Re: OT - CDP: Is it treated as a 'vulnerability' in your world? [7:65285]
On Thu, 13 Mar 2003, John Neiberger wrote: I can't think of any valid reason to turn off CDP within your network. On the edges--any connections to other networks, including the internet--I'd turn it off. But inside? Why turn it off? If someone already has access to your router in able to see the CDP information you've got much bigger problems than CDP! We actually used it as an auditing tool with a bit of perl hackery. The program created an array of CDP neighbours for each router, and then used that to create a network map database. This was used for generating real-time network maps (if something goes away, it leaves the map) and auditing to see if something was on the network that shouldn't be. Rgds, - I. -- Ian Henderson CCNA, CCNP Senior Network Engineer, Chime Communications Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65285t=65285 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Clock rate 64000 = Bandwidth 64000 - ? [7:64147]
On Sat, 1 Mar 2003, Cisco Nuts wrote: Hello,If the clock rate has been configured for 64000 on one side of the link (home lab), does that mean that the bandwidth needs to be set to 64000 on both sides of the link using the bandwidth command so that routing protocols like Ospf correctly compute the metrics? After all, isn't the default bandwidth (1.544M) cosmetic inspite of the link having been configured with clock rate = 64000?Thanks for the clarification.Sincerely,CN Yes, you're correct. Clocking (on the DCE side) specifies the bandwidth of a link while the 'bandwidth' statement is used for calculating routing netrics, the 'show int' load counter, etc. I can think of a few reasons why IOS doesn't just use the clocked amount as the bandwidth statement: - some interfaces (namely subinterfaces - ATM VCs, Frame VCs, etc) don't get a clock per se, but still need a concept of bandwidth. - A dodgy hack to allow people to easily modify routing metrics. - The DCE device may provide a clock that is higher than the actual link speed. A good example is an Async interface with a modem - the speed between the router and modem is 115Kbit, but the modem may only connect at 56Kbit. Rgds, - I. -- Ian Henderson CCNA, CCNP Senior Network Engineer, Chime Communications Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64159t=64147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HELP!!! [7:63681]
On Tue, 25 Feb 2003, Edwin R. Gonzalez wrote: I just got a SUP III (WS-X5530-E3) for my Cat 5005, all the light come up green but I can not get a prompt. I check the cable and everything else.I tried getting a prompt on one of my other switches using the same set up and I get a prompt. I think this SUP might have a bad console port. Check out the Cisco website for console port pinouts for the 5000 SupIII cards. Last time I used one (about two years ago now), I had to make a custom cable to get it to work. Or, you might be right - console ports do die occasionally. Rgds, - I. -- Ian Henderson CCNA, CCNP Senior Network Engineer, Chime Communications Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63690t=63681 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Network Monitoring [7:63532]
On Sat, 22 Feb 2003, Kevin Banifaz wrote: Thanks for the input guys. Netsaint Nagios looks real cool, I think I'll give that a try. Netsaint/Nagios rocks. MRTG is also cool if you don't have much time, but if you've got time/energy to spare, roll your own using RRDTool. Unlike MRTG, RRDTool draws graphs on the fly for any period of time you specify, so accuracy isn't lost for periods older than 24 hours (fiddle with MRTG and you'll see where this can be a pain). One suggestion for both of them: Run them from a database. Create a table containing all your devices and what they are, then create a profile of monitoring for each device type. Now, whip up something quick to generate your Netsaint configs. It can be a /real/ pain finding errors in a hand written hosts.cfg file (Yes, I know there is a lint filter for it, but even so, if you don't have to mangle the file, why should you?). Rgds, - I. -- Ian Henderson CCNA, CCNP Senior Network Engineer, Chime Communications Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63550t=63532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Laying Cable Accross the Pond [7:59971]
On Mon, 30 Dec 2002, Bolton, Travis D [LTD] wrote: I was just having a discussion with a co-worker about how companies lay cable across the pond and how they troubleshoot cable splices etc. Does anybody have any documentation or Video they can share on this? We're just curious on how all this works. If you do this type of work let me know. www.southerncrosscables.com is a cable network between West Coast US, Hawaii, New Zealand and East Coast Australia. Their website shows some pretty flash animations about it all. Not totally related, but pretty cool is http://www.wired.com/wired/archive/4.12/ffglass.html. It describes the laying of FLAG between England and Japan. Great read. Hope everyone has a great new years :) - I. -- Ian Henderson CCNA, CCNP Senior Network Engineer, Chime Communications Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60004t=59971 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router Temperature [7:59054]
On Thu, 12 Dec 2002, Hamed Sedighi wrote: What is the best Temperature for Routers(2511 3661)? I'm using 'MRTG for drawing Graph about my Routers Temperature but I don't know what is the good degree for my Router. Please advise me about this subject. As has been mentioned, 'show environment all' will show you the thresholds the router can cope with. The 2500 series doesn't have environmental monitoring though - I'm not entirely sure about the 3661. In reality though, the cooler a piece of hardware, the longer it'll last. Our machine room is kept between 19 and 20 degrees C - it seems to be the usual standard. Something to keep in mind is the direction air flows through hardware. I've seen a setup with three racks side by side. In the first was a Netcomm modem rack, the second and third being 7206s at the same height. The heat generated in the left most rack by the modems was sucked in the left hand vent of the middle 7200, heated, expelled out the right hand vent only to be sucked in the left hand vent of the second 7200 - not optimal conditions considering the room also had medicore aircon. The ambient temperature was around 25 C, with the second 7200 getting up to exhaust temp of around 55 C (and I believe the shutdown point for 7200s is 60 C). Rgds, - I. -- Ian Henderson CCNA, CCNP Senior Network Engineer, Chime Communications Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59217t=59054 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AS2511 as Term Server [7:58793]
On Mon, 9 Dec 2002, Arni V. Skarphedinsson wrote: I know mt4s possable with the 2511 and 2509, but need to know if the AS type is any diffrent. No difference - its just a marketing name :) -- Ian Henderson CCNA, CCNP Senior Network Engineer, Chime Communications Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58801t=58793 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AS2511 as Term Server [7:58793]
On Mon, 9 Dec 2002, Brad Ellis wrote: AS2511 is the same as the 2511-CH. Just make sure you do NOT get the 2511RJ as that version has only ONE serial port (vs. two serial ports on the non-RJ flavor). I actually prefer the 2511-RJ's in production (term servers only, not a lab environment). Octal cables are fragile and expensive, whereas finding a new RJ-45 rolled cable is easy - there are ALWAYS spares around the office. In a lab environment, however, I'm all for the non -RJ model. Rgds, - I. -- Ian Henderson CCNA, CCNP Senior Network Engineer, Chime Communications Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58856t=58793 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BRI to BRI [7:58753]
On Sat, 7 Dec 2002, mike simon wrote: what type of cable do I need to connect a BRI(routera) to BRI(routerb) in a lab? Hi Mike, ISDN (just like garden variety dialup modems) has the concept of dialling, so you need a device that can provide TEI and accept dialled digits to be passed to another BRI device. Think of trying to connect two phone handsets back to back - they need an exchange to talk to each other. So you need an ISDN exchange emulator. A few of the folks on the list will no doubt be able to reccomend/sell you one. Rgds, - I. -- Ian Henderson CCNA, CCNP Senior Network Engineer, Chime Communications Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58754t=58753 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Subinterface config. in CAT3550. [7:56174]
On Wed, 23 Oct 2002, Rajesh Kumar wrote: Configuring IP routing on LAN subinterface is only allowed if that subinterface is configured as a part of IEEE 802.10 or dot1q or ISL VLAN. But nowhere I find the command encap isl to insert this in the subinterfaces. Try this: interface FastEthernet0/1 description Router on stick (2600) switchport mode trunk switchport trunk encapsulation isl Off the top of my head, I can't remember if the 3550 only supports dot1q, or ISL, or both. So if the above doesn't work, use dot1q rather than isl on the router, and forget the encapsulation command on the switch. Rgds, - I. -- Ian Henderson CCNA, CCNP Senior Network Engineer, Chime Communications Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56179t=56174 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using a 3600 for VPN [7:54395]
On Fri, 27 Sep 2002, Ken Diliberto wrote: Has anyone configured VPN services on a 3600 to accept connections from a Windows box? I've been experimenting with it and am ready to look for a hammer. :-) I do it on 2600's and it works a treat :) Where are you getting stuck? A few things I got stuck on were: - You can't do encryption under Windows without using CHAP. Because the conneciton authenticates before starting encryption, this makes sense. - You probably need a RADIUS server to setup the MPPE keys for the session. I use Radiator with the 'AutoMPPEKeys' command under our default Handler. The following config should help. The RADIUS server assigns an IP address, hence the lack of an IP pool on the Virtual-Template. vpdn enable ! vpdn-group PPtPClient ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 interface Virtual-Template1 description Incoming PPtP Client ip unnumbered FastEthernet0/0 no peer default ip address ppp encrypt mppe auto required ppp authentication ms-chap chap Rgds, - I. -- Ian Henderson CCNA, CCNP Senior Network Engineer, Chime Communications Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54409t=54395 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Please help!!! [7:53664]
On Fri, 20 Sep 2002, Steve Boer wrote: 1e2w's would be for use in 3600 series routers, and are NOT compatible in 2600's. They include 1 ethernet port and 2 wic slots. In these WIC slots, you can use any of the wics that are out there (wic-1t wic-1dsu-t1 wic-1b, etc etc), but are blank until populated with modules. Note that not all WICs work in the older NM's. For example, to use a WIC-1ADSL in an NM, it must be a model that has a FastEthernet port (newer revision, provides the voltage the aDSL card needs). Rgds, - I. -- Ian Henderson CCNA, CCNP Senior Network Engineer, Chime Communications Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53676t=53664 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Prefix-list VS Access-list [7:53582]
On Thu, 19 Sep 2002, JohnZ wrote: Can I use access-list to produce the same effect as prefix-list ? Any thoughts on which is a better way to use in redistribution over other. I am just trying to find which one I should stick with. Thanks ip prefix-list test seq 5 deny 199.172.4.0/24 ip prefix-list test seq 10 deny 199.172.6.0/24 ip prefix-list test seq 15 deny 199.172.8.0/24 ip prefix-list test 20 permit 0.0.0.0/0 le 32 Prefix lists can permit annoucements in a range of netmasks. For example, the following prefix-list entry will permit announcements of 192.168.1.0/24, or any prefix within that. ip prefix-list example seq 5 permit 192.168.1.0/24 le 32 I don't believe there's a way to do that using access-lists. The other major advantage is you can pull entries out of a sequence, and insert them without re-writing the entire prefix-list again. For example, 'no ip prefix-list example seq 10' will remove only sequence 10, rather than the entire prefix list. These two features however need to ba taken with a grain of salt. Firstly you may want explicit routing control rather than a blanket cover, and secondly configurations like this are usually built out of databases so you're not going to be manually inserting entries. Rgds, - I. -- Ian Henderson CCNA, CCNP Senior Network Engineer, Chime Communications Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53592t=53582 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: upgrade DRAM memory on 2600 [7:52632]
On Tue, 3 Sep 2002, Heffner Christopher wrote: The first question to ask yourself is if the current 32 mbs of dram is a single 32 dram simm or 2 - 16 mb dram simms? If you have a recent enough IOS revision (and I think it also requires a recent board too), 'show c2600' can tell you what SIMM is installed in what slot. ccp-qv1-vpn1show c2600 Memory Type : EDO DRAM DIMM Slot 0: DIMM Type : Dual-bank DIMM Size : 32MBytes DIMM Slot 1: DIMM Type : Dual-bank DIMM Size : 32MBytes ccp-qv1-vpn1 -- Ian Henderson CCNA, CCNP Senior Network Engineer, Chime Communications Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52656t=52632 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Convert serial port to ISDN interface [7:49994]
On Mon, 29 Jul 2002, Jimmy wrote: Just wonder can I convert serial port on cisco 2501 to ISDN port. If yes , how should I do that and what other equipemnt is needed ? I can't find any cisco documents from Cisco page. You need a Terminal Adaptor or 'TA'. Many different companies make them - I've always used Telstra TA-220's or J-tec's. Don't know if these brands are available outside of Australia, though. Rgds, - I. -- Ian Henderson CCNA, CCNP Senior Network Engineer, Chime Communications Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=5t=49994 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MRTG [7:49916]
On Sun, 28 Jul 2002, Ashok C. Braganza wrote: Can anyone tell me, where i can buy The Multi Router Traffic Grapher (MRTG) software? Is it free? MRTG is cool and easy to use, but for more accurate graphing and historical logging, have a look at RRDTool and Cricket (no doubt linked somewhere from www.freshmeat.net). Rgds, - I. -- Ian Henderson CCNA, CCNP Senior Network Engineer, Chime Communications Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49925t=49916 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN Configuration at access layer [7:48632]
On Thu, 11 Jul 2002, John Brandis wrote: From here, can I use as the access point of my network, other lower end catalyst switchs, and just plug them into their distribution points for each VLAN at my Distribution layer,,,or does each access layer switch need to be fully configured as a VTP client of my-network, also configuring VLAN membership and appropriate links ? It depends on how much your network is going to change. Do people change departments but sit at the same desk? Is there a VLAN for things other than PCs (IP Phones, security cameras, wireless access points) that are going to plug into the same switches? As a convienience thing, VTP on the distribution/access layers is very handy. I do it here - the switches in our patch panel room not only run desktop PCs, but also wireless APs and front desk demo machines, all in their own VLANs. Rgds, - I. -- Ian Henderson CCNA, CCNP Senior Network Engineer, Chime Communications Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48641t=48632 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: bandwidth in serial interface [7:48481]
On Wed, 10 Jul 2002, Deepak Achar wrote: i have this doubt.What is the significance of Bandwidth command in the serial interface.coz' whatever the bandwidth configured on the serial interface will not be the actual bandwidth which the serial interface is carrying. pls can any one clarify my doubt? Its used by various routing protocols to calculate metrics (I'm sure there's more than just EIGRP, but thats the only one I can think of off the top of my head... gurrr, after work vagueness). Its also used to calculate the load counter in a 'show interface' command. This interface is a 1.2Mbit serial circut. With the cisco default of 1.544Mbit, load is as follows... MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, reliability 255/255, txload 37/255, rxload 82/255 But by adding 'bandwidth 1200' command to the interface, the loads look more correct (with the same amount of traffic on the circut). MTU 1500 bytes, BW 1200 Kbit, DLY 2 usec, reliability 255/255, txload 49/255, rxload 106/255 Rgds, - I. -- Ian Henderson CCNA, CCNP Senior Network Engineer, Chime Communications Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48483t=48481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
No go on CCIE prequal... [7:37608]
Hi all, Went for my CCIE written exam here at Networkers in Brisbane - failed by 6% :( But it showed me what to expect next time, and the areas I need work on. A few suggestions: - Somebody said a while ago the CIT is harder, but the CCIE has borader topics. I concur - the CIT was evil! - Jeff Doyle's TCP/IP books are fantastic. Read them. - Expect to fail your written or lab, and budget to try again. It shows what you need to work on (ok, every exam is different, but as far as general areas of study go). So, for now I'm going to ignore studying, finish my holiday and take things back up when I return to Perth next weekend :) Rgds, - I. -- Ian Henderson CCNA, CCNP Network Engineer, iiNet Limited Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37608t=37608 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN [7:35256]
On Wed, 13 Feb 2002, Prabhu K. wrote: By default, broadcasts for a VLAN are sent to every switch that as a trunk link that carries the VLAN, is it true? Correct. If you have three switches all trunked together, and vlan 12 has four ports on only one of the switches, broadcasts on vlan 12 will traverse all switch's trunk ports. The way to get around this is use VTP pruning. This removes unused VLANs from trunk ports. Rgds, - I. -- Ian Henderson CCNA, CCNP Network Engineer, iiNet Limited Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35262t=35256 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Traffic type monitoring [7:34382]
On Mon, 4 Feb 2002, Sam Deckert wrote: by monitoring, i mean by protocol and possibly port..sorry, should have been more specific. Hi Sam (hooray for more Australians :)), Netflow sounds like what you're after. On the ingres interface you want to monitor, add 'ip route-cache flow'. Now you can 'show ip cache flow' to show how NetFlow is switching traffic - very handy for tracking DoS attacks - on one of our 7206VXRs, I can 'show ip cache flow' and hold down the space bar - if I see any address standing out, its generally because of a DoS. Example: (IP addresses changed to protect the... errr, not so innocent). SrcIf SrcIPaddressDstIf DstIPaddressPr SrcP DstP Pkts AT3/0.501 209.132.1.27Fa0/0.1 10.1.1.211 0035 0999 1 AT3/0.501 24.30.201.3 Fa0/0.1 192.168.1.1 11 0035 0819 12 AT3/0.501 209.71.218.87 Fa0/0.1 172.16.5.5 06 0050 040D 4 AT3/0.501 64.154.61.232 Fa0/0.1 10.11.10.1 06 1A0C 0440 1 AT3/0.501 66.61.73.34 Fa0/0.1 192.168.10.11 06 04BE 0454 10 All pretty obvious, save Pr (its protocol - 11 is UDP, 06 is TCP, see http://www.iana.org/assignments/protocol-numbers). SrcP and DstP are in hex, so 0035 really means 53, or DNS. Note that we've applied the 'ip route-cache flow' command to ATM3/0.501, but not FastEthernet0/0.1 - we're only seeing incoming traffic. If you want to monitor it both ways, add the command to both directions of interface (ie, Ethernet0 and Serial0 or whatever). The next thing is getting the information off the router. Do a search on freshmeat for cflowd, and look at the 'ip flow export x.x.x.x ' command. This is used to send Netflow accounting records to a remote host via UDP. To make it pretty, have a look at Cricket. I know very little about this, but have seen it produce really pretty graphs based on protocol, port, etcetera. Again, do a search on freshmeat (www.freshmeat.net). Rgds, - I. -- Ian Henderson CCNA, CCNP Network Engineer, iiNet Limited Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34452t=34382 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Strange Problem: Everything works fine but the Router can [7:34279]
On Sat, 2 Feb 2002, Erick B. wrote: try pinging with extended commands using your LAN IP as a source and see if that is error-free. If it is, then the destination router has a route back to that IP subnet fine. Yep, I'd suggest attempting to ping something from the LAN interface. Sounds like there is a bogus route somewhere for your WAN link. Or a route-cacheing bug as MADMAN suggested - I've seen a certain IOS on 7500's with ATM subifs only allow every second ICMP packet to /30s on ATM CVCs, even though traffic was passing happily through them. Shut/No shut the interface, try again. Rgds, - I. -- Ian Henderson CCNA, CCNP Network Engineer, iiNet Limited Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34279t=34279 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Route map [7:33429]
On Mon, 28 Jan 2002, BASSOLE Rock wrote: The first next-hop address 10.10.10.10, the primary gateway, would be used to forward all packet maching ACL 101. If the primary went down then the second next-hop 11.11.11.11, the backup, would be used to forward all packets maching ACL 101. If you have CDP information from the two upstream routers, you could write a route-map using the 'verify-availability' command. Take a look at the following example and URL: route-map MOVE-STUFF permit 10 match ip address 101 set ip next-hop 192.168.0.1 set ip next-hop verify-availability route-map MOVE-STUFF permit 20 match ip address 101 set ip next-hop 192.168.1.1 http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/switch_c/xcprt3/xcdnfc.htm I have no idea if this works, I just noticed it fiddling with next-hops last week. Rgds, - I. -- Ian Henderson CCNA, CCNP Network Engineer, iiNet Limited Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33676t=33429 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: is it possible to bridge accross a tunnel? [7:33567]
I hate to admit it, but yes, I've seen this work (we needed to get 802.1q VLANs across a link that couldn't handle them). Ugly as sin, though :). Rgds, - I. On Wed, 30 Jan 2002, JEK wrote: Well guys I think that should do it for the config, tell me if anything looks wrong. Also as a side note you may also want to use an ACL in the range of 700-799 (MAC Address Acl) to limit what traffic that you want to be sent over the dlsw circuits. I hope this info helps and all my syntax is correct. Thanks, - jek Router A ! hostname RouterA dlsw local-peer peer-id 10.10.10.254 dlsw remote-peer 0 tcp 10.10.20.254 dlsw bridge-group 1 ! interface Tunnel0 ip unnumbered Ethern0 tunnel source Ethernet0 tunnel destination 128.29.183.247 ! interface Ethernet0 ip address 10.10.10.254 255.255.255.0 bridge-group 1 ! interface Serial0 ip address 128.29.182.247 255.255.255.252 ! bridge 1 protocol ieee bridge 1 route ip no bridge 1 bridge ip ! Router B ! hostname RouterB dlsw local-peer peer-id 10.10.20.254 dlsw remote-peer 0 tcp 10.10.10.254 dlsw bridge-group 1 ! interface Tunnel0 ip unnumbered Ethern0 tunnel source Ethernet0 tunnel destination 128.29.182.247 ! interface Ethernet0 ip address 10.10.20.254 255.255.255.0 bridge-group 1 ! interface Serial0 ip address 128.29.183.247 255.255.255.252 ! bridge 1 protocol ieee bridge 1 route ip no bridge 1 bridge ip ! wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... how do you configure this with dlsw? 10.10.10.x --(R1)--(public network)--(R2)---10.10.10.x Jason wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Is this something you just want to do for the sake of doing? If so, I say have at it. Will it work, don't know. I have never tried it. If you are looking to do this to fulfill a production requirement I would question why you weren't looking at using DLSW? Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eric Waguespack Sent: Tuesday, January 29, 2002 9:38 AM To: [EMAIL PROTECTED] Subject: is it possible to bridge accross a tunnel? [7:33567] ok, I have looked into this, and supposedly the answer is yes but the config is unsupported here is the network diagram 10.10.10.x --(R1)--(public network)--(R2)---10.10.10.x this is supposed to do it but i can't seem to make it work: int tunnel 2 no ip addr tunnel source eth 0 tunnel destination 128.29.183.247 bridge-group 1 should this work? what will work? anything? do i need to do l2f instead? what did you have for breakfast? thanks -Eric __ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com -- Ian Henderson CCNA, CCNP Network Engineer, iiNet Limited Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33678t=33567 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP and one backup link [7:33433]
Some ISPs can be evil and ignore path stuffing for customers - happens here in .au a lot. One way I've found around it that works very well is BGP Conditional Advertisement. Basically it can 'see' if a route is in the routing table, and if it isn't, advertise more routes. So, if you stop seeing the default route from your usual provider, you can advertise your netblocks (specified by an ACL or a prefix-list) to a second provider. Outgoing traffic could be left to the floating static, or use the same method to advertise a default route to your customer routers/cores/whatever. Reasons I like it: Works across multiple routers; works even if the physical interface is up (floating statics wont, backup interfaces won't); can be easily 'swung' by shutting down BGP sessions without shutting physical interfaces; is a much cleaner solution than path stuffing (SOMEBODY out there has a longer path than you do :)). Take a look at: http://www.cisco.com/warp/public/459/cond_adv.html Rgds, - I. On Tue, 29 Jan 2002, Joseph Brunner wrote: Sometimes As prepending won't work.. your best bet is to telnet to route-views.oregon-ix.net (public route server) and do a show ip bgp with your as # (then you will know who is using your prepended path to get there. Most likely one peer of your backup link providers, sets local pref or metric on a private peering arrangement, thereby nullifying your prepends. Unfortunately there is nothing you can do.. if you were a hi-cap T-3 or larger customer, they might traffic engineer this for you. Joseph Brunner ASN 21572 MortgageIT MITLending New York, NY 10038 (212) 651 - 7695 Voice (212) 651 - 7795 Fax -Original Message- From: Alejandro Acosta [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 10:36 AM To: [EMAIL PROTECTED] Subject: BGP and one backup link [7:33433] Hi all, I have a BGP question. In this moment we have one Internet link with just one provider, now, we have got a second link just for backup. I mean, we can only use it for 180 hrs per month. I can easily manage my outgoing traffic (using local preferece or weight), however the incomming traffic in more difficult. I added many prepends (9) in the publication of the second link but there still few traffic on it. There is not IBGP between my two providers. Any ideas? Thks in advanced. Alejandro Acosta -- Ian Henderson CCNA, CCNP Network Engineer, iiNet Limited Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33677t=33433 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Internet Router? [7:33639]
2650's are great little routers - we have one here that commonly handles up to 30Mbit+ traffic without passing 40% CPU. On Wed, 30 Jan 2002, Hire, Ejay wrote: Have you checked the utilization on those 2650's? I'd bet it's never gotten above 15%. The 2650's can handle a lot more than 1 t-1's worth of traffic. -Ejay -Original Message- From: Bill Carter [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 30, 2002 12:24 PM To: [EMAIL PROTECTED] Subject: RE: Internet Router? [7:33639] The 3640 will work for you. I would definitely max out the RAM. Some others have commented about not needing full BGP route tables. My customers have been very happy with partial tables as described in the following CCO link. I have also had customers use 2 2650's, 1 T-1 per connection box, HSRP on the Ethernet port and run IBGP between each other for optimal routing. I then configured them with the below link. http://www.cisco.com/warp/customer/459/41.shtml -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Scott Nawalaniec Sent: Tuesday, January 29, 2002 10:45 PM To: [EMAIL PROTECTED] Subject: Internet Router? [7:33639] Hello Everybody, I just want to run this by everyone for their input from experience. Scenario: I'm looking for a Cisco router that will be providing Internet connectivity running BGP and that will be able to handle the capacity of 2 PTP T1's to the Internet. I know minimum RAM will have to be 64mbs for BGP routes. I just want to know what people have tried that does and doesn't work. My choice would be a 3640 for future T1 expandability and/or a HSSI port. Thank you for the input. Scott -- Ian Henderson CCNA, CCNP Network Engineer, iiNet Limited Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33815t=33639 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Radius vs. TACACS+ [7:33650]
On Wed, 30 Jan 2002, Rodney Jackson wrote: I want to setup a Radius server or a TACACS+, which do you guys think is better and why? Depends on what you want it for. If its to give customers access to dial ins, RADIUS is by far more flexible. If you're looking for a commercial solution, have a look at Radiator - www.open.com.au. Its very good :) If its to give telnet access to routers for your staff, TACACS+ has the ability to do per-command accounting (ie, it will log everything somebody types). Rgds, - I. -- Ian Henderson CCNA, CCNP Network Engineer, iiNet Limited Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33655t=33650 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: can't establish the ISDN connection [7:33177]
On Fri, 25 Jan 2002, John Neiberger wrote: Also, what IOS are these routers using? There are some versions of IOS with a LOT of ISDN-related bugs. I often see routers (generally 801s and 1003s) using basic-net3 that won't bring up layer one or get stuck in TEI_ASSIGNED until a call is placed or received, then they bring up MFE and behave happily. IOS ISDN is evil. Rgds, - I. -- Ian Henderson CCNA, CCNP Network Engineer, iiNet Limited Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33295t=33177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Configuring menu in router. [7:33059]
On Thu, 24 Jan 2002, Ryan Ngai Hon Kong wrote: Apparently one of friend who attempted his CCIE couple of months ago came to me and ask me about configuring a menu in a router. I do not Have a look at http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/fun_c/fcprt1/fcconban.htm Hope this helps :) Rgds, - I. -- Ian Henderson CCNA, CCNP Network Engineer, iiNet Limited Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33063t=33059 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Modem Dial Backup [7:31491]
On Wed, 9 Jan 2002, Ed Chuchaisri wrote: Now my question is can I hook up the modem to the serial port with the DB60 to RS232 cable and configure it to do the dial backup? If so, could someone give me some site that explains how this works or maybe someone can give me a sample configuration.. Hi Ed, I've done this before with a 1601. The major thing to note is not all rotuers with 60pin serials can do async data from a modem. 1600's can, lower end 2500's can't, 5200's can't, etcetera. Check out the docs first. There's no different config, other than entering 'physical-layer async' on the Serial interface. Rgds, - I. -- Ian Henderson CCNA, CCNP Network Engineer, iiNet Limited Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31501t=31491 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN voice call and data call [7:31498]
On Wed, 9 Jan 2002, Jim Bond wrote: Anyone knows why ISDN voice call is cheaper than ISDN data call? Generally because telco's can compress voice without loss of quality, while it isn't possible to compress data (at least from a telco point of view of the world). This doesn't mean that ISDN voice is always compressed, though. Rgds, - I. -- Ian Henderson CCNA, CCNP Network Engineer, iiNet Limited Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31505t=31498 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 6509 switch [7:31251]
On Tue, 8 Jan 2002, Ali, Abbas wrote: One of the users has a brand new computer and cable, but I am still showing the port he is connected to has lots of FCS, and collisions as well as runt frame. Hi :) Try hard-coding speed and duplex on each end, clearing the interface counters and trying again. Autonegotiation is less than perfect and can cause these kinds of symptoms (as discussed over the last couple of days...). Its at least the easiest thing to check. Rgds, - I. -- Ian Henderson CCNA, CCNP Network Engineer, iiNet Limited Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31268t=31251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP Summary Question [7:31256]
On Tue, 8 Jan 2002, Hunt Lee wrote: But why / when would the destination prefixes match the summary address only?? Hi :) For example, if you have three static routes pointing to three seperate interfaces each of which is a /25, and you summarise as a /23, the unused /25 would match the summary address only. ie: 10.1.2.0/23 - Null0 (summary address) 10.1.2.0/25 - Serial0 (static route) 10.1 2.128/25 - Serial1 (static route) 10.1.3.0/25 - Serial2 (static route) 10.1.3.128/25 - Null0 (no static route, matches the summarised route) Rgds, - I. -- Ian Henderson CCNA, CCNP Network Engineer, iiNet Limited Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31276t=31256 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
