2503 Console port [7:73965]
hi, i am sure this is basic but I am having trouble. I have a 2503 that I would like to use for some testing... When I hook a laptop to it by console cable, I can see the router boot up, but after it is done booting I cannot get anymore response out of the darn thing! I can break the boot and go into rommon and ensured the confreg was 0x2102. for kicks I set it to o/r 0x2101 to put it into the boot image but the smae thing happened. It gets allt he way through and I can't get any further... any ideas? below is the screen capture of where I lose contact w/ the router. THANKS! jim 00:02:00: %SYS-5-CONFIG_I: Configured from memory by console 00:02:01: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed state to down 00:02:48: %SYS-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JK8OS-L), Version 12.2(1d), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Sun 03-Feb-02 22:01 by srani Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73965t=73965 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
VPN logging ACS server [7:73297]
Hello all, I have 3.6 Clients connecting to a PIX 515 and using Xauth. Everything is just grand except I need a way to get a reporting of everyuser that logs in and how long they were connected. Preferably including start and stop times. OUr ACS server is great for showing when the connection was made by making an entry in the Passed Authentications But it does not record when the VPN is torn down. Any solutions, suggestions, comments on how to capture the teardown so I can make a reporting of how long the user was connected? I sthere and ACS fix, a PIX fix..someother fix ( using an ISA server) I am open to all sorts of suggestions. thanks, jim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73297t=73297 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Superstitious Switches? [7:72746]
Actually, I think Chinese that are superstitious would prefer 8. Eight in Chinese is Ba which sounds close to fa which can mean prosperity. Port 88, 888, or would be even better. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MADMAN Sent: Wednesday, July 23, 2003 10:41 AM To: [EMAIL PROTECTED] Subject: Re: Superstitious Switches? [7:72746] As far as I can tell there is no one definitive known reason but several plausible reasons. I also understand some cultures like the Chinese consider 13 lucky:) Dave Raj wrote: Anybody knows when and how did the number 13 get so unpopular? Whats the story behind it? MADMAN wrote in message news:[EMAIL PROTECTED] There is a reason many hotels don't have a 13th floor;) Dave John Neiberger wrote: This is not a joke, I promise, but it is very strange. Have any of you noticed that by far the most problematic port on the Catalyst 2950 switches is port 13? I'd bet money that at least 20% of the time we have a problem with a device connected to these switches they're connected to port 13. Just in the last two days we've had to troubleshoot *three* separate instances of users in port 13 on these switches, and I can think of at least three more in the past. I once had to RMA a 2950 because port 13 died. Doesn't this seem a little odd? I think I'm going to stop walking underneath ladders until I get this resolved! John -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 Government can do something for the people only in proportion as it can do something to the people. -- Thomas Jefferson -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 Government can do something for the people only in proportion as it can do something to the people. -- Thomas Jefferson Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73073t=72746 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: do you know why? [7:72352]
Actually, this can be completely normal behavior for the PIX. It has nothing to do with filtering or any magic or any bugs. The ASA algorithm in the PIX will not set up an xlate for the inbound traffic (as debugs will show) until the traffic is allowed from a higher security interface to a lower one. If the static (inside,*) is used ( * being dmz or outside) then it will go ahead and place the xlate. If you are using a NAT stmt and Global it will not. The traffic must qualify for the xlate and then 2 way traffic can exist. The only other rules ICMP has to deal with is for PAT (since there are no ports in ICMP only literals. This is overcome by the same method as overcoming GRE, a hash is created and each packet is inspected. Now, if you have a case where you have the static defined and your conduit/ACL is correct THEN you may have found a bug. (I did a quick check on Bug Navi and did not see any. You just can't reason with a PIX like you can a router! It doesn't run IOS!! Thanks, Jim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Neiberger Sent: Wednesday, July 16, 2003 10:58 AM To: [EMAIL PROTECTED] Subject: RE: do you know why? [7:72352] PIXes, at least with previous releases, are highly directional in nature and will apply a different set of rules depending on the origin of the traffic. For example, traffic originating on an 'inside' interface is subject to far fewer restrictions, by default, whereas traffic originating on the outside is blocked by default. As has already been mentioned, ICMP has another set of rules that need to be dealt with in addition to the usual rules. John Wilmes, Rusty 7/16/03 11:31:51 AM I'd think that if it was an access list that it would either work or not work but NOT not work until you try it from the other side. -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 8:23 PM To: [EMAIL PROTECTED] Subject: Re: do you know why? [7:72352] I'm not very familiar with the newer releases of PIX software, but do you have to enable ICMP on those interfaces? It looks to me like you only have ICMP allowed going one direction. This is a very common problem and easily fixed. Also, if something is being blocked it should be apparent from the logs why it was blocked. HTH, John - Original Message - From: Vajira Wijesinghe To: Sent: Tuesday, July 15, 2003 4:23 PM Subject: do you know why? [7:72352] I have a pix firewall and i have a strange problem. If any one of you have come across this pls let me know the solution. I have few servers at both sides of the PIX. eg. Server-A at Outside zone and Server-B at Inside zone. 1. When I ping from Server-B to Server-A, I get request timeout. 2. Now I go to Server-A and start a ping to Server-B. It works fine. 3. Then again I go back to Server-B to ping to Server-A, and now it starts pinging!!! Can anyone of you explain this??? I need to get this thing resloved and straight away ping from B to A. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72427t=72352 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Power Sessions 2003 [7:72222]
Good stuff. http://www.cisco.com/networkers/nw03/presos/index.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matrix_pk Sent: Sunday, July 13, 2003 7:57 PM To: [EMAIL PROTECTED] Subject: CCIE Power Sessions 2003 [7:7] Anyone aware of URL for 2003 networkers power session? Thanks, Shahid - Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72228t=7 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Port Adapter [7:70772]
it really depends on how the ISP is dropping the T1 to you. What encapsulation they use etc. as far as the timeslots, you will need to go to the controller of the T1 blade and make channel group 0 and add all 24 timeslots to the channel-group. Otherwise you will only have a fractional T1. channel-group 0 time-slots 1-24 the cablelength will only matter if you are a long way from the SmartJack (NIU) most of the time this is short ( 0-133 ft) Other than that, make sure your encapsulation is correct, HDLC, PPP etc. If it is still not coming up try debug serial interface and analyze the debug. It will tell you what the deal is hth, jim - Original Message - From: LIU, JEFF To: Sent: Monday, June 16, 2003 7:53 PM Subject: Port Adapter [7:70772] I have PA-MC-8T1 installed on 7206. What is supposedly correct configuration to support full t1 that is provided my ISP? The thing really gets me is the timeslot and cable-length parameters. Please advise. Thanx in advance! Jeff * This electronic message transmission contains information from the law firm of Dinsmore Shohl which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic transmission in error, please notify us by telephone (1-800-934-3477) or by electronic mail ([EMAIL PROTECTED]) immediately. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70777t=70772 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF Host Route [7:70439]
Colin, Can't remember if you got a reply. The classic case they are talking about is the Loopback address. Unless you have ip ospf network point-to-multipoint Loopback address are advertised as /32 routes. This might be tough to set up adjacencies with (since the neighbor won't be on the same segment) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colin Weiner Sent: Monday, June 09, 2003 10:58 PM To: [EMAIL PROTECTED] Subject: OSPF Host Route [7:70439] Ive been reading up on OSPF for the BSCI test and am confused as to what an OSPF Host Route is. RFC 2328 refers to OSPF host routes as Hosts attached directly to routers. Is host route a route to a host? Am I missing something? Colin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70638t=70439 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
eBGP Multi-hop [7:65823]
hello all, (Re-post...not sure if original msg made it our not) playing around again and have a question. eBGP multi-hop cannot come up if the peer is known through a default route. Is there a reason why? I mean, what is the point of a static route that causes a recursive lookup or a static route that simply points to the same next hop as a default route? For that matter, I can't see it being a matter of proximity either. If convergence time were not an issue, what is really wrong with having a 10 hop or even 50 hop BGP session? (I know it is unlikely and there are cetainly better ways to handle it (GRE or IPSec tunnel)) but for the sake of argument... Just curious, not able to find much on WHY it is like this... thanks, Jim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65823t=65823 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: eBGP Multi-hop [7:65823]
Thanks for the replies so far... Hmm, Well, actually becuase BGP uses TCP 179 is can traverse non-BGP speakers to a router that does speak BGP ( Just like TFTP'ing to another router) I put the config I was testing below. The config works, BGP runs everyone is happy when I have a specific route to the opposite side peer's Loopback address. ip route 172.16.10.1 255.255.255.255 192.168.33.2 but if I remove that and install ip route 0.0.0.0 0.0.0.0 192.168.33.2 then BGP breaks. I don't understand why. There is no IGP. Both routes point to exactly the same place. conf t router bgp 65500 no synchronization bgp log-neighbor-changes network 192.168.47.0 network 192.168.55.0 aggregate-address 192.168.0.0 255.255.0.0 neighbor 172.16.10.1 remote-as 6 neighbor 172.16.10.1 ebgp-multihop5 neighbor 172.16.10.1 update-source Loopback0 neighbor 172.16.10.1 version 4 neighbor 172.16.10.1 soft-reconfiguration inbound neighbor 172.16.10.1 password 7 140705191C117B3821 neighbor 172.16.10.1 filter-list 3 in neighbor 172.16.10.1 filter-list 4 out - Original Message - From: Carroll Kong To: Sent: Thursday, March 20, 2003 6:54 AM Subject: Re: eBGP Multi-hop [7:65823] I guess I am kind of just going to a quick stab. Do you have no synchronization under the BGP configuration? hello all, (Re-post...not sure if original msg made it our not) playing around again and have a question. eBGP multi-hop cannot come up if the peer is known through a default route. Is there a reason why? I mean, what is the point of a static route that causes a recursive lookup or a static route that simply points to the same next hop as a default route? For that matter, I can't see it being a matter of proximity either. If convergence time were not an issue, what is really wrong with having a 10 hop or even 50 hop BGP session? (I know it is unlikely and there are cetainly better ways to handle it (GRE or IPSec tunnel)) but for the sake of argument... Just curious, not able to find much on WHY it is like this... thanks, Jim -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65853t=65823 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: eBGP Multi-hop [7:65823]
Ah! ok, I guess I can make do with that. They just want you to be deliberate about the config. Ok, cool, THANKS! jim - Original Message - From: John Neiberger To: Sent: Thursday, March 20, 2003 8:10 AM Subject: Re: eBGP Multi-hop [7:65823] hello all, (Re-post...not sure if original msg made it our not) playing around again and have a question. eBGP multi-hop cannot come up if the peer is known through a default route. Is there a reason why? I mean, what is the point of a static route that causes a recursive lookup or a static route that simply points to the same next hop as a default route? For that matter, I can't see it being a matter of proximity either. If convergence time were not an issue, what is really wrong with having a 10 hop or even 50 hop BGP session? (I know it is unlikely and there are cetainly better ways to handle it (GRE or IPSec tunnel)) but for the sake of argument... Just curious, not able to find much on WHY it is like this... thanks, Jim Note: To avoid the accidental creation of loops through oscillating routes, the multihop session will not be established if the only route to the multihop peer's address is the default route (0.0.0.0). Taken from: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c /ipcprt2/1cdbgp.htm#27110 HTH, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65855t=65823 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Why did Cisco do this? Off Topic [7:65834]
Not yet. But with Broadcom now in charge of security technology, we can probably expect big changes in the PIX line or seeing the PIX move to the SOHO market and a new introduction of a Carrier Class firewall. (hopefully) - Original Message - From: Scott Roberts To: Sent: Thursday, March 20, 2003 11:13 AM Subject: Re: Why did Cisco do this? Off Topic [7:65834] why not? my boss came to me this morning prior to the announcement and thought they were going to say they were buying checkpoint! scott Elijah Savage wrote in message news:[EMAIL PROTECTED] Cisco buys Linksys. http://www.quicken.com/investments/news/story/?story=NewsStory/BW/20030320/a 5141_1048177983.varp=CSCO -- BSD is for people who love Unix - Linux is for people who hate Microsoft Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65877t=65834 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DS3 slow connection problem. [7:65491]
Mark, Scrambling will jumble the payload data so it does not accidentally set off an alarm. The routers just takes the bits in and if the bit pattern matches that of an alarm it will trigger the alarm when it could actually just be data that is passing. It won't hurt to have it on, but on looking closer I am not sure this will solve your trouble. I know that changing the timing scheme did yield empirical results but I would strongly encourage you to give it another try. It may require you to bounce the interface on both sides. Unless the timing is provided from the carrier, which again, is extremely unlikely, you are going to having timing slips. I also noticed you have the cable length very short. Can you include a sh run int s4/0 for the 7200. Can you run me through a physical setup? The cable goes to a DSX-3 panel? To a meet me room? Just wondering if the cable attenuation could be a problem as well. Of course, everything I have said could absolutely be obsoleted by the damn PA being bad, but it doesn't sound like it is bad. Thanks, Jim - Original Message - From: Mark Walmsley To: Sent: Sunday, March 16, 2003 5:16 AM Subject: RE: DS3 slow connection problem. [7:65491] Hi Again Everyone, Just to let you all know, this morning I changed the 7200 router serial interface clock to int and left the 7500 clock set to line, this actually made the connection worse, I got 5% packet loss as opposed to 1% packet loss when both router interfaces were set to line, I changed it back and it returned to 1% packet loss so then I changed the 7500 interface clock to int while the 7200 was set to line and this appeared to have little affect, still getting lots of input errors on the 7200 and 1% packet loss. I'm wondering now if we have a faulty ds3 card. I logged into the routers and did some ping tests, pinging the routers own serial interface I still get the 1% packet loss. I did this on both routers, I thought this might rule out the actual line because I'm not pinging across the ds3 connection please correct me if i'm wrong. Somebody asked if scrambling was on but I'm not sure what scrambling does or how to check if it's turned on or off so i'll look into that too. Thanks for everybody's help and I'm going to spend all day checking out what you've said and going through the troubleshooting stuff from cisco and i'll let you know how I get on. Anymore advice would be greatly appreciated. Mark Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65547t=65491 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DS3 slow connection problem. [7:65491]
Hey there, Do you have scrambling set to on? Also, make sure that one side is doing the clocking. Your provider sure isn't, so one of your guys will have to be clock source internal and the other clock source line. HTH, jim - Original Message - From: Mustafa Furat To: Sent: Saturday, March 15, 2003 8:54 AM Subject: RE: DS3 slow connection problem. [7:65491] That' right... But for me any reliability value less than 255/255 is a line problem.. check the cables and connectors.. Did you change them?... mustafa -Original Message- From: Spio Wagus [mailto:[EMAIL PROTECTED] Sent: Saturday, March 15, 2003 5:18 PM To: [EMAIL PROTECTED] Subject: RE: DS3 slow connection problem. [7:65491] clear the counters on both routers and find out the rate of new error accumulation. check the interface after say 5 mins and see if you get new more errors and we can take it from there. check the controllers for errors too. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mark Walmsley Sent: Saturday, March 15, 2003 6:21 AM To: [EMAIL PROTECTED] Subject: DS3 slow connection problem. [7:65491] Hi All, I need some help to troubleshoot a problem, I have a 7500 router with a ds3(45Mbps) connected to a 7200 ds3 (45Mbps). The line appears to be very slow and is showing input errors on the 7200 and 7500 serial interfaces. Here's some info below from the serial interfaces on both the 7200 and the 7500 showing the errors. If you need more info please tell me what you need to see and i'll post it. Thanks very much for your help. 7200. Serial4/0 is up, line protocol is up Hardware is M1T-T3 pa Description: -DS3- Internet address is ***.***.***.***/30 MTU 4470 bytes, BW 44210 Kbit, DLY 200 usec, reliability 254/255, txload 21/255, rxload 13/255 Encapsulation HDLC, crc 16, loopback not set Keepalive set (10 sec) Restart-Delay is 0 secs Last input 00:00:00, output 00:00:00, output hang never Last clearing of show interface counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 2028 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate 227 bits/sec, 1660 packets/sec 5 minute output rate 3721000 bits/sec, 1440 packets/sec 5130206 packets input, 675673959 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 parity 70621 input errors, 68181 CRC, 0 frame, 601 overrun, 0 ignored, 1839 abort 4675498 packets output, 1691575679 bytes, 0 underruns 0 output errors, 0 applique, 2 interface resets 0 output buffer failures, 0 output buffers swapped out 13 carrier transitions rxLOS inactive, rxLOF inactive, rxAIS inactive txAIS inactive, rxRAI inactive, txRAI inactive 7500 Serial0/0/0 is up, line protocol is up Hardware is cyBus PODS3 Serial Description: -DS3- Internet address is ***.***.***.***/30 MTU 4470 bytes, BW 44210 Kbit, DLY 200 usec, reliability 255/255, txload 8/255, rxload 19/255 Encapsulation HDLC, crc 16, loopback not set Keepalive set (10 sec) Last input 00:00:00, output 00:00:00, output hang never Last clearing of show interface counters never Queueing strategy: fifo Output queue 0/40, 215 drops; input queue 0/75, 0 drops 5 minute input rate 3357000 bits/sec, 1318 packets/sec 5 minute output rate 1502000 bits/sec, 1513 packets/sec 256936267 packets input, 174282583 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 7 giants, 0 throttles 0 parity 159026910 input errors, 159025003 CRC, 0 frame, 1640 overrun, 761 ignored, 267 abort 279300042 packets output, 2839210992 bytes, 0 underruns 0 output errors, 0 applique, 1 interface resets 0 output buffer failures, 0 output buffers swapped out 619 carrier transitions LC=up CA=down TM=down LB=down TA=down LA=down Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65512t=65491 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Load Balance unequal Loc_Pref ? [7:65350]
all, I am wondering if a particualar situation is possible... I have 4 upstream providers connected to 2 routers. Dark fiber OC-48 connecting the 2. I am wondering if it is possible to have customers who are connected to eaither ont of the routers to only have 1,2,3 or all 4 providers at their disposal. That is, I know I can set the Local Preference on the incoming feeds, but I am wondering if I can create different classes so that the the members of the difference classes load balance over different providers. e.g. Allowing m to use provider 1 2, allowing n use 1,2,3 , allowing o to use only 4 and 2 etc etc Any sugesstions on how to accomplish this? thanks, jim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65350t=65350 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Traceroute (kind of O/T) [7:64637]
hi, i am wondering if anyone knows how the route is able to provide the AS in a traceroute. I figure that it is querying it's own BGP table, kinda doinga mini-sh ip bgp x.x.x.x sort of deal. the reason I am asking, I am trying to write a traceroute program and would like to include AS info in it. My own traces from a linux or windoes box don't include this info... I considered getting zebra going and querying the server's BGP table but I am hoping there is a nifty UDP probe or ICMP message that will return that info. any suggestions? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64637t=64637 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Native VLAN question [7:64431]
I am kinda new to VLANs and need some advice. I have a router which I have broken an interface into FastEthernet subinterfaces. Each subinterface defines the VLAN. This has worked very well. But I am wondering if it is possible to make this port a trunk port and have other non-tagged traffic arrive on this port as well. Basically, I want to have tagged traffic and untagged traffic go to the same Ethernet port, route the untagged traffic and tag the VLAN traffic. I am not sure if I can have both types of frames on the same port I have posted my router's config below: I need to know how to allow other untagged traffic to be recieved on this port. thanks, jim interface FastEthernet0/1 description TRUNK_PORT no ip address no ip directed-broadcast no ip mroute-cache load-interval 30 duplex full ! interface FastEthernet0/1.25 description VLAN encapsulation dot1Q 25 ip address 192.168.64.101 255.255.255.252 no ip directed-broadcast ! interface FastEthernet0/1.26 description VLAN 26 encapsulation dot1Q 26 ip address 192.168.64.97 255.255.255.252 no ip directed-broadcast Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64431t=64431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Native VLAN question [7:64431]
Sam or Bill Ok, fair enough. But if I create an uplink to a router and specifically define VLANs e.g. 25, 26, 27 etc. I assume (yes, I realize the danger) that VLAN 1 will be included. However, I am concerned on how to create the router interface the switch is linking to. In the config I posted I created sub-interfaces and ties the VLANs to them and defined the subnet (albeit only /30's) that is in the VLAN. I am wondering how the VLAN 1 traffic will react to the interface. I would like to be able to route from the VLAN 1 interface on the 3550 to the router. I am not sure about the untagged comment. When the traffic leaves the 3550 on it's way to the router is there a VLAN ID of 1? I somehow doubt it. I believe the VLAN 1 is used in the switch itself. Perhaps I am wrong, but it seems to me with the scenario I am working that there would be traffic that has an explicit VLAN ID defined and other traffic that has no VLAN ID set (untagged) This is just what I assume and am not sure however. Is it the case that if the traffic leaves the switch on a trunk port it populates the VLAN ID with 1? Thank you for your response. I am still looking for answers/input as well. - Original Message - From: Bill To: Sent: Tuesday, March 04, 2003 8:19 PM Subject: Re: Native VLAN question [7:64431] Hey Jim Supposing you take a new switch out of the box and don't configure any vlan's etc, all the ports will still be using a vlan. That vlan is called vlan1 and all ports are on vlan1 by default. The devices on those ports wouldn't need any router to route traffic since they all belong to the same vlan and can talk directly. Hence, there is no such thing as untagged traffic. And yes, to answer your question-all the packets you talked about will route fine. I'll appreciate comments by experts on this list if I am talking correct. Sam Jim Devane wrote in message news:[EMAIL PROTECTED] I am kinda new to VLANs and need some advice. I have a router which I have broken an interface into FastEthernet subinterfaces. Each subinterface defines the VLAN. This has worked very well. But I am wondering if it is possible to make this port a trunk port and have other non-tagged traffic arrive on this port as well. Basically, I want to have tagged traffic and untagged traffic go to the same Ethernet port, route the untagged traffic and tag the VLAN traffic. I am not sure if I can have both types of frames on the same port I have posted my router's config below: I need to know how to allow other untagged traffic to be recieved on this port. thanks, jim interface FastEthernet0/1 description TRUNK_PORT no ip address no ip directed-broadcast no ip mroute-cache load-interval 30 duplex full ! interface FastEthernet0/1.25 description VLAN encapsulation dot1Q 25 ip address 192.168.64.101 255.255.255.252 no ip directed-broadcast ! interface FastEthernet0/1.26 description VLAN 26 encapsulation dot1Q 26 ip address 192.168.64.97 255.255.255.252 no ip directed-broadcast Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64441t=64431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
eBGP Multi-Hop [7:63920]
I am not sure how to overcome a potential problem. I have a BGP feed from an upstream provider that is a multi-hop. I am concerned that if that neighboring router goes down I will still be sending traffic out to him. The Interface will not go down since the circuit does not term on the BGP router but a colocated router. I do not want to have to wait 3 minutes for the BGP timer to expire. That will be 3 minutes of traffic passed to a dead router. Is there any other method (besides reducing the timer) to overcome this? thanks, jim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63920t=63920 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
QoS 3550 burst size [7:63324]
I am having trouble calculating some real world burst sizes for QoS. My goal is simply rate limit TCP as closely to 1.0 Mb as possible. I understand the sawtooth will make this difficult and the fact that packet sizes are ever changing, but I am basing my caluclation on 1500 byte Ethernet. the command specifically is: police 100 burst-size exceed-action drop It is this burst size that I am not sure how to calculate. Using Cisco's formula I tend to get very small numbers ( 250 bits etc...the default minimum is 8KB!) I have played around with a traffic generator and kind eyeballed that for 1.0 Mb of traffic a burst size of 125000 seems to work. Is this a reasonable number? What have other poeple used? Are there any guidelines to what this should be set to? Below is a config of what I have: switch# sh class Class Map match-all ANY (id 2) Match access-group 101 switch# sh access-li Extended IP access list 101 permit ip any any switch# sh poli Policy Map test3 class ANY police 100 125000 exceed-action drop switch# sh run int f0/1 Current configuration : 109 bytes ! interface FastEthernet0/18 switchport mode access no ip address service-policy input test3 end Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63324t=63324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
QoS on 3550 Aargh! [7:63164]
I am completely frustrated. I am trying to do something very simple but am having considerable trouble. I wish only to rate-limit ALL packets coming into a particular interface on a 3550 It does have EMI and Qos is anabled. This is the config that I have tried so far and the packets just blast right through... I know the burst is larger tahn the max speed, should not matter. Incidentally, I entered 500 000 for both values but the switch auto-changed the first value( I believe since it is in values of 8 Kbps) Any ideas? I have read the CCO doco on this over and over and I cannot see what I am missing. I suspect somethign in my class map is wrong, but I am not sure how to manipulate it... any help appreciated. pwps-esw01#sh class pwps-esw01#sh class-map Class Map match-all test2 (id 3) Match access-group 123 Class Map match-all test1 (id 2) Match any Class Map match-any class-default (id 0) Match any pwps-esw01#sh poli pwps-esw01#sh policy-map Policy Map int18 class test2 police 496000 50 exceed-action drop pwps-esw01#sh mls qos int f0/18 FastEthernet0/18 Attached policy-map for Ingress: int18 trust state: not trusted trust mode: not trusted COS override: dis default COS: 0 DSCP Mutation Map: Default DSCP Mutation Map trust device: none pwps-esw01#sh mls qos int f0/18 st FastEthernet0/18 Ingress dscp: incoming no_change classified policeddropped (in bytes) Others: 14938711 14938711 0 0 0 Egress dscp: incoming no_change classified policeddropped (in bytes) Others: 691426721 n/a n/a 0 0 pwps-esw01# Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63164t=63164 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: QoS on 3550 Aargh! [7:63164]
uh yup, but let me preface it with, I'M AN IDIOT! to spare myself further embarrassment I will repeat the age-old adage Check Layer 1 first I have it working now. The config posted was correct and functional just had to remember which port to put service-policy on!!! SmaatBits on 0/48 test machine on 0/18...well, putting the service-policy on 0/18 input does not help...needs to be on 0/48. Doh! Check layer 1, Check layer 1 - Original Message - From: The Long and Winding Road To: Sent: Monday, February 17, 2003 2:13 PM Subject: Re: QoS on 3550 Aargh! [7:63164] can you provide a sanitized config for the access-list in question and for the interface in question? -- TANSTAAFL there ain't no such thing as a free lunch Jim Devane wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am completely frustrated. I am trying to do something very simple but am having considerable trouble. I wish only to rate-limit ALL packets coming into a particular interface on a 3550 It does have EMI and Qos is anabled. This is the config that I have tried so far and the packets just blast right through... I know the burst is larger tahn the max speed, should not matter. Incidentally, I entered 500 000 for both values but the switch auto-changed the first value( I believe since it is in values of 8 Kbps) Any ideas? I have read the CCO doco on this over and over and I cannot see what I am missing. I suspect somethign in my class map is wrong, but I am not sure how to manipulate it... any help appreciated. pwps-esw01#sh class pwps-esw01#sh class-map Class Map match-all test2 (id 3) Match access-group 123 Class Map match-all test1 (id 2) Match any Class Map match-any class-default (id 0) Match any pwps-esw01#sh poli pwps-esw01#sh policy-map Policy Map int18 class test2 police 496000 50 exceed-action drop pwps-esw01#sh mls qos int f0/18 FastEthernet0/18 Attached policy-map for Ingress: int18 trust state: not trusted trust mode: not trusted COS override: dis default COS: 0 DSCP Mutation Map: Default DSCP Mutation Map trust device: none pwps-esw01#sh mls qos int f0/18 st FastEthernet0/18 Ingress dscp: incoming no_change classified policeddropped (in bytes) Others: 14938711 14938711 0 0 0 Egress dscp: incoming no_change classified policeddropped (in bytes) Others: 691426721 n/a n/a 0 0 pwps-esw01# Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63184t=63164 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP Question [7:62914]
Hi all, I am looking for some guidelines and I cannot find any relevant examples. I have a situation where I have SWIP'd a /24 of my address block to a customer downstream. They have their own AS and are multi-homed. My concern/question is: the /24 will originate from their AS and not mine. Is there any special concerns I will need to take into accoutn for BGP advertisements to my upstream providers? That is, I will peer with him and allow his AS to originate the router and allow ^$ from him, but I am concerned that this will mess up my advertisements of a /19. (the /24 I gave him is out of my larger. Can I no longer advertise that? Are my concerns founded at all? Any advice? thanks, Jim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62914t=62914 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Defautl VLAN woes [7:62152]
All, This will probably sound like a horrendous situation but unfortunately networks are not always master-planned communities! However, I have a Cisco router connected to a 2924 switch connected to a Riverstone 8600 There are 2 100FX connections coming from the GSR to the 2924 and 2 10/100 (Cu) connection from the 2924 to the 8600 (yes, a loop) The first connection is a routed connection with the GSR and the 8600 both having L3 addresses on their respective ports ( .1 and .2 /30) The second connection is a L2 tagged connection trunking VLANs 25 and 26. When I set the 2924 for switchport mode multi it will move the VLANS but raises hell since the MTU is off and there is packet loss. To fix that scenario I use siwtchport mode trunk to get the right MTU. But my problem is this..in trunk mode the defualt VLAN, VLAN 1 is automatically included. I have tried to remove it (switchport mode trunk allowed-vlans remove 1) but it does not remove. I can exclude the default VLAN on the riverstone, but wiht the Cisco transporting it the RS freaks out since it hears it's own MAC on two different ports. The RS had no problem when the Cisco was in multi mode since the default VLAN was not transported x.x.64.1/30 x.x.64.2/30 GSR 7/0 2924 -- et.2.2 RS8600 7/1 -- 25-- ---25- et.2.4 My question/problems: Does anyone know if it is possible to have a trunk on a 2924 and not include VLAN1 ? Is my only other alternate to make the routed connection connect to access ports on the 2924 and exclude that VLAN from the trunk on the tagged connection? Any ideas? Thanks for you time and in advance for any help, Jim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62152t=62152 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Specific BGP Question [7:58428]
All, First, thank you for all who replied! I appreciate the help. To summarize public and private responses, let me first point out there are likely several solutions to my problem. I am posting the one that I am most familiar with. nei Client_AS remote-as 18687 nei Client_AS version 4 nei Client_AS soft-reconfiguration inbound nei Client_AS password 7 $$ nei Client_AS filter-list 4 in nei Client_AS filter-list 4 out nei Client_AS advertise-map MAP1 non-exist-map MAP2 route-map MAP1 permit 10 match as-path 5 route-map MAP2 permit 20 match as-path 6 ip as-path access-list 4 permit ^$ ip as-path access-list 5 permit ^16631_ ip as-path access-list 6 permit ^701_ To answer the questions I had posted... A filter list command will take precedence over an advertise list. In this case the filter-list would have made a permit every time (.*) and never applied the advertise-map. I changed the filter-list out command to be my own AS. This will force the application of the advertise-map for other As-paths that are not originated by me. The route map can (of course) use as-paths instead of prefix's. Thank you Fabrice for the help on the correct regexp's! There may be more then one way to skin this cat but this falss closely to what I understand and it will work. thanks again, Jim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58535t=58428 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Serial Ports [7:58525]
Susan, My company gave me a field lap-top without any serial ports. ( Thanks) I bought a Belkin USB to Serial converter Model F5U109 for about $40.00 It works pretty well. thanks, jim - Original Message - From: nilesh bothra To: Sent: Tuesday, December 03, 2002 9:40 PM Subject: Serial Ports [7:58525] I have 4 serial ports on my home pc which are connected to 4 router console ports through windows hyperterminal software. I dont have any slots left either to install additional serial cards. Is there any way I can use the USB ports to connect to the console ports (In that case how will hyperterminal software report that port as e.g. com1, com3...) Thanks Susan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58530t=58525 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Serial Ports [7:58525]
Susan, I got a company laptop w/o any serial ports, what a bummer. I bought a Belkin USB to Serial converter Model F5U109 for about $40 and it works pretty well. thanks, Jim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58531t=58525 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Specific BGP Question [7:58428]
Hello all, Long time lurker, first time poster. I have a router that is multi-homed between 16631 and 701. I have a new client who is buying transit from us. They are multi-homed to us and 1239. A business decision was made to policy route their traffic out 16631. As a result I will only publish 16631 routes to them. However, if 16631 goes away, I want to be able to push the 701 routes to them. Injecting a default wouldn't be very effective here since 1239 will most likely have a more specific route! So Conditional Adv to the rescue. However..I have a few questions I am unsure about and I don't have a lab to try it out on. In this config: router bgp nei New_Client remote-as Client_AS nei New_Client filter-list 4 in nei New_Client filter-list 3 out ip as path access-list 3 permit .* ip as-path access-list 4 permit ^Client_AS$ so far so good I want to add this... nei New_Client advertise-map MAP1 non-exist-map MAP2 route-map MAP1 permit 10 match as-path 5 route-map MAP2 permit 10 match as-path 6 ip as-path access-list 5 ^$ _16631_ ip as-path access-list 6 ^$ _701_ SO NOW THE QUESTIONS!!! 1) What is the order of operation for the advertisement out? Will the Filter-list showing all routes cancel any effect of the route-map? 2) Are the MAP1 and MAP2 route maps valid in this config because they use as-path? The config's I could find as example were based on Prefix. I made up the part about using the as-path, but it seems logical (boy, I wish I had a couple extra routers!) 3) Is there a better way to go about this! Thanks in advance. And thanks to everybody who posts. I have taken away a lot from this mailing-list! Jim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58428t=58428 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]