RE: Access-list & NAT [7:31152]
This should say it all. http://www.cisco.com/warp/customer/556/5.html -Eric -Original Message- From: Kwock99 [mailto:[EMAIL PROTECTED]] Sent: Monday, January 07, 2002 10:02 AM To: [EMAIL PROTECTED] Subject: Access-list & NAT [7:31152] Hi, If I have access-list and NAT in my router, anyone knows which one will apply first. Thanks. Francis Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31162&t=31152 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IDS Test [7:30806]
No. However, I took the test, and failed it with a 755, and they do ask a lot of GUI questions. Specifically, to do this function do you click on this than click on this or, click on this than click on that. Pretty brutal. I completed my CCNP almost a year ago and passed my MCNS exam about 3 months ago. I thought this was the worst test so far, IMHO of course. I took the class, ordered the Boson exam, which out of 204 questions I scored 96% on, and still failed the test. I know the only one to blame is my self. Some of the questions I just didn't know the answers. What do you do! At least I know what to study now! To make a short answer long. You do NOT have to memorize all the signatures. Just know IP is 1000, ICMP is 2000 etc Good luck! -Eric -Original Message- From: Jay Creasy [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 03, 2002 11:56 AM To: [EMAIL PROTECTED] Subject: IDS Test [7:30806] Does anyone have any info on the IDS test. Specifically, Do you have to memories the couple hundered pages of Signatures in the IDS book ? Thanks Jay Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30816&t=30806 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: question about VPN-IPSEC and NAT [7:30694]
IP protocol 50 and UDP port 500. If you are doing AH you also need ip protocol 51. -Eric -Original Message- From: Leonardo Borda [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 12:55 PM To: [EMAIL PROTECTED] Subject: question about VPN-IPSEC and NAT [7:30694] Hello, I have in my organization a cisco router 2600 running NAT and IPSEC56. I want to configure two access-lists. One for inbound access and another one for outbound access and apply it in the same serial line. Does anyone know what are the ports I have to permit to work that job successfull as much inbound as outbound? I had success in configuring internet access and it4s working fine but over IPSEC my users from the other side of VPN can not access my exchange server using VPN. but they can ping it... thanks. Leonardo Borda. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30696&t=30694 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NAT problems. [7:30679]
Could be DNS problem. Try going to http://198.133.219.25/ This is Cisco.com. Probably not a NAT/PAT issue. Regards, Eric -Original Message- From: Larry Brown [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 9:44 AM To: [EMAIL PROTECTED] Subject: NAT problems. [7:30679] I set up nat with basic statements ip nat inside (fast 0) ip nat outside (serial 0.1) ip nat inside soure list 1 interface serial0.1 overload access-list 1 permit 10.0.0.0 0.0.0.255 (This is the only access-list on the box) If I do a show ip nat translations I can see internal & external local and global mappings but only for icmp (when the user pings something) and udp - no tcp connections. So, NAT&PAT is working. The problem is Internet Explorer times out. Can I totally rule out NAT? Anyone had this type of problem? __ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30684&t=30679 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Fame Relay FECN BECN [7:29675]
When the frame has the DE bit set that is only telling the Frame-Relay switch that if we experience congestion in our network the frames that have the DE bit set are the frames that will be discarded first. If you are seeing no FECNs or BECNs that sounds to me like you are probably working with a frame-relay provider that doesn't over subscribe it's trunks as much as many other providers do. That sounds refreshing for a change! I would say you want to implement traffic shaping regardless of the amount of DE packets you are seeing. DE packets are a good thing. That's one of the nice things about frame-relay. Also keep in mind red frames. If the frame-relay network is configured for policing, any frames that are coming in faster than they are suppose to will be dropped at the switch. That is why it is so important to implement traffic shaping. Hope this helps! -Eric -Original Message- From: Hire, Ejay [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 19, 2001 3:22 PM To: [EMAIL PROTECTED] Subject: RE: Fame Relay FECN BECN [7:29675] Congratulations, you're working with a commercial frame-relay provider. When I was a sprint customer, they marked all of my traffic as DE, regardless of CIR. Very annoying. FECN'S, BECN'S, and DE are all features that your provider may or may not have configured (properly) in their network. They are required to pass data, not meet with accepted industry standards. -Original Message- From: DAGENHARDT Frank [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 19, 2001 2:43 PM To: [EMAIL PROTECTED] Subject: Fame Relay FECN BECN [7:29675] Group, I thought I had FECN and BECN down in regards to frame relay setup. Recently I have come across some router output that doesn't make sence to me. I don't understand why I have DE pkts when I don't have and FECN or BECN errors. Or for that matter how I can have so many DE pks and no of them were dropped. I was thinking of implementing traffic shaping, but I don't know if that will help if I am not receiving any BECN errors. On top of that I understand that when your CIR is reached packets get marked DE but at what point do they actually get dropped. Can someone try to make a little sence out of this for me? DLCI = 131, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/1.131 input pkts 29103083 output pkts 23370364 in bytes 3538537810 out bytes 941866396 dropped pkts 13 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 1154469 out DE pkts 0 out bcast pkts 1379364out bcast bytes 110300947 pvc create time 10w2d, last time pvc status changed 3w2d Thank you, Frank Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29703&t=29675 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: /31 subnet. [7:27742]
I thought I sent this out earlier. I may be mistaken. -Eric -Original Message- From: Lange, Eric Sent: Friday, November 30, 2001 9:27 AM To: [EMAIL PROTECTED] Subject: RE: /31 subnet. [7:27742] Sorry. Looks like 12.2(2)T. -Eric -Original Message- From: VoIP Guy [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 8:44 AM To: [EMAIL PROTECTED] Subject: Re: /31 subnet. [7:27742] It doesn't work in Cisco routers. ""Carroll Kong"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Law of subnets is a tradeoff. Bigger subnets, have higher > efficiency, at the cost of bigger broadcast domains. Smaller subnets have > abysmal efficiency, at the benefit of smaller broadcast domains. > /31 is a new RFC proposed rule which eliminates the loss of > effiency of 50% to.. 0%. > /30 has 2 usable addresses but loses 2 for broadcast and > network. So, you need 4 ips to make the subnet, but you only can use > 2. 50% efficiency. /31 is going to let you take 2, and use 2, and ignore > the broadcast and network need. This is ideal for point to point. > > At 08:32 AM 11/30/01 -0500, VoIP Guy wrote: > >Maybe I'm missing something, but there are only 2 useable addresses in a > >/30, and only 2 interfaces participating in a point-to-point link, so how > >are there 50% of the addresses wasted. > > > >Steve > > > > > >""MADMAN"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Point to point connections, with a /30 you waste 50% of the > > > avaivalable addresses. > > > > > > Dave > > > > > > Nicolas FEVRIER wrote: > > > > > > > > Hi group, > > > > > > > > I'm puzzled by the use of /31 subnets... > > > > Anybody can explain me the benefits of such a subnet on an interface ? > > > > > > > > Thanxx. > > > > > > > > Nicolas. > > > -- > > > David Madland > > > Sr. Network Engineer > > > CCIE# 2016 > > > Qwest Communications Int. Inc. > > > [EMAIL PROTECTED] > > > 612-664-3367 > > > > > > "Emotion should reflect reason not guide it" > -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27869&t=27742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: /31 subnet. [7:27742]
Sorry. Looks like 12.2(2)T. http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122 t/122t2/ft31addr.htm#xtocid104191 -Eric -Original Message- From: VoIP Guy [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 8:44 AM To: [EMAIL PROTECTED] Subject: Re: /31 subnet. [7:27742] It doesn't work in Cisco routers. ""Carroll Kong"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Law of subnets is a tradeoff. Bigger subnets, have higher > efficiency, at the cost of bigger broadcast domains. Smaller subnets have > abysmal efficiency, at the benefit of smaller broadcast domains. > /31 is a new RFC proposed rule which eliminates the loss of > effiency of 50% to.. 0%. > /30 has 2 usable addresses but loses 2 for broadcast and > network. So, you need 4 ips to make the subnet, but you only can use > 2. 50% efficiency. /31 is going to let you take 2, and use 2, and ignore > the broadcast and network need. This is ideal for point to point. > > At 08:32 AM 11/30/01 -0500, VoIP Guy wrote: > >Maybe I'm missing something, but there are only 2 useable addresses in a > >/30, and only 2 interfaces participating in a point-to-point link, so how > >are there 50% of the addresses wasted. > > > >Steve > > > > > >""MADMAN"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Point to point connections, with a /30 you waste 50% of the > > > avaivalable addresses. > > > > > > Dave > > > > > > Nicolas FEVRIER wrote: > > > > > > > > Hi group, > > > > > > > > I'm puzzled by the use of /31 subnets... > > > > Anybody can explain me the benefits of such a subnet on an interface ? > > > > > > > > Thanxx. > > > > > > > > Nicolas. > > > -- > > > David Madland > > > Sr. Network Engineer > > > CCIE# 2016 > > > Qwest Communications Int. Inc. > > > [EMAIL PROTECTED] > > > 612-664-3367 > > > > > > "Emotion should reflect reason not guide it" > -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27820&t=27742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: /31 subnet (now with info link) [7:27802]
It's wasn't supported until 12.2(4)T. Check it out. This is from a 1750 running 12.2(4)T: > interface Loopback9 > ip address 111.11.1.1 255.255.255.254 It works! -Eric -Original Message- From: VoIP Guy [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 8:34 AM To: [EMAIL PROTECTED] Subject: Re: /31 subnet (now with info link) [7:27802] Just tried it and the router dosen't even allow an interface to use a /31 mask, even with ip subnet-zero enabled. ""VoIP Guy"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I read the RFC, so I guess it can be used. My bad. > > AM I correct in saying that one interface will be assigned the all zero > subnet as it's IP and the other will be assigned the broadcast IP address > for that subnet? > > Steve > > > > ""VoIP Guy"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I know that, but the network and broadcast addresses are unusable. Thus > the > > two good addresses for hosts. > > ""Craig Columbus"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > With a /30 you use 4 IP addresses (network, 2 node, 1 broadcast). You > > save > > > addresses with a /31. > > > Here's a link with more info: > > > > > > http://www.ietf.org/rfc/rfc3021.txt?number=3021 > > > > > > Thanks, > > > Craig > > > > > > At 08:32 AM 11/30/2001 -0500, you wrote: > > > >Maybe I'm missing something, but there are only 2 useable addresses in > a > > > >/30, and only 2 interfaces participating in a point-to-point link, so > how > > > >are there 50% of the addresses wasted. > > > > > > > >Steve > > > > > > > > > > > >""MADMAN"" wrote in message > > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > Point to point connections, with a /30 you waste 50% of the > > > > > avaivalable addresses. > > > > > > > > > > Dave > > > > > > > > > > Nicolas FEVRIER wrote: > > > > > > > > > > > > Hi group, > > > > > > > > > > > > I'm puzzled by the use of /31 subnets... > > > > > > Anybody can explain me the benefits of such a subnet on an > interface > > ? > > > > > > > > > > > > Thanxx. > > > > > > > > > > > > Nicolas. > > > > > -- > > > > > David Madland > > > > > Sr. Network Engineer > > > > > CCIE# 2016 > > > > > Qwest Communications Int. Inc. > > > > > [EMAIL PROTECTED] > > > > > 612-664-3367 > > > > > > > > > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27818&t=27802 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: /31 subnet. [7:27742]
I think this can sum it up. http://www.faqs.org/rfcs/rfc3021.html -Eric -Original Message- From: VoIP Guy [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 7:33 AM To: [EMAIL PROTECTED] Subject: Re: /31 subnet. [7:27742] Maybe I'm missing something, but there are only 2 useable addresses in a /30, and only 2 interfaces participating in a point-to-point link, so how are there 50% of the addresses wasted. Steve ""MADMAN"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Point to point connections, with a /30 you waste 50% of the > avaivalable addresses. > > Dave > > Nicolas FEVRIER wrote: > > > > Hi group, > > > > I'm puzzled by the use of /31 subnets... > > Anybody can explain me the benefits of such a subnet on an interface ? > > > > Thanxx. > > > > Nicolas. > -- > David Madland > Sr. Network Engineer > CCIE# 2016 > Qwest Communications Int. Inc. > [EMAIL PROTECTED] > 612-664-3367 > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27809&t=27742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: multiple DHCP scopes in a vlan with primary an [7:27264]
The ip helper-address command is your buddy. The router can convert a UDP broadcast packet into a unicast and route the packet to the appropriate network that the DHCP server resides on. -Eric -Original Message- From: Logan, Harold [mailto:[EMAIL PROTECTED]] Sent: Monday, November 26, 2001 11:41 AM To: [EMAIL PROTECTED] Subject: RE: multiple DHCP scopes in a vlan with primary an [7:27264] For those of you that have implemented VLANs with DHCP, do you use one DHCP server per VLAN, or is there a way to bind a specific DHCP scope to each VLAN? Thanks, Hal > -Original Message- > From: Syed Raza [mailto:[EMAIL PROTECTED]] > Sent: Monday, November 26, 2001 11:59 AM > To: [EMAIL PROTECTED] > Subject: Re: multiple DHCP scopes in a vlan with primary an [7:27264] > > > It is not recommended to have multiple subnet in one VLAN. > Basically you are > killing the whole concept of isolating the broadcast domain. > But you can not > argue that it does'nt work. Your DHCP server can assign any > ip from its > scopes. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27354&t=27264 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FTP Server [7:24525]
e7phem7er7al (i-fem'?r-?l) adj. Lasting for a markedly brief time: "There remain some truths too ephemeral to be captured in the cold pages of a court transcript" (Irving R. Kaufman). Living or lasting only for a day, as certain plants or insects do. n. A markedly short-lived thing. I needed to look it up : ) -Eric -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 30, 2001 2:43 PM To: [EMAIL PROTECTED] Subject: Re: FTP Server [7:24525] If it's not passive mode, the data channel is initiated by the server from port 20 (FTP data) to the ephemeral port provided by the client in its PORT command. Ephemeral just means a short-lived port with a number greater than 1023. If it is passive mode, then the data channel is initiated by the client from an ephemeral port to an ephemeral port provided by the server in its PASV command. In other words, access lists with FTP are tricky. Priscilla At 03:14 PM 10/30/01, Jonathan Hays wrote: >Michael Williams wrote: > > > That would work, although you don't need the "deny ip any any" as there is > > always an implied "deny all" at the end of the access list. > > > > However, to protect yourself from unwanted traffic/attacks, you can changed > > your access list to only allow traffic incoming on port 21 (eq ftp): > > > > access-list 110 permit tcp any host 192.3.10.10 eq ftp > > > >Don't we also want a ACL line for the ftp data channel? > >access-list 110 permit tcp any host 192.3.10.10 eq ftp-data > >And if the server is using passive ftp > >access-list 110 permit tcp any host 192.3.10.10 gt 1023 established Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24698&t=24525 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX subnet access-lists [7:23797]
I don't think you want to use the 'host' command when specifying a subnet. Try this: access-list acl_out permit tcp 212.113.2.0 255.255.255.0 host 124.49.114.6 eq ftp -Eric -Original Message- From: John Zei [mailto:[EMAIL PROTECTED]] Sent: Monday, October 22, 2001 12:32 PM To: [EMAIL PROTECTED] Subject: PIX subnet access-lists [7:23797] Does anyone know the access-list command that would allow an entire subnet into an ftp site. Here are some examples of what I've tried: access-list acl_out permit tcp host 212.113.2.0 255.255.255.0 host 124.49.114.6 eq ftp access-list acl_out permit tcp host 212.113.2.0 255.255.255.0 host 124.49.114.6 255.255.255.255 eq ftp Neither of these worked. Thanks, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23800&t=23797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Traffic Shaping [7:21991]
John, Most of the traffic shaping I have done is with data only. T1 to 56k for example. The rules may be very different (and I'm sure they are) while doing VoIP. Traffic shaping a T1 to a 56K is pretty strait foreword. I try and follow the 1/8th rule when configuring my bc value. I also always configure my CIR to available bandwidth (not true CIR) and mincir to what is the "true CIR". map-class frame-relay 56k no frame-relay adaptive-shaping frame-relay cir 56000 frame-relay bc 8000 frame-relay be 0 frame-relay mincir 28000 This rule seems to work great until you traffic shape a T1 pvc. The Cisco algorithm seems to break while applying the 1/8th rule to bc. I have been advised, please correct me if I am wrong, that the bc value should never exceed 8. If you are shaping T1 PVC (T1 to T1) your map class should look like the following. map-class frame-relay T1 no frame-relay adaptive-shaping frame-relay cir 1536000 frame-relay bc 8 frame-relay be 0 frame-relay mincir 768000 To verify this after applying these map class changes do a 'sh traffic' and verify the math. Take your interval value (given in ms) and invert it (1 / interval time in ms). This will give you the amount of intervals per second. Multiply this number by Sustain bits/interval. This should be close to the Cisco CIR value plus or minus a little bit. Here is an example: c3640A#sh traffic Interface Se1/0.101 Access TargetByte Sustain ExcessInterval Increment Adapt VC List Rate Limit bits/int bits/int (ms) (bytes) Active 101 56000 8757000 0 125 875 - 1/.125 * 7000 = 56000 (Your target rate) This is what has worked for me in the past. You may want to do adaptive shaping, but probably not with voice. Hope this helps. If someone can add additional insight to FRTS with VoIP please help. Thanks, -Eric -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 04, 2001 12:05 PM To: [EMAIL PROTECTED] Subject: RE: Traffic Shaping [7:21991] Here is a portion of one of the configs. For some reason, whenever I turn on FRTS my telnet sessions get *really* jumpy. Sometimes it almost seems the router locks up but I think it's just my telnet session. If I turn off FRTS on the main interface that jumpiness goes away. In this particular case I haven't applied the VoIP class to all PVCs and I'm wondering if that might cause a problem. We have two other locations that we're testing VoIP with and they have a direct PVC between them. VoIP calls between them sounds fine. When we shutdown that PVC and then route the traffic through the location whose config I'm including, the call quality is beyond horrid. Demons gargling acid in Hell probably sound better than this. :-) Any thoughts? Thanks, John class-map match-any voicecalls match ip precedence 4 class-map match-all VoIP-Control match access-group name VoIP-Control ! ! policy-map voice class voicecalls priority 192 class VoIP-Control bandwidth 8 class class-default fair-queue interface Serial0/0 encapsulation frame-relay no ip mroute-cache no fair-queue frame-relay traffic-shaping ! interface Serial0/0.16 point-to-point ip address 10.12.11.75 255.255.255.0 no ip mroute-cache frame-relay interface-dlci 16 ! interface Serial0/0.18 point-to-point ip address 10.12.24.70 255.255.255.0 frame-relay interface-dlci 18 class VoIP ! interface Serial0/0.23 point-to-point ip address 10.12.26.70 255.255.255.0 no ip mroute-cache frame-relay interface-dlci 23 class VoIP ! map-class frame-relay VoIP no frame-relay adaptive-shaping frame-relay cir 256000 frame-relay bc 2560 frame-relay be 0 frame-relay mincir 256000 service-policy output voice >>> "[EMAIL PROTECTED]" 10/4/01 10:25:25 AM >>> Can you send the config? I have been spending allot of time doing traffic shaping and may be able to lend some insight if I see the config. -Eric -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 04, 2001 10:07 AM To: [EMAIL PROTECTED] Subject: Re: Traffic Shaping [7:21991] I've had odd results implementing FRTS, as well. I've been told by a Cisco engineer that it helps to reload the router after applying or changing FRTS commands. I don't know if it's necessary but he said it makes things work a little better. I haven't noticed a difference but perhaps it's worth a try. John >>> "Thomas N." 10/3/01 10:11:15 PM >>> Hi All, I implemeted the Traffic Shaping using map-class and assigned to subinterfaces. The PVCs sharing that physical interfaces however increase in reply time and eventually timeout. What did I do wrong? When I tried General Traffic Shaping, it worked with "traffic-shape rate" and "traffic-shape adaptive" commands. The reason I would like to implement Traffic Shaping with map-class because I would like to apply "Frame-Relay f
