Re: Bizarre Router Behaviour
You can use 'show processes cpu' to see what process is consuming cpu. The process 'IP input' indicate how many ip traffic you have. The problem may be the router or something (traffic) entering the router. You can try isolate the source of the problem by shutting down the interfaces one by one. If you have more than one interface to same location shutdown all interfaces at same time. If you shutdown one interface and the problem stops, the problem is coming from that interface. One possibility is an attack from the internet, I have already seen this. Eng. Paulo Roque Network Engineer [EMAIL PROTECTED] +55 31 3249 1587 ""[EMAIL PROTECTED]"" <[EMAIL PROTECTED]> escreveu na mensagem [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > > I desperately need feedback on the following occurences. I have a 7513 with > 256 MB Ram as a single point of exit from my network. It has been hitting > 98-99% utilisation at sporadic times over the last couple of weeks. I cannot > isolate what is causing it. It is not BGP flaps as the tables don't update > around that time. It lasts for a couple of minutes and then alleviates. > > Any suggestions welcome. > > Thanks > Savvas > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ip traffic
HI All, I would like to know what IP´s is crossing our serial interface to internet, to accounting who is using more bandwidth. How can I do that? Thanks. -- Paulo Roque [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT/PAT Question
Warrick FitzGerald wrote: > Hi All, > > I am trying to configure NAT/PAT where all I am trying to do is change to > Destination Port (DP) of traffic ie. all traffic with a DP of 443 and a > specific destination IP Address (DA) of xxx.xxx.xxx.xxx should be NAT'ed to > xxx.xxx.xxx.xxx with a DP of 444. > > Why does this not work ? > > ip nat inside source static tcp 65.143.50.10 443 65.143.50.10 444 To translate the destination address you must use ip nat inside OUTSIDE static tcp 65.143.50.10 443 65.143.50.10 444 Paulo Roque Network Engineer [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem with the 2600 voice hang up
Hi Shenghai, This is a very common problem. The FXO doesn't detect the "hand up" tone and keeps ringing. There is a command to workaround this problem, but I have never used it, because it requires a new compression module. You may try it a tell me the results. The information is on: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121 t/121t3/dt_fxodt.htm Paulo Roque > Did somebody face the problem with voice gateway > (2600) with incoming CO trunk to FXO and Station with > FXS. > > PSTN line in FXO port ring at FXS port in the same > router. Disconnect problem with FXO > > Senario: > UserA calls from PSTN to FXO port. PLAR FXS phone > rings. Nobody pick up the ringing PLAR phone. UserA > hangs up. > > Problem: > The PLAR extension keeps on ringing even though userA > already hang up. > > Thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame-Relay question ?
You must do a router be a "frame-relay switch" e declare it a DCE device. In the router with the DCE cable do the following: router(config)#frame-relay switching . . router(if-config)#frame-relay intf-type dce router(if-config)#clockrate 256000 ""mindiani mindiani"" <[EMAIL PROTECTED]> escreveu na mensagem [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Want to get to setup frame relay on my two routers connectected (2x 2501) > back-to-back with a DTE/DCE cables. When both routers boot up I could see > the routing table with "sh ip route" and after 30 secondes the protocol on > the serial interfaces go down. Can you help > > Here is the sample config: > > Router1: > > interface Serial0 > clockrate 64000 > bandwidth 64 > ip address 10.0.2.5 255.255.255.252 > no ip directed-broadcast > encapsulation frame-relay > frame-relay lmi-type cisco > frame-relay interface-dlci 100 > > > Router2: > > interface Serial0 > bandwidth 64 > ip address 10.0.2.6 255.255.255.252 > no ip directed-broadcast > encapsulation frame-relay > frame-relay lmi-type cisco > frame-relay interface-dlci 200 > > > > > > _ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Protocol translation
I´m using a cisco router to do protocol translation between X.25 and TCP. The X.25 terminal connect to a X.25 router and the same router opens a telnet session to my TCP/IP host and the translation occurs transparently. It work´s fine in many cases, but I have here some dumb equipament that usually connect directly to a X.25 host and start communicating. It does not wait the router to open the telnet session on TCP/IP hosts. The result is that the begining of the communication is lost and then all connection is lost. The question is: Is there any manner to do router delay the X.25 connection until the telnet session to open? Thank´s in advance. I´m sorry about my poor english. -- Paulo Roque Network Engineer _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: x25 translation
I really don't know what IOS version is needed, but you will need the feature set "Enterprise Plus", which contains the protocol translator software. I am using IOS 12.0(7) Enterprise Plus and a Cisco 2610 it requires about 6 Mbytes of flash and 16Mbytes of RAM. Another consideration is the maximum number of translation session. Protocol translation is a CPU-intensive task. Increasing the number of protocol translation sessions while routing is enabled can impact available memory. The amount of memory available depends on the platform type, the amount of DRAM available, the activity of each translation session, and the speed of the link. A 2500 supports 180 session. -- Paulo Roque Network Engineer _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
e-mail para uso particular.
Jadir, Tinha ate uns dias atras uma conta e-mail para assuntos particulares e para uso de em casa, assim eu podia transferir meus arquivos para casa e vice-versa, passar meus e-mails pessoais lá de casa sem ter que misturar com a conta que uso aqui, acessar Internet de casa, etc. Esta conta foi apagada. E quando procurei o pessoal responsável (Marcelo e Ana Paula) para que ela fosse recriada me disseram que eu devia fazer uma solicitação formal e é o que eu estou fazendo agora. Se não for inconveniente para a CDLNET gostaria de solicitar um e-mail adicional aqui na CDLNET com o login sroque. PRoque _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
voice port OID.
Hi All, I need to monitor the status of voice ports on 3810 and 7204 routers using snmp. Does anybody know where I can find the voice port OID? Thanks. Paulo Roque _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Dial backup with OSPF [7:1851]
Hi guys, We are planning a ISDN dial backup for a ospf network with about 30 small stub areas. In the central site we will have a router with PRI line and 30 digital modems and in the remote sites we will have a backup router with ISDN BRI interfaces, which will dial when the main link become unavailable. - Have anyone implement a solution like this? - Has this solution any know problem? - Will backup router dial only when the main link fail or it will dial periodically for routing update? -- Paulo Roque Network Engineer [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1851&t=1851 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Radius ACL [7:3098]
I would like to apply a RADIUS access list to a Dial up interface. I know how to apply, but I4d like to know how to specify the direction of an access lists aplied to the interfaces. -- Eng. Paulo Roque Network Engineer [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3098&t=3098 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF - Do Not Age LSA [7:5242]
Hi All, In the following situation, where sholud I see the "DoNotAge LSA" a- only in router R2 b- only in router R1 c- in R2 and R3 d- in all router. Please, explain your answer Router R2 is configured with "ip ospf demand-circuit" area 0 x--- | x-- | R1 | ABR area 6 x-- | | [PTSN] | | x- -x-- | R2 || R3| x- -x-- || x---x area 25 ------ Eng. Paulo Roque Network Engineer [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=5242&t=5242 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF on demand circuit [7:5414]
OSPF on demand circuit I am testing a dialbackup in an OSPF network. When I start the router, link is brought UP, the OSPF databases are syncronized, the LSA are marked as DoNotAge and all works fine. But when the link goes down, the routing table is cleared. So I can4t reach any destination. Should the routing table hold the routes learned from OSPF via demand circuit, even if the link is down? If yes, what is wrong? If no, How can the router route the packets? -- Eng. Paulo Roque Network Engineer [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=5414&t=5414 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF - Do Not Age LSA [7:5417]
Hi All, In the following situation, where sholud I see the "DoNotAge LSA" a- only in router R2 b- only in router R1 c- in R2 and R3 d- in all router. Please, explain your answer Router R2 is configured with "ip ospf demand-circuit" area 0 x--- | x-- | R1 | ABR area 6 x-- | | [PTSN] | | x- -x-- | R2 || R3| x- -x-- || x---x area 25 ------ Eng. Paulo Roque Network Engineer [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=5417&t=5417 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
7200 and Memory [7:15928]
Hi All,
I have here a Cisco 7204VXR with voice capability, which is having memory
problems.
I have 64Mbytes off memory e the "show memory" reports:
-
#show version
Cisco Internetwork Operating System Software
IOS (tm) 7200 Software (C7200-IS-M), Version 12.1(3a)T3, RELEASE
SOFTWARE (fc1)
. . . . .
ROM: System Bootstrap, Version 12.0(19990210:195103) [12.0XE 105],
DEVELOPMENT SOFTWARE
BOOTFLASH: 7200 Software (C7200-BOOT-M), Version 12.0(10)S, EARLY
DEPLOYMENT RELEASE SOFTWARE (fc1)
. . . . .
System image file is "slot0:c7200-is-mz.121-3a.T3"
cisco 7204VXR (NPE300) processor (revision D) with 40960K/24576K
bytes of memory.
Processor board ID 20405135
R7000 CPU at 262Mhz, Implementation 39, Rev 2.1, 256KB L2, 2048KB L3
Cache
4 slot VXR midplane, Version 2.0
As you can see there are 40960K for system memory.
But the command "show process memory" reports:
#show process memory
Total: 13976896, Used: 13688808, Free: 288088
PID TTY Allocated FreedHoldingGetbufsRetbufs Process
0 0 93804 18089857992 0 0 *Init*
. . . . . .
As you can see there are ONLY 13,976,896 of memory.
Any ideas about this??
Thanks in advance.
-----
Eng. Paulo Roque
Network Engineer
Cisco Certified Network Associate
[EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=15928&t=15928
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 7200 and Memory [7:15928]
My question again to be more clear. I have here a Cisco 7204VXR with voice capability, which is having memory problems. I have 64Mbytes off memory and the "show memory" reports: - #show version . . . cisco 7204VXR (NPE300) processor (revision D) with 40960K/24576K bytes of memory. . . . As you can see there are 40960K for system memory. But the command "show process memory" reports: - #show process memory Total: 13976896, Used: 13688808, Free: 288088 . . . . . . -- As you can see there are ONLY 13,976,896 of memory. Where is the remaining 27Mbytes of memory?? Thanks in advance. ----- Eng. Paulo Roque Network Engineer Cisco Certified Network Associate [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16309&t=15928 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 7200 and Memory [7:15928]
Thank you David, I have just tried this solution. But I have two problem yet. 1 - Where is my memory? 2 - This IOS ( Version 12.1(3a)T3 ) doesn4t suport the memory-size command. Paulo - Original Message - From: Cooper, David To: 'Paulo Roque' Sent: Thursday, August 16, 2001 3:51 PM Subject: RE: 7200 and Memory [7:15928] you can use the memory-size iomem 25 to dedicate a certain amount (25%) for you processes. requires a reboot but it helps... Dave Cooper Cisco/Bay Network Engineer NetSolve Inc. 12331 Riata Trace Parkway Austin, TX 78727 (email) [EMAIL PROTECTED] CCNP - Routing and Switching CCDP - Routing and Switching CSS1- Cisco Security Specialist 1 NNCSS- Nortel Networks Certified Support Specialist Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16314&t=15928 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP multihoming question
Mehmet Ilgaz wrote: > > As a costumer, I want to have two internet connection to 2 different ISP. > I must have an AS number and a registered IP block . Is it true? > What is the minimum router konfiguration for this situation?Can Cisco 2500 > support this? > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- I have multihomed site with BGP4 running on a 2620. The RAM size is 64Mbytes and the processor utilization is only 14%. Some time 20%. This router is working full time for months and I never had a problem with bgp load. -- [EMAIL PROTECTED] Network Engineer. CREA/MG 66089/D ICQ# 6372 3382 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT Command Question
Wayne Lawson wrote: > > Other than IOS ver, what feature set are you running? You need a specific > feature set to run NAT. With IOS 11.3, you must have the Plus feature set. But it became default on IOS 12.0, that is, NAT comes with the IP Only version of IOS. -- [EMAIL PROTECTED] Engenheiro de Redes. CREA/MG 66089/D ICQ# 6372 3382 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Translating SNA to TCP/IP
We have here a mainframe that speaks SNA and TCP/IP. We are migrating some applications to SUN machines that do not speak SNA. We'd like to migrated the existing SNA links to routers. Is it possible to translate SNA to TCP/IP and vice versa using a router as a gateway? Has anyone ever seem this? -- [EMAIL PROTECTED] Network Engineer. CREA/MG 66089/D ICQ# 6372 3382 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Translating SNA to TCP/IP
Edward Solomon wrote: > > > > We have here a mainframe that speaks SNA and TCP/IP. We are migrating > > > some applications to SUN machines that do not speak SNA. We'd like to > > > migrated the existing SNA links to routers. Is it possible to translate > > > SNA to TCP/IP and vice versa using a router as a gateway? Has anyone > > > ever seem this? > > > Correct me if I'm wrong. I'm not CCIE certified yet. But yes, Its > > being used all over the world. Mainframes was save from being > > extinct because cisco came up a way to network sna traffic with ethernet > > traffic. Source route translational bridge (SRTB) has to be configure on > > the router. SRTB is a combination of transparant bridging and source > > routing bridging. Ethernet uses transparant bridging because the > > network is transparant to the end users. Mainframes run only on > > token-ring networks so it only uses source-route bridging. So therefore, > > SRTB needs to be in effect. > > Firstly, it is possible to migrate networks such that IP clients are able to > talk to a mainframe talking SNA. The ONLY method of doing this is to use > TN3270 server, which, in the Cisco world, runs either on the Channel Port > Adapter (CPA) or the Channel Interface Processor (CIP). There are many other > benefits to using a CPA or CIP in the 7000 series routers, although nowadays > both IBM and Cisco are recommending the approach of using OSA Express > adapters in the S/390 and running TCP/IP directly on the S/390. Paulo Roque again: Our problem is: we have a big customer which only use SNA and we must to connect this customer to a TCP/IP server. We need a solution, preferably on a cisco router, that connect this SNA customer in a TCP/IP server. Thanks. -- [EMAIL PROTECTED] Network Engineer CREA/MG 66089/D ICQ# 6372 3382 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Unequal-cost load balance using OSPF
How can I configure unequal cost load balance using OSPF? I have configured equal cost load balance and it is working fine. But, when I try to modify the costs of any link the load balance stop working. What is missing? -- [EMAIL PROTECTED] Engenheiro de Redes. CREA/MG 66089/D ICQ# 6372 3382 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
unequal cost load balance using OSPF
How can I configure unequal cost load balance using OSPF? I have configured equal cost load balance and it is working fine. But, when I try to modify the cost of any link, the load balance stop working. What is wrong? -- [EMAIL PROTECTED] Network Engineer. CREA/MG 66089/D ICQ# 6372 3382 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Technical Question
Bruce wrote: > Any help would be appreciated. > > Bruce > [EMAIL PROTECTED] > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- To solve this problem it's necessary some details, but I think this solution will work, pehaps with minor modifications. - Instead of assigning your private address to your client, use NAT (in the customer side) to translate the existing customer address to your public address or your private address. - Assign one IP address from network 32.82.221.32 / ...240 to your router. - Make the default gateway of the PC's be your router. - In your router (in the customer side) create a static router pointing the network address 32.82.221.32 mask 255.255.255.240 to the existing router and a default gateway to your router. -- [EMAIL PROTECTED] Network Engineer. CREA/MG 66089/D ICQ# 6372 3382 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Identifying a feature set.
Hi, How do I identify the installed feature set on a Router? Can I get this information from the output of "show version" command? Paulo -- [EMAIL PROTECTED] Engenheiro de Redes. CREA/MG 66089/D ICQ# 6372 3382 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: cisco 4500?
The equipament list is in: http://www.cisco.com/warp/public/625/ccie/certifications/routing.html -- [EMAIL PROTECTED] Engenheiro de Redes. CREA/MG 66089/D ICQ# 6372 3382 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Freeware for router management?
Hi, I am looking for freeware (or shareware) for simple router management. I need a simple software for windows that give me information about interface status (only up or down) using a GUI to be used by "operators staff". Does anybody know one? -- [EMAIL PROTECTED] Engenheiro de Redes. CREA/MG 66089/D ICQ# 6372 3382 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Freeware for router management?
Bharat Suneja wrote: > > You need to monitor routers or configure new ones ? > > Bharat Just monitor. -- [EMAIL PROTECTED] Engenheiro de Redes. CREA/MG 66089/D ICQ# 6372 3382 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: To the experts who have been in the game a while - Question???
I think you always must start with "pure science" then you can go ahead with application of that "pure science" in a practical manner: the Crisco technology or other. -- [EMAIL PROTECTED] Engenheiro de Redes. CREA/MG 66089/D ICQ# 6372 3382 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN/Frame Relay simulation
derek lewinson wrote: > 1) How can I simulate ISDN without using a real ISDN line (I don't have > one)? There are some box that simulate a ISDN network. I saw this sometime ago in www.blackbox.com.br (in portuguese). But I think that there is a english version site. > 2) How can I simulate frame relay? Do I need a particular type of router, > FR switch? You can use your router as a FR Switch. To enable FR switching use: ! frame-relay switching ! And you must do a FR route using the command below in interface config mode. ! frame-relay route ! There are some examples in: http://www.cisco.com/univercd/cc/td/doc/product/software/ios112/112cg_cr/4cbook/4cfrelay.htm . -- [EMAIL PROTECTED] Engenheiro de Redes. CREA/MG 66089/D ICQ# 6372 3382 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Could not create subinterfaces
Hello Omer, Are you using frame relay encapsulation on int s0? You can only create subinterfaces in that encapsulation. And consider the following: If you define a subinterface for point-to-point operation you cannot reassign the same subinterface number to be used for multipoint operation without first rebooting the router. -- [EMAIL PROTECTED] Engenheiro de Redes. CREA/MG 66089/D ICQ# 6372 3382 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
A Bug in debug NAT ?
Hello World, Question 1 I was debugging NAT on a cisco 2501 running IOS 12.0(6) and tried to filter the output of "debug ip nat", as I usually do with other debug output, with the command #debug ip nat 10 The access-list 10 exists and it works. Always I used debug with access-list I got a confirmation like "IP packet debugging is on for access list 10" after entering the command. With the command above get a simple confirmation like "IP NAT debugging is on", no mention of access-list. Is this a bug? May my access-list be wrong? Question 2 On debugging NAT yet, I got the following output: 2w4d: NAT: i: tcp (172.16.2.1, 10008) -> (192.168.1.31, 23) [56131] 2w4d: NAT: ipnat_allocate_port: wanted 10008 got 10008 2w4d: NAT: o: tcp (192.168.1.31, 23) -> (200.189.5.21, 10008) [44840] What means "ipnat_allocate_port: wanted 10008 got 10008" ? -- [EMAIL PROTECTED] Engenheiro de Redes. CREA/MG 66089/D ICQ# 6372 3382 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN Gateway and Firewall [7:62358]
Hi all, A have a Checkpoint FW-1 and a VPN concentrator in a new design. Where is the best place to put the VPN concentrator related to firewall? a) before the firewall (in the outside network) b) after the firewall(in the inside network) c) in parallel with the firewall d) in a separated firewall interface Paulo -- Eng. Paulo Roque Network Engineer Cisco Certified Network Associate [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62358&t=62358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX and Trunk [7:62383]
Hi all, Does PIX support VLAN trunk? Paulo -- Eng. Paulo Roque Network Engineer Cisco Certified Network Associate [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62383&t=62383 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
SQLNET/TNS Firewall Rule [7:62472]
I have a PIX firewall between a oracle server and a client. The client always start a connection on port 1521 on the server. The server always send a port redirect to the client informing the client to start a new connection on second port. This second port is always random, what makes me create a rule that permits the client to connect to any port on the server. This situation is bad. Is it possible to create a rule that restrict the client access to the server and still permit the oracle connection to occur? -- Eng. Paulo Roque Network Engineer Cisco Certified Network Associate [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62472&t=62472 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISS Real Secure Vs Cisco IDS [7:63461]
There are some papers comparing IDS solution (Cisco, ISS, Snort, etc) on NSS. The did a good job. http://www.nss.co.uk/ Paulo Roque Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63510&t=63461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VLAN as Firewall zones [7:65938]
Hi. I usually separate firewall zone with different physical LAN in different switches. What do you think of separating firewall zone with VLANs in the same switch/chassis? Paulo Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65938&t=65938 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP exam path question [7:45839]
Hi all, Must the exam path for CCNP be Routing, Switching, Remote Access and Support or the exams could be taken in any order? Thanks in advance!! -- Eng. Paulo Roque Network Engineer Cisco Certified Network Associate [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=45839&t=45839 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cryptography and frame-relay [7:46621]
Hi All, Is necessary to encrypt the comunication that goes over frame-relay links or the frame-relay virtual circuits (PVC/SVC) mechanisms are secure enough to protect my data? Thanks -- Eng. Paulo Roque Network Engineer Cisco Certified Network Associate [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46621&t=46621 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Prefix List Question [7:47117]
I have developed a method. I draw a generic rule like this: lenge-value---le-value---32 For the command "ip prefix-list MYLIST permit prefix/24 ge 25" I put that values on the rule: len=24 ge=25 (values greater than 25 marked with *) le= not present 2425***32 So the command "ip prefix-list MYLIST permit prefix/24 ge 25" match the prefix length from 25 to 32. For the command "ip prefix-list MYLIST permit prefix/24 le 28" I put the values on the rule: len=24 ge= not present le= 28 (values lower than 28 marked with *) 24***2832 So the command "ip prefix-list MYLIST permit prefix/24 le 28" match the prefix length from 24 to 28. === Finally for the command "ip prefix-list MYLIST permit prefix/24 ge 25 le 28". I put the values on the rule: len=24 ge=25 le=28 24--25***28--32 So the command "ip prefix-list MYLIST permit prefix/24 ge 25 le 28" match the prefix from 25 to 28. ------ Eng. Paulo Roque Network Engineer Cisco Certified Network Associate [EMAIL PROTECTED] "Dain Deutschman"" escreveu na mensagem [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Could someone explain to me what the "ge" and "le" options are used for in a > prefix list statement? > Example: ip prefix-list MYLIST permit 11.11.11.0/24 ge le > > Thanks! > > Dain Deutschman > CNA, MCP, CCNA > Data Communications Manager > New Star Sales and Service, Inc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47143&t=47117 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame relay question [7:23104]
Good Explanation Paul !!! ""Paul Jin"" escreveu na mensagem news:[EMAIL PROTECTED]... > 1 - FR treats p2p subinterfaces as a distinct stand alone interface, meaning > the router is tricked into thinking it has multiple serial interfaces > instead of just one. -- thus, the physical interface might be s0, but you > might create 10 subineterfaces p2p from s0.1- s0.10. > > The router will think that even though all these PVCs come in through the > same physical interface, it will think that the router actually has 10 > serial interfaces, thus no need for split horizon. > > When you do multipoint or do the FR PVCs on the physical interface, > the router believes that all these communication is converging back > to the same physical interface. It does not think that even though, you > might have 10 PVCs, all coming from 10 separate locations, that > these PVCs are separate. All it sees from this point of view is > 1 pipe back into itself, thus your need for split horizon or it thinks it > needs to enable split horizon to stop any loops. > > 2 - NBMA (Non-Braodcast Multi-Access) that is what frame relay is. > You can compare this to BMA and an example of that is ethernet. In > ethernet, you have devices that connected to a common multiaccess device and > the nodes have the ability to do a broadcast to find each other. In FR, you > have multiaccess capability, such as multiple PVCs converging into 1 primary > location. For example, the 10 remote sites going into 1 HQ, but FR does not > give you broadcast capapbilities that is available in the ethernet network. > > Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23413&t=23104 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NTP and Daylight Saving [7:57076]
High all, I have just set up a 3620 as a NTP Master to provide the time information to all net devices (routers, switches, servers, ...) clients. This router syncronize its local clock with public NTP servers. I also have set up the router to adjust daylight saving time accordiling, but the router always inform the UTC to its clients, not the local time. I know this is right, but what I need is to inform the local time to the clients, in this way I don4t need to set up all net devices when the daylight saving time starts and ends. Is possible to do that? Paulo Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57076&t=57076 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NTP and Daylight Saving [7:57076]
It4s exactly that kind of task I want to avoid ! Paulo ""Georgescu, Aurelian"" escreveu na mensagem news:200211072134.VAA21948@;groupstudy.com... > You have to set up daylight saving and time zone on each client, so they > will know how to interpret the UTC. > > Aurelian Georgescu > > > -Original Message- > From: Paulo Roque [mailto:paulo.roque@;spcbrasil.org.br] > Sent: Thursday, November 07, 2002 4:03 PM > To: [EMAIL PROTECTED] > Subject: NTP and Daylight Saving [7:57076] > > High all, > >I have just set up a 3620 as a NTP Master to provide the time information > to all net devices (routers, switches, servers, ...) clients. This router > syncronize its local clock with public NTP servers. I also have set up the > router to adjust daylight saving time accordiling, but the router always > inform the UTC to its clients, not the local time. I know this is right, but > what I need is to inform the local time to the clients, in this way I don4t > need to set up all net devices when the daylight saving time starts and > ends. > > Is possible to do that? > > Paulo Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57101&t=57076 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX Book [7:58250]
Hi, Is there any good book and new on PIX firewall -- Eng. Paulo Roque Network Engineer Cisco Certified Network Associate [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58250&t=58250 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
simulations exam [7:52172]
Hi, Do the simulations in the new CCNP exams works, so that I can test my configurations or I can just enter the commands? Eng. Paulo Roque [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52172&t=52172 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
simulations questions [7:53662]
How many simulation questions are there in the exams 640-60X ? Are they (simalation questions) always present ? -- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53662&t=53662 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
