RE: {Spam?} question on acl [7:75258]
You would have to do each host individually as: access-list 110 deny tcp host 192.168.2.2 host 192.168.1.254 eq 23 You cannot choose only even addresses with any kind of command. Atleast not that I am aware of. -Original Message- From: Yong Wee [mailto:[EMAIL PROTECTED] Sent: Thursday, September 11, 2003 11:34 AM To: [EMAIL PROTECTED] Subject: {Spam?} question on acl [7:75258] Hi, How do you write an ext acl to block telnet access from even addresses in subnet 192.168.2.0/24 (i.e, .2, .4, .6 etc) to server 192.168.1.254? thks, yongwee **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75270t=75258 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Aux port and modem connectivity [7:74909]
The fix was to implement the statement ats0=0 (causes the modem to never answer) in the modemcap entry or chatscript. I like the modemcap entry the best.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 9:15 AM To: [EMAIL PROTECTED] Subject: RE: Aux port and modem connectivity [7:74909] line aux 0 exec-timeout 0 0 modem InOut What about modem out? Martijn -Oorspronkelijk bericht- Van: Robert Perez [mailto:[EMAIL PROTECTED] Verzonden: vrijdag 5 september 2003 17:49 Aan: [EMAIL PROTECTED] Onderwerp: Aux port and modem connectivity [7:74909] Guys, If I have a modem connected to the AUx port can can I harden the cisco so that it can make calls but will never be able to receive any calls? Here is kind of my config.. Thx,. interface Async65 bandwidth 28 ip address 192.168.116.64 255.255.255.0 encapsulation ppp dialer in-band dialer idle-timeout 300 dialer wait-for-carrier-time 15 dialer map ip 172.20.241.1 dialer hold-queue 25 dialer-group 1 async default routing async mode interactive pulse-time 3 no cdp enable ppp authentication chap access-list 101 deny udp any any access-list 101 permit ip any any dialer-list 1 protocol ip list 101 line aux 0 exec-timeout 0 0 modem InOut modem autoconfigure discovery transport input all stopbits 1 speed 115200 flowcontrol hardware *** | Bob Perez | | Intercept Payment Solutions | | [EMAIL PROTECTED] | | 100 West Commons BLVD | | New Castle, DE 19720 | | Phone: 302.326.0700 | | Cell: 302.420.6883 | | www.intercept.net | | | --- | | || || | :|: :|: | | :|||: :|||: | | ..:|||:...:|||:.. | | ___ | | C i s c o S y s t e m s | | CCNA CCNP MCSE NET+ | | | *** Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75074t=74909 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Aux port and modem connectivity [7:74909]
Guys, If I have a modem connected to the AUx port can can I harden the cisco so that it can make calls but will never be able to receive any calls? Here is kind of my config.. Thx,. interface Async65 bandwidth 28 ip address 192.168.116.64 255.255.255.0 encapsulation ppp dialer in-band dialer idle-timeout 300 dialer wait-for-carrier-time 15 dialer map ip 172.20.241.1 dialer hold-queue 25 dialer-group 1 async default routing async mode interactive pulse-time 3 no cdp enable ppp authentication chap access-list 101 deny udp any any access-list 101 permit ip any any dialer-list 1 protocol ip list 101 line aux 0 exec-timeout 0 0 modem InOut modem autoconfigure discovery transport input all stopbits 1 speed 115200 flowcontrol hardware *** | Bob Perez | | Intercept Payment Solutions | | [EMAIL PROTECTED] | | 100 West Commons BLVD | | New Castle, DE 19720 | | Phone: 302.326.0700 | | Cell: 302.420.6883 | | www.intercept.net | | | --- | | || || | :|: :|: | | :|||: :|||: | | ..:|||:...:|||:.. | | ___ | | C i s c o S y s t e m s | | CCNA CCNP MCSE NET+ | | | *** Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74909t=74909 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: IPSEC/GRE [7:74668]
Hello Jens: Look under the tunnel interface and negate the keepalive statement. no keepalive [seconds[retries]] Regards Robert Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74735t=74668 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: What is the difference between 100BaseT and 10 [7:74587]
90 Mb. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74736t=74587 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
PRI to PRI - HELP !!! [7:74433]
Hi I'm slowly getting my teeth into the world of cisco - but I am struggling to set up the following. I have two Cisco 2611XM routers, each with a serial card and a PRI card. I have set up the serial interfaces with a 30 bit IP address range, and the 2Mb serial link works well. I would now like to setup the PRI interfaces, to connect if ever the serial link fails. I have done this before with BRI ISDN, but not with PRI. The plan is to get all 15 channels to come into use, giving me 15x64k=1Mb link (approx) I can't find any examples on the cisco site - they all talk about a PRO dialling multiple BRI's. Can anyone assist with two sample configurations, showing the simplest way to achieve this? Many Thanks, Rob Bentley Bournemouth, UK Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74433t=74433 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Dumb Question [7:74315]
To add to Chuck's comment: If you're familiar with Cisco, your sanity is also the difference. The way Nortel configures their routers is dramatically different and can leave you very frustrated if you're not used to them. Do they still use Site Mangler...er, I mean Manager? In all honesty, it's probably a lot easier, but if you're a CLI officianado, a GUI can really screw with your mind. Robert Chuck Whose Road is Ever Shorter wrote in message news:[EMAIL PROTECTED] Aspiring Cisco Gurl wrote in message news:[EMAIL PROTECTED] Here is another dumb question... what is the difference between Extreme network equipment and cisco equipment? depending on the model, a few thousand bucks ;- I know that Cisco and Nortel... main diff is cli and menu driven. **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74346t=74315 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Books for CCNP [7:74010]
I've always used cisco press, exam cram, and routersim. Although, I used the Sybex book for the remote access test and it was definitely top notch. I know a couple people who used the sybex book for the bsci and they swear by it. As far as practice tests go I would recomend transcender. Hope that helps ;-) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74019t=74010 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
hsrp default route in ospf [7:74017]
Howdy all, I have two 6509's with hsrp running between their msfc's. OSPF is advertising the ip addresses of interfaces of the routers instead of the virtual ip that I set up in hsrp. Since hsrp fails over faster than ospf, I was wondering if there is a way to have ospf advertise the virtual ip address instead of the interface addresses? Any suggestions are much appreciated ;-) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74017t=74017 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: hsrp default route in ospf [7:74017]
Why would that not make sense? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74023t=74017 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: hsrp default route in ospf [7:74017]
That makes sense. I managed to find the same answer after doing some reading on Cisco's site. I appreciate the info. Thanks Zsombor! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74026t=74017 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
hsrp icmp redirects NEVERMIND [7:73974]
Wow. It must've been a late night last night. I figured out the problem. It had nothing to do with icmp. Thank you! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73974t=73974 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Pix 506e, 1721 router [7:73521]
you said vpn pix-2-pix, so how does the router come into play? If he is just a transit device you need not do anything. -Original Message- From: zak spaniol [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 12:57 PM To: [EMAIL PROTECTED] Subject: Re: Pix 506e, 1721 router [7:73521] I am going to be performing a VPN pix to pix configuration, the only part I am not sure of is how to configure router. Any suggestion? **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73547t=73521 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Port redirection on a PIX [7:73065]
What about changing INTERFACE OUTSIDE to your NATed outside IP address? NetEng wrote in message news:[EMAIL PROTECTED] I get the error Invalid global IP address OUTSIDE. I also tried it w/o 'interface'. If you can offfer any more help I would appreciate it as I really need to get this fixed. Thanks. Robert Edmonds wrote in message news:[EMAIL PROTECTED] With regards to these two lines: static (inside,outside) tcp interface ftp 192.168.0.1 ftp netmask 255.255.255.255 0 0 static (inside,outside) tcp interface www 192.168.0.1 www netmask 255.255.255.255 0 0 I believe they should read: static (inside, outside) tcp interface OUTSIDE ftp 192.168.0.1 ftp netmask 255.255.255.255 static (inside, outside) tcp interface OUTSIDE ftp 192.168.0.1 ftp netmask 255.255.255.255 If I am wrong, I'm sure I will be severely reprimanded...I mean corrected. NetEng wrote in message news:[EMAIL PROTECTED] I am still not able to connect to my web and ftp services. I have pasted the relative info below. Am I missing something or do is my config wrong? : PIX Version 6.1(3) nameif ethernet0 outside security0 nameif ethernet1 inside security100 access-list 101 permit icmp any any unreachable access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any echo-reply access-list 102 permit tcp any any eq ftp access-list 102 permit tcp any any eq www pager lines 24 interface ethernet0 10baset interface ethernet1 10full mtu outside 1500 mtu inside 1500 ip address outside dhcp setroute ip address inside 192.168.0.100 255.255.255.0 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) tcp interface ftp 192.168.0.1 ftp netmask 255.255.255.255 0 0 static (inside,outside) tcp interface www 192.168.0.1 www netmask 255.255.255.255 0 0 access-group 102 in interface outside Thanks for the help so far Scott wrote in message news:[EMAIL PROTECTED] static (inside,outside) tcp interface ftp 10.1.1.3 ftp netmask 255.255.255.255 0 0 Scott NetEng wrote in message news:[EMAIL PROTECTED] I'm trying to do port redirection on my PIX and here's the example from Cisco. My problem is my outside interface is set for DHCP. How do I change the command to reflect a dynamic outside address? static (inside,outside) tcp 172.18.124.99 ftp 10.1.1.3 ftp netmask 255.255.255.255 0 0 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73537t=73065 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Loopback Interface [7:73305]
Rusty, was there a URL here that was truncated? If so, I would very much like to see it. n_guide_chapter09186a0080087da4.html#3302 Wilmes, Rusty wrote in message news:[EMAIL PROTECTED] n_guide_chapter09186a0080087da4.html#3302 -Original Message- From: Robert Edmonds [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 9:47 AM To: [EMAIL PROTECTED] Subject: Re: Loopback Interface [7:73305] You gentlemen have pointed out some good uses for loopback interfaces. However, my dilema still remains that I have yet to have somebody solidly explain loopback interfaces in a way that my simple mind can understand. I have also been unsuccessful in finding any website that accomplish this. Any takers? Robert p b wrote in message news:[EMAIL PROTECTED] terminate iBGP sessions on **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73635t=73305 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
c4224 problems [7:73517]
I know these are discontinued and I would do well not to use them, but The company I work for has 3 of them laying around and they want me to build a test network using them. I've been playing around with one and I can't seem to save the running config?! I've read the software config documents on cisco.com and tried both copy run start and write mem. Both say they are building the config and then [ok]. c4224#copy run start Destination filename [startup-config]? Building configuration... [OK] c4224# (then just for the heck of it): c4224#write mem Building configuration... [OK] c4224# Now if I reload or power cycle the c4224 it doesn't save the config. It just askes me if I want the initial config dialog and the prompt goes back to gateway. Also, when I create vlans they don't show up in the show vlan command. But that's another issue I guess. Any way, has anyone else had problems saving their configs on a c4224? -Bobby Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73517t=73517 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: c4224 problems [7:73517]
D'oh! You're right. I had to recover the password when I first got the switch and I forgot to set the conf reg back to 0x2102. My mistake. Thanks for the help! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73532t=73517 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
udld [7:73730]
Anyone out there make it a common practice to implement UDLD on Cat 6509 GigE uplinks? TIA, Robert LEGAL NOTICE Unless expressly stated otherwise, this message is confidential and may be privileged. It is intended for the addressee(s) only. Access to this E-mail by anyone else is unauthorized. If you are not an addressee, any disclosure or copying of the contents of this E-mail or any action taken (or not taken) in reliance on it is unauthorized and may be unlawful. If you are not an addressee, please inform the sender immediately. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73730t=73730 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
hsrp and icmp redirects [7:73972]
Ok. I'll try to explain what happened as best as I can. We have two 6509's each with an msfc and until last night we were only using the msfc on one of them. Last night I brought up the second msfc and set up hsrp between the two. everything worked great here in the office last night. However, this morning our branch offices had no connectivity to us. My boss went in and turned off icmp redirects on the vlan interfaces on the second msfc and everything was fine. 1. I thought icmp redirects were disabled automatically when you configure hsrp on an interface. 2. How did turning off the redirects fix the problem? (I would ask my boss but I probably look bad enough). Any way. Please let me know if you need more info to answer this question. -Bobby Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73972t=73972 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
CCNP Equipment Lis [7:73983]
Hi all... I apologize if this shows up twice... I waited half a day and the original never showed up. Anyway, Has anyone seen or know what the current equipment list is for the CCNP track? Specifically: 1) What switches are now being used/tested on in BSMSN 2.0? 2) Is the BCRAN 2.0 test still testing on that useless 700 router? 3) What switches are now being tested on? Has the CatOS been dropped or is the 5500 still valid? Thanks -- Robert N Myhre CCIE #9837 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73983t=73983 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: can't login to nt domain [7:73861]
We had this exact same problem on our network. Turned out to be a corrupt WINS database. However, since I am not in charge of the servers, and the guy who was still (1 year later) has not repaired the WINS database, the solution for me was to add a line in the lmhosts file pointing to the domain controller on the Win95/98 machines. DCNAME #PRE #DOM:domainname Purwanto (PECTECH) wrote in message news:[EMAIL PROTECTED] Quick questions: 1. I can't login to nt domain server in network B (172.20.0.0/22) from client in network A (172.20.8.253/24) especially from win95/98/me but it can login from win2K/xp. 2. I have wait dial tone for 5-6 seconds if I want to call from ext in A to ext in B. Can you help me to solve both problems? Regards, Purwanto [GroupStudy removed an attachment of type application/octet-stream which had a name of configuration.pps] Roter-A#sh run Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname PECTECH-Dumai ! enable password 7 082C454D1B161618141F ! ! ! ! ! ip subnet-zero ip host dmi 172.20.8.253 ip host krc 172.20.4.252 ! ! ! ! voice-port 1/0/0 input gain 9 connection plar 94305 description Connectio to Handset ! voice-port 1/0/1 input gain 9 connection plar 94306 description Connectio to Handset ! voice-port 1/1/0 input gain 9 connection plar 94311 description Connectio to Handset ! voice-port 1/1/1 input gain 9 connection plar 94415 description Connectio to Handset ! ! dial-peer voice 1 pots destination-pattern 4305 port 1/0/0 ! dial-peer voice 2 pots destination-pattern 4306 port 1/0/1 ! dial-peer voice 3 pots destination-pattern 4311 port 1/1/0 ! dial-peer voice 4 pots destination-pattern 4415 port 1/1/1 ! dial-peer voice 5 voip destination-pattern 94305 codec g728 ip precedence 5 no vad session target dns:krc ! dial-peer voice 6 voip destination-pattern 94306 codec g728 ip precedence 5 no vad session target dns:krc ! dial-peer voice 7 voip destination-pattern 94311 codec g728 ip precedence 5 no vad session target dns:krc ! dial-peer voice 8 voip destination-pattern 94415 codec g728 ip precedence 5 no vad session target dns:krc ! ! interface Loopback0 ip address 192.168.0.1 255.255.255.0 no ip directed-broadcast ! interface FastEthernet0/0 description Connection to LAN A ip address 172.20.8.253 255.255.255.0 no ip directed-broadcast duplex auto speed auto ! interface Serial0/0 description Connection 128 K to B - mtu 300 bandwidth 128 ip address 172.30.10.10 255.255.255.0 no ip directed-broadcast encapsulation ppp no ip mroute-cache no fair-queue ppp multilink ! interface FastEthernet0/1 no ip address no ip directed-broadcast shutdown duplex auto speed auto ! interface Virtual-Template1 description Koneksi ke Pangkalan Kerinci mtu 300 ip unnumbered FastEthernet0/0 no ip directed-broadcast fair-queue 64 256 1 ppp multilink ppp multilink interleave ip rtp reserve 16384 100 64 ! router rip version 2 network 172.20.0.0 network 192.168.0.0 ! ip classless ip route 0.0.0.0 0.0.0.0 Serial0/0 ip route 0.0.0.0 0.0.0.0 172.20.4.252 no ip http server ! ! line con 0 login transport input none line aux 0 line vty 0 4 password 7 1100170118010A18 login ! no scheduler allocate end Router-A#show voice port Foreign Exchange Station 1/0/0 Type of VoicePort is FXS Operation State is DORMANT Administrative State is UP No Interface Down Failure Description is Connectio to Handset Noise Regeneration is enabled Non Linear Processing is enabled Music On Hold Threshold is Set to -38 dBm In Gain is Set to 9 dB Out Attenuation is Set to 0 dB Echo Cancellation is enabled Echo Cancel Coverage is set to 8 ms Connection Mode is plar Connection Number is 94305 Initial Time Out is set to 10 s Interdigit Time Out is set to 10 s Call-Disconnect Time Out is set to 60 s Region Tone is set for US Analog Info Follows: Currently processing unknown Maintenance Mode Set to None (not in mtc mode) Number of signaling protocol errors are 0 Impedance is set to 600r Ohm Voice card specific Info Follows: Signal Type is loopStart Ring Frequency is 25 Hz Hook Status is On Hook Ring Active Status is inactive Ring Ground Status is inactive Tip Ground Status is inactive Digit Duration Timing is set to 100 ms InterDigit Duration Timing is set to 100 ms Foreign Exchange Station 1/0/1 Type of VoicePort is FXS Operation State is DORMANT Administrative State is UP No Interface Down Failure Description is Connectio to Handset Noise Regeneration is enabled Non Linear Processing is enabled Music On Hold Threshold is Set to -38 dBm In Gain is Set to 9 dB Out Attenuation is
Re: Loopback Interface [7:73305]
So, if I understand correctly, aside from OSPF router ID's and the like, just use a loopback interface when you want an always up/up interface. That's pretty simple. John Neiberger wrote in message news:[EMAIL PROTECTED] Exactly right. Sometimes it's nice to have a virtual interface whose status is not tied directly to a physical interface. We've mentioned several configurations where this is the case. From the routers perspective it may have a couple of special properties, since it's virtual, but it's still just another interface, as Dave said. MADMAN 8/5/03 1:25:25 PM I think your thinking way too hard about this;) A loobback is nothing more than a logical interface as opposed to a physical interface. As far as the routing process is concerned it's just another interface. Don't know how to articulate it any further. Dave Robert Edmonds wrote: You gentlemen have pointed out some good uses for loopback interfaces. However, my dilema still remains that I have yet to have somebody solidly explain loopback interfaces in a way that my simple mind can understand. I have also been unsuccessful in finding any website that accomplish this. Any takers? Robert p b wrote in message news:[EMAIL PROTECTED] terminate iBGP sessions on **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 Government can do something for the people only in proportion as it can do something to the people. -- Thomas Jefferson **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73561t=73305 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: ip helper address [7:73533]
/it always has to go on the router int closest to the host. -Original Message- From: Janik James [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 11:35 AM To: [EMAIL PROTECTED] Subject: ip helper address [7:73533] Assume that you have a two routers between your host and dhcp server. This means that you have a 4 interfaces you cna put ip helper-address on. On which interface(s) you will put the above command. **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73541t=73533 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Loopback Interface [7:73305]
You gentlemen have pointed out some good uses for loopback interfaces. However, my dilema still remains that I have yet to have somebody solidly explain loopback interfaces in a way that my simple mind can understand. I have also been unsuccessful in finding any website that accomplish this. Any takers? Robert p b wrote in message news:[EMAIL PROTECTED] terminate iBGP sessions on Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73538t=73305 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
ISDN SNMP Question [7:73250]
Hi all, I want to monito a cisco 2600 isdn to determine when it is up. Is there a MIB I can watch that changes when the ISDN comes up and then changes back to the original value when it goes down? Thx. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73250t=73250 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Port redirection on a PIX [7:73065]
With regards to these two lines: static (inside,outside) tcp interface ftp 192.168.0.1 ftp netmask 255.255.255.255 0 0 static (inside,outside) tcp interface www 192.168.0.1 www netmask 255.255.255.255 0 0 I believe they should read: static (inside, outside) tcp interface OUTSIDE ftp 192.168.0.1 ftp netmask 255.255.255.255 static (inside, outside) tcp interface OUTSIDE ftp 192.168.0.1 ftp netmask 255.255.255.255 If I am wrong, I'm sure I will be severely reprimanded...I mean corrected. NetEng wrote in message news:[EMAIL PROTECTED] I am still not able to connect to my web and ftp services. I have pasted the relative info below. Am I missing something or do is my config wrong? : PIX Version 6.1(3) nameif ethernet0 outside security0 nameif ethernet1 inside security100 access-list 101 permit icmp any any unreachable access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any echo-reply access-list 102 permit tcp any any eq ftp access-list 102 permit tcp any any eq www pager lines 24 interface ethernet0 10baset interface ethernet1 10full mtu outside 1500 mtu inside 1500 ip address outside dhcp setroute ip address inside 192.168.0.100 255.255.255.0 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) tcp interface ftp 192.168.0.1 ftp netmask 255.255.255.255 0 0 static (inside,outside) tcp interface www 192.168.0.1 www netmask 255.255.255.255 0 0 access-group 102 in interface outside Thanks for the help so far Scott wrote in message news:[EMAIL PROTECTED] static (inside,outside) tcp interface ftp 10.1.1.3 ftp netmask 255.255.255.255 0 0 Scott NetEng wrote in message news:[EMAIL PROTECTED] I'm trying to do port redirection on my PIX and here's the example from Cisco. My problem is my outside interface is set for DHCP. How do I change the command to reflect a dynamic outside address? static (inside,outside) tcp 172.18.124.99 ftp 10.1.1.3 ftp netmask 255.255.255.255 0 0 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73104t=73065 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Speaking of PIX Translation Problems... [7:72573]
John, That's not so bad. I have been aware of that fact for quite some time, but still continue to forget to issue a clear xlate about half the time. So which is worse, ignorance or stupidity? Robert John Neiberger wrote in message news:[EMAIL PROTECTED] I thought I'd share an embarrassing moment from yesterday in hopes that others will learn from my mistake. I have a router on the outside of a firewall that needed to be upgraded after the advisory yesterday. In order to reach the TFTP server I needed to add a static translation in the PIX. No problem. I should also mention that this server is one of our internal DNS servers. The file transfer doesn't take long at all and I remove the conduit and static translation from the PIX as soon as I'm done. As far as I'm concerned this is the end of it. I was wrong. We later start receiving reports that certain web pages have become inaccessible, while others are still responding. My first thought is that I've hosed something with the IOS upgrade, but after checking things out I was satisfied that everything there was working properly. So, I check the firewall logs which leads me to check the xlate table. Lo and behold, the static translation that I'd previously added--and removed--is still there! [I hear knowing laughter already.] It's in the table but somehow traffic is being hosed. Our DNS server is sending queries to our external server and replies are coming back, but something is wrong and communications continue to fail. I clear the xlate table and all is immediately fixed. This caused a fair amount of irritation with me but my boss was even more irritated. I presumed this was a 'feature' or a bug because it was my _assumption_ that the removal of the static translation from the config would also clear it from the xlate table. Wrong! I looked up the command on CCO and there is this little tidbit: Usage Guidelines The clear xlate command clears the contents of the translation slots. (xlate means translation slot.) The show xlate command displays the contents of only the translation slots. Translation slots can persist after key changes have been made. Always use the clear xlate command after adding, changing, or removing the aaa-server, access-list, alias, conduit, global, nat, route, or static commands in your configuration. So, there are two morals to this story. First, don't get into the habit of making assumptions about commands that you think you're familiar with, because there may be unforeseen consequences. Second, don't get into the habit of making changes to critical production equipment even when you think those changes are insignificant. Of course, I'll continue to make what I think are insignificant changes but I'm going to be a lot more careful in the future. Let that be a lesson to you, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72579t=72573 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IPSec/GRE VPN w/ ISDN Backup and EIGRP [7:72424]
I have set up an IPSec/GRE VPN with EIGRP and am having problems getting the ISDN backup to work correctly. Has anyone been able to do this successfully. Thanks, Rob Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72424t=72424 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: console port problem [7:72298]
whats the problem?? -Original Message- From: star.7 [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 9:59 AM To: [EMAIL PROTECTED] Subject: console port problem [7:72298] i have a problem with my console port of 2500 router as well as 1900 switch the speed settings are ok can you help me Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com Buy The Best In BOOKS at http://www.bestsellers.indiatimes.com Bid for Air Tickets @ Re.1 on Air Sahara Flights. Just log on to http://airsahara.indiatimes.com and Bid Now ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72313t=72298 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Visio Stencils [7:72054]
I have the old file with the 3508 series if you need it. Just let me know where to e-mail it. Robert Elijah Savage wrote in message news:[EMAIL PROTECTED] Does anyone have visio stencils for Cisco 3500 series switches like the 3508's and 3548's, I use to have them but had to reinstall and now that I have done that Cisco has seemed to remove these products from their site. Here is where all the other stencils are and there is a 3500 series stencil but it only has 3550's in the zip file. http://www.cisco.com/en/US/customer/products/prod_visio_icon_list.html Any help in locating these would be appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72106t=72054 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ping the PIX inside from an external interface [7:72052]
You can only ping the internal int on the pix if you are sitting on the inside. You would also need to issue the command telnet x.x.x.x inside. You can never cross an interface to get to another interface on a pix for the purpose of ping or telnet. You must always use the interface closest to you. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2003 3:02 AM To: [EMAIL PROTECTED] Subject: ping the PIX inside from an external interface [7:72052] Can someone help me ?! I do playing around with different configurations trying to successful ping the internal interface -172.16.200.1 - of a PIX from an external Router interface. ip address outside 192.168.100.2 255.255.255.248 ip address inside 172.16.200.1 255.255.255.0 After a lot of trails I don't think that this is possible - right ? Many Thanks, Frank Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72056t=72052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco catalyst 3548 and Radius [7:71991]
Hi all, I am configuring Radius on a cat 3548 and I do not have the global config radius command available. Anyone know what the commands ought to be to create a server, key, etc.. Normally it is Radius-server key, radius-server host.. Can't figure it out.. I have IOS 12.0(5.2)XU Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71991t=71991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Routers and RSA secureid [7:71715]
Anyone know if I Can I use RSA SecureID FOBS to authenticate access to a Router versus using tacacs+ to do the authentication?? So basically the user tries to Telnet to a router to do config changes. I want their ID to be auth'd against an RSA server. | ---+ | Bob Perez | Telecom Administrator | InterCept, Inc. | [EMAIL PROTECTED] | | **Cisco CCNP, CCDP, CSPFA** | -+ | Phone 302.326.0700 x4242 | | Cell 302.420.6883 | ---+- | Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71715t=71715 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCDA Study material [7:71111]
Group, To answer the question regarding Knowledgenet from thread below...I've recently purchased a few courses from Knowledgenet - cvoice, dqos and evodd. It's basically 6 weeks of self/web-based study with hands on lab scenarios and sample exam questions for each class. My first course was cvoice. I went through the coursework just about everyday for six weeks. At the end of the six weeks I sat the cvoice exam and passed - the only material used was from knowledgenet and the cisco website - a little hand-on experience helped as well. I'm in the process of sitting the exam for dqos - this upcoming Friday... Robert -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 24, 2003 1:33 PM To: [EMAIL PROTECTED] Subject: RE: CCDA Study material [7:7] CiscoNewbie wrote: Great write up. Thanks. So what is the current exam number? 640-861 DESGN Is it just one exam that I have to take? Yes, It's just one exam to get CCDA. Lots of exams to get CCDP. Do you know what the new exam number will be or is? I think it's the same answer as the one above. It just came out but I don't think you can still take the old one, as I implied before. Cisco shouldn't change the exam for a while. It took them years to do the development on this class and test. And they did a great job, from what I can tell. I was looking at taking the following course, what do you think: http://www.knowledgenet.com/courselibrary/cisco/courses/desgn_pf.jsp An advantage to taking the class is that you will get the 1,000s of pages that Cisco wrote for the course manual. I don't know much about Knowledgenet. It appears to not be a real, carbon-based classroom where you go in person to the site and can easily interract with the instructor and other people taking the class, which is a major benefit in a design class. In fact, the exercises for DESGN are designed to be done with a team. Can you do that with this Web-based training? It's possible that they do a good job with their Web-based training and simulate the real world well. I just don't know. Cisco recommends that DESGN be taught with a simulator that will let you do some design tasks. They recommend OPNET. Does Knowledgenet let you use OPNET? I would ask a few questions before shelling out a lot of money for the Knowlegenet course. Has anyone else here on GroupStudy used them? If you do use them, let us know how it goes. Thanks and good luck with your CCDA. Priscilla Thank you! --- Priscilla Oppenheimer wrote: CiscoNewbie wrote: Hi all. I am going up for my CCDA cert and would like to know what are the recommended books and material to study with? Nothing is out yet for the new version of the test, as far as I know. Your best bet would be to take the instructor-led class, if you can afford it. With a good instructor, I think DESGN could be a really great class. It's got tons of meat now, much more than before. It has a big focus on systems analysis as it is taught at universities, as a real discipline, not just a bunch of hand-waving. The class also has a huge scope, covering almost everything you ever wanted to know related to campus and enterprise networks, from business (which they call social or organizational) goals, technical goals, topologies, architectures, modular design, addressing (including IPv6), routing, voice, network management, and security. One focus is on the SAFE architecture, so look that up on Cisco's site and learn it. There's also some AVVID stuff Many of the course modules are partially based on my book Top-Down Network Design. Many of the modules say that Top-Down Network Design is recommended reading. Top-Down Network Design doesn't cover some newer topics, though, such as SAFE and AVVID, although it did cover voice in a limited fashion, since Cisco has been harping on that for years now. DESGN covers voice in gory detail, however. It seems to have all of the old CVOICE course in it. Each module in DESGN has many chapters, each of which is literally hundreds of pages long. The person turning it into a book (not me unfortunately) is going to have a heyday. :-) I haven't taken the new test, but if it really tests all that's in the course, it's going to be one of the hardest tests out there (and that's a good thing. It's about time design got some respect. :-) Anyway, bottom line: if you can take the older version of the test, then there's lots of study materials. If you have to take the newer version, then you should take the instructor-led DESGN class or wait a few months for study material. Priscilla Thanks. - Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! [EMAIL PROTECTED] __ Do you Yahoo!? SBC
RE: crypto maps and IPSEC tunnels [7:71341]
I would do your more specific ACL entry and make sure your inverted mask is correct such as 192.1.1.0 0.0.0.255. Once you do that then issue the following commands to reset the tunnel and force a renegotiation. Clear crypto ipsec sa clear crypto isakmp sa That should do it... -Original Message- From: ian williams [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 8:33 AM To: [EMAIL PROTECTED] Subject: crypto maps and IPSEC tunnels [7:71341] Hi I have just setup a IPSEC tunnel between to routers and tunneling a source address of 192.168.50.1 going to a host on router B 172.x.x.x./24 Everything works with the current configs given below. But I want to change the acl 101 on router B from using a class A mask to something like a class C mask or even a host address. I have changed the ACL 101 and even added a deny ip any any log to the end to see what is being dropped. The VPN tunnel doesnt come up unless I use a class A mask like showen below. I know this is an ACL but is being used for matching traffic, do they work differently and dont support host address ?? Thanks Ian Here is the config of router A ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share crypto isakmp key cisco address 10.10.10.10 ! ! crypto ipsec transform-set TEST esp-3des ! crypto map cisco 1 ipsec-isakmp set peer 10.10.10.10 set transform-set TEST match address 101 access-list 101 permit ip 192.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 access-list 101 permit ip 192.0.0.0 0.255.255.255 172.0.0.0 0.255.255.255 Here is the config router B crypto isakmp policy 10 encr 3des hash md5 authentication pre-share crypto isakmp key password address 10.10.10.20 ! ! crypto ipsec transform-set TEST esp-3des ! crypto map cisco 1 ipsec-isakmp set peer 10.10.10.20 set transform-set TEST match address 101 access-list 101 permit ip 172.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255 access-list 101 permit ip host 10.10.10.10 host 10.10.10.20 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71352t=71341 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Benefits of BGP holding the routing tables [7:70788]
Could anyone explain the benefit of using BGP and holding the routing tables on your router versus having the ISP hold the tables and you just receive a default-route? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70788t=70788 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Errors on Ethernet Interfaces [7:70733]
I'm thinking duplex mismatch or bad patch cable -Original Message- From: Poulin, Darnell [mailto:[EMAIL PROTECTED] Sent: Monday, June 16, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: Errors on Ethernet Interfaces [7:70733] Hey folks. What do you people think about all of the Interface Resets, and Output Errors on this interface, could it be a physical problem? 5 minute output rate 6000 bits/sec, 5 packets/sec 147723073 packets input, 527428115 bytes, 0 no buffer Received 8574309 broadcasts, 0 runts, 0 giants, 0 throttles 89 input errors, 89 CRC, 72 frame, 0 overrun, 0 ignored, 0 abort 0 input packets with dribble condition detected 180465700 packets output, 4160119128 bytes, 0 underruns 3266629 output errors, 1060615 collisions, 3168706 interface resets 0 babbles, 3266619 late collision, 442865 deferred 10 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out Thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70739t=70733 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Email access over the Internet [7:70750]
Folks, I have a problem in my work where for some strange reason I cant access my email over the internet from a hotel. The reason for me not being able to access email is because, oddly enough, the hotel uses NAT. We use checkpoint firewalls and I use securemote software. Now I believe its something to do with the secure ID token that I use and when I type this in there is some form of checksum which is checked at the server end. This of course has changed due to the Nat going on. has anybody out there experience this as well and know what the simple solution is. I'm sure there is a simple solution and its just my company politics which is causing me the problems. Any help will be much appreciated. Robert McCallum CCIE #8757 01415663448 07818002241 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70750t=70750 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: mac and IP addresses on a 1900 [7:70514]
try show mac-address-table Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70522t=70514 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Catalyst 3550 [7:70449]
Is that output from a 3550? I know the command is the same on most Cisco gear, but my 3550 doesn't show whether it's SX or LX. It shows everything else, though. Robert Scott Chau wrote in message news:[EMAIL PROTECTED] Hi Tim, DNWB-008-AS01#show interface gi0/1 GigabitEthernet0/1 is up, line protocol is up Hardware is Gigabit Ethernet, address is 000b.5f82.2cb1 (bia 000b.5f82.2cb1) Description: Connected to DHAA-005-DR01 Gi3/4 MTU 1500 bytes, BW 100 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex mode, link type is force-up, media type is SX Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tim Champion Sent: Tuesday, June 10, 2003 6:31 AM To: [EMAIL PROTECTED] Subject: Catalyst 3550 [7:70449] Does anyone know of a command which will show the flavour of GBIC in a particular slot of a 3550? Many thanks in advance. Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70475t=70449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Routers and HSRP [7:70285]
Does anybody see an issue setting up HSRP to work with a 3725 and 7206 rtr or do the routers have to be the same model? For example, DS-3 pipe in the 7206 and 4 T-1's in the 3725 T-1's for failover with BGP on all the pipes including ds-3 or would I need either two 7206's or 3725's?? thx.. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70285t=70285 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Networkers [7:70123]
Anybody going to networkers in Orlando this year? If so I'll see you there. Robert McCallum CCIE #8757 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70123t=70123 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Please expalin the numbers in the source-bridge statement?? [7:70090]
interface TokenRing0 ip address 192.168.34.3 255.255.255.0 ring-speed 4 source-bridge 9 3 23 What do all these mean? source-bridge spanning Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70090t=70090 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Please explain the numbers in the source-bridge statement? [7:70092]
interface TokenRing0 ip address 192.168.34.3 255.255.255.0 ring-speed 4 source-bridge 9 3 23 _-- What do all these mean? source-bridge spanning Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70092t=70092 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Am I over my head guys? [7:69746]
My first Network Administrator job came to me when the current Network Administrator was fired for lying about his certs, and I was the most experienced (relative term) person there. At the time, I was way over my head, but it all worked out fine since there are always resources to tap, people to call, manuals to read and, perhaps most importantly, technical support to call. If you're a quick learner, as it appears, I'm sure you'll do fine. Oh, and in my current position, I had relatively little Cisco experience, managing a network with 6506, 4006, 3500 series switches, wireless, etc, much of it for the first time. And, like some of the other folks, I am looking for challenges all the time. GOOD LUCK! Robert B Rudy wrote in message news:[EMAIL PROTECTED] Hey guys, I just got an offer to become a 2nd senior network engineer for this company in Orange Country. Great News i know!! Dilemma: I am a CCNP but have no local Area Nework Experience. Going to be workin with Catalyst 6500 switches. Also i have about 2 yrs working with cisco equipment, however, dont feel i am ready for a senior title and duties. Also working with cisco routers. What do you guys think i should do? 1. Take the job and see how it works out? Maybe mess up their network and look real dumb and unknowledgable on some troubleshooting. risked getting fired? 2. Let the job go, and watch a great opp float away? 3. Keep the existing job i have working with cisco equipment and technology? p.s. This job is a senior position, so meaning senior pay. very positive aspect, and a great company going places. over 4000 employees. Your output is greatly appreciated. Really need some advice. Thanx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69763t=69746 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Dynamic Route Graphs...... [7:69738]
My question to Tom and Raj is, where can I get it? I am not a programmer (yet, working on that), so scripts like these that are free are always a welcome site. If you guys are willing to share what you have (your livelihood doesn't depend on it) let me know. Robert Tom Martin wrote in message news:[EMAIL PROTECTED] Raj, Is the software going to be open source? I have a large collection of scripts for automating configuration (during rollouts) and basic troubleshooting. I've had intentions of providing a GUI front-end at some point, either in Java or PHP, but never seem to have the time to get around to it. Most of the advanced troubleshooting is performed by our technicians anyway (as opposed to directly by the customer), so not having a graphical interface has not been a big deal. Either way, since you've obviously done some work in that area it might be nice to merge some sources to provide additional functionality. For example, I can see where it might be nice to see which switches are encountered between hops, especially if the next hop isn't reachable. I wouldn't imagine this would be terribly difficult, since the code is already written. Just a thought. - Tom Raj Santiago wrote: Hi All, A friend and myself have recently completed a program, in which WE think is going to be very helpful to all engineers out there. Basically its a network-graphing program. How does it work ? 7 logs on to all known routers in your network and issues term len 0 and then show ip route. These outputs are then stored under the name of the router. 7 Next you specify a source ip(or name) and a destination ip (or name) 7 Our code basically works out the starting point(s) and then builds a graph based on the routing table(stored as files) to the destination. 7 The graph(very pretty with nice colours ) is stored as a png file and a HTML document is created to reference it. What does this mean? 7 You can basically get a graphical representation of your network from any two points 7 All of this is dynamic because it follows your routing table entries. 7 Makes troubleshooting simpler Etc Well, we were stoked to see the end product (in which we are doing final testing and formulating a module). I was wondering if this would be useful to you out there ? If so, just leave a comment. This will give us a rough idea on how user friendly we need to package this Here is a sample diagram : http://www.superplasmas.com.au/routeparser/10.25.159.1_10.47.200.30.png With IE, you will need to enlarge the pic to view it correctly... (just run your mouse over and click on the enlarge button). Any feedback will be good. Please remember this program is free. Cheers Raj Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69764t=69738 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN 3000 concentrator question [7:69676]
To the first part of your question, yes, that is it basically. If you are using the Cisco VPN client, you will enter the group name and password under the Authentication tab. You can also use the VPN client that is built into Windows, in which case you do not need the group name and password, but you have to set up the Base Group to accetp PPTP and L2TP connections. One thing about your setup. If your users in London are behind a NAT device, you need to make sure that your VPN client is set up to do NAT Traversal (NAT-T), sometimes referred to as IPSEC over UDP or IPSEC over NAT. Microsoft just release a Windows update that allows the PPTP client in Windows 2000 to do this. The difference between users and groups is the same as in any NOS. Users can be members of groups, and therefore can inherit the group's properties. This is beneficial when you have, say 50 users that all need the exact same policies, and/or you want them to pull their IP addresses from the same pool. You just set up a group with the options you want, set the IP pool for that group, then create the users and add them to the group. Richard Campbell wrote in message news:[EMAIL PROTECTED] Hi.. I am new to this VPN 3000 concentrator. I want to ask if I have a VPN 3000 concentrator device in NY. Can I connect my VPN client in London to it? What info do I need? Just the external IP of the VPN server and VPN client group name + password? Is the VPN client free for download? When I go to the VPN3000 web interface--configuration--User Management I saw the group and users? What is the difference? _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69704t=69676 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Packet retransmit questiion [7:69715]
Hi all, I have a question on the CCIE 350-001 test. I have heard differing opinions on this but when traffic crosses a WAN connection and there are problems who does the retransmit?? Host or RTR?? 1.) In Frame relay there is a line hit or corrupt packet on the WAn, who retransmits, should be the source router correct? 2.) In a point to point circuit w/HDLC there is a line hit or corrupt packet who retransmits, should be the source router correct?? 3.) In a bridged environment with a WAN a T-1 takes a line hit or corrupt packet who retrnasmits, should be the source host correct?? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69715t=69715 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Layer 3 and 2 question. [7:69576]
I'm not sure I understand the question correctly, but I do know that it is never a good idea to duplicate IP addresses on your network. This can only lead to trouble. My advice would be, don't do it. Nuurul Basar wrote in message news:[EMAIL PROTECTED] I am planning to configured both my core and distributions as L3 device, and let the access switch to distribution using L2. I was advice that by doing this on my network two identical ip address on same subnet/vlan but in a different access switch can exist. And a packet that is attend to a host in the different switch might end up in the else where. Is this real?. Sorry, but I have never think off this before. Thanks Nuurul Basar Mohd Baki Network Engineer DDSe Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69591t=69576 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Leased line/1721 problem [7:69573]
I had almost the exact same problem with a T1 line. In order to convince the telco, I replaced the WIC cards at both ends and then called them and told them I didn't care what it took, but they better fix the line. They then came out and performed an on-site test again, and lo and behold, there was a bad pair. Where did that come from? Anyway, sometimes you have to do all the work yourself to get the telco to do theirs. No offense to telco guys, but we all know that none of our equipment (both the network and the telco guys) is ever bad ;-) James Gosnold wrote in message news:[EMAIL PROTECTED] Dear all, I have something of a problem I hoped someone might offer some advice on. We have a 1721 router at each end of a 128k leased line. The line went down this morning, red alarm light on the CSU, router showed as Serial Interface Up, Line protocol down. Ok fair enough, reported the fault, telco claimed to repair the fault. Alarm light on CSU is no longer red but 'show interface serial0' still shows Interface Up, Line protocol down. I've power-cycled the routers with no joy. Engineers from the telco have actually come on site and performed an end to end test and are telling me it's fine. Looking at the advice offered here by Cisco: http://www.cisco.com/en/US/products/hw/routers/ps221/products_configuration_guide_chapter09186a008007cd3d.html#xtocid8 they tell me that the problem could be: The local or remote router, a problem with the leased line or a problem with the CSU/DSU. Great thanks, that's helpful!! Can anybody offer any suggestions on what might have gone wrong? It seems strange to me that a pair of routers that worked perfectly fine for 8 months have developed a fault at exactly the same time as the leased line did? How can I prove to the telco that it is their problem? The config of these routers is really simple by the way, 1 x Ethernet Interface, 1 x Serial (WIC) interface, static route, encapsulation ppp, no chap/pap, that's about it! Thanks, James. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69586t=69573 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Debug display to VTY [7:66762]
Do a show log and see if logging is disabled You might need to do a logging on -Original Message- From: James Gosnold [mailto:[EMAIL PROTECTED] Sent: Thursday, April 03, 2003 12:38 PM To: [EMAIL PROTECTED] Subject: Debug display to VTY [7:66762] Um, probably a silly one for you all. I have a 1721 router at either end of a leased line. I telnet into the router and: Router#debug serial int Serial network interface debugging is on Router#terminal monitor And nothing. Shouldn't I get some debug messages here, keep alives and such between the CSU and my router? It's a live connection and the line works, as far as I knew this was all I needed to enter to view debug output from a telnet session? In fact I don't appear to be getting debug output for anything so I'm missing something silly here but I thought 'terminal monitor' was sufficient? Regards, James. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66771t=66762 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Debug display to VTY [7:66762]
It looks good to me, All that is necessary is the following: Logging on Logging monitor debug Term mon (Each time you telnet in) Debug Traffic to your telnet session should now be generated. -Original Message- From: James Gosnold [mailto:[EMAIL PROTECTED] Sent: Thursday, April 03, 2003 1:47 PM To: [EMAIL PROTECTED] Subject: RE: Debug display to VTY [7:66762] Hi Robert, This is what I have. Router#show log Syslog logging: enabled (0 messages dropped, 0 messages rate-l Console logging: level debugging, 413770 messages logged Monitor logging: level debugging, 285 messages logged Logging to: vty6(0) Buffer logging: disabled Logging Exception size (4096 bytes) Count and timestamp logging messages: disabled Trap logging: level informational, 36 message lines logged Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66779t=66762 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: regulations [7:66267]
I can't help too much with the banks, but I used to run the network for hospital and supported several doctor's offices that used our network. The main thing you need to worry about there is that you meet the requirements outlined in the HIPAA (Health Insurance Portability and Accountability Act of 1996) regulations. I hope you're up for some dry reading. However, this has been going on for quite a while, so they will be well aware of at least the general ramifications. www.wedi.org/snip That should get you started. It has plenty of information and links to other sites. Stull, Cory wrote in message news:[EMAIL PROTECTED] Where could I go to find information on network security regulations for banks and medical offices?. Information on firewalls and rules they have to abide by and that sort of thing? Thanks God Bless our troops. Cory Stull CCNP,CCDP,MCSE4/2k Communications Concepts Unlimited 262-814-7214 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66275t=66267 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Redistribution question [7:66071]
Thanks a lot Daniel. That was exactly the type of solution I was looking for. Robert Daniel Cotts wrote in message news:[EMAIL PROTECTED] Try passive-interface default no passive-interface s0 (or whatever) Works for EIGRP. Not sure about RIP. -Original Message- From: Robert Edmonds [mailto:[EMAIL PROTECTED] Sent: Monday, March 24, 2003 9:51 AM To: [EMAIL PROTECTED] Subject: Redistribution question [7:66071] I have a network with approximately 20 VLANs, running EIGRP as my routing protocol. One of my VLANs, VLAN12, runs RIP for connectivity to another organization. The others do not need to receive RIP updates. So, the solution I came up with is to make the other 19 VLANs passive interfaces so that RIP updates are not sent out interfaces that do not have any RIP routers. I also have 3 VLANs where I only need a static route, so I have added those as passive interfaces for EIGRP too. My question is: is this the most efficient way to do it? I imagine that in a very large network, adding every single interface as a passive interface would get old rather quickly. Any suggestions? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66207t=66071 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IGRP Metric calculation [7:66062]
Try the following Cisco link on IGRP metrics: http://www.cisco.com/en/US/tech/tk826/tk365/technologies_tech_note09186a0080 09405c.shtml Tim Champion wrote in message news:[EMAIL PROTECTED] When calculating the metric of an IGRP route (with non-default 'K' values) which load and reliability values does one use? Do you use the highest, lowest or average value for the entire route? Also if anyone could point me to a document on the above it would be appreciated. Many thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66067t=66062 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Redistribution question [7:66071]
I have a network with approximately 20 VLANs, running EIGRP as my routing protocol. One of my VLANs, VLAN12, runs RIP for connectivity to another organization. The others do not need to receive RIP updates. So, the solution I came up with is to make the other 19 VLANs passive interfaces so that RIP updates are not sent out interfaces that do not have any RIP routers. I also have 3 VLANs where I only need a static route, so I have added those as passive interfaces for EIGRP too. My question is: is this the most efficient way to do it? I imagine that in a very large network, adding every single interface as a passive interface would get old rather quickly. Any suggestions? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66071t=66071 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Confused over NAT [7:65926]
You would need to have routing out on the internet that says how to get back to those addresses or what would do is get rid of the nat pool and nat using the Serial interface address. -Original Message- From: James Gosnold [mailto:[EMAIL PROTECTED] Sent: Friday, March 21, 2003 9:55 AM To: [EMAIL PROTECTED] Subject: Confused over NAT [7:65926] Dear all, Just having a slight problem getting my head around NAT regarding the example configurations in the study guides I have. access-list 1 permit 10.0.0.1 0.0.0.255 (defines list of addresses) ip nat pool mynatpool 222.2.2.1 222.2.2.254 netmask 255.255.255.0 (defines pool of inside global addresses NAT can replace the SA with) ip nat inside source list 1 pool mynatpool (applies the addresses laid out in the access-list as inside addresses and tells router to replace SA from mynatpool) int eth0 ip address 10.0.0.1 255.255.255.0 ip nat inside (tells NAT that this is where inside addresses come from) int ser0 ip address 133.4.4.1 255.255.255.0 ip nat outside So here is my confusion: If the Ser0 interface is the WAN address (133.4.4.1) and it replaces the inside local address with a SA from mynatpool (222.2.2.1 - 222.2.2.254) then how will the packet get back to the WAN interface? I thought that NAT would replace the inside local address with the address of the WAN interface, not a group of different public ip addresses? How will the packet get back if the SA is from the range 222.2.2.1 - 254 and yet the IP address of the WAN interface is clearly not from this range? Confused from London Regards, James. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65931t=65926 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Difference on L3 switching of Cat4500 and Cat6500? [7:65832]
Actually, Multiprotocol Label Switch is MPLS. MLS is MultiLayer Switching. This refers to a switch that can do not noly what Kiran said about L3 switching, but can make forwarding decisions based on higher level protocols, such as tcp, udp, etc. Kirankumar Patel wrote in message news:[EMAIL PROTECTED] Dear L3 switching is nothing but switch acting as a router. MLS -- Multiprotocol Label Switch -- Can enables routers to make forwarding decisions based on short labels, thereby avoiding the complex packet-by-packet look-ups used in conventional routing. With MLS, can run faster then ATM switch. Regards, Kiran From: Neil Arlante Reply-To: Neil Arlante To: [EMAIL PROTECTED] Subject: Difference on L3 switching of Cat4500 and Cat6500? [7:65802] Date: Thu, 20 Mar 2003 02:56:26 GMT Hi group, What is the difference between L3 switching capabilities of 4500 and 6500? Catalyst 4500 docs mentioned it support L3 switching, but not MLS. What is the main difference between L3 switching of 4500 and MLS of 6500? TIA _ Cricket World Cup 2003 http://server1.msn.co.in/msnspecials/worldcup03/ News, Views and Match Reports. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65832t=65832 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Questions [7:65806]
Newer versions of the PIX OS have more routing protocol support such as OSPF. Vs. 6.3 -Original Message- From: Ben W [mailto:[EMAIL PROTECTED] Sent: Thursday, March 20, 2003 2:16 PM To: [EMAIL PROTECTED] Subject: RE: PIX Questions [7:65806] The PIX is not a router, however it does have a routing table and can participate in a limited fashion in certain routing protocols, like RIP. To answer your 2nd question, there is no functional difference between the IOS and PIX doing nat/pat. Its just a difference in configuration really. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65874t=65806 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Instructor - CCNA Class [7:65742]
Hey, I have been given the duty to teach a CCNA class. Have any of you done this before? I was wondering what did and didn't work for you? What tips you might have. What the best way of approaching this would be. We will be using the Cisco Press book for the class and each student will have three routers and a switch. Thanks, Robert Raver Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65742t=65742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Open http: traffic on firewall... [7:65755]
First, you need to define your inside and outside interfaces for NAT. Usually, the interface where your webserver is connected will be defined as inside and all others are outside. This would look something like this, assuming your web server is on interface ethernet 0: interface ethernet 0 ip address 2.2.2.1 255.255.255.240 ip nat inside interface serial 0 (or interface serial 0.1 for frame relay subinterface, depending on your setup) ip nat outside Next, you'll need to define a static translation between your web server and your outside IP addresses assigned by your ISP. I will use 10.0.0.1 to represent your web server address and 2.2.2.2 for your ISP assigned address. ip nat inside source static 10.0.0.1 2.2.2.2 Or, if you want to get fancy and do PAT: ip nat inside source static tcp 10.0.0.1 80 2.2.2.2 80 extendable Next, tell your router to send all traffic destined for 2.2.2.2 (the outside address of your web server) to the proper interface. ip route 2.2.2.2 255.255.255.255 ethernet 0 Your setup may demand something a little different, but in general I think this should get you started. Robert SMAN wrote in message news:[EMAIL PROTECTED] I have a cisco 2611 router/firewall that I need to open up for http: traffic. I need to configure NAT to point to the static IP on the web server. How do I do this? What are the specifics? Thanks Ken Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65763t=65755 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Linux recommendations [7:65671]
I know this is the Cisco forum, but I know many of you folks use Linux on your networks, so I am asking for your recommendations. I have a Cisco network with a PIX firewall in place. I would like, if possible, to put a Linux server on the network to act as a proxy server/internet monitoring computer. My goal is to dump the log files into something like MS Access and be able to run reports off of it based on user/computer name. I would prefer free, but inexpensive is good too. Does anyone do anything like this on their network? If so, I am open to suggestions. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65671t=65671 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Finding device on network via cisco switch [7:65670]
Start at your core and work your way out. For example, if you have a core switch connected to other switches at the distribution or accesss layers via trunks, do a show mac-address-table (or show cam dynamic for CatOS switches) and see which trunk port it is coming from. Then go to the next switch and do the same thing. Eventually you will get to the switch to which it is directly connected and get the actual port. Of course, if you are using VLANs or otherwise subnetting your network, you can narrow down your search quite a bit by only searching switches that carry that VLAN. David Ristau wrote in message news:[EMAIL PROTECTED] given an IP address and a MAC address, how can I use my cisco switch to identify which port an unknown device is attached to ? can I view the switching table cache entries ? I've got an IP device on the network and nobody seems to know where it is. heh! given a catalyst 3500XL running ios v 12.0 thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65679t=65670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE [7:65426]
That is the laugh I needed on this Friday. Thanks, Robert Raver - Original Message - From: Juan Blanco To: Sent: Friday, March 14, 2003 6:34 AM Subject: CCIE [7:65426] Team, I got this from a friend but I not sure if you have seen this or not but only someone pursuing the CCIE would laugh at it!! In the course of my day-to-day work, people ask me what is a CCIE? I thought about this for some time. I wrote some notes. And this is what I came up with: I am a dynamic figure, often seen scaling 8 foot computer racks and charming magnetic security cardswipes. I have been known to remodel SME networks on my lunch breaks, making them more efficient in the area of capital deployment, reliability and performance. I translate technobabble for Management, I write award-winning technical presentations and deliver them better than an American president announcing tax cuts. I can recite complete chapters of the Cisco Documentation CD, backwards and, with little effort and at the same time, perform decimal to binary conversion for very large numbers. I woo women with my sensuous and godlike MIDI playing on a notebook. I can pilot computer trolleys up severe inclines with unflagging speed, and I can rack Cisco gear faster than Arnold Schwarznegger can bench press. I am an expert in network diagramming tools, a veteran in web surfing, and know the Cisco Web Site better than I know my own family. Just to keep it interesting, I occasionally tread water for three days while programming Cisco practice labs. I manage time efficiently and can complete a timesheet every week. In addition, I know the part number for every Cisco router cable. Using only a Chinese AC power cord and a large glass of water, I once single-handedly rebuilt the network core of major co-location facility after the roof fell in. I used to play games, but now it's serious. I am the subject of numerous urban myths and I am the creator of a few as well. When I'm bored, I test fiber optic cable, calculate power loss sums on UTP and the minimum refraction index for 50 micron multimode fiber. I mean, what IS the point of it ? I understand that DLSW and Source Route Translational Bridging actually has a reason for existence. It's not just IBM playing a practical joke. Really. I enjoy urban guerilla activities. I can build a 802.11b parabolic dish antennae using surplus antennae from defunct satellite companies and a juice can. It has better performance than off the shelf products. I think that having a wind generator and solar array as power backup for my practice lab is not only responsible preparation, it's environmentally friendly too. On Wednesdays, after work, I repair old monitors free of charge for my local charity. I know that canonical to non-canonical conversion is not about religion, it's about ART. Microsoft geeks worldwide swoon over my original line of corduroy evening wear, which I don't understand -- it was supposed to be funny. I don't perspire. I am a private citizen, yet I receive fan mail. I have been caller number ten and have won the cash jackpot. I can speak IPX NLSP, AppleTalk, ATM PVC, QoS, and BGP to name a few, and redistribute routes at will, with filtering, using non contiguous masks. I install IPV6 on customer sites whenever I can, just so I can play with it. Same for OSPF NSSA. Children trust me. I can hurl squishy giveaway tradeshow toys at sales personnel with stunning accuracy, and ensure that the dweeb from administration gets the blame. I have charisma beyond normal mortals; if I didn't the boss would have sent the other guy to this exam. I once read Cisco Quality of Service, Caslow Bridges and Routers 2nd Ed, and Jeff Doyles' Routing TCP/IP Vol2 in one day, and still had time to do practice on a Frame Relay multipoint network, using OSPF and IGRP, split horizon, route maps and ISDN. I know the exact location of every food item in the supermarket and I use a link state protocol to calculate the shortest path to get there. I have performed several covert operations with the CIA. It was kind of fun having them follow me around. I know that security and privacy is a phantasm-like myth created by security companies to extract money from IT Managers who can't implement a decent security policy. But it's great fun to play with. I sleep once a week; when I do sleep, I sleep in a chair. I know exactly how much coffee my body will take to sustain me at peak function. While on vacation, I successfully negotiated with the hotel to fix their network in return for free accommodation. The laws of society do not apply to me. I balance, I weave, I dodge, I frolic, and my bills are all paid. On weekends, to let off steam, I participate in full-contact tech stock day trading. Years ago I discovered the meaning of life but forgot to write it down. I can originate default routes, conditionally, after redistributing from a classful distance vector protocol. I
RE: OT - CDP: Is it treated as a 'vulnerability' in your world? [7:65297]
In a Cisco IP voice environment, cdp must be enabled to communicate aux-vlan, power and QoS issues. I don't think that there is any workaround with this, is there? Robert -Original Message- From: Ian Henderson [mailto:[EMAIL PROTECTED] Sent: Thursday, March 13, 2003 5:40 AM To: [EMAIL PROTECTED] Subject: Re: OT - CDP: Is it treated as a 'vulnerability' in your world? [7:65285] On Thu, 13 Mar 2003, John Neiberger wrote: I can't think of any valid reason to turn off CDP within your network. On the edges--any connections to other networks, including the internet--I'd turn it off. But inside? Why turn it off? If someone already has access to your router in able to see the CDP information you've got much bigger problems than CDP! We actually used it as an auditing tool with a bit of perl hackery. The program created an array of CDP neighbours for each router, and then used that to create a network map database. This was used for generating real-time network maps (if something goes away, it leaves the map) and auditing to see if something was on the network that shouldn't be. Rgds, - I. -- Ian Henderson CCNA, CCNP Senior Network Engineer, Chime Communications LEGAL NOTICE Unless expressly stated otherwise, this message is confidential and may be privileged. It is intended for the addressee(s) only. Access to this E-mail by anyone else is unauthorized. If you are not an addressee, any disclosure or copying of the contents of this E-mail or any action taken (or not taken) in reliance on it is unauthorized and may be unlawful. If you are not an addressee, please inform the sender immediately. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65297t=65297 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem with Cicso VPN Client 3.6.3.B-k9 connectin [7:65152]
John, What version did you roll back to? Was the stateful firewall Always on checked? Do you have an firewall, system utilities software on this machine? Thanks, Robert Raver Cisco Systems Inc. [EMAIL PROTECTED] (801) 736-3939 Ext. 55664 Hrs. 6-2:30 MST - Original Message - From: John Brandis To: Sent: Tuesday, March 11, 2003 3:48 PM Subject: RE: Problem with Cicso VPN Client 3.6.3.B-k9 connectin [7:65107] I rolled back the client... -Original Message- From: Brian [mailto:[EMAIL PROTECTED] Sent: Wednesday, 12 March 2003 3:56 AM To: [EMAIL PROTECTED] Subject: RE: Problem with Cicso VPN Client 3.6.3.B-k9 connectin [7:65038] David, I encountered a similar problem.. The VPN client I was using had an intrinsic firewall that was blocking all traffic apart from that belonging to the VPN (even when it wasn't 'live'). To check this, right click on the VPN client icon within your system tray. can you see a 'Stateful Firewall' or 'Firewall' option ??? If so, uncheck this option and try to ping your machine - it should be as expected now. If not then you have a different problem elsewhere Hope this helps, Brian d tran wrote: Hi, I have Cisco VPN client version 3.6.3.B-k-9 (latest version) running windows XP Service Pack 1. The IP address of this window machine is 172.16.1.200. I set up extended authentication on the Pix firewall for remote Cisco VPN users and everything is working great. The outside interface of the firewall is 172.16.1.1 with a netmask of 24 The problem is that whenever the windows is rebooted, no one on the 172.16.1.0/24 network can ping this Windows XP machine. I do have a unix machine on the same network (172.16.1.100). Basically the windows XP machine can not do anything because it has no network connectivity. Even the firewall can not ping the Windows XP machine. The only way for this to work is for me to uninstall Cisco VPN Client and reboot the Windows XP box. After the reboot, windows is working again. Now under Windows XP Task Manager, I do see a process CVPND.exe running that I don't recall with previous versions of Cisco VPN Client. Anyone has run into this problem before? Regards, David - Do you Yahoo!? Yahoo! Web Hosting - establish your business online ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk ** The Solution 6 Head Office and NSW Branch has moved premises. Please make sure you have updated your records with our new details. Level 14, 383 Kent Street, Sydney NSW 2000. General Phone: 61 2 9278 0666 General Fax: 61 2 9278 0555 ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65152t=65152 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: to the moderator [7:65037]
Well, I would like to take this opportunity to thank Paul then. I have learned a lot just reading the interesting posts here. In fact, I keep a document of any particularly good tips for future reference. I would also like to thank a couple of the most active folks here, like Larry and Priscilla for sharing their obvious experience. This free site helps make my (and I'm quite sure, other folks') job a lot easier. Robert John Neiberger wrote in message news:[EMAIL PROTECTED] just wondering who is the moderator here? yesterday i could send messages ok, now, i can't, can u tell what you changed? and if so the reasons that made you do so? Paul, the list owner and operator, was working on a problem with the GroupStudy email system most of yesterday. It appears that it has been fixed. To answer your first question, there are actually several participants that act as moderators but we don't have any control over the actual operation of the system. Paul is the owner/operator and is also who we should thank for GroupStudy even being in existence. I mention that because he doesn't get nearly the credit he deserves for the amount of work he puts into a FREE site. :-) Regards, John One of several possible moderators Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65121t=65037 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Bandwidth calculations [7:65008]
Anyone know how the conversion techniques for converting bits, bytes, kilobits, etc, to calculate bandwidth usages? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65008t=65008 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: default router for 2950 switch [7:64489]
I believe the command you are looking for is ip default-gateway . Since the 2950 is an IOS based switch, the set commands don't apply here. J. Johnson wrote in message news:[EMAIL PROTECTED] All, Is there a way to set a default router for a 2950 switch? Apparently other 2900 switches have the set ip route default GATEWAYADDR command (see http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2900/cgcr29k/index.ht m - thanks, Priscilla) but not, as far as I can tell, on the 2950 (see http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12112cea/2950cr) FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX firewall port redirection [7:64533]
Can the following be done?? Inside int: 10.1.1.0 outside int: 172.16.1.0 static (inside, outside) 10.1.1.0 10.1.1.0 netmask 255.255.255.155 static (inside, outside) tcp 10.1.1.1 telnet 207.208.203.21 telnet netmask 255.255.255.255 Since these are overlapping, will it work? Thx *** | Bob Perez | | Intercept Payment Solutions | | [EMAIL PROTECTED] | | 100 West Commons BLVD | | New Castle, DE 19720 | Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64533t=64533 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Silly EIGRP question [7:64259]
If show ip eigrp doesn't give you what you're looking for, I think you're going to have to break down and use debug. If I'm wrong, I'm sure someone will correct me. Michael Williams wrote in message news:[EMAIL PROTECTED] I know this question sounds silly, but I can't for the life of me figure out how to do this: Short of debugging, how can I tell the last EIGRP update that was received on a router, from what neighbor that update came, and for what network(s) it updated? I know I can 'sh ip prot' and see when the last update was, but this isn't what I'm looking for. TIA, Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64271t=64259 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT on Cisco Catalyst 3550 [7:64239]
I checked the Network Address Translation Catalyst Switch Support Matrix on Cisco's website and confirmed that the 3550 does not support NAT. Michael Williams wrote in message news:[EMAIL PROTECTED] I don't believe the 3550 supports NAT. There was a recent discussion about this on the IE mailing list, and the conclusion was that the 3550 doesn't support NAT. There are some debug commands relating to NAT, but it seems to be part of the clustering. Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64272t=64239 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN client conflict [7:63951]
I'm not sure what the actual cause or fix is, but I had the same problem. I ended up uninstalling the ATT client to get it to work. supernet wrote in message news:[EMAIL PROTECTED] I have ATT VPN client on my laptop. It stopped working after I installed Cisco VPN client. Is there any conflict between them? Is there a work around? Thanks. Yoshi. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63989t=63951 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ACS Database [7:64007]
Hi All, With Cisco Secure ACS and the PIX Firewall if I use the PIX to auth VPN client connections with the shared password and then use the TACACS+ Server to ask for credentials will that info be passed to and from the client in clear text format over the internet? PAP?? I have not configured the ACS to use rRadius or anything just plain TACACS. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64007t=64007 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Eigrp neighbor loss [7:63925]
I was hoping someone could help out with a problem I am seeing. I just enabled logging of eigrp neighbor changes for the first time and noticed that there are constant neighbor changes going on over our WAN/LAN. First guess was the hello timers but since it is on the LAN this is not the issue. Some vlan interfaces have been up for weeks while others seem to go up and down every few seconds but both are going over the same ATM link between sites. Has anyone seen this behavior before? Code is 12.1(14). Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63925t=63925 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: L3 Switching Huh???? [7:63728]
Layer 3 switching combines the best of switching and routing in one platform. The main advantage here is speed. The way it works is, in a switch you have some kind of layer 3 routing engine (aka route processor, or RP). For example, the MSFC2 (Multilayer Switch Feature Card 2) is one of the options available for the Cisco 6500 (and a couple of others, I think) switches. When the switch receives a packet bound for a different VLAN, it sends it to the RP. The RP makes the routing decision and puts an entry in the route cache for the switch. The first packet in a flow is routed and the rest are switched at wire speed, hence the increase in speed. That's kind of a simplified view, but I think it gets the general idea across. So, layer 3 switching is both routing and switching, but faster (usually, anyway). DeVoe, Charles (PKI) wrote in message news:[EMAIL PROTECTED] I am under the impression that switching is a layer 2 function and that routing is a layer 3 function. I have seen several discussions talking about layer 3 switching. Could someone explain this to me? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63738t=63728 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: new access list problem [7:63715]
Couldn't you just use the wildcard mask 0.0.4.255 to deny 192.17.73.0 - 192.17.77.0? I used the Boson wildcard mask calculator to check this, and it gave me those networks. Andrew Larkins wrote in message news:[EMAIL PROTECTED] the first access-list will not work. The second one will also deny networks 192.17.72.0 and 78.0 as well as 79.0 - You are correct about zeros must make at 1's are don't care, but you need to understand the basic of subnetting. A 248.0 subnet mask means 8 Class C subnets. You have to start at a valid network address which in this case is 192.17.72.0 Router(config)#access-list 11 deny 192.17.73.0 0.0.7.255 Router#sho access-list 11 Standard IP access list 11 deny 192.17.72.0, wildcard bits 0.0.7.255 Notice that it fixes your mistake for you. Regards Andrew CCNP, CCDP, CSS1 -Original Message- From: Jason Steig [mailto:[EMAIL PROTECTED] Sent: 25 February 2003 16:26 To: [EMAIL PROTECTED] Subject: new access list problem [7:63715] Hello i networks 192.17.73.0 - 192.17.77.0 is there anyway to deny these networks with one entry in an access list? such as deny 192.17.73.0 0.0.248.255? is this going to deny these networks? it's also going to black hole several other networks though. Or does the list have to be deny 192.17.73.0 0.0.7.255 ? i thought zeros must match and ones we don't care. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63742t=63715 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: new access list problem [7:63715]
I replied earlier, but it didn't seem to come through. Anyway, you should use the wildcard mask 0.0.4.255. That will match the addresses 192.17.73.0 - 192.172.77.255, which I think is what you want. In case you don't already have it, download Boson's free wildcard mask calculator at the following link. http://www.boson.com/promo/utilities/wildcard/wildcard.htm Hope that helps. Robert Jason Steig wrote in message news:[EMAIL PROTECTED] Hello i networks 192.17.73.0 - 192.17.77.0 is there anyway to deny these networks with one entry in an access list? such as deny 192.17.73.0 0.0.248.255? is this going to deny these networks? it's also going to black hole several other networks though. Or does the list have to be deny 192.17.73.0 0.0.7.255 ? i thought zeros must match and ones we don't care. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63758t=63715 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: cisco 2950 and trunk negotiation [7:63466]
The reason that the 2950's do not support ISL trunking is that Cisco is gradually moving towards supporting the major standards more and proprietary standards less. As part of this plan they are beginning to make switches that only support dot1q trunking. At least that's what a TAC engineer told me. However, this brought up the question, What about EIGRP? He assured me that some of the proprietary stuff like EIGRP, where there is a real tangible benefit to using it, will stay. Robert John Brandis wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Any one else noticed that on the 2950, and I guessing other catalyst low end switch's, that one cant define the encapsulation of the trunk link. Yes it will auto negotiate, however I feel that control has been pulled away from me. I also dont like on the 4006, that you can only define this same setting (if you have a GBIC Module) for the first 2 GBIC ports. The rest of the ports default to dot1q. Thankfully I use this, but I am betting that there are the odd people out there who may use ISL... Can some one tell me, is possible, how to define what type of trunk I wish to use on the 2950 using IOS 12.1(11) Thanks all John (please correct where I am wrong) ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk ** The Solution 6 Head Office and NSW Branch has moved premises. Please make sure you have updated your records with our new details. Level 14, 383 Kent Street, Sydney NSW 2000. General Phone: 61 2 9278 0666 General Fax: 61 2 9278 0555 ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63509t=63466 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN routing [7:63412]
By default a trunk port will carry all VLANs, which it will need to do in the setup you have illustrated. If you prune the other VLANs at the second switch, the users in VLANs 3 and 4 on the third switch will be cut off. Happy World wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear All, I am new newbie in VLAN routing and don't have enough equipments to test myself. If I have the following setup. The tagged port 1 need include vlan 1,2,3,4 or simply include vlan 1,2 to make all 4 VLANs routable? Similiar in tagged port2, include 1,2,3,4 or 3,4 only? Layer3 switch /\ / \ tagged port1 tagged port2 /\ / \ Layer2 switchLayer2 switch /\ / \ vlan1 vlan2 vlan3vlan4 Thanks in advance. rgds, Happy World Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63422t=63412 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: layer 3 switch [7:63407]
Just set the 3550 as a VTP client in your current domain and it will just be a layer 2 device. Or order it with the SMI software load rather than the EMI. wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello All: Question - By default, out of the box, will a L3 switch simply act as a L2 switch? I am planning to purchase a Cisco 3550-12G, along with other fiber gigabit ready L2 switches for a LAN upgrade. The current LAN is one huge flat network with a mixture of hubs and switches. I plan to install the 3550 and use it simply as a device to connect the different areas. I do not want the 3550 to act as a L3 switch to start. Is it possible to install this switch and have it act as a L2 device. I would then later start segmenting and enabling the L3 functions of the 3550. Any other suggested implementation methods? This goes along well with my current CCNP switching exam studies, nothing like a little OJT. Thanks, Tim Note: This e-mail contains PRIVILEGED and CONFIDENTIAL information intended only for the use of the specific individual or entity named above. If you or your employer is not the intended recipient of this e-mail or an employee or agent responsible for delivering it to the intended recipient, you are hereby notified that any unauthorized dissemination or copying of this e-mail is strictly prohibited. If you have received this transmission in error, please immediately delete the message and advise the above by telephone, email or fax response to this message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63420t=63407 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN Client help!! [7:63333]
Don't quote me, but I do believe the access list is necessary as it actually tells the router which traffic to encrypt. PERMIT =ENCRYPT and DENY=DON'T ENCRYPT. I think the following Cisco link may help answer your question best. http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secu r_c/scprt4/scdipsec.htm#37434 Antero Vasconcelos wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I have a router connected to internet and remote clients with VPN-Client 1.1. They need to browse the networkview some hosts and access to some network services. the service don't work until I configure the access-list in the interface interface Serial0.80 point-to-point description Ligacao para VPNs sobre internet *** bandwidth 192 ip address xxx.xxx.xxx.210 255.255.255.252 ip access-group 180 in no ip route-cache no ip mroute-cache no cdp enable frame-relay interface-dlci 80 class net-112k crypto map mymap access-list 180 permit ahp any host xxx.xxx.xxx.210 access-list 180 permit esp any host xxx.xxx.xxx.210 access-list 180 permit udp any host xxx.xxx.xxx.210 eq isakmp access-list 180 permit tcp any host 192.168.0.2 eq 137 access-list 180 permit tcp any host 192.168.0.2 eq 138 access-list 180 permit tcp any host 192.168.0.2 eq 139 access-list 180 permit udp any host 192.168.0.2 eq netbios-ss access-list 180 permit udp any host 192.168.0.2 eq netbios-dgm access-list 180 permit udp any host 192.168.0.2 eq netbios-ns access-list 180 permit tcp any host 192.168.0.4 eq 137 access-list 180 permit tcp any host 192.168.0.4 eq 138 access-list 180 permit tcp any host 192.168.0.4 eq 139 access-list 180 permit udp any host 192.168.0.4 eq netbios-ss access-list 180 permit udp any host 192.168.0.4 eq netbios-dgm access-list 180 permit udp any host 192.168.0.4 eq netbios-ns access-list 180 deny ip any any log Isthis necessary, or i miss something Thx in advance. Antero Vasconcelos Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63353t=6 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Can this nat be done on a pix?? [7:63281]
Please help, I went with PIX instead of CP and I cannot find a way to do this now!!! Setup PIX 515E-ur - | PIX inside PIX intf2| | 192.168.25.0/24 10.178.25.25/16 | | | | | | Inside get nat when | | going to intf2 | Network Network I want the following NAT setup to happen: If src inside=any, dst intf2=10.178.10.10 then xlate src=10.178.70.20 If src inside=any, dst intf2=10.178.10.11 then xlate src=10.178.80.30 If src inside=any, dst intf2=10.178.10.12 then xlate src=10.178.90.40 otherwise if src inside=any, dst intf2=any then no Xlate I do not want to use statics because there are alot of different boxes and there is no router in this setup that can perform the nat Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63281t=63281 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Layer 3 switching [7:63304]
I'm fairly certain the answer to your first question is no, the switch will not be intelligent enough to switch it to the appropriate port automatically. The reason is that the switch must go through a layer 3 device to get from one VLAN (aka IP subnet) to another. I don't think this is a real issue since the rest of the traffic is switched at wire speed, introducing very little (almost no) latency. There are however switches on the market, even by Cisco that will do this. Any layer 3 switch will do. For example, the Cisco 2948G-L3 switch. Check out their website under Products and Technologies for more information. Han Chuan Alex Ang wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... hi, I am trying to have a clearer picture of the layer 3 switching concept. Assuming that I have a Core Catalyst 6 series switch with layer 3 switching capabilities, I have a Access layer switch connected to the core with two port label Vlan 1 subnet 1 and Vlan 2 subnet 2, when frames is sent from from Vlan 1 to Vlan 2 on the same Access switch, my understanding is that for layer 3 switching , it will evoke a route one and switch the rest concept , my question is that, after the first route , if no Access list has been created, will the the Access switch be smart enough to perform internal switching, that is , frame direct from Vlan 1 to Vlan 2 internally within the Access switch. If the answer is no, Are there switches on the market that is routing by this concept, please advice , thanks to all the guys who have tried to entertain all my questions Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63312t=63304 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX enable SYN Floodguard by default on outer int? [7:63314]
Check the following link and see if it has the answer to your question: http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration _guide_chapter09186a008008d313.html Richard Campbell wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi.. Group, May I know whether the SYN Floodguard is enabled on PIX outside interface or I have to manually enable by the following command PIX(config)#nat (outside) 1 0.0.0.0 0.0.0.0 8000 8000 Is the command correct? assuming my nat_id is 1. Thanks a lot _ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63314t=63314 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN Dialer Watch on 4500 [7:62423]
And you have a dynamic routing protocol watching the routes and it is able to see when the one you specify disappears? Could you post your config? -Original Message- From: Nelson Herron [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 04, 2003 12:55 AM To: [EMAIL PROTECTED] Subject: ISDN Dialer Watch on 4500 [7:62423] Are there any special tricks to getting a dialer watch to work on a 4500 NP-4B? I have tried the configurations from the web site and from Solie's book on a 4500 w/4B connecting to a 4000M/4B via a Teltone Demonstrator. I cannot get the ISDN to show any dialer event activity when I unplug the serial cable. Packet debug shows the dialer conditions appropriately (primary, secondary down) but no attempt appears to be made to dial out. I'm using IOS 12's. I've tried clearing the int bri's, shut/no shut the bri on each end, turning off the demonstrator, reloading the router. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62439t=62423 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Nat question [7:62379]
Hi all, I have the following config and want to know if there will be a problem since two route-maps point to the same pool? If I get a successful FTP connection and then try the HTTP connection the router drops the packet. Can a pool only be used by one nat statement? ip nat pool to-home 208.248.24.37 208.248.24.37 prefix-length 24 ip nat inside source route-map map1 pool to-home overload ip nat inside source route-map map2 pool to-home overload access-list 108 permit tcp 192.168.0.0 0.0.255.255 host 68.46.102.299 eq ftp access-list 125 permit tcp 192.168.0.0 0.0.255.255 host 68.46.102.299 eq www route-map map1 permit 10 match ip address 108 ! route-map map2 permit 10 match ip address 125 *** | Bob Perez | | Intercept Payment Solutions | | [EMAIL PROTECTED] | | 100 West Commons BLVD | | New Castle, DE 19720 | | Phone: 302.326.0700 | | Cell: 302.420.6883 | | www.intercept.net | | | -- | | || || | :|: :|: | | :|||: :|||: | | ..:|||:...:|||:.. | | ___ | | C i s c o S y s t e m s | | CCNA CCNP MCSE NET+ | | | *** Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62379t=62379 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
In a pix or router, can you nat the Source IP based on dest [7:62277]
*** | Bob Perez | | Intercept Payment Solutions | | [EMAIL PROTECTED] | | 100 West Commons BLVD | | New Castle, DE 19720 | | Phone: 302.326.0700 | | Cell: 302.420.6883 | | www.intercept.net | | | -- | | || || | :|: :|: | | :|||: :|||: | | ..:|||:...:|||:.. | | ___ | | C i s c o S y s t e m s | | CCNA CCNP MCSE NET+ | | | *** Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62277t=62277 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: debug commands [7:62107]
logging on logging buffered informational Access-list 101 permit ip 10.10.10.1 0.0.0.0 any log access-list 101 permit ip any any Apply that ACL to an interface in the direction traffic will be flowing and when that host traverses the Router you can do a show log and it should have created an entry. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: debug commands [7:62107] If I want to see all IP traffic from host 10.10.10.1 on a cisco router, what would the debug command look like? I looked at the help menu and I think its debug ip packet but then the options are: Access list Access list (expanded range) Do I have to create an access-list for the hosts I want to monitor? I'm used to using tcpdump and snoop so the debug commands are awkward for me. Its a production router so I know I can crash it if I'm not careful with this. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62118t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IOS version question [7:62108]
Look here. http://www.cisco.com/warp/public/620/roadmap.shtml -Original Message- From: Raj [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: IOS version question [7:62108] on the 1700 routers, Which is the latest version of these two: 12.2.13 OR 12.2(4)YA2 thank you Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62119t=62108 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Need help with PIX natting [7:62044]
I am using 3 interfaces, Inside 100 and Eth2(Vendor1) 90 and eth3(Vendor2) 80 I want all traffic leaving the inside going to ethernet 2 to not have nat. So I have setup statics as follows: access-list vendor1-outbound permit tcp host 204.26.258.32 host 254.254.254.254 eq ftp access-list vendor1-outbound deny ip host 204.26.258.32 any access-list vendor1-outbound permit ip any any access-list vendor2-outbound permit ip any any ip address outside 127.0.0.1 255.255.255.255 ip address inside 172.31.1.10 255.255.0.0 ip address vendor1 172.30.254.10 255.255.255.0 ip address vendor2 67.128.7.129 255.255.255.192 ip address intf4 127.0.0.1 255.255.255.255 ip address intf5 127.0.0.1 255.255.255.255 static (inside,vendor1) 172.16.5.0 172.16.5.0 netmask 255.255.255.0 0 0 static (inside,vendor1) 172.16.4.0 172.16.4.0 netmask 255.255.255.0 0 0 static (inside,vendor1) 172.31.0.0 172.31.0.0 netmask 255.255.0.0 0 0 static (inside,vendor1) 254.254.254.254 254.254.254.254 netmask 255.255.255.255 access-group vendor1-outbound in interface vendor1 access-group vendor2-outbound in interface vendor2 Now this all works beautifully but I want to change it so that when 172.16.5 goes to 204.26.258.32 it gets natted to 254.254.254.254 otherwise it stays the same going anywhere else. PLEASE HELP *** | Bob Perez | | Intercept Payment Solutions | | [EMAIL PROTECTED] | | 100 West Commons BLVD | | New Castle, DE 19720 | | Phone: 302.326.0700 | | Cell: 302.420.6883 | | www.intercept.net | | | -- | | || || | :|: :|: | | :|||: :|||: | | ..:|||:...:|||:.. | | ___ | | C i s c o S y s t e m s | | CCNA CCNP MCSE NET+ | | | *** Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62044t=62044 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
trunking 10/100 access ports for avaya ip phone [7:62045]
Anyone have any insight on the pro's or con's regarding applying trunks to all 10/100 access ports on a 6509. Presently, I have a cisco voIP environment - using a data vlan and an auxiliary vlan for voice traffic. I've been asked to make an avaya phone work in this environment. Input from Avaya had me make the access port a trunk, make the data vlan the default vlan and apply the aux vlan to the port as well. It does work - my question is in regards to performance and/or design best practices. TIA Robert LEGAL NOTICE Unless expressly stated otherwise, this message is confidential and may be privileged. It is intended for the addressee(s) only. Access to this E-mail by anyone else is unauthorized. If you are not an addressee, any disclosure or copying of the contents of this E-mail or any action taken (or not taken) in reliance on it is unauthorized and may be unlawful. If you are not an addressee, please inform the sender immediately. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62045t=62045 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX to Router -Urgent [7:61450]
All depends if you setup natting within the Linux box. If not the IP will stay the same and never change. -Original Message- From: Guruprasad Sanjeevi [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 22, 2003 10:30 AM To: [EMAIL PROTECTED] Subject: RE: PIX to Router -Urgent [7:61450] A basic question to group and u. My internal network is 192.168.50.x my valid segment is 210.4.51.x network on which my internet router lies. To access these 2 networks I have linux machine with 2 NIC's one for 50.x and another for 210.x which is enabled as a router firewall. When I try to ping from my inside network i.e 1.x to my 210 network will the source ip address change? OR what would be the ip address of any packet coming out of the linux box? Sorry if this a very basic question .Need explanation Expecting a reply Thanks Guruprasad I don't have access to the book u mentioned. Still waiting for an example Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61587t=61450 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco VPN Client 4.0 -- BETA [7:61589]
Hey, For all those interested the 4.0 VPN Client(BETA) will be in March/April. This VAN Client is totally rebuilt and has some very nice new features. Thought I would just let everyone know. Thanks, Robert Raver Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61589t=61589 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco VPN Client 4.0 -- BETA [7:61589]
Charles, Some of the new features will include: -New SHIM Interface(This is the biggest) -This will let it run with other VPN Clients on the machine -This will let it work with DNS/WINS allot better. -With the new SHIM interface it will support products such as NetMeeting -It will support AES -New authorization features(such as integration with RSA SoftID.) Thanks, Robert Raver - Original Message - From: Charles Riley To: Sent: Wednesday, January 22, 2003 12:04 PM Subject: Re: Cisco VPN Client 4.0 -- BETA [7:61589] Robert, What new features does it have,and what problems will it solve? TIA, Charles Robert Raver wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hey, For all those interested the 4.0 VPN Client(BETA) will be in March/April. This VAN Client is totally rebuilt and has some very nice new features. Thought I would just let everyone know. Thanks, Robert Raver Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61611t=61589 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: vlan on a 3548 catalyst [7:61398]
Thanks all but it does not support the interface range command so I had to do it thru the gui! -Original Message- From: Larry Letterman [mailto:[EMAIL PROTECTED]] Sent: Monday, January 20, 2003 5:45 PM To: [EMAIL PROTECTED] Subject: Re: vlan on a 3548 catalyst [7:61398] Its not available on this version of software on the 3548 I use for my lab... the version is listed below Cisco Internetwork Operating System Software IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5.2)XU, MAINTENANCE INTERIM SOFTWARE Larry Letterman Network Engineer Cisco Systems - Original Message - From: MADMAN To: Sent: Monday, January 20, 2003 1:31 PM Subject: Re: vlan on a 3548 catalyst [7:61398] I don't have a 3548 to look at but does it supoort the interface range command? if so yes you do have the one swoop capability. Dave Robert Perez wrote: Bob Perez wrote in message news:... Can I assign multiple ports to a vlan in one swoop rather than each one individually? IOS on a 3548XL -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61455t=61398 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Connecting WIC-1DSU? [7:61487]
yes you can do it. It uses pins 1,2 4,5. So you make a crossover cable with each pair 1 2 2 1 4 5 5 4 -Original Message- From: Mike Mihalas [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 21, 2003 2:32 PM To: [EMAIL PROTECTED] Subject: Connecting WIC-1DSU? [7:61487] Is it possible to connect a WIC-1DSU-T1 to another WIC-1DSU-T1 to simulate a circuit? I have two 2600's that I would like to connect to do some testing with. If it is possible, do I need a special cable? Thanks in advance, Mike Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61502t=61487 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
vlan on a 3548 catalyst [7:61398]
Bob Perez wrote in message news:... Can I assign multiple ports to a vlan in one swoop rather than each one individually? IOS on a 3548XL Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61398t=61398 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: cisco 2600 rtr [7:61399]
Bob Perez wrote in message news:... I have a 2620 rtr and would like to debug the traffic of a particular ip but the only way I know to do it is byu the following: debug ip packet 101 where 101 is an acl that says ermit ip any any. Is there a better way to do this so that it only logs that particular ip top the screen rather than all the traffic? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61399t=61399 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP load balancing questions [7:61095]
Hello groupstudy, I've been banging my head against the wall and figured I would defer this question to those of you more learned and experienced. Here is the the scenario: 2 routers running BGP Router 1 has a connection to ISP 1 and router 2 has a connection to ISP 2 Each receives full routes. Each provider has given us a class C address Only the class C from provider 1 is actively used, because provider 2 will probably be dropped eventually(ssshhh don't tell ARIN) The class C is advertised to both ISPs, however ISP 1 aggregates this address space so instead of being 1.1.1.x /24 it's 1.1.x.x /16 This was checked using various looking glasses. What that means is that traffic to my Class C will arrive primarily via ISP 2 because it will see the /24 I advertise though it. That is bad, for various reasons. Mainly because we are charged by usage from ISP2, but also because we are going to upgrade ISP1 to a fractional t3 and use ISP 2 primarily as a backup eventually. Also the traffic coming in is 90% via ISP 2 and 10% via ISP 1. If I remember from my studying so long ago, even prepending my AS number to ISP 2 will not work, becuase it doesn't even make it to that criteria, but rather see the /24 and chooses that route. I searched some newsgroups, but amazingly enough nobody seemed to have this issue. I saw someone who had a larger block than /24 and some suggestions there but that would not work in this case. Options not available: Using the Class C from Carrier 2 to load balance using IP space and traffic types Getting a class C independant of a provider from ARIN. (That costs money :)) Robert Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61095t=61095 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]