from:"Jason Couch"

Catalyst 3512XL and fragment-free switching?

2000-11-29 Thread Jason Couch


I can't find any docs on whether the Catalyst 3512XL can do fast forward or
fragment-free switching.  Has anyone done this or can you point me in the
right direction in CCO?

Thanks,
Jason


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Does access list work for router originated packets [7:17360]

2001-08-26 Thread Jason Couch


The access list is actually only blocking the icmp packets on the return
path from the "pinged" router or host.  The icmp packets sent outbound by
the router sourcing the pings are actually allowed through the outbound
access list.  This can be seen by adding the "log" extension to your  access
list commands.  Then you should see the following message:

%SEC-6-IPACCESSLOGDP: list 100 denied icmp 192.168.10.50 -> 192.168.10.20
(0/0), 1 packet

The key is that you won't see the same log message for the outbound icmp
packets.  You can also run "debug ip packet" to see something similar to the
following:

IP: s=192.168.10.20 (local), d=192.168.10.50 (Ethernet0), len 100, sending
ICMP type=8, code=0
IP: s=192.168.10.50 (Ethernet0), d=192.168.10.20 , len 100, access denied
ICMP type=0, code=0

The outbound packets were sent, but the return packets were "access denied".
Hence you get:

C2501-R2#ping 192.168.10.50

 Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echoes to 192.168.10.50, timeout is 2 seconds:
 .

because the entire ping path consists of both the forwarding AND the return
path.

HTH,
Jason



""John Hardman""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi
>
> I can't believe I am challenging Priscilla!
>
> I just tried what you are talking about, i.e. that the ACL on the router
> does not effect the traffic generated by the router it's self.
>
> I created an extended ACL to block all ICMP traffic and applied it to E0
as
> both IN and OUT. Before appling the ACL I can ping just fine to any host
on
> the network and any host on the network can ping the router. After Appling
> the ACL I am not able to ping from the router, or to the router.
>
> I am running 11.1 IOS, maybe it would yield different results with a
> different IOS version. What IOS and platform did you see this behavior?
>
> Here's my config.
>
> Windoze PC 192.168.10.50 --- E0 Router2 192.168.10.20
> RedHat PC 192.168.10.2
>
> -Router config--
> Current configuration:
> !
> version 11.1
> service udp-small-servers
> service tcp-small-servers
> !
> hostname C2501-R2
> !
> enable secret 5 XXX
> enable password none
> !
> ip subnet-zero
> !
> interface Ethernet0
>  ip address 192.168.10.20 255.255.255.0
>  ip access-group 100 in
>  ip access-group 100 out
>  no ip mroute-cache
>  no ip route-cache
> !
> interface Serial0
>  ip address 192.168.50.1 255.255.255.252
>  no ip mroute-cache
>  encapsulation ppp
>  no ip route-cache
> !
> interface Serial1
>  no ip address
>  no ip mroute-cache
>  no ip route-cache
>  shutdown
> !
> ip classless
> logging buffered
> access-list 100 deny   icmp any any
> access-list 100 permit ip any any
> !
> line con 0
>  exec-timeout 0 0
> line aux 0
>  transport input all
> line vty 0 4
>  exec-timeout 0 0
>  password 
>  login
> !
> end
>
> ---Router Config--
>
> ---Ping results-
>
> C2501-R2#ping 192.168.10.50
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echoes to 192.168.10.50, timeout is 2 seconds:
> .
> Success rate is 0 percent (0/5)
> C2501-R2#conf t
> Enter configuration commands, one per line.  End with CNTL/Z.
> C2501-R2(config)#int e0
> C2501-R2(config-if)#no ip access-group 100 in
> C2501-R2(config-if)#no ip access-group 100 out
> C2501-R2(config-if)#^Z
> C2501-R2#
> %SYS-5-CONFIG_I: Configured from console by console
> C2501-R2#ping 192.168.10.50
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echoes to 192.168.10.50, timeout is 2 seconds:
> !
> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
> C2501-R2#
>
> Windoze Ping with ACL 
> C:\>ping 192.168.10.20
>
> Pinging 192.168.10.20 with 32 bytes of data:
>
> Reply from 192.168.10.20: Destination net unreachable.
> Reply from 192.168.10.20: Destination net unreachable.
> Reply from 192.168.10.20: Destination net unreachable.
> Reply from 192.168.10.20: Destination net unreachable.
>
> Ping statistics for 192.168.10.20:
> Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
> Approximate round trip times in milli-seconds:
> Minimum = 0ms, Maximum =  0ms, Average =  0ms
>
> Windoze Ping without ACL 
>
> C:\>ping 192.168.10.20
>
> Pinging 192.168.10.20 with 32 bytes of data:
>
> Reply from 192.168.10.20: bytes=32 time wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I know it's not what you said. What you said was obvious. I guess it
comes
> > about because I said to test with end devices. Router A is acting like
an
> > end device in your example. I should have been more clear.
> >
> > What is not obvious is that ACLs on Router B do not apply to pings to
and
> > from Router B. Every newbie has probably been bitten by that one,
> > especially in simple labs.
> >
> > Priscilla
> >
> > At 09:42 PM 8/26/01, Brad Ellis wrote:
> > >Priscilla, that's not what I said.  Here's what I said:
> > >
> > >"...pings sent by one router will not be filtered by an

NAM Blade PROBLEMS!! [7:42741]

2002-04-27 Thread Jason Couch


Is anyone aware of what type of flash and RAM will work in a Catalyst 5500
Network Analysis Module?  I have recently come accross a NAM blade that
doesn't have any RAM (2 empty simm slots) or Flash (1 empty slot)  installed
on the board.  Does the NAM blade require a special version of either, or
will any old flash and simms work?

On another note, I noticed that when the blade is inserted into a powered
Catalyst Chassis, the Status LED immediately turns red.  There isn't  a
sequence of Orange to red as most other modules have, but just red
immediately.  I hope this is a symptom of the no flash or RAM issue, but I
would've thought that I would see an orange LED first then red to signify
that something was wrong during post...
Any help?

Thanks,
Jason




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42741&t=42741
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

hyperterminal giberish? [7:20136]

2001-09-16 Thread Jason Couch


I have just recently started using hyperterminal as opposed to ZOC in order
to get ready for the CCIE lab.  I noticed that while working in
hyperterminal that it spits giberish out of the top of the working area
(white area) into the buffer (grey area), hence making my scrollback buffer
entirely useless.  I played with the settings and can't seem to find any fix
for it.  Anyone have any input?

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=20136&t=20136
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Catalyst 3512XL and fragment-free switching?

Re: Does access list work for router originated packets [7:17360]

NAM Blade PROBLEMS!! [7:42741]

hyperterminal giberish? [7:20136]

4 matches

Site Navigation

Mail list logo

Footer information