RE: Frame Relay Back To Back Static PVC [7:72869]
Thanks Alex but when your routers are going back to back LMIs are turned off with the no keepalive command. I believe because a Frame switch is not involved in creating the PVC. In any case I updated the IOS image to 12.3.1a on both routers and the connection comes back up without any issues even after being unplugged and reconnected. Degracia, Alex wrote: Make sure lmi is being exchanged. Turn on keepalives for the pvc. -Original Message- From: Maximus [mailto:[EMAIL PROTECTED] Sent: Thursday, July 24, 2003 11:13 AM To: [EMAIL PROTECTED] Subject: Frame Relay Back To Back Static PVC [7:72869] Per these instructions, I am able to bring my frame connection online: http://www.cisco.com/warp/public/125/frbacktoback.html However when I intentionally break the connection (Pull the Cable)the PVC doesn't automatically come back up. Is it because its static to begin with? I know I'm probably missing something very obvious but could you explain why the interface does not come back online after being reconnected? So far, the only way I can get the connection back online is by using a hard/software configured loopback and removing it at which point I'm up, up. Thanks. BTW Using IOS versions 12.1(20) and 11.2(26)P4. Configs are identical to the instructions. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73505t=72869 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Cisco menu logins [7:72931]
SOCOM BROTHER!!!
{-)
- Original Message -
From: Tom Martin
To:
Sent: Thursday, July 24, 2003 11:48 AM
Subject: Re: Cisco menu logins [7:72931]
But I should keep the All your base are belong to us line in there??? :)
It's a lab router!
- Tom
Reimer, Fred wrote:
If you use this in production you probably don't want to put Welcome in
there. Plenty of note in Cisco course material on why not...
Fred Reimer - CCNA
Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050
NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named
recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy,
print
or rely on this email, and should immediately delete it from your
computer.
-Original Message-
From: Tom Martin [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 24, 2003 9:47 AM
To: [EMAIL PROTECTED]
Subject: Cisco menu logins [7:72931]
A couple of days ago I came across a new (to me anyway) Cisco feature,
menus. So naturally I configured a router with menus to see how it
works... Everything seems to work fine, except the login option.
When Telneting to this router, I use the username and password as
specified within the configuration file (attached in its entirety at the
end of this post). Note: The login authentication default command
isn't under the line configuration because it's default. After logging
in the menu immediately appears as expected.
All of the menu options work, but when I choose option 3 (which requires
a second authentication), the command never runs! Here is an example
where I re-authenticate properly:
... text omitted ...
9 Sign off
Enter your selection, HUMAN: 3
Login required
User Access Verification
Username: fry
Password:
--More--
Welcome to my Cisco router
All your base are belong to us.
... text omitted ...
Here is the output when I do not authenticate properly
... text omitted ...
9 Sign off
Enter your selection, HUMAN: 3
Login required
User Access Verification
Username: alsdkfj;alsdkfj
Password:
% Authentication failed.
--More--
Welcome to my Cisco router
All your base are belong to us.
... text omitted ...
Has anyone ever successfully configured menus with a secondary
authentication? Any ideas???
- Tom
Full router configuration
-
Current configuration : 1593 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Rtr-3
!
logging queue-limit 100
enable secret 5 $1$F30N$HeewMLSkB0BkSZWKFr9BP1
!
username fry password 0 guy
aaa new-model
!
!
aaa authentication login default local
aaa session-id common
ip subnet-zero
!
!
no ip domain lookup
!
mpls ldp logging neighbor-changes
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
!
!
interface Loopback0
ip address 1.0.0.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
ip address dhcp
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
!
ip http server
ip classless
!
!
!
!
menu TEST title ^C
Welcome to my Cisco router
All your base are belong to us.
^C
menu TEST prompt ^C Enter your selection, HUMAN: ^C
menu TEST text 1 Show IP routing stuff
menu TEST command 1 show ip route
menu TEST text 2 Show IP protocol info
menu TEST command 2 show ip protocol
menu TEST text 3 Show the time
menu TEST command 3 show clock
menu TEST options 3 login
menu TEST command bye menu-exit
menu TEST text 9 Sign off
menu TEST command 9 exit
menu TEST line-mode
!
!
radius-server authorization permit missing Service-Type
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
autocommand menu TEST
!
!
end
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72963t=72931
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Vty access class [7:72990]
I believe the standard ACL should be enough since your already specifying transport input ssh on line vty 0 4. Just my $0.02 Jablonski, Michael wrote: I'm having a bit of trouble with extended access-lists for vty access. Basically I'd like to setup an extended access list that only allows ssh access from certain IPs, but after creating the list and applying it to the VTY I lose access. But if I use a standard acl only allowing certain IPs it works fine... ip access-list extended local_shell permit tcp host 192.168.1.2 host 192.168.1.1 eq 22 vty 0 4 access-class local_shell in transport input ssh Is the standard enough is the above over-kill? Thanx, mkj Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72991t=72990 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Frame Relay Back To Back Static PVC [7:72869]
Per these instructions, I am able to bring my frame connection online: http://www.cisco.com/warp/public/125/frbacktoback.html However when I intentionally break the connection (Pull the Cable) the PVC doesn't automatically come back up. Is it because its static to begin with? I know I'm probably missing something very obvious but could you explain why the interface does not come back online after being reconnected? So far, the only way I can get the connection back online is by using a hard/software configured loopback and removing it at which point I'm up, up. Thanks. BTW Using IOS versions 12.1(20) and 11.2(26)P4. Configs are identical to the instructions. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72869t=72869 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 640-861 CCDA [7:72217]
Sure Friend! Author: Priscilla Oppenheimer (---.ashlandfiber.net) Date: 07-16-03 17:38 The new CCDA course is very different. I haven't taken the test but I bet it's very different also. Here is a synopsis of the syllabus for the new course: The first module is on design methodologies. It teaches top-down network design. The recommended reading is Top-Down Network Design. :-) Seriously, that's what the course suggests. The second module is on structuring and modularizing the network. Although it teaches the classic 3-layer hierarchical model (core, distribution, and access), it also focuses on Cisco's new SAFE architecture. See here for a SAFE study guide: http://www.cisco.com/warp/public/779/largeent/issues/security/safe.html The third module is on campus design. If you've taken any of Cisco's other tests, you should be OK, with this. It covers STP, VLANs, VTP, ISL, 802.1Q. The fourth module is on WANs. Same stuff you've heard before probably. The fifth module is IP addressing. Only new thing is a new focus on IPv6. The sixth module is on routing protocols. Top-Down Network Design would meet your needs there with a couple exceptions. The new course covers IS-IS and On Demand Routing (ODR). (Does anyone really use ODR, I wonder??) The seventh module is on security. SAFE should help there. The eight module is on Voice Transport in gory details. Get some voice books or read up on voice stuff and Cisco's AVVID here: http://www.cisco.com/en/US/netsol/netwarch/ns19/net_solution_home.html http://www.cisco.com/univercd/cc/td/doc/product/access/sc/rel9/soln/voip20/impl/scigdesn.htm http://www.cisco.com/warp/public/788/pkt-voice-general/7.html The ninth module is on network management. Andy Barkl wrote an article about the new CCDA for TCP Magazine. See here: http://tcpmag.com/Exams/article.asp?EditorialsID=71 Good luck! Priscilla Cisco Nuts wrote: Hello, Sorry, I myself did not catch it earlier. And I don't have a login name and password. Can you post Priscilla's thoughts on this new exam. Thank you. Sincerely, From: Maximus Reply-To: Maximus To: [EMAIL PROTECTED] Subject: RE: 640-861 CCDA [7:72217] Date: Sun, 20 Jul 2003 01:42:41 GMT Did you catch the following comments compliments of Priscilla: ~watch the wrap~ http://www.groupstudy.com/form/read.php?f=7i=72415t=72380 PacketEXPERTS wrote: I am looking to test next month (CCDA 640-861). I am looking for any and all books, tips and info to help test next month. Thanks = = = = = = = = = = = = = = = = = = Please send replys to: [EMAIL PROTECTED] = = = = = = = = = = = = = = = = = = - Do you Yahoo!? SBC Yahoo! DSL - misconduct and Nondisclosure violations to [EMAIL PROTECTED] MSN 8 with e-mail virus protection service: 2 months FREE* Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72669t=72217 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 640-861 CCDA [7:72217]
Did you catch the following comments compliments of Priscilla: ~watch the wrap~ http://www.groupstudy.com/form/read.php?f=7i=72415t=72380 PacketEXPERTS wrote: I am looking to test next month (CCDA 640-861). I am looking for any and all books, tips and info to help test next month. Thanks = = = = = = = = = = = = = = = = = = Please send replys to: [EMAIL PROTECTED] = = = = = = = = = = = = = = = = = = - Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72642t=72217 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Windows VPN through Cisco 2611 HELP!!! [7:69788]
Maximus wrote: oops i meant gre. replace esp with gre; should read: access-list 124 permit gre host (insert external vpn nic IP address) host 216.100.100.130 try: access-list 124 permit gre host (insert external vpn nic IP address) host 216.100.100.130 - Original Message - From: Steve Collins To: Sent: Thursday, May 29, 2003 5:41 PM Subject: RE: Windows VPN through Cisco 2611 HELP!!! [7:69788] the reason i'm setting this up is to eliminate pc anywhere and the ip addresses on the post are bogus. The inside nat address of the vpn server is 192.168.1.180. I also have another nic with a public address. What is the point of two nic cards? this may be a stupid question but should the client connect to the external nic or the internal nic? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69841t=69788 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT:P3 XEON to P4 Ugrade [7:66877]
Has anyone been able to successfully upgrade his or her systems hardware from a P3 Xeon Proc and Mobo to a P4 processor and motherboard without having to reinstall Microsoft 2000? I'm anticipating the B.S.O.D but I was curious... The processor, motherboard, memory, and power supply will be replaced. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66877t=66877 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cool Tool Wish List [7:64991]
What about a tool that can determine the speed and duplex settings on multiple switch ports. CW2000 probably already does this but what about a tiny script...Maybe someone could post a link??? =) Larry Letterman wrote: we have a tool like that. One of our script experts writes stuff like that in Perl.. Larry Letterman Network Engineer Cisco Systems - Original Message - From: John Neiberger To: [EMAIL PROTECTED] Sent: Monday, March 10, 2003 7:01 PM Subject: Cool Tool Wish List [7:64991] Here's a tool that would be relatively simple to write for those with good scripting skills (not me), and I'd love to get my hands on it. Wouldn't it be great to have a tool that could look at a switch, determine which interfaces have only a single host attached, and then change the port name or interface description to the hostname of the device? Man, I would love that! Okay, so I didn't really have a point... :-) John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65035t=64991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Veterans Benefits [7:64425]
Is that the correct link: can't find www.vfw.gov: Non-existent domainfred barreras wrote: Go to www.vfw.gov and you will find info on G.I. Bill benefits. Iy also contains 800 number and email address where you can ask them directly. They get back to you pretty fast. Good Luck. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64462t=64425 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco VPN [7:63860]
I don't believe I'm meant to be able to accept incoming VPN requests and connect to my employer's VPN. Specifically the problem is VPN requests are serviced on the way in and at the same time I can successfully connect to my employer's VPN but I can't decrypt the packets coming back from my employer while I'm configured to accept VPN requests on my external interface (crypto map statement.) ODD or just not meant to be? Maybe its just the level of encryption? Any thoughts? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63860t=63860 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Study groups in Jersey City? [7:62807]
Any CCIE study groups in the Jersey City area? -Max Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62807t=62807 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: cisco IOS and VPN Client 3.X [7:61256]
try IOS Version 12.2(11)T3 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61260t=61256 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: show trunk on 2924m-XL [7:60741]
2924Switchsh int fa0/6 switchport Name: Fa0/6 Switchport: Enabled Administrative mode: static access Operational Mode: static access Administrative Trunking Encapsulation: isl Operational Trunking Encapsulation: isl Negotiation of Trunking: Disabled Access Mode VLAN: 10 (VLAN0010) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: NONE Pruning VLANs Enabled: NONE Priority for untagged frames: 0 Override vlan tag priority: FALSE Voice VLAN: none Appliance trust: none - Original Message - From: Phil Wallisch To: Sent: Thursday, January 09, 2003 3:36 PM Subject: show trunk on 2924m-XL [7:60741] Does anyone know how to do the equivilant of a show trunk on an IOS based switch? I've been having to do a show run to see if the port was trunking. Help STOP SPAM: Try the new MSN 8 and get 2 months FREE* Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60823t=60741 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: how to set extended range vlans (vlan number 1024) on [7:58610]
what CatOS are you running?
set spantree macreduction {enable | disable}
To:
Sent: Thursday, December 05, 2002 12:17 AM
Subject: how to set extended range vlans (vlan number 1024) on [7:58600]
the following is configuration of my cat6509:
--- --- --- -
--
---
1 2WS-X6K-SUP2-2GE SAD053202VH Hw : 2.2
Fw : 6.1(3)
Fw1: 6.1(3)
Sw : 6.3(3)X
Sw1: 6.3(3)X
WS-F6K-PFC2 SAD053301PG Hw : 2.0
2 2WS-X6K-SUP2-2GE SAD053302C4 Hw : 2.2
Fw : 6.1(3)
Fw1: 6.1(3)
Sw : 6.3(3)X
Sw1: 6.3(3)X
WS-F6K-PFC2 SAD0532034X Hw : 1.4
3 8WS-X6408A-GBIC SAL05309JZU Hw : 2.0
Fw : 5.4(2)
Sw : 6.3(3)X
4 8WS-X6408A-GBIC SAL05309K0T Hw : 2.0
Fw : 5.4(2)
Sw : 6.3(3)X
5 48 WS-X6348-RJ-45 SAL0533ALLL Hw : 5.0
Fw : 5.4(2)
Sw : 6.3(3)X
6 8WS-X6408A-GBIC SAL06261Y3G Hw : 2.1
Fw : 5.4(2)
Sw : 6.3(3)X
15 1WS-F6K-MSFC2SAD053201MX Hw : 1.2
Fw : 12.1(8a)E2
Sw : 12.1(8a)E2
16 1WS-F6K-MSFC2SAD0532049U Hw : 1.2
Fw : 12.1(8a)E2
Sw : 12.1(8a)E2
And i found in cisco document that 6509 can support vlan range between 1
and
4094.
but when i setup a new vlan as the following ,some mistake happened.
6509 (enable) set vlan 2000
VTP advertisements transmitting temporarily stopped,
and will resume after the command finishes.
Cannot set vlans in extended range.
Reduced Mac Address feature is disabled in NVRAM.
can anyone tell me the reason? thanks in advance.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58610t=58610
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: how to set extended range vlans (vlan number [7:58617]
I believe you can create extended vlans in either Server/Transparent modes. You just cannot use VTP to manage these VLANs; they must be statically configured on each switch. watch the wrap http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_7_3/confg_gd/vlans.htm#xtocid9 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58619t=58617 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pri, http://www.troubleshootingnetworks.com is down, any [7:57611]
Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57611t=57611 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pri, http://www.troubleshootingnetworks.com is dow [7:57611]
ok; online Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57618t=57611 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Clearing access lists counters [7:57241]
Worked for me on 12.2(12a): clear ip access-list counters - Original Message - From: John Tafasi To: Sent: Tuesday, November 12, 2002 5:22 PM Subject: Re: Clearing access lists counters [7:57241] I tried this also and it did not work. He is what I did: R5-2503#clear ip access-list count R5-2503#show access-lists abc Extended IP access list abc Dynamic test permit ip any any permit ip host 10.10.110.16 any (38 matches) (time left 134) permit tcp any host 10.10.110.3 eq telnet R5-2503# Tim Metz wrote in message news:200211120457.EAA20795;groupstudy.com... although that should have worked, try clear ip access-list counter as well I just tested this on a 3662 and both commands worked (IOS 12.1) Tim John Tafasi wrote in message news:20022125.VAA01591;groupstudy.com... Can some one tell me how to clear access-list counters? I tried to use the command clear access-list counters but it did not work. Please see the output of the show command below. R5-2503#show access-lis abc Extended IP access list abc Dynamic test permit ip any any permit ip any any (158 matches) permit tcp any host 10.10.110.3 eq telnet R5-2503# Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57334t=57241 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multiple Supervisors, 6509 Chassis; Native IOS [7:51654]
I'm sorry Larry if I've caused any confusion but I only have a single 6509 with two supervisor 1 blades with msfc 2 in slots 1 and 2. Clay, I began to read the URL you posted and noticed in the second paragraph it states, This paper is based on the hybrid software model for the Cat6500 Series...and not the Cisco IOS running natively. With that said please note the native IOS places these commands into the startup config by default; also I haven't been able to change these commands thus far: ! redundancy main-cpu auto-sync standard ! Jagan, I'm glad I'm not the only one! So I suppose its safe to conclude running native IOS on a 6509 w/two supervisor1 msfc2 modules yields a failover time of approximately 90-120 seconds. - Original Message - From: Larry Letterman To: Sent: Tuesday, August 20, 2002 1:34 AM Subject: RE: Multiple Supervisors 6509 Chassis; Native IOS [7:51654] If you have two gateways(6509's) why goto the expense of two msfc's in each chassis ? The failure should cause the hsrp to switch to the secondary 6509. Thats the way we run ours on our campus... Larry Letterman Cisco Systems [EMAIL PROTECTED] - Original Message - From: Larry Letterman To: Sent: Monday, August 19, 2002 10:14 PM Subject: RE: Multiple Supervisors 6509 Chassis; Native IOS [7:51654] we usually dont use dual msfc mods in our gateways..I'll ask some guys on my team and find out...an dpost the reply. Larry Letterman Cisco Systems [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, August 19, 2002 6:34 PM To: [EMAIL PROTECTED] Subject: Re: Multiple Supervisors 6509 Chassis; Native IOS [7:51654] Hi Maximus I am using 6509 Sup2, MSFC2 and native IOS. Condition is the same. If I pull the active sup it takes 2 minutes to reboot. And all the blades also reboot. Larry Is this the usual thing. Pls let me know this is the type of redundancy provided in Cat 6509. thanks jagan krishnaraj Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51727t=51654 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Multiple Supervisors 6509 Chassis; Native IOS [7:51654]
This is how I learn: =) Running IOS on my 6509, I wanted to see the amount of downtime I would cause by deliberately causing the primary SUP to fail by one executing a reload on the primary module and two simply pulling the primary from the chassis. heeheehee What I found was the reload caused approximately 2 minutes downtime. This was because the entire chassis of course booted. The secondary module did however become the primary almost immediately following the reload command. Now I figure that if I just removed the primary blade the system would failover immediately and not reboot my 10/100/1000 blades. To my surprise, this resulted in again 1 minute and 50 seconds downtime and network connectivity was restored. BTW The blades also appeared to reboot. In terms of High Availability am I missing something? Considering these results what would deter me from just sticking to HSRP. I am a novice and looking for some constructive input. With that said note the following: IOS: Cisco Catalyst 6000 (R7000) processor with 112640K/18432K bytes of memory. R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3 Cache ROM: System Bootstrap, Version 12.1(11r)E1, RELEASE SOFTWARE (fc1) BOOTLDR: c6sup2_rp Software (c6sup2_rp-JSV-M), Version 12.1(11b)E4, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Hardware: Routersh mod Mod Ports Card Type Model Serial No. --- - -- -- --- 12 Cat 6k sup 1 Enhanced QoS (Standby)WS-X6K-SUP1A-2GE 22 Cat 6k sup 1 Enhanced QoS (Active) WS-X6K-SUP1A-2GE 4 16 16 port 1000mb GBIC ethernet WS-X6416-GBIC 9 48 48 port 10/100 mb RJ45 WS-X6348-RJ-45 Comments? -Maximus Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51654t=51654 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multiple Supervisors 6509 Chassis; Native IOS [7:51654]
SUP 1/MSFC 2 - Original Message - From: Larry Letterman To: Sent: Monday, August 19, 2002 4:02 PM Subject: RE: Multiple Supervisors 6509 Chassis; Native IOS [7:51654] I am assuming that both these are sup1/msfc1 modules... Larry Letterman Cisco Systems [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Maximus Sent: Monday, August 19, 2002 11:49 AM To: [EMAIL PROTECTED] Subject: Multiple Supervisors 6509 Chassis; Native IOS [7:51654] This is how I learn: =) Running IOS on my 6509, I wanted to see the amount of downtime I would cause by deliberately causing the primary SUP to fail by one executing a reload on the primary module and two simply pulling the primary from the chassis. heeheehee What I found was the reload caused approximately 2 minutes downtime. This was because the entire chassis of course booted. The secondary module did however become the primary almost immediately following the reload command. Now I figure that if I just removed the primary blade the system would failover immediately and not reboot my 10/100/1000 blades. To my surprise, this resulted in again 1 minute and 50 seconds downtime and network connectivity was restored. BTW The blades also appeared to reboot. In terms of High Availability am I missing something? Considering these results what would deter me from just sticking to HSRP. I am a novice and looking for some constructive input. With that said note the following: IOS: Cisco Catalyst 6000 (R7000) processor with 112640K/18432K bytes of memory. R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3 Cache ROM: System Bootstrap, Version 12.1(11r)E1, RELEASE SOFTWARE (fc1) BOOTLDR: c6sup2_rp Software (c6sup2_rp-JSV-M), Version 12.1(11b)E4, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Hardware: Routersh mod Mod Ports Card Type Model Serial No. --- - -- -- -- -- --- 12 Cat 6k sup 1 Enhanced QoS (Standby)WS-X6K-SUP1A-2GE 22 Cat 6k sup 1 Enhanced QoS (Active) WS-X6K-SUP1A-2GE 4 16 16 port 1000mb GBIC ethernet WS-X6416-GBIC 9 48 48 port 10/100 mb RJ45 WS-X6348-RJ-45 Comments? -Maximus Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51672t=51654 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Unable to access MS Outlook using IPSec Lan-to-Lan [7:48540]
I thought I was the only one not able to traverse multiple domains through the VPN. This is interms of client/server applications. =) - Original Message - From: Rod Rodericks To: Sent: Wednesday, July 10, 2002 3:47 PM Subject: Re: Unable to access MS Outlook using IPSec Lan-to-Lan [7:48525] I'm still trying to figure out if there's a way to allow multiple domains in the VPN config domain? - Original Message - From: To: Sent: Wednesday, July 10, 2002 3:16 PM Subject: RE: Unable to access MS Outlook using IPSec Lan-to-Lan [7:48496] can you ping the mail server by name? I experienced the same problem turns out, the remote pc was authenticating to a different domain than the mail server was on (no broadcast traffic between domains) after adding the mail server to the host file on the PC, it worked fine. I'm still trying to figure out if there's a way to allow multiple domains in the VPN config Hope it helps... lemme know if it doesn't work. -Original Message- From: George Kallingal [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 10, 2002 5:05 AM To: [EMAIL PROTECTED] Subject: Unable to access MS Outlook using IPSec Lan-to-Lan [7:48482] We have an IPSec LAN-to-LAN connection between two Cisco VPN 3000 Concentrators and for some strange reason, MS Outlook is unable to connect to the Exchange server on the other side of the tunnel. All other traffic seems to travel fine, and we know for a fact that the mailboxes are accessible locally. Has anyone experienced such a problem and found a solution? George Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48540t=48540 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
All this talk about IDS.... [7:46690]
I've decided to take the plunge. 1.Has anyone ever successfully installed Snort on a 2000 box? 2.I downloaded Snort 1.8.6 and WinPcap. Dunno why I pulled down Winpcap, but I did. 3.Either way I'm just a newbie to Snort(IDS) and can't find a down and dirty guide to get started... Any help would be appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46690t=46690 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: dual-homed hosts problems [7:43677]
I may be wrong but your friend is using a routing protocol and therefore the below would not apply to the scenario. As for running SOP on the server IMHO it would be overkill for this specific situation. Keep it simple. Would I run SOP on a server? Depends on why I had the server built in the first place. Have a nice day! - Original Message - From: Jeffrey Reed To: Sent: Friday, May 10, 2002 8:27 AM Subject: RE: dual-homed hosts problems [7:43677] I just talked to someone yesterday who said they are running OSPF on the WIN2000 servers and using dual NICs effectively. Is this a better way to dual home servers? Jeffrey Reed Classic Networking, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Galo Villacis Sent: Thursday, May 09, 2002 7:18 PM To: [EMAIL PROTECTED] Subject: Re: dual-homed hosts problems [7:43677] I believe your issue may relate to the single IP stack on 2000. Try defaulting traffic to the internet and adding a static route to the internal network opposed to specifying the gateway on the internal IP interface. Also I would go as far as disabling any NETBIOS on the external interface for security. cmd would be: route add -p Network Mask Gateway - Original Message - From: Henrique Duarte To: Sent: Thursday, May 09, 2002 5:48 PM Subject: Re: dual-homed hosts problems [7:43677] Bulent, Thank you for the reply. I am afraid you may have misunderstood this problem. Allow me to be more clear: 192.168.0.1 - 192.168.0.150 - Host A - 128.59.39.3 | (dual homed server) | | | | | 128.59.39.2 router A router C Internet | 192.168.1.1 | | T1 | | 192.168.1.2 | router B | 192.168.2.1 The problem happens on Host A. Host A is a WebServer with 2 interfaces: a public (which goes out to the internet) and a private (which talks to the database). The private interface has IP 192.168.0.150 and default GW 192.168.0.1. The public has ip 128.59.39.3 and default GW 128.59.39.2. Everything works fine if I leave the private interface's default GW blank. If I put Router C's address as the private interface's default gateway, after some time I cannot ping anywhere from Host A, even though I can ping it from the outside world. I need to have the private interface configured with 192.168.0.1 as the default GW because remote users need to be able to connect to that server via the back-end T1. Any light would be greatly appreciated. Thanks, -H - Original Message - From: B|lent ^ahin To: Sent: Thursday, May 09, 2002 3:17 AM Subject: RE: dual-homed hosts problems [7:43677] When configuring ethernet interfaces on MS environment, you have three blank spaces to fill: IP_address, Subnet_mask and Default_gateway. So the people start to think every ethernet interface as a router: This interface will route IP packets to the other interface, so the default gateway of the first interface should be same as the IP address of the second interface., but there is one router on the PC: CPU. Try to configure only one default gateway. You can use the command route print to see what happens when you configure two or more default gateways. Bulent -Original Message- From: Henrique Duarte [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 09, 2002 12:39 AM To: [EMAIL PROTECTED] Subject: dual-homed hosts problems [7:43677] Hello All, I am working on some dual homed servers at a co-location where there is a public and private interface on each. The public interfaces attach to the internet via a router while the private ones are on its own separate private subnet. The private subnet is attached to another router, which provides remote users access to the private network via a T1 line. I am encountering the following issue. When I set the private interfaces' default gateway to the private interface's router address, it works fine for about 10 minutes or so, but after that the server cannot ping and/or access the internet, even though it is set with the public NIC to be the primary one. However, as soon as I take the default gateway out of the private interface NIC it works fine and is able to ping the outside world. Does anyone have any ideas why this is happening and/or how to fix it? The servers are running Windows 2000 Server and the T1 router is a Cisco 1601. Thanks, -Henrique Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43840t=43677 -- FAQ, list archives, and subscription info:
Re: dual-homed hosts problems [7:43677]
Sorry list members, the spell-checker changed OSPF to SOP. - Original Message - From: Maximus To: Sent: Friday, May 10, 2002 12:40 PM Subject: Re: dual-homed hosts problems [7:43677] I may be wrong but your friend is using a routing protocol and therefore the below would not apply to the scenario. As for running SOP on the server IMHO it would be overkill for this specific situation. Keep it simple. Would I run SOP on a server? Depends on why I had the server built in the first place. Have a nice day! - Original Message - From: Jeffrey Reed To: Sent: Friday, May 10, 2002 8:27 AM Subject: RE: dual-homed hosts problems [7:43677] I just talked to someone yesterday who said they are running OSPF on the WIN2000 servers and using dual NICs effectively. Is this a better way to dual home servers? Jeffrey Reed Classic Networking, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Galo Villacis Sent: Thursday, May 09, 2002 7:18 PM To: [EMAIL PROTECTED] Subject: Re: dual-homed hosts problems [7:43677] I believe your issue may relate to the single IP stack on 2000. Try defaulting traffic to the internet and adding a static route to the internal network opposed to specifying the gateway on the internal IP interface. Also I would go as far as disabling any NETBIOS on the external interface for security. cmd would be: route add -p Network Mask Gateway - Original Message - From: Henrique Duarte To: Sent: Thursday, May 09, 2002 5:48 PM Subject: Re: dual-homed hosts problems [7:43677] Bulent, Thank you for the reply. I am afraid you may have misunderstood this problem. Allow me to be more clear: 192.168.0.1 - 192.168.0.150 - Host A - 128.59.39.3 | (dual homed server) | | | | | 128.59.39.2 router A router C Internet | 192.168.1.1 | | T1 | | 192.168.1.2 | router B | 192.168.2.1 The problem happens on Host A. Host A is a WebServer with 2 interfaces: a public (which goes out to the internet) and a private (which talks to the database). The private interface has IP 192.168.0.150 and default GW 192.168.0.1. The public has ip 128.59.39.3 and default GW 128.59.39.2. Everything works fine if I leave the private interface's default GW blank. If I put Router C's address as the private interface's default gateway, after some time I cannot ping anywhere from Host A, even though I can ping it from the outside world. I need to have the private interface configured with 192.168.0.1 as the default GW because remote users need to be able to connect to that server via the back-end T1. Any light would be greatly appreciated. Thanks, -H - Original Message - From: B|lent ^ahin To: Sent: Thursday, May 09, 2002 3:17 AM Subject: RE: dual-homed hosts problems [7:43677] When configuring ethernet interfaces on MS environment, you have three blank spaces to fill: IP_address, Subnet_mask and Default_gateway. So the people start to think every ethernet interface as a router: This interface will route IP packets to the other interface, so the default gateway of the first interface should be same as the IP address of the second interface., but there is one router on the PC: CPU. Try to configure only one default gateway. You can use the command route print to see what happens when you configure two or more default gateways. Bulent -Original Message- From: Henrique Duarte [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 09, 2002 12:39 AM To: [EMAIL PROTECTED] Subject: dual-homed hosts problems [7:43677] Hello All, I am working on some dual homed servers at a co-location where there is a public and private interface on each. The public interfaces attach to the internet via a router while the private ones are on its own separate private subnet. The private subnet is attached to another router, which provides remote users access to the private network via a T1 line. I am encountering the following issue. When I set the private interfaces' default gateway to the private interface's router address, it works fine for about 10 minutes or so, but after that the server cannot ping and/or access the internet, even though it is set with the public NIC to be the primary one. However, as soon as I take the default gateway out of the private interface NIC it works fine and is able to ping the outside world. Does anyone have any ideas why this is happening and/or how to fix
Re: Serial number [7:43211]; FYI Dion, Thierry [7:43236]
You can try: sh diag This will give you several serials! BTW I am a new comer so please no flame. Galo - Original Message - From: Dion, Thierry To: Sent: Friday, May 03, 2002 11:00 AM Subject: RE: Serial number [7:43211] Nop you cannot get chassis serial number on C7000 series router without this command. how can i get chassis serial on GSR 12000 series Router (show version don't give it) -- show c7200 -- Network IO Interrupt Throttling: throttle count=0, timer count=0 active=0, configured=0 netint usec=4000, netint mask usec=200 C7200 Midplane EEPROM: Hardware revision 2.0 Board revision A0 -- Serial number 18281725 Part number73-3905-03 Test history 0x0 RMA number 00-00-00 MAC=0001.6457.5000, MAC Size=1024 EEPROM format version 1, Model=0x4 EEPROM contents (hex): 0x20: 01 04 02 00 01 16 F4 FD 49 0F 41 03 00 01 64 57 0x30: 50 00 04 00 00 00 00 00 00 02 22 50 00 00 FF 00 C7204VXR CPU EEPROM: Hardware revision 4.2 Board revision A0 Serial number 23322824 Part number73-3409-08 Test history 0x7 RMA number 07-37-36 EEPROM format version 1 EEPROM contents (hex): 0x20: 01 AE 04 02 01 63 E0 C8 49 0D 51 08 07 07 25 24 0x30: 50 00 00 00 00 00 00 00 00 00 FF FF FF FF FF 00 But look at the show version -- show version -- Cisco Internetwork Operating System Software IOS (tm) 7200 Software (C7200-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Tue 07-Dec-99 16:36 by phanguye Image text-base: 0x60008900, data-base: 0x613D8000 ROM: System Bootstrap, Version 12.1(2824:081033) [dbeazley-cosmos_e_LATEST 1 01], DEVELOPMENT SOFTWARE BOOTFLASH: 7200 Software (C7200-BOOT-M), Version 12.0(4)XE, EARLY DEPLOYMENT REL EASE SOFTWARE (fc1) Router uptime is 2 hours, 6 minutes System returned to ROM by reload at 14:19:15 Tue Mar 5 2002 System restarted at 14:20:36 Tue Mar 5 2002 System image file is slot0:c7200-is-mz.120-7.bin cisco 7204VXR (NPE300) processor with 40960K/24576K bytes of memory. R7000 CPU at 262Mhz, Implementation 39, Rev 2.1, 256KB L2, 2048KB L3 Cache 4 slot VXR midplane, Version 2.0... the show version don't work for every components. Kind regards -Message d'origine- De : Marko Milivojevic [mailto:[EMAIL PROTECTED]] Envoyi : vendredi 3 mai 2002 16:08 @ : [EMAIL PROTECTED] Objet : RE: Serial number [7:43211] Importance : Faible Hello, May i have a link on web Cisco for how to get chassis's serial numbers because it's differents According to equipements. Someone is strange like CISCO7200VXR (show c7200)!! You can always use show version and get the same info. Marko. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43236t=43236 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
802.1Q VLAN trunking with 2651 [7:1716]
Hi all, Need assistance in getting the above working. I have a 2651 with 2 x 10/100 interfaces and am trying to get 802.1Q VLAN trunking to work on 1 of the interfaces. Figured that I need IOS 12.1(7) with IP Plus features. Tried running IOS from TFTP as I don't have enough flash at the moment, but it did not work. Observed a boot loader error. Any suggestions? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1716t=1716 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
