RE: eigrp and sec address [7:12087]
I may be misunderstanding your topology...it would help if you posted config excerpts. As far as my experience has been, secondary addresses are configured in eigrp in the same way as primary addresses. Just make sure you've included the "router eigrp [network#]" and "network xx.xx.xx.xx" commands on the relevant router. Both routers need to be using eigrp and having the same autonomous system number in order to see each others updates (unless you are redistributing routes, but I won't get into that). Post your config and the group will be better able to see what's up, ok? -Mark A. Morenz, MS Ed, CCNA, CCAI Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12113&t=12087 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN QUERY [7:12068]
One additional thought...you'll want to test this, but I believe you will need to put the static route on Router A, not Router D. If you just put one on router D, you will just be defining Router A as the next hop (which it is anyway) and then Router A would just forward it to Router C as per it's own routing tables because it's receiving updates from Router C as well as all of the others... (also, keep in mind that the new Static route on A will send *everything* for that target to Router B, regardless of where it comes from.) This can all be ironed out in the testing of course. Mark A. Morenz, MS ED, CCNA, CCAI Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12118&t=12068 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: One interface-two IPs-& NAT? [7:15460]
What you're suggesting can be done (although it seems like you should
research nat a little more fully to understand tactically what nat is...you
don't actually put two IP addresses on an interface when you do nat
translations).
But as I read your question, I think it's important to realize that the
ISP's router will always be your gateway to the internet whether you put
your own router onto your ethernet network or not. That means that the nat
translation *must* take place on the ISP router (specifically their router's
ethernet interface. So, based on what I'm reading, you will need to
coordinate this with them regardless.
HTH
:-{)]
-Mark A Morenz, MS Ed, CCNA, CCAI
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=15548&t=15460
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How to use a BB [7:15553]
Unless I'm missing something technically about how this BB is set up, may I
make a general request for the good of the group?
Whenever anyone replies to an email, could they please ACUALLY REPLY to it
by clicking on the "reply" link? It kind of defeats the purpose of having
threads if you never use them as such. Makes it harder to read.
Hoping this suggestion makes everyone's groupstudy.com experience a better
one, I am,
:-{)]
-Mark A. Morenz, MS Ed, CCNA, CCAI
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=15553&t=15553
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: One interface-two IPs-& NAT? [7:15460]
I'll try again. I'm not saying you're wrong about the scenario as you
describe it, only that you are making many assumptions here that I'm not yet
willing to read into things. MY REPLIES ARE BELOW:
Respectfully, your incorrect. He has a legal class C, 128.5.1.X, which the
OP stated in his original email.
He stated no such thing. He just used that number as a "for instance" in
his example. If he has all or any significant part of an entire class C, I
would be very surprised based on the relatively small scope of his question
and the equipment we're talking about. If we want to make assumptions based
on his original post, probably those 128-address or "real" addresses are a
/30 on the wan side of the isp router as well as a slightly larger subnet
for his LAN machines, But we *don't know*.
His problem is that he is using 10 net addressing internally and for
whatever reason doesn't want to deal with the ISP changing their router.
He can't be using ten-dot addressing currently because that would mean
that the isp's router is already doing some kind of translation (what I
believe is easy to miss here is that most of the time, the isp router is on
premises and is THE router for the customer LAN)
If one were to implement a NAT pool composed of addresses on the 128.5.1.x
subnet, or just use the routers' own IP address with PAT/NAT overload, this
could be done easily. The ISP router will simply arp for the 128.5.1.x
addresses and send the packets to the customer controlled router. The
customer controlled router performs the de-NAT operation and all is well.
There's no reason to require any changes to the ISP router assuming it is
currently working and connected to the 128.5.1.x subnet. This is a very
common scenario, the ISP router doesn't need to know about the internal
subnets.
That's certainly the common scenario when the customer uses their own
router exclusively on premises. I really don't believe that's the case here.
I think we're talking about a couple of 160Xs trying to co-exist on an
ehternet, one doing the nat for the other. And I'm *pretty sure* that
doesn't work.
The only special requirement about the OP scenario is that he has a router
with only a single ethernet interface. Given that, his request was simplyhow
to implement NAT with only a single physical interface. ..The router
lets you configure a sub-interface, but not apply an IP address and NAT, it
complains about not having ISL or 802.1q configured. (IOS version 12.0.9)
Yup. I appreciate the explanation.
So the bottom line is that it doesn't appear he will be able to implement
his scenario with the 1601, but only because the 1600 series doesn't support
802.1q. In order to have his scenario work he'll need some additional
hardware. My suggestion would be to get a cheap x86 box and implement Linux.
Total cost about $150.
No argument from me, although the isp has no reason not to implement PAT
on their router. It's almost certainly their own allocated IP addresses that
they'd be saving.
Thanks again for the discussion. It's nice to know that with different
routers the scenario could work
:-{)]
Mark A. Morenz, MS Ed, CCNA, CCAI
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=15816&t=15460
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP question (2) [7:15796]
I'm not sure I understand the question entirely. When you say A can't ping
D's loopback, have you tried an extended ping?
:-{)]
-Mark A. Morenz, MS Ed, CCNA, CCAI
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=15817&t=15796
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Stopping console messages [7:15789]
"no logging console"
:-{)]
Mark A. Morenz, MS ED, CCNA, CCAI
p.s. you can also control what level of debug messages you receive, but to
just get rid of them, use the above command.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=15818&t=15789
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic: Routing Protocols and OSI layers [7:15755]
It was posted: "System management protocols such as SNMP definitely are application layer. Routing protocols are layer management protocols of the same layer as the addresses for which they are computing routes. OSPF, ISIS, etc., are layer 3 management protocols. 802.1d is a layer 2 management protocol. This is absolutely unambiguous if one reads the correct ISO documents." And I would add: Or, if you read Cisco's own Networking Academy Program curriculum, which says the same thing. :-[)] Mark A. Morenz, MS Ed, CCNA, CCAI Regional CCNA Director, CNAP Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=15845&t=15755 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP [7:16438]
Hey there, Tom:
You don't need to do this with BGP (since you're not multi-homed). You can
just use static routes and set the metrics so that when one fails, the other
picks it up.
:-{)]
Mark A. Morenz, MS Ed, CCNA, CCAI
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=16449&t=16438
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: help on acl setup [7:31336]
access-list # deny [any ip ending with the last bit as a "1"] and a wildcard
mask of 255.255.255.254 should work.
It's like cat-juggling...I've heard of this sort of thing taking place, but
I've never seen it actually happen :) So, I'll defer to anyone out there who
has done it.
:-{)]
Mark A. Morenz, MS Ed, CCNA, CCAI
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=31405&t=31336
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: how to configure Hub and Spoke enviornmentwith [7:18504]
Make the serial interfaces on the all of the routers "no ip address" and
"encap frame". Then create sub-ints (remember to make them "point-to-point")
>From there it's just a matter of matching ip addresses and DLCIs from
spoke's sub-ints to hub's ints.
Since your mentioning dce and dte back-to-back, does that mean that you're
using a router as a frame switch simulator (like the Cisco Networking
Academy Labs do)? If so, that's the device that you set the clockrates on, k?
HTH
:-{)]
Mark A. Morenz, MS ED, CCNA, CCAI
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=18539&t=18504
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Help with 2509 router----consoling in [7:20153]
You're talking about establishing what is called a "reverse telnet" session.
You can find info about reverse telnetting at the following cco locations
(watch the wrap):
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/dial_c/dcrtelnt.htm
or
http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/dial_c/dcprt6/dcrtelnt.htm
HTH
:-{)]
Mark A. Morenz, MS ED, CCNA, CCAI
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=20217&t=20153
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: which layer do the ospf bgp rip work on [7:20953]
Thank you for the clarification, Mr. Berkowitz.
Although I hope you won't be upset if I mention that you're not really
presenting a counter-point to the curriculum.
I continue to maintain that the CNAP curriculum (despite it's many problems)
is quite good when it comes to the model. It very clearly states that ospf,
bgp, rip, et. al. are all to be considered network layer protocols. It
doesn't make the distinction between "layer management" or not, but the
result is the same. As I've argued in previous discussions, a model is only
as good as the understanding that in facilitates.
I'm as quick to bash the currciculum as anyone (no VLSM until Sem 5?- Give
me a break!), but we should give credit where due, I think.
:-{)]
p.s. As always, Priscilla's answer was best. I've found that's a good rule
of thumb to follow...
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=21023&t=20953
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Config [7:20759]
Can router B ping the PC? From what you've said, (that there isn't a route
there) I doubt it. Until B can ping it, A won't be able to...
HTH
:-{)]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=21025&t=20759
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: which layer do the ospf bgp rip work on [7:20953]
Ah, I apologize. When you said:
"Again people -- PLEASE do not assume the simple 7 layer model that
Cisco tends to present was the end of all protocol stack development.
It wasn't."
I thought you were referring to the CNAP (cisco networking academy program)
curriculum. If you ever get a chance to look at that, it does a pretty
decent job of keeping the model front and center and relevant.
Take Care!
:-{)]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=21065&t=20953
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: which layer BGP,RIP ,OSPF work on [7:21226]
The OSI model is relatively important (why else would questions about it
routinely become the longest threads?).
My whole argument for them is this: Models are just learning tools. When
people learn biology, they don't *start* by learning "how things work", they
*start* by learning the major systems (skeletal, neuro-muscular, etc.).
That's all the model-- ANY model-- should be about.
I agree that the arguments tend to get esoteric. But some spirited debate
never hurts.
:-{)]
Mark A. Morenz, MS Ed, CCNA, CCAI
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=21236&t=21226
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Layering theory (was Re: which layer BGP,RIP , [7:21378]
What I am clearly saying is that when US politicians go to their doctors and
demand antibiotics, that they must be willing to "change the slide"!
:-{)]
p.s. get a grip.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=21575&t=21378
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
test [7:23675]
My most recent post (an anwer to ITGuy's acl query) didn't appear. this is a
test.
:-{)]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=23675&t=23675
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Doyle Chap:14 Config Q.1 [7:23648]
Trying this post again...
Basically, the wildcard mask's 1 bits are the bits that will be ignored in
the ip address.
172.16.1.0 0.0.0.127
and
172.16.1.128 0.0.0.127
both refer to all addresses that share the same bit-structure for the first
25 bits...in the first case the 25th bit is a 1, in the second the 25th bit
is a zero. Between the two acl's that use these two ip/mask combinations,
you would be screening out the entire 172.16.1/24 anyway, so I would
recommend that you use an acl with: "172.16.1.0 0.0.0.255".
HTH
:-{)]
Mark A. Morenz, MS Ed, CCNA, CCAI
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=23676&t=23648
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Doyle Chap:14 Config Q.1 [7:23648]
Hey there GUY:
172.16.1.0 with a wildcard mask of 0.0.0.127
means the same as 172.16.1.0/25. In other words, only various combinations
of the last seven bits may have been manipulated to form the host addresses
that belong to the subnetwork that this acl will affect. This makes the
range 172.16.1.0 to 172.16.1.127 (not 128, as you wrote)
Similarly, 172.16.1.128 0.0.0.127 will affect the range from 172.16.1.128 to
172.16.1.255.
What you've written:
"172.16.1.0/28 to 172.16.1.128/28" isn't really a range, but rather two
different subnets available with /28 masks. There are sixteen:
172.16.1.0/28
172.16.1.16/28
172.16.1.32/28
...etc until you get to 172.16.1.240/28
The 'first' eight of these (.o/28 through .112/28) all share the same bit
structure through the first 25 bits, so that is why the first
example acl you cited (172.16.1.0 with a wildcard mask of 0.0.0.127) would
work for that.
Similarly, the 172.16.1.128 0.0.0.127 will block out the rest because the
bit structure for all of those is the same for the first 25 bits. Remember ,
the wildcard mask just tells the router to ignore anything that's masked out
with a "1" bit in the mask.
HTH
:-{)]
Mark A. Morenz, MS Ed, CCNA, CCAI
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=23674&t=23648
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
