Re: Bizarre Router Behaviour
hi savvas, did you try a 'show proc cpu' to identify where the cpu utilization is coming from ? You could look with 'show int' at the packets per second values of the interfaces if a high packet load causes the cpu load. To identify who is causing the high packet load you could use logging access-lists. There is also a very good paper on tracking packet floods available on CCO. hth Reinhold -- Reinhold Fischer [EMAIL PROTECTED] CCNP-Security/SunCSA/HP Certified Consultant for Network Management On Thu, 25 Jan 2001, [EMAIL PROTECTED] wrote: > Hi all, > > I desperately need feedback on the following occurences. I have a 7513 with > 256 MB Ram as a single point of exit from my network. It has been hitting > 98-99% utilisation at sporadic times over the last couple of weeks. I cannot > isolate what is causing it. It is not BGP flaps as the tables don't update > around that time. It lasts for a couple of minutes and then alleviates. > > Any suggestions welcome. > > Thanks > Savvas > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ping
Hi Tarry, with standard ping it takes the ip of the outgoing interface as source address. with extended ping you can specify which ip to use: opcore#ping Protocol [ip]: Target IP address: 192.168.1.1 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: hth Reinhold -- Reinhold Fischer [EMAIL PROTECTED] CCNP-Security/SunCSA/HP Certified Consultant for Network Management On Thu, 25 Jan 2001 [EMAIL PROTECTED] wrote: > Hi > > When I ping from a router dose it take the loopback ip address as a source > address or dose it take the Eth/Serial interface? > > Regards, > > Tarry > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Creating more than 5 vty lines
you need to have Enterprise IOS to create more than 5 lines -- Reinhold Fischer [EMAIL PROTECTED] CCNP-Security/SunCSA/HP Certified Consultant for Network Management On Tue, 19 Dec 2000, Larry Ogun-Banjo wrote: > Could anyone kindly assist, please. On a Cisco router,2500, I am trying to > create more that 5 vty lines. By default, you have 0-4 when you use the line vty > ? command. However, I need to create more lines and the router doesn't allow me > to increase the lines. I am running IOS 11. Many thanks. > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: bandwidth loss!
Stephano, setting the bandwidth of the ethernet port does not reduce the bandwidth. It just influences some routing protocols to calculate a metric. You may want to take a look at queueing methods to distribute available bandwidth to customers. (Althought i am not sure if - eg. custom queueing - could fit your needs). greetings Reinhold -- Reinhold Fischer [EMAIL PROTECTED] CCNP-Security/SunCSA/HP Certified Consultant for Network Management On Wed, 27 Dec 2000, stephano mwendo wrote: > Haloo guys, > I have one problem here which is troubling me. > I have one customer connected to ethernet interface of > my router through a wireless link. > The bandwidth at the router ethernet interface is > configured at 128Kbps.To my suprise the output rate of > the port reads at sometimes 330Kbps > I have this problem because I want to connect other > customers but my bandwidth seems to be full but I am > loosing a lot of it this way. > Can anyone have a solution please. > > below is the interface description at "show int" > > > > Ethernet0 is up, line protocol is up > Hardware is Lance, address is 00e0.1e42.bc84 (bia > 00e0.1e42.bc84) > Internet address is 216.x.xx.xx 255.255.255.224 > MTU 1500 bytes, BW 128 Kbit, DLY 1000 usec, rely > 255/255, load 232/255 > Encapsulation ARPA, loopback not set, keepalive set > (10 sec) > ARP type: ARPA, ARP Timeout 4:00:00 > Last input 0:00:00, output 0:00:00, output hang > never > Last clearing of "show interface" counters never > Output queue 0/40, 0 drops; input queue 0/75, 0 > drops > 5 minute input rate 106000 bits/sec, 115 packets/sec > 5 minute output rate 338000 bits/sec, 116 > packets/sec > 15399913 packets input, 1917488770 bytes, 0 no > buffer > Received 125968 broadcasts, 0 runts, 0 giants > 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 > ignored, 0 abort > 0 input packets with dribble condition detected > 16692518 packets output, 2060062478 bytes, 0 > underruns > 0 output errors, 169769 collisions, 1 interface > resets, 0 restarts > 0 output buffer failures, 0 output buffers > swapped out > __ > > > NB:Please help me I need to fix this problem soon > > > = > * > STEPHANO MWENDO > PO BOX 8806, DAR ES SALAAM, TANZANIA. > TEL 255 22 2114053 > FAX 255 22 2118956 > MOBILE: 255 744 275559 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: can SPAN port transmit?
Hi Priscilla, Hi Group, I used the SPAN functionality often on remote sites with Catalyst 2924XL and Catalyst 6000 switches. As sniffer device i used a unix workstation on the remote network that was able to run a basic protocol analyzer (tcpdump, snoop). I setup and operated SPAN functionality and the tool on the workstation all remotely and it worked always fine. So i would say yes to the question, the sniffer-like device is able to send data. It has been a while since i used this (previous workplace) but if remember correctly on the cat6000 was a special parameter that allowed the port used as SPAN port to send data. hth Reinhold -- Reinhold Fischer [EMAIL PROTECTED] CCNP-Security/SunCSA/HP Certified Consultant for Network Management On Fri, 29 Dec 2000, Priscilla Oppenheimer wrote: > Hi folks, > > If I connect a Sniffer-like device to the SPAN port of a switch, will the > Sniffer-like device be able to transmit data? > > My guess is no. From my reading on Cisco's SwitchProbe external hardware > probes, it appears that the SwitchProbe needs an additional port to send > data to a network management system. One port connects to a SPAN port on > the switch and the other port connects to a normal port and is configured > in "management mode." > > But, does anyone have experience with trying to send from a device > connected to a SPAN port? > > Thanks > > Priscilla > > > > Priscilla Oppenheimer > http://www.priscilla.com > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TCP/IP port 1761 and 1762
google rocks ,) a quick search for "tcp port 1761" brought up the following: :Remote Control uses TCP port 1761 on remote Admin consoles :When I use Remote Control from the site server, the server tries contacting the :remote control agent on the client with the TCP port 2701 and it's OK. But from a :Helpdesk MMC, the workstation tries to connect using TCP port 1761 and the connection :fails? : :One of the big changes in SP2 is that the ports Remote control uses have been :changed. Prior to SP2, Remote Control uses TCP ports 1761-1764 which weren't :registered for use by SMS. In SP2, ports 2701-2704 have been registered for use by :SMS hence the change. You can use an SP2 Admin console to Remote Control both SP2 and :SP1 clients (it tries 2701-2704 first, then tries 1761-1764 if this fails). However :you CAN'T use a SP1 Admin console to Remote Control an SP2 client. : :When you upgrade to SP2, ONLY the Admin console on the site server is upgraded at the :same time. All remote Admin consoles need to be updated individually. Could it be that the hosts are winnt workstations with an installed Microsoft System Management Server Client ? hth Reinhold -- Reinhold Fischer [EMAIL PROTECTED] CCNP-Security/SunCSA/HP Certified Consultant for Network Management Keith Wood wrote: Any idea what exactly these ports are used for? I know they are for cft-0 and cft-1. What is CFT? All the RFC gives me is a name and number (no descriptions), but as it is Christmas I wont call this number untill in the New Year - I am just curious in the meantime so if anyone knows the answer I would appreciate it. I am asking as I have just started reading on the subject of security, and a port-scan of the network shows a lot of machines with these 2 ports active... Keith ;-) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ACL Log
your acl specifies only ip, so ip is all what the acl is looking at. the ip protocol itself has no ports, so there are no ports to look at. the sub- protocols (hope it is correct to call them this way) udp and tcp have ports, so the acl would look like: access-list 101 permit tcp any gt 0 any gt 0 log-input access-list 101 permit udp any gt 0 any gt 0 log-input access-list 101 permit ip any any log-input if you leave the 'gt 0' out it will not give you the ports of the packets. probably because the router does not have to look at the port information to decide if the acl-line matches or not. greetings Reinhold -- Reinhold Fischer [EMAIL PROTECTED] CCNP/SunCSA/HP Certified Consultant for Network Management On Sun, 17 Sep 2000, Mohammed Hussain wrote: > Hi > > I applied access-list for serial inbound to see the traffic. But logging is > now > showing the source & destination ports. How can I see the tcp & udp ports in > log? > > access-list 101 permit ip any any log-input > > 2w5d: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 192.168.103.37(0) (Serial0 > *HD > LC*) -> 192.168.100.149(0), 1 packet > 2w5d: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 192.168.103.55(0) (Serial0 > *HD > LC*) -> 192.168.100.158(0), 1 packet > 2w5d: %SEC-6-IPACCESSLOGP: list 101 permitted udp 192.168.103.55(0) (Serial0 > *HD > LC*) -> 192.168.100.158(0), 1 packet > 2w5d: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 192.168.103.67(0) (Serial0 > *HD > LC*) -> 192.168.100.74(0), 1 packet > > > Mohammed Hussain > **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Length of Ethernet frame
Hi Martin, Hi Group, The preamble does not count to the length of the frame. Between the source MAC adress and the data field there is a 2 byte typecode field in Ethernet v2 (Arpa). In Ethernet IEEE 802.3 there is the 2 byte length field instead of the type field. Ethernet v2 (ARPA) Frameformat: DA: 6 octets SA: 6 octets Type: 2 octets Payload(Data): up to 1500 octets Frame Check Sequence (FCS): 4 octets sum: 1518 octets greetings, Reinhold -- Reinhold Fischer [EMAIL PROTECTED] CCNP/SunCSA/HP Certified Consultant for Network Management On Mon, 2 Oct 2000, M. A. wrote: > Dear group, > > I have one question which has bugged me for ages, that is, what exactly is the >maximum length for an Ethernet frame (assuming no other encapsulation like ISL)? The >number 1518 keeps on getting mentioned, but I just can't seem to work that number out: > > The way I see is: > > Preamble:8 > DA: 6 > SA: 6 > Data: 1500 > FCS: 4 > > All those add up to 1524 How do people get the number of 1518??? > > Much appreciate any help! > > Martin > > **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP Port number
It uses neither udp nor tcp. It uses its own ip protocol (protocol number 88). TCP has ip protocol nr. 6, UDP has ip protocol nr. 17. hth, Reinhold -- Reinhold Fischer [EMAIL PROTECTED] CCNP/SunCSA/HP Certified Consultant for Network Management On Mon, 2 Oct 2000, kikpasa wrote: > port number I think is 88 > > "C.M Leong" wrote: > > > > Hi : > > > >Does any one know EIGRP is using tcp or udp ? And > > what is the port number ? > > > > Thanks in advanse. > > > > Cheers > > Jimmy **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Token ring and duplex
i think it has nothing to do with the ring speed. To use fullduplex the routerport (i hope you are referring to a router port) has to be connected to a tokenring switch. no clue if it could work too in a ring with only two stations. lets see what others say ... hth Reinhold -- Reinhold Fischer [EMAIL PROTECTED] CCNP/SunCSA/HP Certified Consultant for Network Management On Tue, 17 Oct 2000, SH Wesson wrote: > If a token ring is running at a speed of 16, should the duplex be full or > half. If it's at half, what may be some problems as a result of it. > thanks. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NAT twice, will this work?
jason, had used a similar setup (had to use nat three times) with cisco routers with success. The router does proxy arp in my case. Cannot comment about the sun/firewall1 stuff ... hth Reinhold -- Reinhold Fischer [EMAIL PROTECTED] CCNP/SunCSA/HP Certified Consultant for Network Management On Tue, 17 Oct 2000, Jason Jin wrote: > > I have a situtation that I need to NAT twice, once on router, > and then again on firewall-1. I can't figure out wheather this > will ever work , here 's the our network diagram: > > > WAN DMZINTERNAL > -| Router ||Firwall-1|--|HostA|-- > > we are assigned address space 32.x.x.192-32.x.x.207 > >from out ISP( WAN), since our DMZ is using 172.24.100.0/24 > the router is doing static NAT to this range. our internal network > is 10.10.1.0/24. > > > The IP address as folowes: > > Router = interface on DMZ 172.24.100.3 ( NATed) > Firewall-1: interface (qfe0) on DMZ 172.24.100.2 > interface (qfe1) on internal 10.10.1.2 > > HostA: since I need to access host A from WAN side, > hostA need to be NAT'ed at two place , > at firewall-1 it NAT from 10.10.1.101 to 172.24.100.101 > at Router it is NAT from 32.x.y.101 to 172.24.100.101. > > I have setup the firewall rules , route and arp entry on firewall-1 > for HostA, and address translation work fine for hostA, if > I connect from DMZ. > > Now here's my problem: if I want connnect from hostB from wan > side, the packet destined for 32.x.y.101 , the destination > first NATed to 172.24.100.101 , then pickup by firwall-1 > who's listen for arp request, NATed to 10.10.1.101 ? > will this work? > > one question : when somebody the DMZ sent out a arp request > for 172.24.100.101, the firwall-1 will respond , but will router > respond too, since it is doing NAT for this address as well? > any help is much appreciated. > > > TIA, > > Jason _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 4003 Catalyst Switch, Unable to connect 10mbps links
check the spanning tree settings. probably the port on the catalyst is not in forwarding state as the dhcp clients try to get their lease from the dhcp server. disable spanning tree if you don't need it. if you need it, setting the ports to portfast might help. hth Reinhold -- Reinhold Fischer [EMAIL PROTECTED] CCNP/SunCSA/HP Certified Consultant for Network Management On Wed, 25 Oct 2000, Muhammad Faheem wrote: > Hi All > > My server and DHCP is connected to a Catalyst 4003 switch. I do not have > any VLAN and I use all default configuration on the switch. When I try to > connect any workstation having 10 Mbps ethernet card to the switch, the > clients do not get a DHCP request from the server. > > But the same device when connected to 10/100 3COM hub, which is connected > to the same CAT 4003 switch log on and get the DHCP lease. > > I tried changing the duplex and speed config of the respective ports but > nothing helped. Why is it that the device gets a connect from a hub but not > >from the switch. I have tried even putting the DHCP server on another port > in other switches or hubs but the problem remained to all devices connected > to the CAT 4003 switch. I am attaching the log file to see my config. > > Thanx > > > <<4003.log>> > > Muhammad Faheem > Systems Engineer > Afcomp > Hello : (9714)-3933878 / 3027338 > > > > > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Connecting to Console port (How to issue a BREAK with minthyperterminal)
Oh dear, not the hyperterminal thread again, this was my first thought as i have read the original question. I agree, there are many execellent terminal emulators out there. But just imagine that you go to a customer and have to use one of their computers to rescue a router. Wanna ask the customer to download xxx-term that you can work with ? Chances are very good that hyperterminal is on the customers computer, so we should know how to use it ... To issue a break signal with genuine Hyperterminal you can use this method: Connect as usual to the router and set a very low baudrate in hyperterm. I use 110 as example. Now just press a few different keys repeatedly. Thies issued the break signal. Now switch back to 9600 bits per second and continue the usual procedure. hth Reinhold -- Reinhold Fischer [EMAIL PROTECTED] CCNP/SunCSA/HP Certified Consultant for Network Management TechRec wrote: >Hi > >I've heard that HyperTerminal is not good for connecting to the console port >on Cisco routers. If this is the case, can anyone recommend an alternative >please. > >Thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: SYN Attack - How to identify this
a few links about this subject: Defining Strategies to Protect Against TCP SYN Denial of Service Attacks (has also basic explanations) http://www.cisco.com/warp/public/707/4.html Characterizing and Tracing Packet Floods Using Cisco Routers http://www.cisco.com/warp/public/707/22.html For detailled information how the different tools work you can use the search function on http://www.cert.org (watch word-wrap): http://search.cert.org/query.html?rq=0&col=allcert&ht=0&qp=&qt=tcp+syn+attack&qs=&qc=&pw=100%25&ws=1&la=&qm=0&st=1&nh=25&lk=1&rf=2&oq=&rq=0&si=1 hth Reinhold -- Reinhold Fischer [EMAIL PROTECTED] CCNP/SunCSA/HP Certified Consultant for Network Management On Sat, 18 Nov 2000, Pradeep Kumar wrote: > Hi folks, > > I need to know how to :- > - simullate a SYN attack ? > - How SYN attack actually works. > > Any information will be appreciated. > > Regards All. > Pradeep > ___ > Visit http://www.visto.com/info, your free web-based communications center. > Visto.com. Life on the Dot. > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IBM 8228 MAU
Please correct me if i am wrong here, but isn't it required to connect RI to RO to form the ring ? I always kept them connected together when using the MAU in a lab environment. To test the ports i can only agree to ElephantChild's method. Greetings Reinhold On Sun, 1 Apr 2001, ElephantChild wrote: > On Sat, 31 Mar 2001, John Chang wrote: > > > I have a IBM 8228 MAU. What is the easiest/fastest way to test each port > > including the RI RO? What is the fastest way to test type 1 cables? I > > have this thing that has the type connector on one end. It's about 3 > > inches long and has a red LED. What is it called and what is it for? I > > looked in the archive and I want to IBM's website but couldn't find > > anything helpful. Thanks. > > To test all ports except RI and RO, first connect a machine to port 1 > and have it insert into the ring, then connect another to each of ports > 2-8 in turn, each time having it insert and checking that the machines > see each other. > > To test RI and RO, you need 2 trunking cables. Connect the 2 MAUs > together, then connect the 2nd machine to ports 1-8 of MAU 2 and repeat > the insert-and-check test as above. Then, with 1 machine connected to > each MAU, test RI by disconnecting first one end, then the other, then > both, each time checking that the machines see each other. Reconnect RI > and check RO the same way. > > Warning: If any test fails, it could be the MAU port, the machine, or > the cable. Use known good cables and machines to the extent possible. > > -- > According to Joyce Melton, "respondability" is cromulent. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What is the difference between flooded broadcast and direct [7:466]
a directed broadcast comes from outside of the subnet and is directed to the broadcast address of the subnet. this can be abused to do bad things with it. just imagine sending a packet with a spoofed source address to the broadcast address of a subnet. all the hosts that react on the packet will respond to the address that never sent the packet ... the flooded broadcast (never heard it as flooded) is probably the standard broadcast that is generated inside the subnet and goes to all hosts in the subnet. Greetings Reinhold On Thu, 12 Apr 2001, DZ wrote: > What is the difference between flooded broadcast and direct broadcast? > Anyone knows? Thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=466&t=466 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is there a hyperterm in Solaris? [7:606]
hi, there is a very basic terminal program included in solaris called 'tip'. You have to add a line to /etc/remote to use it comfortably. I added this line to /etc/remote: serial2:dv=/dev/cua/b:br#9600 that means i use serial B with 9600 bps to start tip i use then 'tip serial2' to quit tip type '~.' to send the BREAK signal use '~#' for more details see 'man tip' greetings, Reinhold On Sat, 14 Apr 2001, Zhiping Li wrote: > hi,everyone > I wonder if there is a hyperterm-like terminal > software in Solaris. > Any help is appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=606&t=606 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: strange arp entries [7:4164]
Some other stations are trying to access the IP addresses marked as incomplete, therefore the router tries to arp for them. Because the stations do not exist on your network, the arp request is not successful. i would setup 'logging accesslists' inbound on the other interfaces of the router to track where the requests come from. hth Reinhold On Fri, 11 May 2001, Valeri Marinski wrote: > hi group > i have some strange entries in the arp cache of all our 7200 routers > with "Incomplete" MAC > here an example of "sh arp": > -- > > Internet 172.16.90.232 0 000c.8323.c5d2 SNAP > TokenRing1/2 > Internet 172.16.90.233 0 Incomplete SNAP > Internet 172.16.10.166 0 Incomplete SNAP > Internet 172.16.90.246 0 4005.002d.7160 SNAP > TokenRing1/2 > Internet 172.16.10.167 0 0800.09c4.8884 SNAP Fddi0/0 > Internet 172.16.100.201 0 0006.0d5c.db9f SNAP > TokenRing1/3 > Internet 172.16.90.247 0 .8322.1515 SNAP > TokenRing1/2 > Internet 172.16.90.244 0 .8329.bc8d SNAP > TokenRing1/2 > Internet 172.16.100.202 0 0008.c13a.6ba1 SNAP > TokenRing1/3 > Internet 172.16.10.164 0 0800.09c4.e844 SNAP Fddi0/0 > -- > > Internet 172.16.80.363 .8323.88e3 SNAP > TokenRing1/1 > Protocol Address Age (min) Hardware Addr Type Interface > Internet 172.16.10.127 3 .5a42.6d48 SNAP Fddi0/0 > Internet 172.16.20.980 Incomplete SNAP > Internet 172.16.10.124 3 .5a42.6d48 SNAP Fddi0/0 > Internet 172.16.20.990 Incomplete SNAP > Internet 172.16.10.125 3 .5a42.6d48 SNAP Fddi0/0 > Internet 172.16.80.323 .8327.e9ad SNAP > TokenRing1/1 > > > as you can see there is no interface behind and the age remain 0 > those ip addresses were/are not in use > > all our users have Olicom token ring cards (.83) and they are all > patched to Alcatel TR concentrators some are connected to Bay TR > switches - but in both cases you can see this strange arp entries > if i clear the arp cache - those entries apper again and they vary > i don't know if it is a problem - i can't see any performance problems > what could this be? > cabling reflections? > any comments are appreciated > thanks in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4178&t=4164 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP extended access list question [7:4321]
Hi Hans, the echo reply is the answer packet to the echo request. so with the part of configuration that you gave, the echo request goes 'out' of interface e0. There is no outgoing access-list set, so the echo request will reach its destination. the echo reply comes from 171.21.50.2 and goes back to 171.21.10.2. although an incoming access list is set on e0, the packet does not match line 2 of your accesslist because the source of the echo reply is 171.21.50.2. hth Reinhold On Sun, 13 May 2001, Hans Stout wrote: > Hello colleagues, > > I am trying to block all IP traffic from host A to host B except for ICMP > echo replies. This is the access list I hve configured: > > access-list 100 permit icmp host 171.21.10.2 host 171.21.50.2 echo log > access-list 100 permit icmp host 171.21.10.2 host 171.21.50.2 echo-reply log > access-list 100 deny ip host 171.21.10.2 host 171.21.50.2 > > I then apply this access list as inbound to Ethernet0: > > Ethernet0 > ip address 171.21.50.1 > ip access-group 100 in > > However, when I try to ping 171.21.50.2 from 171.21.10.2, I get a no reply, > and the access list logs matches under the deny entry. I wonder if I am > missing something or might have the syntax wrong. Do you have any ideas ? > Thanks in advance for your help. > > Regards, > > Hans > _ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4361&t=4321 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to install CiscoSecure ACS on Solaris for Intel? [7:4362]
Hi RF, as i took the MCNS training, we also discussed CiscoSecureACS for Unix and NT. The Coursebook says strictly that only the sparc architecture of solaris is supported. Thats waht i found on the Cisco Documentation CD: http:// www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/cs_unx/instl23.htm#xtocid158004 CiscoSecure ACS Server Requirements The Cisco Secure ACS (and its optional backup server) requires the following hardware and software: UltraSPARC or compatible workstation To support CiscoSecure ACS without the licensed Distributed Session Manager option: Ultra 1 with a processor speed of 167 MHz or faster ---Minimum 200 MHz if the Oracle or Sybase RDBMS is installed on the same system. To support CiscoSecure ACS with the licensed Distributed Session Manager option: Ultra 1 or faster ---Ultra 10 or faster if the Oracle or Sybase RDBMS is installed on the same system Minimum 256 MB of swap space 128 MB of RAM 256 MB of RAM if the Oracle or Sybase RDBMS is installed on the same system Minimum 256 MB of free disk space (if you are using the supplied SQLAnywhere database) Minimum 2 GB disk space if the Oracle or Sybase RDBMS is installed on the same system CD-ROM drive Greetings Reinhold On Sun, 13 May 2001, RF wrote: > Anybody here ever try to install CiscoSecure ACS on Solaris on an Intel box? > I asked a related question before, when apparently the installation couldn't > find java for some reason, even though java was on the system (and in the > PATH and all that). I solved this problem by just manually creating a soft > link to the java executable at the place where the Ciscosecure looked for > java (although I still don't understand why the installation script doesn't > have instructions to create the link itself). > > But now it still is unable to create the database files. Apparently, there > is some error where a particular script uses an input file, but the input > file is pure jibberish, so the script fails. And because the script fails, > the database tables are never created, and because of that, the ACS cannot > start. I will post the exact error message if anybody is interested. > > > But now I am wondering if it is possible to do this at all. If there are > all these of problems in installing it, maybe it was just not meant to be. > Maybe running the Solaris version of ACS requires a SPARC-based workstation > (a Sparcstation or an Ultra), and it is just not possible for Solaris ACS > to be on an Intel box (so I would have to use the Windows ACS). I thought > that the operating system would provide an abstraction layer for > applications, so that the ACS wouldn't care what hardware Solaris was > running on, just as long as it is running. But then again, I ain't no > Solaris superstar, so maybe I'm wrong. > > So what I want to know is - has anybody ever successfully installed Solaris > on a x86 PC and then successfully installed the CiscoSecure ACS (with the > default SQLanywhere database)? If so, did you get the kinds of errors that > I'm getting and how did you resolve them? If you did not get these errors, > then why do you think I'm getting errors? Or if you did not use > SQLanywhere, and used, say, Oracle, could you provide some simple > instructions as to how to go about installing Oracle so that ACS can use it > (I have the Oracle CD's, but I'm no Oracle guru)? > > Thanx in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4362&t=4362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: splitting a PRI connection [7:4359]
hi, could it be that it is a channelized E1 ? You can use the 30 B-Channels separately. Here is how it looks on one of our routers: Excerpt from 'show version': cisco 4500 (R4K) processor (revision B) with 32768K/4096K bytes of memory. Processor board ID 01838185 R4600 processor, Implementation 32, Revision 2.0 G.703/E1 software, Version 1.0. Channelized E1, Version 1.0. HI, > > One of my friends clients place they have taken a PRI connection (E1) having > 30 channels & they have given each channel to each dept. for net. access. > There are 30 depts. in the organisation. > > I understand they must have used a de multiplexer in splitting the channel. > Can anyone help me how they must have done it. > they are using a 3600 series router in the office. > > Regards > rstephenp > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4374&t=4359 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: splitting a PRI connection [7:4359]
Next try ... Have to take care on characters that appear also in html-mail ... hi, could it be that it is a channelized E1 ? You can use the 30 B-Channels separately. Here is how it looks on one of our routers: Excerpt from 'show version': cisco 4500 (R4K) processor (revision B) with 32768K/4096K bytes of memory. Processor board ID 01838185 R4600 processor, Implementation 32, Revision 2.0 G.703/E1 software, Version 1.0. Channelized E1, Version 1.0. HI, > > One of my friends clients place they have taken a PRI connection (E1) having > 30 channels & they have given each channel to each dept. for net. access. > There are 30 depts. in the organisation. > > I understand they must have used a de multiplexer in splitting the channel. > Can anyone help me how they must have done it. > they are using a 3600 series router in the office. > > Regards > rstephenp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4382&t=4359 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Strange connectivity issue [7:4533]
Hello John, we experience the same Problems with Baystack 350F-HD switches with Software Release 3.0.0.14. We donwgraded one of these to 2.x Software release and the problem went away. We do not have an actual maintenance contract with nortel/baynetworks so we have no possibility to verify if the problem is fixed in the latest release. hth Reinhold On Tue, 15 May 2001, John Neiberger wrote: > Okay, this is driving me crazy!! This just started happening around > 2:00 this afternoon and I can't think of a single explanation for it. > Here's the deal: > > PC RouterA RouterB > BaySwitch > > The Bay switch has a management IP address configured with correctly > configured mask and default gateway. For some reason, any PC on the > subnet that I belong to cannot ping the Bay switch. From any other > subnet in our network pings succeed; they only fail from my specific > subnet. There are no access lists involved anywhere in this scenario > and pings to any other device on the same subnet as the switch will > succeed from anywhere. > > RouterA can ping the Bay switch using a standard ping, but pings fail > if I use an extended ping and set the source address to the interface on > the same subnet as my PC. > > I've done traceroutes from a few locations to make sure traffic was > flowing correctly and I can see no problems whatsoever. The routing > tables of all routers involved look exactly as I would expect them to > look. The default gateway and mask is set correctly on the switch. If > that were not the case then pings from other subnets would fail as > well. > > I've also telnetted to the switch and from there I can ping anywhere in > the network except my subnet. This is baking my noodle and considering > I just got back from a vacation in Mexico I'm just not ready for this > yet. :-) > > Any ideas would be appreciated! > > Thanks, > John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4564&t=4533 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Re: Does Solaris box and microsoft PC run RIP? [7:5862]
Regarding the Slowlaris box i can give you a hint. Look at the /etc/init.d/inetinit file of the solaris box. It is very well explained there under which circumstances solaris acts as a router or not. Excerpt from this file: # Determine how many active interfaces there are and how many pt-pt # interfaces. Act as an IPv4 router if there are more than 2 interfaces # (including the loopback interface) or one or more point-point # interface. Also act as an IPv4 router if /etc/gateways exists. # # Do NOT act as an IPv4 router if /etc/notrouter exists. # Do NOT act as an IPv4 router if DHCP was used to configure # interface(s) # Greetings Reinhold On Fri, 25 May 2001, Susan Stone wrote: > Dear all > > I have a router configured with RIP routing protocol "router ripnetwork > 50.0.0.0" then I found it discover some route from a solaris box > 50.100.45.3 and point some routes (as shown below) to solaris box, as the > solaris box got route to all these network. My question is " Does Solaris > box and microsoft PC run RIP? if yes, how to enable and configure it?" I > thought RIP can only discover the route from the router? am I wrong? > > SW01-RSM>sh ip route rip > R10.0.0.0/8 [120/2] via 50.100.45.3, 00:00:23, Vlan1 > R199.105.182.0/24 [120/3] via 50.100.45.3, 00:00:23, Vlan1 > R192.168.38.0/24 [120/2] via 50.100.45.3, 00:00:23, Vlan1 > R192.173.168.0/24 [120/2] via 50.100.45.3, 00:00:23, Vlan1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=5868&t=5862 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Serial1/3.1 is deleted, line protocol is down [7:6090]
Deleting subinterfaces often requires a 'reload' for them to disappear. Greetings Reinhold On Mon, 28 May 2001, Arun wrote: > Hi > let me explain what i mean to ask > i try to configured a serial interface(sub interface) on ser1/3 i could n't > achieve what i was trying to do (i was trying to configure a backup > interface) so i removed the sub interface using > command > no int ser1/3.1 > but now even after removing the interface i see the following thing when i > use show int .. > i think it should not be there ...right or i am wrong > so why it still show this > Serial1/3.1 is deleted, line protocol is down > Hardware is M4T > MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, > reliability 255/255, txload 1/255, rxload 1/255 > Encapsulation X25 > Serial2/0 is down, line protocol is down > Hardware is M4T > Description: BGW 1.1 > MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, > reliability 255/255, txload 1/255, rxload 1/255 > Encapsulation X25, loopback not set > X.25 DCE, address , state R/Inactive, modulo 8, timer 0 > > > Regards > Arun Sharma > > > ""ElephantChild"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > On Mon, 28 May 2001, Arun wrote: > > > > > Hi > > > i am getting this message when i run > > > show int command on 3600 series router with x25 on it > > > i tried configuring it but i removed whats wrong can u pls help > > > > If you didn't do so already, read what the cisco docs say on "show > > interface", then tell us what specific part you still don't understand, > > and what you think it could mean. Also tell us what other steps you took > > to answer your question, and how and why you think they failed. > > > > Or, if your question isn't "what does a deleted/down status mean?", > > you'll have to tell us what it is. > > > > > Regards > > > Arun Sharma > > > > > > Serial1/3.1 is deleted, line protocol is down > > > Hardware is M4T > > > MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, > > > reliability 255/255, txload 1/255, rxload 1/255 > > > Encapsulation X25 > > > Serial2/0 is down, line protocol is down > > > Hardware is M4T > > > Description: BGW 1.1 > > > MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, > > > reliability 255/255, txload 1/255, rxload 1/255 > > > Encapsulation X25, loopback not set > > > X.25 DCE, address , state R/Inactive, modulo 8, timer 0 > > > Defaults: idle VC timeout 0 > > > cisco encapsulation > > > input/output window sizes 2/2, packet sizes 128/128 > > > Timers: T10 60 > > > > -- > > "Someone approached me and asked me to teach a javascript course. I was > > about to decline, saying that my complete ignorance of the subject made > > me unsuitable, then I thought again, that maybe it doesn't, as driving > > people away from it is a desirable outcome." --Me Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6142&t=6090 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TR Int Errr [7:6112]
Hi RamG, tell us more about to what the Tokenring Interface is connected to. a MAU ? a TR-Switch ? Is the port you want to connect to and the cabling fine and does it support the configured 16MHz TokenRing ? Reinhold On Mon, 28 May 2001, RamG wrote: > Hello Gang - I am having problem bring up TR int. Following is the output. > > R2502#show interface tokenring0 > TokenRing0 is initializing, line protocol is down > Hardware is TMS380, address is .30ba.4a52 (bia .30ba.4a52) > MTU 4464 bytes, BW 16000 Kbit, DLY 630 usec, rely 255/255, load 1/255 > Encapsulation SNAP, loopback not set, keepalive set (10 sec) > ARP type: SNAP, ARP Timeout 04:00:00 > Ring speed: 16 Mbps > Duplex: half > Mode: Classic token ring station > Group Address: 0x, Functional Address: 0x0800 > Ethernet Transit OUI: 0x00 > Last input never, output never, output hang never > Last clearing of "show interface" counters never > Queueing strategy: fifo > Output queue 0/40, 0 drops; input queue 0/75, 0 drops > 5 minute input rate 0 bits/sec, 0 packets/sec > 5 minute output rate 0 bits/sec, 0 packets/sec > 0 packets input, 0 bytes, 0 no buffer > Received 0 broadcasts, 0 runts, 0 giants, 0 throttles > 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort > 0 packets output, 0 bytes, 0 underruns > 0 output errors, 0 collisions, 54 interface resets > 0 output buffer failures, 0 output buffers swapped out > 59 transitions > > R2502#show config > Using 774 out of 32762 bytes > ! > version 12.0 > service timestamps debug uptime > service timestamps log uptime > no service password-encryption > service udp-small-servers > service tcp-small-servers > ! > hostname R2502 > ! > no logging console > enable password ram > ! > ip subnet-zero > no ip domain-lookup > ! > ! > ! > interface Serial0 > bandwidth 64 > no ip address > no ip directed-broadcast > encapsulation ppp > no ip route-cache > no ip mroute-cache > ! > interface Serial1 > bandwidth 64 > ip address 10.1.5.1 255.255.255.0 > no ip directed-broadcast > encapsulation ppp > no ip route-cache > no ip mroute-cache > ! > interface TokenRing0 > no ip address > no ip directed-broadcast > no ip route-cache > no ip mroute-cache > ring-speed 16 > ! > ip classless > ! > ! > line con 0 > transport input none > line aux 0 > transport input all > line vty 0 4 > login > ! > end > > Thanks / RamG > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6143&t=6112 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem with hardware [7:6251]
The IOS you are using is probably not supporting this hardware. hth Reinhold On Tue, 29 May 2001, Sergey Konovalov wrote: > WIC2T + Serial WIC + Voice 2V > > Problem: Router cannot see its interfaces (hardware) > show interfaces- received none > show version - received none in hardware section > After router booted we received: > > 00:00:04: %PA-2-UNDEFPA: Undefined Port Adaptor type 0 > in bay 0 > 00:00:04: %PA-2-UNDEFPA: Undefined Port Adaptor type > 101 in bay 1 > 00:00:04: %LINK-4-NOMAC: A random default MAC address > of .0c84.1a51 has > been chosen. Ensure that this address is unique, or > specify MAC > addresses for commands (such as 'novell routing') > that allow the > use of this address as a default. > > Please, help us with this problem. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6266&t=6251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: fao: Catalyst Gurus [7:8177]
Larry, two things that can cause the delay: STP - Spanning Tree Protocol Solution: 'set spantree portfast enable' (Use it only on end-station ports) PAgP - Port Aggregation Protocol Solution: 'set port channel off' (PAgP is enabled by default on EtherChannel capable links) HTH Reinhold On Tue, 12 Jun 2001, Larry Ogun-Banjo wrote: > We have just installed some new catalyst switches 650x and 69xx. I have > noticed > that whenever I connected with a fluke to test connectivity on the ports, it > takes approximately 20 secs to get its first contact with another device. I'm > aware the switch port needs to learn the mac address etc but I would not have > thought it would take so long. Are there any commands that would speedup the > network discovery or is this normal behaviour on a new port? > Pardon this trivial question but it would help. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8192&t=8177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: fao: Catalyst Gurus [7:8177]
Not quite correct. PortFast does not disable STP. It puts a port initially into 'Forwarding' state and then watches if loops occur. If for some reason the port is forced into 'Blocking' state and later needs to return to the 'Forwarding' state, it has to go through the 'Listening' and 'Learning' phases. hth Reinhold On Tue, 12 Jun 2001, Colin Byelong wrote: > you should enable portfast (diasbles stp) > this should speed things up > > Cheers > > Colin > > > > > At 11:29 AM 6/12/01 -0400, Larry Ogun-Banjo wrote: > >We have just installed some new catalyst switches 650x and 69xx. I have > >noticed > >that whenever I connected with a fluke to test connectivity on the ports, it > >takes approximately 20 secs to get its first contact with another device. > I'm > >aware the switch port needs to learn the mac address etc but I would not > have > >thought it would take so long. Are there any commands that would speedup the > >network discovery or is this normal behaviour on a new port? > >Pardon this trivial question but it would help. > Colin Byelong Email: [EMAIL PROTECTED] > Network Group > Information Systems Division > University College London > Gower Street Phone: 020 7679-2572 > London WC1E 6BT > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8194&t=8177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Gre tunnel - ip and ipx packet loss -URGENT!!!!!!!! [7:8201]
How is the FastEthernet 0/0 connected to the LAN ? Deferred means that the frame was discarded due to too many consecutive collisions on the medium. The router tried to send the frame to the ethernet a few times but it had no success - collisions always occured and the frame got discarded. Can you check how the Router is connected to the LAN ? Is it a shared medium with many stations accessing it ? How many percent of the packets outgoing to the fa0/0 get errors ? It may be well possible that the problem is not the tunnel hth Reinhold On Tue, 12 Jun 2001, John Kale wrote: > hi all, > We run a gre tunnel between sites across an isp network...sometimes we lose > connectivity (ipx mainly and somtimes both IP & IPX) but the show tunnel and > show interface commands gives an up, up status. > > The only thing unusual is that the show int f0/0 commands reveals a rising > number of packets deferred. what does the ' deferred' signify and > can anybody pls come up with tips on making this tunnel a trouble free one. > > regards, > > > John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8201&t=8201 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: fao: Catalyst Gurus [7:8177]
EtherChannel allows you to bundle physical links into one logical link. As example you can create a 200Mpbs pipe out of 2 100Mbps links. PAgP is the protocol that negotiates this channel. PAgP is by default active on all ports that are EtherChannel capable. PAgP uses the first 15 to 20 seconds after link initialization to try to negotiate an EtherChannel. If you don't intend to use EtherChannel you can safely disable PAgP. Greetings Reinhold On Tue, 12 Jun 2001, Larry Ogun-Banjo wrote: > Many thanks for everyones contribution on this issue. I forgot to mention that > Spanning tree is not enabled. No tbeing too familiar with switches, I'm not sure > on the effect of PAgP. > > > Reinhold Fischer on 06/12/2001 06:09:51 PM > > To: Larry Ogun-Banjo/EN/Kpn-Orange@kpn-orange > cc: [EMAIL PROTECTED] > Subject: Re: fao: Catalyst Gurus [7:8177] > > Larry, > > two things that can cause the delay: > > STP - Spanning Tree Protocol > > Solution: 'set spantree portfast enable' > (Use it only on end-station ports) > > PAgP - Port Aggregation Protocol > > Solution: 'set port channel off' > (PAgP is enabled by default on EtherChannel capable links) > > HTH > > Reinhold > > On Tue, 12 Jun 2001, Larry Ogun-Banjo wrote: > > > We have just installed some new catalyst switches 650x and 69xx. I have > > noticed > > that whenever I connected with a fluke to test connectivity on the ports, it > > takes approximately 20 secs to get its first contact with another device. I'm > > aware the switch port needs to learn the mac address etc but I would not have > > thought it would take so long. Are there any commands that would speedup the > > network discovery or is this normal behaviour on a new port? > > Pardon this trivial question but it would help. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8205&t=8177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT Simple SNMP Trap Logging Application [7:8968]
For what OS do you need this thingie ? Assuming you need it for windows here is something that might fit your needs: http://www.bttsoftware.co.uk/snmptrap.html hth Reinhold On Mon, 18 Jun 2001, Bob Johnson wrote: > I need something to log SNMP traps. Something as simple as a Syslog server. > Something hopefully free or cheap. > No bells or whistles needed. > Thanks, > > Bob Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8984&t=8968 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Debug not working via telnet [7:9019]
Hi, the problem could be that only process-switched packets get 'seen' by the debug process. issue 'no ip route-cache' at the interface config. please report if this solved the problem ... Greetings Reinhold On Tue, 19 Jun 2001, cisco guru wrote: > Hi all, > I am trying to see the debug output on my routers via telnet sessions but am > not having any luck. I first got the debug ip packet command to work but > then it stopped working. No other debug commands will work. Eg. debug ip > igrp trans > I have the service timestamps commands issued along with the term mon > command on the router running the telnet session. > The ios ver. on this particular router is 11.0 (10c). Does the ios ver. make > a difference or does something in particular have to be done on both > routers? > Please advise. > Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=9087&t=9019 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Logging - terminal monitor not working [7:39957]
Have seen it on many (mostly smaller) routers. Its a bug: > > ## Bug Id : CSCdu60369 > > ## Headline no syslog logging when logging synchronous enabled > > ## Product c2600 Model > > ## Component os-logging Duplicate of > > ## Severity 2 Status M > > ## Version Found12.0(7)T 12.0(6)S Fixed-in Version12.2(5) > > ## Release Notes > > ## > > ## The logging synchronous line configuration command may > > ## cause logging to stop. > > ## > > ## Workaround: Remove this command. hth Reinhold Pierre-Alex Guanel wrote: > > Amazing I removed logging synchronous on line console 0 > and debug > worked > > I am curious, what is the reason for "logging synchronous" > preventing debug > outputs > > on terminal lines? > > Pierre-Alex > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of > Lidiya White > Sent: Saturday, March 30, 2002 5:46 PM > To: [EMAIL PROTECTED] > Subject: RE: Logging - terminal monitor not working [7:39957] > > > I would add "no ip route-cache" on that interface and make sure > that you > don't have "logging synchronous" under line con 0... > > -- Lidiya White > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On > Behalf Of > Pierre-Alex Guanel > Sent: Saturday, March 30, 2002 3:04 PM > To: [EMAIL PROTECTED] > Subject: Logging - terminal monitor not working [7:39957] > > Kind of a silly problem but can't figure it out ... > > I am connected to R1 via telnet. I have turned on debugging of > ip > packets > > I also have issued the command "terminal monitor" > > Yet I do not get anything logged when I ping the Ethernet > interface of > R1 > > Any ideas? > > Thanks > > > > R1#sh terminal > Line 2, Location: "", Type: "ANSI" > Length: 45 lines, Width: 80 columns > Baud rate (TX/RX) is 9600/9600 > Status: Ready, Active, No Exit Banner > Capabilities: Receives Logging Output > Modem state: Ready > Group codes:0 > Special Chars: Escape Hold Stop Start Disconnect Activation > ^^xnone - - none > Timeouts: Idle EXECIdle Session Modem Answer Session > Dispatch > never never > none not > set > Idle Session Disconnect Warning > never > Login-sequence User Response > 00:00:30 > Autoselect Initial Wait > not set > Modem type is unknown. > Session limit is not set. > Time since activation: 00:41:15 > Editing is enabled. > History is enabled, history size is 10. > DNS resolution in show commands is enabled > Full user help is disabled > Allowed transports are lat pad v120 mop telnet rlogin nasi. > Preferred > is > lat. > No output characters are padded > No special data dispatching characters > > > R1#sh logging > Syslog logging: enabled (0 messages dropped, 0 flushes, 0 > overruns) > Console logging: level debugging, 102 messages logged > Monitor logging: level debugging, 2 messages logged > Logging to: vty2(0) > Buffer logging: level debugging, 102 messages logged > Trap logging: level informational, 47 message lines logged > > Log Buffer (4096 bytes): > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39989&t=39957 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
passed MCAST/QOS exam [7:40345]
hi all, today i took the multicast and qos exam (640-905). In my opinion it is the hardest of the three exams to achieve the CCIP/MPLS cert. For preparation i have used the Ciscopress 'developing ip multicast networks' book and read up the relevant sections of the Quality of Service Solutions Configuration Guide and the Multicast section of the IP Routing and IP Confguration Config Guide. If i had to take the exam again i would try to get my hands on the original course documentation as there were loads of questions that probably best would be answered with knowledge of the original course text. good luck to you in all your studies ! Cheers Reinhold Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40345&t=40345 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Switch to Switch Connectivity [7:11104]
Stan, are you seeing the other switch via cdp from both sides of the link ? I had a similar issue where i could see the other switch via cdp what fooled me into thinking that there is bidirectional communication possible. On the other side i saw no cdp neigbor. The link light was fine on both sides. After inspecting the cable and replacing a bad connector it worked fine. HTH Reinhold On Thu, 5 Jul 2001, Rossetti, Stan wrote: > Hello All, > > I am trying to connect two 2916 switches together using 100BaseFX. I am > currently trying to do this across an underground fiber between two > buildings. At one time I moved the switches to my office and connected them > together using a short piece of test fiber and they worked (i could ping > >from one device to the next). I have since moved the switches back using > the underground fiber between buildings and they don't work (i can't ping > form one switch to the other). I am getting a good link light on both ends > and I can see the other switch via cdp but it doesn't show the ip address??? > There are no other devices connected to the switches at this time and the ip > addresses assigned to the switches are in the same subnet and in vlan 1. > > > Thanks > > Stan Rossetti > > > NASA - PriSMS > Advanced Technology Group > IP Phone: (256) 961-7097 > Voice: (256) 544-5031 > Email: [EMAIL PROTECTED] > Beeper: 544-1183 pin 0112 > > CCDA, CCNA, CCSE Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=11160&t=11104 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Triggered updates [7:11223]
Hi John, althought i am not totally sure about this one i will give it a try. Triggered updates lead to shorter convergence time. During the time that the network is not convergent it could well be that routing loops can occur because the routers have a different view of the network. others correct me please if i am wrong ... greetings Reinhold On Fri, 6 Jul 2001, John Feuerherd wrote: > Hello all, >I understand how triggered updates works, but I don't get how they > pervent routing loops. Could someone explan that one to me? > > Thanks, > JF Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=11314&t=11223 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: sh arp [7:17096]
The packet counters for incoming packets/sec look not very reasonable. Especially when relating them to the outgoing packets/sec. How high is the cpuload on the box ? Is there a possibility that some kind of attack is going on on the ethernet interface ? What confuses me a bit is that there are no drops or ignores with that high packets/sec value. Another thing to notice it that the collision rate is about 10%. Replacing the HUB/Shared media there with a switch would sure be a good idea ... Cisco's error message decoder results this about your error: http://www.cisco.com/support/Errordecoder/error-decoder.html # %AMDP2_FE-3-UNDERFLO: AMDP2/FE 0/0/[dec], Transmit underflow # # While transmitting a frame, the local buffer of the controller # chip received insufficient data because data could not be # transferred to the chip fast enough to keep pace with its # output rate. Normally, such a problem is temporary, depending # on transient peak loads within the system. The system should # recover. # # Recommended Action: No action is required. # # Related documents: No specific documents apply to this error message. This could also be a hint that there is unusual cpu load on the router. I would check the cpu load on the router. If it is unusual high (near 100%) shutdown the ethernet interface and see if the cpu load drops down. If this is the case go and find the hacked boxes on the lan ... Reinhold On Thu, 23 Aug 2001, Teresa Presutto wrote: > It didn't ping successfully. > In the sho log I see the following line: > UTC: %AMDP2_FE-3-UNDERFLO: Ethernet0/1 transmit error > > I reloaded the router and now I can see all the MAC address in the arp cache. > By the way something is going wrong... > > see this two sh int output > grp_ge#sh int eth0/1 > Ethernet0/1 is up, line protocol is up > Hardware is AmdP2, address is 00b0.6469.4641 (bia 00b0.6469.4641) > Description: "LAN Uffici Genova" > Internet address is 172.17.1.33/24 > MTU 1500 bytes, BW 1 Kbit, DLY 1000 usec, > reliability 255/255, txload 1/255, rxload 58/255 > Encapsulation ARPA, loopback not set > Keepalive set (10 sec) > ARP type: ARPA, ARP Timeout 04:00:00 > Last input 00:00:01, output 00:00:00, output hang never > Last clearing of "show interface" counters 00:58:52 > Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 > Queueing strategy: weighted fair > Output queue: 0/1000/64/0 (size/max total/threshold/drops) > Conversations 0/2/256 (active/max active/max total) > Reserved Conversations 0/0 (allocated/max allocated) > Available Bandwidth 7500 kilobits/sec > 30 second input rate 2286000 bits/sec, 4703 packets/sec > 30 second output rate 8000 bits/sec, 13 packets/sec > 16568680 packets input, 1006250867 bytes, 0 no buffer > Received 2701 broadcasts, 0 runts, 0 giants, 0 throttles > 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored > 0 input packets with dribble condition detected > 41880 packets output, 20367226 bytes, 0 underruns(1268/2497/0) > 0 output errors, 3765 collisions, 0 interface resets > 0 babbles, 0 late collision, 6301 deferred > 0 lost carrier, 0 no carrier > 0 output buffer failures, 0 output buffers swapped out > > and after few seconds > > grp_ge#sh int eth0/1 > Ethernet0/1 is up, line protocol is up > Hardware is AmdP2, address is 00b0.6469.4641 (bia 00b0.6469.4641) > Description: "LAN Uffici Genova" > Internet address is 172.17.1.33/24 > MTU 1500 bytes, BW 1 Kbit, DLY 1000 usec, > reliability 255/255, txload 1/255, rxload 58/255 > Encapsulation ARPA, loopback not set > Keepalive set (10 sec) > ARP type: ARPA, ARP Timeout 04:00:00 > Last input 00:00:01, output 00:00:00, output hang never > Last clearing of "show interface" counters 00:59:13 > Input queue: 1/75/0/0 (size/max/drops/flushes); Total output drops: 0 > Queueing strategy: weighted fair > Output queue: 0/1000/64/0 (size/max total/threshold/drops) > Conversations 0/2/256 (active/max active/max total) > Reserved Conversations 0/0 (allocated/max allocated) > Available Bandwidth 7500 kilobits/sec > 30 second input rate 2282000 bits/sec, 4695 packets/sec > 30 second output rate 4000 bits/sec, 8 packets/sec > 16670090 packets input, 1012418296 bytes, 0 no buffer > Received 2716 broadcasts, 0 runts, 0 giants, 0 throttles > 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored > 0 input packets with dribble condition detected > 42038 packets output, 20377608 bytes, 0 underruns(1268/2501/0) > 0 output errors, 3769 collisions, 0 interface resets > 0 babbles, 0 late collision, 6318 deferred > 0 lost carrier, 0 no carrier > 0 output buffer failures, 0 output buffers swapped out > > From: Odell Waters > To: [EMAIL PROTECTED] > Sent: Thursday, August 23, 2001 8:05 PM > Subject: RE: sh arp [7:17012] > > > Try pinging the addresses that came up in your arp c
Re: Frame Relay help please .. thanks [7:29002]
it depends on the layer2 protocol and how the router handles it if it sees its own packets coming back. I am using loops often to test a line if it is ok or has any problem. I am not sure how FrameRelay encapsulation behaves when you loop the line but i think it sounds feasible that it will not come to an up/up state. To debug the situation i would consider that the framerelay link consist out of three parts: - the local loop on one side (first accessline to the frame cloud) - the framerelay cloud - the local loop on the other side (second accessline to the fr cloud) to test if the local loops are working fine i would ask the carrier to give you a loop on their side facing in your direction so the signal travels from your router to the providers framerelay location, over the loop and back to your router - without travelling any framerelay related equipment. You can set then a more 'loop-friendly' encapsulation like HDLC on your side and thoroughly test the line with a few long pings to see if any problems occur. If you have no problems with that tests on both of your lines to the frame-relay cloud, let the provider remove the loops and reconfigure your routers to frame relay. You can assume then that your local loops to the FR cloud are running error-free. For more framerelay related debugging i can recommend: http://www.cisco.com/warp/public/779/smbiz/service/troubleshooting/ts_fr.htm hth Reinhold On Wed, 12 Dec 2001, Telemachus Luu wrote: > Hi, > > I am having some issues bringing up a 64k frame relay circuit. Wcom seems > to think it's a bad csu as they aren't able to loop it. As a result, I did > some testing on my end. I enabled inward bound looping on the dsu also. > For some reason, the line protocol for the serial interface comes up for > about 10 seconds, the comes back down. When I do a shut and then a no shut, > again, it comes back up for about 10 seconds and then goes back down. > Here's the current config and a sh int ser... LMI enq for send and receive > still increment even when line protocol is in down state... If I set the > csu/dsu to loopback, shouldn't the line protocol stay in up state forever? > If so, what could be the issue here? > > interface Serial3/3 > ip address 10.252.0.1 255.255.0.0 > encapsulation frame-relay > ! > > Serial3/3 is up, line protocol is down (looped) > Hardware is M4T > Internet address is 10.252.0.1/16 > MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, > reliability 255/255, txload 1/255, rxload 1/255 > Encapsulation FRAME-RELAY, crc 16, loopback not set > Keepalive set (10 sec) > LMI enq sent 136, LMI stat recvd 0, LMI upd recvd 0, DTE LMI down > LMI enq recvd 146, LMI stat sent 0, LMI upd sent 0 > LMI DLCI 1023 LMI type is CISCO frame relay DTE > FR SVC disabled, LAPF state down > Broadcast queue 0/64, broadcasts sent/dropped 0/4, interface broadcasts 0 > Last input 00:00:09, output 00:00:09, output hang never > Last clearing of "show interface" counters 00:20:31 > Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 > Queueing strategy: weighted fair > Output queue: 0/1000/64/0 (size/max total/threshold/drops) > Conversations 0/1/256 (active/max active/max total) > Reserved Conversations 0/0 (allocated/max allocated) > 5 minute input rate 0 bits/sec, 0 packets/sec > 5 minute output rate 0 bits/sec, 0 packets/sec > 150 packets input, 2035 bytes, 0 no buffer > Received 0 broadcasts, 0 runts, 0 giants, 0 throttles > 1 input errors, 0 CRC, 0 frame, 1 overrun, 0 ignored, 0 abort > 184 packets output, 2415 bytes, 0 underruns > 0 output errors, 0 collisions, 22 interface resets > 0 output buffer failures, 0 output buffers swapped out > 36 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up > > Any help would be appreciated.. > > thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29041&t=29002 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: incomplete ARP table - one for the X files [7:29283]
Tim, what network-addresses are used where with what masks ? I have seen similar problems with FW-1 related to proxy-arp. Reinhold On Sat, 15 Dec 2001, Tim Begley wrote: > Hi - I've come across something strange (strange to me anyway)when deploying > a router on lan segment with a checkpoint fw. I can 'fix' the problem but I > have no idea what is causing it. If somebody could enlighten me I'd > appreciate it. > > The scenario is: > > There is a 1720 that has a static route configured to route a particular > subnet or address via the address of the checkpoint fw interface on that lan > segment (very complicated stuff I know but stay with me ;-) ). > > Now this is where the funny business starts - you attempt to get end to end > connectivity to the host you are trying to get to on the other side of the > Checkpoint and it won't work. > > 1. Do a debug ip packet detail and you get encapsulation failed... > > 2. Look at the arp table on the 1720 and there are 2 complete arp entries - > 1 for fe0 and 1 for the checkpoint. THERE IS ALSO AN INCOMPLETE ENTRY FOR > THE HOST ON THE OTHER SIDE OF THE FIREWALL (which of course is on a > different subnet). > > 3. Scratch head and frown > > 4. Try a static arp entry mapping the ip address of the host on the other > side of the firewall to the MAC address of the firewall and presto it works! > > I've run into this situation a few times now and the there is always a > checkpoint involved so I'm guessing that it may have something to do with > the routing capability of the checkpoint? > > I know that this is a cisco discussion group but I think this is still > fairly relevant. > > Any advice much appreciated - Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29291&t=29283 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 5-4-3 Rule
Sorry, you are wrong ;) the rule defines that you canNOT have more than 5 segments with 4 repeaters and NO more than 3 segments can be populatet. hth, Reinhold -- Reinhold Fischer CCNP/SCSA/HP Certified Consultant for Network Management On Tue, 29 Aug 2000, Hitesh Pathak (CSD-BBYRO-RTSG) wrote: > It defines a general networking setup like if u have a single network then > it should have 5 segments , 4 repeaters & out of 5 segments atleast 3 should > be populated ie. on 3 segments you should have some node connected. > > group , pls correct me if I'm wrong. > > HP > > > -Original Message- > > From: Suresh Uniyal [SMTP:[EMAIL PROTECTED]] > > Sent: Tuesday, August 29, 2000 4:29 PM > > To: Cisco (E-mail) > > Subject:5-4-3 Rule > > > > Hi all, > > > > What is 5-4-3 rule? > > > > -SU > > > > ___ > > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > > FAQ, list archives, and subscription info: http://www.groupstudy.com > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: A question about IPSec
Hi George, Hi Group, The protovol-number is a 8-bit field in the IP-Header and defines the Protocol that the packet encapsulated in the ip-header uses. Common Protocol Numbers: 1 ICMP 6 TCP 17 UDP 88 IGRP 89 OSPF You can find the complete reference at http://www.isi.edu/in-notes/iana/assignments/protocol-numbers hth Reinhold -- Reinhold Fischer CCNP/SCSA/HP Certified Consultant for Network Management On Thu, 31 Aug 2000, George Zhang wrote: > I read the following form Cisco documentation about IPSec: > > "IKE uses UDP port 500. The IPSec ESP and AH protocols use PROTOCOL > numbers 50 and 51. Ensure that your access-list are configured so that > 50, 51 and UDP port 500 traffic is not blocked ..." > > My question is, what are the PROTOCOL numbers? This is the first time I > read or heard about "PROTOCOL number"? I know many protocols by names > such as TCP, UDP, ICMP etc, by I have never heard about PROTOCOL > numbers? What protocols 50 and 51 are associated with? Could someone > please explain that to me? Thanks. > > George Zhang, CCNP > > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: subinterfaces
Hi Nova, Hi Group, you probably have to use a secondary ip-address on the interface instead the subinterface. int e0 ip address secondary To get rid of the subinterface entirely you have to reload the router (not 100% sure of this but we will see the other replies ;) hth Reinhold -- Reinhold Fischer CCNP/SCSA/HP Certified Consultant for Network Management On Thu, 31 Aug 2000, Nova Rich wrote: > hey guys, > > I was wondering how to apply subinterfaces. I have 1 ether port on my router > (1600) and need 2 links to the switch. One for public IP and the other for > private IP. > > I type in "int e0.1", then "ip add x.x.x.x mask" but I get this instead, > > "Configuring IP routing on a LAN subinterface is only allowed if that > subinterface is already configured as part of an IEEE 802.10 or ISL vLAN." > > I don't know why this won't work and further more I can't seem to remove the > subinterface. I type in (no int e0.1) but I still see the interface when I > do a (sh ip in b). > > "Ethernet0.1 unassigned YES manual deleted > down" > > It's marked as deleted but how do I get rid of it entirely? > > How do I configure subinterfaces and how do I remove them? > > NovaRich > ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: access-list interpretation
Hi Jason, Hi Group, i would interpret it as incomplete. No protocol specification (althought the access list number hints that it is an extended ip access-list). No permit or deny. It also makes not much sense from the viewpoint of the source and target definitions. source is defined as 160.*.*.* and target as exactly 255.0.0.0. hth Reinhold -- Reinhold Fischer CCNP/SCSA/HP Certified Consultant for Network Management On Thu, 31 Aug 2000, Yee, Jason wrote: > hi, > anyone knows how to interpret the access-list below : > > access-list 101 160.0.0.0 0.255.255.255 255.0.0.0 0.0.0.0 > > > Jason ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Command Question
with 'clock rate' you can set the clocking of a serial interface used as dce (as example if you use a back-to-back configuration). As example you could set the clock-rate of two 2500 series routers connected back-to-back with their serial interfaces to 400 bits per second to create a 4mbit link. This is possible only on the router with the dce-side of the cable. 'bandwidth' is how the interface speed is reported to the routing pro- tocols. 'bandwith' does not influence the actual speed of the interface but can influence routing decisions (depending on the running routing protocols) Usually it should be necessary only on serial interfaces to set the bandwidth to the actual value. As example the bandwidth of a serial inter- face is by default always configured to 1544 Kbit. group: please correct me if i got something wrong. Reinhold -- Reinhold Fischer CCNP/SCSA/HP Certified Consultant for Network Management On Fri, 1 Sep 2000, Adam Hickey wrote: > What is the diference between the "clock rate" command and the "bandwidth" command? > > Thanks > Adam Hickey > [EMAIL PROTECTED] > > ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Linux Proxy server and 1700 using NAT
But how does the Linux Box get the IP-Adress of the ISP ? You would need it on the linux box if you want to run nat there ... I would run nat only on the Cisco1720. The router just has to translate the outside IP of the linux box to the public IP assigned by the ISP. Assuming you disable routing on the linux box and you will use proxy- services (squid, socks5, fwtk) to provide controlled internet access to the users. hth Reinhold -- Reinhold Fischer CCNP/SunCSA/HP Certified Consultant for Network Management On Sat, 9 Sep 2000, Trevor Corness wrote: > Yes, definately. Don't run NAT on the Router, only use it on the Linux box. > I assume you have a LAN of a few (or more) PCs on the other side of the > Linux box. You will need a cross-over UTP cable (best solution) and then > set it up similiar to this : > > Internal PCs (2, 10, 50, 2000) > || > Ethernet/FE Switch > | > Linux Internal NIC1 (Inside address) > Linux PC > Linux External NIC2 (Outside address) > X (cross-over cable) > X > Eth 0 >1720 Router > WIC 0 WIC 1 > I I > I I >PSTNPSTN > > Basically, use a switch/hub with your internal PCs hooked up in a LAN > configuration. Plug the Inside IP NIC of the Linux box into that > hub/switch. This completes your internal network. > > Use a crossover cable to connect your Outside (Live) IP NIC to the E0 of the > 1720 router. This is a separate cable segment, with 2 nodes.. E0, and the > NIC (xl1 or whatever). > > As usual, have your 2 WICs connecting the PSTN as they do now. > > This is best, as the Linux box now also segments all the broadcast traffic > and "crap" from the LAN side, and blocks that traffic from "sneaking" out > into the "real" world. I have done this several times in the past, and it > works fine. > > Regards, > Trevor Corness, CCNA MCSE MCP+Internet > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Shane Stockman > Sent: September 9, 2000 1:43 PM > To: [EMAIL PROTECTED] > Subject: Linux Proxy server and 1700 using NAT > > > I have a cisco 1720 with 2xISDN WIC cards and a Linux Proxy Server with > 2xNIC's. I need to know whether I can use 1 nic for the internal address and > another for the global addresse's given by the ISP using only one ethernet > port of the 1720. > > >-Proxy--NIC1(Internal) -Router-ISDN WIC 0---|-->PSTN >-Server-NIC2(Outside )>-Eth0---ISDN WIC 1---| > > > Sorry for the sketch > I also need to connect the Proxy to a 2924 for 8 users > Is this possible ? > > Any Solution > > Thanks > > _ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > Share information about yourself, create your own public profile at > http://profiles.msn.com. > > **NOTE: New CCNA/CCDA List has been formed. For more information go to > http://www.groupstudy.com/list/Associates.html > _ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > **NOTE: New CCNA/CCDA List has been formed. For more information go to > http://www.groupstudy.com/list/Associates.html > _ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MPLS on low-end hardware [7:56487]
Michael, if it is only for lab/learning purpose you can use the 12.0S images from ftp-eng.cisco.com. They are not supported by cisco, but work quite well. Use anonymous login and look under /isp Note: The cisco2500 image does not have too much MPLS features built in. No problems with the 2600 images here. -rwxr-xr-x 1 40002eng 8275120 Oct 15 02:07 c2500-p-l.120-22.4.S2 -rwxr-xr-x 1 40002eng 5671856 Oct 15 02:07 c2600-p-mz.120-22.4.S2 -rwxr-xr-x 1 40002eng 5846156 Oct 15 02:07 c3620-p-mz.120-22.4.S2 -rwxr-xr-x 1 40002eng 6048724 Oct 15 02:07 c3640-p-mz.120-22.4.S2 -rwxr-xr-x 1 40002eng 5372564 Oct 15 02:07 c4500-p-mz.120-22.4.S2 hth Reinhold On Tue, Oct 29, 2002 at 08:58:28PM +, Michael Vasilenko wrote: > Hello! > > One question - is it possible to run MPLS (edge or LSR) on 26xx? > Any experience? Right IOS? > > -- > Michael Vasilenko Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56509&t=56487 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco switches and laptops [7:56731]
Barry, not sure what you mean with 'it won't let go of their ip address from the last site they were at', but maybe this helps you: Troubleshooting Cisco Catalyst Switches to NIC Compatibility Issues http://www.cisco.com/warp/public/473/46.html Regards Reinhold On Sat, Nov 02, 2002 at 02:45:02PM +, Barry Warrick wrote: > I was wondering if anyone has experienced the same issues as we are having > at work. We have about 20 remote sites and are in the middle of a conversion > from 3com equipment to Cisco. Most of the sites we upgrade are getting a > Cisco Catalyst 2950 or 3550 switch. A pattern seems to be forming in that > after every site that is upgraded, a laptop user who bounces around from > site to site, cannot login because it won't let go of their ip address from > the last site they were at. No one has this problem at the remaining 3com > switch sites. At first I thought it was coincidence, but now its clear that > it happens at sites we change to cisco switches. I have enabled portfast on > all the switchports that are used for workstation access. This has > alleviated some of the problems with laptop users, but others still have > difficulty. Most users are using Dell laptops with Xircom network/modem > combo card. I thought for sure portfast would cure the issue, but it has > not. Anyone else have any experience, thoughts, or ideas? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56744&t=56731 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: G.703 interface [7:56786]
Cisco1721 and VWIC-1MFT-E1 (or VWIC-1MFT-G703 if you need unframed mode). hth Reinhold On Mon, Nov 04, 2002 at 06:02:01AM +, Mohannad Khuffash wrote: > Hello All, > What is the lowest router series that support the G.703 interface? Is it > 36xx ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56790&t=56786 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco routers and MRTG [7:56794]
Bytes / Bits MRTG is very accurate - as long as the stuff that gets feeded into it is OK. hth Reinhold On Mon, Nov 04, 2002 at 12:28:34PM +, Firesox wrote: > Folks, > I am using MRTG to pull cisco Router's snmp mibs. > On ehternet interface the graph shows the max speed of 1250.0K which is only > 1.25 meg > and on Fastthernet is shows as 12.5 megs. > I am wondering why they don't show 10 meg and 100 megs respectively and > starting to suspect how accurate MRTG is. > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56804&t=56794 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem with polling interface counters Cisco 7206vxr [7:56974]
Hi Daniel, counters are seriously broken in 12.0.21S4. Have not seen any counter problems with 12.0.21S5 so far. This is on 7200 and 7500 routers here. One bug open at cisco for this issue: CSCin15495 Symptoms The output counters that are associated with an interface may remain zero, even though traffic is passed through the interface. Conditions The conditions under which this symptom occurs are not known at this time. Workaround There is no workaround. hth Reinhold On Tue, Nov 05, 2002 at 07:05:22PM +, Daniel Kekai wrote: > Hello > > I am using 12.0(21)S4 on a Cisco 7206vxr with FE,T1 and DS3/ATM modules. I > am having a problem polling the interface counters. Some counters do not > give any value and some are 20-30% off from what I see on the router. This > happens on all interfaces. I am also seeing big spikes in traffic data that > I assume is due to wrapping on the 32 bit counters but I don't know how it > is wrapping since it sees 0 data in the first place. :) > > I have tried to use the 64 bit counters but those all give 0 readings. > > Anyone else seen this problem? Apologies if this has been covered before but > it seems the search engine is not working. :( > > Thanks, > -daniel Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56974&t=56974 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: full duplex or half duplex, how can you tell [7:57431]
John, Cisco's 25xx series uses the AMD Lance Chip for their 10Mbit Ethernet Interface. This Chipset does not support full-duplex at all. Router#show controllers ethernet 0 LANCE unit 0, ^ Have never used a 2516 myself but as far as i know it has a simple 10Mbit Ethernet Hub built in. FullDuplex Operation would require a switch. Regards Reinhold On Thu, Nov 14, 2002 at 10:56:50AM +, John Tafasi wrote: > Hi, > > I have a cisco 2516 router with an ethernet interface. How can I find out if > this inteface is full duplex or half duplex? > > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57443&t=57431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: mpls ios files /special [7:57910]
ftp to ftp-eng.cisco.com (anonymous login) cd /rraszuk/specials here they are: -rw-r--r-- 1 23115eng 12940544 Feb 15 2002 c2500-js-l.20oct2001 -rw-r--r-- 1 23115eng 8303380 Feb 15 2002 c2500-p-l.20oct2001 -rw-r--r-- 1 23115eng 7973476 Feb 15 2002 c2500-p-l.tag hth Reinhold On Sat, Nov 23, 2002 at 03:13:33AM +, Vicuna, Mark wrote: > I'm unable to find the original posting on the location of the mpls > files for the 25xx series @ cisco.com > > I remember someone posting them on here but the original post is not in > the groupstudy.archives > > had a search in the specials dir on cisco.com but to no avail.. does > anyone know the location to these files? > > ps. i'm not after dennis.laganiere's site - although it is a good one > :-) > > cheers, > mark. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57930&t=57910 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Reduce the bandwidth on gigabit interface [7:57927]
Not sure what exactly you want to achieve, but here are two options: - connect a gig-ethernet port of a switch to your gig-ethernet port of the 7600 and use a 10/100 port on the switch with fixed 10MBit speed setting - use traffic shaping as described in the OSM config guide: http://www.cisco.com/en/US/products/hw/routers/ps368/products_module_configuration_guide_chapter09186a008007cb27.html#66161 hth Reinhold On Sat, Nov 23, 2002 at 08:27:03AM +, Silju Pillai wrote: > I would like to reduce the bandwidth of gigabit interface of 7600 OSR from > 1000Mbps to 10Mbps for MPLS-VPN setup. Please sugest a solution. > > Thanks for the help > regards Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57931&t=57927 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Little OT: Variation on SRM vs. Config Sync [7:58317]
AFAIK there is no special interaction between SRM and HSRP. You might want to use the 'standby preempt delay ' feature to be sure that routing protocols have converged before the router is taking over hsrp active router functionality. http://www.cisco.com/warp/public/619/hsrpguide4.shtmlT hth Reinhold On Sat, Nov 30, 2002 at 12:39:15AM +, s vermill wrote: > This is very closely related to another active thread but thought I should > probably start another. I know better than to post on a Friday and expect > much of an answer, but I could really use some insight on this one... > > I recently was looking at a network about to roll into production. It's a > classic collapsed core design with redundant dist/core 6509s. I noticed > that SRM was configured on each 6509. I also noticed that there was an HSRP > instance per VLAN configured between the two chassis. So, in the event of > an MSFC failure, assuming the failed MSFC was the active HSRP router for a > given VLAN or group of VLANs, I guess the other chassis' designated MSFC > would start picking up outbound traffic (normal HSRP stuff). In the mean > time, the SRM process would be taking place on the chassis where the > designated MSFC had failed. At what point, if at all, would the outbound > traffic shift back to the chassis with the failed MSFC (assuming of course > that the non-designated MSFC had successfully come online)? Is it a simple > matter of whether or not preemt is configured? Or, would the switch to the > other chassis ever even take place? Could it be that the non-designated > MSFC would come online and immediately take over as the active HSRP router? > That seems possible too. Maybe it comes down to how you set all the > relevant timers? > > I couldn't find any example on CCO where SRM and HSRP were used together. > In every case, SRM was used or HSRP was used with config sync. Never both > together. > > Any thoughts? Any experience? It isn't an option at the moment to do too > much experimenting. Besides, I'm not sure exactly how I would simulate a > true MSFC failure to see what happens. Any thoughts there would also be > appreciated. > > Thanks all... > > Scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58325&t=58317 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 7200 Router Questions... [7:59645]
Ed, all, 1. no clue. probably the usual marketing crap. 2. NPE has a single cpu that performs all the tasks. NSE has a PXF 'coprocessor' that can offload some tasks from the main CPU and therefore it could perform better in some cases. see: http://www.cisco.com/warp/public/cc/pd/ifaa/prossor/nse1/ There were a couple of issues as the NSEs came out. But in the meantime they should run quite well. 3. The actual NPE/NSE models do not work in non-VXR routers. VXR-Models have a better/faster backplane. see: http://www.cisco.com/en/US/products/hw/routers/ps341/ps348/ non-VXR 720x routers are end of sale ... hth, Reinhold On Fri, Dec 20, 2002 at 07:16:57PM +, Edward Sohn wrote: > Can anyone help me answer a few questions regarding this series router? > > 1. The spec sheet says it performs multiprotocol routing over ipsec. > My question is: how? Is there some inherent technology that performs > this feature, or is it the IOS's ability to create a GRE over an IPSEC > tunnel? > 2. What are the main differences between the NPE's and NSE's? I can't > decide which processor I need. > 3. What's the difference between the VXR models and the "normal" > models? > > That's it, for starters...any help would be greatly appreciated. > > Ed Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59652&t=59645 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
