HSRP or switch issue? [7:63768]
I'm currently experiencing an oddity with multicast traffic like HSRP that I'm looking for some ideas on. For simplicity the network design consists of 2 Cisco 3640 routers running HSRP between them connected to a single Extreme [Black Diamond] switch. Basically... extreme switch | | | | rtr1rtr2 Normally everything works just fine, but periodically -- in time, not quantity -- HSRP indicates via the %HSRP-4-DUPADDR message that I have a duplicate [IP] address. (The quantity of the messages indicating the duplicate IP address ranges from half dozen to nearly a hundred. The time between messages closely matches the HSRP HELLO interval.) When I receive these messages, on the active HSRP router for instance, they indicate the duplicate address as being the physical interface IP address of the active HSRP router with the source MAC address as the virtual MAC [address] of the active HSRP router. Receipt of these %HSRP-4-DUPADDR messages indicating the duplicate as itself suggests an issue with multicast -- a loop of sorts whereby the switch copies the multicast announcement [back] to the same switch port it originated. Keep in mind that there are no interface or HSRP state changes so the messages probably aren't coming from the standby HSRP router. (Especially since the indicated duplicate IP address is that of the physical interface on the active HSRP router, not the virtual IP.) I did some poking around on Extreme's web site and they indicate an issue with HSRP in an earlier version of code, but that is/was fixed in the version being used. Have anybody run into this before? Ideas regarding cause? I don't have access to the switch since it belongs to the customer. ., Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63768t=63768 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Juniper CERTS and Olive [7:4957]
Adam, Earlier this year I asked Juniper directly whether they had plans to make the olive software readily available. Below is the response I received: No, we are not. The olive software load was originally intended for testing the software before we had the hardware up and running. It was then, upon rare occasions, used for training purposes. However, it has never been supported, and never been licensed for use. It doesn't work well, we no longer use it internally (since now we have M5s and M10s in the routing protocols lab). Please do not distribute it, please do not install it, if you have it, please wipe it. jas At 05:19 PM 5/18/01 -0400, Adam Hickey wrote: So, I've heard so much about it, how do I go about getting my hands on this Olive? Is this something like having to have a service contract first? Adam Hickey [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=5079t=4957 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: wireless to desktop [7:3788]
Bob, I have done complete hotels before using non-Cisco product. I don't know your environment or the bandwidth requirements of your users, but I'm not sure you'll find the bandwidth suitable for Enterprise users. Keep in mind that the amount of bandwidth delivered is not only affected by number of users sharing the AP but also your signal strength (SNR). In my experience wireless work well in an augmentation role within the Enterprise, not as the one and only access method. I would seriously consider setting up a pilot within your organization with a couple dozen users before outfitting an entire building. If you do proceed the first thing I would recommend is that you have an experienced company (with RF engineers) perform a RF site survey. (Request that they use a variety of antennas to see which performs the best in your environment at overcoming propagation obstacles.) This will provide you with a good understanding of the RF environment you face and thus enable you to plan your cells. The other consideration is whether the point-to-point distance [between AP and client] should be considered as the cell radius or as the cell diameter. If the traffic is client/server then consider the point-to-point distance the cell radius. If there is any peer-to-peer traffic between wireless clients then consider the point-to-point distance the cell diameter. jas At 09:10 AM 5/9/01 -0400, Sites, Bob wrote: Has anyone completely setup an entire bldg, multiple floors, with the Aironet wireless to desktop? Was wondering what your opinions were of it. I have a brand new 5 story bldg coming into my network and was considering wireless rather that wasting all the money on wiring, fiber and closets. How does the wireless compare to the conventional methods in $$$. Bob Sites, CCNA System Engineer Valley Health System, IS Dept. Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipients and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3828t=3788 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Disable telnet port (Cisco Trivia) [7:3287]
You can use the Maintenance Operations Protocol (MOP) of DECnet to connect to the router. All this requires is the physical address of the router. (You can use node names if you have configured a hardware address for the node in your NCP database.) jas At 01:51 AM 5/5/01 -0400, Brian Dennis wrote: Anyone know how to get to a Cisco router remotely that doesn't have an IP address configured on it? Going in through a console, aux or async line doesn't count. Brian Dennis, CCIE #2210 (RS)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] 925) 260-2724 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of EA Louie Sent: Friday, May 04, 2001 9:00 PM To: [EMAIL PROTECTED] Subject: Re: Disable telnet port [7:3237] If you have the right version of IOS, you can transport input ssh and to answer Chuck's questions, there is a way to disable telnet and everything else, transport input none - Original Message - From: Jacques Atlas To: Sent: Friday, May 04, 2001 3:12 PM Subject: RE: Disable telnet port [7:3237] On Fri, 4 May 2001, Chuck Larrieu wrote: |By telnet port do you mean TCP port 23. Or do you mean the VTY's |themselves? | |If the latter, the most effective way is to require a login but set no |password. |Eg | |Line vty 0 4 |Login anyone know if you can _disable_ telnet to a cisco and only ssh ? something like no service telnet would be great -- jacques FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3312t=3287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Disable telnet port [7:3237]
Understood. But why attempt to stop the telnet daemon if not to prevent telnet to/from the router? Setting the transport to none for input and output is a very effective way of accomplishing this task. jas At 12:28 PM 5/5/01 -0400, Brian Dennis wrote: His intent was to stop the telnet daemon as he put it. You can not actually stop the telnet process on a router. Access-class and transport input none just stop access to the lines that it is applied to. It doesn't actually stop telnet as a process on the router. Brian Dennis, CCIE #2210 (RS)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 -Original Message- From: John Starta [mailto:[EMAIL PROTECTED]] Sent: Saturday, May 05, 2001 8:58 AM To: Brian Dennis Cc: [EMAIL PROTECTED] Subject: RE: Disable telnet port [7:3237] If the intent is to prevent connections TO the router via telnet adding transport input none to the vty's will accomplish this. To prevent telnet connections FROM the router add transport output none to the vty's. Add both and you have effectively disabled telnet on the router. weezer#192.168.0.30 % Unknown command or computer name, or unable to find computer address weezer#telnet 192.168.0.30 % telnet connections not permitted from this terminal jas At 01:15 AM 5/5/01 -0400, Brian Dennis wrote: John, He was asking to disable the telnet process. This just disables port 23 for the vty lines like an access-class does. There is not way to disable the process itself. Brian Dennis, CCIE #2210 (RS)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of john mcguinn Sent: Friday, May 04, 2001 7:22 PM To: [EMAIL PROTECTED] Subject: Re: Disable telnet port [7:3237] config t line vty 0 4 transport input none You have successfully disabled telnet port. Jack - Original Message - From: Brian Dennis To: Sent: Friday, May 04, 2001 7:21 PM Subject: RE: Disable telnet port [7:3237] If you put an access-class in on the vty lines that disables everything like Chuck recommended no one will be able to telnet in. Also a port scan will not show anything on port 23. So telnet would appear to be disabled. There just isn't a way to actually turn off the telnet process on a Cisco router. If you really want to stop the telnet process you could power off the router but this would stop all the processes 8-) Brian Dennis, CCIE #2210 (RS)(ISP/Dial) CCSI #98640 5G Networks, Inc. [EMAIL PROTECTED] (925) 260-2724 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jacques Atlas Sent: Friday, May 04, 2001 4:09 PM To: [EMAIL PROTECTED] Subject: RE: Disable telnet port [7:3237] On Fri, 4 May 2001, Chuck Larrieu wrote: |There is no option no service telnet on the IOS I have available to me. :-) that was just an example of something that would be nice. |Your choice would then become an access-list denying telnet to appropriate |router interfaces. You can also apply access lists to the vty ports to limit |who can telnet in. nope, can't delete the vty lines either. acl's for all interfaces is way to complex. telnet is not an option. if you can stop the telnet daemon on a unix box you should be able to do it on a cisco device, if it support another form of transport. owell -- jacques FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3319t=3237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Disable telnet port [7:3237]
How about configuring the vty's for transport input none. It doesn't disable telnet perse, but it results in the router refusing connections to it. (Out-of-band access recommended before applying; you will NOT be able to telnet/rlogin to the router after applying.) line vty 0 4 transport input none jas At 03:41 PM 5/4/01 -0400, Victor Chan wrote: How do you disable telnet port on the cisco router 2524 and 2610? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3258t=3237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Disable telnet port [7:3237]
An addendum to my message below: A port scan of the router after the vty's are configured for transport input none will show nothing on port 23 (telnet) or port 221 (rlogin). Thus telnet and rlogin would appear to be disabled. jas At 05:34 PM 5/4/01 -0700, John Starta wrote: How about configuring the vty's for transport input none. It doesn't disable telnet perse, but it results in the router refusing connections to it. (Out-of-band access recommended before applying; you will NOT be able to telnet/rlogin to the router after applying.) line vty 0 4 transport input none jas At 03:41 PM 5/4/01 -0400, Victor Chan wrote: How do you disable telnet port on the cisco router 2524 and 2610? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3260t=3237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BCRAN exam [7:2890]
Jason, Why do you perceive the 700 series as not being worth your time? Do you believe that you'll never run into it in the field? Would it surprise you to learn that several well known Enterprises have very large installed bases of the 700 series? Given your presence on this mailing list I would have assumed that you were about learning and acquiring knowledge. This means knowing how to configure and troubleshoot older protocols such as AppleTalk, DECNET, IPX and routers such as the 700. Despite claims to the contrary there are still a large number of networks that aren't entirely IP or running IOS-driven hardware. jas At 04:18 PM 5/2/01 -0400, Jason Roysdon wrote: It's not worth your time. If you know the other areas, 1-3 questions on it won't hurt you (if that, I've heard rumors of 0 questions). When is Cisco going to EOL those piece of junks? Sure, sure, they're great cheap desktop routers (ip ipx), but the 800 line isn't that much more. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ [EMAIL PROTECTED], Michael (CAP, AFS, Contractor) wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... If this has been asked already forgive me but how much of the Series 700 is covered on the BCRAN examI'm guessing not that much... thanks in advance, Mike Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3083t=2890 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Juniper Core Routers
http://www.juniper.net/products/ is a good starting point. jas At 03:13 PM 1/31/01 +, RLohiya wrote: Hi Guys, slightly off topic, I need information on Juniper Core Routers. Any web links would be appreciated. Thanx Rashid _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Looking for site to Lucent QIP subnet calculator
Anthony, You can find the QIP subnet calculator at the following URL: http://www.quadritek.com/qip/spectra/invoke.cfm?id=C8B80835%2DC428%2D4030%2DB6A9CEAD2921543FMethod=DisplayDetails jas At 05:53 PM 1/19/01 +, Anthony Iyoha wrote: Please, if you have info about the site where I can download Lucent qip subnet calculator,I will appreciate it very much.I know it was posted to the group sometimes last year but lost the address to the site. Will really appreciate any info to the sitethanks in advance. anthony iyoha _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access Lists on a Cisco 7200
Scott, The following example will block the full suite of NetBios inbound to you (presumably 195.50.79.0/24). This is not a complete ACL -- it will be necessary to either specifically allow the traffic you desire inbound, or add another line to the bottom (currently commented out) permitting everything else. access-list 101 deny udp any 195.50.79.0 0.0.0.255 eq netbios-dgm access-list 101 deny udp any 195.50.79.0 0.0.0.255 eq netbios-ns access-list 101 deny udp any 195.50.79.0 0.0.0.255 eq netbios-ss access-list 101 deny tcp any 195.50.79.0 0.0.0.255 eq 137 access-list 101 deny tcp any 195.50.79.0 0.0.0.255 eq 138 access-list 101 deny tcp any 195.50.79.0 0.0.0.255 eq 139 ! access-list 101 permit ip any any jas At 07:35 PM 1/17/01 +, Scott S. wrote: Our WatchGuard FireBox seems to be getting overloaded by the number of NetBios packets it is denying. We are thinking that it might be a good idea of blocking these at our router instead. It is a Cisco 7200 with a pretty light load. Does this sound like a sensible idea? If so I was thinking the following rule would be appropriate: access-list 101 deny any 195.50.79.0 eq 137 Is this correct, or am I way off? Thanks in advance for any replies. Sincerely, Scott _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPX SAP access-list
SAP type 640 is Gateway Services for NetWare (GSNW) on Windows NT/2K workstations/servers. The filter below denies SAP type 640 from being listen to and/or advertised -- depending on how the filter is applied (inbound vs. outbound) -- by the router. jas At 08:51 PM 11/24/00 +, mindiani mindiani wrote: What is this IPX SAP access-list mean ? access-list 1001 deny 640 access-list 1001 permit I fund this in a book and I could not find the service type 640. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DLCI Numbering Scheme
Currently re-building a large frame relay network. Existing DLCI's are all over the board with absolutely no rhyme or reason. Does anybody have a good DLCI numbering scheme that they would recommend? jas ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]