasn't fixed that bug [7:64813]
Chuck, you might want to read up on classful properties of this command...here's a tip: http://www.cisco.com/en/US/customer/tech/tk648/tk365/technologies_tech_note0 9186a0080094374.shtml#ipnetwork The Long and Winding Road wrote in message news:[EMAIL PROTECTED] you know the one. you're working with subnets of a classful network. let's say 10.0.0.0. you enter the command ip default-network 10.1.1.0 and what shows up in the running config is ip route 10.0.0.0 255.0.0.0 10.1.1.0. Then try as you might, the command no ip route 10.0.0.0 255.0.0.0 10.1.1.0 does not work. The error message states there is no matching route. Have to reload before you can get the command to take. This one has been the bane of many a poor CCIE Lab candidate. Maybe that's why Cisco leaves it in there. -- TANSTAAFL there ain't no such thing as a free lunch Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64869t=64813 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Best Book/DOCs on MPLS [7:64257]
I dunno about best but there are some titles published by Cisco Press www.ciscopress.com , also www.juniper.net has some good papers. Besides that, there are many web sites out there that cover the subject and the nitty-griddy RFC's :-) wrote in message news:[EMAIL PROTECTED] Hi All, Dose anyone recommend a good book on MPLS or dose anyone know a good link. Thanks Tarry Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64303t=64257 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Who likes BGP? [7:64132]
I agree with the part that there are many human related problems with BGP configs and policies implementations. But that's the case with other protocols as well. In BGP's case it's probably showing more of people's carelesness or misunderstanding of the working of the protocol since as you mentioned there are rare instances of protocol implementations besides the Internet. All the things you can implement facing the customer are fine and dandy, you can protect yourself and the customer has to adhere to certain policies as well. I think there is a problem with the scope of some networks, if you have to deal with filtering and such of hundreds or thousands of prefixes then you will see there is a good chance for mistakes. This is probably even more a case with inter-provider peerings, where you are really limited to what you can do as the work load on you would be quite substantial. Even if you did the proper work, there are cases for updates and revisiting where you can run into additional problems. All in all, I don't think the problem is with the protocol, it's the diveristy of the networks that need to be supported, lack of consistent information and obviously the human factor. Logan, Harold wrote in message news:[EMAIL PROTECTED] In my uneducated opinion, it seems to me like there are much larger concerns out there than BGP security. I say uneducated because I haven't worked for an ISP, nor have I worked for any other organization that would run BGP. My BGP experience consists of reading and lab work, that's it. I'm a Cisco Network Academy instructor, and the majority of my experience is from lab work and consulting. I'm teaching my first CCNP Routing class starting next week, so any input from those in the know would be appreciated. Hell, I'll appreciate input from those not in the know, I'm not picky... just don't expect me to take it as gospel truth. When I tell a router to peer with another BGP speaker, I can put restrictions on it. I can tell it what AS paths I'll accept from that peer, and what prefixes I'll accept from that peer. If I'm an ISP peering with a customer who has the class C network 210.5.5.0 assigned to them, do I not have a responsibility to configure my BGP router to ignore any BGP advertisements from that customer that are not advertising 210.5.5.0? I know that no one is going to hold me to it, it's not like the IETF has a squad of mercenaries who are going to kick the door in and check my configs, but doesn't that responsibility fall to both the customer and the ISP? Sorry if I'm off base here, but that's my basic understanding of how things work; the customer has a responsibility to only advertise their networks, and the ISP has a responsibility to only accept advertisements for that customer's networks. Does the same relationship exist among ISPs, or do things get too complex to filter updates at that point? It seems like the security hole in BGP is the human that configures a BGP router to accept any route it gets. Thoughts? Hal Logan CCAI, CCDP, CCNP: Voice Network Specialist / Adjunct Faculty Computing Engineering Technology Manatee Community College -Original Message- From: Edwin R. Gonzalez [mailto:[EMAIL PROTECTED] Sent: Friday, February 28, 2003 11:39 PM To: [EMAIL PROTECTED] Subject: Who likes BGP? [7:64132] Hey, It's your friendly neighborhood CISCO MAN! Sorry, it's Friday night, I'm still at work with a coffee buzz that might last me until the morning. I came across this article that might be of interest to some people, check it out; http://news.com.com/2100-1009-990608.html?tag=fd_lede1_hed -- _ The harder you work, the luckier you get! _ The only place success comes before work is in the dictionary!!! _ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64167t=64132 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can you claim Cisco Tests as a tax exemption? [7:64042]
I suppose if you're able to itemize deductions there should be no problem, I do it all the time, that also includes books, any travel expenses related to taking the exams or improving my professional skills, buying the equipment, etc. As long as you have a prove, such as credit crad statements you should be good to go. Mossburg, Geoff (MAN-Corporate) wrote in message news:[EMAIL PROTECTED] Does anyone know if it's legal to claim the price of a Cisco test and/or Cisco class as an exemption on your Federal taxes? From what I'm reading in the IRS's Publication 529, Miscellaneous Deductions, it sure seems like it! Geoff Mossburg Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64102t=64042 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MBGP/MPLS VPN question [7:64036]
I don't think they should have a problem. The VRF should be created just for you so there should be no conflict. I never used this service from any of my providers so I cannot be certain. But as far as I'm concerned they shouldn't even care what addressing you're using between the sites. They provide the tunnel and shouldn't care much for your addressing scheme unless you ask them too, and as long as your contract is properly setup I think it would be no big deal. Lo Ching wrote in message news:[EMAIL PROTECTED] Dear All, We have some ip address that use internally,eg, 30.x or 40.x but it is not in private address range. Can I still use this range when connect to the IP-VPN provider that using MPLS technology? I know that MPLS can allow overlapping of customer address by using VRF and RD. I wonder any technical conflict issue on Normal BGP in this case. Thanks in advance. rgds, Lo Ching Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64041t=64036 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Loopback Testing [7:63515]
Actually, Frame Relay switches don't forward the loop messages received on local port to the remote port. You can only loop between each end router and it's local Frame Relay switch. So, unless this is a cross-over simulation, you won't be able to achieve end-to-end loop. So, you can do loopback tests between each end router and it's Frame Switch. As long as those tests show fine - and your configuration is correct :-) - and you still have issues it might simply be the telco problem. But most often than not, you gotta prove it to them by running these tests. Curious wrote in message news:[EMAIL PROTECTED] I want to do a loopback testing between my router and a remote router over a Frame Circuit. Tell me what i need to configure Both routers are Cisco 2600 and running 12.0 IOS. thanks, -- Curious MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63526t=63515 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco CWDM Experiences [7:62841]
Actually, this CWDM seems to be Cisco specific and is incompatible with DWDM, looks like mostly because of the wavelengths used in this solution. Cisco has a 2-slot chassis that pretty much you populate with OADM or MUX cards. These cards in turn are crossconnected to switches by SMF and you use special CWDM GBIC's for that. The GBIC's are what provides different lambda. These GBIC's seem to be supported on multiple platforms with proper IOS/CatOS ranging from 2900 to 6500 series. Here's the link: http://www.cisco.com/en/US/customer/netsol/ns110/ns112/ns113/ns197/networkin g_solutions_package.html Looks like mostly plug-n-play as long as proper attenuation is considered and you get the correct modules/GBIC's mix in there. Henry D. wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi everyone, I'm looking at some of the CWDM docs and this solution seems to be a really good (read easy) way to increase the bandwidth between sites with existing SMF. I don't have any DWDM experience, but looking at this solution it would seem you don't need to do much in order to achieve pretty substantial bandwidth increase. Does anyone have any experience with this technology ? Pretty much just looking to see how well this stuff really works in the field. It doesn't seem like you can do much to monitor/manage this solution which kind of makes me skeptical. Any inputs welcomed ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62865t=62841 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco CWDM Experiences [7:62841]
Hi everyone, I'm looking at some of the CWDM docs and this solution seems to be a really good (read easy) way to increase the bandwidth between sites with existing SMF. I don't have any DWDM experience, but looking at this solution it would seem you don't need to do much in order to achieve pretty substantial bandwidth increase. Does anyone have any experience with this technology ? Pretty much just looking to see how well this stuff really works in the field. It doesn't seem like you can do much to monitor/manage this solution which kind of makes me skeptical. Any inputs welcomed ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62841t=62841 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Enterprise Design Probelm / Study [7:61351]
Consider yourself lucky, that's a great thing you get to work on a project of that scale, especially if you get to be one of the major players in putting the puzzle together. I wish I could be part of it as well. Good luck ! The Long and Winding Road wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Have I got a good one! Just got through reading an RFP for a large organization. Over 30 sites, 12,000 ports, and 2000 phones. Complete rebuild of the network LAN and WAN infrastructure. Add to that throwing out all their old PBX and key systems and building for VoIP and video, in addition to current data traffic. New switches, new routers, client asking for generous redundancy. L3 switching up the wazoo ( that's a technical term meaning lotsa money to spend ) The thrill of the design is something else. Customer wants a centralized Call Manager, but also wants certainty in case of failure at any of the usual places. This oughta keep me out of trouble for a few weeks. TTFN Chuck -- TANSTAAFL there ain't no such thing as a free lunch Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61401t=61351 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: catalyst 6513 conversion from cos to ios [7:60388]
I did this a little while back, all worked out pretty well during the process. As long as you follow the doc describing this on CCO you should be ok (I know it's not all that clear but read it few times and you'll get it). I think the problem with this upgrade could be rather poor documentation. You have to make sure you get the right images for your particular platform, making sure you apply proper images in regards to your SUP1/SUP2 and MSFC1/MSFC2 and any other requirements, like the boot image requirement of 12.0.7XE (I think, don't remember now) on MSFC. The setup I used it with had rather simple L2/L3 implementation so I had no major issues with config convertion but I could see that as a problem if your setup is more convulted (if possible, testing it in your lab should be required). Besides, maybe anyone here knows of any such tool to convert a config from CatOS to IOS for 6000 series ??? Good luck ! Thomas wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Has anyone ever converted a catalyst 6513 from COS to IOS. If so did anyone encounter any problems. Any issues I should be aware of. Thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60391t=60388 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic but interesting - RS networking future? [7:59261]
Since we're just throwing out our thoughts here... I tend to disagree, following your logic, if the IP network becomes such a commodity, I think this would just create more jobs for people like us, I mean R/S guys. You seem to think that once the IP network is used for the services such as Voice, the Voice people will have taken the jobs. This may be so to some degree. But from the last few years of my experience, I doubt there will be a data network acting as reliably as PSTN any time soon - as you mention about broadband. For this reason, I think R/S folks with few extra skills will still be in demand for the telcos, someone has to keep on making this thing work, fixing, upgrading, estimating, reporting, understanding data networks, etc. I agree that VOIP on the Net will not change how the telcos work. It's one thing to have a customer use the Internet for placing calls, the customer's expectations are already set low, knowing the Quality will not be as great. But when you pick up the receiver at home, you expect current quality, no delays, no noise, no whatever. Internet is simply too unpredictable for Carrier class Voice. nrf wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The Long and Winding Road wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... right up NRF's alley. Certainly for those considering their futures, something worth considering as part of the mix. http://cookreport.com/11.10.shtml Can't afford the un-snipped version right now, but since I work for a telco, and I recognize the issues described, and have read all the top corporate executive e-mails that are doled out to us worker bees, I enjoyed the counter arguments presented here. There are two parts to this report that I think bear mentioning. One is the future of VoIP. The other is the value (or lack thereof) of present broadband rollouts. VoIP is certainly transforming the way that the PSTN will operate, if slowly (very very slowly). Note, I didn't say voice over the Internet, but rather voice over IP. I believe, for numerous reasons, telcos will choose not to merge their phone services to the Internet, but will rather build out an IP network through which they will deliver services. Stick a telephony feature server on top of a functioning IP network (again, not the Internet, but a private IP network), and you now have a phone system. But that further speaks to the commoditization of IP skills in general and R/S skills specifically. IP networks will simply become a utility, like electric power. How many electric power engineers does a typical company have? Unless you're the electric company, probably zero - electricity is just something that reliably comes out of the wall socket and you use it to plug in your refrigerator. The value-add (ergo the jobs) will go to the people who understand the services that can be layered on top. That's not to say that there will be no jobs for people who know R/S (and only R/S), only that there will be less of them and they will be less pay for them. I do not see a bright future for R/S skills as the IP network becomes more and more commoditized. About broadband - it is absolutely true that the telcos have basically provided something that consumers do not want. Yet I disagree with the idea that the telcos simply need to provide a more symmetric offering to entice consumers. In my experience, consumers do not want broadband regardless of whether it is assymetric or symmetric or whatever. The 2 problems with broadband? Price and reliability. Let's face it, dial is reliable, whereas broadband can and does goes down for weeks at a time (happened to me a bunch of times). Furthermore, the Hart/Winston study showed that most people think that $40-50 a month is too much money to pay. No wonder that despite the fact that broadband is now available at over 80% of households, the take rate for broadband is less than 15% where it is available. Here is the Hart/Winston study. Yes, it's a year old, but not a whole lot has changed in a year. The most damning quote: Forty-eight percent have no interest regardless of price and another 21 percent are willing to pay at most $20 per month... http://www.comptel.org/press/nov29_2001_voices.html The biggest problem with broadband? Simple. There is no mass-market app that actually requires broadband. Most people are perfectly happy with dial. After all, what do they do on the Internet - surf a few pages, send a few emails, do some instant messaging - all low-impact apps. Most regular people (who are mostly nontechnical) simply don't see why they should pay more and put up with a less reliable technology in order to do the things they do a little faster. And again, it's not because they don't know what it means to have a fast connection. A lot of these people work in offices that have good connections, and yet they still don't want it for
Re: Last Minute Thought - OSPF authentication issue? [7:58352]
It would seem you wanted to use md5 authentication but you used plain text authentication keys. In this situation - when there are no md5 authentication keys specified - I think the routers will use null key, meaning no authentication will take place... The Long and Winding Road wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... check this out. R10 -- Neighbor ID Pri State Dead Time Address Interface 222.222.222.7 1 FULL/DR 00:01:58149.22.4.7 Serial0 222.222.222.111 FULL/DR 00:00:38149.22.252.2 Ethernet0 Router_10# interface Serial0 ip address 149.22.4.10 255.255.255.0 encapsulation frame-relay no ip route-cache ip ospf authentication message-digest ip ospf authentication-key 7 qwertyzzyzx R7 - Neighbor ID Pri State Dead Time Address Interface 222.222.222.101 FULL/BDR00:01:57149.22.4.10 Serial1 Router_7# interface Serial1 ip address 149.22.4.7 255.255.255.0 encapsulation frame-relay no ip route-cache ip ospf authentication message-digest ip ospf authentication-key 7 cisco By my reckoning, the adjacency should NOT form because of the mismatched passwords. Both routers have the area 0 authentication message-digest command under the ospf process. This is exactly what I don't want to know at this point in my life :-) -- TANSTAAFL there ain't no such thing as a free lunch Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58353t=58352 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: time needs to be spent on CCIE study [7:55803]
It all depends on many factors. Your learning capabilities, work experience, access to equipment, personal life, etc. You should test yourself and be honest with yourself in your studies. There are materials available on the net in regards to different lab scenarios, some are free and some will cost you money - and you need to spend money. Once you do them and you feel confident with all the technologies as well as the methodology used in figuring out not only technical stuff but also the way the questions are being asked , you'll know you're ready. As you're looking for some more specific time frames, to give you an idea I myself went from very light networking/cisco skills to CCNP/CCDP within 7 months of study. Then another 2 months to CCIE written test. To pass the lab it took more than one try, over 1 year after the written I became CCIE certified. Also, during all this time I was working with Cisco gear in networking field. Some people do it quicker some take longer, I think my time frame would be about average you'd need, but it's just one man's opinion. Paul So wrote in message news:200210171322.NAA10361;groupstudy.com... Hi all, Would like some experience sharing from those who passed their written or lab exam. How long did you prepare before the written exam and how much long before your first lab attempt? How many hours did you study every day and during the weekend? How did you plan your study strategies? I gained my CCNP a year ago and am considering to take on this hardwork towards CCIE. It seems to be difficult to start all over again after a year break. I have read the blueprint and have a list of recommended books and reference, also a list of equipment which should have as home lab. All I need to do now is to create a good study strategy and time allocation plan. I would appreciate any experience you ever had during your studying, they would be absolutely valuable for me. Thanks in advance Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55818t=55803 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: traceroute blocked port [7:53657]
Well if that's the case then you'll have a hard time finding where it's blocked. Ususally, transit providers don't do this, so it should be the ISP/Provider on either end of the connection. However, there are some transit providers, especially in countries where VOIP is prohibited or highly regulated (Middle East for example) that don't allow this type of traffic. Looks like you have more work to do on your hands...:-( Osama Kamal wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am having a problem with a blocked port somewhere on the internet down to my router, my ISP is denying any blocking from their side, is there is any way to know where exactly the port is blocked? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53722t=53657 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: traceroute blocked port [7:53657]
I guess you'd need to have someone from outside claiming that the traceroute is blocked to actually send you the output of the trace, it should show there :-) On the other hand, you might want to try it yourself from other networks. Go to www.traceroute.org, pick a route server/looking glass and try from there. Osama Kamal wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am having a problem with a blocked port somewhere on the internet down to my router, my ISP is denying any blocking from their side, is there is any way to know where exactly the port is blocked? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53659t=53657 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX Failover [7:51491]
Whenever you type a command on the active unit it's being replicated to the standby unit. So yes, it will automatically update standby unit but it's not written to memory unless you write to memory on the active first. Steven A. Ridder wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Speaking of stateful PIX's, if I make a change on 1 PIX, and it has failover on, will it automatically make a change on the other PIX? Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... In article , [EMAIL PROTECTED] says... Hi, In a Stataful configuration, and two PIX are interconnected via a dedicated Failover Fastethernet, in case of the Active unit's Internal interface fails, is there any method to shift traffic to the Standby unit's Internal interface to maintain connectivity, thanks. Leo Best Regards. Not sure what you mean there. That's what failover does unless I'm misunderstanding your question. You configure the main IP address for the interface and you configure a failover address. If the Pix's decide that the active one has a problem (power,interface down etc) the secondary pix takes over the main IP address. If the primary is still contactable it will have the failover IP address on its inside interface. That's why it's safe to telnet to the main IP address and you know that you're on the active Pix, but by console you need to do a show fail to make sure the device you're on is primary active or secondary active before you make changes. Regards, Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51521t=51491 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSPFA Beta Exams [7:50984]
I just came back from taking the first out of 3, MCNS beta. I have no comparison to the 2.0 version, never really was planning to take these tests but since they're free then why not... Anyway, I studied for the test using the MCNS 2.0 Ciscopress book for the last 4 evenings. I can say there is not all that much different on this new exam than what you get from the old book. Just follow the blueprint, I think it really represents the scope of what you need to know for the test. And finally, I think with a little bit of luck I passed this test. Out of 97 questions, there were maybe 5 that didn't make any sense. There were few that I just didn't know answers to, but overall the exam wasn't bad at all. Worth noting again is that there was no options for comments at all. Good luck everyone. Roberts, Larry wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Just curious if anyone else has taken this exam yet? Wanted to see if your opinion of it is the same as mine! This being the first beta I have taken for Cisco, I can only hope the other 2 are better! Thanks Larry Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51056t=50984 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Recertification [7:50372]
Just the written, thank God ! :-) Reza wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello Group, I know that CCIE,s have to recertify every 2 years. For recertification do you have to take the Lab or the Written? Thanks Reza Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50374t=50372 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Serial Interface Bandwidth [7:50381]
That would work if you have integrated CSU, the timeslots would be there. If you connect say with V.35 to an external CSU/DSU then you won't get the timeslot information. The only way to figure out the bandwidth then would be to stress-test the circuit and see how far you can get the bandwidth utilization on this interface. Turpin, Mark wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... A show interface serial 'x' where x = the serial interface's number will tell you a couple things that are important. 1) the 5 minute load average for input/output 2) the timeslots used You can use the timeslots to determine the bandwidth that is technically available, and the load average to get an idea of what is currently being used. hth, -mark -Original Message- From: Curious [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 9:43 AM To: [EMAIL PROTECTED] Subject: Serial Interface Bandwidth [7:50381] I want to know the current bandwidth of my serial Interface of Router. Lets say i have a fractional T1, how would i know what bandwidth i have for my serial interface. thanks, The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50400t=50381 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Experiences? My Road Ahead... [7:50139]
Robert, In 1999 when I started looking into CCNA cert I didn't know much about switching, routing or Cisco equipment all together. I decided to go thru CCNP/CCDP tracks, as my experience was very limited. By late 2001 and after few tries at the lab I got my number. It doesn't require all those years of experience. Having few years of working with the gear and some protocols already, should really help you out. With some dedication and support you can achieve CCIE status within a year or so if you got what it takes :-) And as others have mentioned, this is just a beginning.. Robert D. Cluett wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... All (CCIE's and CCIE Written) I was wondering if you could help me understand what it is I am in for. I have 3 years of experience at tier 3 IP support with Verizon. OSPF mostly. I have experience with various Cisco and Nortel routers and switches. My question is this, knowing OSPF and circuit troublshooting is excellent knowledge, but I know that is only a fraction of what the CCIE demands. I recently passed the CCNA, and have jumped into the studying for the routing exam. The only thing which seems tough is the BGP (I have not touched it before). So, my question is, what can I expect from this road ahead. Is it feasable to eventually obtain my CCIE or is the CCIE for those people who have the 10 years of experience working for an ISP? Any advice would help! Rob Cluett, CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50159t=50139 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can't Disable Spanning Tree on 2980G [7:50009]
John, It might be just a display issue on the switch, I just checked couple of my 6500's and for the VLAN's that have the STP disabled with active ports I see the same results. I think when you plug in a laptop to any available port on the same VLAN you'll see that it doesn't go thru STP phases and automatically goes into forwarding... John Neiberger wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have an interesting problem that I'm not able to resolve. On a particular 2980G I need to completely disable spanning tree. After issuing the command 'set spantree disable all' I would expect not to see any ports participating in STP. However, look at this: SCORP0201-A (enable) show spantree VLAN 1 Spanning tree disabled Bridge ID MAC ADDR 00-08-e2-b3-8c-00 Bridge ID Priority 32768 Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec Port Vlan Port-StateCost Prio Portfast Channel_id - - -- 3/1 1not-connected 100 32 disabled 0 3/2 1not-connected 100 32 disabled 0 3/3 1forwarding 100 32 disabled 0 3/4 1forwarding 100 32 disabled 0 3/5 1not-connected 100 32 disabled 0 3/6 1not-connected 100 32 disabled 0 3/7 1not-connected 100 32 disabled 0 3/8 1not-connected 100 32 disabled 0 3/9 1forwarding 100 32 disabled 0 3/101forwarding 100 32 disabled 0 3/111not-connected 100 32 disabled 0 3/121not-connected 100 32 disabled 0 3/131not-connected 100 32 disabled 0 3/141not-connected 100 32 disabled 0 --More-- Initially it says that STP on VLAN1 is disabled, but then goes on to show several ports in VLAN 1 that are still running spanning tree. STP was successfully disabled on the other VLANs but I just can't get this to go away and we really need to get this done thanks to another annoying issue that no one has resolved yet. We have certain Dell machines that will BSOD if the network isn't immediately available. STP portfast isn't fast enough so I've been disabling STP altogether. Any thoughts on this? Am I missing something very obvious? I've checked CCO and there appears to be no STP-related bugs on the 2948. Unfortunately, they don't have separate info for the 2980G. Thanks, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50025t=50009 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Source quench from network element. [7:49990]
Priscilla, Isn't there statement in the RFC's that Source Quench message should be sent if the host is overwhelmed with data ? Is that really being used in the real world applications ? On the other note, I have seen HP-UX machines keep on responding with these messages to ICMP Echo requests, solution was to apply certain patch. Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... LIM Chin Chye wrote: How can I eliminate a source quench generate by a network element? This element is directly connected to the Cisco 7200 series router, but it replies a error, Source Quench received. when ICMP attempt. The network element replies with Source Quench Received? That doesn't make sense unless you SENT it a Source Quench. You're probably seeing the result of what it sent which was a Source Quench, not Source Quench Received. Appreciate for advices, thanks! What is the network element?? There's probably no easy way to get it to stop sending a Source Quench other than to stop bugging it with your ICMP messages. It's probably built into the operating system on the network element to send source quench when too many messages of a certain type are received. Mac OS used to do this. I don't know what other OSs do it, but if you tell us the OS maybe there's a registry change or something. Per RFC 1821, routers should not send source quench, but end hosts still can per RFC 1122. It's not anything to worry about. You should probably just ignore it. Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50062t=49990 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Here we go again ( Pix 515) [7:49492]
sorry, just couldn't resist - hahaha besides, if you're capable of doing all these multiple things with and on the networks, you're not just an NT guy even though your work title might say that :-) Kevin O'Gilvie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hey, No flames aginst NT admins. In these tuff times Network Admins need to know all FW's, Servers, PC's, Mac's, Switches, Routers, even Cabling.. In order to survive. Like myself!! From: Juan Blanco Reply-To: [EMAIL PROTECTED] To: 'Kevin O'Gilvie' , [EMAIL PROTECTED] Subject: RE: Here we go again ( Pix 515) [7:49492] Date: Thu, 25 Jul 2002 11:14:08 -0400 Team, The way I see it, dhcp on the firewall is only for small number of users, when it comes to mid-size-up network you don't want to use a firewall for a DHCPCan you see an NT administrator making changes in your firewall because he/she is having problems with DHCP(This network will be available to hackers in the Theater near You) My two cents. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin O'Gilvie Sent: Thursday, July 25, 2002 10:27 AM To: [EMAIL PROTECTED] Subject: Re: Here we go again ( Pix 515) [7:49492] I wouldnt put dhcp on the firewall for 300 users. But for 10 or 15 I would. Thanks, -Kevin From: Gaz Reply-To: Gaz To: [EMAIL PROTECTED] Subject: Re: Here we go again ( Pix 515) [7:49492] Date: Wed, 24 Jul 2002 22:37:12 GMT What's everybody's view on using the Pix as a DHCP server? I used it once, only because after arriving on site to install the Pix the customer mentioned that his old Firewall was doing DHCP and he had no plans to do it on anything else. Seemed to go fine, but would like to know if people have come across limitations/issues. I tend to agree with the view Right box for the job, i.e. don't make the Pix do things it's not made for, but if pushed into the situation, how does it compare. Cheers, Gaz Kevin O'Gilvie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Kelly, You are absolutely right, and I love your strategy. That is the way I did it 2 years ago, but the only thing now is finding a vpn solution for the Macs. I used Pix for the PC's last time round but never had to do this for the Mac's. Any ideas? From: Kelly Cobean Reply-To: Kelly Cobean To: [EMAIL PROTECTED] Subject: RE: Here we go again ( Pix 515) [7:49492] Date: Wed, 24 Jul 2002 02:18:38 GMT Man, you aren't asking much, are you? ;-) Ok, here's the order I'd do things in... First things first, get that firewall in place. You don't list what their internet connectivity is, but if they bought a PIX, it's safe to assume that they have a persistent connection, and that being true, they're really hanging it out there for someone to cut off, so to speak. Network security is always a primary concern, and the firewall won't take alot of time to set up. Not setting it up could be very costly. If they already have a light(er)-weight firewall like a Linux host running IP chains or IP tables, replacing this first will save your users down-time later because you can pre-configure your internet rulebase/access in preparation for your private addressing. Next, I'd do the DHCP and Private Addressing. These go hand in hand, and since your firewall is now in place, you can do the NAT/PAT translations as needed and not have to rethink these later. Third, get Exchange up and running. If it's going on a different system than Quick mail is running on, great! Now you can get them running in parallel, and move users accounts over one at a time or in batches. There are probably tools out there to do the mailbox format conversion. Now that your network is secure at layer3/4, you can focus on the nitty-gritty of the user data. (Oh yeah, don't forget that backup!!!) It's a 10,000 foot view, but that's how I'd do it. I'm not really a MAC guy, but I'd venture a guess that most or all of your MAC's run TCP/IP and support DHCP, so from an L3/4 standpoint, they're really no different than your PC's. When doing multiple projects like this, I tend to work along the OSI model. If the wiring is horrible, or the NIC's are all old 10Base2 nics and have transceivers to hook them to your BaseT network, take care of the layer 1 stuff first. Next, if the network is all unmanaged hubs, and your network is one gigantic broadcast domain, start installing switches to quiet down the network. Next, get VLANs/routing/security in place for Layer3/4. Next, work on the upper layers where all of your apps and data live and talk. Just my $0.02 worth. HTH,
Re: Here we go again ( Pix 515) [7:49492]
I haven't used DHCP server on the PIX, reading the documentation it seems you gotta be careful with how many Active Hosts you'll have. Looks like some low end PIX's do only 32 Active Hosts. On the other hand, I suppose the only reason for having PIX do DHCP would be for small offices, where some of these number limitations should be no problem. There are obviously other drawbacks besides any scalability, I wouldn't want my LAN Windows Administrator touch the PIX just because he needs to check/clear the DHCP assignments :-( Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... What's everybody's view on using the Pix as a DHCP server? I used it once, only because after arriving on site to install the Pix the customer mentioned that his old Firewall was doing DHCP and he had no plans to do it on anything else. Seemed to go fine, but would like to know if people have come across limitations/issues. I tend to agree with the view Right box for the job, i.e. don't make the Pix do things it's not made for, but if pushed into the situation, how does it compare. Cheers, Gaz Kevin O'Gilvie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Kelly, You are absolutely right, and I love your strategy. That is the way I did it 2 years ago, but the only thing now is finding a vpn solution for the Macs. I used Pix for the PC's last time round but never had to do this for the Mac's. Any ideas? From: Kelly Cobean Reply-To: Kelly Cobean To: [EMAIL PROTECTED] Subject: RE: Here we go again ( Pix 515) [7:49492] Date: Wed, 24 Jul 2002 02:18:38 GMT Man, you aren't asking much, are you? ;-) Ok, here's the order I'd do things in... First things first, get that firewall in place. You don't list what their internet connectivity is, but if they bought a PIX, it's safe to assume that they have a persistent connection, and that being true, they're really hanging it out there for someone to cut off, so to speak. Network security is always a primary concern, and the firewall won't take alot of time to set up. Not setting it up could be very costly. If they already have a light(er)-weight firewall like a Linux host running IP chains or IP tables, replacing this first will save your users down-time later because you can pre-configure your internet rulebase/access in preparation for your private addressing. Next, I'd do the DHCP and Private Addressing. These go hand in hand, and since your firewall is now in place, you can do the NAT/PAT translations as needed and not have to rethink these later. Third, get Exchange up and running. If it's going on a different system than Quick mail is running on, great! Now you can get them running in parallel, and move users accounts over one at a time or in batches. There are probably tools out there to do the mailbox format conversion. Now that your network is secure at layer3/4, you can focus on the nitty-gritty of the user data. (Oh yeah, don't forget that backup!!!) It's a 10,000 foot view, but that's how I'd do it. I'm not really a MAC guy, but I'd venture a guess that most or all of your MAC's run TCP/IP and support DHCP, so from an L3/4 standpoint, they're really no different than your PC's. When doing multiple projects like this, I tend to work along the OSI model. If the wiring is horrible, or the NIC's are all old 10Base2 nics and have transceivers to hook them to your BaseT network, take care of the layer 1 stuff first. Next, if the network is all unmanaged hubs, and your network is one gigantic broadcast domain, start installing switches to quiet down the network. Next, get VLANs/routing/security in place for Layer3/4. Next, work on the upper layers where all of your apps and data live and talk. Just my $0.02 worth. HTH, Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I Network Engineer ATT Government Solutions, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin O'Gilvie Sent: Tuesday, July 23, 2002 9:07 PM To: [EMAIL PROTECTED] Subject: Here we go again ( Pix 515) [7:49492] Dear All, I am jumping into a similar mess as when I started at my current company, but this time the Macs out number the PC's. Well here is the scoop: 180 Macs 50 PC's Static Ip's No DHCP No FW Quick Mail Server and a whole bunch of other nasty things.. - They just purchases a Pix 515 - They just bought Exchange 5.5 My projects are: Set up DHCP Set up Pix Set up Private Addressing Set up Exchange Migrate them from Quick Mail etc etc I have done this before but maybe you guys can help as to how I should go about this the quickest. Thanks, Kevin _ Send and receive Hotmail on your mobile device: http://mobile.msn.com
Re: Catalyst Switches and CDP [7:48603]
This appears to be a code version issue. I have the same symptoms on the 6509 running 5.5(3)CatOS while another 6509 running 6.3(5) CatOS is showing the neighors by their system names/hostnames. Even though they're not running IOS I think it still relates. It appears to be just a display/cosmetic issue. Or maybe they're trying to force you to go for detail option and all the other good info :-) John Neiberger wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... When displaying cdp neighbors on a switch -- specifically, our new 6513 -- instead of a helpful device name I get a completely worthless device ID. In some cases the hostname of the device is appended to this ID but I'd really like to get rid of it entirely and I haven't figured out how to do this by checking CCO. Is there a way to get the remote device's hostname to show up without the meaningless device ID? Thanks, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48631t=48603 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ATM IMA interface problems [7:47849]
This is going to be of no help to you but when we used these cards to bundle multiple T1's we had nothing good to say about the way it worked. There were multiple issues, i.e looping one T1 would cause the whole bundle to go down. Clearing groups like removing one T1 from the bundle was causing problems as well. After a while we simply trashed the whole thing and went with the actual telco solution from a vendor specializing in this type of setup. I was hoping the issue was the premature realease of the code supporting the feature but hearing it now from you just proves that Cisco doesn't really cut it when it comes to the telco equipment or equivalent :( wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello all, I'm having a problem with my IMA interface on a 7206 running 12.2(5) (c7200-ds-mz.122-5.bin). When I switched from UBR to VBR-NRT the pvc I was working on disappeared from the running config and no data will pass through that circuit. I tried to add the pvc back into the config but all I get is this in the log: %ATM-3-FAILCREATEVC: ATM failed to create VC(VCD=39, VPI=1, VCI=140) on Interface ATM4/ima0, (Cause of the failure: vpi/vci pair already in use) I tried removing the interface and adding it back in with the same results. I've done a 'clear interface' on many frame relay links before with no ill effects but I'm hesistant to do the same thing here since, at times, the IMA interface is another beast altogether from your standard interface. The only other option I'm aware of is to reboot the router which is very difficult because it's right at the core. Has anyone tried the 'clear interface atm4/ima0' command without causing problems or is there another way to clear the vpi/vci config from memory so it will accept the pvc correctly again without rebooting? Thanks!! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47881t=47849 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP NLRI [7:47337]
Think of it as a route with additional info. BGP uses such things as AS number, MED value, communities, etc. NLRI consists of the prefix plus that extra info. rick wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am having some trouble understanding NLRI as opposed to straight network routing updates. Anyone got a pointer to information that might clear up NLRI some? Thanks -- --Rick Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47368t=47337 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question about the 350 series AP [7:45971]
Mine included everything. Roberts, Larry wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... OK, Can someone confirm/deny that the 350 will only accept in-line power? Does it come with the in-line power injector, or is this a separate item? I have read everything I can and all points say it only has in-line power, but none say whether this is included ( I can't image it wouldn't be ) Thanks Larry Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46040t=45971 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX + VPN Router or Just VPN Router? [7:45315]
What you are describing doesn't really make sense. You say you have connections back to the core site from all remotes. If that was the case there would be no reason for the pix at remote sites or an obvious reason for vpn tunnels between remotes and the core site. In that case, you could just put the core pix in front of the core site and the remotes, terminate the remotes before the core pix, and no need for all the other mess. But I have a feeling there is more involved than we know at the moment.:( Jeffrey Reed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am curious about recommendations on remote office connections when VPNs are involved. Today, in two separate occasions I ran into designs that showed remote sites with a small 1720 router and a PIX 506. The 506 terminated one end of a tunnel back to the core PIX and the 1720 facilitated the frame connection. All traffic will be going back to the core, then if needed, to the Internet through the central sites main connection. Why cant you just use the 1720s ability to terminate a tunnel and drop all non-encrypted traffic and eliminate the need for the PIX? This would reduce the costs of both the initial purchase as well as ongoing support. What are the downsides to a design without a PIX at the remote site? Thanks!! Jeff Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45316t=45315 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP's neighbor advertisement-interval command [7:44521]
You're correct, however if there are route changes happening constantly you don't want the router to keep sending updates as it might exhaust the peers. The interval is used so there is a limit of how often the updates are sent regardless of how often the routes actually change. cebuano wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi ,all. Can someone give a better explanation about this BGP command neighbor advertisement-interval? I know you can change the default values of 30 sec for external and 5 sec for internal peers. But I always thought that BGP sends routing updates ONLY when something about the route changes, either an UPDATE or WITHDRAWN message. Any explanation better than CCO or Parkhurst's is greatly appreciated. Elmer Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44531t=44521 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP's neighbor advertisement-interval command [7:44521]
I'm not certain on this one but assuming the same logic I'd say that the advertisement for the prefix with the metric of next-hop changing would take place once, it would trigger a 10 minute countdown, and if there is another change in the metric within the countdown it would send new advertisement with the new metric at the end of the 10 minute interval. From BGP Command reference: This command will cause BGP to advertise a MED that corresponds to the IGP metric associated with the next hop of the route. This command applies to generated, IBGP-, and EBGP-derived routes.If this command is used, multiple BGP speakers in a common autonomous system (AS) can advertise different MEDs for a particular prefix. Also, note that if the IGP metric changes, BGP will readvertise the route every 10 minutes. cebuano wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Henry, Thanks for the verification. Although I'd like to add another command to the picture --- set metric-type internal. The documentation says if the IGP metric changes, BGP will readvertise the route every 10 minutes. There is no mention how long BGP will readvertise the affected routes. Any ideas? Thanks. Elmer - Original Message - From: Henry D. To: Sent: Monday, May 20, 2002 12:04 PM Subject: Re: BGP's neighbor advertisement-interval command [7:44521] You're correct, however if there are route changes happening constantly you don't want the router to keep sending updates as it might exhaust the peers. The interval is used so there is a limit of how often the updates are sent regardless of how often the routes actually change. cebuano wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi ,all. Can someone give a better explanation about this BGP command neighbor advertisement-interval? I know you can change the default values of 30 sec for external and 5 sec for internal peers. But I always thought that BGP sends routing updates ONLY when something about the route changes, either an UPDATE or WITHDRAWN message. Any explanation better than CCO or Parkhurst's is greatly appreciated. Elmer Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44551t=44521 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE in 3-6 Months from cisco Interesting [7:43306]
I agree with all of the people that because of the economy most CCIE's won't see big salaries from few years back. I also agree that paper CCIE doesn't really compare to a paper MCSE, SCSA or whatever else. A CCIE needs to have some hands-on. The problem is that lab testing has little to do with real life environment. On top of that, there is so much info out there on what's being tested on the lab that people have much work cut down for them to pass the tests. This creates a limit of what you really need to know for the lab and how you get to that level, this limit however is not how a CCIE will be judged in real life environment. So, yes the salaries are gone, and yes there are some CCIE's who will have trouble designing a simple network. I think as long as people don't cheat themselves they will know whether they are worthy of this certification. You need to take a look at yourself and forget about the little paper you put on the wall or on your cubicle. The paper means nothing, it's what's in you what really counts. And as far as that goes you can still make a great living being a CCIE ! CCIE #8472 Johnzaggat wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Join Cisco and get CCIE in 3-6 months. Must be a typo. http://www.cisco.com/pcgi-bin/jobs/JobAgent?rm=jobdetailreq_id=703608keywo rds=+ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43336t=43306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: passed MCAST/QOS exam [7:40345]
Congrats ! Reinhold Fischer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... hi all, today i took the multicast and qos exam (640-905). In my opinion it is the hardest of the three exams to achieve the CCIP/MPLS cert. For preparation i have used the Ciscopress 'developing ip multicast networks' book and read up the relevant sections of the Quality of Service Solutions Configuration Guide and the Multicast section of the IP Routing and IP Confguration Config Guide. If i had to take the exam again i would try to get my hands on the original course documentation as there were loads of questions that probably best would be answered with knowledge of the original course text. good luck to you in all your studies ! Cheers Reinhold Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=40367t=40345 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: MPLS in the Enterprise [7:36670]
Interesting, let me also bring few things up here, not that I have much experience in MPLS/VPN but who does ? :-) I suppose one of the problems with this particular service is that not all SP's or Enterprises fully understand the potential, or technology in general. First, SP's might not be able to provide overall cheaper connectivity for the Ent's if their network doesn't span around the existing Ent's POP's. I suppose when considering the service, one needs to realize all the advantages of it and compare it to what they have now. As with any technology, there are many ways to implement it. One might be able to just start the service for interconnecting the HUB locations for example. Another advantage could be the Internet traffic which no more has to travel thru dedicated lines which are shared thru the whole Enterprise. Referring to John's original post, the CE equipment doesn't have to participate in the MPLS, so the MPLS looks like any other connection to the rest of your network. Now, it's a choice or not, depending on the service and possibly other customer requirements, whether CE participates in MPLS. In general, SP would take care of the routing between the sites, the routing would be totally independent of their other MPLS/VPN's or Internet routing which gives the Enterprise traffic protection in the form of invisibility to other SP customers or Internet users when required. It all depends, the best thing is to study the technology and the the details of offerings. I personally have no real time experience in this whole new area but I hope in theory I should be pretty close to what one needs to be aware of. John Neiberger wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... To make things even more interesting... While discussing this with a few different vendors I decided that this particular solution is smoke-and-mirrors, at least in our area. We'd have to buy new point-to-point circuits that all point to a _single_ POP. MPLS isn't even needed in this case because every location would be hitting the same POP! Unless, of course, they have a whole bunch of routers at the POP but then we're really using MPLS to get from one side of the room to the other. We'd be better off simply buying a couple of frame DS3 circuits for our hub and repointing all the branch PVCs to those circuits. Cheaper and we accomplish the same thing without using another vendor and without buying a whole bunch of new circuits. In fact, one vendor that I asked about this proposed this very solution, except he was suggesting we use their facilities. They offered to set up a couple of routers exclusively for our company to connect to. Again, we don't really accomplish much with that solution since we can do that at our own facility if we want to. John On Sat, 9 Mar 2002, Kent Yu ([EMAIL PROTECTED]) wrote: John, I think you brought an interesting topic. With all these pitches about Layer 3 VPN, the question has been bothering me for a while, how many enterprises out there really need to have an any-to-any solution? Less than 0.5% is my guess. Most of the enterprise client/server applications fit into the hub-spoke topology pretty well, really have no reasons to get direct connections among their branches. Theoretically, MPLS should give the service providers the ability to provide more scalable and cheaper fully meshed VPN solution, as the SPs do not have to manage those hundreds of thousands PVCs, ect. From the enterprises' perspective, if this gives them a reliable and affordable alternative to the traditional hub-spoke frame relay network, it sounds attractive, but seems to me all the current implementations are even more expensive, not to mention their reliability probably is no where near the legacy frame network, at least not for a while. The vendors want to sell their MPLS VPN solutions to SPs, the SPs who built the network want to sell it enterprises , but my guess is that 99% enterprises will not buy it, not till... My .02 Kent John Neiberger wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Okay, I'm about to show how clueless I am when it comes to MPLS I've been getting calls from multiple providers lately all trying to suggest that I migrate our 100-site frame relay network to their MPLS network, suggesting that we'll have any-to-any connectivity and the ability to prioritize traffic classes within the MPLS network. Are any of you doing something like this? I'm going to read up on it but I'm having trouble visualizing it. Does this basically turn our network into a giant multipoint network? Do our branch routers need to be aware of MPLS or do providers make this transparent somehow? How does this affect routing? It seems that if we have any-to-any connectivity then the branch routers
Re: More Confused!!! Re: Neighbor commands...Yes or No?? [7:33560]
I think you're still confused. Both physical frame interface and multipoint sub-interface are by default OSPF Non_Broadcast type. This means for OSPF to function you'd need to configure neighbor command in either scenario. With the config you showed on RTA (the HUB router) you wouldn't even be able to ping both spokes as there are no maps defined (aside from missing netmask), and if relying only on inverse-arp, it would map only one spoke and no more. The rule is that inverse-arp will map only one Layer3 to the same Layer2, i.e one IP to DLCI X, one IPX to DLCI X, one IP to DLCI Y, etc. You're showing routes in the spokes, but we really don't know all of the configs when these routes show up in the routing table. What's the configs, output of sh frame-relay pvc, sh frame-relay map ? Cisco Nuts wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... OK, I have finally found out this and concluded that: Neighbor commands are ONLY required in an OSPF point-to-multipoint Non-Broadcast mode in a FR hub-and-spoke topology. Not required in a NBMA mode or any other modefor that matter. From: Cisco Nuts Reply-To: Cisco Nuts To: [EMAIL PROTECTED] Subject: More Confused!!! Re: Neighbor commands...Yes or No?? [7:33547] Date: Tue, 29 Jan 2002 01:38:45 -0500 Hello!! I am even more confused now! :-( Just finished configuring 3 routers in a FR hub-and-spoke topology with OSPF in the default non-broadcast mode with NO neighbor commands on the hub router and FR map commands on both the spokes to get to one another. It works!! I mean without the neighbor commands on the hub router, the spoke routers are learning about the networks on the other spoke, that too in a different area. Why?? Thanks! Here is some output: BTW: RTA is the hub and RTB and RTC the spokes. FR configed. on physical interfaces: RTB routing table: O IA 192.168.10.192/27 [110/70] via 192.168.10.243, 00:01:20, Serial0 O IA 192.168.10.128/26 [110/74] via 192.168.10.243, 00:01:20, Serial0 RTA config: RTA#sh ru int s0 Building configuration... Current configuration : 214 bytes ! interface Serial0 bandwidth 1544 ip address 192.168.10.241 255.255 encapsulation frame-relay ip ospf priority 10 logging event subif-link-status logging event dlci-status-change no fair-queue end RTC routing table: O IA 192.168.10.64/26 [110/74] via 192.168.10.241, 00:17:50, Serial0 O IA 192.168.10.0/26 [110/74] via 192.168.10.242, 00:17:50, Serial0 From: Henry Dziewa To: Cisco Nuts Subject: Re: Neighbor commands...Yes or No?? [7:33486] Date: Mon, 28 Jan 2002 20:11:07 -0500 Well, it's your loss:) Hub and spoke, in order for the spoke to talk to another spoke you need to map the remote spoke's IP to the same DLCI used for mapping to HUB router on both spokes. The HUB router already has the mapping to both so it knows where everyone is. By default, physical frame interfaces are ospf non-broadcast, this means that you'd need to configure neighbor statement, preferably on the HUB router. - Original Message - From: Cisco Nuts To: Sent: Monday, January 28, 2002 3:42 PM Subject: Re: Neighbor commands...Yes or No?? [7:33486] And that's exactly what I am asking my friend. First, it's the layer 2 issue..that of fr map statements to get from onespoke to another via the hubaka Mr. Caslow. And there is the ospf issue of either issuing the neighbor commands or not in the default non-broadcast mode when using physical fr intfs. Is it one of both? And that is the confusing issue for me. :-) Can you help? From: Henry D. Reply-To: Henry D. To: [EMAIL PROTECTED] Subject: Re: Neighbor commands...Yes or No?? [7:33486] Date: Mon, 28 Jan 2002 14:38:06 -0500 There are 2 different issues. 1. Layer 2 to Layer 3 mapping. 2. Routing You need to separate these 2 in order to understand how it all works. If I gave you all the answers then it wouldn't be fair to you as you need to grasp it for yourself, especially if planning to gor for CCIE. Cisco Nuts wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello, Would someone clarify this for me as I am getting very confused :-( In a Frame-Relay hub-and-spoke config. using physical interfaces and frame-relay map statements at the spokes and using OSPF, do we need to configure neighbor commands? Yes or No? From what I understand, OSPF works in a Non-Broadcast mode by default and neighbor commands are only needed if not a full-mesh. In this case, will the frame-relay map commands suffice to get from one spoke to another thru the hub router? Thank you. _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx archives, and subscription info: http://ww
Re: MD5 encrypting vty passords [7:33533]
That specifies type 7 encryption, you can enable it before or after you configured your vty's. enable secret is used to enter password which will be encrypted with MD5. If using MD5 don't use it in conjunction with enable password command as that would create another enable password and would make your MD5 password as prone to discoveries as type 7. bergenpeak wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Is the MD5 encryption used when one enables the service password-encryption before entering the vty password? What encryption mechanism is used when a password is entered as type 7? Thanks Henry D. wrote: It's not possible to use MD5 on vty's. I suppose the reason would be that MD5 enable password is not all that much more secure than type 7 passwords. When you type them they both are being sent over the network in clear text anyway. The only reason for using MD5 would be so anyone who sees your config wouldn't be able to crack the MD5 password as easily as type 7. But on the other hand, if you have access to the config, you're either already in enabled mode or you store it in insecure place. If insecure place then there may be other ways to break into or your equipment anyways. You see, there is no perfect simple solution, you got to rely on many steps to protect what needs to be protected. Charlie Wehner wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Is there any way to MD5 encrypt vty passords? If so, how? If not, why not? Thanks, Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33564t=33533 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Backdoor! Lab on Friday, Please HELP! [7:33423]
I suspect your ISIS between Glori and Bilbo is either not working or this specific route is not exchanged with ISIS. Can we see the whole config for these bad boys ? Also, what happens when you shut the BGP session between Bilbo and Elrand, do you get the ISIS route then ? You don't need backdoor command on Erland either. Wilson, Christian wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am struggling with BGP backdoor. I seem to get the more complicated aspects of BGP, but this backdoor command is really getting me down. I test on Friday and would appreciate any help. In the configs below, BILBO and GLORI have EBGP connections to ELROND. BILBO and GLORI have a ISIS connection between each other. ISIS is actually running on all the routers as an IGP. All the routers know about the network 3.0.0.0 from ISIS. GLORI injects 3.0.0.0 into BGP using the network command and the update is sent across the EBGP connection to ELROND, who in turn passes the update across his EBGP connection to BILBO. BILBO has the network 3.0.0.0 backdoor added to his configuration, but the BGP route still appears in the routing table instead of the ISIS route. I have omitted a lot of the config files because they are huge and harsh to read through, but I tried to include all relevant text. I have tried this so many ways and times that I am beginning to have doubts about myself since such a seemingly simple task is stumping me. Please help!! hostname Bilbo interface Serial0/0 no ip address encapsulation frame-relay ! interface Serial0/0.1 multipoint ip address 150.150.10.1 255.255.255.0 ip router isis ip ospf network point-to-multipoint ! interface Serial0/0.2 point-to-point ip address 150.150.20.1 255.255.255.0 ip router isis ipx network 200 ipx nlsp a1 enable frame-relay interface-dlci 940 ! router bgp 100 network 3.0.0.0 backdoor neighbor 150.150.20.2 remote-as 200 Bilbo#b BGP table version is 2, local router ID is 200.200.9.1 Status codes: s suppressed, d damped, h history, * valid, best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next HopMetric LocPrf Weight Path * 3.0.0.0 150.150.20.2 0 200 300 i Bilbo#i i L2 1.0.0.0/8 [115/20] via 150.150.20.2, Serial0/0.2 C2.0.0.0/8 is directly connected, Virtual-TokenRing2 B3.0.0.0/8 [20/0] via 150.150.20.2, 00:26:45 i L2 4.0.0.0/8 [115/20] via 150.150.10.2, Serial0/0.1 O E1 5.0.0.0/8 [110/128] via 150.150.10.3, 00:29:29, Serial0/0.1 O E1 200.200.220.0/24 [110/128] via 150.150.10.3, 00:29:29, Serial0/0.1 hostname Elrond interface Serial0/0.1 point-to-point ip address 150.150.20.2 255.255.255.0 no ip directed-broadcast ip router isis ipx network 200 interface Serial0/0.3 point-to-point ip address 150.150.21.1 255.255.255.0 no ip directed-broadcast ip router isis ipx network 21 router bgp 200 network 3.0.0.0 backdoor neighbor 150.150.20.1 remote-as 100 neighbor 150.150.21.2 remote-as 300 Elrond#b BGP table version is 2, local router ID is 200.200.240.1 Status codes: s suppressed, d damped, h history, * valid, best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next HopMetric LocPrf Weight Path * 3.0.0.0 150.150.21.2 0 0 300 i hostname GLORI interface Serial0/0 ip address 150.150.10.2 255.255.255.0 no ip directed-broadcast ip router isis encapsulation frame-relay interface Serial0/0.2 point-to-point ip address 150.150.21.2 255.255.255.0 no ip directed-broadcast ip router isis ipx network 21 router bgp 300 network 3.0.0.0 neighbor 150.150.21.1 remote-as 200 GLORI#b BGP table version is 2, local router ID is 200.200.230.1 Status codes: s suppressed, d damped, h history, * valid, best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next HopMetric LocPrf Weight Path * 3.0.0.0 0.0.0.0 0 32768 i GLORI#i i L2 1.0.0.0/8 [115/30] via 150.150.10.1, Serial0/0 C3.0.0.0/8 is directly connected, Virtual-TokenRing3 C4.0.0.0/8 is directly connected, Virtual-TokenRing4 i L2 5.0.0.0/8 [115/84] via 150.150.10.1, Serial0/0 i L2 200.200.220.0/24 [115/84] via 150.150.10.1, Serial0/0 i L2 6.0.0.0/8 [115/84] via 150.150.10.1, Serial0/0 i L2 200.200.241.0/24 [115/84] via 150.150.10.1, Serial0/0 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33435t=33423 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Neighbor commands...Yes or No?? [7:33486]
There are 2 different issues. 1. Layer 2 to Layer 3 mapping. 2. Routing You need to separate these 2 in order to understand how it all works. If I gave you all the answers then it wouldn't be fair to you as you need to grasp it for yourself, especially if planning to gor for CCIE. Cisco Nuts wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello, Would someone clarify this for me as I am getting very confused :-( In a Frame-Relay hub-and-spoke config. using physical interfaces and frame-relay map statements at the spokes and using OSPF, do we need to configure neighbor commands? Yes or No? From what I understand, OSPF works in a Non-Broadcast mode by default and neighbor commands are only needed if not a full-mesh. In this case, will the frame-relay map commands suffice to get from one spoke to another thru the hub router? Thank you. _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33490t=33486 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Lab Kit.... [7:33412]
It could be possible to only use 4 routers and still be able to do some complicated labs. But what real CCIE lab is about is to put a lot of stuff in one physical topology, mixing all of this together, confusing you which protocol or interface you still need to get to, what and how the redistribution will play in this whole mess, making all of it depend on many other things you might have configured earlier and being able to keep on going without breaking later what worked before. From my own experience as well as most of the real preparation labs you'll find will require more routers. I used 9 routers and 1 switch. This allowed me to do most labs from all the resources I was able to find on the web. Good Luck ! And yeah, it worked for me ! Joel Satterley wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can anyone advise on the base set of equipment for running test labs as a prep for the CCIE lab ? I'm thinking - 4 x eth + tok routers (3 with at least one serial + 1 with three or more) 2 x Cat switches (2900 + 4000) 1 x Token ring switch. 3 x PC's Anything else (apart from modems + ISDN, got plenty of that). Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33526t=33412 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can ping from one side only!! why? [7:33527]
In your scenario, packet originates on router Remote with destination of router RTA - with IP address of the network connecting RTA to BBR. Remote knows to use TS because of the RIP information and sends packet to TS, TS knows how to get there because it has statics so it forwards the packet to BBR, BBR is directly connected to the network so it knows where RTA is and forwards it out to RTA. RTA gets the packets but it doesn't know where Remote router is so the packet gets dropped. Now, if Remote was for example pinging IP of BBR on the same subnet as RTA this would work because BBR knows thru static default how to get back to Remote. In case of RTA, it has no default route information even though you used redistribution under OSPF. The problem is that OSPF will not start advertising default route unless specifically configured to do so with default-information originate command. The same goes when trying from TS router, RTA has no information on how to get back to the network you have configured between BBR and TS. Hope it helps. Cisco Nuts wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello, I have router RTA connected to router BBR running ospf 100. Router BBR has a static route of 0.0.0.0 to router TS. Router BBR also has a redistribute static command under ospf. Router TS is connected to router Remote both running Rip. Static routes are configured on TS for RTA's and BBR's networks. This is redistributed under Rip with a default metric of 2. Also, the router TS has a defult-network command to inject a default route to router Remote. On router Remote, I see the networks of routers RTA and BBR discovered via RIP R4.0.0.0/8 [120/2] via 10.10.1.2, 00:00:18, Ethernet0 R5.0.0.0/8 [120/2] via 10.10.1.2, 00:00:18, Ethernet0 I can ping these addresses successfully. But I cannot ping these same addresses from the TS. Why?? The packet from Remote goes thru TS to get to routers RTA and BBR. Then how come I cannot ping these same addresses from TS?? Also, I cannot ping any networks on Remote from RTA The solution I came up with was: 1.) Configure a default-information originate command on the router BBR which then injects a default route on RTA which allows me to ping networks on router Remote. This works! 2.) Configure on router BBR the serial network address between router BBR and TS under OSPF. This allows me to ping the networks of RTA from the TS. This works! So the question is more of a packet flow from router Remote from where pings work to RTA and BBR but not from router TS. Can someone help me understand this? Thank you. _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33529t=33527 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MD5 encrypting vty passords [7:33533]
It's not possible to use MD5 on vty's. I suppose the reason would be that MD5 enable password is not all that much more secure than type 7 passwords. When you type them they both are being sent over the network in clear text anyway. The only reason for using MD5 would be so anyone who sees your config wouldn't be able to crack the MD5 password as easily as type 7. But on the other hand, if you have access to the config, you're either already in enabled mode or you store it in insecure place. If insecure place then there may be other ways to break into or your equipment anyways. You see, there is no perfect simple solution, you got to rely on many steps to protect what needs to be protected. Charlie Wehner wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Is there any way to MD5 encrypt vty passords? If so, how? If not, why not? Thanks, Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33539t=33533 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can ping from one side only!! why? [7:33527]
Can you post the relevant configs then ? Cisco Nuts wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello, I have router RTA connected to router BBR running ospf 100. Router BBR has a static route of 0.0.0.0 to router TS. Router BBR also has a redistribute static command under ospf. Router TS is connected to router Remote both running Rip. Static routes are configured on TS for RTA's and BBR's networks. This is redistributed under Rip with a default metric of 2. Also, the router TS has a defult-network command to inject a default route to router Remote. On router Remote, I see the networks of routers RTA and BBR discovered via RIP R4.0.0.0/8 [120/2] via 10.10.1.2, 00:00:18, Ethernet0 R5.0.0.0/8 [120/2] via 10.10.1.2, 00:00:18, Ethernet0 I can ping these addresses successfully. But I cannot ping these same addresses from the TS. Why?? The packet from Remote goes thru TS to get to routers RTA and BBR. Then how come I cannot ping these same addresses from TS?? Also, I cannot ping any networks on Remote from RTA The solution I came up with was: 1.) Configure a default-information originate command on the router BBR which then injects a default route on RTA which allows me to ping networks on router Remote. This works! 2.) Configure on router BBR the serial network address between router BBR and TS under OSPF. This allows me to ping the networks of RTA from the TS. This works! So the question is more of a packet flow from router Remote from where pings work to RTA and BBR but not from router TS. Can someone help me understand this? Thank you. _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33540t=33527 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: tunneling with previously undefined endpoint? [7:32057]
If I get this correctly you can use dynamic-map feature as seen in the example here: http://www.cisco.com/warp/customer/707/ios_804.html the-other-jason wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Help, I can't think of a way to do this . :-( We have two IPSec appliances at work that require known, routable addresses on their non-secure ethernet interfaces. We want to create a kit engineers can take home for remote IPSec access into the network from personal cable/dsl connections. Our typical home networks have a cheapo router running NAT. The router is getting a real outside address from a service provider via DHCP (point C in the drawing). On the inside, we use private addressing (point B). The problem is to configure an IPSec appliance with a real address but connect it via the private address LAN at home. The obvious way to do this is with a tunnel, so we've managed to scavenge a couple of old 2500s for this purpose... IPSec cheapo IPSec appliance --2500--router--ISP--Internet--3660--2500--appliance A B C D Ideally, we want a tunnel from the left side of the left 2500 to either the 3660 or the right 2500 so that we can give the left IPSec appliance some of our address space. With GRE, however, you have to specify the endpoint addresses in advance, and of course we don't know what address the ISP will give one via DHCP After some reading, I _think_ PPPoE, L2F, PPTP, and L2TP won't help us much Does anyone have any ideas? Jason Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32059t=32057 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Regarding E1 controllers [7:31126]
It wouldn't work at all if framing was incorrect. You may be encountering a bug of some sort. I 'd make sure you have the lates IOS installed and that you PA revision is not too old. Some of these bad boys caused us problems when we first started using them but not any more. K.RAMESH BABU wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi , Having cisco7206 with Multichannel E1/PRI cards at service provider environment .Terminated different 2Mbps customers on these cards. Sometimes I find some customer ckt goes down and when I go for checking sh controller e1 ,I find LOSS OF FRAME alarm. By changing framing settings under controller configuration and again revert back for the same framing settings once or twice, ckt is coming up.Why this is happening so ? Is it related to some buffers problem or some thing else? Pls write me back if anyone has similar problem or anyone knows the reason. Thanks regards Ramesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31189t=31126 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Kindly assist. (IPSEC over ISDN + HSRP) [7:31116]
With the mix of dial profiles and correct crypto maps there shouldn't be a problem. Pius wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I am using ISDN routers to connect to 2 remote sites, the headquarter has 2 router which will be running HSRP. The primary router and the remote sites' router are using IPSEC tunnel.however, the backup router is not using IPSEC. The primary router has 2 BRI interface running 128k connecting to the 2 remote sites router, however, the backup router has only 1 BRI interface. Is this configuration possible? i.e. when the primary fail, can the backup router connected to the remote sites without using IPSEC using 1 channel each? Thanks, Pius Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31194t=31116 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Activating VPN slows connection drastically, Why? [7:30043]
I don't know much about CheckPoint's VPN solutions but the logical things that could cause degradation in performance could be either client PC's that now with VPN are required to encrypt/decrypt data, the end point machine that has to do the same things, some issues within the infrastructure beyond the VPN Checkpoint machine, all or some of the above issues could cause problems. Simply more information is required for better analysis. Chuck Larrieu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... can you clarify for me? HQinternet827bunch of PC's PC's are running the Checkpoint VPN client. VPN tunnels go from PC to HQ Checkpoint device, with the 827 doing only routing/bridging ( depending on how the ISP is set up ) Is this correct? When you say the connection slows down does that mean that prior to using the VPN client, connection to HQ was fast? Or were you gauging by internet access, as the PC's cannot access HQ without the client? You will want to differentiate what is slow and what is fast. Then it will be easier to focus in on a cause. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bruce Williams Sent: Monday, December 24, 2001 12:38 PM To: [EMAIL PROTECTED] Subject: Activating VPN slows connnection drastically, Why? [7:30043] We have a DSL line connected through a Cisco 800 series router. The connection is very fast until the checkpoint client software is activated to access a checkpoint firewall vpn in the corporate office. This slows down the connection drastically. What in the VPN could cause this? I just want to get an idea where to start troubleshooting? Bruce Williams Verizon mailto:[EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30068t=30043 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help with Voice over IP over ATM [7:25163]
You need to have VAD disabled in your dial-peers. William Lijewski wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have been looking for what is probably a one line command for about 2 days now. In the lab I am working on you are to do Voice over IP over ATM SVC's. They want it so if no one is talking it still sends empty voice packets. Right now if no one is talking you can hear it go dead silent until someone speeks again. How do you get the empty voice packets to be transmitted so the line is constantly active even if no one is talking? I have looked in the Caslow book, searched the Cisco documentation CD, and I'm just having no luck. Any help would be great. Thanks, Bill L. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=25184t=25163 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Confederations [7:24940]
If you think about it, in the config you specify bgp process as confed id, which means if you need to peer over IBGP you actually peer with confed ID and not the real AS number. So, yes you do need confed id specified on each BGP in confed cluster. McCallum, Robert wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, If you have 4 routers within an confederation r1,r2,r3r4. R1 has and EBGP connection to another As so therefore has the bgp confederation id and confed peer statements on it. My question is do all of the IBGP router (r2,r3r4) require the confed statements on them even if they are only IBGP routers?? 14 days to go!! Starting to have some fun !! Robert McCallum Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=24945t=24940 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Confederations [7:24940]
Disregard my last post, I got it all messed up.. In confed cluster you peer over IBGP using a different AS than the confed ID, or real AS number. Henry D. wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... If you think about it, in the config you specify bgp process as confed id, which means if you need to peer over IBGP you actually peer with confed ID and not the real AS number. So, yes you do need confed id specified on each BGP in confed cluster. McCallum, Robert wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, If you have 4 routers within an confederation r1,r2,r3r4. R1 has and EBGP connection to another As so therefore has the bgp confederation id and confed peer statements on it. My question is do all of the IBGP router (r2,r3r4) require the confed statements on them even if they are only IBGP routers?? 14 days to go!! Starting to have some fun !! Robert McCallum Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=24948t=24940 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: To Passive or Not to Passive [7:24771]
In regards to Q number one. I think it would be much better not to specify passive interface under OSPF as long as your network statement does not include the IP of the interface in question. The reason for that, at least in my head, is that if I were a proctor I might think you don't understand how OSPF works. For question 2, passive should be a norm on interfaces you don't want to form neighboorship or sending routing updates. Make sure you understand that passive works differenty for RIP than for EIGRP. McCallum, Robert [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear all, Before I take the leap into the lab (2 weeks to go now), I have a question which has dogged me for a while now. Scenario below. Router 1 has the following interfaces, Lo0, Eth0/0, S0/0, S0/1 and say Fast0/1. Router 2 has the following interfaces Lo0, Lo1, Eth 0/1, S0/0. Between Router 1 (s0/0) and Router 2 (s0/0) we are running say OSPF. On router 1 (e0/0 and s0/1) we are running RIP. On Router 2 (e0/1 and lo1) we are also running Rip. Router 1 (lo0, s0/1) and Router 2 (lo0) are running Eigrp. Now for the questions 1. On router 1 OSPF process is running Q: should I put lo0,e0/0, fast0/1 and s0/1 as passive interface ??? This worries me quite a bit as the argument of if you dont put the network command under ospf then ospf will not run on that interface...BUT I have been told that you should ALWAYS put every in use interface into passive if it is not being used under the routing process. 2. This is not a question but a sanity check that for EIGRP and RIP then the norm rules of passive interfaces apply. Thanks for anyones help in clearing this annoying matter up. Robert McCallum Ext 730 3448 DDI : 01415663448 Mobile : 07818002241 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=24771t=24771 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Questions about PIX firewall [7:24634]
Yeah, there is a GUI but you'll be better off just trying to get used to the CLI. It's just better, trust me. By HA I suppose you mean High Availability, there is a good link describing how failover works: http://www.cisco.com/warp/customer/110/failover.html We've had good experience with failover, I think it rocks ! dovelet wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, Our company wants to use PIX 515 firewall but I never use it before. I have some questions and I hope someone can help me. 1. To configure a PIX, is there any GUI interface or need to use Command Line Interface? If it has GUI interface, is it bundle with a PIX or need to purchase separately? 2. We plan to use 2 PIX for HA solution. Is it stable? 3. Is there any materials to describe the PIX failover? Regards, Dovelet Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=24675t=24634 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPsec question!!! [7:24020]
The good book to read for (in my opinion) great IPSec coverage is Enhanced IP Services For Cisco Networks by Donald C. Lee - ISBN 1-57870-106-6 Hussam Adili wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear All, I have a question about IPsec tunnel mode. As I understood that it will encrypt the original packet with its IP header and it will use another IP header (the o/p interface address header) to route the packet over the Internet (any open network). Does this mean that the source address can be a non-routerable IP address and it can reach the destination address (which is also non-routable) through the IPsec tunnel ? Or, for such senario we need to use GRE tunnel first between the non-routable network addresses , then encrypt using IPsec? Your help is appreciated - Regards Hussam Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=24069t=24020 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Slow wan link. TCP traffic ok, UDP not okay. Please help! [7:24074]
And yes, you need to have anonymous login allowed if you don't want to specify a specific username: r2#debug ip ftp FTP transactions debugging is on r2#term mon r2#copy startup-config ftp: Address or name of remote host []? 192.168.168.101 Destination filename [startup-config]? Writing startup-config ! 1543 bytes copied in 0.300 secs r2# 00:52:04: FTP: 220 3Com 3CDaemon FTP Server Version 2.0 00:52:04: FTP: --- USER anonymous 00:52:04: FTP: 331 User name ok, need password 00:52:04: FTP: --- PASS [EMAIL PROTECTED] 00:52:04: FTP: 230 User logged in 00:52:04: FTP: --- TYPE I 00:52:04: FTP: 200 Type set to I. 00:52:04: FTP: --- PASV 00:52:04: FTP: 227 Entering passive mode (192,168,168,101,4,70) 00:52:04: FTP: --- STOR startup-config 00:52:04: FTP: 125 Using existing data connection 00:52:04: FTP: 226 Closing data connection; File transfer successful. 00:52:04: FTP: --- QUIT 00:52:04: FTP: 221 Service closing control connection Ouellette, Tim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Yeah, try copying a 12 meg msfc .bin over a WAN link that has latency of 125ms. So I only get to send 8 packets per seccond each as 512 bytes. (1000ms/125ms = 8) tftp at the application layer is the one who sends the acks. For some reason I can't do a a copy flash ftp. I'm guessing because I don't have anonymous login allowed on my ftp? Does that sound right? Tim -Original Message- From: Chuck Larrieu [SMTP:[EMAIL PROTECTED]] Sent: Tuesday, October 23, 2001 12:44 AM To: [EMAIL PROTECTED] Subject: Re: Slow wan link. TCP traffic ok, UDP not okay. Please help! [7:23853] validating this thought, I have had reason to upgrade my router pod IOS images of late. Cisco's router Software Loader uses TFTP to copy new images into flash via a direct ehternet to ethernet connection. copying 16 meg images takes an inordinate amount of time, especially considering there are only two devices on the network involved. it would appear, then, that the router writes each packet to flash before requesting the next packet. at least that goes a long way towards explaining why the copies take several minutes on a 10baseT link with just the two devices connected via a crossover cable. thanks for the insight Chuck Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... One more (serious!) comment. I asked a protocol guru about the question of TFTP being so slow. He agreed with the poster that the TFTP throughput seems awfully low, but he agreed with me too that TFTP is not optimized for throughput. He also mentioned one other stupidity with TFTP implementations. He said that some actually write the 512-byte block of data to the hard disk before ACKing and asking for the next block. So a slow hard disk would cause problems. TFTP and UDP don't have a PSH bit like TCP has. With TCP, the sender would output a bunch of data and then perhaps set the PSH bit which would tell TCP to give the data (in RAM) to the application. At that point, you might see a short hiccup as FTP wrote the data to the hard drive (not necessarily because FTP could still keep the data in memory until the session is closed; it's implementation-dependent.) TFTP is also implementation-dependent, but with some implementations, it's one block at a time that is written to storage and then ACKed before more data is sent. Since FTP works well, you have proof that the problem isn't with the network. Can't you pass this onto the server or application people!? ;-) Priscilla At 02:34 PM 10/18/01, Priscilla Oppenheimer wrote: At 02:23 PM 10/18/01, Ouellette, Tim wrote: Priscilla, Thanks for the response. Any idea as to why the TFTP protcol over our WAN will run at 4k/sec and FTP at 165k/sec. I just figured that the smaller packet size of UDP would help. Nope. That would not help. It would make the throughput worse. I also thought that UDP is connectionless and thefor requires no ACKS. TFTP has ACKs. Other sites on our WAN I can transfer large files via TFTP and they run at very good speeds. Have you done the same sort of comparison of FTP versus TFTP at those sites. I bet FTP has much better throughput. I'm just concerned about this one site. Any other ideas? See the message from Phil Barker. It made some good points about TFTP and UDP in general not being tuned for WANs. The next step would be to put a Sniffer on it and see what's really happening. But there may not be anything abnormal happening. TFTP just kinda sucks. Tim -Original Message- From: Priscilla Oppenheimer [SMTP:[EMAIL PROTECTED]] Sent: Thursday, October 18, 2001 1:23 PM To: [EMAIL PROTECTED] Subject: Re: Slow wan link. TCP
Re: Route Reflectors and Peer Groups [7:23765]
Hi there, Did you ever get an answer, or figured this out ? I can't quite get a clearer understanding of what they're talking about in the excerpt you submitted either. I was looking at the BGP case studies on cisco's web site and I still can't get it. Thanks Lupi, Guy wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Below is an excerpt from a Cisco case study on multiple route reflectors within a cluster: An important thing to note, is that peer-groups were not used in the above configuration. If the clients inside a cluster do not have direct IBGP peers among one another and they exchange updates through the RR, peer-goups should not be used. If peer groups were to be configured, then a potential withdrawal to the source of a route on the RR would be sent to all clients inside the cluster and could cause problems. The router sub-command bgp client-to-client reflection is enabled by default on the RR. If BGP client-to-client reflection were turned off on the RR and redundant BGP peering was made between the clients, then using peer groups would be alright. Does anyone know what they mean? I know in IOS versions 12.0 and lower there were issues with route reflection using peer groups, but I am trying to figure out what they are trying to say here. What do they mean by a potential withdrawal to the source of a route on the RR? Any help would be appreciated. Guy H. Lupi NOC Engineer Eureka GGN 270 Madison Avenue, 5th Floor NY, NY 10016 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=23823t=23765 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Design Question - Spanning-tree Protocol. [7:23614]
Hmm, I think your STP/EtherChannel might be misconfigured. EtherChannel should be treated as a single logical link. With an STP running on top of it your both links should be forwarding. So in case one of the physical links fails, there is no need to re-calculate anything with STP. Are you sure they are configured for etherchannel and not just trunking ? Urooj's Hi-speed Internet wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Folks, I have a design in which Cisco 3548 XL's are GBIC-stacked on various floors of a campus and are uplinked to a core Cat 6509 switch. The uplink from every floor stack is ether-channeled to the core via two parallel equal-cost paths. One uplink path starts forwarding and the other goes into blocking mode from each floor stack. Here is my confusion... If only one link of a 400 MBps full-duplex ether-channel fails from the forwarding path , will it invoke spanning-tree recalculation ??? Or will the 'now' sub-optimal path still remain in forwarding mode and the now more-bandwidth path remain in blocking mode ??? Since spanning-tree recalculation causes a lot of ripples throughout the switched network, I would assume that the latter were true. However, I would like to hear views from people who would think that the former scenario is more probable. Thanks very much. Aziz Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=23637t=23614 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPX transport control [7:23389]
My wife works for a pretty big Enterprise company. They have about 300 sites, all of them have IPX running. All WAN stuff is IPX EIGRP in addition to IP and some SNA. To me it would suggest that bigger Enterprise companies are still in need for network people with good IPX understanding, especially those who know how to control it :) This may be considered by some a legacy stuff, but legacy is what makes those who know it even more valuable... Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thanks. That sounds right to me. By default the router discards a packet if the IPX hop count reaches 16. But I discovered that you can configure the number of hops with the ipx maximum-hops command. There wouldn't be any need in a RIP network, because RIP can't learn about a network with 16 or more hops. (16 means infinity.) But routers running EIGRP and NLSP can learn about paths that are more than 15 hops away, so it might make sense in those cases. Does anyone care about IPX anymore? IPX RIP? EIGRP for IPX? NLSP for IPX? Any feedback would be appreciated. Thanks. Priscilla At 09:50 PM 10/18/01, Henry D. wrote: I'm no expert at this but from I was able to get from cisco's web site is that the router discards the packet if the control field is set to 16 or up for ipx rip. In mixed environment, with both NLSP and RIP running, the router might have routes of greater than 16 if it learnt those routes using NLSP,the important thing would be the servers' configuration. If the server supports only RIP, then obviously the hop count would still be an issue and the server would discard the RIP update with 16 and up. To take the full benefit from NLSP and its hop count enhancement I'd think one would have to run NLSP in the whole network, including the servers. Again, i'm not experienced with IPX... Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The IPX header has a transport control field which is really a hop count. The sender sets it to zero. Each router adds one to it. Novell documentation used to show it as a 4-bit field with 4 bits reserved before it. Recent documentation shows it as an 8-bit field. Older document ion said a router would trash a frame if it arrived with a transport control field already at 15 (0x). Recently I read this weird thing on Novell's site: A RIP router discards the packet if the value in this field is greater than 15. An NLSP router discards the packet if the value in this field is greater than the value of the Hop Count Limit parameter, which is 127 by default. Is this believable? From what we know about the router having two separate tasks (forwarding and learning the topology), I think the hop-count limits happen when installing routes. I could believe that RIP and NLSP are different. But when a router goes to forward a frame, is it really going to behave differently with respect to hop count if it's running NLSP versus RIP? Does it even care which protocol installed the route. The FIB probably wouldn't even say which protocol installed the route? Chuck likes to remind us about these differences so maybe he has some comments. Thanks Priscilla Priscilla Oppenheimer http://www.priscilla.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=23517t=23389 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPX transport control [7:23389]
I'm no expert at this but from I was able to get from cisco's web site is that the router discards the packet if the control field is set to 16 or up for ipx rip. In mixed environment, with both NLSP and RIP running, the router might have routes of greater than 16 if it learnt those routes using NLSP,the important thing would be the servers' configuration. If the server supports only RIP, then obviously the hop count would still be an issue and the server would discard the RIP update with 16 and up. To take the full benefit from NLSP and its hop count enhancement I'd think one would have to run NLSP in the whole network, including the servers. Again, i'm not experienced with IPX... Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The IPX header has a transport control field which is really a hop count. The sender sets it to zero. Each router adds one to it. Novell documentation used to show it as a 4-bit field with 4 bits reserved before it. Recent documentation shows it as an 8-bit field. Older document ion said a router would trash a frame if it arrived with a transport control field already at 15 (0x). Recently I read this weird thing on Novell's site: A RIP router discards the packet if the value in this field is greater than 15. An NLSP router discards the packet if the value in this field is greater than the value of the Hop Count Limit parameter, which is 127 by default. Is this believable? From what we know about the router having two separate tasks (forwarding and learning the topology), I think the hop-count limits happen when installing routes. I could believe that RIP and NLSP are different. But when a router goes to forward a frame, is it really going to behave differently with respect to hop count if it's running NLSP versus RIP? Does it even care which protocol installed the route. The FIB probably wouldn't even say which protocol installed the route? Chuck likes to remind us about these differences so maybe he has some comments. Thanks Priscilla Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=23466t=23389 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Linux Syslogd and multiple device question [7:21910]
Install syslog-ng, much better for handling what you're describing. Telemachus Luu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I have multiple nodes and have set up logging to a syslog server. Currently, in my /etc/syslog.conf, I have local0.debug through local7.debug being used writing to separate log files. On the first 8 devices, I have set logging facility local0 throught local7 for each device accordingly. However, how can I setup logging for the device beyond the 8th? I know I can setup the same facility and parse out the info by IP, but I would prefer to have separate files for each device. Any suggestions? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21928t=21910 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs [7:2602]
I'm not an expert in TACACS but I know you can have more than 1 server specified in the routers. I mainly used it just for authentication, in which case there was no problem whatsoever with this setup. If first specified server is not reachable, the other is being used. I don't think there would be an issue if I used authorization/accounting features either. There would simply be no need to try to fall back to the main server in case it came up while using the backup server on the current session. BTW, what do you mean by terminating L2F tunnels ? Do you just authenticate, or you also use the authorization/accounting features on the tunnel ? If so, could you elaborate a bit more on this topic ? Kevin Wigle wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear Group, A Tacacs question. Is it possible to configure Tacacs+ to use 2 different home gateways? Specifically, gate1 to be used to terminate L2F tunnels. If that fails, use gate2. And, another question if that is possible.. When gate1 is reachable again, will the users on gate2 be disconnected or stay there until they disconnect while new connections go to gate1 again? tia Kevin Wigle FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=2630t=2602 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Need your opinion
Hi all, Need your opinion here. Currently I'm (quite paper) CCNP. I don't have home lab nor any OSPF and BGP real world experience. I have limited experience in frame relay, RIP, EIGRP. Now if I take all CCIE related courses (OSPF BGP workshop, ECP1, CCIE preparation training from horizon-mts, Cvoice, CATM, etc, take one week CCIE prep lab), and spare 3 times lab exams, what do you think of my chance to become CCIE ? Thank's for any input. __ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]