Re: How to restrict hubs in a LAN [7:54937]
Well, when I wrote the orginal post I knew I will have these questions. Basically the first layer of support or help desk if you will have more PCs then the drops in their cubes. This is an old building not meant for an IS staff so there is some frustration on their part. I am not going to question if there is a legit need for folks to have 5 PCs when there is infact a seperate staging area to set up and test pcs for users. Any ways they know enough to be dangerous and there is no standard on hubs and I have seen where folks have created loops. Now with Windows XP I have seen some configs where 2 nics have been bridged via software I am not sure with what intent. Although it's been made clear many times not to use hubs but this is never enforced and I did not want to spend my time daily trying to hunt down the lawless. So that's when I thought if I could config the switch this will discourage the hub usage or bridging within pcs. I hope that answers most of the questions here. ""David j"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > See inline.. > Chuck's Long Road wrote: > > > > as much of a rulemeister as I am, I still have to look at this > > from the user > > standpoint. Why are users throwing their own hubs onto the > > network? Is there > > a business case to be made? Is facilities too slow getting > > requested cable > > pulls done? > > > > what is the concern with a user plugging a hub in at the desk > > and then > > connected a couple of extra PC's? if the problem is one of dual > > homing by > > accident or otherwise, I can see the issue with spanning tree > > recalculations. But in a single home situation, what do you > > see as the > > issues? > > > > I see one issue: collisions, if you have a switched network you don't want > to deal with collisions that hubs normally produce. I have to recognize, > though, that hubs sometimes are very convenient and I'm the first on using > them. > > > when you say that "politically, it's a mess" what does that > > mean? high > > powered sales people throwing their weight around? management > > does not > > respect your input or concerns? something bad is happening, and > > it's rolling > > downhill? > > > In some environments it's politically unacceptable, I know some hospitals in > which you have to fill in a lot papers before being allowed to use a PC, so > in that environments this could perfectly be part of the policy. > > > I'm not questioning the wisdom or the necessity for doing what > > others have > > suggested. I'm just wondering why it is necessary for the > > network manager / > > network staff to unilaterally cut off user access. > > > > > > > > > > ""John Zaggat"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Thanks guys that's pretty good information, but do you think > > in your > > opinion > > > is that good approach to deal with this problem. Do you see > > any caveats > > and > > > are there any other ways this can be dealt with. > > > ""Kevin Wigle"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > take a look into Port Security. > > > > > > > > > > > > > > http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration > > > > _guide_chapter09186a008007f2dd.html > > > > > > > > In the event of a security violation, you can configure the > > port to go > > > into > > > > shutdown mode or restrictive mode. The shutdown mode option > > allows you > > to > > > > specify whether the port is permanently disabled or > > disabled for only a > > > > specified time. The default is for the port to shut down > > permanently. > > The > > > > restrictive mode allows you to configure the port to remain > > enabled > > during > > > a > > > > security violation and drop only packets that are coming in > > from > > insecure > > > > hosts. > > > > > > > > Kevin Wigle > > > > > > > > > > > > - Original Message - > > > > From: "John Zaggat" > > > > To: > > > > Sent: Saturday, October 05, 2002 5:01 PM > > > > Subject: How to restrict hubs in a LAN [7:54937] > > > > > > > > > > > > > I am just trying to think of how to restrict Hubs from > > being used in > > the > > > > > LAN. Politically it's a mess and despite a lot of > > discussions certain > > > > people > > > > > are able to add hubs at will where ever they want. So I > > was trying to > > > > think > > > > > of a way to stop that within the switch. Now normally > > these ports that > > > the > > > > > hubs are connected to show several mac addresses when I > > do "show cam" > > > > which > > > > > gives me an idea is there any way to restrict host ports > > to only > > accept > > > > one > > > > > mac-address. I don't want to hardcode the mac-address > > because that > > would > > > > be > > > > > too much a administrative burden. But if I could restrict > > the port to > > > > accept > > > > > just one mac-address then that will make these hubs > > useless. Well > > > anyways > > > > > let me know if I a
Re: Confused about MTU size [7:54689]
Thanks Priscilla, I definitely don't mind even if it was criticisim especially coming from some one of your caliber. Thank you for the pointers and I will do some more deligant troubleshooting. And yes Mike it is outlook that refuses to work properly. There is no problem browsing, home user is able to copy files of all sizes with out any problems. We can ping the email server from the user's workstation heck I am even pc-anwhered into his machine. But as soon we start outlook it just hangs. I will further investigate the router's config although it's using a template that's working elsewhere under different service provider without a hitch. ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I agree that it doesn't sound like an MTU problem. There are often problems > with MTU when DSL, VPNs, tunnels, etc. are used, so people might jump to > that conclusion. But e-mail messages are often very short and would easily > fit into most MTUs even after overhead. To test whether it's an MTU problem, > try some oversized pings. > > The MTU issue occurs when a full-sized packet arrives at an interface that > needs to squeeze it into an MTU along with the overhead. The interface could > fragment, but maybe the application or transport layer set the Don't > Fragment bit. Quite a few applications do that as part of their MTU > discovery process. The problem is made worse if there's an access list that > is blocking the ICMP "Fragmentation required but DF bit set" message. > > Here's a Cisco article on MTU: > > http://www.cisco.com/warp/public/105/56.html > > This isn't a criticism of the original poster, who was already doubting the > people who told him it was an MTU problem, but it does give me a chance to > get on my soapbox about troubleshooting methods. A lot of people > troubleshoot using the technique we learned in grade school to match items > from Column A with items from Column B. ;-) Column A has network types and > Column B has most common problem for network type. It's important to know > about common problems, but it's just as important to gather data, research > symptoms, and use logic and reasoning. > > Cisco's troubleshooting method really does work: > > 1. Define the problem. > 2. Gather facts. > 3. Consider possibilities. > 4. Create an action plan. > 5. Implement the action plan. > 6. Observe the results. > 7. Do problem symptoms stop? > > If no, go back to 4 or possibly to 2. > If yes, problem resolved, document the results. > > OK, off my soapbox now! :-) > > ___ > > Priscilla Oppenheimer > www.troubleshootingnetworks.com > www.priscilla.com > > [EMAIL PROTECTED] wrote: > > > > I found email to be a touchy thing... Especially when dealing > > with M$ > > 0utlook. Are you sure it's the MTU size that's the problem > > with email. > > > > I know in our situation, I had to add the mail server name & IP > > to the host > > file of the remote pc. Some times we experience some latency, > > but for the > > most part it's only been about half a minute. > > > > Cheers, > > mkj > > > > -Original Message- > > From: JohnZ [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, October 01, 2002 8:55 PM > > To: [EMAIL PROTECTED] > > Subject: Confused about MTU size [7:54689] > > > > > > Can some one explain clearly how does MTU size affect windows > > applications > > where these applications won't work over a network link. I have > > a certain > > home user that can establish a vpn tunnel through a DSL to > > corporate network > > and all applications will work except for email. The only > > difference is a > > cisco router in between the homeuser and corporate network. > > Without this > > cisco router (with homeuser directly attached to DSL modem) > > there are no > > problems. Some one mentioned MTU could be the problem, but if > > the frames are > > larger then MTU don't they get fragmented and re-assembled at > > the other end. > > How could MTU size fail single application while everything > > else works fine. > > Thanks for any help. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54759&t=54689 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: InterVLAN routing [7:54583]
Larry, Do you route between the voice and data vlans or is your voice vlan an island. Also for your voice what are you using as a DHCP server, is it a cisco device or is it Windows server. thx ""Larry Letterman"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > At cisco we run eigrp on the 6509/msfc, setup vlan interfaces and route > between > them. The telephone subnets are just more vlan interfaces that pass dhcp > data to the > phones , just like the data networks. > > Larry Letterman > Cisco Systems, IT-LAN > > JohnZ wrote: > > >Just thinking what are the best practices to route between vlans. We have 6 > >vlans at work, the main reason for multiple vlans is to minimize the impact > >of Broadcasts. We are running eigrp on the RSM/cat5500. Is this how most > >people configure it out there ? Also we are planning to add a seperate vlan > >for Voice and I wonder how would that be impacted with EIGRP running on the > >RSM. Thanks for any insights or suggestions. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54685&t=54583 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Confused about MTU size [7:54689]
Can some one explain clearly how does MTU size affect windows applications where these applications won't work over a network link. I have a certain home user that can establish a vpn tunnel through a DSL to corporate network and all applications will work except for email. The only difference is a cisco router in between the homeuser and corporate network. Without this cisco router (with homeuser directly attached to DSL modem) there are no problems. Some one mentioned MTU could be the problem, but if the frames are larger then MTU don't they get fragmented and re-assembled at the other end. How could MTU size fail single application while everything else works fine. Thanks for any help. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54689&t=54689 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
InterVLAN routing [7:54583]
Just thinking what are the best practices to route between vlans. We have 6 vlans at work, the main reason for multiple vlans is to minimize the impact of Broadcasts. We are running eigrp on the RSM/cat5500. Is this how most people configure it out there ? Also we are planning to add a seperate vlan for Voice and I wonder how would that be impacted with EIGRP running on the RSM. Thanks for any insights or suggestions. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54583&t=54583 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: SuperNetting [7:54403]
Thanks again guys, I think I should have put all the subnets 191.72.1.0 thru 191.72.31.0 to be summarized to 191.72.0.0/19. If I am wrong let me know. ""Vicuna, Mark"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > >> 191.72.223.0 /24 (223 = 0001) > > well yes just a typo :-) > > > and it is true in chuck's addendum. however it might give the > impression to the orignal poster that this is "ok" to do all the time > ;-) > > > Mark. > >-Original Message- > >From: B.J. Wilson [mailto:[EMAIL PROTECTED]] > >Sent: Saturday, 28 September 2002 21:53 > >To: [EMAIL PROTECTED] > >Subject: Re: SuperNetting [7:54403] > > > > > >> 191.72.223.0 /24 (223 = 0001) > > > >Whoa! 223 does not equal 0001. 223 equals 1101. > > > >JohnZ was correct in his original post, that his list of subnets can be > >summarized 191.72.0.0/19, and Chuck's addendum (that he'll also be > >summarizing additional subnets other than the ones he > >mentioned) is also > >true. > > > >BJ > >Report misconduct > >and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54452&t=54403 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: SuperNetting [7:54403]
Thanks guys, this answers my question. Chuck I heard you are writing an article on CertZone about 3550. Is that correct if so I look forward to reading it. it's very timely. ""Chuck's Long Road"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > -- > > www.chuckslongroad.info > like my web site? > take the survey! > > > > ""JohnZ"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Can someone correct if I am wrong here > > 191.72.1.0 > > x.x.0001.0 > > > 191.72.2.0 > > x.x.0010.0 > > > 191.72.4.0 > > x.x.0100.0 > > > 191.72.12.0 > > x.x.1100.0 > > > 191.72.21.0 > > x.x.00010101.0 > > > > > > Am I correct in supernetting this to 191.72.0.0 /19 > > 255.255.1110.0 > > first three leftmost bits in the third octet are the only ones common to all > the subnets you mention > > yes, you have supernetted the subnets in question, plus a few more you > didn't mention Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54408&t=54403 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
SuperNetting [7:54403]
Can someone correct if I am wrong here 191.72.1.0 191.72.2.0 191.72.4.0 191.72.12.0 191.72.21.0 Am I correct in supernetting this to 191.72.0.0 /19 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54403&t=54403 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Prefix-list question [7:53806]
Thanks Chuck, as always appreciate your help. ""Chuck's Long Road"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > ""JohnZ"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi group, > > Can some one explain the difference between to two prefix lists below: > > > > ip prefix-list r4supernet seq 5 permit 192.100.0.0/18 > > CL: permits the single subnet 192.100.0.0 255.255.192.0 > > > > > and > > > > ip prefix-list r4supernet seq 5 permit 192.100.0.0/18 le 32 > > > CL: permits any and all subnets of 192.100.0.0 255.255.192.0, with a prefix > length of 32 or less. This means the host address / host route of > 192.100.0.1 255.255.255.255, or a subnet 192.100.224.0 255.255.224.0 ( /19 ) > for example. I suppose a clearer way to express this might be that it > permits any subnet with a prefix length from /18 through /32, including a > /19, a /24, or a /28 as an example. > > > > > > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53833&t=53806 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Prefix-list question [7:53806]
Hi group, Can some one explain the difference between to two prefix lists below: ip prefix-list r4supernet seq 5 permit 192.100.0.0/18 and ip prefix-list r4supernet seq 5 permit 192.100.0.0/18 le 32 Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53806&t=53806 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic - Quietest Cisco Switch [7:53800]
Cisco 1548microswitch, it does not have any fans. Comes with 12 ports (10/100) ""Adam Frederick"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Here's an idea. Unplug it when it's not in use. Copy run start is there > for a reason. > > Thinking outside of the "box." > > Adam > - Original Message - > From: "Charlie Wehner" > To: > Sent: Saturday, September 21, 2002 8:42 AM > Subject: Off Topic - Quietest Cisco Switch [7:53800] > > > > I'm looking to buy a switch for my apartment. (Right now, the 2950T > 24port > > 10/100/1000Base-T looks promising.) > > > > However, the amount of noise this thing produces is a concern. I want to > > put it in my living room (Actually, it's the only room... I live in a > > studio.) so I can't have this thing cranking away while I'm trying to > watch > > a movie, have a date over (Ya, it does happen sometimes... it's a > miracle.) > > or when I'm trying to go to sleep. Does anyone know which switches are > the > > quietest? I would like it to support the enhanced image. Anyone else run > > into this problem? > > > > Thanks, > > Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53807&t=53800 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Prefix-list VS Access-list [7:53582]
Thanks Ian, I appreciate your answer and your help. Cheers, JZ ""Ian Henderson"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > On Thu, 19 Sep 2002, JohnZ wrote: > > > Can I use access-list to produce the same effect as prefix-list ? Any > > thoughts on which is a better way to use in redistribution over other. I am > > just trying to find which one I should stick with. > > Thanks > > > ip prefix-list test seq 5 deny 199.172.4.0/24 > > ip prefix-list test seq 10 deny 199.172.6.0/24 > > ip prefix-list test seq 15 deny 199.172.8.0/24 > > ip prefix-list test 20 permit 0.0.0.0/0 le 32 > > Prefix lists can permit annoucements in a range of netmasks. For example, > the following prefix-list entry will permit announcements of > 192.168.1.0/24, or any prefix within that. > > ip prefix-list example seq 5 permit 192.168.1.0/24 le 32 > > I don't believe there's a way to do that using access-lists. > > The other major advantage is you can pull entries out of a sequence, and > insert them without re-writing the entire prefix-list again. For example, > 'no ip prefix-list example seq 10' will remove only sequence 10, rather > than the entire prefix list. > > These two features however need to ba taken with a grain of salt. Firstly > you may want explicit routing control rather than a blanket cover, and > secondly configurations like this are usually built out of databases so > you're not going to be manually inserting entries. > > Rgds, > > > > > - I. > > -- > Ian Henderson CCNA, CCNP > Senior Network Engineer, Chime Communications Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53593&t=53582 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Prefix-list VS Access-list [7:53582]
Can I use access-list to produce the same effect as prefix-list ? Any thoughts on which is a better way to use in redistribution over other. I am just trying to find which one I should stick with. Thanks router rip redistribute ospf 1 network 135.11.0.0 default-metric 5 distribute-list prefix test out ospf 1 ip prefix-list test seq 5 deny 199.172.4.0/24 ip prefix-list test seq 10 deny 199.172.6.0/24 ip prefix-list test seq 15 deny 199.172.8.0/24 ip prefix-list test 20 permit 0.0.0.0/0 le 32 or router rip redistribute ospf 1 network 135.11.0.0 default-metric 5 distribute-list 10 out ospf 1 access-list 10 deny 199.172.4.0/24 access-list 10 deny 199.172.6.0/24 access-list 10 deny 199.172.8.0/24 access-list 10 permit any Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53582&t=53582 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX Access-list host to host [7:53515]
Hi, Can some one tell me if it's possible to give full access host to host without specifing a port. Basically what I would like to do is open up temporarily complete access between a host on the outside and one on the inside. I have searched the CCO and havn't found any thing that tells me it's possible. Thanks, Shawn Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53515&t=53515 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How to clear access-list counters [7:53234]
Is there a way to reset access-list counters that appear when I do the following command: "sh ip access-lists" Thx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53234&t=53234 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Time based QOS policing [7:52310]
Is there a way to do QOS policing based on time. For example limit http traffic to 50% of the bandwidth 9am to 5pm only. Does any one have any useful configs or links, Thanks for the help Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52310&t=52310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Eigrp Summarizing [7:49730]
I have a 3640 as hub and 20 1604s as spokes. Eigrp is the routing protocol in use. Internet access is through the 3640. How can summrize in Eigrp so all the spokes have a single route to the Hub router. Thanks, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49730&t=49730 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Networkers Power Slides [7:47900]
Does any one have the link to the Power Slides from San Diego Networkers 02. Are these even available yet. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47900&t=47900 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ccie real-time questions [7:47436]
Jerry, Looks like Cisco will be answering your questions directly. By the way if you don't know answers to these questions you need to hit the books way hard. Instant answers will not help you if you ever wanna have a chance to pass the LAB. That's the reason why you are trying to pass the written isn't it. Do it the right way from the start and there will be less pain in the end. Just my opinion. ""Jerry Yu"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I just failed the 305-001, but I remember the following tricky questions. > pls. offer your opinion or answers to them. > > > thanks. > > jyu > > > 1) > A network administrator is using debug commands to check the performance of > a network. What steps can the administrator take to ensure that the "debug" > will not require too much CPU, or at least that she will not have to reboot > the router to disable debug? > (mulitple answer) > A. Make the debug command as specific as possible > B. Use the max-time parameter of the debug command > C. In configuration mode, enter 'scheduler interval 15' > D. Configure a loopback to channel debug traffic > > 2) NETBEUI is: > A. A routable protocol > B. A non-routable protocol designed for small networks > C. A routing protocol designed for large networks > D. A data-link layer protocol > > 3)In a Distance Vector protocol, "counting to infinity": > A. Calculates the time tacken for a protocol to converge > B. Checks to make sure the number of route entries do not exceed a set upper > limit > C. Counts the packets dropped during a routing loop > D. Sets an upper limit for hop count, so that routing loops can be broken if > this limit is reached > > 4)A network contains 2000 IPX services. Remote sites connected via 56 Kbps > lines intermittently lose the ability to logon to some NetWare servers. The > problem may be fixed by: > A. Filtering SAPs at the remote routers > B. Filtering SAPs at the central router > C. Filtering SAP type 4 > D. Configuring "ipx maximum-paths 2" at the central router > > 5) In FDDI, the characteristics of "4B/5B Encoding" include: (multiple > answer) > A. Sending 4 bits of information using a 5 bit symbol > B. Increasing the clock rate of the transmitter and receiver to 125 Mhz, > which establishes an effective data rate of 100Mbps > C. Increasing the distance between two FDDI stations to more than 2km, when > using multimode fiber > D. Providing a workaround for the Optical Bypass Relay > > 6)The purpose of "Fast Link Pulse[FLP]" signals is: > A. To identify link quality and shutdown the Ethernet port of the computer > if the quality of a link is poor > B. To indicate that collisions has occurred in the Ethernet segment - this > is also known as a 'jam' signal > C. To auto-negotiate the capabilities of Fast Ethernet devices connecting > via 100BaseT technology > D. To support the proprietary implementation of Gigabit Ethernet of some > vendors Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47598&t=47436 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE tips... [7:47128]
Here's on tip...NDA ""Paul Blake"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > have you recently taken the CCIE lab, failed and would rather not repeat > your failure ? me too. > > I'm looking to exchange tips and issues encountered with anybody who has > also recently taken the lab. > > Drop me a mail (not to the group) and we'll go from there. > > regards > Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47171&t=47128 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 1720 with Wic-1enet problems. [7:46479]
Lidiya, Thanks for your help. I didn't realize that not all newer IOS images support the Wic-1enet card. ""Lidiya White"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Try 12.2.8T. Main code line doesn't support WIN-1ENET= > http://www.cisco.com/cgi-bin/front.x/Support/HWSWmatrix/hwswmatrix.cgi > > -- Lidiya White > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > JohnZ > Sent: Thursday, June 13, 2002 12:57 PM > To: [EMAIL PROTECTED] > Subject: 1720 with Wic-1enet problems. [7:46479] > > Is Wic-1enet only supported in the 122-2.XJ releases. I tried using > later > releases like 122-6f and 122-10a but none of them recognize this WIC. I > am > worried if it will be supported in any future releases. Does any one > else > have the same experience. > Thanks, > JZ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46602&t=46479 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Difference between cat 6000 6500 and 3550 [7:46478]
As has been mentioned here else where in this group that Cat6000s are in place in some labsites but also that the new CCIE lab format in October replaces cat5000s with Cat3550s. ""Michael L. Williams"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Are they using 6x00 switches in the lab? I thought they were still using > Cat5000s and therefore the CatOS and Set/Show/Clear commands. If that is > still the case, you wouldn't want to use a 3550 as it uses IOS (config t, > etc). I know the 6000s and 6500s you can use in Hybrid (CatOS) or Native > (IOS) mode... I believe if you don't specify when you order, you'll get > Hybrid by default.. Just be sure that you're in hybrid and it should be > very much like being on a Cat5000. If the 6000 happens to be in Native, you > can convert to Hybrid by following these instructions: > > http://www.cisco.com/warp/public/473/80.shtml > > HTH, > Mike W. > > "JohnZ" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I have a cat 6000 at work available for testing. Is there any major > > difference (other then backplane capacity) as compared to 3550 or 6500. I > > guess I just wanted to know that performance aside, are rest of the IOS > > features supported same accross all three platforms. I plan to use it for > > CCIE studies. > > Thx, > > JZ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46491&t=46478 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
1720 with Wic-1enet problems. [7:46479]
Is Wic-1enet only supported in the 122-2.XJ releases. I tried using later releases like 122-6f and 122-10a but none of them recognize this WIC. I am worried if it will be supported in any future releases. Does any one else have the same experience. Thanks, JZ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46479&t=46479 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Difference between cat 6000 6500 and 3550 [7:46478]
I have a cat 6000 at work available for testing. Is there any major difference (other then backplane capacity) as compared to 3550 or 6500. I guess I just wanted to know that performance aside, are rest of the IOS features supported same accross all three platforms. I plan to use it for CCIE studies. Thx, JZ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46478&t=46478 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Route Reflectors & Peer-Group [7:46464]
Can you point to the pages where you saw this on BGP 4 command reference. I couldn't find any thing to that effect. I took the CBCR class and we used peer groups with Reflectors, it seemed to work fine. ""Hunt Lee"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > > I have read both BGP 4 Command & Reference + CCNP Building Scable Cisco > Networks, they both state that peer-group and route reflectors are not > compatible to each other. Yet, when I tried to configure both together... > it seems to work for me :( Am I missing something important here? > > RouterB#sh ip bgp ne > BGP neighbor is 172.16.0.2, remote AS 1, internal link > Index 1, Offset 0, Mask 0x2 > Route-Reflector Client > group1 peer-group member > BGP version 4, remote router ID 172.16.0.2 > BGP state = Established, table version = 1, up for 00:28:41 > Last read 00:00:40, hold time is 180, keepalive interval is 60 seconds > Minimum time between advertisement runs is 5 seconds > Received 36 messages, 0 notifications, 0 in queue > Sent 36 messages, 0 notifications, 0 in queue > Prefix advertised 0, suppressed 0, withdrawn 0 > Connections established 2; dropped 1 > Last reset 00:28:52, due to RR client config change > 0 accepted prefixes consume 0 bytes > 0 history paths consume 0 bytes > Connection state is ESTAB, I/O status: 1, unread input bytes: 0 > Local host: 172.16.0.1, Local port: 11003 > Foreign host: 172.16.0.2, Foreign port: 179 > > Enqueued packets for retransmit: 0, input: 0 mis-ordered: 0 (0 bytes) > > Event Timers (current time is 0x263A98): > Timer StartsWakeupsNext > Retrans32 0 0x0 > TimeWait0 0 0x0 > AckHold31 19 0x0 > SendWnd 0 0 0x0 > KeepAlive 0 0 0x0 > GiveUp 0 0 0x0 > PmtuAger0 0 0x0 > DeadWait0 0 0x0 > > iss: 904884479 snduna: 904885079 sndnxt: 904885079 sndwnd: 15785 > irs: 3309753480 rcvnxt: 3309754096 rcvwnd: 15769 delrcvwnd:615 > > SRTT: 310 ms, RTTO: 780 ms, RTV: 80 ms, KRTT: 0 ms > minRTT: 24 ms, maxRTT: 300 ms, ACK hold: 200 ms > Flags: higher precedence, nagle > > Datagrams (max data segment is 1460 bytes): > Rcvd: 44 (out of order: 0), with data: 31, total data bytes: 615 > Sent: 52 (retransmit: 0), with data: 31, total data bytes: 599 > > > BGP neighbor is 193.16.0.2, remote AS 1, internal link > Index 1, Offset 0, Mask 0x2 > Route-Reflector Client > group1 peer-group member > BGP version 4, remote router ID 0.0.0.0 > BGP state = Active, table version = 0 > Last read 00:04:24, hold time is 180, keepalive interval is 60 seconds > Minimum time between advertisement runs is 5 seconds > Received 33 messages, 0 notifications, 0 in queue > Sent 37 messages, 1 notifications, 0 in queue > Prefix advertised 0, suppressed 0, withdrawn 0 > Connections established 2; dropped 2 > Last reset 00:04:45, due to BGP Notification sent, hold time expired > 0 accepted prefixes consume 0 bytes > 0 history paths consume 0 bytes > No active TCP connection > RouterB# > > > Any ideas would be greatly appreciated. > > Thanks > > -- > > Hunt Lee > > WebCentral Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46477&t=46464 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VoIP [7:45991]
I understand that Cat 5000s don't support VOIP but I think that's only because they don't support inline power on their ethernet blades. Can some one see any other issues with cat 5000 and VOIP combo. ""Mark Odette II"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Cisco UBR900 series Cablemodem, and the Cisco 1750/1760 series Routers > are the low-end VoIP supported routers. The 2600 series routers with > NM-1V/2V cards are low/mid-range VoIP routers for the Enterprise (acting > as Gateways from PSTN or P(A)BXs). Your next step up is the 3600's, > then the Catalyst 4000 Switches, and you continue up the change from > there. > > The 2500's don't support VoIP. > > For the ATA 186, I'm unfortunately without a clue. > > -Mark > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Steve Watson > Sent: Thursday, June 06, 2002 7:19 PM > To: [EMAIL PROTECTED] > Subject: VoIP [7:45991] > > 1 - What routers support VoIP? (Looking for a Cisco Link, can't find > one) > > I have a lot of old 2501's and have been told they don't > support VoIP but have found nothing in writing. > > 2 - Has anyone used the ATA 186? > > > > Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46085&t=45991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX525\Web Sense and Chat programs [7:46013]
Could you block sites by their names such as www.yahoo.com on PX and let it resolve the names to what ever IP address yahoo is using. I don't know if this will work, may be some one will correct me If I am wrong. ""Brunner Joseph"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > forget the stupid attempts to block 5190/tcp, etc.. its best to completly > route to null or deny traffic to the subnets involved. (smarter users will > just specify to use 80 / tcp, and still get on) > > read this from a story about this.. > > As of 1:22 PM 11/21/2001 > > Login server names - set up a Deny URL access rule for these sites or > subnets since they can have several login server's per subnet as MSN > probably does > > AOL Instant Messenger: oscar.login.aol.com > AOL's login servers are on these subnets/addresses:, 205.188.3.0, > 205.188.5.0, 205.188.7.0, 64.12.161.153 and 64.12.161.185 > > MSN Messenger: gateway.messenger.hotmail.com (was > login.gateway.hotmail.com) > multiple login servers, including at least one at 64.4.13.181 called > http11.msgr.hotmail.com > > ICQ: login.icq.com and http.proxy.icq.com (Was icq.mirabilis.com and > login.icq.com previously) > ICQ's login server's 205.188.179.0, 205.188.162.0, 64.12.162.57 and > 64.12.163.132 > > Yahoo Messenger: msg.edit.yahoo.com/* > (Yahoo Messenger: Might also need to block messenger.yahoo.com/* and > http.pager.yahoo.com/* Be sure to type in the http on that last URL). > > > > AOL: > aol 5190/tcp America-Online instant messenger (client side > uses 5190 for outbound tcp connectivity to get totheir logon server > for AIM: login.oscar.aol.com > > aol 5190/udp America-Online instant messenger > aol-1 5191/tcp AmericaOnline1 tcp/ip connection option for > newer versions of AOL > aol-1 5191/udp AmericaOnline1 tcp/ip connection option for > newer versions of AOL > aol-2 5192/tcp AmericaOnline2 tcp/ip connection option for > newer versions of AOL > aol-2 5192/udp AmericaOnline2 tcp/ip connection option for > newer versions of AOL > aol-3 5193/tcp AmericaOnline3 tcp/ip connection option for > newer versions of AOL > aol-3 5193/udp AmericaOnline3 tcp/ip connection option for > newer versions of AOL > > MSN Messenger: > port 1863 tcp > > Yahoo messenger: > ports 5001,5002,5004,5005,5010 and 5050 > > Yahoo PC to Phone: > port 6801/UDP incoming and outgoing > > Streamin Video: > h263-video 2979/tcp H.263 Video Streaming > h263-video 2979/udp H.263 Video Streaming > > Instant Messaging: > wimd 2980/tcp Instant Messaging Service > wimd 2980/udp Instant Messaging Service > > > PC AnyWhere: > pcanywheredata 5631/tcp pcANYWHEREdata > pcanywheredata 5631/udp pcANYWHEREdata > pcanywherestat 5632/tcp pcANYWHEREstat > pcanywherestat 5632/udp pcANYWHEREstat > > > REAL PLAYER; REAL DOWNLOAD AND REAL JUKEBOX: > > RealServer sends all media in HTTP format. This creates more overhead on > your network than any of the other options. > As an aside, Real Download will pass > > for connecting to G2 RealServers Realplayer versions 7 and 8 > ports 6970 - 7170 in your firewall for UDP. > ports 7070 - 7071 and 554 for TCP > > connecting to pre-G2 RealServersRealplayer versions 3,4,5 and 6 > ports 7070 - 7071 in your firewall for TCP > ports 6970 - 7170 in your firewall for UDP, UDP ports 6970 - 7170 > (inclusive) for incoming traffic only > ports 6770 - 7170 in your firewall for UDP. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46084&t=46013 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIP vs CCNP vs CCIE - not very close at all [7:45893]
CCIP...Sure it smells like a new car. But if it doesnot require a hands on lab then it is just a few months away from turning into a paper cert. Perhaps you haven't looked at CCIE R/S closely but it does have Multicast on it and you can be sure you will be tested on it. But anyways I will stick to first comment without a vigrous lab it's worth will decrease with time as cramsites catch on to the test questions. ""Chris Parker"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Neal, > > I agree with you 100% the the CCIP is more relevent than the CCIE in the > service provider sphere. > > However I think the CCIP has yet to attain the credability and recognition > of the CCIE. I think the reason Cisco probably introduced the CCIP is to > address the shortcomings of the CCIE in the service provider area. However, > since the CCIE is so coveted and since some many people have invested so > much in their CCIE's , i think Cisco probably didn't want to superceed the > CCIE with the CCIP. > > Utimately, it will be up to the market to decide which certification is more > relevent in the future. Perhaps CCIE will become associated more with the > Enterpise arena and CCIP with the serivce provider arena. > > Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=45986&t=45893 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Difference "spantree root" vs spantree priority" [7:44275]
Hi group, I had the following additional questions may be some one can answer or has experience with: So if I have several switches and I want switch A to be the root of VLAN 5 would the command "set spantree 5" on switch A make it the root. What if switch Z is added to the network, is there a chance that this switch under the right circumstances will become the root. I guess what I am trying to ask is how can I make sure that switch A will always stay the root bridge for VLAN 5. Also related to above, once I run "set spantree root 5" will spanning tree protocol re-initialize and all the ports will go thru the different states of spanning tree. I am worried about all the servers and workstations that are connected to this switch. Will I need to reboot them. I hope I don't sound confusing, I am just trying to find the best way to do this at work. > ""JohnZ"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi group, I am try to figure out what is the difference between the > > following two commands: > > > > set spantree root 5 > > set spantree priority 0 5 > > > > Do both of them provide the same results: set vlan 5 as the root bridge. > > > > Thanks. > > JZ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44275&t=44275 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Difference "spantree root" vs spantree priority" [7:43978]
So if I have several switches and I want switch A to be the root of VLAN 5 would the command "set spantree 5" on switch A make it the root. What if switch Z is added to the network, is there a chance that this switch under the right circumstances will become the root. I guess what I am trying to ask is how can I make sure that switch A will always stay the root bridge for VLAN 5. Also related to above, once I run "set spantree root 5" will spanning tree protocol re-initialize and all the ports will go thru the different states of spanning tree. I am worried about all the servers and workstations that are connected to this switch. Will I need to reboot them. I hope I don't sound confusing, I am just trying to find the best way to do this at work. ""JohnZ"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi group, I am try to figure out what is the difference between the > following two commands: > > set spantree root 5 > set spantree priority 0 5 > > Do both of them provide the same results: set vlan 5 as the root bridge. > > Thanks. > JZ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44079&t=43978 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Difference "spantree root" vs spantree priority" [7:43978]
Hi group, I am try to figure out what is the difference between the following two commands: set spantree root 5 set spantree priority 0 5 Do both of them provide the same results: set vlan 5 as the root bridge. Thanks. JZ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43978&t=43978 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Syslog setup [7:42381]
I use Kiwisyslog, it works great for me, they have several other useful utilities on their website including Cattools which can be scheduled to save router configs periodically. ""Chris Charlebois"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Cisco syslog can be directed at *any* syslog deamon. NT and *nix come with > syslog deamons, but you can add one to other OSes, too. I did a quick look > on Tucows and found one that will run on XP. You can check it out at > http://www.kiwisyslog.com/products.htm. And it's freeware. (Note: I > haven't used that package, so it could be complete crap. But whaddya expect > from freeware.) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42791&t=42381 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT dilemma [7:42762]
Wow Thank you all, I have definitely learned a lot from this. When I do "sh IP route" I can see that I am getting a default route from the cable provider. Earlier when I was trying to figure out this problem I was running several debugs and I saw encapsulation failed errors which is in line with the ARP process pointed out by Marty. One last thing .what should I have on this router to improve performance and provide security for the inside network. Most of the traffic flowing through this router will be http to the outside. What extra advantage does upgrading to a IOS with firewall feature set give me in this case. ""Marty Adkins"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > "Michael L. Williams" wrote: > > > > "Paul Lalonde" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > but > > > routing out via an Ethernet interface will likely just *drop* the packet > > > onto that broadcast domain (subnet) without pointing it to a specific > next > > > hop. > > > > This raises an interesting question: If you try to make a static route > that > > routes out an ethernet interface (multi-access medium), does the router > send > > the frame to the Layer 2 broadcast address? If so, then if there is > another > > router somewhere on that segment, wouldn't it hear and route the packet > > properly, or would it see it as a layer 2 broadcast and it not go any > > further? > > > One might think that a static route to a broadcast interface type would be > ambiguous for layer 2, and it is. But what IOS does in that case is just > ARP for the destination IP and hope it gets an answer. It will work, but > only if some other adjacent router will perform a proxy ARP reply. Use > "debug arp" to observe this. I used this trick several years ago when I > didn't want to run a routing protocol on one interface and there were > quite a number of potential next hops (long story). > > As for the original question... I compared the supplied config to mine > and it should work, but then I have Comcast, not Roadrunner. I agree > with Paul Lalonde -- just let the router learn the default route via > DHCP (it works for me). > > Once you get it working, you'll want to add some things like an inbound > ACL, pass the domain name to your internal DHCP clients, possibly extend > the internal DHCP lease time, etc. > > - Marty Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42785&t=42762 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Need Clarification about Halabis BGP comment [7:40690]
Thanks Priscilla, as always thanks for your well informed answer. I think I was confused about "race condition". In this case to me it seems that if iBGP continues to show reachability while the IGP session is down it will send traffic even though without IGP there will be no means for this traffic to reach it's destination. Am I correct in saying that ? ""JohnZ"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > "IP connectivity has to be achieved via a protocol different from BGP; > otherwise, the session will be in a race condition. An example of a race > condition follows: neighbors can reach one another via some IGP, the BGP > session gets established, and the BGP updates get exchanged. The IGP > connection goes away for some reason, but still the BGP TCP session is up > because neighbors can still reach each other via BGP. Eventually the session > will go down because the BGP session cannot depend on BGP itself for > neighbor reachability" > > > > Wouldn't the same condition occur if reachability is acheived via a > different protocol. If the route becomes unreachable then BGP conectivity > will still be lost.What's the advantage of making sure that "race condition" > is avoided. > > > > Thanks. > > JZ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40751&t=40690 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Need Clarification about Halabis BGP comment [7:40690]
"IP connectivity has to be achieved via a protocol different from BGP; otherwise, the session will be in a race condition. An example of a race condition follows: neighbors can reach one another via some IGP, the BGP session gets established, and the BGP updates get exchanged. The IGP connection goes away for some reason, but still the BGP TCP session is up because neighbors can still reach each other via BGP. Eventually the session will go down because the BGP session cannot depend on BGP itself for neighbor reachability" Wouldn't the same condition occur if reachability is acheived via a different protocol. If the route becomes unreachable then BGP conectivity will still be lost.What's the advantage of making sure that "race condition" is avoided. Thanks. JZ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40690&t=40690 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
