Routers multicast address 224.0.0.2 ?! [7:59609]
Hi ... I have tried to configure HSRP on two 3660 routers, I configured them straight forward where only a little commands needed.But HSRP don't worked well ! The reason simply was that they are not seeing the HSRP hello messages so every one act as the active one ! When I checked the problem more, I discovered that both of them are not seeing the 224.0.0.2 messages by using the SHOW IP INTERFACE command where none of the interfaces of the two routers are joined for this multicast group ! My question now is how I can make them joined to 224.0.0.2 which should be the default configuration ? Or may be I'm wrong in my investigation ?! Thanks for your help -- Mohannad Khuffash Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59609t=59609 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Routers multicast address 224.0.0.2 ?! [7:59609]
Hi Sam, Here is the configuration and the output of the show commands, please note the first router is showing it's joining to the multicast group 224.0.0.2 while the other not ! R1 interface FastEthernet1/0 ip address 172.16.0.2 255.255.0.0 ip broadcast-address 0.0.0.0 no ip redirects standby 10 ip 172.16.0.37 R2 ip address 172.16.0.36 255.255.0.0 ip directed-broadcast duplex auto speed auto standby 10 ip 172.16.0.37 R1#show ip interface fastEthernet 1/0 FastEthernet1/0 is up, line protocol is up Internet address is 172.16.0.2/16 Broadcast address is 0.0.0.0 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is enabled Multicast reserved groups joined: 224.0.0.10 224.0.0.2 Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are never sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP multicast fast switching is enabled Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Probe proxy name replies are disabled Gateway Discovery is disabled Policy routing is disabled Network address translation is disabled R2#show ip interface fastEthernet 0/0 FastEthernet0/0 is up, line protocol is up Internet address is 172.16.0.36/16 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is enabled Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP Feature Fast switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Probe proxy name replies are disabled Policy routing is disabled Network address translation is disabled WCCP Redirect outbound is disabled WCCP Redirect exclude is disabled BGP Policy Mapping is disabled Sam Sneed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Could you post your config's for those 2 routers and possibly sh int output? Mohannad Khuffash wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi ... I have tried to configure HSRP on two 3660 routers, I configured them straight forward where only a little commands needed.But HSRP don't worked well ! The reason simply was that they are not seeing the HSRP hello messages so every one act as the active one ! When I checked the problem more, I discovered that both of them are not seeing the 224.0.0.2 messages by using the SHOW IP INTERFACE command where none of the interfaces of the two routers are joined for this multicast group ! My question now is how I can make them joined to 224.0.0.2 which should be the default configuration ? Or may be I'm wrong in my investigation ?! Thanks for your help -- Mohannad Khuffash Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59627t=59609 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Routers multicast address 224.0.0.2 ?! [7:59609]
Both routers can ping each other without any problem, also the Show Interface command showing no errors at all . I have removed the ip broadcast-address 0.0.0.0 command, but the problem still ! About multicast group 224.0.0.2 which I thing it's the problem's key, when I'm pinging the address 224.0.0.2: all routers respond except the Second router R2 don't ! So it's not hearing the HSRP messages then it don't see the other HSRP router . Sam Sneed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The interface configs look fine. Can you ping each others IP address? Do show int to see if there's any interface errors as well. Why is your broadcast address showing 0.0.0.0 on R1? interface FastEthernet1/0 ip address 172.16.0.2 255.255.0.0 ip broadcast-address 0.0.0.0 It should be 255.255.255.255, this could be a problem. Maybe you need ip subnet-zero command for this to work. I see you have no access lists set so that can;t be the problem. I have a pair of 7200's doing hsrp and both of them show they've joined the multicast group of 224.0.0.2 and both have broadcast 255.255.255.255. showing. Mohannad Khuffash wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Sam, Here is the configuration and the output of the show commands, please note the first router is showing it's joining to the multicast group 224.0.0.2 while the other not ! R1 interface FastEthernet1/0 ip address 172.16.0.2 255.255.0.0 ip broadcast-address 0.0.0.0 no ip redirects standby 10 ip 172.16.0.37 R2 ip address 172.16.0.36 255.255.0.0 ip directed-broadcast duplex auto speed auto standby 10 ip 172.16.0.37 R1#show ip interface fastEthernet 1/0 FastEthernet1/0 is up, line protocol is up Internet address is 172.16.0.2/16 Broadcast address is 0.0.0.0 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is enabled Multicast reserved groups joined: 224.0.0.10 224.0.0.2 Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are never sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP multicast fast switching is enabled Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Probe proxy name replies are disabled Gateway Discovery is disabled Policy routing is disabled Network address translation is disabled R2#show ip interface fastEthernet 0/0 FastEthernet0/0 is up, line protocol is up Internet address is 172.16.0.36/16 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is enabled Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP Feature Fast switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Probe proxy name replies are disabled Policy routing is disabled Network address translation is disabled WCCP Redirect outbound is disabled WCCP Redirect exclude is disabled BGP Policy Mapping is disabled Sam Sneed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Could you post your config's for those 2 routers and possibly sh int output? Mohannad Khuffash wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi ... I have tried to configure HSRP on two 3660 routers, I configured them straight forward where only a little commands needed.But HSRP don't worked well ! The reason simply was that they are not seeing the HSRP hello messages so every one act as the active one ! When I checked the problem more, I discovered that both of them are not seeing the 224.0.0.2 messages by using the SHOW IP INTERFACE command where none of the interfaces of the two routers are joined for this multicast group ! My question now is how I can make them j
Re: Routers multicast address 224.0.0.2 ?! [7:59609]
Hello ... Illegal multicast group address is the output when using ip igmp join-group 224.0.0.2 command, the address should not be one of the reserved multicast addresses! Xueyan Liu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, there I think there is a way to force a router interface to join a multicast group. try this command under the interface see if that helps. from cco ip igmp join-group group-address To have the router join a multicast group, use the ip igmp join-group interface configuration command. To cancel membership in a multicast group, use the no form of this command. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59640t=59609 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN Client+IOS [7:59283]
Check the statistics for in and out Bayts on the client side: if the OUT is increasing without increasing in IN the problem would be either in routing or access-lists. JM wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello I am trying to run VPN beetwen VPN Client 3.6.2.A and Cisco 2651. On Cisco router I have: Software with 3DES/IP PLus/FW/IDS - Version 12.2(11)T2 Router has 4 interfaces: serial 0/1 - Internet here I gave cryptomap fasteth 0/1 -DMZ fasteth 0/0 -LAN ( here I want to be tgrough VPN) I have the same configuration like in TAC help : http://www.cisco.com/warp/customer/471/ipsecrouter_vpn.html VPN Client can login inside router, and I have ipaddress from router, but I don't see anything. I can't ping. I have question ? Where am Im inside the router ? I am in, but I don't see anything. When I will have : ip access-list out on fast0/0 (LAN) what should I enable ? I have nat inside on fast 0/0 and outside on ser 0/1 Regards JM Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59482t=59283 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
bandwidth control ? [7:59238]
Hello, How I can limit the bandwidth to specific value for some type of traffic while keeping the other traffic's bandwidth unlimited, of course this is at the same link? Thanks in advance Mohannad Khuffash -- Mohannad Khuffash Network Administrator Palestine Telecom Tel: 00970-9-2390509 Mobile:00970-59-579528 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59238t=59238 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
G.703 interface [7:56786]
Hello All, What is the lowest router series that support the G.703 interface? Is it 36xx ? Regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56786t=56786 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MSN Messenger blocking [7:55445]
Thanks very much Chris . Chris Headings wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can try to block port 1863... if on a windows machine, just use the netstat command to see what port you are using to connect to the service... msgr-cs147.msgr.hotmail.com:1863 ESTABLISHED Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55609t=55445 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DNS at PIX [7:55444]
Dear group, I want to ask simple question, What is the command used to configure the DNS server at PIX firewall, if any ? Thanks Mohannad Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55444t=55444 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MSN Messenger blocking [7:55445]
Hello All, What is the best way to block MSN Messenger ? Thanks Mohannad Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55445t=55445 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MSN Messenger blocking [7:55445]
Hi, I tried to block port 1080, but the MSN messenger still working. I think it's works at http port 80 , is that right ? Regards, wrote in message news:200210121035.KAA07184;groupstudy.com... Block its port, I believe 1080 Mohannad Khuffash wrote in message news:200210120908.JAA01990;groupstudy.com... Hello All, What is the best way to block MSN Messenger ? Thanks Mohannad Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55462t=55445 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IOS ROUTER and a Cisco VPN Client 3.x [7:55302]
Dear All, I'm trying to configure 2600 router with c2600-ik9o3s-mz.122-8.T.bin image file to be VPN gateway, I'm using the Cisco VPN 3.6 client, every thing goes well almost, where the client get authenticated and get it's private IP address from the pool, but I'm still have a problem where the packets sent from the client is encrypted but no encrypted received packets! So no response at all ! Here is my router configuration : version 12.2 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname IDS-FW ! logging console informational aaa new-model ! ! aaa authentication login userauthen group tacacs+ local aaa authorization network groupauthor local aaa session-id common enable secret 5 xx ! crypto isakmp policy 3 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group vpngroup key forest dns 172.16.1.40 pool IPpool acl 102 ! ! crypto ipsec transform-set myset esp-3des esp-sha-hmac ! ! crypto dynamic-map dynmap 10 set transform-set myset ! ! crypto map clientmap isakmp authorization list groupauthor crypto map clientmap client configuration address respond crypto map clientmap 10 ipsec-isakmp dynamic dynmap interface Ethernet0/0 ip address 172.31.0.5 255.255.0.0 no ip mroute-cache half-duplex -- interface Serial0/1 ip address 212.22.222.2 255.255.255.252 no ip mroute-cache crypto map clientmap ip local pool IPpool 172.31.0.150 172.31.0.200 access-list 102 permit ip 172.16.0.0 0.15.255.255 172.31.0.0 0.0.0.127 ip route 0.0.0.0 0.0.0.0 212.22.222.1 Thanks for you. Mohannad Khuffash -- Mohannad Khuffash Network Administrator Palestine Telecom Tel: 00970-9-2390509 Mobile:00970-59-579528 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55302t=55302 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MCNS Exam [7:53894]
Dear All, According to Cisco press MCNS book by Wenstrom, there are some chapters are not included in the exam as Cisco site review like: Cisco Encryption Technology Overview Configuring Cisco Encryption Technology Configuring PIX Firewall IPSec Support So please any one did the exam recently, are these subjects included in the exam or not ? Thanks for your help Mohannad -- Mohannad Khuffash Network Administrator Palestine Telecom Tel: 00970-9-2390509 Mobile:00970-59-579528 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53894t=53894 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AGAIN... aCS2.6 on W2k advanced server with bug!!!! [7:52557]
Dear Majdy, How are you? Hope every thing is OK with you? Did you check that the accounting working well, since if you have a problem in accounting it may cause some like these bugs. Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Patrick, I am using ACS Dbase and when I check the error I found the following: exceeds maximum session So, I am wondering, this user not connected, then why he failed to reconnect and why he still exist in the connected users Dbase??? Thanx Magdy Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Sorry some text dissappeared along the way the group should say Mapped by External Authenticaror Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... If you check the user who is listed in the acs they will be in the group . This is normal when you use NT to authenticate users by mapping an external db. Why they are can't re-connect should be in the logs (reports then failed attempts), if they have a successful authentication then it's somewhere else like you NT authentication. Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Patrick, The problem not Why my users disconnected... this may happened because he ended the session stop using the internet.. etc. The problem is why that user still exist on the ACS server, preventing him from reconnecting again till I purge him from the ACS server So why ACS act such behave?? and how to fix this strange behave?? Thanx Magdy Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a similar set-up, ACS on Win2k, what do error message do you see in the event log? Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear All, This is my second post regarding ACS2.6 bugs... The problem is: As you know;-) I have an acs2.6 server on W2k advanced server , My users Using it to connect to the internet and sometimes many of my users logged into my network through the acs and when they disconnected from my system, I noticed that they still exist on the acs server , and since i made a single session to my users , they cannot enter again till i make a purge to the user. Please this is a big problem for me so can u help me to solve it? Thanx in advance... Regards,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52557t=52557 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AGAIN... aCS2.6 on W2k advanced server with bug!!!! [7:52558]
To be more clear, if you have a problem in accounting may be due to low in memory the user is recorded when he logging in, but not recorded when he logging out, so he still appear on line to the AS, which prevent him in next login where you have configured max number of sessions . Regards Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Patrick, I am using ACS Dbase and when I check the error I found the following: exceeds maximum session So, I am wondering, this user not connected, then why he failed to reconnect and why he still exist in the connected users Dbase??? Thanx Magdy Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Sorry some text dissappeared along the way the group should say Mapped by External Authenticaror Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... If you check the user who is listed in the acs they will be in the group . This is normal when you use NT to authenticate users by mapping an external db. Why they are can't re-connect should be in the logs (reports then failed attempts), if they have a successful authentication then it's somewhere else like you NT authentication. Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Patrick, The problem not Why my users disconnected... this may happened because he ended the session stop using the internet.. etc. The problem is why that user still exist on the ACS server, preventing him from reconnecting again till I purge him from the ACS server So why ACS act such behave?? and how to fix this strange behave?? Thanx Magdy Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a similar set-up, ACS on Win2k, what do error message do you see in the event log? Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear All, This is my second post regarding ACS2.6 bugs... The problem is: As you know;-) I have an acs2.6 server on W2k advanced server , My users Using it to connect to the internet and sometimes many of my users logged into my network through the acs and when they disconnected from my system, I noticed that they still exist on the acs server , and since i made a single session to my users , they cannot enter again till i make a purge to the user. Please this is a big problem for me so can u help me to solve it? Thanx in advance... Regards,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52558t=52558 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NBAR filter [7:52566]
Dear Group, I want to filter Nimda Virus, which spread mainly through the email exchange. My question is : Can I use NBAR to filter the SMTP POP3 content like HTTP? If not, is there any other way to do that ? Thanks -- Mohannad Khuffash Network Administrator Palestine Telecom Tel: 00970-9-2390509 Mobile:00970-59-579528 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52566t=52566 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access server problem [7:52462]
May you supply us with more info. Like router platform, IOS firmware versions. show run show version commands. Regards, Mohannad Khuffash Palestine Telecom CCNP,CCDP,CCSE,MCSE. Farhan Ahmed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all I ve got a problem The user is getting disconnect after 2-3 minutes, I ve changed the line at both side, Doesn't help, it was working b4 a month no configuration has been changed Anyone knows about this error? 8589934592d8589934592h: Call Handle failed for Modem 2/1 Also this one 0 2002-08-31 14:20:45 Local7.Debug 192.168.10.13 1924: 2d06h: TTY66: Async Int reset: Dropping DTR 2002-08-31 14:20:45 Local7.Debug 192.168.10.13 1925: 2d06h: Modem 2/1 Mcom: in modem state 'Disconnecting' 2002-08-31 14:20:45 Local7.Debug 192.168.10.13 1926: 2d06h: Modem 2/1 Mcom: DISCONNECT, duration = 00:02:01, reason (0x9) DTR Drop 2d07h: Modem 2/1 Mcom: in modem state 'Dialing/Answering' 2d07h: Modem 2/1 Mcom: in modem state 'Incoming ring' 2d07h: %LINK-3-UPDOWN: Interface BRI1/2:1, changed state to up 2d07h: Modem 2/1 Mcom: in modem state 'Waiting for Carrier' 2d07h: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI1/2:1, o up 2d07h: %ISDN-6-CONNECT: Interface BRI1/2:1 is now connected to 0 2d07h: Modem 2/1 Mcom: in modem state 'Connected' 8589934592d8589934592h: Call Handle failed for Modem 2/1 2d07h: Modem 2/1 Mcom: CONNECT at 31200/31200(Tx/Rx), V34, LAPM, 2d07h: TTY66: DSR came up 2d07h: Modem 2/1 Mcom: switching to PPP mode 2d07h: TTY66: no timer type 1 to destroy 2d07h: TTY66: no timer type 0 to destroy 2d07h: tty66: Modem: IDLE-(unknown) 2d07h: %LINK-3-UPDOWN: Interface Async66, changed state to up 2d07h: Modem 2/1 Mcom: PPP escape map: Tx map = , Rx map 2d07h: Modem 2/1 Mcom: PPP escape map: Tx map = , Rx map 2d07h: TTY66: Async Int reset: Dropping DTR 2d07h: Modem 2/1 Mcom: in modem state 'Disconnecting' 2d07h: Modem 2/1 Mcom: DISCONNECT, duration = 00:00:26, reason ( 2d07h: TTY66: DSR was dropped 2d07h: tty66: Modem: READY-(unknown) 2d07h: TTY66: dropping DTR, hanging up 2d07h: tty66: Modem: HANGUP-(unknown) 2d07h: Modem 2/1 Mcom: in modem state 'Idle' 2d07h: %LINK-5-CHANGED: Interface Async66, changed state to rese 2d07h: TTY66: cleanup pending. Delaying DTR 2d07h: TTY66: cleanup pending. Delaying DTR 2d07h: TTY66: cleanup pending. Delaying DTR 2d07h: Modem 2/1 Mcom: switching to character mode 2d07h: TTY66: no timer type 0 to destroy 2d07h: TTY66: no timer type 1 to destroy 2d07h: TTY66: no timer type 3 to destroy 2d07h: TTY66: no timer type 4 to destroy 2d07h: TTY66: no timer type 2 to destroy 2d07h: Async66: allowing modem_process to continue hangup 2d07h: TTY66: restoring DTR 2d07h: TTY66: autoconfigure probe started 2d07h: %LINK-3-UPDOWN: Interface Async66, changed state to down Best Regards Have A Good Day!! ++ Farhan Ahmed MCSE+I, MCP Win2k, CCA, CCDA, CCNA, CSE , CCNP Network Engineer Mideast Data Systems Abu Dhabi Uae. www.mdsemirates.com Tel: 97126274000Cellular: 971507903578 ++ Be a builder, not a destroyer!!! Disclaimer: Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Errors and Omissions may occur in the contents of this e-mail arising out of or in connection with data transmission, network malfunction or failure, machine or software error, malfunction, or by the person who is sending the email. Mideast Data Systems accepts no responsibility for any such errors or omissions Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52479t=52462 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 128Kbps instead 64kbpes [7:52190]
In addition to dialer-load threshold, enable multilink support by using PPP multilink Command Mohannad Steven A. Ridder wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... dialer-load threshold 1either -- RFC 1149 Compliant. Eng. ABDALLAH QUQAS wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear ALL, how i can make ISDN BRI to connect at 128kbps instead of 64kbps as a bundle channel of Cisco router 3600 using ppp encapsulation. Kind Regards abd quqas Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52209t=52190 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP virtual lab and CCNP routersim [7:51232]
I tried most simulators, most of them if not all are not worth their costs, try to get a small lab or hand on experience. Salam Fadi Younes wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear all, I am planning to buy a CCNP simulation software and i am trying to choose between to available software products which are CCNP Cybex Virtual Lab and CCNP RouterSim. Can you advice or comment on both softwares if you used them before. Many thanks in advance. Fadi Younes IT Team Member ARAMEX International P.O.Box 960913, Amman 11196 Jordan http://www.aramex.com Office: +962 6 552 2192 Fax: +962 6 552 7461 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51293t=51232 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IOS Firewall IDS Document?? [7:51143]
You can find it under Cisco Security Configuration Guide name. Fanglo MA wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Any knows where to locate IOS Firewall IDS Document (Configuration Guide)? I search on CISCO and cannot find it. Only 12.1 version exist. TIA, Fanglo Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51198t=51143 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ACS PIX [7:50631]
Thanks for your response. I mean when i get authenticated through PIX to out side , where PIX configured to send AAA to ACS 3.0, the Current Usage remian zero either the time or the number of sessions, as follow : Current Usage Day Week Month Absolute Online time 00:00 00:00 00:00 00:00 Sessions 0 0 0 0 where i want to limit the access to outside Interntet to a limited time quota . I hope it's clear now ? Thanks in advance -- Mohannad N. Khuffash Network Administrator Palestine Telecommunication Company Tel: 00972-02-2982330 Fax:00972-02-2980235 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50631t=50631 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ACS2.6 on w2k server with bugs!!! [7:50624]
Dear Magdy, I don't think the upgrade to ACS 3.0 will solve the problem since i'm using version 3.0 of ACS but have the same problem you have problem no. 1 plz any one have comment for that ? Thanks Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, I have ACS2.6 server runs on W2k server used to authenticate my dialup users when they connect to the internet.. few days ago, it started a strange behaves which are: 1- When I tried to modify or editing an existing user to make some changes on his privileges. when I clicked on that user it gives me the add new user window with NEW USER statement ... that user already exist in the ACS user database... 2- some usernames the ACS refused to add them, I do not know why... unless I change it to an other username 3- most times when a user disconnected, and after a while 10 min or more when this user trys to reconnect again the ACS does not allow him to reconnect unless I purge all the users and they connect again and the Access server where the user connected still show me that the user still logging to the server??? Please is there any solution to fix this problem?? and if I upgrade to ACS3.0 these problems will fixes or those bugs still exist. I need your advices ASAP. Best regards,,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50632t=50624 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ACS PIX [7:50589]
Dear all, Why not the usage time in the user property not increased when I pass through the PIX which get Authentication Authorization and send accounting to ACS? Not like the dialup access? The version of ACS is 3.0 and I have PIX 515. Thanks for your response. -- Mohannad N. Khuffash Network Administrator Palestine Telecommunication Company Tel: 00972-02-2982330 Fax:00972-02-2980235 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50589t=50589 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
urgent !!! [7:46679]
Dear All, I have a problem at my core switches (2948G), there are a lot of packets missed at all the ports at separate times. When i make a continuous pings at many servers, it give me a time out at all ping windows (about 3 to 15 packets) then it come back pinging. Please any help ? -- Mohannad N. Khuffash Network Administrator Palestine Telecom Tel : 00970-09-2390509 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46679t=46679 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Problem at 2509 access server, please need a help [7:46146]
Dear all, I have a problem with Cisco 2509-RJ access server as follow: When i reboot the router to it load the IOS installed in the flash, a warning message is appear (Configurations from version 12.0 may not be correctly under stood) after loading, the (Press RETURN to get started) normal message is pop up at the console, but when i press Enter nothing happen only the message ( Press RETURN to get started) appear again. I thought that the problem may be from the IOS installed where it give me a warning at the beginning, so when i tried to go to the ROMON mode to install a new IOS (i can't reach the router through any other interface) by press Ctrl+Break i got the following mode : and the only available command are ? B [filename] [TFTP Server IP address | TFTP Server Name] Load and execute system image from ROM or from TFTP server C [address] Continue execution [optional address] D /S M L V Deposit value V of size S into location L with modifier M E /S M L Examine location L with size S with modifier M G [address] Begin execution HHelp for commands IInitialize KStack trace L [filename] [TFTP Server IP address | TFTP Server Name] Load system image from ROM or from TFTP server, but do not begin execution OShow configuration register option settings PSet the break point SSingle step next instruction T function Test device (? for help) Deposit and Examine sizes may be B (byte), L (long) or S (short). Modifiers may be R (register) or S (byte swap). Register names are: D0-D7, A0-A6, SS, US, SR, and PC so how can i upgrade the IOS in this mode, or is there any other method to solve the problem. Thanks -- Mohannad N. Khuffash Network Administrator Palestine Telecom Tel : 00970-09-2390509 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46146t=46146 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Bridging over FR subinterfaces [7:45336]
Dear Group, I have a problem for implementing the bridging over the Frame Relay subinterfaces, Cisco say that you should only enable the bridging over the main interface and the subinterface, i have made that but the problem still present! Any one have any idea about that. Note: When i issue the show bridge group command it show me that every thing is ok , and that the subinterfaces are in forwarding state. -- Mohannad N. Khuffash Network Administrator Palestine Telecom Tel : 00970-09-2390509 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45336t=45336 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MRTG and ISDN [7:45421]
Dear All, I have the MRTG since a long time worked well for monitoring my 60 remote sites where most of them 1601 sereis routers(11.2 IOS), when i decide to have a backup link for some sites i install BRI WIC and make the configuration, the probem that the MTRG being confused for monitoring the primary link which is a TDM or a RF(the ISDN is not active) , it give me either zero traffic or a little steady traffic, where either didn't reflect the true traffic !! Any one have an idea ? Thanks -- Mohannad N. Khuffash Network Administrator Palestine Telecommunication Company Tel: 00972-02-2982330 Fax:00972-02-2980235 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45421t=45421 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Bridging over FR subinterfaces [7:45336]
Hello MADMAN, The config simplely is : LAN interface interface FastEthernet0/1 ip address 172.31.0.1 255.255.0.0 duplex auto speed auto bridge-group 1 Main Interface interface Serial2/0:0 no ip address encapsulation frame-relay ip mroute-cache frame-relay lmi-type ansi bridge-group 1 Suninterface interface Serial2/0:0.1 point-to-point bandwidth 2048 ip address 192.168.1.17 255.255.255.252 ip mroute-cache no arp frame-relay frame-relay interface-dlci 19 Hope that it can help ?. -- Mohannad N. Khuffash Network Administrator Palestine Telecom Tel : 00970-09-2390509 MADMAN wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You ae correct in that you configure your bridge group on the physical and subinterface. You obviously have to configure bridging on some other interface like your LAN, send a copy of your config. dave Mohannad Khuffash wrote: Dear Group, I have a problem for implementing the bridging over the Frame Relay subinterfaces, Cisco say that you should only enable the bridging over the main interface and the subinterface, i have made that but the problem still present! Any one have any idea about that. Note: When i issue the show bridge group command it show me that every thing is ok , and that the subinterfaces are in forwarding state. -- Mohannad N. Khuffash Network Administrator Palestine Telecom Tel : 00970-09-2390509 -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45427t=45336 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Emergency: HOw to extend the telnet timeout for a router? [7:45222]
Use exec-timeout command at vty line interface . -- Mohannad N. Khuffash Network Administrator Palestine Telecom Tel : 00970-09-2390509 Ocsic wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, all the default timeout for a telnet session is 300 sec Any command can extend the telnet timeout time ? Please mail me [EMAIL PROTECTED] Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45222t=45222 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
problem at HSRP [7:45277]
Dear All, I have two 3660 routers works fine independently, when i tried to configure one of them to be standby for the other one, the first one be active always which has higher priority, where the other goes in a loop in the states of standby : speak, standby,active, speak,standby, active etc . Where the first one, didn't see any standby router (unkown). Router 1 f0/0 ip address 172.16.0.101 255.255.0.0 standby 1 ip 172.16.0.1 standby 1 priority 150 preempt Router 2 f0/0 ip address 172.16.0.102 255.255.0.0 standby 1 ip 172.16.0.1 Any help please ? -- Mohannad N. Khuffash Network Administrator Palestine Telecommunication Company Tel: 00972-02-2982330 Fax:00972-02-2980235 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45277t=45277 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: problem at HSRP [7:45277]
Both are 12.1 . Steven A. Ridder wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... What IOS version? Mohannad Khuffash wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear All, I have two 3660 routers works fine independently, when i tried to configure one of them to be standby for the other one, the first one be active always which has higher priority, where the other goes in a loop in the states of standby : speak, standby,active, speak,standby, active etc . Where the first one, didn't see any standby router (unkown). Router 1 f0/0 ip address 172.16.0.101 255.255.0.0 standby 1 ip 172.16.0.1 standby 1 priority 150 preempt Router 2 f0/0 ip address 172.16.0.102 255.255.0.0 standby 1 ip 172.16.0.1 Any help please ? -- Mohannad N. Khuffash Network Administrator Palestine Telecommunication Company Tel: 00972-02-2982330 Fax:00972-02-2980235 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45286t=45277 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX performance problem again ! [7:38955]
Dear All, I would first thank you for your worthfull contributions which enable me to solve the problem! The problem was that the interfaces is set to full duplex (10full or 100full commands), and when i change the configuration to 10base and 100base the problem has been solved totally !! I'm still didn't understand why ? my switch support the duplex and even not, the connection should not work totally not at low performance !. Anyway, thanks alot again for your contributions . -- Mohannad N. Khuffash Network Administrator Palestine Telecom Tel : 00970-09-2390509 Mohannad Khuffash wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear all, My problem with th PIX still present! the throughput between my inside cleints an the out side ftp server still very low ! the only node between them is the PIX,and the speed cann't be more than 50K B/s, i have checked the two cisco fixing problem for such like these cases: DNS pointer and IDENT protocols, but the problem is still present Please can any one help me ? Thanks in advance for your efforts -- Mohannad N. Khuffash Network Administrator Palestine Telecommunication Company Tel: 00972-02-2982330 Fax:00972-02-2980235 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39138t=38955 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX performance problem again ! [7:38955]
Dear all, My problem with th PIX still present! the throughput between my inside cleints an the out side ftp server still very low ! the only node between them is the PIX,and the speed cann't be more than 50K B/s, i have checked the two cisco fixing problem for such like these cases: DNS pointer and IDENT protocols, but the problem is still present Please can any one help me ? Thanks in advance for your efforts -- Mohannad N. Khuffash Network Administrator Palestine Telecommunication Company Tel: 00972-02-2982330 Fax:00972-02-2980235 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38955t=38955 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX 515 throughput problem ?! [7:38698]
Dear All, I'm facing a problem for PIX 515 throughput, i have tried to download a file from an FTP server located directly at the outside subnet, and my PC located at the Inside subnet, both are connected at catalyst 2948G, so the only node between them is the PIX. the max speed i got was 60k B/s. and when i connect the two machines directly without PIX, the speed go up to 4 M B/s ! i have tried all the cases, i have used static NAT, PAT, but always get the same result. Activation key set to unlimited throughput, and cisco say the throughput for this type of machine should 188 M b/s, you can add to your information that i don't use any type of encrypction or VPN ! Please any one have a comment for this problem ? Regards, Mohannad N. Khuffash Network Administrator Palestine Telecommunication Company Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38698t=38698 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Bandwidth limit at the E I [7:37105]
Hello, Is there any spesific command i can use to limit the bandwidth available at the ethernet interfaces ? Please advise ? Regards, -- Mohannad N. Khuffash Network Administrator Palestine Telecommunication Company Tel: 00972-02-2982330 Fax:00972-02-2980235 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37105t=37105 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: dialup mac address [7:36394]
Hello, Without using any AAA server, you nac assign specific IP address by using dialer pool . Mohannad Khuffash PalTel Patrick Ramsey wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... hey group I've got a 3640 with a couple'a pri's and two modem banks... I want to give vendors access to very specific servers through a firewall... (netscreen) My original thought was to place the vendor's mac address for it's dialup adapter in dhcp and assign it the same ip every timethen base the ACL's to each server on the vendor ip address... All the searching I have done on the web say dialup adapters have generic mac addresses, ie 44-45-53-54-00-00 ... How can I get the 3640 to dole out specfic ip's to vendors? How do isp's keep up with leases if this is the case? -Patrick Confidentiality DisclaimerThis email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36415t=36394 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Boson Tests didnt help for BCRAN [7:33879]
Hello, As an exam prep, Transcender is a good one, i had used it with Cisco BCRAN and got 864% . Salam rtc9 wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I recently took the BCRAN Test and used Boson Tests 1 and 2 to help me prepare along with the Cisco Book. I didnt pass, I missed by one question. I was taken aback; the Boson tests didnt really prepare me for the Exam. Does anyone have any suggestions for the BCRAN Exam preparation process. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34012t=33879 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco IDS [7:33842]
Hello Georg, It's a telecommunication company, and a high level of security is proposed to be implemented, so due think that it's a good solution or there is a better alternatives ? Thanks, Georg Pauwen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Mohannad, I work for a financial company, and I have the Cat6000 IDS Module installed in a Cat6509. As far as I can say, it is not much of a problem to install it. For management of the module, you will need either the Cisco Secure Policy Manager (CSPM) v2.2 and higher, or Cisco Secure Intrusion Detection Director. What kind of company are you working for ? It all depends on what level of security you require. Regards, Georg Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34013t=33842 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]