RE: How to get rid of "Loading network-config ... [timed out]
On Sat, 16 Sep 2000, Muralidhar A. wrote: > in the config mode enter "service no configs" that should solve it... > cheers I think you mean no service config HTH HAND. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Bring equipments in and out of US
On Sat, 16 Sep 2000, Jason wrote: > I need to bring a few routers out of US and maybe in a couple of months, > bring them back again. What can I do to avoid any inport and export taxes > since I plan to bring the same equipments in and out for personal use. But > I'm sure I'll have a hard time convincing them that I have 6 routers for > personal use !! :-P Did you STFW? I'd try http://www.customs.gov/ for starters. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNA for dummies
On Mon, 18 Sep 2000, Erik wrote: > Has anyone used this book? Is it even worth looking into for study material? > I was thinking of getting it because it is %20 off at most bookstores. > Thanks for any input! I haven't seen that one, but as a rule the "For Dummies" books have a surprising amount of good information. It's probably worth the discounted price. I bought the Red Hat Linux for Dummies because it had the CDs and the price was right, and found the book useful and well laid out. If I recall correctly the book came out just before the transition from CCNA 1.0 to CCNA 2.0, so it may not be quite on-target for the current objectives but should be close. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Questions...
On Mon, 18 Sep 2000, Bradley J. Wilson wrote: > Anyway, who wants to be the Thought Police on this one? I'm assuming > there's someone from Cisco who's responsible for monitoring Cisco-related > newsgroups and mail lists for NDA breaks, but then again maybe not - what a > job from hell that would be. I think that it's a good thing in general to see questions here that are similar in style and difficulty to what we can expect on the test. However, whenever anyone posts such questions violations of the NDA come up. The best solution I can think of is for anyone posting such a question to state where it came from. "I made this up", "Homework assignment from a class", "Found in [name] study guide", etc. Also, it would help if people posting them were to explain what they think the answer is or what part of the question is stumping them. There are only so many ways of asking some questions, so it's not out of the question that something a person thinks up on their own or finds in a study guide would appear to be an NDA violation. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP **** CCO QUESTION ** PA
On Mon, 18 Sep 2000, Chuck Larrieu wrote: > Having just exited a three day Global Knowledge class on BGP, let's see if > anything sunk through this thick skull of mine. Comments in line. > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Peter Abraham > Sent: Thursday, September 14, 2000 2:02 PM > To: [EMAIL PROTECTED] > Subject: BGP CCO QUESTION ** PA > > All these are questions that I got from the CCO BCSN tests. > > 1. Which command allows Router A to advertise subnet 10.1.0.0/24 in BGP? > > A. network 10.1.0.0 > B. network 10.1.0.0 255.255.0.0 > C. network 10.1.0.0 mask 255.255.0.0 > D. network 10.1.0.0/16 > E. network 10.1.0.0 prefix 16 > > I have my answer as A. B,D, and E all have the wrong syntax. Is C right? I > know that the mask length for C is 16. I would choose C. The wording of the question is "allows Router A to advertise". Note that none of the answers LIMIT the advertisement to just the subnet 10.1.0.0/24. If no mask is specified, BGP assumes a classful network. Answer A has no mask, so should properly be written "network 10.0.0.0". C is the only properly-formatted answer which would allow the /24 subnet. It would also allow any other subnets of 10.1.0.0/16 to be advertised, which is ok. > CL: all are wrong with regards to producing the desired result. A) will > place the network 10.1.0.0 into the BGP process with a mask based on the > interface configuration. If the interface were a /8 or a /16 or a /17, the > particular subnet would be advertised. B) syntax is wrong, as is the syntax > of D) and E) Answer C) will place network 10.1.0.0/16 ( 255.255.0.0 0 into > the process. But by placing it into the process, it indeed would allow the advertising of a more specific subnet (assuming that such subnet is learned from IGP). The keywords are "allows to advertise". > 2. What is the function of the BGP atomic aggregate attribute? > > A. To indicate that the originating router has aggregated the routes > B. To specify the BGP router ID and AS number of the router that performed > the route aggregation > C. To specify the AS number of the router that performed the route > aggregation > D. To specify the AS number of the router that performed the route > aggregation and the AS numbers of the non-aggregated routes > > Answer: A. > > I have searched the CISCO web site and cannot find information on BGP atomic > aggregate attribute. A is correct from the RFC. Note that if a BGP speaker receives a route with the attribute set, it will pass it on with the attribute still set. This makes C incorrect. Although the AS of the aggregator can be determined by examining the AS path, the function is to show that the routes are aggregated. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Internet Routing Architecture
On Wed, 20 Sep 2000, Benny Leong (HTHK - Senior Engineer II - iServices Development, NNSD) wrote: > I am studying Bassam Halabi's Internet Routing Architecture. I don't > understand Figure 5-24 on page 173. Can anybody help to explain the detail > of the diagram ? Thanks. It's showing the effects of route maps. At the top is a series of routes coming from different ASes advertising different networks, six in all. The first light-grey line is the "match" clause, referring to an IP address access-list matching x.y.0.0/16. Two of the advertisements match, and are shown on the right, where they are tested by another match clause, for origin in AS3. Of these two, one matches, and is permitted with its MED set to 20 by a set clause. The other is denied by implicit deny. The four advertisements on the left that fail the initial match are then tested for a match with AS origin of 2 and IP address x.z.0.0/16. And so on. It's a sorting tree where each incoming advertisement is tested in a yes-no fashion against a rule, and depending on the outcome is either passed to another test, allowed unchanged, has an attribute changed, or is denied. At the end, three advertised routes are denied, two are accepted as-is, and one is accepted with its MED set to 20. For fun and practice, try to write a config snippet that matches the tree. Chapter 10 covers the actual configuration statements in detail. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Back to Back
On Wed, 27 Sep 2000, Henk Botha wrote: > I am trying to connect two routers (1601's) back to back for testing. I > setup the clock speed on the one, but still have no success > > What is the correct way of doing it ? Details! Are you using WICs and if so which ones, external CSUs, or a back-to-back cable? Could you post configs? What does "show interface" reveal? > Please anybody that can help It's better (at least for me) if you spend a bit more time filling in the details in the first post to the list, instead of a generic "this doesn't work" type of posting. In many cases you'll find that in the process of gathering enough information to describe the problem in detail, you'll find the solution yourself. At a minimum, a "show running-config" and "show interface" for both routers would be a good start. "show version" is nice to have as well. >From the limited information you supplied, I'd look for: Clocking applied to DCE side (or one WIC) Proper cable, with DCE where you want it (proper crossover if CSU/WIC) "no shutdown" on interfaces in question Encapsulation, address, and mask configuration consistency. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN question
On Fri, 29 Sep 2000, Quadri, Habeeb wrote: > Hello, > > I have a scenario that needs explanation from somebody who knows how ISDN > switches work in carrier enviornment. > Lets say, I am connected to ISDN provided by LEC (GTE) in Dallas that needs > to be connected to a ISDN provided by Ameritech in Indy. > Here is the question, How long distance carrier like AT&T or Sprint or > 1010288 will know that this is ISDN digital signal with 2B+D channels. The D channel is only for communication between your ISDN equipment and your LEC switch, and doesn't enter into the picture on the long distance portion of the call. The two B channels are considered separate calls as far as the carrier is concerned. In these days, virtually all LD telephone circuits are a 56K or 64K digital bitstream. There may be some long-distance circuits that can't hand a 64K clear channel, in which case you'll get a 56K throughput per channel. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
New CCNP
Took and passed Support 2.0 (919) and Foundation 2.0 (898, 925, 900) today. Foundation is grueling because of the length. Interestingly, I did better on the Switching part than on Routing or Remote Access, yet I work daily with routers and remote access devices and have never configured a set-based switch in a working environment, just a few practice labs. I suspect this is because I studied harder for the part I was least familiar with. The tests stuck to the outlined objectives. A few tricky questions. Take the time to read everything very carefully and rule out the wrong answers until what's left has to be right, even if that's not how you would normally express the answer. I had ample time and finished early. I used the Exam Cram for Switching and Support, Paquet's BCRAN book (with a name like that, she can't miss) and the Cisco Press ACRC text plus on-the- job experience, in addition to much time reading the archives of this list. I also took the online Colt exams from the CCO site, and found them to be substantially more difficult than the real thing. If you do well there, you're ready. If you go the Foundation route, you still have to get a passing score on each section but the time to take the test is lumped so you may be able to allocate more time to those parts where you're weaker. Pass all sections and you're $100 ahead. Fail one and you're out $200. No stopping the clock for bio breaks, so ease up on the morning coffee! Nothing like spending the day in a small room in the back of an airport. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
TCP Port numbers, was: Could someone help me !
*** Please use meaningful subject lines, it will tend to get more meaningful *** replies, and it helps others searching the archives! On Fri, 29 Sep 2000, Priscilla Oppenheimer wrote: > At 04:04 PM 9/29/00, RAUNIYAR RAJEEV wrote: > > >Hi all, > > > >now i DO have a question. i'm reading up about ports used by TCP/UDP > >protocols but im having trouble visualizing where the source port and > >destination ports fit in. im thinking that the destination port (suppose > >on a www, http segment) of 80, would be on the server from which we will > >download the data right? and we would specify a port (called source > >port) to which we want the data to come into our machine right? > >but then how would the www server distinguish between many sessions if > >their port is always port 80?? > > You answered your own question. Sessions are distinguishable from each > other because they have different source ports. 80 is a well-known port > that clients use to get to Web servers. The client uses what is known as an > ephemeral port -- a port number that the software makes up for the current > session. It is a high number that won't conflict with a well-known port. To expand on this further, ports below 1024 are considered "privileged", and many ports are "well-known" meaning that certain applications will be "listening" on them. For example, BGP-speaking routers have a socket listening on TCP port 179, and packets sent to a destination port of 179 are handled by the BGP protocol process of the router. Similarly, web servers have a socket listening on port TCP 80, name servers on UDP 53, mail servers on TCP 25, etc. A list of the well-known port numbers as well as many other useful numbers of things having to do with this industry is in RFC 1700. A machine seeking to initiate a TCP connection chooses a random port above 1023 as the source port. When it begins the connection, it opens a socket in order to listen for a reply, and the three-way handshake is established between this random source port and the specified destination. A trace of the other side of the connection would show the source port/IP and the destination port/IP combinations reversed. The other end's source port will match this end's destination port and vice-versa. This is how NAT overload or PAT keeps track of sessions. When an inside IP begins a session with a destination, the NAT router re-maps the source port to one of its choosing, and keeps a database of the outside port to inside IP mappings. When the router detects a reply on a given port, it uses this database to identify to which inside IP the reply should go, and translates the (inside) destination port/IP to match that of the sending machine. This is necessary to have multiple sessions carrying different content to different inside machines and the same outside destination. The command "show ip nat translations" will display this. Say two inside machines both begin to browse the Yahoo web site at the same time, but one requests a stock quote and the other an auction. The PAT router sends two streams to Yahoo's IP address but from two different source ports. Yahoo treats them as two different connections because the source ports (assigned by the router) are different, even though the source IP of the router's NAT pool may be the same. When the return data streams come back, the router looks at the incoming port numbers (its destination, Yahoo's source) and directs the streams to the proper inside port/IP NAT pairs. Otherwise, the machine requesting stock quotes might wind up displaying auction data, as the router would have an ambiguity in its translation table as to which machine the stream should be translated. By keeping track of its outside source port to inside IP address mappings, the router can avoid this problem. Extended access lists can filter on both source and destination ports, to filter traffic by type. This isn't perfect, as it is possible to move a traffic type to a port which isn't filtered. Many non-Web applications use TCP port 80 as a destination in order to get around corporate firewalls which are likely to block many ports but generally allow web access. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Router Cabinets/Racks
On Sun, 1 Oct 2000, FRS wrote: > This is off topic, but can anyone please tell me where to look on the Net > for used Racks or Cabinets for my Home CCIE Lab? Due to the shipping costs, used racks and cabinets don't really lend themselves to long-distance transactions. I'd look in your local phone book for surplus shops and/or scrap metal yards. I've found quite a few bargains that way. Typically sold for a few cents a pound. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Subinterfaces in Frame-Relay
On Mon, 2 Oct 2000 [EMAIL PROTECTED] wrote: > In a message dated 10/2/00 12:04:33 AM Eastern Daylight Time, > [EMAIL PROTECTED] writes: > > > << Does anyone know how to configure Subinterfaces in Frame-Relay between 2 > Cisco 2500 Routers? A short example will do... > >> > > If you meant to create one then here you go...quite simple actually: > > conf t > int s0.x Best to first set encaps frame-relay on the physical interface. And, you'll need to specify the sub-inteface as point-to-point or multipoint. So, # conf t (config)# int s0 (config-if)# encaps frame [ietf] (config-if)# [LMI type, no shut, controller t-1 stuff, etc.] (config-if)# int s0.16 point-to-point (config-subif)# ip address www.xxx.yyy.zzz nnn.mmm.nnn.mmm (config-subif)# frame-relay interface-dlci nn I usually set the subinterface number equal to the local DLCI just to make things easy to keep track of. Note that deleting subinterfaces completely requires a reload. You can delete in the config but they'll still be there marked "deleted" until you boot the box. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: route table
On Mon, 2 Oct 2000, Yee, Jason wrote: > I am wondering if I could use this clear ip bgp * if I encounter bgp > flapping due to serial down for a while and then up again . This is because > my bgp is fully functionally receiving all the routes only after a few hours > after my serial went down and up again for 2 minutes Not a good idea. Every time you do it, the rest of the net sees a route flap from you. Too many flaps over a period of time, and others will "damp" your advertisements, ignoring them for what can be rather lengthy periods of time. If you see the session flapping due to serial line issues on one link, why would you want to clear the entire BGP routing table? This will just cause problems with your other sessions. If you're having line problems with one of your BGP peers that is causing the session to flap, it's a good idea to admin down the BGP session with that neighbor until the problem is fixed and the line is stable. In router config mode: (config-router)# neighbor www.xxx.yyy.zzz shutdown To restore once the line is fixed, (config-router)# no neighbor www.xxx.yyy.zzz shutdown This will allow your other BGP sessions to continue unaffected. Then call telco or whatever you need to do to isolate the serial line problem without causing route flap and trying to push customer data over a flaky line. Turn the session up once you've fixed the line problem. If the line is flaky enough so as not to keep a stable TCP 179 connection, it isn't going to be much good for much else, so shut it down and get it fixed. "clear ip bgp *" will flap all sessions on that router, making things quite unstable for a period, especially if you're a transit provider or have IBGP sessions going as well, as they'll flap and spike CPU on your other internal routers. If you're single homed over a single link, consider a static default instead of BGP. Your router and your upstream will be much happier. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: New CCNP
On Mon, 2 Oct 2000, Fowler, Joey wrote: > I thought you couldn't schedule 2 Cisco tests on the same day? I've never seen such a restriction on either Cisco's or Prometric's site, and had no problem doing it online. After scheduling the first test, there's a "Schedule another exam" option on the Sylvan site, in fact. There may be a restriction that if you don't pass a test, you can't re-take it on the same day. Sylvan's online scheduler won't let you input a date closer than two business days out. I don't know if you can get a same-day test appointment over the telephone or not. There are also some temporary test centers set up at the Networkers conferences and perhaps some trade shows with free or reduced price tests. It would not surprise me to see some restrictions there to prevent people from hogging the available resources. What I did was schedule Support at 9:30 AM and Foundation at noon. When I got to the testing center, they had my ID and both tests shown on the screen. The test center folks didn't seem to think it was unusual and asked which one I wanted to do first, so I could have gone in either order. I had intentionally left some time in between the tests in order to stretch my legs and re-read my cram notes. Actually began the second test about 1/2 hour before it was scheduled. Note that on that day the test center was not particularly busy, they had four testing positions and for much of the time I was alone, toward the end of my second test someone began a test at one of the other positions. I would expect some variation on how strictly they adhere to the schedule from center to center, and possibly on how busy they are that day. This particular center was at an airport flight shop, which seems to be fairly common. If I recall correctly, Sylvan Prometric got their start administering FAA written pilot exams. The people who work in flight shops are generally friendly and willing to accommodate their customers, as long as it doesn't go against regulations. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Display SN of 7507 chassis
On Mon, 2 Oct 2000, STRAND Scott wrote: > How do you display the serial number of the chassis on a 7507? I did a > show diag and that gave me the SN's of the cards in the > chassis but not the chassis itself. Is not the last slot shown the "virtual slot" of the chassis itself? -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can you bridge inside a VLAN?
On Tue, 3 Oct 2000, FRS wrote: (subject is "Can you bridge inside a VLAN?") Yes! This is the default behavior. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Layer3 switching
On Tue, 3 Oct 2000, NetEng wrote: > What are the benefits of layer3 switching (versus layer2)? Layer 3 switching is really just marketingspeak for routing. > Can I create VLAN's w/o using a router on a layer3 switch? Yes, because a layer 3 switch is a router. They just don't call it a router because the selling point is: routing = slow, switching = fast. This is oversimplifying to some extent. Early routing algorithms and process switching in modern routers is slower than switching. Today's routing algorithms and "layer 3 switching" algorithms use a "route once, switch many" process. Once the destination IP for a packet entering an interface is known (from the routing table), a "flow" is created and subsequent packets arriving on the same interface are switched to the correct destination interface. So, for all practical purposes a layer 3 switch is the same thing as a router with a fast algorithm and lots of (usually ethernet or fast ethernet) interfaces. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: your mail
On Tue, 3 Oct 2000, Sudarshan Narasimhachari wrote: > Hi Groupies, > > This doubt might look silly. I just saw in one of the Cramsession CID > questions that IGRP supports VLSM. Is this really true ? As far as I > know IGRP will not support VLSM. Was the word "Enhanced" spelled out before the initials IGRP in the question? -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: path exists in BGP table, but no route in IP Routing table
On Wed, 4 Oct 2000, Sean Wu wrote: > So what possible reason can cause this problem? > > I have four routers, > > R1 <---> R2 > ^ ^ > | | > | | > | | > v v > R3 <---> R4 > > AS1: R1 > AS2: R2 > AS3: R3+R4 > IBGP between R3 and R4, EBGP between R1/R2, R2/R4, R1/R3 > Everything else looks fine, and almost symetric configuration on R1/R3 and > R2/R4 > But R3 can see R2 in routing table and BGP table, while > R4 doesn't see R1's ip in ip routing table, but it does see R1 in BGP table > via two different paths How are you injecting IP into BGP? Network statements? Redistribution from IGP? Can you post configs? -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Ethernet Trivia
On Wed, 4 Oct 2000, Nnanna Obuba wrote: > Let's say we have a 2 lane and a 5 lane road, 2 cars > travel at the same speed over those roads,and neither > experiences traffic, which will do 100 miles first? Not exactly. You're standing at the city limit sign entering Switchville. The lead cars of two 512-car motorcades arrive at the same instant on parallel one-lane roads. Both motorcades are bumper-to-bumper, traveling at the same speed. On motorcade Tenbit, each car is exactly ten times as long as the cars of motorcade Hundredbit. Which motorcade will be "in town" (the last car has crossed the city limit sign) first? > --- Frank <[EMAIL PROTECTED]> wrote: > > Let's say we have a 10Mbps and 100Mbps interface. > > Both transmit the same > > sized > > frame over the same type of media and over the same > > distance and neither > > experience > > a collision. Which will get to the destination > > first? -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Ethernet Trivia
On Wed, 4 Oct 2000, Frank wrote: > Let's say we have a 10Mbps and 100Mbps interface. Both transmit the same > sized > frame over the same type of media and over the same distance and neither > experience > a collision. Which will get to the destination first? The one on the 100MB interface. Hint: "Serialization delay" -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: One last Layer3 switching ?
On Thu, 5 Oct 2000, NetEng wrote: > I understand the layer3 switching concept, but what happens to broadcast > based services? On a 24 port layer3 switch module are there 24 > collision/broadcast domains? Collision, yes. Broadcast, it depends on whether the 24 ports are all in different VLANs. Layer 3 switches are really layer up-to-three switches. And with trunking, a broadcast domain can span multiple switches on some ports, yet other ports on the same switches be in different broadcast domains. This is true with conventional (layer 2) switches with 802.1q or ISL capability as well. With layer 2 switches, the ports in different VLANs (and thus broadcast domains) can't communicate without a router in the picture. Layer 3 switches provide the routing functionality in the switch hardware. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Exam Score turnaround
On 6 Oct 2000 18:10:17 -0400, Ron Mansolino <[EMAIL PROTECTED]> wrote: :just curious; how long does it usually take to find out if you :pass/fail/how you scored; About five seconds unless it's a beta test, in which case it can be several weeks. Another minute or so to print the score sheet. :and then to get the certificate? About six weeks. If it's your first cert, you need to "sign" the agreement at the tracking site. They do them in batches, so depending on where you are in the cycle the leadtime varies. :iow, how soon can I start braggin'? As soon as you get the scoresheet. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ethernet Trivia
On 7 Oct 2000 01:20:43 -0400, whatshakin <[EMAIL PROTECTED]> wrote: :This makes it sound like there is actually something tangible being put on :the wire. Bits are merely ones and zeros which are signaled by different :voltages etc in the line encoding. : :Bits do not occupy line space. Sure they do. Ever see the terms "wavelength" or "short wave" on a radio? Inversely proportional to the frequency, wave length is the physical length of a signal, based on the distance in free space for one cycle at a given frequency. As the speed of light is slower in media such as twisted pair copper and fiber, the length of a bit at a given frequency is shorter than it would be in free space. The ones and zeros obviously travel along the wire from the sending to the receiving end. If you could freeze time and take a snapshot, you would see a length of wire with a positive voltage, followed by one of negative charge, the lengths corresponding to bits. :Measurements of how fast data can be moved over a wire are the time it takes :for a signal at one end to be heard at the other. The amount of data :(signals) which can be moved across a wire is ascertained by the line :encoding method, and how many signals the encoding system can be made to :produce in a second. Minus the delay factors between point A and B of :course. And those delay factors are the speed-of-light propagation delay of the medium, the delay proportional to the length. Distance (length on the wire) equals velocity (speed of light in the medium) divided by time (length of a bit in fractions of a second). :BTW, my calculations for the speed of light resulted in 299,793,100 m/s Which method did you use? Laser and a spinning mirror? :-) -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Career Track
On 7 Oct 2000 13:02:21 -0400, Mike Emigh <[EMAIL PROTECTED]> wrote: :Hi, a couple of months ago I passed the CCNA 2.0 (640-507) exam. I'm not :exactly sure where I want to go from here, but the design route seems pretty :interesting. Looking at the tracking system, it seems to be the only thing :I have started on is the WAN Routing and Switching track, I don't get that? :I thought, if I wanted, I could go from here and take the four exams for :CCNP and get that certification? Am I missing something? Or what would I :have to do if I wanted to pursue the design track? Design is part of routing and switching. The WAN switching track requires a different set of more specialized tests. There's no reason you can't do both Design and Network. Much of the material at the professional level is applicable to both. The green marks on thetracking site showing "started" can be misleading. Expand the tree for each cert you're interested in to see what you have completed and what you need to complete. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ethernet Trivia
On 7 Oct 2000 14:23:15 -0400, whatshakin <[EMAIL PROTECTED]> wrote: :The physical length of a signal is not inversely proportional to its :frequency. It differs depending on the line encoding. Again, a bit is the :term applied to the signal state. Signal :states occupy line space. Point taken. This is the "bits vs. baud" issue. For straight serial signals where one bit = one baud such as Ethernet and T-1, they are equivalent. Ethernet relies on this for its collision detection mechanism. Perlman covers this quite well in Interconnections, Second Edition. See "Issues in 802.3" starting on page 35. :Your formula is correct, however, it does not apply very well to finding :delay propogation over a wire because of the numerous other factors which :need to be applied additionally. IE: The properties of the wire medium, :EMF, block coding, IFG, protocol overhead... The only property of the wire medium which is going to affect it is the propagation velocity factor. EMF is what makes it work at all. Protocol overhead won't affect the physical length of a signal element (bit on ethernet) within the medium. I don't know what IFG is but don't think that it's likely to change the laws of physics. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Switch issue
On 6 Oct 2000 20:34:41 -0400, emirates <[EMAIL PROTECTED]> wrote: :I have one 3524 with 2 GBIC and one 2924 with 2 100baseFX ports. I can't :able to connect both switches using fiber. I couldn't identify the :problem yet. Any suggestion/help will hightly appreciated !! GBICs are gigabit (1000 megabit per second), and 100base FX are 100 megabit per second. They won't interoperate. Your options are: If the 2924 has a GBIC slot, install a GBIC in it for gigabit speed. Connect the two switches with copper at 100 Mbit. You can use multiple ports and Fast etherchannel to increase throughput. this is not recommended if the switches are in different buildings or fed from different electric power service. Purchase a media converter for the 3524 end, use a 100base TX switch port and convert to 100base FX. This gives 100 megabit performance over fiber. [HTML goo snipped to save electrons] -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Token Ring
On 8 Oct 2000 20:04:29 -0400, FRS <[EMAIL PROTECTED]> wrote: :Just messing around with a router did a show int token 0 command says: :Interface up, Line protocol down. :When you issue the no shut command on the interface it still says Interface :up, Line protocol down. Why is this? The shutdown command will give a "Interface is administratively down" response to show commands. Essentially, the interface is not happy with the token ring network. Could be any of * Physically not connected * ring speed mismatch * ring speed not set * cable problem etc. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Token Ring
On 8 Oct 2000 20:23:48 -0400, FRS <[EMAIL PROTECTED]> wrote: :I issued a no shutdown command ... is the state not supposed to be UP, UP :now? If it's connected to a functioning token-ring network, it will be UP, UP. The "Line protocol down" is telling you that it doesn't (yet?) see a finctional protocol. Is it connected to a MAU? Showing line protocol down if the interface isn't connected is normal. As someone else pointed out, it could be initializing. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Token Ring
On 8 Oct 2000 21:26:12 -0400, FRS <[EMAIL PROTECTED]> wrote: :No, I don't have it inserted into a ring yet. Maybe that's the problem! :So the Interface first has to be inserted into the ring before it shows UP, :UP! Yes. This is true for all Cisco physical interfaces, although you can use "no keepalive" in most cased to fool them into showing UP, UP. This is a good thing, used as a detection mechanism to quickly withdraw networks from the routing table if an interface becomes disconnected. If you've assigned an IP address to the interface, you'll observe that it does not show as "connected" until the interface is really connected t osomething and thus UP, UP. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: keepalive set in frame-relay circuit?
On 9 Oct 2000 01:54:14 -0400, Yee, Jason <[EMAIL PROTECTED]> wrote: :hi anyone : :knows why after having set my keepalive to be zero my frame-relay circuit :straight away went up ie line protocol is up The keepalive setting on a frame-relay interface determines the LMI interval. Turning it off stops the router from sending or expecting LMI. :I believe there is no need to set keepalive as the LMI is taking care of it :right? The keepalive of an interface with frame-relay encapsulation _is_ LMI. :Correct me if I am wrong Can you pass traffic over the interface with no keepalive? No keepalive is a means of forcing an interface into an up-up state from the router's viewpoint even if the interface may in fact be disconnected. While this is useful for test purposes, it doesn't carry any traffic. While the interface shows "line protocol is up" with or without anything plugged in it isn't going to move data from point A to point B. If it _is_ connected, and the other end also is set to "no keepalive", then in most cases you can use it to pass data. However, this is not usually a good idea because the routers will have no means of detecting a link failure (other than timeouts on a dynamic routing protocol). If this frame-relay interface is connected to a real carrier's frame switch, then the "no keepalive" will cause the router to stop sending LMI, which will cause the carrier's switch to show the link as inactive. You may be able to make it work in a lab situation with no keepalive on a router configured as a frame switch, but it isn't a good idea. As a rule, keepalives are a good thing on an active interface passing real-world traffic, and turning them off should not be necessary to bring the line protocol up. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: keepalive set in frame-relay circuit?
On 9 Oct 2000 20:58:12 -0400, Yee, Jason <[EMAIL PROTECTED]> wrote: :if that is the case setting keepalives to what value is optimal? : :10 , I tried setting it to 10 but it went down To what, if anything, is this interface physically connected? -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ICMP redirects
On 9 Oct 2000 16:04:13 -0400, Priscilla Oppenheimer <[EMAIL PROTECTED]> wrote: :At 01:59 AM 10/9/00, Paul Werner wrote: : :>Listed above is what the Internet Standard specifies for proper :>operation. Let's bounce that against reality as we know it: :> :>http://support.microsoft.com/support/kb/articles/Q243/4/27.ASP : :What does it mean to plumb host routes? I couldn't decode what Microsoft is :attempting to say in this article. If you can explain it, that would be :great. (The other articles did make sense. Thanks for the URLs.) I would assume they mean "connect", perhaps the term refers to the UNIX "plumb" argument for interface configuration. For what it's worth, I first saw the term "plumb" with respect to TCP/IP in a Sun manual page for "ifconfig", having to do with configuring an interface on a Solaris box. From "man ifconfig" in Solaris 2.7: plumb Open the device associated with the physical interface name and set up the streams needed for TCP/IP to use the device. Before this is done, the interface will not show up in the output of ifconfig -a. unplumb Destroy any streams associated with this device and close the device. After this command is executed, the device name should not show up in the output of ifconfig -a. Sun no longer supports mobile homes on their interfaces, no doubt because of problems with their plumbing. Also from "man ifconfig": trailersThis flag previously caused a non-standard encapsulation of inet packets on certain link levels. Drivers supplied with this release no longer use this flag. It is pro- vided for compatibility, but is ignored. -trailers Disable the use of a "trailer" link level encapsulation. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Companies requiring proof of previous salary - Please move to the Jobs group
On 9 Oct 2000 22:26:49 -0400, John Hardman <[EMAIL PROTECTED]> wrote: :Thought the jobs list got killed since it is no longer available on the news :server. How about a newsgroup of it for us that don't want to take all the :email? I'm reading it on the news server. groupstudy.jobs on the groupstudy.com NNTP server works for me. The ccielab list is the only one not mirrored to Usenet AFAICT, which is probably a good thing as it's relatively low traffic and has good s/n. I finally unsubbed from the e-mail feed on the main list to give Paul's mail server and my procmail a small amount of rest, and have been using the newsfeed. Works great. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: keepalive set in frame-relay circuit?
On 9 Oct 2000 22:50:50 -0400, Yee, Jason <[EMAIL PROTECTED]> wrote: :this interface is connected to a comstream modem (satellite modem) then out :as a satellite link to frame-relay switch Check with Comstream. Do they specify frame-relay encapsulation? When you say "modem", is it a regular RS-232 modem? Is the satellite two-way to you? Is it a VSAT and you're transmitting to the bird, or is it a receive-only dish and you're using dial-up for the return path? Is it an asynchronous modem? Have you tried "encapsulation frame-relay IETF" on the interface? It sounds as if you really need to get some specifics from the satellite carrier as to exactly what interface configuration they expect. :On 9 Oct 2000 20:58:12 -0400, Yee, Jason <[EMAIL PROTECTED]> wrote: ::if that is the case setting keepalives to what value is optimal? :: ::10 , I tried setting it to 10 but it went down : :To what, if anything, is this interface physically connected? -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Verizon BGP
On 9 Oct 2000 17:38:42 -0400, Jin Tam <[EMAIL PROTECTED]> wrote: :Does anyone here peer with Verizon or work for the NOC. These guys are :telling me that I can't advertise an address block that doesn't belong to :them. So, what the hell is the point of a BGP session if I can't advertise :the same address through 2 or more providers. Also, I pointed my advertised :address at Null0 so that there would be a route in the table. They are :telling me that all the traffic will be dropped at the router. I had to :explain to their networking team about the longest match rule. Are these :guys hiring high school grads for the NOC team? To whom does the address space that you want them to relay your advertisement belong? If it's your own portable CIDR block, they should accommodate you. If it's non-portable space belonging to your other upstream, I can see their point, as your other provider is no doubt advertising an aggregate and you'll see all of your traffic via Verizon in that case due to longest match, so you can't load-balance inbound anyway. I haven't dealt with Verizon, but work regularly with BBN/Genuity/GTEI (which may now be the same thing) and they seem clueful. Is it AS 1 you're peering with? -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISL VLANS on a router - bridged?
On a switch, if a unique VLAN ID appears on more than one trunked interface, that VLAN is part of the same layer 2 network and broadcast domain across all interfaces where it appears, based on the VLAN number. Is this also true on a router? That is, if I have the following configuration, what happens? Do VLAN 2 on switches connected to both interfaces see each other? interface FastEthernet0/0.2 description VLAN 2 to switch A encapsulation isl 2 ip address 192.168.1.254 255.255.255.0 no ip redirects no ip directed-broadcast interface FastEthernet0/1.2 description VLAN 2 to switch B encapsulation isl 2 ip address 192.168.2.254 255.255.255.0 no ip redirects no ip directed-broadcast Two separate subinterfaces of two separate physical interfaces connected to two different LANs, but with the same ISL encapsulation "color". Are they bridged? Would the IP address ranges both appear on both LANs? Can't find this in CCO anywhere. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISL VLANS on a router - bridged?
On 10 Oct 2000 17:04:53 -0400, Joseph Ezerski <[EMAIL PROTECTED]> wrote: :I am not sure, but logic seems to dictate that both interfaces belong to the :same layer 2 network. The way I am picturing it is like this: : :In any regular layer 2 switched network, you can have many devices of the :same type. You could have many clients or servers, or printers or even :routers. So why wouldn't the same hold true for your scenario? Now, when :you bring it up to layer 3, you definitly have two distinct subnets working. :The differnece would lie in how your end users are configured, ie- Which :interface IP do you assign as their default gateway... : :Sorry for the oversimplification. It's my first day on the list and I am :trying to get involved. What troubles me is that I tend to think of the fast ethernet interfaces as separate physical circuits, and as such having a subinterface on two of them with the same encapsulation ID should imply that they are indeed different circuits. In a router, the syntax is much like that used with frame-relay interfaces, "encapsulation ISL [identifier]", rather than as seen on a switch, "VLAN [identifier]. If I have two frame-relay interfaces that go to different circuits but both of them have a DLCI 16, they aren't bridged at layer 2. If I have two ethernet interfaces and both have IPX encapsulation SNAP, they are not bridged. From a configuration standpoint, it would make logical sense that the ISL "encapsulation color ID' would follow that of other sub-interfaces. Yet from a switch standpoint, the VLAN ID should imply that they're connected. Still confused, and don't have the gear to test in the lab. :-Original Message- :From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] :Sent: Tuesday, October 10, 2000 12:47 PM :To: [EMAIL PROTECTED] :Subject: ISL VLANS on a router - bridged? : : :On a switch, if a unique VLAN ID appears on more than one trunked :interface, that VLAN is part of the same layer 2 network and broadcast :domain across all interfaces where it appears, based on the VLAN number. : :Is this also true on a router? That is, if I have the following :configuration, what happens? Do VLAN 2 on switches connected to :both interfaces see each other? : :interface FastEthernet0/0.2 : description VLAN 2 to switch A : encapsulation isl 2 : ip address 192.168.1.254 255.255.255.0 : no ip redirects : no ip directed-broadcast : :interface FastEthernet0/1.2 : description VLAN 2 to switch B : encapsulation isl 2 : ip address 192.168.2.254 255.255.255.0 : no ip redirects : no ip directed-broadcast : :Two separate subinterfaces of two separate physical interfaces connected :to two different LANs, but with the same ISL encapsulation "color". Are :they bridged? Would the IP address ranges both appear on both LANs? : :Can't find this in CCO anywhere. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2500 router password recovery
On 10 Oct 2000 23:27:27 -0400, Robert McIntire <[EMAIL PROTECTED]> wrote: :I'm working with a used 2514 router with an unknown enable password. = :I've tried the standard break technique but can't abort the boot = :sequence. I believe that break may be disabled. I'm using Win NT 4 and = :hyperterminal to connect to the console port and am able to connect and = :SHOW VERSION. I am getting terminal feedback. I've used CTRL-BREAK = :AND CTRL-SHFT-6 to no avail. How can I access ROMMON mode and change = :the password? Is there a jumper on the system board that can be used to = :circumvent the password and access the router for configuration? :Any advice is appreciated, Thanks This is almost certainly your terminal emulator and not the router. Download a freeware terminal program such as Teraterm. The BREAK sequence in Hyperterminal is buggy and inconsistent from version to version. The shareware program CRT is also quite good. [Redundant HTML goo snipped, please turn it off.] -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Precedence: Bulk and a fix for vactions autoresponders
On 26 Sep 2000 17:24:41 -0400, Paul Borghese <[EMAIL PROTECTED]> wrote: :Jennifer Joy sent me a suggestion that I include the "Precedence: bulk" :header in the e-mail messages that go out from this list. Apparently the :vacation program uses the Precedence to determine if it should send an :auto-reply back. So maybe this will cut down on the amount of "Out of :Office" messages we receive every time a post is made to the list. It's gone way down. Curiously, I'm on a number of technical mailing lists and the ones with the worst "out-of-office" noise are this one and cisco-spot! I've gone to the Usenet feed for the main liat, and that helps as well, a bit easier than procmail when things get cranking around here. Paul, if you catch this, threading on the Usenet side of the associate list doesn't seem to be working, perhaps to the bracketed material appended to the subject line. I occasionally scan that list to help out some of the newcomers. Threading on this list is fine. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Bandwidth change
On 11 Oct 2000 11:31:06 -0400, Craig Johnson <[EMAIL PROTECTED]> wrote: :No. There are very few things that necessitate rebooting of a router, aside :from an IOS upgrade, or if you change lots of appletalk settings and they :don't work. Completely deleting subinterfaces is another. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP
On 11 Oct 2000 09:17:28 -0400, Pieter Jordaan <[EMAIL PROTECTED]> wrote: :Just want to get some ideas from you all wrt time taken to get certified. : :How long does it take the average person to complete his CCNA and then his :CCNP. Average people don't do that. Average people become MCSEs. :-) :Even if you haven't completed these yet please let me know how long you :think you will take. It really depends on the person and their experience, employment, available time, etc. I would say that for someone who is dedicated and committed, and has the time to devote to it, a year would be reasonable for CCNP. Or, with enough financial resources, a single one-week "bootcamp" style cram session with the tests scheduled the next day might do it for some people from a cold start. Others who have a life, a job outside of networking, and less available time and resources will take longer. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: command reference
On 11 Oct 2000 18:33:55 -0400, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: :I'd be mildly surprised if this was produced in hardcopy for the whole IOS :(there may be books on specific sections I suppose, e.g. dialup), as I have a :hardcopy of the command *summary* for IOS 11.3 and it's 8.5" by 11" by 2" thick :(excuse the imperial measurements). The command references have a lot more :information than the summaries. Surprise! :For comparison, the hardcopy command summary for IOS 9.1is 5" by 7" by :0.5", and from memory the command summary for IOS 10.something was 5" by :7" by about 1.5". It's now 11 volumes. http://www2.ciscopress.com/series.cfm?series=4&subseries=16&news=0 -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP CERT !!
On 13 Oct 2000 08:24:34 -0400, Andre' Paree-Huff <[EMAIL PROTECTED]> wrote: :someone done the CCNP in a day. are you saying they took all 4 and passed in :a day? but never picked up a book until that morning. That reference might be to me. Three of the four tests can be taken in a combination form, called Foundation of Routing and Switching. It costs $200 as opposed to a total of $300. Exam 640-509. I took the support 640-506 and the Foundation test on the same day and passed both. The nearest testing center is over an hour away, so one trip and a $100 savings vs. four trips seemed like a good way to go. There is some overlap in material between the three core CCNP exams, so if you feel ready it can be a smart move as many concepts are repeated among the three sections. It's a long stretch, however. About 200 questions in 2 1/4 hours. As far as "never picked up a book until that morning", that is NOT the case, at least for me. I've been CCNA for over a year and put in quite a bit of time studying and preparing. I also am the senior network administrator for a group of regional ISPs (common ownership), so I have a lot of on-the-job experience. I'm also pursuing CCIE, passed the written when it was beta (squeaked by) and have attempted the lab. I did the CCNP primarily for confidence building in pursuit of CCIE, as it seems most pursue them in that order. I will try the two tests I need for CCDP on the same day as well, 640-441 CCDA and 640-025 CID Design. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCDP PASSED!!
On 13 Oct 2000 14:52:32 -0400, Alldread AK2 Robert J <[EMAIL PROTECTED]> wrote: : : Well, I just got back from the CID test. It was a doozie...the WAN :part kicked my butt. I didn't pass as well as I would have liked to but I :did pass. I talked to Priscilla last night and she gave me some encouraging :words (they really helped calm my nerves). I got 80% on 2 of the sections :and 75% on two othersWAN was a 52% (frame-relay and x.25) and SNA was a :42%...and the infamous security question 0%. I am convinced the question is :worded wrong. I passed CCDA and CID today. Also missed the security question and agree with you about the wording. CID 3.0 640-025 is an old-style test. 100 questions, two hours. You can mark and go back, and the scoring is in percentages as opposed to the 300-1000 scale range. Passing is 65%. I was weakest in SNA, then desktop protocols. Did well on WAN and TCP/IP, 100% on intro. So I'm now a CCNP/CCDP. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ccda
On 23 Sep 2000 01:33:49 -0400, Lopez, Robert <[EMAIL PROTECTED]> wrote: :I'm taking the ccda exam on Monday. Does anyone know what the passing score :is? Thanks! 72 questions, two hours, 755 passing score on the 300-1000 scale. No ability to mark and go back. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to save switch config
On 14 Oct 2000 12:28:01 -0400, Lists Wizard <[EMAIL PROTECTED]> wrote: :does any body remember the command to save the switch configuration on a :cisco catalyst switch , set based switches like 6500 catalyst switches Each configuration command is automatically saved as it is entered. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FOUNDATION EXAM
On 14 Oct 2000 23:36:12 -0400, Elijah Landreth <[EMAIL PROTECTED]> wrote: :Hello all, : I have studied extensively for routing and switching, I am just starting :on remote access, and I haven't taken any of the exams. I was thinking of :taking the foundation just to get it over with, can anyone shed light on :this test? Have you taken it, is it tough, what did they hit you on, ect I took it and passed a couple of weeks ago. The objectives are the same as the three separate tests, about 70 questions on each section (not exact, but about 70). Each section is graded separately at the end, and you need a passing score in each section. No going back and marking questions. I found that there was substantial overlap between the topics, with similar technologies such as ISDN in both the remote access and routing portions, and multicast in both switching and routing, for example. The objectives on the Cisco site PDFs for the three separate tests are what you should know. I found the Exam Cram books helpful. The "Cram notes" inside the front cover make good flash card material. The advantages are less cost if you pass, and the ability to share time amongst the three tests. The disadvantage is that you need to know more at the same time than cramming for one test at a time. Different people learn and study differently. I'm of the "Study like crazy and get it all over with at once" philosophy. I took Support and Foundation on the same day and passed both a couple of weeks ago. Conquered CCDA and CID today. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCDP PASSED!!Which books did you refer ?
On 15 Oct 2000 14:30:31 -0400, Pradeep Kumar <[EMAIL PROTECTED]> wrote: :Congrats bud. That was a good one. Which books did you refer for these :tests . Can you enlighten the 1 folks who are on this post. Top-down Network Design, Designing Cisco Networks (both Cisco press), this list, lots of on-the-job experience, the COLT online tests on the Cisco site, Boson practice tests. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCDP PASSED!!
On 15 Oct 2000 15:47:01 -0400, hal9001 <[EMAIL PROTECTED]> wrote: :Two Cisco Exams in the one day? I thought that was not allowed! Still :brilliant going! It's actually my second "doubleheader". I took and passed Support and Foundation on the same day a couple of weeks ago. You're the second person to comment that more than one exam in the same day isn't allowed. I haven't been able to find any reference to such a rule, and the Prometric site didn't prevent it or flag a warning. The testing center employees also didn't seem to think it unusual. Cisco sent my CCDP materials within about ten days of passing Support and Foundation on the same day, so apparently they don't have a problem with it either. I seem to recall a rule that if you failed a test you couldn't re-take it on the same day. But, at least via the web you can't schedule a test any sooner than two business days in the future so this is kind of a non-issue. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: cross-over roll-over and straight-through cables
On 15 Oct 2000 22:51:22 -0400, Lists Wizard <[EMAIL PROTECTED]> wrote: :What is general rule of thumb for cabling tow networking devices? In other :words: when should I use cross-over, roll-over or straight-through cables to :connect tow networking devices Ethernet: Cross = 1,2 <-> 3,6 If exactly one end of the cable connects to a switch or hub, it's straight-through. Otherwise cross-over. Note: Some hubs have a reversed port for "uplink" or a switch to cross over one port so a straight-through can be used to daisy-chain hubs. Console/AUX: Roll = 12345678 <-> 87654321 Rollover = normal DCE-to-DTE. Straight-thru = Null-modem. T-1: Cross = 1,2 <-> 4,5 Straight = CSU/DSU to smartjack Crossover = CSU/DSU to CSU/DSU 56K DDS: Cross = 1,2 <-> 7,8 (A rollover cable will work as a cross here) Straight = CSU/DSU to line Crossover = CSU/DSU to CSU/DSU Fiber 100-base-FL and Gig-E: Tx on one device to Rx on the other. Duplex fiber normally has printing on one strand for easy identification. If it doesn't work, swap them. Do not stare into laser with remaining eye. Note: It is not uncommon for telephone installers to accidentally cross T-1 and 56K DDS when extending the jack. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ***** HELP: NAT Question ***********
On 15 Oct 2000 11:05:44 -0400, GNOME <[EMAIL PROTECTED]> wrote: :Hi : :Pls see the following sample config : :int serial1/0 : ip address 200.10.10.1 255.255.255.252 : ip nat outside : :int fastethernet 0/0 : ip address 172.16.0.1 255.255.255.0 : ip nat inside : :int fastethernet 1/0 : ip address 201.0.0.1 255.255.255.0 : ip nat inside :! :ip nat pool provider 203.100.100.150 203.100.100.180 netmask 255.255.255.0 :ip nat inside source list 5 pool provider overload :! :access-list 5 permit 172.16.0.0 0.15.255.255 : :Question 1 :if someone access a server (201.0.0.2) coming into Serial 1/0, will the :router translate the destination ip address? : :Question 2 :Like wise, if the return traffic from 201.0.0.2 going out from Serial 1/0, :will the ip get translated? : :Personally i feel it will not but i have been getting funny result like when :outside do a NS Lookup the server, he will get some IP address from the NAT :pool. : :If i don't put "IP NAT INSIDE" at Fastethernet 1/0, when i try to ping (for :example) from 201.0.0.2 going out from Serial 1/0, seems like cannot ping : :Any advice will be greatly appreciated. : : :Regards :[EMAIL PROTECTED] : : : :_ :FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html :Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] : -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ***** HELP: NAT Question ***********
OK, let's try it again, with content this time: On 15 Oct 2000 11:05:44 -0400, GNOME <[EMAIL PROTECTED]> wrote: :Pls see the following sample config : :int serial1/0 : ip address 200.10.10.1 255.255.255.252 : ip nat outside : :int fastethernet 0/0 : ip address 172.16.0.1 255.255.255.0 : ip nat inside : :int fastethernet 1/0 : ip address 201.0.0.1 255.255.255.0 : ip nat inside :! :ip nat pool provider 203.100.100.150 203.100.100.180 netmask 255.255.255.0 :ip nat inside source list 5 pool provider overload :! :access-list 5 permit 172.16.0.0 0.15.255.255 : :Question 1 :if someone access a server (201.0.0.2) coming into Serial 1/0, will the :router translate the destination ip address? No. You've specified it an an inside NAT interface, with no translation defined. You would need to set up a static translation to NAT from an outside IP to an inside IP. For example, assume that your server is on 201.0.0.2 and you want to map 203.100.100.2 to it. You would need to add the configuration line: ip nat inside source static 201.0.0.2 203.100.100.2 for each server that you want to statically map. :Question 2 :Like wise, if the return traffic from 201.0.0.2 going out from Serial 1/0, :will the ip get translated? Yes, if it is either defined by a static mapping or part of a pool. No, the way you have it. :If i don't put "IP NAT INSIDE" at Fastethernet 1/0, when i try to ping (for :example) from 201.0.0.2 going out from Serial 1/0, seems like cannot ping I would think you want it to be NAT outside if you want the 201.0.0.2 address to be visible as such (and not translated to something different) on the outside interface. What is the problem you are trying to solve? Do you want to have the servers on 201.0.0.1/24 appear on the outside with their native IP addresses, or do you want to translate them? If you want them translated, to what global address(es) and with what mapping? -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Circuit Test's help
On 16 Oct 2000 15:17:47 -0400, Juan Blanco <[EMAIL PROTECTED]> wrote: : Does any one knows any guide or document which will explain the set of :commands that can be use in a router in order to troubleshoot a circuit or :to test it. What type of circuit? What type of trouble? "show interface" would be a good start. Your message also was repeated in HTML, a wasteful nuisance. Please disable this misfeature. Thanks. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Another reason to disable HTTP server...
>From BUGTRAQ: Subject: Advisory def-2000-02: Cisco Catalyst remote command execution == Defcom Labs Advisory def-2000-02 Cisco Catalyst remote command execution Author: Olle Segerdahl <[EMAIL PROTECTED]> Release Date: 2000-10-26 == =[Brief Description]=- The Catalyst 3500 XL series switches web configuration interface lets any user execute any command on the system without logging in. This issue was extremely easy to find, as Cisco provides a link to it from the first page of the web configuration service. This is one of the reasons I have decided to go public with the issue so soon. =[Affected Systems]=-- Cisco Catalyst 3500 XL series switches Probably all Catalyst switches using the same or similar software. --=[Detailed Description]= Cisco Catalyst 3500 XL series switches have a webserver configuration interface. This interface lets any anonymous web user execute any command without supplying any authentication credentials by simply requesting the /exec location from the webserver. An example follows: http://catalyst/exec/show/config/cr This URL will show the configuration file, with all user passwords. ---=[Workaround]=- Disable the web configuration interface completely. Await software fix. Refer to your vendor's documentation for information on how to configure the switch to disable the web configuration interface. --=[Vendor Status]=--- Vendor was notified on 2000-10-10. I was denied any information about what other products might have the same problems and have not heard anything from Cisco since Expect a software fix release from Cisco soon. == This release was brought to you by Defcom Labs [EMAIL PROTECTED] www.defcom.com ====== -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX PPTP, no NAT
On Sat, 28 Oct 2000, Jim Bond wrote: > Hello, > > I'm trying to set up PIX PPTP without NAT but no > success. Cisco gives a sample config using NAT > http://www.cisco.com/warp/public/110/pptppix.html but > I don't understand why they use 192.168.1.0. > > Here is my topology: > 172.16.1.0/24(outside)---PIX---(inside)172.16.2.0/24 > I create a pool 172.16.1.100-172.16.1.200, but users > from outside can't reach internal network. According to this, it looks like you should have NAT. You have a different network outside than inside. Assuming you really mean no NAT, do you have a "static" statement mapping the addresses to themselves? It's a bit counterintuitive without NAT, but you should have something like static (inside,outside) 172.16.1.0 172.16.1.0 netmask 255.255.255.0 See the PIX command reference regarding "static". -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX PPTP, no NAT
On Sun, 29 Oct 2000, Andrew wrote: > >According to this, it looks like you should have NAT. You have a different > >network outside than inside. > > Don't all routers that are routing between networks? ;) The PIX is not > necessarily a NAT box. It performs statefull security for established > connections (translated or not.) A PIX is not a router. > And if you're not doing NAT (using NAT 0) then you don't need statics per > say. If you are trying to allow non-established connections in from the > outside then you would need to use conduits to open those holes. But you still need the statics to map the inside to the outside addresses in order to allow outside connections to the inside. You also need a conduit (or access list in the newer software). When not using NAT, you just map the same IP on both sides of the box to itself. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX PPTP, no NAT
On Mon, 30 Oct 2000, Andrew wrote: > A PIX -is- a router (firewall router.) Hence, ip route statements and the > ability to run RIP. It's a box with two (or more) interfaces that connects > networks. Granted, it's not a box you would use for 'normal' routing > functions but to say the PIX is not a router is just wrong. UNIX and windows hosts have default route statements, and some of them will do RIP. Cisco doesn't think a PIX is a router, either. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/config.htm#xtocid109169 See step 10. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX PPTP, no NAT
On Mon, 30 Oct 2000, Andrew wrote: > The PIX absolutely has default route statements. 'ip route outside|inside' True. My APC power strip has a default route statement, does that make it a router? If you try not to think of a PIX as a router, it will be a lot easier to understand. Yes, it moves IP packets from one interface to another under certain defined conditions. Routers also do this. So do proxy servers. But, you still need the static (inside,outside) for non-NAT applications where the outside will be allowed certain conduits to the inside. And, for non-NAT the inside and outside interfaces are in the same subnet. The PIX documentation is pretty good. The description under "static" in the command reference addresses this. Without NAT, the interfaces are in the same subnet, no routing. With NAT, there's address translation taking place, but not what one would normally think of as routing. The PIX is capable of recognizing whether a destination is part of an interface's local subnet and if not forwarding it to a gateway. But, packets arriving on the outside interface with a destination of an inside (higher security) interface are not handled by routing. The outside network is unaware of the existence of the inside network without a static mapping. This static mapping can be to a different address with NAT. This isn't what I'd call routing. The static mapping can also be to the same address without NAT, in which case both interfaces are in the same network. This, IMHO, isn't routing either. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE LAB Scenarios
On 4 Nov 2000 15:16:30 -0500, Shaw, Winston Mr. <[EMAIL PROTECTED]> wrote: :Who knows where CCIE practice Lab Scenarios can be purchased http://www.fatkid.com/ Many different practice scenarios, and they also rent rack time. The scenarios are free, and quite varied. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: connectivity problem
On Fri, 14 Jul 2000, Howard C. Berkowitz wrote: > Good points. When people first start looking at products, they must > realize that terminology varies from vendor to vendor, and even > within a vendors, the product designs represent responses to > perceived market needs, not necessarily specific OSI layering. > Cabletron, for example, tends to call everything a hub, even though > it may have full layer 3 routing. Their usage of hub is what I'd > call a card cage. Other companies call everything a switch, because > they have a market message "routing bad/switching good." Where I ran into the terminology issue and it caused a lot of headaches was with Cisco and H-P ethernet switches. What Cisco calls "Fast Etherchannel" H-P calls "Trunking". What Cisco calls "Trunking" H-P calls "Multiple VLAN Tagged" Arrrgh! Me: So set up the port towards the router as a trunk. HP guy: Trunked with what? Me: With the router. HP guy: No, trunked with what else? Me: With the three VLANs on the switch. HP guy: You've got to trunk it with another port on the router if you want it to be a trunk. Me: No, I've only got one trunk port on the router. HP guy: You can't use it as a trunk if you've only got one port! Me: Of course you can! Your switch will do dot1Q, right? HP guy: Sure it will. Me: Then give me a dot1Q trunk with your VLANs per the map we made. HP guy: That doesn't make any sense! Me: Where are the docs on that switch, let's figure this out... A couple of PDF files later, we were talking to each other. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Encapsulation ISL on Ethernet??
On Wed, 19 Jul 2000, Glenn Flood wrote: > I am trying to configure lab #78: ISL Trunk with Routing between VLAN's, in > the "All in one CCIE Lab Study Guide" and am unable to find an encapsulation > isl command available under int e0/0? Can this be done? Or is it more of the > errata that I have heard about this book? It has to be a FastEthernet interface and a Plus IOS. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help!: Lost passwords on a 2621,2501
On Wed, 19 Jul 2000, Tony Olzak wrote: > Connect to the console port and open the program Hyperterminal Private > Edition. If you do not have this, you can get it at http://www.hilgraeve.com > > Reset the 2501 and hit CTRL-BREAK during the boot. Type this at the prompt: > > o/r 0x2142 > i > > The router will now reboot. When the setup dialog box comes up, you can > either accept (which will reconfigure the entire router), or type "no" if > you want to recover the config. If you hit no, type this: > > en *** [Point A] > config t > config-reg 0x2102 > enable secret (whatever password you want goes here) > CTRL-Z *** > [Step A] copy start run > copy run start > reload Do step A at point A, do not do it where shown, and this procedure is correct. If you do it in the order shown originally, you'll wind up with the old password at the next reboot. Once you're in, you "copy start run" to load the configuration from NVRAM into the running config. Then you edit only the paramaters that you want to change; the enable secret and the config-register. Then you write the modified configuration back to NVRAM with copy run start. Then you reload. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: subnet vs. Vlan
On Thu, 20 Jul 2000, jeongwoo park wrote: > HI all > I have a question. > Cisco recommends that there be one-to-one relationship > between ip subnets and Vlans. > When the number of devices on a Vlan exceeds the > number of host ip addresses per configured subnet, > more than one subnet can exit on a Vlan. > Having said that, my question; > There are two subnets in a Vlan. Do we need a router > to interconnect these two subnets? Yes. The router would have a secondary IP for the second VLAN. Don't forget split-horizon issues in this case. > I know that we need a router to interconnect two > different Vlans. > In addtion to that, can more than one vlan exist on a > subnet? Yes, but why? You could connect a crossover cable between ports on two or more VLANs or you could bridge. Doing either makes them essentially the same VLAN logically. > if so, do we still need a router to interconnect > different vlans even if there are in a same subnet? No, you can do it with a twist cable. But, why would you want to? -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: off topic math question
On Sun, 23 Jul 2000, Marco Rodrigues wrote: > Each guy didn't pay $9 for each room. $25 / 3 is 8. ... + 1, is > 9.3 multiply that by 3 then add $2. Comes out to $30 for me. Am I > missing the riddle here people? :) heh Each guy paid $9. There is no extra dollar. The manager accepts $30, gives back $3 in change, keeps $2 for himself, and pays the hotel $25 for the room. 3 + 2 + 25 = 30 > 3 guys go to a hotel, the manager says the room is $30. Each guy puts in $10 > then go to sleep. > > The next manager decides the room is really only $25, but decides to keep $2 > for himself. > > He then hands each guy back $1 each. > > The Question is if each guy paid $9 for the room, and 3*9=27 +2(the manager > took) what happens to the other dollar, since 27+2=$29? The "$27 + $2 = $29" is the faulty logic. The $27 is the sum of the room cost and the $2 skimming by the crooked manager. The three guys each got $1 in change which needs to ba added to this to arrive at the original $30. I don't know if there is a name for this particular riddle. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fiber
On Tue, 25 Jul 2000, Jeff Duchin wrote: > Quick question... is there a major difference (besides the connectors) > between SC and ST MMF? Does one perform better than the other? Also, what's > the difference between Duplex and Simplex and Riser/Plenum? I know what > Plenum is used for as far as fire safety in the ceiling/walls. Any help > would be cool. Just the connectors. In an emergency, one can shove a round peg into a square hole. (ST will friction-fit into most SC fittings and work.) No significant performance difference. In terms of the physical medium, duplex is two fibers with a figure-8 jacket. Looks a lot like lamp cord. Convenient because the transmit and receive fibers are physically tied together into a common jacket. Simplex is a single fiber. Riser/Plenum has the outer protective jacket made of a material that does not produce toxic fumes (or produces less such fumes) when it burns. The glass fiber itself doesn't burn, but the outer jacket is plastic. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: can't see secondary routes
On Tue, 25 Jul 2000, Barronton, Ken wrote: > Hello All, > Long time watcher, first time post! > Partial config below from a 4500M. > Problem - When redistributing can only see 100.0 network. Can't see > secondaries of networks 101.1 or 102.1 out FastEth0. > > Help!?! Hint: What mechanism prevents sending a route out the same interface from which it was learned? -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can two High density Serial ports be tied together?
On Tue, 25 Jul 2000, rtc wrote: > A HSSI high density serial port is 50 pins and the size of a normal PC > serial connector. > We need a cale that goes [50pinHSSI high density serial port]--- [50pinHSSI > high density serial port] > > Its the only we can tie our 7513 to our other 3 routers because we cant > afford more Ethernet Boards. Normal HSSI cables are identical to small-format 50-pin SCSI cables. However, you'll need a HSSI null-modem cable... Or a pair of DS-3 CSU/DSUs and two regular HSSI cables. If you can't afford more Ethernet boards, forget about the DS-3 CSU/DSUs. Cisco sells a CAB-HNUL cable that does what you want, list price US$ 100. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Boot ROM upgrade
On Fri, 28 Jul 2000, Chuck Larrieu wrote: > Oh, BTW, you need something called a PLLC chip extractor to pop the old > proms. Good luck finding one. :-> If you can't find one, the real-life equivalent of that annoying pop-up "assistant" thing that clutters recent Microsoft Office application programs will do it. (A paper clip slightly bent and inserted in the groove adjacent to the corner. Pry from under the chip. Note the chamfered corner on the socket and the chip, line up accordingly.) -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Dealing with the garbage mail...
On Fri, 28 Jul 2000, whatshakin wrote: > Ok, so where's the technical Cisco newsgroup these days Chuck? Same place it's always been. comp.dcom.sys.cisco (I believe also mirrored to cisco-spot listserver). -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Run out of IP addresses.
On Tue, 1 Aug 2000, Swart, Douwe wrote: > I was reading an article the other day for CCDA, and it raised the following > question - > > You support a network getting close to using their complete range of ip > addresses. They need to add another 30 computers and hence IP addresses. > They do not have 30 IP addresses. How would you configure this, and why? Hint: NAT. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Run out of IP addresses.
On Tue, 1 Aug 2000, Swart, Douwe wrote: > These are internal addresses only, and don't need access to the Internet. > Just need the addresses for new machines. Your scenario indicated "running out" of addresses, indicating that the present pool was exhausted. NAT with overload is a way to get around this. Your idea of a secondary interface on the same wire will also work, but can get messy with WINS, split horizon,traffic being routed to the same physical wire causing congestion and burning router CPU, etc. Or, you can change the netmask to a larger one if space is available on either side. For example if you now use 192.168.1.x 255.255.255.0 you could go to 192.168.<0-7>.x 255.255.248.0 and increase the network by a factor of eight. As with many scenarios, there are multiple solutions. If the whole thing is using private addresses, I'd change the netmask to something larger. If this is a design lab or exam question, there may be some constraints that steer you to a specific solution. DHCP is something else that may be thrown in just to make things interesting if the scenario states that no more than x% of the machines will be on at any time. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Way OT
On Tue, 1 Aug 2000, Steven Smith wrote: > Sorry for the post to all but desperate times..well you know. Can > anyone guide me to some guide lines for the way a data center should > be built? You know raised floor yes or no etc.? You might be better off reading the archives of inet-access or isp-equipment. Dejanews can be your friend as well. IMHO, raised floor is useful as an air plenum and possibly for power, but not a necessity. Use overhead cable ladder for communications wiring and fiber. Adds, moves, and changes with raised floor are a PITA. If you're starting from scratch, consider a 48VDC power plant and DC-powered equipment, telco style. Air conditioning, fire suppression, security, etc., etc. are all part of the equation. I can put you in touch with people who do this for a living, off-list. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSU/DSU lab
On Tue, 1 Aug 2000 [EMAIL PROTECTED] wrote: > oh really? I thought 1,2 go to 4,5 and vice-versa... I dont think the cisco > console cable will do that! > > Fanglo, you need to have pins 1,2,-,4,5 on one end go to 4,5,-,1,2 on the > other end. For T-1 CSU/DSU, you're correct it's 1,2 <-> 4,5. For 56K DDS CSU/DSU it's 1,2 <-> 7,8 and a rollover console cable will work. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: what is mean by EIR on the frame relay???
On Thu, 3 Aug 2000, Sim, CT (Chee Tong) wrote: > However, I would like to ask you > > 1)what is mean by EIR on the Frame relay? Can any one tell me? Might you mean CIR? Committed information rate? > > 2)If I found the link is up between two router, Is this a circuit that has worked in the past and stopped, or a new turn-up? The answer to this question can cause a different approach to troubleshooting. Assuming frame-relay encaps because you mentioned frame-relay in question 1... > > router A > interface is up and protocol is down > modem status is DCD=up DSR=up DTR=up RTS=up CTS=up The physical circuit to the router is OK. It _probably_ is talking to the frame-relay switch OK, especially if the circuit has worked in the past and just quit. The DCD=up and CTS=up show that the physical layer is good, or at least connected. If "sho int" contains a line like: LMI enq sent 209473, LMI stat recvd 209473, LMI upd recvd 0, DTE LMI up then the "DTE LMI up" verifies that this router is good to the switch. "sho frame pvc" should show the DLCI as USAGE = LOCAL and STATUS = ACTIVE for the DLCI of the circuit between the two routers if everything is happy. If the remote router is not happy, then you'll see STATUS = INACTIVE. If the PVC isn't built in the switch, you'll see STATUS = DELETED or nothing at all for that DLCI if you're using inarp. > > but at the router B, > the interface is down and protocol is down, > the modem status is DCD=down DSR=up DTR=up RTS=up CTS=down. This router or its CSU/DSU if external is not communicating with the frame-relay switch. Look for trouble on the physical wiring to this router. In the real world, this is almost always a telephone company issue. In a lab, it could be a bad or miswired cable. > What is likely the cause of the problem? A tech at the telco closest to router B looped its NIU while mis-reading a circuit ID trying to fix something else. (That's the most likely cause, but don't expect to find it on the test.) > Is that the modem of router B got > problem or serial port of router B got problem or the link within the > service provider got problem If this is a previously working circuit, it's most likely a telco issue between the frame-relay switch and router B. A loopback plug on the line to the CSU (1-4, 2-5 for T1, 1-7, 2-8 for 56K) cusing DCD to go "up" will isolate it. Note: Telephone companies are notorious for blaming the customer and looping the wrong circuit. Carry a loopback plug in your tool kit. When telco claime "It's good to the NIU", plug your loopback plug into their smartjack and ask them to run to it. Unplug it and see if the loop goes down. In the real world, if a circuit has been working fine for months or years and suddenly quits, what has probably happened is that a telco tech, in the process of troubleshooting something else, accidentally hopped on to your circuit and put a smartjack in loopback. When you call in to report the problem, they'll test things and knock down the loop that they put up by mistake earlier. Then it will work again, and get closed out as another "came clear while testing." The second most likely cause is that someone clipped a butt-set on your data pair which wasn't documented correctly, didn't hear dial tone, and swiped it for something else. This takes longer to fix, but telco will still probably claim "came clear while testing" even though they know better. A lot depends on the competence of your local telephone company. Hint: If they are spending millions of dollars right now on a massive, saturation TV ad campaign just to announce that they're changing their name while under the threat of a labor strike, then perhaps they have their priorities wrong. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLANing Cisco and HP 4000M swtiches
On Fri, 4 Aug 2000, Dost wrote: > Hi there: > > I will be setting up VLANs and QOS using HP Procurve 4000 and Cisco > switch. My first question is Cisco and HP switches are compatible > to each other ? > Would I need any thing else other than updating IOS on Cisco switches ? We've used Cisco 2621s with HP Procurve, dot1q encapsulation without any problems. You'll probably have to configure the VLANs manually as opposed to VTP, but I can't see why they wouldn't play well together. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DSU/CSU Back-to-back with T1 crossover
On Sun, 6 Aug 2000, Tim Ross wrote: > I am trying to connect two routers via back-to-back Adtran DSU III AR and > an Adtran 56/64 DSU and am not having any luck. I've set the clock to MASTER > on the DSU III and set both to 56K, but still get open loop on the DSU III. > I made (and tested) the cable with 12-45 crossover, but didn't use other > wires (are they required for anything?). I keep getting Open Loop errors on > the DSU III, although I've tested the cable. Could it need a different > crossed pairs? From reading its manual, it appears to need 12-78 crossed. Yes, for 56K DDS it's 12 - 78 crossed. A Cisco blue "rollover" console cable will work. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hssi interface mystery??
On Mon, 7 Aug 2000, Jason wrote: > hi all > > anyone knows what a hssi interface in router does?? About 50 Mb/s. It's a High Speed Serial Interface. Connector is the same as small-format 50-pin SCSI. Most commonly used with an external DS-3 CSU/DSU for 45 Mb/s circuits. Can go as high as 52 Mb/s, however. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: WICs
On Thu, 10 Aug 2000, Montgomery, Robert WARCOM Contractor wrote: > Is installing a WIC and/or memory in routers typically a simple job or a > tedious, drawn-out process? I guess I'm looking for the horror stories... Power down the router, plug it in, power it back up and you've got a new interface. Some of the WICs are fairly involved in terms of configuration, such as drop-and-insert T1. The WICs with built-in CSU/DSU functionality have a configuration subset "service-module" where you set linecode, framing, clock source, etc. It's a lot less hassle than external CSU/DSUs and cables, IMHO. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Watchdog restart...(anybody?)
On Tue, 15 Aug 2000 [EMAIL PROTECTED] wrote: > Hey Team, Here is a piece of the show ver command: > > Atlanta_1 uptime is 10 minutes > System restarted by watchdog timer expired at 05:59:11 pdt Tue Aug 15 2000 > > Here's the deal. We manage net's for various clients where we get snmp > tickets from our clients. We got one that said Cisco Up with reboot. We get > these often but this one said the cause was due to a watchdog timer expiring. > Nobody in the office can figure out for sure what this is. I went to CCO and > got this from them on the watchdog timer: "Hardware or software mechanism > that is used to trigger an event or an escape from a process unless the timer > is periodically reset. See also watchdog." Not Cisco-specific, but generically here's what this means. CPU software normally runs in a closed loop. It processes tasks, performs calculations, handles input, produces output, and goes around and around. If the main proces gets confused or gets out of the loop, then the machine is "hung", and performing abnormally. To get it back into a sane state usually means turning its power on and off, hitting a hard reset button, or similar external stimulus to re-initialize the process and get it back on track. A "watchdog timer" operates in somewhat the opposite manner as a live canine watchdog. A real watchdog is asleep until it hears a burglar, and then it wakes up and generates a stimulus such as barking. Within the main software loop of a program, there can be written an instruction to reset a timer to zero. If the program normally finishes its loop and gets around to the same point once every second, then the timer might be set to something like ten seconds, or far greater than the normal time to compete the loop. Under normal circumstances, the timer never runs out because it's being periodically reset by the program. If the program gets wedged, it will fail to repeatedly run the "reset the watchdog" routine, the timer will expire, and when it does it will reboot the system. Think of it in the same terms as the heart rate monitors you see in hospitals. (Or on TV shows of hospitals if you don't spend lots of time in hospitals.) Under normal circumstances, the heartbeat keeps the monitor silent. If the heartbeat stops, the alarm sounds, and out come the guys with paddles and a jolt to reboot the patient. Not necessarily limited to a particular flavor of router or switch, common in many devices. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How to pronounce? router
On Wed, 23 Aug 2000, Ole Drews Jensen wrote: > I, being from Denmark, have used the word both there and in Houston, Texas > where I have lived for the last four years, and both places I have always > used and heard it pronounced "rau-dor". > > I have never heard it pronounced "roo-ter" - not even at Hooters :-) In Australia, it depends on how the device is performing. "This worthless "roo-ter" reboots itself every couple of hours and loses its OSPF configuration for no reason." "I have a "rau-ter" which has been up for over a year and performs flawlessly." -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE WRITTEN
On Mon, 28 Aug 2000, kenny wrote: > Hi guys , > Any body try purchase the http://www.cciewritten.bigstep.com/ ? > Any comments ? I for one will never do business with spammers. [snippage] > >> Also, after your initial purchase, you will receive FREE updates for the > >> lifetime of this product when available!!! Which isn't likely to be very long if this abuser gets his connectivity yanked for spamming. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX configuration
On Mon, 28 Aug 2000, SH Wesson wrote: > My network is as follows: > > > > Ethernet Segment ---|PIX||RTR|--OUT TO INTERNET > INTERNAL DMZ EXTERNAL > > I have a few servers out in the DMZ zone. How and what is the standard for > security configuration for the PIX and the RTR (router). Is the RTR suppose > to shield only the servers in the DMZ and allow all other access inside? Is > the PIX suppose to be configured such that any traffic from the Ethernet > Segment on the INTERNAL network going through the INTERNET is filtered and > allowed via the OUTBOUND list on the PIX. How about the conduit? How is > that suppose to be used. A lot depends on your business model, what services the DMZ servers are offering to the Internet, and what permissions you wish to allow the internal users. Are you using NAT at the router? At the PIX? Both? How will this scale? Any plans for a remote office? Remote users need access to resources in DMZ? Inside? > I have the network pretty much setup, but wanted some suggestions as to if > I'm doing it right. I'm currently using the RTR to protect the servers in > the DMZ as well as placing some security for inbound connections while using > the PIX to establish/filter what traffic can go outbound and what can't. > How about traffic coming inbound from the INTERNET, should that type of > traffic be filtered on the RTR or by using the conduit on the PIX. Any help > with how to setup security at what section of the network (where) would be > greatly appreciated. Thanks. As a first cut, I would place an access list on the router that allows established connections DMZ -> outside and also allows inbound connections to those ports on those servers you have in the DMZ. You'll also likely need to allow UDP port 53 for DNS. Will one of the DMZ servers be a name server? If so, will it be authoritative for any zones, and need to do zone transfers to a secondary (TCP 53)? With a deny any any log at the end of the router access list you can see what holes you need to open if things aren't working as planned. The PIX will by default allow connections originated on the inside to connect to the outside, so the configuration should be minimal there unless you're either denying certain types of traffic originated inside, or plan to allow static mappings and certain traffic originating from DMZ or internet to reach hosts on the inside network. There's no reason not to deny unwanted and/or malicious traffic both at the router and at the PIX. More security. If a host in the DMZ gets compromised, it's nice to have another defense for the inside. The biggest problems with this type of setup are customer related, not configuration or hardware. You design a secure network and then someone demands the ability to use PCAnywhere to get to his inside workstation or worse yet hangs a modem on it. Insist on IPSEC/VPN for such idiocy if at all possible. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: y in vty stands for ..?
On Wed, 30 Aug 2000, CCIE TB wrote: > hi group > > does anybody know what the y stands for in vty lines ? TTY is a very common abbreviation for TeleTYpewriter. As the terminal is essentally a "Glass Teletype", or ASCII input-output device, it is most likely an abbreviation for Virtual TeletYpewriter, perhaps shortened from VTTY. Radio teletypewriter transmissions on shortwave are known as "RTTY", for what it's worth. The name "Teletype" is a trademark, BTW. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Connectivity Issues with ping/tracert
On Wed, 30 Aug 2000, David Ristau wrote: > > a web site say 12.0.0.1 sits out on a public network, > > a user across the nation, say in Oregon, on his workstation > host 10.0.0.5 cannot ping the server at 12.0.0.1 > > the user telnets into his Cisco router at 10.0.0.1 and > can ping the server at 12.0.0.1 > > the user goes out the the internet to several looking-glass > sites and can ping/tracert to the server. > > There are no filters on the 10.0.0.1 router > > it appears there are no filters in the path to the > 12.0.0.1 router from the 10.0.0.1 router > > any ideas why this happening or ways to figure it out... * The netmask or gateway on the workstation 10.0.0.5 is misconfigured. * Assuming that the 10. addresses are really what is used, NAT is not properly configured on the router. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISL on sub-if
On Sat, 2 Sep 2000, John Hardman wrote: > Make sure you specify the encapsulation before the IP address. You also must be running a "Plus" IOS image. ISL only works with Fast and Gig Ethernet ports, not standard Ethernet. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISL on sub-if
On Tue, 5 Sep 2000, whatshakin wrote, in one ridiculously long line: > I just tried 12.0.3T3 Enterprise Plus and 12.0.4T IP Plus on a 2621 > and neither version has an encapsulation command available under the > interface config mode. Did you create a sub-interface and try it there? It works for me on a sub-interface, 2621, Version 12.0(7)T, c2600-d-mz_120-7_T.bin. You must have: 100-base-T or 10/100 or Gig ports A "Plus" image -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Telnet password
On Wed, 6 Sep 2000, Marshal Schoener wrote:
> Thank you :-)
> That is almost exactly what I am seeing.
> Only difference is the password is: 7 a9vyt3...
> 7 is in front...
> So, that means it is encrypted.
> If I want to change this, can I just go in and change it there, or
> is there something else I have to do first?
You can simply change it
conf t
line vty 0 4
password WORD
if you have service password-encryption enabled, then when you show run it
will be encrypted. When changing it, don't include the "7" ahead of the
password, or the router will assume you're entering the encrypted string.
Likewise, don't use a password that starts with "7" (or "5").
The encryption is rather weak on all but the enable secret, btw.
--- cut here ---
#!/usr/local/bin/perl -w
# $Id: ios7decrypt.pl,v 1.1 1998/01/11 21:31:12 mesrik Exp $
#
# Credits for orginal code and description [EMAIL PROTECTED],
# SPHiXe, .mudge et al. and for John Bashinski <[EMAIL PROTECTED]>
# for Cisco IOS password encryption facts.
#
# Use for any malice or illegal purposes strictly prohibited!
#
@xlat = ( 0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41,
0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c,
0x64, 0x4a, 0x4b, 0x44, 0x48, 0x53 , 0x55, 0x42 );
while (<>) {
if (/(password|md5)\s+7\s+([\da-f]+)/io) {
if (!(length($2) & 1)) {
$ep = $2; $dp = "";
($s, $e) = ($2 =~ /^(..)(.+)/o);
for ($i = 0; $i < length($e); $i+=2) {
$dp .= sprintf "%c",hex(substr($e,$i,2))^$xlat[$s++];
}
s/7\s+$ep/$dp/;
}
}
print;
}
# eof
--- cut here ---
If you don't have a perl interpreter, e-mail me the string starting
with "password 7" and I'll let you know the plaintext.
--
Jay Hennigan - Network Administration - [EMAIL PROTECTED]
NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/
WestNet: Connecting you to the planet. 805 884-6323
___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Telnet password
On Tue, 5 Sep 2000, Dale Holmes wrote: > Then you are done... Note that you will not be able to determine what the > new password is from reading the config... If you want to be able to see the > password in the config file in plain text (and I have NO IDEA why you would > want this), use the "no service password-encryption" command from global > config mode... Note that this won't work to display a password that has previously been encrypted. In other words, if "service password-encryption" was enabled when the configuration containing the password was saved, then going back later and entering "no service password-encryption" won't cause it to display. See the perl script I posted previously if you really need to do this. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Routing 2.0 passed!!!
On Tue, 5 Sep 2000, Yee, Jason wrote: > thank you, do you mind if I send an invitation to you to join my e-circle on > cisco certification? There exists this list, do we need another? -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BCSN
On Wed, 6 Sep 2000, Jason Baker wrote: > VLAN's are for enhanced security. Nomention of it in E. > D would be correct I would vote for E, if a single choice. All of them have some part of the answer that appears somewhat bogus. D mentions redundant access, which VLANs aren't really designed for, but the security part fits. Answer E correctly addresses the reduction of broadcast domains, but the hyperlinks part of the answer is wacko. > I don't see why D is preferable than E > > cslx wrote: > > > if it is a single choice,it is D,otherwise it is D,E > > "Donald B Johnson Jr" <[EMAIL PROTECTED]> wrote in message > > 02c001c0178c$1643b450$[EMAIL PROTECTED]">news:02c001c0178c$1643b450$[EMAIL PROTECTED]... > > > What would be the right answer to this question. > > > I got this off the cisco site and I answered c but they marked it rong. > I > > > think this is a mistake. > > > Thanks > > > Duck > > > VLANs have been designed to _. > > > > > > A. address forwarding decisions based on transport layer information > and > > > spanning tree > > > scalability > > > B. maximize the amount of traffic switched at Layer 3 and minimize the > > > amount of traffic switched at Layer 2 > > > C. address the scalability issues of a flat network topology and the > > > addition of network > > > management through Layer 3 routing protocols > > > D. address redundant access to the workgroup and migration of servers > to > > > server farms for increased security and management of data resources > > > E. address segmenting broadcast domains while still providing > > network-wide > > > shared services and allowing users to use hyperlinks to hop > transparently > > > between servers across enterprise networks -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Hard Scenario in 3rd world
On Wed, 6 Sep 2000, Leonard Ong wrote: > I would like to ask for the following Scenario. > Our country has depleted its ISDN Supply and we have to go either leased > line or analog phone to have interconnection to ISP. How can a country run out of ISDN? > We have a leased line ( frame-relay ) to our ISP, however we would like to > have a backup procedure when this link goes down, we would like to have like > DDR but using analog modem ( say aux port ??? ) to dial up to another ISP > using regular dial up account. > > 1) Will only Aux will achieve this or other alternative ? The aux port can work, or you can use a serial interface as long as it supports a regular modem. > 2) how to make sure the routing static entry automatically change when it > detects primary connection goes down, adn move the default gateway to the > dial up interface. Look into the "backup interface" command. > 3) Making it harder the dial up account will assign dynamic IP. You'll want to use NAT on the router, and ip address negotiated on the dialup interface. > So basically it's > > Switch Router - leased line to ISP's router Same or different ISP? Will you have any servers on the network, or all internet users? If servers, you'll need to use the same ISP with a means to route the same IP network over either the primary or backup path. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: dns
On Wed, 6 Sep 2000, Nurarif Wibawa wrote:
> Hi,
>
> I need a solution for the configuration below:
>
> Internet
> | |
> | |
> ISP A ISP B
> | |
> | |
>Customer
> |
> Web Server
>
> Web Server will has 2 IP addresses, one will be given by ISP A and the other one
>will be given by ISP B.
> Primary DNS server is on ISP A and secondary DNS server is on ISP B.
> The DNS server on ISP A has two records for customer's web server, for example :
> www a 10.0.0.1 (IP address given by ISP A)
> www a 20.0.0.1 (IP address given by ISP B)
> The goal is to use dual ISP for back-up purpose, so the web server will serve for 24
>hour / day.
> Since the DNS server only load balance between two same host records, how about if
>one link is broken ?
The right way: Use BGP.
Another right way: Put the server in a multi-homed co-lo facility.
An ugly DNS hack:
Internet
| |
| |
ISP A ISP B
| |
| |
DNS A DNS B
Customer
[NAT]
Web Server
Both DNS A and B are located at customer's premise and are authoritative.
Both have relatively short TTL, on the order of a few minutes. DNS A
advertises the address on ISP A's network, and B on B's.
In theory, if ISP A becomes unreachable, then DNS A will also not be
reachable and only the announcement by DNS B will propagate.
Drawback: sub-optimal routing. Suppose a web surfer on ISP A, using
perhaps even the same router as customer makes a DNS query. By random
chance, that session is directed to DNS B. This visitor will be passed
the IP address of B, and take the long way around the internet to get
to the server. Try to pick two ISPs which have good peering to each
other.
--
Jay Hennigan - Network Administration - [EMAIL PROTECTED]
NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/
WestNet: Connecting you to the planet. 805 884-6323
___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HW rev for FE PA,2-Ports
On Wed, 6 Sep 2000, STRAND Scott wrote: > Is there a command to show the HW revision of a FE 2 port card that > is in a 7207 VIP? I looked at the show controllers options and > didn't find what I was looking for. show diag HTH. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Telnet password
On Thu, 7 Sep 2000, Marshal Schoener wrote: > Thanks for the info... > My only problem now is that, "no service password-encryption" > doesn't seem to be doing anything. I don't have a need for it, but I wanted > to see it work :-) > I'm doing it from global config mode!!! > Do you guys know what the problem can be? No service password-encryption is the default, unless it's changed very recently. With that set, enter a password for the vty lines, or another password. Then do a "show running-config" and you'll see the password in clear text. Next specify "service password-encryption" and you'll see the password preceded by a "7" and encrypted. Reverting to the "no" will not cause previously encrypted passwords to show in the clear again. Note that the enable secret is always encrypted, using a different and much stronger algorithm. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: could this be a routing problem
On Thu, 7 Sep 2000 [EMAIL PROTECTED] wrote: > Hi all, i have a problem connecting to a server in one of our sites, i can > ping the router on the remote site, but cannot ping the server, when i > telnet unto the remote router i am able to ping the server, any ideas > please Check the setting on the server for default gateway. It should match the ethernet address of your router. Verify that the server and router are in the same subnet. do a "show ip route" to verify that things are good on the router. Make sure that some idiot didn't type "no ip routing". In the vast majority of these scenarios in real life, it's the default gateway setting on the server. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associate-Announcement.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: More 2924Xl switch IOS upgrade problem
On Fri, 8 Sep 2000, Richard wrote: > The switch I am trying to upgrade is a 2924XL w/ approximately 1.8flash and > 5meg of ram. This comes with a standard IOS version. After upgrading it to > enterprise edition same version number as its original one, I get boot > problem after rebooting. I'd appreciated some pointers on how to getting > this backup. If this switch can't run enterprise edition, how would I go > about putting its standard version back on? Cisco's first run of 2924XL switches were of a different architecture. The cabinet is physically deeper, and the RAM is 4MB rather than 8. They take a different series of IOS images, specifically compiled for the early hardware. It's somewhat confusing on CCO. Try this link for images for the earlier 4MB switches: http://www.cisco.com/cgi-bin/tablebuild.pl/cat2900XL-4MB Archived earlier images are hree: http://www.cisco.com/cgi-bin/tablebuild.pl/cat2900XL-4MB-archives You'll need CCO access. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Modem question
On Sat, 9 Sep 2000, Mari Misato wrote: > Hi Group > > When you use a 56K modem to connect to internet, > you never achieve 56K. For example, sometimes it > shows that the bytes sent at 48000 bps, sometimes > 45000 bps, everytime it's different. So, where has > those "bandwidth" gone to?? (<--please correct if > I'm wrong on this) So, can I conclude that a 56K > modem is only theoretically 56K??? Marketing. It's gone to the same place as the extra miles on the MPG estimates, the extra minutes of runtime on cellular batteries, etc. During the lengthy "song of modems mating" heard when the call connects, both ends test the ability of the analog line to handle various combinations of level, phase, and frequency, and negotiate the highest speed at which data can be passed at that particular time over that particular connection, with a resonable and correctible error rate. During the process of the call, the top speed may be renegotiated. And, anything over 33.6 only occurs if one end is a digital (ISDN or T-1) connection, and only in the direction from the digital side to the analog side. Your mileage may vary. Batteries not included. This 56K modem was full when packed. Contents may have settled during shipment. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Solaris station connect to the console?
On Fri, 8 Sep 2000, zhi huan wrote: > I have a Solaris workstation, how to connect the router console port through > serial port? Use a regular Cisco serial cable. You may need a gender changer. Access the router with the program "tip", or get and install "minicom" or Kermit, or any of several others. Tip is bundled with the Solaris distribution, but the other programs are more flexible. I particularly like minicom. More info here: http://www.stokely.com/unix.serial.port.resources/ -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: The difference between crossover and rollover cable
On Fri, 8 Sep 2000, Lists Wizard wrote: > Can any body show me if there is a difference in definition between > crossover and rollover cables. Ethernet crossover: 1 - 3 2 - 6 3 - 1 6 - 2 T-1 crossover: 1 - 4 2 - 5 4 - 1 5 - 2 56K crossover: 1 - 7 2 - 8 7 - 1 8 - 2 Rollover: 1 - 8 2 - 7 3 - 6 4 - 5 5 - 4 6 - 3 7 - 2 8 - 1 Where, looking into the jack, __ |12345678| |____| |__| A rollover will work for a 56K crossover in a pinch. Substituting a straight-through for a rollover gives a null-modem function for Cisco console aux and async ports. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
