RE: 10 half or 100 full [7:64931]
Hi Mike, all I have come accress this problem when connecting Novell Servers/Clients to Cisco switches, the solution is two things. 1/ enable spantree portfast on these cisco ports by: set spantree portfast 6/3 enable But be carefull this is good idea only for ports connecting to a single host i.e (to a Server or another switch) NOT to a hub.. Also 2/ I disabled Auto-negotiation on Cisco switch ports connecting to Novell or other vendor switches, cause Auto Negotiate does not work with many devices. Hope this helps. Sarkis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65000t=64931 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pix 501 or 520? [7:63078]
Qn? Does Trace route path below indicate the exact interfaces/IP addresses it phyicsally goes thru.to get to these device interfaces,OR there are some hidden Device Interfaces that are not seen/shown on it's way to reach it destination ??? I want to know if I can rely on traceroute to come up with a schematic of how things are connected... assuming you have a mix of Juniper/Cisco/Foundry devices. and can not rely on sh cdp neighbor to come up with a schematic of connected interaces. Here is a trace route example : Trace 204.1.253.82; Start time 02/17/03 16:50:49 Tracing route to 204.1.253.82 50 bytes from 204.1.253.82: time=15 ms Hop AvgDiff Address 1 2 2 192.168.0.1 2 14 12 172.31.255.247 3 13 -1 192.168.28.33 4 14 1 63.209.80.81 gigabitethernet5-0-155.ipcolo2.LosAngeles1.Level3.net 5 14 0 209.244.10.249 gigabitethernet3-1.core1.LosAngeles1.Level3.net 6 15 1 129.250.9.33 p16-1-1-3.r21.lsanca01.us.bb.verio.net 7 15 0 204.1.253.82 fa-3-47.a04.lsanca01.us.ra.verio.net End time 02/17/03 16:51:17 host reached Appreciate an answer Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63132t=63078 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
can I rely on trace route path to destination? [7:63133]
Qn? Does Trace route path below indicate the exact interfaces/IP addresses it phyicsally goes thru.to get to these device interfaces,OR there are some hidden Device Interfaces that are not seen/shown on it's way to reach it destination ??? I want to know if I can rely on traceroute to come up with a schematic of how things are connected... assuming you have a mix of Juniper/Cisco/Foundry devices. and can not rely on sh cdp neighbor to come up with a schematic of connected interaces. Here is a trace route example : Trace 204.1.253.82; Start time 02/17/03 16:50:49 Tracing route to 204.1.253.82 50 bytes from 204.1.253.82: time=15 ms Hop AvgDiff Address 1 2 2 192.168.0.1 2 14 12 172.31.255.247 3 13 -1 192.168.28.33 4 14 1 63.209.80.81 gigabitethernet5-0-155.ipcolo2.LosAngeles1.Level3.net 5 14 0 209.244.10.249 gigabitethernet3-1.core1.LosAngeles1.Level3.net 6 15 1 129.250.9.33 p16-1-1-3.r21.lsanca01.us.bb.verio.net 7 15 0 204.1.253.82 fa-3-47.a04.lsanca01.us.ra.verio.net End time 02/17/03 16:51:17 host reached Appreciate an answer Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63133t=63133 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Traceroute (was RE: Pix 501 or 520? [7:63078]
Thanks Howard, So it wont show the complete path of routers or switches it goes thru.. What about Extended traceroute ?? thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63139t=63078 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: explain these ACLs [7:62843]
Not sure if IPX is used, but this will block any incoming/Outgoing IP traffic correct... I will investigate more and get back... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62929t=62843 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
explain these ACLs [7:62843]
Can someone explain what these ACLs do ??? When applied to an interface (in) Interace e0 ! ! ip access-group 194 in no ip redirects no ip unreachables no ip proxy-arp ip route-cache same-interface ! access-list 194 deny ip any any access-list 195 deny udp any gt 1024 any eq 1434 access-list 195 permit ip any any access-list 196 deny udp any gt 1024 any eq 1434 access-list 196 permit ip any any These were applied since the SQL Worm attack... Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62843t=62843 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: URGENT: Modem Authentication Failure [7:61292]
HAmid, One thing u can do is, on the ACS/AAA server clear and re-enter the the shared KEY xxx. Qn? have u tried connecting directly into the Console port of 3660 and enter the Local Username , Password. Also are u trying to telnet into the 3660 ? or directly connecting to Console Port ... and not able to authenticate. ACS: Under USer Setup, Advanced TACACS+ Setup: what is the TAcscs+ Enable Control Setting , have u selected max previlege 0f 15 ??? Let us know, thnks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61340t=61292 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: guaranteeing bandwidth [7:61339]
Alexandru, Your commands are correct but, You need to apply ACL 100 to an interfcae with in/out command like: conf t Interface s0 ip access-group 100 out (to only permit those specific hosts out of intf s0) Hope this helps You can refer to some some CCNA/CCNP books for more info. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61342t=61339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: URGENT: Modem Authentication Failure [7:61292]
HI Hamid, This seems to be a password or Username Authentication Failure) you can try to delete and re-enter the username and password for that group on the ACS/AAA server. Also is there a Firewall before accessing/Authenticating to the ACS server? This is not passing the User Authentication proccess per yr debug. Let us know yr findings Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61305t=61292 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: URGENT: Modem Authentication Failure [7:61292]
Wll Hamid , The Local means you must be able to use the Local Username xxx and PAssword yxyxyxyxy on the local router config. as a last resource which is the case now So u shd be able to log in to the router itself, if AAA/ACS is not available. IS this happening on all the routers/Switches or only this router ???/ Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61311t=61292 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Netbios on Wan [7:61249]
Priscilla, Thanks for clearing that, infact I was not sure about enableing Directed broadcast on a interface with IP helper-address. Thanks for the explanation. Sarkis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61322t=61249 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Netbios on Wan [7:61249]
Hi Frederico, Yes, You you need to use : Interface e0 (for eaxample on remote router) ip helper-address 172.16.2.255 (to reach all servers on subnet 172.16.2.0 from the remote routers) Hope this helps Sarkis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61270t=61249 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Netbios on Wan [7:61249]
Yes, According to Cisco BSCN Book (Building Scalable Cisco Networks) pages 88-91. and Exam Cram book ACRC (Advanced Cisco Router Congirn) pages 46-47. mentions using ip helper-address to forward to a directed broadcast address (ie. for this specific subnet 172.16.2.0 where the servers reside) Remember, on the Interface you also need to enable the command: ip directed-broadcast (which is disabled by default on rel 12.0 and later) So here are the commands you need to add on the Remote Router interface: Interface e0 ip helper-address 172.16.2.255 ip helper-address 172.16.3.2 ip directed broadcast So Braodcasts arriving on e0 will be forwarded to all servers on the 172.16.2.0 subnet and to the designated server 172.16.3.2. Hope this helps. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61289t=61249 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: EIGRP issues [7:61068]
Edward, Since you are using PPP Authentication Chap, it requires that both sides send (same) user name xx and Password .. to each other (Handsahing using chap) after dialup, to authenticate each other both ways, then start data transfer. So, on Router B, u need to add: username HQ-3640-TUNNEL1 password 0 decore (to authenticate w/side A using same password) dialer map ip 10.10.56.1 name HQ-3640-TUNNEL1 broadcast 9,Modem A # This is what I remember, When Iwas facing similar problem. Hope I am right. Sarkis CCNA/CCNP/MCNS/MCP/CNE Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61076t=61068 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ATM IMA interface problems [7:47849]
The VBR-NRT parameters musr matche the ATM Carrier Switch settings. So If the Carrier ATM Switch is set for UBR then You can't just change your ATM interface parmaeters from UBR to VBR/NRT. You have to match the Carrier ATM Switch settings only. Also try: sh atm vc to see the VPI/VCI values of peak Mbps, Ave Mbps and Min Burst Cell size, these also Must mtach the ATM Switch on carrier side. Let me know Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47861t=47849 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Permit Ping access thru PIX FW [7:47193]
Hi Gaz, Thanks for yr the explanations. (I am refering to MCNS Man.p.5-41) So infact it should be: conduit permit icmp any any echo-reply for allowing icmp replys back in from ouside or dmz. Also why then Iwas able for example: ping outside 4.22.122.10 But, Not able to ping dmz 199.16.1.3 (unless the dmz intfc. was shut) So inorder to be able to ping the dmz intfc 192.168.6.3 I need a conduit command like : conduit permit icmp host 192.168.6.3 any Can you explain or correct me on this??? Thanks. Sarkis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47237t=47193 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Permit Ping access thru PIX FW [7:47193]
Thanks Gaz, That's exactly the case. Now I understand it well. Brgds, Sarkis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47246t=47193 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Permit Ping access thru PIX FW [7:47193]
HI all BCMS book says: permit ping access thru the PIX Firewall with the conduit permit icmp any any command, letting hosts on the inside ping outside hosts. Does this mean I can't ping the dmz interface?? and it only allows pings from inside Interface to the Outiside global hosts ?? for example: ping outside 4.22.122.xx (able to ping) But, ping dmz 199.16.1.3 (Not able to ping) Thanks Sarkis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47193t=47193 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX Static and Conduit [7:46002]
Thanks Gax, I Now have the hang of this static and Conduit commands. Appreciate yr time. Sarkis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46301t=46002 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Static over glaobal and nat [7:46223]
Can someone explain if B and C are the correct answer?? I thought static with conduit alolows traffic from High interface to low interface , Please correct me if otherwise. Practice test for: Cisco MCNS 2.0 Test #2 Incorrect. Your answer was: B D The correct answer(s): B C Which of the following statements is true?? A.) nat and global take precedence over statics command B.) Static and conduits must be configured to allow traffic to originate from an interface with a lower security value specified with the nameif command through the PIX firewall to an interface with a higher security value. C.) Statics take precedence over nat and global command pairs D.) Static and conduits must be configured to allow traffic to originate from an interface with a higher security value specified with the nameif command through the PIX firewall to an interface with a lower security value Statics take precedence over nat and global command pairs, which means that nat 1 0 0 only grants outbound access to hosts not specified in the static statement. Static and conduits must be configured to allow traffic to originate from an interface with a lower security value specified with the nameif command through the PIX firewall to an interface with a higher security value. For example, a static and conduit must be configured to allow incoming sessions from the outside interface to the DMZ interface, or from the outside interface to the inside interface. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46223t=46223 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Static over glaobal and nat [7:46223]
Tribavan, Thanks for the correct info. Ok, Why then static command starts with (high,low) then low addr then High addr ??? for example: static (inside,outside) 64.114.40.1 10.1.1.1 netmask 255.255.255.255 0 0 Thanks again. Sarkis Karagozian CCNA, CCNP. Preparing for Cisco MCNS exam. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46233t=46223 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX static precidence over global,nat [7:46213]
Can someone tell me the right Answer for this Qn? I thought traffic should originate from high interface to low interface as in the static command?? please explain? Practice test for: Cisco MCNS 2.0 Test #2 Incorrect. Your answer was: B D The correct answer(s): B C Which of the following statements is true A.) nat and global take precedence over statics command B.) Static and conduits must be configured to allow traffic to originate from an interface with a lower security value specified with the nameif command through the PIX firewall to an interface with a higher security value . ' C.) Statics take precedence over nat and global command pairs D.) Static and conduits must be configured to allow traffic to originate from an interface with a higher security value specified with the nameif command through the PIX firewall to an interface with a lower security value Boson Explanation: Statics take precedence over nat and global command pairs, which means that nat 1 0 0 only grants outbound access to hosts not specified in the static statement. Static and conduits must be configured to allow traffic to originate from an interface with a lower security value specified with the nameif command through the PIX firewall to an interface with a higher security value. For example, a static and conduit must be configured to allow incoming sessions from the outside interface to the DMZ interface, or from the outside interface to the inside interface. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46213t=46213 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Static and Conduit [7:46000]
HI Daniel. Apprecite your reply ,, I still have one last Qn? if I may.. If we assume dm2 is (high) and dmz1 is (Low) - as in the book, then static cmd IN THE BOOK is shown as: static (dmz2,dmz1) 172.16.1.10 10.1.1.1 netmask 255.255.255.255 conduit permit tcp host 10.1.1.1 10.1.1.0 255.255.255.0 (which I think shd be 172.16.1.10 10.1.1.0 ) --- What I dont understand is the conduit command here ?? is it worng ?? shouldn't 10.1.1.1 be already able to access the 10.1.1.0 netwk?? The book also states: The first IP address you specify in the static comd is the first address you specify in the conduit address. So the I think, correct static and conduit (shd be as I understand ): static (dmz2,dmz1) 172.16.1.10 10.1.1.1 netmask 255.255.255.255 conduit permit tcp host 172.16.1.10 10.1.1.0 255.255.255.0 (correct??) So let me know if last static conduit lines are correct?? ... Realy appreciate your help as I want to understand this once and for all. Brgds Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46130t=46000 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX Static and Conduit [7:46002]
I am preparing for MCNS - Manual Ver 2.1 Page 6-22and not clear about Static and Conduit commands with fixup protocol smtp 25. I Don't understand the static (inside,outside) global-ip local-ip ... when I compare it with the below stated static command: static (dmz2,dmz1) 172.16.1.10 10.1.1.1 netmask 255.255.255.255. Question? Is static command always from lower nameif(dmz2)to higher nameif (dmz1)? If so why is it always stated as: static (inside,outside)? and not (Outside,Inside) I am reading on page 6-22: That the Mail Guard feature removes the need for an external Mail Relay (Bastion Host) in the perimeter of DMZ network Once you create the Static and Conduit commands for an SMTP mail server, use the fixup protocol 25 command to enable the PIX Firewall's Mail Guard feature in PIX FW release 4.2 and later. Then says, The first IP address you specify in the static command is the 1st IP address you specify in the conduit command as in example : static (dmz2,dmz1) 172.16.1.10 10.1.1.1 netmask 255.255.255.255 conduit permit tcp host 10.1.1.1 10.1.1.0 255.255.255.0 fixup protocol smtp 25 Also says: The static command maps the adderess 10.1.1.1 on the dmz1 intf. so that users on the dmz1 intf. can access the 172.16.1.10 host on the dmz2 intf. The conduit command permits any users in the 10.11.1.0 network access the 10.1.1.1 address over any tcp port. Is this correct? or should it say: static (dmz1,dmz2) 172.16.1.10 10.1.1.1 netmask 255.255.255.255 Can someone explain the above??? thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46002t=46002 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX Static and Conduit [7:46000]
I am preparing for MCNS - Manual Ver 2.1 Page 6-22and not clear about Static and Conduit commands with fixup protocol smtp 25. I Don't understand the static (inside,outside) global-ip local-ip ... when I compare it with the below static command: static (dmz2,dmz1) 172.16.1.10 10.1.1.1 netmask 255.255.255.255. Question? Is static command always from lower nameif(dmz2)to higher nameif (dmz1)? If so why is is it always stated as: static (inside,outside)? and not (Outside,Inside) I am reading on page 6-22: That the Mail Guard feature removes the need for an external Mail Relay (Bastion Host) in the perimeter of DMZ network Once you create the Static and Conduit commands for an SMTP mail server, use the fixup protocol 25 command to enable the PIX Firewall's Mail Guard feature in PIX FW release 4.2 and later. Then says, The first IP address you specify in the static command is the 1st IP address you specify in the conduit command as in example : static (dmz2,dmz1) 172.16.1.10 10.1.1.1 netmask 255.255.255.255 conduit permit tcp host 10.1.1.1 10.1.1.0 255.255.255.0 fixup protocol smtp 25 Also says: The static command maps the adderess 10.1.1.1 on the dmz1 intf. so that users on the dmz1 intf. can access the 172.16.1.10 host on the dmz2 intf. The conduit command permits any users in the 10.11.1.0 network access the 10.1.1.1 address over any tcp port. Is this correct? or should it say: static (dmz1,dmz2) 172.16.1.10 10.1.1.1 netmask 255.255.255.255 Can someone explain the above??? thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46000t=46000 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Static and Conduit [7:46000]
Hi Daniel, Thanks for clarifying that Static is (High,low) low high the only thing is that, dmz2 is shown to be on the outside (1st tier netwk), dmz2 (2nd tier netwk) or private network, where 10.1.1.0 network is. If this is the case then, should it be written as: static (dmz1,dmaz2) 172.161.10 10.1.1.1 netmask 255.255.255.255 conduit permit tcp host 10.1.1.1 10.1.1.0 255.255.0 which now makes sense to me. Static (high nameif,low nameif) lowIP HighIP ... Thanks again for your excellent expalnation. Brgds. Sarkis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46027t=46000 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX - Why NO glaobal (outside) command [7:45676]
I have seen some PIX configs with NO global (outside) 1 . command but only see NAT (inside) 1 0 0 command . Does that mean all traffic is allowed to go out ??? Can someone expaln. Thanks Sarkis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45676t=45676 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX - Why NO glaobal (outside) command [7:45676]
Thanks Ole, I just noticed the nat 0 Here is how this old PIX is configured: nat (inside) 0 216.119.xx.0 255.255.255.0 0 0 static (inside,outside) 216.119.xx.0 216.119.xx.0 netmask 255.255.255.0 0 0 -- why same IP for both?? static (websvers,oustide) 216.119.xx.240 216.119.xx.240 netmask 255.255.255.240 0 0 --- also same IP for both ?? Can u explain. more... Thanks Sarkis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45681t=45676 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX - Why NO glaobal (outside) command [7:45676]
Thanks Ole, Yes I see some access-lists like: ! access-list JPS permit ip haost 216.119.x.6 host 166.90.1xx.50 access-list JPS permit ip 216.119.xx.0 255.255.255.0 166.90.1xx.48 ... !then some crypto map entries as follows: crypto map jps 1 ipsec-isakmp crypto map jps 1 match address jps crypto map jps 1 set peer crypto map jps 1 set transform-set strong crypto map jps inteface outside (hence acl named jps applied to outide interface e0) Ok Got it now. Thanks for good info. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45697t=45676 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX - Why NO glaobal (outside) command [7:45676]
OK Good to know, I will forget this Old PIX config and will look into more newer PIX 6.2 configs. Thanks for the advise. Sarkis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45709t=45676 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How to Recover PIX 520 Password [7:45402]
We have a PIX 520 with Software Version 5.1(1) with a 1.44M floppy drive. with 128M of DRAM and 4 ethernet Ports. Problem: I can Not recover the Enable password: Here is what happens: When I boot it up, It beep twice with long beeps, then another short beep. loads up to the normal prompt PIX520 but I am locked out and Don't know the Enable password !!! So I tried the CIsco Pasword Recovery and AAA Configuration Recovery for PIX Document: and I downloaded the np5.1 file (for this Rev.) and the rawrite.exe (which creates a Pasword Lockout Utility Disk) When I insert the Utility Disk into the PIX floppy (Step 4 in Cisco Doc.) and push the Reset button on on the front of the PIX ... it will reboot from the floppy and displays Booting Floppy .exec flop. but the cursor drops to the next line and hangs up there...(no more action but the Flopy LED stays lit ) and it nerver displays Erasing Flash Password. Please eject diskette and reboot - that it is puposed to do... So I remove the Diskette and reboot the PIX, But still shows me the old PIX520 prompt , and I am NOT able to get into the privilege Enable prompt#. Does anyone know how to over come this ? thanks Sarkis Karagozian [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45402t=45402 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Check My EIGRP Configuration [7:45065]
Hers is what I would do with a /30 subnet: RtrA s0 -192.168.0.1 (192.168.0.0/30-link)RrB s0 192.168.0.2 For Router A to B I would use /30 subnet instead of using all /24 Here is how: interface Serial0 ip address 192.168.0.1 255.255.255.250 (/30) (this way u hv 4 Addresses, but u can only use 2 valid IP addreses as: 192.168.0.1 for RtrA int S0. and IP addr 192.168.0.2 for other RtrB int S0) and Subnet Address or link btween RtrA and RtrB is 192.168.0.0 and 4th or last IP 192.168.0.4 is the Broadcast IP address for this 192.168.0.0/30 link.) so next IP available starts at 192.168.0.5 with whatever /XX use want to use. Do the same for RtrA int s1 as 192.168.0.6 255.255.255.250 (/30) and RtrB int S0 = 192.168.0.7 and Broadcast for this link is 192.168.0.7 This way u don't waste all the /24 subnet IP addreses and only use /30 or 4 Ip addreses which only 2 are valid for interfaces bteween Ra and Rb for each link. hope this is clear. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45091t=45065 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Check My EIGRP Configuration [7:45065]
Correctioin on Subnet Mask /30 = 255.255.255.252 (Not .250) so Here is correct Sbnet Mask Info: Hers is what I would do with a /30 subnet: RtrA s0 -192.168.0.1 (192.168.0.0/30-link)RrB s0 192.168.0.2 For Router A to B I would use /30 subnet instead of using all /24 Here is how: interface Serial0 ip address 192.168.0.1 255.255.255.252 (/30) (this way u hv 4 Addresses, but u can only use 2 valid IP addreses as: 192.168.0.1 for RtrA int S0. and IP addr 192.168.0.2 for other RtrB int S0) and Subnet Address or link btween RtrA and RtrB is 192.168.0.0 and 4th or last IP 192.168.0.4 is the Broadcast IP address for this 192.168.0.0/30 link.) so next IP available starts at 192.168.0.5 with whatever /XX use want to use. Do the same for RtrA int s1 as 192.168.0.6 255.255.255.250 (/30) and RtrB int S0 = 192.168.0.7 and Broadcast for this link is 192.168.0.7 This way u don't waste all the /24 subnet IP addreses and only use /30 or 4 Ip addreses which only 2 are valid for interfaces bteween Ra and Rb for each link. hope this is clear. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45097t=45065 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
