Re: CBWFQ Newbie [7:73034]

[Jonathan V Hays]

[EMAIL PROTECTED] wrote:
 Hi guys,
 
 Just a quick one and am sure this has been asked many times.
 
 Two rtrs with serial line between them. On one router
 
 !
 hostname QOS-RTR1
 !
 class-map Data-Service
   match access-group name Data-Hosts
 !
 class-map Voice-Service
   match access-group name Voice-Hosts
 !
 policy-map Customer1
   class Data-Service
bandwidth percent 50
   class Voice-Service
bandwidth percent 20
 !
 ip access-list extended Data-Hosts
  permit ip host 10.1.1.22 any
 ip access-list extended Voice-Hosts
  permit ip host 10.1.1.21 any
 !
 Interface serial0/0
  ip address x.x.x.x x.x.x.x
  Service-policy out Customer1
  bandwidth 512
 
 
 
 
 Now, if there is only a data stream running from the one configured host in
 the ACL, and I have a 512k line, This data traffic even though it is
 configured for 50% of the bandwidth, can automatically use 100% of the
 bandwidth (if I have the max-bandwidth thing set to 100) Correct?
 
 Then if I start the voice stream from the other host, that has 20% of the
 bandwidth, this will then scale down the data traffic so that the 20%
 bandwidth can be guaranteed for the voice stream.
 
 Please can someone confirm.
 
 Many thx indeed.
 
   
   Ken Farrington

I think you want to use a variation on CBWFQ called LLQ. This 
uses the priority command instead of bandwidth, to assign 
voice traffic to a Priority Queue which will take precedence over 
other traffic.

In other words:

policy-map Customer1
   class Data-Service
 priority 50
   class Voice-Service
 bandwidth percent 20

Here's a link to the priority command

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt2/qcfwfq.htm#1022204

and here's a link to an LLQ example:

http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/qossol/qosvoip.htm#xtocid12

HTH,

Jonathan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73042t=73034
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: need input on a frame relay t1 problem [7:72621]

[Jonathan V Hays]

Wilmes, Rusty wrote:
 I've got a frame line thats almost 100% errors, mostly framing.  Local
 Hardware is a 1604 w/ t1 wic (for testing purposes only.  will be a 3640.)
 Remote hardware for the 6 pvc's are 1604's w/ t1 wics on fractional frame
 lines.  Remotes have existing pvcs back to the 3640 on the production
 network.
 
 PVCs come up but line protocol bounces continuously.
 telco has reported that they can get to their network termination but not
to
 my csu.  I've triple checked the extension from the NIU to the WIC and it
 looks good.  Its about 75 feet of shielded t1 cable.  Tried both clock
 source line and clock source internal.  on clock source line I lose the
pvcs
 (deleted).  Telco verified lmi type cisco (they had it at auto but changed
 to cisco).  I tried ANSI on my side and got no LMI rcvs.  W/ type set to
 cisco LMI enq/rcv is incrementing but drifting all over the place.
 Interface resets increment each time I lose line protocol.  Carrier resets
 are incrementing slowly as well.
 
 Im still suspecting telco issues but any input would be greatly
appreciated.
 
 
 
 
 interface Serial0
  no ip address
  encapsulation frame-relay
  fair-queue 64 32 0
  service-module t1 clock source internal
  service-module t1 timeslots all
  frame-relay lmi-type cisco
 
 local-test#sho int s0
 Serial0 is up, line protocol is up
   Hardware is QUICC Serial (with FT1 CSU/DSU WIC)
   MTU 1500 bytes, BW 1536 Kbit, DLY 2 usec, rely 189/255, load 1/255
   Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec)
   LMI enq sent  18, LMI stat recvd 11, LMI upd recvd 0, DTE LMI up
   LMI enq recvd 0, LMI stat sent  0, LMI upd sent  0
   LMI DLCI 1023  LMI type is CISCO  frame relay DTE
   Broadcast queue 0/64, broadcasts sent/dropped 76/0, interface broadcasts
 66
   Last input 00:00:08, output 00:00:00, output hang never
   Last clearing of show interface counters 00:03:06
   Input queue: 0/75/0 (size/max/drops); Total output drops: 0
   Queueing strategy: weighted fair
   Output queue: 0/1000/64/0 (size/max total/threshold/drops)
  Conversations  0/1/32 (active/max active/max total)
  Reserved Conversations 0/0 (allocated/max allocated)
   5 minute input rate 0 bits/sec, 0 packets/sec
   5 minute output rate 0 bits/sec, 1 packets/sec
  19 packets input, 1466 bytes, 0 no buffer
  Received 11 broadcasts, 0 runts, 0 giants, 0 throttles
  1154 input errors, 89 CRC, 737 frame, 0 overrun, 0 ignored, 328 abort
  99 packets output, 8280 bytes, 0 underruns
  0 output errors, 0 collisions, 3 interface resets
  0 output buffer failures, 0 output buffers swapped out
  0 carrier transitions
  DCD=up  DSR=up  DTR=up  RTS=up  CTS=up
  
 local-test#
 local-test#
 local-test#
 local-test#
 local-test#sho frame lmi
  
 LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO
   Invalid Unnumbered info 0Invalid Prot Disc 0
   Invalid dummy Call Ref 0Invalid Msg Type 0
   Invalid Status Message 0Invalid Lock Shift 0
   Invalid Information ID 0Invalid Report IE Len 0
   Invalid Report Request 0Invalid Keep IE Len 0
   Num Status Enq. Sent 19Num Status msgs Rcvd 12
   Num Update Status Rcvd 0Num Status Timeouts 8
Without actually being there, it sounds like a clocking problem 
to me.

0. I'm surprised that you are using internal clocking. Getting 
clock from the telco is usually much more reliable than your DSU. 
Are they supposed to be providing clock?

1. Have you run any loopback tests on the interface? If the 
problem continues with the interface looped, it is likely to be a 
router or WIC-1T problem.

2. Do you have any spare hardware for swapping?
- swap the 75 foot cable
- swap the WIC-1T
- try direct serial-serial connection to another test router

3. Take a look at some debug output, such as debug serial 
interface and debug frame-relay

HTH




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72625t=72621
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 2500 Flash Upgrade [7:72618]

[Jonathan V Hays]

Jay Greenberg wrote:

 Has anyone noticed that a 16MB flash upgrade for the 2500 costs almost
 as much as a 2500 ?
 
 Does anyone know where I can get cheap 8MB flash sticks?
 

http://www.anthonypanda.com/

Excellent prices, if you're not in a hurry (ship from Hong Kong).




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72626t=72618
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: dcd=up [7:72175]

[Jonathan V Hays]

fdfdfdfd fdfdfdf wrote:
[SNIP]
  DCD=up DSR=up DTR=up RTS=up CTS=up 
 
 
 what is the meaning of dcd=up?
 thanks.


This is an interesting reference, which contains a lot about 
Synchronous Serial ports.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configuration_guide_chapter09186a0080087283.html#3961

QUOTE:
By default, when the serial interface is operating in DTE mode, 
it monitors the Data Carrier Detect (DCD) signal as the line 
up/down indicator. By default, the attached DCE device sends the 
DCD signal. When the DTE interface detects the DCD signal, it 
changes the state of the interface to up.
END QUOTE.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72191t=72175
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IOS version [7:71225]

[Jonathan V Hays]

Hi,

It looks like the IOS has given you the answer: Command rejected: One
or more ports is already configured as a trunk port.

And the documentation confirms that you cannot configure multi-VLAN and
trunk ports on the same 2900XL/3500XL switch. See:

http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/29_35wc6/scg
/swvlan.htm#xtocid42

Regards,

Jonathan Hays


 -Original Message-
 From: milind tare [mailto:[EMAIL PROTECTED] 
 Sent: Wednesday, June 25, 2003 12:18 AM
 To: [EMAIL PROTECTED]
 Cc: [EMAIL PROTECTED]
 Subject: Re: IOS version [7:71225]
 
 
 Hi Jhays,
 
 IT-3548-2#conf t
 Enter configuration commands, one per line.  End with
 CNTL/Z.
 IT-3548-2(config)#int fa0/22
 IT-3548-2(config-if)#swi
 IT-3548-2(config-if)#switchport mu
 IT-3548-2(config-if)#switchport mod
 IT-3548-2(config-if)#switchport mode mu
 IT-3548-2(config-if)#switchport mode multi ?
   
 
 IT-3548-2(config-if)#switchport mode multi
 Command rejected: One or more ports is already
 configured as a trunk port.
 IT-3548-2(config-if)#swit
 IT-3548-2(config-if)#switchport mu
 IT-3548-2(config-if)#switchport multi vl
 IT-3548-2(config-if)#switchport multi vlan add
 IT-3548-2(config-if)#switchport multi vlan add 2,4
 
 
 
 i hv tried like this but still it is not working. 
 and my IOS version 
 
  IOS (tm) C3500XL Software (C3500XL-C3H2S-M),
  Version
   12.0(5)WC3b, RELEASE SOFTWA
   RE (fc1)  
 
 
 so pls give me suggestion.
 
 Thanks  warm Regards,
 Milind Tare

 --- Jonathan V Hays  wrote:
  milind tare wrote:
  
   Dear All,
   
   
I have 3500 series switches in my network. i
  want
   to configure multiple vlan for some ports. right
  now i
   am using following IOS
   
   IOS (tm) C3500XL Software (C3500XL-C3H2S-M),
  Version
   12.0(5)WC3b, RELEASE SOFTWA
   RE (fc1)  
 
  
   i tried the command switchport multi vl but it
  is
   not working in that. 
   
so pleas give me suggestion. shall upgrade the
  IOS.?
   
   i hv 3512,3524,3548 switches in my network
   
   
   Thanks  Regards,
   Milind Tare 
   
  
  Please post a snapshot of your terminal session.
  
  Are you in interface mode when you enter the
  command?
  
  Switch(config)# int fa0/1
  Switch(config-if)# switchport multi vlan 2,4
  
  
  
  
 
 
 __
 Do you Yahoo!?
 SBC Yahoo! DSL - Now only $29.95 per month!
 http://sbc.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71327t=71225
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IOS version [7:71225]

[Jonathan V Hays]

milind tare wrote:

 Dear All,
 
 
  I have 3500 series switches in my network. i want
 to configure multiple vlan for some ports. right now i
 am using following IOS
 
 IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version
 12.0(5)WC3b, RELEASE SOFTWA
 RE (fc1)  

 i tried the command switchport multi vl but it is
 not working in that. 
 
  so pleas give me suggestion. shall upgrade the IOS.?
 
 i hv 3512,3524,3548 switches in my network
 
 
 Thanks  Regards,
 Milind Tare 
 

Please post a snapshot of your terminal session.

Are you in interface mode when you enter the command?

Switch(config)# int fa0/1
Switch(config-if)# switchport multi vlan 2,4




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71260t=71225
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: QoS - Enabling Traffic Shaping [7:70869]

[Jonathan V Hays]

John,

I assume the '25' after each percentage sign in your original post below
is a typo (e.g., 15%25 of bandwidth). Given that assumption, you want
to assign traffic to three categories, with 15%, 50%, and 35% of the 64
kbps bandwidth.

64000 x .15 =  9600 bps
64000 x .50 = 32000 bps
64000 x .35 = 22400 bps

 burst size should 1/8 of the bit rate cfg'd, no excess burst 

1/8 = .125

 9600 x .125 = 1200 bps
32000 x .125 = 4000 bps
22400 x .125 = 2800 bps

However, I question the burst size given in your solution. The
definition from the Doc CD states that the  burst-size is the Sustained
number of bits that can be sent per INTERVAL. On Frame Relay interfaces,
this is the Committed Burst size contracted with your service provider.


See
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/
fqos_r/qrfcmd11.htm#1019905

If the interval is 1/8 second (and it may not be) I would think the
correct answer would divide each of 1200, 4000, and 2800 by 8, to get
bits per interval.

HTH,

Jonathan

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
 Behalf Of John Smith
 Sent: Wednesday, June 18, 2003 10:21 AM
 To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
 Cc: [EMAIL PROTECTED]; 
 [EMAIL PROTECTED]; [EMAIL PROTECTED]; 
 [EMAIL PROTECTED]
 Subject: QoS - Enabling Traffic Shaping
 
 
 Somehow I have forgotten how to do math... Can anyone explain 
 to me or point to a doc on figuring out the percentage for 
 the below lab.
 
 Enable traffic shaping on int serial 0/0 as follows:
 
 Shape Telnet and ICMP traffic to 15%25 of bandwidth
 Shape FTP traffic to 50%25 of bw
 Shape all remianing traffic to 35%25 of bw.
 
 Remember the total link bw is 64 kbps on this interface. The 
 burst size should 1/8 of the bit rate cfg'd, no excess burst 
 should be allowed.
 
 The answer from the lab help are, below can anyone tell me 
 how the number 9600, 32000 and 22400 were arrived at? I can 
 figure out the 1/8th part 1200, 4000 and 2800, but somehow 
 can't remember how to get the original percentage..
 
 traffic-shape group 101 9600 1200 1200
 traffic-shape group 102 32000 4000 4000
 traffic-shape group 103 22400 2800 2800
 
 Thanks.
 
 
 
 -
 Do you Yahoo!?
 SBC Yahoo! DSL - Now only $29.95 per month!
 
 
 __
 _
 You are subscribed to the GroupStudy.com CCIE RS Discussion Group.
 
 Subscription information may be found at: 
 http://www.groupstudy.com/list/CCIELab.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70869t=70869
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: cisco 2511 Terminal Server for my first time! [7:53791]

[Jonathan V Hays]

??? wrote:
 Hi,
 
 I am setting up 2511 terminal server for my first time, but don't work...
 
 this is my 2511 configuration :
 
 
 line con 0
 
 line 1 16
 session-timeout 20
 exec-timeout 0 0
 
 line aux 0
 
 line vty 0 4
 password
 login
 
 
 In above, i found i missed one command in line con 0 prompt.
 -- line con 0
 transport input all
 So, i tried to type the command, but couldn't. The result is
 
 --
 Router#conf t
 Enter configuration commands, one per line. End with CNTL/Z.
 Router(config)#line con 0
 Router(config-line)#transport input all
 ^
 % Invalid input detected at '^' marker.
 
 Router(config-line)#
 --
 
 I don't know why the command can't be input. There is the command In
 cisco documentation.
 (http://www.cisco.com/warp/public/793/access_dial/comm_server.html)
 
 Anyone can help me?
 
 sooil..
 
 [TABLE NOT SHOWN][TABLE NOT SHOWN][IMAGE]
You are putting the command in the wrong line. Put it here:

line 1 16
  no exec
  transport input all

Also, you do not state what command you are using to test with.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70810t=53791
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCNP Recertification Exam Review [7:66644]

[Jonathan V Hays]

Priscilla Oppenheimer wrote:
 The CCNP Recertification Exam was gruelling, and that's no April Fool's
 joke. But I survived it! ;-)
 
 Exam number: 640-851 (the current one)
 Number of questions: 112
 Time: 2 hours
 Passing Score 732
 My score: 834
 
 Is anyone else taking it soon? Here's some advice:

Another piece of advice: make sure you take the exam BEFORE your 
certification expires or you will be wasting your money.

Early in 2002 I foolishly sat for and passed both the CCNPR and 
the CCDPR *after* mine had expired. I waited and waited for the 
confirmation of recertification.  I finally emailed Cisco who 
wrote back with the bad news: the exams didn't count because my 
certifications had already expired when I sat for them. I ended 
up paying again for all the exams and sitting them over again, so 
to speak.

I did take the FRS exam and saved a few dollars. BTW, the FRS 
exam was considerably more difficult than either recertification 
exam, IMHO. The CCIE qualification exam was much easier by 
comparison (at least in April 2002 it was).

-Jonathan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66768t=66644
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Debug display to VTY [7:66762]

[Jonathan V Hays]

James Gosnold wrote:
 Um, probably a silly one for you all.
 
 I have a 1721 router at either end of a leased line. I telnet into the
 router and:
 
 Router#debug serial int
 Serial network interface debugging is on
 Router#terminal monitor
 
 And nothing. Shouldn't I get some debug messages here, keep alives and such
 between the CSU and my router? It's a live connection and the line works,
as
 far as I knew this was all I needed to enter to view debug output from a
 telnet session? In fact I don't appear to be getting debug output for
 anything so I'm missing something silly here but I thought 'terminal
 monitor' was sufficient?
 
 Regards, James.


You might try turning off fast switching on the serial interface 
(no ip route-cache).




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66818t=66762
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: April Fools [7:66655]

[Jonathan V Hays]

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
 Behalf Of Jay Greenberg
 Sent: Tuesday, April 01, 2003 9:52 AM
 To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
 Subject: April Fools
 
 
 ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt
 
 --
 Jay Greenberg 
 CCIE #11021
 
 

Hehehe. Good one, Jay. I saw that story on Slashdot this morning and
raised my eyebrows for a nanosecond or two but was too busy to follow
up. The April Fool RFC is a long tradition. This guy has a web page
listing them all:

http://www.mysunrise.ch/users/bhaak/misc/aprilrfcs.html

With his trenchant sense of humor, I was surprised NOT to find Howard
Berkowitz among the authors. ;-)

-Jonathan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66655t=66655
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PPP Problems - any ideas!!! [7:66486]

[Jonathan V Hays]

Matt,

I would try the advice of Priscilla and Mario. Start with a 
simple config and work your way up. Here's a check list:

1. Check the cable and make sure both ends are firmly seated and 
are plugged into the correct ports.

2. Set the serial interfaces on both ports back to the default 
using default interface serial0 in global config mode.

3. Reboot both machines.

4. Add an ip address, no shut, and see if you can ping under 
HDLC. Don't forget to add clock on the DCE side.

**r9:
conf t
in s0
   ip address 10.1.1.1 255.255.255.0
   no shut
**r10:
conf t
in s0
   ip address 10.1.1.2 255.255.255.0
   clock rate 64000
   no shut
***Do a ping test.

5. Change the link protocol to PPP:

**r9:
in s0
   encapsulation ppp
**r10:
in s0
   encapsulation ppp
***Do a ping test.

6. Add the authentication:

**r9:
username r10 password cisco
in s0
   ppp authentication chap
**r10:
username r9 password cisco
in s0
   ppp authentication chap
***Do a ping test.

Or, if you want PAP you must use the ppp pap sent-username 
command on this type of physical link.

HTH,

Jonathan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66551t=66486
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PPP Problems - any ideas!!! [7:66486]

[Jonathan V Hays]

saunders1m wrote:
 I have 2 routers connected back to back via a DTE - DCE crossover cable and
 i am trying to establish a ppp connection though i can't seem to make the
 connection and when i try using debug ppp authentication i get:
 
 01:57:10: Se0 PPP: Treating connection as a dedicated line
 
 Is my config right???
 
 Router 1 (r9)
 
 username r10 password cisco
 interface Serial0
  ip address 10.0.1.1 255.255.255.0
  no ip directed-broadcast
  encapsulation ppp
  no fair-queue
  ppp authentication pap
 


Add ppp pap sent-username r9 password cisco to r9, and 
similarly to r10.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66498t=66486
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT, was RE: Tacacs+ for home Use? and Passed CCIE [7:14417]

[Jonathan V Hays]

Great! Unfortunately my Linux box has an Intel AL440LX motherboard and I
can't find any
place in the BIOS to disable the keyboard (or halt on error, except
keyboard which is
another popular BIOS option). Disabling the keyboard is simply not possible
on EVERY x86
clone.

Sean Young wrote:

 I run RedHat 7.1 with kernel 2.4.7 on a Dell Optiplex 700 MHz with no
 keyboard and mouse.  Didn't have to do anything unusual like disabling it
 in the BIOS.  By the way, I control the Unix/Linux box via Terminal
 server.

 From: Jonathan Hays Reply-To: Jonathan Hays To:
 [EMAIL PROTECTED] Subject: Re: OT, was RE: Tacacs+ for home Use? and
 Passed CCIE [7:14417] Date: Tue, 31 Jul 2001 19:51:31 -0400  Not
 always possible.  Roberts, Timothy wrote:Disable it in the
 bios. -Original Message-   From: Jonathan Hays
 [mailto:[EMAIL PROTECTED]]   Sent: Tuesday, July 31, 2001 4:20 PM  
 To: [EMAIL PROTECTED]   Subject: Re: OT, was RE: Tacacs+ for home
 Use? and Passed CCIE written   [7:14413] No keyboard? It
 depends. While it's true that native UNIX workstations (Sun, HP,
 etc.) will run   headless, most   Intel x86 boxes I have
 encountered require you to plug in a keyboard or the   machine  
 won't boot, regardless of the OS installed. Or is there a way around this
 I   don't know   about?   ---   Jonathan Symon Thurlow
 wrote:  I agree with Carroll, I have been predominantly MS and
 Novell, but havestarted to learn Linux. It isn't hard if you have
 a good grounding inNetworking/IP/Network OS's. It is just a matter
 of finding/learning thecommands.   Another beauty of a
 *nix box; you only need two cables for it, power andnetwork.
 Forget screen, keyboard, mouse...   Symon  
 -Original Message-From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]]On Behalf OfCarroll KongSent:
 31 July 2001 00:32To: [EMAIL PROTECTED]Subject: Re:
 Tacacs+ for home Use? and Passed CCIE written today[7:14288]   
At 06:40 PM 7/30/01 -0400, [EMAIL PROTECTED] (Timothy Ouellette)
 wrote:Hello all. I just passed my CCIE today (very happy). I was
 not asdifficult as I expected (possibly over studied for it, if
 that'spossible). Anyways, I am about to embark on the long
 journey tocomplete the CCIE by taking the lab. I have my own home
 lab and I waswondering if there is a free version of Tacacs+ out
 there? I knowcisco has a Unix version they supply but I don't run
 Unix here at home(win2k for my lab) and I was wondering if anyone
 could help. Thanksfor your time!Tim  
 Congratulations on passing the CCIE Written!   I guess you
 might be out of luck. Here are some of your options   a)
 continue searching for a free version of TACACS+ for Windows.b)
 Buy Cisco Secure ACS.c) Get an old machine and install Linux,
 Solaris x86, FreeBSD, NetBSD, orOpenBSD and grab tacacs+ from  
  http://www.gazi.edu.tr/tacacs/d) Port the code yourself from
 Unix to Windows.   Obviously there is a certain time host
 inherent to the last threeoptions. You should certainly weigh out
 the costs, as ALL of the optionshave an inherent cost to it, even
 a). Personally, I think learning Unix   isnot so bad (maybe I am
 biased after all of these years) and may only takeperhaps a week
 of your time (if you are a fast learner, one day) if youwant to
 just get TACACS+ on it. You can consider multi-booting, but then   
 you will have to take out more time to make sure you do not fry your  
  machine. I hope you do know a lot about partitioning on x86   
 hardware. :) It honestly is not that bad, win2k's bootloader is quite  
  friendly with booting the unices. On the side, I do not think TACACS+
 is   arequirement for the lab. Not that it is a good reason to
 not learnTACACS+. Every CCIE should learn that eventually, on at
 least one   platform.   If you install FreeBSD, you may run
 into issues compiling the code, Ipatched it so it can work on it.
 (not as hard as it sounds, only a smallline change). If you choose
 that route, I can help you patch the code soit will compile on
 FreeBSD. Good luck!   -Carroll Kong -- Jonathan Hays
 misconduct and Nondisclosure violations to [EMAIL PROTECTED]

 

 Get your FREE download of MSN Explorer at http://explorer.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=14427t=14417
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Pix 5xx [7:3716]

[Jonathan V Hays]

The CCO documentation is excellent, IMHO. It literally leads you through the
installation step-by-step.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/index.htm

-Jonathan


Keith Townsend wrote:

 Anybody knows a good book for learning the Cisco Pix.  I had to install one
 of these and I got the job done but
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

--
Jonathan Hays
Acropolis Systems, Inc.
(408) 935-3016




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=5942t=3716
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: pix overload question [7:4187]

[Jonathan V Hays]

Good to know. Thanks, Jason.

-Jonathan

Jason Roysdon wrote:

 Nope, you can use the outside interface to PAT as of 5.2 (perhaps newer):
 pix(config)# global (outside) 1 interface
 outside interface address added to PAT pool
 pix(config)#

 --
 Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
 List email: [EMAIL PROTECTED]
 Homepage: http://jason.artoo.net/

 Jonathan Hays  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  On a PIX you have always needed two separate addresses - one for the
 outside
  interface and one for PAT. I checked the documentation for version 5.3
and
  unfortunately this still seems to be the case.
 
  See the URL below (watch the wrap).
 

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config/com
  mands.htm#xtocid223325
 
  -Jonathan
 
  Brian  wrote in message
  news:...
   I have a question regarding the PIX, hopefully someone
   can help me on this one.
  
   What version of PIX code is needed to be able to do NAT
   overload, like you can on the routers?  Can someone give
   an example of the command on how that is done?
  
   I have a scarcity of IP address's (outside) for a PIX install
   I am doing and definitly need overload ability.
  
   Brian
  
  
  
   ---
   We have MOVED!! Make note of our new address!!!
  
   I'm buying / selling used CISCO gear!!
   email me for a quote
  
   Brian Feeny,CCDP,CCNP+VAS Scarlett Parria
   [EMAIL PROTECTED] [EMAIL PROTECTED]
   318-213-4709  318-213-4701
  
   Netjam, LLC   http://www.netjam.net
   333 Texas St.VISA/MC/AMEX/COD
   Suite 1401   30 day warranty
   Shreveport, LA 71101   Cisco Channel Partner
   p: 318-212-0245
   f: 318-212-0246
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

--
Jonathan Hays
Acropolis Systems, Inc.
(408) 935-3016




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=4415t=4187
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX and static routes [7:3484]

[Jonathan V Hays]

You may use the PIX and static routes to forward traffic across the PIX's
interfaces but
it will not do one-armed routing with secondary addresses like a router
will. A
description of the PIX route command can be found at
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config/commands.htm#xtocid223349

Jonathan

John Gotti wrote:

 Maybe I'm mistaken, but I thought it was possible to add static routes on
 a PIX firewall?...For instance, if your outside interface's IP was
 198.6.1.4 and your inside Interface's IP was 172.16.0.1, couldn't you add
 a static route to say for IP 172.24.9.0 255.255.255.0 go to 172.24.128.3 ?
I
 know a PIX isn't a router, but I thought it could forward traffic based on
a
 static route. Thanks!!

   -G
 _
 Get your FREE download of MSN Explorer at http://explorer.msn.com
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

--
Jonathan Hays
Acropolis Systems, Inc.
(408) 935-3016




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=3486t=3484
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Terminal serial to host cable

[Jonathan V Hays]

No. I used a standard Category 5 patch cable.

Thanks - I am aware of the pinout of the Cisco rollover cables. Further, during this 
investigation I was using an ohmmeter to check connections.

Jonathan

Tony van Ree wrote:

 Hi,

 Did you use the "BLACK" Cisco cable?  If so look at this.  It has a roll over.  
1,2,3,4,5,6,7,8 become 8,7,6,5,4,3,2,1  say using pins 3  6 for TXD RXD, 4  5 sig 
gnd,  2 and 6 for RTS, CTS or what ever you have a cross over in the cable.

 Teunis,
 Hobart, Tasmania
 Australia

 n Friday, January 19, 2001 at 01:57:30 PM, Jonathan Hays wrote:

  I recently connected my Cisco terminal setup (a laptop with a DB9-RJ45
  adapter on Serial A) to a UNIX workstation with the gender adapters
  shown in the ASCII diagram below. I was surprised that it worked llike
  this because I expected a crossover of TX and RX, but when I pulled the
  adapters apart and followed the wires from end-to-end it appears there
  is no crossover. Pin numbers shown are those stamped on the connectors.
 
  Laptop Workstation
 DB9-RJ45RJ45-DB25
  tx 2   6 ---straight---62  tx
  rx 3   3 ---through33  rx
  cable
 
  Shouldn't TX and RX cross over? Why does this work?
 
  Sorry about the slightly off-topic post.
 
  Jonathan
 
  _
  FAQ, list archives, and subscription info: 
http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 
 

 --
 www.tasmail.com

 _
 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Intermittent ping problems with only one of 80 devices

[Jonathan V Hays]

1. First, the ping to this device is NOT a broadcast but a unicast packet. Second, the
Ethernet CSMA/CD algorithm will take care of retransmission due to collisions. IP/ICMP
layer is does not retransmit, but (as you know) a standard "ping" does wait for an
answer and tells you if it doesn't get a reply.  So yes, the router's ethernet 
interface
will retransmit a frame if it sees a collision, just like any other ethernet device.

2. If the problem is ethernet, it could be a flaky ethernet card or cable, but there 
are
a lot of possibilities, including software doing too many broadcasts, bad port on a
hub/switch, etc. If possible, swap the cable from the evil machine (where it plugs into
the NIC) with a known-good machine on the same subnet that is being monitored by 
Whatsup
and see if the problem moves.

Here's a Cisco URL for troubleshooting ethernet.
http://www.cisco.com/univercd/cc/td/doc/cisintwk/itg_v1/tr1904.htm

David Toalson wrote:

 snip , so I have two questions.  1.  Does a
 router rebroadcast a ping if there is a collision?  2.  Anything else
 you can think of that would cause this to happen on only the one device
 out of the 80?
 snip
 David Toalson
 816-701-4142

 _
 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]