RE: {Spam?} question on acl [7:75258]

[Robert Perez]

You would have to do each host individually as:

access-list 110 deny tcp host 192.168.2.2 host 192.168.1.254 eq 23

You cannot choose only even addresses with any kind of command. Atleast not
that I am aware of.

-Original Message-
From: Yong Wee [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 11, 2003 11:34 AM
To: [EMAIL PROTECTED]
Subject: {Spam?} question on acl [7:75258]


Hi,
   How do you write an ext acl to block telnet access from even addresses in
subnet 192.168.2.0/24 (i.e, .2, .4, .6 etc) to server 192.168.1.254?

thks,
yongwee
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=75270t=75258
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Aux port and modem connectivity [7:74909]

[Robert Perez]

The fix was to implement the statement ats0=0 (causes the modem to never
answer) in the modemcap entry or chatscript.  I like the modemcap entry the
best..

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, September 09, 2003 9:15 AM
To: [EMAIL PROTECTED]
Subject: RE: Aux port and modem connectivity [7:74909]


line aux 0
 exec-timeout 0 0
 modem InOut

What about 
modem out?

Martijn 


-Oorspronkelijk bericht-
Van: Robert Perez [mailto:[EMAIL PROTECTED]
Verzonden: vrijdag 5 september 2003 17:49
Aan: [EMAIL PROTECTED]
Onderwerp: Aux port and modem connectivity [7:74909]


Guys,

If I have a modem connected to the AUx port can can I harden the cisco so
that it can make calls but will never be able to receive any calls?  Here is
kind of my config.. Thx,.

 
interface Async65
 bandwidth 28
 ip address 192.168.116.64 255.255.255.0
 encapsulation ppp
 dialer in-band
 dialer idle-timeout 300
 dialer wait-for-carrier-time 15
 dialer map ip 172.20.241.1 
 dialer hold-queue 25
 dialer-group 1
 async default routing
 async mode interactive
 pulse-time 3
 no cdp enable
 ppp authentication chap

access-list 101 deny   udp any any
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101

line aux 0
 exec-timeout 0 0
 modem InOut
 modem autoconfigure discovery
 transport input all
 stopbits 1
 speed 115200
 flowcontrol hardware


***
| Bob Perez   |
| Intercept Payment Solutions |
| [EMAIL PROTECTED]  |
| 100 West Commons BLVD   |
| New Castle, DE  19720   |
| Phone: 302.326.0700 |
| Cell:  302.420.6883 |
| www.intercept.net   |
| |
---
| |
||   ||
|   :|: :|:   |
|  :|||:   :|||:  |
|  ..:|||:...:|||:..  |
| ___ |
|  C i s c o  S y s t e m s   |
|   CCNA  CCNP  MCSE   NET+   |
| |
***

Confidentiality Notice: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message. **Please support GroupStudy by purchasing from the GroupStudy
Store: http://shop.groupstudy.com FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=75074t=74909
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Aux port and modem connectivity [7:74909]

[Robert Perez]

Guys,

If I have a modem connected to the AUx port can can I harden the cisco so
that it can make calls but will never be able to receive any calls?  Here is
kind of my config.. Thx,.

 
interface Async65
 bandwidth 28
 ip address 192.168.116.64 255.255.255.0
 encapsulation ppp
 dialer in-band
 dialer idle-timeout 300
 dialer wait-for-carrier-time 15
 dialer map ip 172.20.241.1 
 dialer hold-queue 25
 dialer-group 1
 async default routing
 async mode interactive
 pulse-time 3
 no cdp enable
 ppp authentication chap

access-list 101 deny   udp any any
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101

line aux 0
 exec-timeout 0 0
 modem InOut
 modem autoconfigure discovery
 transport input all
 stopbits 1
 speed 115200
 flowcontrol hardware


***
| Bob Perez   |
| Intercept Payment Solutions |
| [EMAIL PROTECTED]  |
| 100 West Commons BLVD   |
| New Castle, DE  19720   |
| Phone: 302.326.0700 |
| Cell:  302.420.6883 |
| www.intercept.net   |
| |
---
| |
||   ||
|   :|: :|:   |
|  :|||:   :|||:  |
|  ..:|||:...:|||:..  |
| ___ |
|  C i s c o  S y s t e m s   |
|   CCNA  CCNP  MCSE   NET+   |
| |
***

Confidentiality Notice: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74909t=74909
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: IPSEC/GRE [7:74668]

[Robert Goralski]

Hello Jens:


Look under the tunnel interface and negate the keepalive statement.
no keepalive [seconds[retries]]


Regards
Robert


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74735t=74668
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: What is the difference between 100BaseT and 10 [7:74587]

[Robert Goralski]

90 Mb.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74736t=74587
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

PRI to PRI - HELP !!! [7:74433]

[Robert Bentley]

Hi

I'm slowly getting my teeth into the world of cisco - but I am struggling to
set up the following.
I have two Cisco 2611XM routers, each with a serial card and a PRI card.
I have set up the serial interfaces with a 30 bit IP address range, and the
2Mb serial link works well. I would now like to setup the PRI interfaces, to
connect if ever the serial link fails. I have done this before with BRI
ISDN, but not with PRI. The plan is to get all 15 channels to come into use,
giving me 15x64k=1Mb link (approx)

I can't find any examples on the cisco site - they all talk about a PRO
dialling multiple BRI's.

Can anyone assist with two sample configurations, showing the simplest way
to achieve this?

Many Thanks,

Rob Bentley
Bournemouth, UK


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74433t=74433
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: Dumb Question [7:74315]

[Robert Edmonds]

To add to Chuck's comment: If you're familiar with Cisco, your sanity is
also the difference.  The way Nortel configures their routers is
dramatically different and can leave you very frustrated if you're not used
to them.  Do they still use Site Mangler...er, I mean Manager?  In all
honesty, it's probably a lot easier, but if you're a CLI officianado, a GUI
can really screw with your mind.

Robert

Chuck Whose Road is Ever Shorter  wrote in
message news:[EMAIL PROTECTED]
 Aspiring Cisco Gurl  wrote in message
 news:[EMAIL PROTECTED]
  Here is another dumb question... what is the difference between Extreme
  network equipment and cisco equipment?

 depending on the model, a few thousand bucks ;-

 
  I know that Cisco and Nortel... main diff is cli and menu driven.
  **Please support GroupStudy by purchasing from the GroupStudy Store:
  http://shop.groupstudy.com
  FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 **Please support GroupStudy by purchasing from the GroupStudy Store:
 http://shop.groupstudy.com
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74346t=74315
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Books for CCNP [7:74010]

[Robert Kimble]

I've always used cisco press, exam cram, and routersim.

Although, I used the Sybex book for the remote access test and it was
definitely top notch.

I know a couple people who used the sybex book for the bsci and they swear
by it.

As far as practice tests go I would recomend transcender.

Hope that helps ;-)


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74019t=74010
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

hsrp default route in ospf [7:74017]

[Robert Kimble]

Howdy all,

I have two 6509's with hsrp running between their msfc's.

OSPF is advertising the ip addresses of interfaces of the routers instead of
the virtual ip that I set up in hsrp.

Since hsrp fails over faster than ospf, I was wondering if there is a way to
have ospf advertise the virtual ip address instead of the interface addresses?

Any suggestions are much appreciated ;-)


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74017t=74017
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: hsrp default route in ospf [7:74017]

[Robert Kimble]

Why would that not make sense?


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74023t=74017
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: hsrp default route in ospf [7:74017]

[Robert Kimble]

That makes sense.

I managed to find the same answer after doing some reading on Cisco's site.

I appreciate the info.

Thanks Zsombor!


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74026t=74017
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

hsrp icmp redirects NEVERMIND [7:73974]

[Robert Kimble]

Wow.

It must've been a late night last night.

I figured out the problem.

It had nothing to do with icmp.

Thank you!


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73974t=73974
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Pix 506e, 1721 router [7:73521]

[Robert Perez]

you said vpn pix-2-pix, so how does the router come into play?  If he is
just a transit device you need not do anything.

-Original Message-
From: zak spaniol [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, August 05, 2003 12:57 PM
To: [EMAIL PROTECTED]
Subject: Re: Pix 506e, 1721 router [7:73521]


I am going to be performing a VPN pix to pix configuration, the only part I
am not sure of is how to configure router.  Any suggestion?
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73547t=73521
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: Port redirection on a PIX [7:73065]

[Robert Edmonds]

What about changing INTERFACE OUTSIDE to your NATed outside IP address?

NetEng  wrote in message
news:[EMAIL PROTECTED]
 I get the error Invalid global IP address OUTSIDE.  I also tried it w/o
 'interface'. If you can offfer any more help I would appreciate it as I
 really need to get this fixed. Thanks.


 Robert Edmonds  wrote in message
 news:[EMAIL PROTECTED]
  With regards to these two lines:
 
   static (inside,outside) tcp interface ftp 192.168.0.1 ftp netmask
   255.255.255.255 0 0
   static (inside,outside) tcp interface www 192.168.0.1 www netmask
   255.255.255.255 0 0
 
  I believe they should read:
 
  static (inside, outside) tcp interface OUTSIDE ftp 192.168.0.1 ftp
netmask
  255.255.255.255
  static (inside, outside) tcp interface OUTSIDE ftp 192.168.0.1 ftp
netmask
  255.255.255.255
 
  If I am wrong, I'm sure I will be severely reprimanded...I mean
corrected.
 
 
  NetEng  wrote in message
  news:[EMAIL PROTECTED]
   I am still not able to connect to my web and ftp services. I have
pasted
  the
   relative info below. Am I missing something or do is my config wrong?
   :
   PIX Version 6.1(3)
   nameif ethernet0 outside security0
   nameif ethernet1 inside security100
   access-list 101 permit icmp any any unreachable
   access-list 101 permit icmp any any time-exceeded
   access-list 101 permit icmp any any echo-reply
   access-list 102 permit tcp any any eq ftp
   access-list 102 permit tcp any any eq www
   pager lines 24
   interface ethernet0 10baset
   interface ethernet1 10full
   mtu outside 1500
   mtu inside 1500
   ip address outside dhcp setroute
   ip address inside 192.168.0.100 255.255.255.0
   global (outside) 1 interface
   nat (inside) 1 0.0.0.0 0.0.0.0 0 0
   static (inside,outside) tcp interface ftp 192.168.0.1 ftp netmask
   255.255.255.255 0 0
   static (inside,outside) tcp interface www 192.168.0.1 www netmask
   255.255.255.255 0 0
   access-group 102 in interface outside
  
   Thanks for the help so far
  
  
   Scott  wrote in message
   news:[EMAIL PROTECTED]
static (inside,outside) tcp interface ftp 10.1.1.3 ftp netmask
255.255.255.255 0 0
   
Scott
NetEng  wrote in message
news:[EMAIL PROTECTED]
 I'm trying to do port redirection on my PIX and here's the example
  from
 Cisco. My problem is my outside interface is set for DHCP. How do
I
   change
 the command to reflect a dynamic outside address?

 static (inside,outside) tcp 172.18.124.99 ftp 10.1.1.3 ftp netmask
 255.255.255.255 0 0




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73537t=73065
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: Loopback Interface [7:73305]

[Robert Edmonds]

Rusty, was there a URL here that was truncated?  If so, I would very much
like to see it.  n_guide_chapter09186a0080087da4.html#3302

Wilmes, Rusty  wrote in message
news:[EMAIL PROTECTED]
 n_guide_chapter09186a0080087da4.html#3302

 -Original Message-
 From: Robert Edmonds [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, August 05, 2003 9:47 AM
 To: [EMAIL PROTECTED]
 Subject: Re: Loopback Interface [7:73305]


 You gentlemen have pointed out some good uses for loopback interfaces.
 However, my dilema still remains that I have yet to have somebody solidly
 explain loopback interfaces in a way that my simple mind can understand.
I
 have also been unsuccessful in finding any website that accomplish this.
 Any takers?

 Robert

 p b  wrote in message
 news:[EMAIL PROTECTED]
  terminate iBGP sessions on
 **Please support GroupStudy by purchasing from the GroupStudy Store:
 http://shop.groupstudy.com
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 **Please support GroupStudy by purchasing from the GroupStudy Store:
 http://shop.groupstudy.com
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73635t=73305
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

c4224 problems [7:73517]

[Robert Kimble]

I know these are discontinued and I would do well not to use them, but

The company I work for has 3 of them laying around and they want me to build
a test network using them.

I've been playing around with one and I can't seem to save the running
config?!

I've read the software config documents on cisco.com and tried both copy run
start and write mem.

Both say they are building the config and then [ok].

c4224#copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
c4224#

(then just for the heck of it):

c4224#write mem
Building configuration...
[OK]
c4224#

Now if I reload or power cycle the c4224 it doesn't save the config.

It just askes me if I want the initial config dialog and the prompt goes
back to gateway.

Also, when I create vlans they don't show up in the show vlan command. But
that's another issue I guess.

Any way, has anyone else had problems saving their configs on a c4224?

-Bobby








Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73517t=73517
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: c4224 problems [7:73517]

[Robert Kimble]

D'oh!

You're right.

I had to recover the password when I first got the switch and I forgot to
set the conf reg back to 0x2102.

My mistake.

Thanks for the help!


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73532t=73517
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

udld [7:73730]

[Lopez, Robert]

Anyone out there make it a common practice to implement UDLD on Cat 6509
GigE uplinks?  

TIA,

Robert 


LEGAL NOTICE
Unless expressly stated otherwise, this message is confidential and may be
privileged. It is intended for the addressee(s) only. Access to this E-mail
by anyone else is unauthorized. If you are not an addressee, any disclosure
or copying of the contents of this E-mail or any action taken (or not taken)
in reliance on it is unauthorized and may be unlawful. If you are not an
addressee, please inform the sender immediately.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73730t=73730
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

hsrp and icmp redirects [7:73972]

[Robert Kimble]

Ok.

I'll try to explain what happened as best as I can.

We have two 6509's each with an msfc and until last night we were only using
the msfc on one of them.

Last night I brought up the second msfc and set up hsrp between the two.

everything worked great here in the office last night. However, this morning
our branch offices had no connectivity to us.

My boss went in and turned off icmp redirects on the vlan interfaces on the
second msfc and everything was fine.

1. I thought icmp redirects were disabled automatically when you configure
hsrp on an interface.

2. How did turning off the redirects fix the problem? (I would ask my boss
but I probably look bad enough).

Any way.

Please let me know if you need more info to answer this question.

-Bobby


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73972t=73972
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

CCNP Equipment Lis [7:73983]

[Robert N Myhre]

Hi all... I apologize if this shows up twice... I waited half a day and the
original never showed up.

Anyway,
Has anyone seen or know what the current equipment list is for the CCNP
track?

Specifically:

1) What switches are now being used/tested on in BSMSN 2.0?

2) Is the BCRAN 2.0 test still testing on that useless 700 router?

3) What switches are now being tested on? Has the CatOS been dropped or is
the 5500 still valid?

Thanks


--
Robert N Myhre
CCIE #9837




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73983t=73983
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: can't login to nt domain [7:73861]

[Robert Edmonds]

We had this exact same problem on our network.  Turned out to be a corrupt
WINS database.  However, since I am not in charge of the servers, and the
guy who was still (1 year later) has not repaired the WINS database, the
solution for me was to add a line in the lmhosts file pointing to the domain
controller on the Win95/98 machines.

   DCNAME #PRE  #DOM:domainname


Purwanto (PECTECH)  wrote in message
news:[EMAIL PROTECTED]
 Quick questions:
 1. I can't login to nt domain server in network B (172.20.0.0/22) from
 client in network A (172.20.8.253/24) especially from win95/98/me but it
can
 login from win2K/xp.
 2. I have wait dial tone for 5-6 seconds if I want to call from ext in A
to
 ext in B. Can you help me to solve both problems?

  
 Regards,

 Purwanto

 [GroupStudy removed an attachment of type application/octet-stream which
had
 a name of configuration.pps]
 Roter-A#sh run
 Building configuration...

 Current configuration:
 !
 version 12.0
 service timestamps debug uptime
 service timestamps log uptime
 service password-encryption
 !
 hostname PECTECH-Dumai
 !
 enable password 7 082C454D1B161618141F
 !
 !
 !
 !
 !
 ip subnet-zero
 ip host dmi 172.20.8.253
 ip host krc 172.20.4.252
 !
 !
 !
 !
 voice-port 1/0/0
  input gain 9
  connection plar 94305
  description Connectio to Handset
 !
 voice-port 1/0/1
  input gain 9
  connection plar 94306
  description Connectio to Handset
 !
 voice-port 1/1/0
  input gain 9
  connection plar 94311
  description Connectio to Handset
 !
 voice-port 1/1/1
  input gain 9
  connection plar 94415
  description Connectio to Handset
 !
 !
 dial-peer voice 1 pots
  destination-pattern 4305
  port 1/0/0
 !
 dial-peer voice 2 pots
  destination-pattern 4306
  port 1/0/1
 !
 dial-peer voice 3 pots
  destination-pattern 4311
  port 1/1/0
 !
 dial-peer voice 4 pots
  destination-pattern 4415
  port 1/1/1
 !
 dial-peer voice 5 voip
  destination-pattern 94305
  codec g728
  ip precedence 5
  no vad
  session target dns:krc
 !
 dial-peer voice 6 voip
  destination-pattern 94306
  codec g728
  ip precedence 5
  no vad
  session target dns:krc
 !
 dial-peer voice 7 voip
  destination-pattern 94311
  codec g728
  ip precedence 5
  no vad
  session target dns:krc
 !
 dial-peer voice 8 voip
  destination-pattern 94415
  codec g728
  ip precedence 5
  no vad
  session target dns:krc
 !
 !
 interface Loopback0
  ip address 192.168.0.1 255.255.255.0
  no ip directed-broadcast
 !
 interface FastEthernet0/0
  description Connection to LAN A
  ip address 172.20.8.253 255.255.255.0
  no ip directed-broadcast
  duplex auto
  speed auto
 !
 interface Serial0/0
  description Connection 128 K to B -
  mtu 300
  bandwidth 128
  ip address 172.30.10.10 255.255.255.0
  no ip directed-broadcast
  encapsulation ppp
  no ip mroute-cache
  no fair-queue
  ppp multilink
 !
 interface FastEthernet0/1
  no ip address
  no ip directed-broadcast
  shutdown
  duplex auto
  speed auto
 !
 interface Virtual-Template1
  description Koneksi ke Pangkalan Kerinci
  mtu 300
  ip unnumbered FastEthernet0/0
  no ip directed-broadcast
  fair-queue 64 256 1
  ppp multilink
  ppp multilink interleave
  ip rtp reserve 16384 100 64
 !
 router rip
  version 2
  network 172.20.0.0
  network 192.168.0.0
 !
 ip classless
 ip route 0.0.0.0 0.0.0.0 Serial0/0
 ip route 0.0.0.0 0.0.0.0 172.20.4.252
 no ip http server
 !
 !
 line con 0
  login
  transport input none
 line aux 0
 line vty 0 4
  password 7 1100170118010A18
  login
 !
 no scheduler allocate
 end

 Router-A#show voice port

 Foreign Exchange Station 1/0/0
  Type of VoicePort is FXS
  Operation State is DORMANT
  Administrative State is UP
  No Interface Down Failure
  Description is Connectio to Handset
  Noise Regeneration is enabled
  Non Linear Processing is enabled
  Music On Hold Threshold is Set to -38 dBm
  In Gain is Set to 9 dB
  Out Attenuation is Set to 0 dB
  Echo Cancellation is enabled
  Echo Cancel Coverage is set to 8 ms
  Connection Mode is plar
  Connection Number is 94305
  Initial Time Out is set to 10 s
  Interdigit Time Out is set to 10 s
  Call-Disconnect Time Out is set to 60 s
  Region Tone is set for US

  Analog Info Follows:
  Currently processing unknown
  Maintenance Mode Set to None (not in mtc mode)
  Number of signaling protocol errors are 0
  Impedance is set to 600r Ohm

  Voice card specific Info Follows:
  Signal Type is loopStart
  Ring Frequency is 25 Hz
  Hook Status is On Hook
  Ring Active Status is inactive
  Ring Ground Status is inactive
  Tip Ground Status is inactive
  Digit Duration Timing is set to 100 ms
  InterDigit Duration Timing is set to 100 ms

 Foreign Exchange Station 1/0/1
  Type of VoicePort is FXS
  Operation State is DORMANT
  Administrative State is UP
  No Interface Down Failure
  Description is Connectio to Handset
  Noise Regeneration is enabled
  Non Linear Processing is enabled
  Music On Hold Threshold is Set to -38 dBm
  In Gain is Set to 9 dB
  Out Attenuation is 

Re: Loopback Interface [7:73305]

[Robert Edmonds]

So, if I understand correctly, aside from OSPF router ID's and the like,
just use a loopback interface when you want an always up/up interface.
That's pretty simple.

John Neiberger  wrote in message
news:[EMAIL PROTECTED]
 Exactly right. Sometimes it's nice to have a virtual interface whose
status
 is not tied directly to a physical interface. We've mentioned several
 configurations where this is the case. From the routers perspective it may
 have a couple of special properties, since it's virtual, but it's still
just
 another interface, as Dave said.

  MADMAN 8/5/03 1:25:25 PM 
 I think your thinking way too hard about this;)  A loobback is
 nothing more than a logical interface as opposed to a physical
 interface.  As far as the routing process is concerned it's just another
 interface.  Don't know how to articulate it any further.

Dave

 Robert Edmonds wrote:
  You gentlemen have pointed out some good uses for loopback interfaces.
  However, my dilema still remains that I have yet to have somebody
solidly
  explain loopback interfaces in a way that my simple mind can understand.
 I
  have also been unsuccessful in finding any website that accomplish this.
  Any takers?
 
  Robert
 
  p b  wrote in message
  news:[EMAIL PROTECTED]
 
 terminate iBGP sessions on
  **Please support GroupStudy by purchasing from the GroupStudy Store:
  http://shop.groupstudy.com
  FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 


 -- 
 David Madland
 CCIE# 2016
 Sr. Network Engineer
 Qwest Communications
 612-664-3367

 Government can do something for the people only in proportion as it
 can do something to the people. -- Thomas Jefferson
 **Please support GroupStudy by purchasing from the GroupStudy Store:
 http://shop.groupstudy.com
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 **Please support GroupStudy by purchasing from the GroupStudy Store:
 http://shop.groupstudy.com
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73561t=73305
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: ip helper address [7:73533]

[Robert Perez]

/it always has to go on the router int closest to the host.

-Original Message-
From: Janik James [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, August 05, 2003 11:35 AM
To: [EMAIL PROTECTED]
Subject: ip helper address [7:73533]


Assume that you have a two routers between your host and dhcp server. This
means that you have a 4 interfaces you cna put ip helper-address on. On
which interface(s) you will put the above command.
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73541t=73533
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: Loopback Interface [7:73305]

[Robert Edmonds]

You gentlemen have pointed out some good uses for loopback interfaces.
However, my dilema still remains that I have yet to have somebody solidly
explain loopback interfaces in a way that my simple mind can understand.  I
have also been unsuccessful in finding any website that accomplish this.
Any takers?

Robert

p b  wrote in message
news:[EMAIL PROTECTED]
 terminate iBGP sessions on




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73538t=73305
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

ISDN SNMP Question [7:73250]

[Robert Perez]

Hi all,

I want to monito a cisco 2600 isdn to determine when it is up.  Is there a
MIB I can watch that changes when the ISDN comes up and then changes back to
the original value when it goes down?  Thx.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73250t=73250
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Port redirection on a PIX [7:73065]

[Robert Edmonds]

With regards to these two lines:

 static (inside,outside) tcp interface ftp 192.168.0.1 ftp netmask
 255.255.255.255 0 0
 static (inside,outside) tcp interface www 192.168.0.1 www netmask
 255.255.255.255 0 0

I believe they should read:

static (inside, outside) tcp interface OUTSIDE ftp 192.168.0.1 ftp netmask
255.255.255.255
static (inside, outside) tcp interface OUTSIDE ftp 192.168.0.1 ftp netmask
255.255.255.255

If I am wrong, I'm sure I will be severely reprimanded...I mean corrected.


NetEng  wrote in message
news:[EMAIL PROTECTED]
 I am still not able to connect to my web and ftp services. I have pasted
the
 relative info below. Am I missing something or do is my config wrong?
 :
 PIX Version 6.1(3)
 nameif ethernet0 outside security0
 nameif ethernet1 inside security100
 access-list 101 permit icmp any any unreachable
 access-list 101 permit icmp any any time-exceeded
 access-list 101 permit icmp any any echo-reply
 access-list 102 permit tcp any any eq ftp
 access-list 102 permit tcp any any eq www
 pager lines 24
 interface ethernet0 10baset
 interface ethernet1 10full
 mtu outside 1500
 mtu inside 1500
 ip address outside dhcp setroute
 ip address inside 192.168.0.100 255.255.255.0
 global (outside) 1 interface
 nat (inside) 1 0.0.0.0 0.0.0.0 0 0
 static (inside,outside) tcp interface ftp 192.168.0.1 ftp netmask
 255.255.255.255 0 0
 static (inside,outside) tcp interface www 192.168.0.1 www netmask
 255.255.255.255 0 0
 access-group 102 in interface outside

 Thanks for the help so far


 Scott  wrote in message
 news:[EMAIL PROTECTED]
  static (inside,outside) tcp interface ftp 10.1.1.3 ftp netmask
  255.255.255.255 0 0
 
  Scott
  NetEng  wrote in message
  news:[EMAIL PROTECTED]
   I'm trying to do port redirection on my PIX and here's the example
from
   Cisco. My problem is my outside interface is set for DHCP. How do I
 change
   the command to reflect a dynamic outside address?
  
   static (inside,outside) tcp 172.18.124.99 ftp 10.1.1.3 ftp netmask
   255.255.255.255 0 0




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73104t=73065
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Speaking of PIX Translation Problems... [7:72573]

[Robert Edmonds]

John,
That's not so bad.  I have been aware of that fact for quite some time, but
still continue to forget to issue a clear xlate about half the time.  So
which is worse, ignorance or stupidity?

Robert

John Neiberger  wrote in message
news:[EMAIL PROTECTED]
 I thought I'd share an embarrassing moment from yesterday in hopes that
 others will learn from my mistake.

 I have a router on the outside of a firewall that needed to be upgraded
 after the advisory yesterday. In order to reach the TFTP server I needed
to
 add a static translation in the PIX. No problem. I should also mention
that
 this server is one of our internal DNS servers.

 The file transfer doesn't take long at all and I remove the conduit and
 static translation from the PIX as soon as I'm done. As far as I'm
concerned
 this is the end of it. I was wrong.

 We later start receiving reports that certain web pages have become
 inaccessible, while others are still responding. My first thought is that
 I've hosed something with the IOS upgrade, but after checking things out I
 was satisfied that everything there was working properly. So, I check the
 firewall logs which leads me to check the xlate table. Lo and behold, the
 static translation that I'd previously added--and removed--is still there!
 [I hear knowing laughter already.]  It's in the table but somehow traffic
is
 being hosed. Our DNS server is sending queries to our external server and
 replies are coming back, but something is wrong and communications
continue
 to fail. I clear the xlate table and all is immediately fixed. This caused
a
 fair amount of irritation with me but my boss was even more irritated.

 I presumed this was a 'feature' or a bug because it was my _assumption_
that
 the removal of the static translation from the config would also clear it
 from the xlate table. Wrong! I looked up the command on CCO and there is
 this little tidbit:

 Usage Guidelines

 The clear xlate command clears the contents of the translation slots.
 (xlate means translation slot.) The show xlate command displays the
 contents of only the translation slots.

 Translation slots can persist after key changes have been made. Always use
 the clear xlate command after adding, changing, or removing the
aaa-server,
 access-list, alias, conduit, global, nat, route, or static commands in
your
 configuration.

 So, there are two morals to this story. First, don't get into the habit of
 making assumptions about commands that you think you're familiar with,
 because there may be unforeseen consequences. Second, don't get into the
 habit of making changes to critical production equipment even when you
think
 those changes are insignificant.

 Of course, I'll continue to make what I think are insignificant changes
but
 I'm going to be a lot more careful in the future.

 Let that be a lesson to you,
 John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72579t=72573
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IPSec/GRE VPN w/ ISDN Backup and EIGRP [7:72424]

[Robert Rattiner]

I have set up an IPSec/GRE VPN with EIGRP and am having problems getting the
ISDN backup to work correctly.  Has anyone been able to do this
successfully.  Thanks, Rob


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72424t=72424
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: console port problem [7:72298]

[Robert Perez]

whats the problem??

-Original Message-
From: star.7 [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 15, 2003 9:59 AM
To: [EMAIL PROTECTED]
Subject: console port problem [7:72298]


i have a problem with my console port of 2500 router as well as 1900 switch 


the speed settings are ok 


can you help me 


 


 
Get Your Private, Free E-mail from Indiatimes at
http://email.indiatimes.com
Buy The Best In BOOKS at http://www.bestsellers.indiatimes.com
Bid for Air Tickets @ Re.1 on Air Sahara Flights. Just log on to
http://airsahara.indiatimes.com and Bid Now !




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72313t=72298
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Visio Stencils [7:72054]

[Robert Edmonds]

I have the old file with the 3508 series if you need it.  Just let me know
where to e-mail it.

Robert

Elijah Savage  wrote in message
news:[EMAIL PROTECTED]
 Does anyone have visio stencils for Cisco 3500 series switches like the
 3508's and 3548's, I use to have them but had to reinstall and now that I
 have done that Cisco has seemed to remove these products from their site.
 Here is where all the other stencils are and there is a 3500 series
 stencil but it only has 3550's in the zip file.

 http://www.cisco.com/en/US/customer/products/prod_visio_icon_list.html

 Any help in locating these would be appreciated.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72106t=72054
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ping the PIX inside from an external interface [7:72052]

[Robert Perez]

You can only ping the internal int on the pix if you are sitting on the
inside.  You would also need to issue the command telnet x.x.x.x inside.

You can never cross an interface to get to another interface on a pix for
the purpose of ping or telnet.  You must always use the interface closest to
you.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, July 09, 2003 3:02 AM
To: [EMAIL PROTECTED]
Subject: ping the PIX inside from an external interface [7:72052]


Can someone help me ?! I do playing around with different configurations
trying to successful ping the internal interface -172.16.200.1 - of a PIX
from an external Router interface. 

 

ip address outside 192.168.100.2 255.255.255.248

ip address inside 172.16.200.1 255.255.255.0

 

After a lot of trails I don't think that this is possible - right ?

Many Thanks, Frank




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72056t=72052
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco catalyst 3548 and Radius [7:71991]

[Robert Perez]

Hi all,

I am configuring Radius on a cat 3548 and I do not have the global config
radius command available.  Anyone know what the commands ought to be to
create a server, key, etc.. Normally it is Radius-server key, radius-server
host..  Can't figure it out..  

I have IOS  12.0(5.2)XU




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71991t=71991
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco Routers and RSA secureid [7:71715]

[Robert Perez]

Anyone know if I Can I use RSA SecureID FOBS to authenticate access to a
Router versus using tacacs+ to do the authentication??

So basically the user tries to Telnet to a router to do config changes.  I
want their ID to be auth'd against an RSA server.


|
 ---+
| Bob Perez
| Telecom Administrator
| InterCept, Inc.
| [EMAIL PROTECTED]  |
| **Cisco CCNP, CCDP, CSPFA** |
 -+
| Phone  302.326.0700 x4242   |
| Cell   302.420.6883 |
 ---+- 
|




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71715t=71715
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCDA Study material [7:71111]

[Lopez, Robert]

Group,

To answer the question regarding Knowledgenet from thread below...I've
recently purchased a few courses from Knowledgenet - cvoice, dqos and evodd.
It's basically 6 weeks of self/web-based study with hands on lab scenarios
and sample exam questions for each class.  My first course was cvoice.  I
went through the coursework just about everyday for six weeks.  At the end
of the six weeks I sat the cvoice exam and passed - the only material used
was from knowledgenet and the cisco website - a little hand-on experience
helped as well.  I'm in the process of sitting the exam for dqos - this
upcoming Friday...

Robert


-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 24, 2003 1:33 PM
To: [EMAIL PROTECTED]
Subject: RE: CCDA Study material [7:7]


CiscoNewbie wrote:
 
 Great write up.  Thanks.
 
 So what is the current exam number?

640-861 DESGN 

 
 Is it just one exam that I have to take?

Yes, It's just one exam to get CCDA. Lots of exams to get CCDP.

 
 Do you know what the new exam number will be or is?

I think it's the same answer as the one above. It just came out but I don't
think you can still take the old one, as I implied before.

Cisco shouldn't change the exam for a while. It took them years to do the
development on this class and test. And they did a great job, from what I
can tell.

 
 
 I was looking at taking the following course, what do
 you think:
 
 http://www.knowledgenet.com/courselibrary/cisco/courses/desgn_pf.jsp
 

An advantage to taking the class is that you will get the 1,000s of pages
that Cisco wrote for the course manual.

I don't know much about Knowledgenet. It appears to not be a real,
carbon-based classroom where you go in person to the site and can easily
interract with the instructor and other people taking the class, which is a
major benefit in a design class. In fact, the exercises for DESGN are
designed to be done with a team. Can you do that with this Web-based
training?

It's possible that they do a good job with their Web-based training and
simulate the real world well. I just don't know.

Cisco recommends that DESGN be taught with a simulator that will let you do
some design tasks. They recommend OPNET. Does Knowledgenet let you use
OPNET? I would ask a few questions before shelling out a lot of money for
the Knowlegenet course. Has anyone else here on GroupStudy used them?

If you do use them, let us know how it goes. Thanks and good luck with your
CCDA.

Priscilla


 
 Thank you!
 
 
 
 --- Priscilla Oppenheimer 
 wrote:
  CiscoNewbie wrote:
   
   Hi all.  I am going up for my CCDA cert and would
  like to know
   what are the recommended books and material to
  study with?
  
  Nothing is out yet for the new version of the test,
  as far as I know. Your
  best bet would be to take the instructor-led class,
  if you can afford it.
  With a good instructor, I think DESGN could be a
  really great class. It's
  got tons of meat now, much more than before. It has
  a big focus on systems
  analysis as it is taught at universities, as a real
  discipline, not just a
  bunch of hand-waving. The class also has a huge
  scope, covering almost
  everything you ever wanted to know related to campus
  and enterprise
  networks, from business (which they call social or
  organizational) goals,
  technical goals, topologies, architectures, modular
  design, addressing
  (including IPv6), routing, voice, network
  management, and security.
  
  One focus is on the SAFE architecture, so look that
  up on Cisco's site and
  learn it. There's also some AVVID stuff
  
  Many of the course modules are partially based on my
  book Top-Down Network
  Design. Many of the modules say that Top-Down
  Network Design is recommended
  reading. Top-Down Network Design doesn't cover some
  newer topics, though,
  such as SAFE and AVVID, although it did cover voice
  in a limited fashion,
  since Cisco has been harping on that for years now.
  DESGN covers voice in
  gory detail, however. It seems to have all of the
  old CVOICE course in it.
  
  Each module in DESGN has many chapters, each of
  which is literally hundreds
  of pages long. The person turning it into a book
  (not me unfortunately) is
  going to have a heyday. :-)
  
  I haven't taken the new test, but if it really tests
  all that's in the
  course, it's going to be one of the hardest tests
  out there (and that's a
  good thing. It's about time design got some respect.
  :-)
  
  Anyway, bottom line: if you can take the older
  version of the test, then
  there's lots of study materials. If you have to take
  the newer version, then
  you should take the instructor-led DESGN class or
  wait a few months for
  study material.
  
  Priscilla
  
  

   Thanks.


   
   
   -
   Do you Yahoo!?
   SBC Yahoo! DSL - Now only $29.95 per month!
 [EMAIL PROTECTED]
 
 
 __
 Do you Yahoo!?
 SBC

RE: crypto maps and IPSEC tunnels [7:71341]

[Robert Perez]

I would do your more specific ACL entry and make sure your inverted mask is
correct such as 192.1.1.0 0.0.0.255.  Once you do that then issue the
following commands to reset the tunnel and force a renegotiation.  

Clear crypto ipsec sa
clear crypto isakmp sa

That should do it...

-Original Message-
From: ian williams [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, June 25, 2003 8:33 AM
To: [EMAIL PROTECTED]
Subject: crypto maps and IPSEC tunnels [7:71341]


Hi

I have just setup a IPSEC tunnel between to routers and tunneling a source
address of 192.168.50.1 going to a host on router B 172.x.x.x./24 Everything
works with the current configs given below. But I want to change the acl 101
on router B from using a class A mask to something like a class C mask or
even a host address. I have changed the ACL 101 and even added a deny ip any
any log to the end to see what is being dropped. The VPN tunnel doesnt come
up unless I use a class A mask like showen below. I know this is an ACL but
is being used for matching traffic, do they work differently and dont
support host address ??

Thanks

Ian



Here is the config of router A


!
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
crypto isakmp key cisco address 10.10.10.10
!
!
crypto ipsec transform-set TEST esp-3des
!
crypto map cisco 1 ipsec-isakmp
 set peer 10.10.10.10
 set transform-set TEST
 match address 101

access-list 101 permit ip 192.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
access-list 101 permit ip 192.0.0.0 0.255.255.255 172.0.0.0 0.255.255.255














Here is the config router B

crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
crypto isakmp key password address 10.10.10.20
!
!
crypto ipsec transform-set TEST esp-3des
!
crypto map cisco 1 ipsec-isakmp
 set peer 10.10.10.20
 set transform-set TEST
 match address 101

access-list 101 permit ip 172.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit ip host 10.10.10.10 host 10.10.10.20




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71352t=71341
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Benefits of BGP holding the routing tables [7:70788]

[Robert Perez]

Could anyone explain the benefit of using BGP and holding the routing tables
on your router versus having the ISP hold the tables and you just receive a
default-route?  Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70788t=70788
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Errors on Ethernet Interfaces [7:70733]

[Robert Perez]

I'm thinking duplex mismatch or bad patch cable

-Original Message-
From: Poulin, Darnell [mailto:[EMAIL PROTECTED]
Sent: Monday, June 16, 2003 11:49 AM
To: [EMAIL PROTECTED]
Subject: Errors on Ethernet Interfaces [7:70733]


Hey folks. What do you people think about all of the Interface Resets, and
Output Errors on this interface, could it be a physical problem?

5 minute output rate 6000 bits/sec, 5 packets/sec
   147723073 packets input, 527428115 bytes, 0 no buffer
   Received 8574309 broadcasts, 0 runts, 0 giants, 0 throttles
   89 input errors, 89 CRC, 72 frame, 0 overrun, 0 ignored, 0 abort
   0 input packets with dribble condition detected
   180465700 packets output, 4160119128 bytes, 0 underruns
   3266629 output errors, 1060615 collisions, 3168706 interface resets
   0 babbles, 3266619 late collision, 442865 deferred
   10 lost carrier, 0 no carrier
   0 output buffer failures, 0 output buffers swapped out

Thanks in advance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70739t=70733
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Email access over the Internet [7:70750]

[McCallum, Robert]

Folks,

I have a problem in my work where for some strange reason I cant access my
email over the internet from a hotel.  The reason for me not being able to
access email is because, oddly enough, the hotel uses NAT.  We use
checkpoint firewalls and I use securemote software.  Now I believe its
something to
do with the secure ID token that I use and when I type this in there is some
form of checksum which is checked at the server end.  This of course has
changed due to the Nat going on.

has anybody out there experience this as well and know what the simple
solution is.  I'm sure there is a simple solution and its just my company
politics which is causing me the problems.

Any help will be much appreciated.

Robert McCallum CCIE #8757
01415663448
07818002241




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70750t=70750
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: mac and IP addresses on a 1900 [7:70514]

[Robert Rattiner]

try show mac-address-table


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70522t=70514
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Catalyst 3550 [7:70449]

[Robert Edmonds]

Is that output from a 3550?  I know the command is the same on most Cisco
gear, but my 3550 doesn't show whether it's SX or LX.  It shows everything
else, though.

Robert

Scott Chau  wrote in message
news:[EMAIL PROTECTED]
 Hi Tim,

 DNWB-008-AS01#show interface gi0/1
 GigabitEthernet0/1 is up, line protocol is up
   Hardware is Gigabit Ethernet, address is 000b.5f82.2cb1 (bia
 000b.5f82.2cb1)
   Description: Connected to DHAA-005-DR01 Gi3/4
   MTU 1500 bytes, BW 100 Kbit, DLY 10 usec,
  reliability 255/255, txload 1/255, rxload 1/255
   Encapsulation ARPA, loopback not set
   Keepalive set (10 sec)
   Full-duplex mode, link type is force-up, media type is SX

 Scott

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
 Tim Champion
 Sent: Tuesday, June 10, 2003 6:31 AM
 To: [EMAIL PROTECTED]
 Subject: Catalyst 3550 [7:70449]


 Does anyone know of a command which will show the flavour of GBIC in a
 particular slot of a 3550?

 Many thanks in advance.

 Tim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70475t=70449
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Routers and HSRP [7:70285]

[Robert Perez]

Does anybody see an issue setting up HSRP to work with a 3725 and 7206 rtr
or do the routers have to be the same model?

For example,
DS-3 pipe in the 7206 
and
4 T-1's in the 3725 
T-1's for failover with BGP on all the pipes including ds-3

or would I need either two 7206's or 3725's??

thx..




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70285t=70285
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Networkers [7:70123]

[McCallum, Robert]

Anybody going to networkers in Orlando this year?  If so I'll see you there.

Robert McCallum CCIE #8757




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70123t=70123
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Please expalin the numbers in the source-bridge statement?? [7:70090]

[Robert Perez]

interface TokenRing0
 ip address 192.168.34.3 255.255.255.0
 ring-speed 4
 source-bridge 9 3 23  What do all these mean?
 source-bridge spanning




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70090t=70090
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Please explain the numbers in the source-bridge statement? [7:70092]

[Robert Perez]

interface TokenRing0
 ip address 192.168.34.3 255.255.255.0
 ring-speed 4
 source-bridge 9 3 23 _-- What do all these mean?
 source-bridge spanning




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70092t=70092
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Am I over my head guys? [7:69746]

[Robert Edmonds]

My first Network Administrator job came to me when the current Network
Administrator was fired for lying about his certs, and I was the most
experienced (relative term) person there.  At the time, I was way over my
head, but it all worked out fine since there are always resources to tap,
people to call, manuals to read and, perhaps most importantly, technical
support to call.  If you're a quick learner, as it appears, I'm sure you'll
do fine.  Oh, and in my current position, I had relatively little Cisco
experience, managing a network with 6506, 4006, 3500 series switches,
wireless, etc, much of it for the first time.  And, like some of the other
folks, I am looking for challenges all the time.  GOOD LUCK!

Robert

B Rudy  wrote in message
news:[EMAIL PROTECTED]
 Hey guys, I just got an offer to become a 2nd senior network engineer for
 this company in Orange Country.  Great News i know!!

 Dilemma:  I am a CCNP but have no local Area Nework Experience.  Going to
be
 workin with Catalyst 6500 switches.  Also i have about 2 yrs working with
 cisco equipment, however, dont feel i am ready for a senior title and
 duties.  Also working with cisco routers.

 What do you guys think i should do?

 1.  Take the job and see how it works out?  Maybe mess up their network
and
 look real dumb and unknowledgable on some troubleshooting.  risked getting
 fired?
 2.  Let the job go, and watch a great opp float away?
 3.  Keep the existing job i have working with cisco equipment and
technology?

 p.s.  This job is a senior position, so meaning senior pay. very positive
 aspect, and a great company going places. over 4000 employees.

 Your output is greatly appreciated. Really need some advice. Thanx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=69763t=69746
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Dynamic Route Graphs...... [7:69738]

[Robert Edmonds]

My question to Tom and Raj is, where can I get it?  I am not a programmer
(yet, working on that), so scripts like these that are free are always a
welcome site.  If you guys are willing to share what you have (your
livelihood doesn't depend on it) let me know.

Robert

Tom Martin  wrote in message
news:[EMAIL PROTECTED]
 Raj,

 Is the software going to be open source?  I have a large collection of
 scripts for automating configuration (during rollouts) and basic
 troubleshooting.  I've had intentions of providing a GUI front-end at
 some point, either in Java or PHP, but never seem to have the time to
 get around to it.

 Most of the advanced troubleshooting is performed by our technicians
 anyway (as opposed to directly by the customer), so not having a
 graphical interface has not been a big deal.

 Either way, since you've obviously done some work in that area it might
 be nice to merge some sources to provide additional functionality.  For
 example, I can see where it might be nice to see which switches are
 encountered between hops, especially if the next hop isn't reachable.  I
 wouldn't imagine this would be terribly difficult, since the code is
 already written.

 Just a thought.

 - Tom

 Raj Santiago wrote:
  Hi All,
 
  A friend and myself have recently completed a program, in which WE
think
  is going to be very helpful to all engineers out there. Basically its a
  network-graphing program. How does it work ?
 
  7 logs on to all known routers in your network and issues term len 0
and
  then show ip route. These outputs are then stored under the name of
the
  router.
  7 Next you specify a source ip(or name) and a destination ip (or name)
  7 Our code basically works out the starting point(s) and then builds a
 graph
  based on the routing table(stored as files) to the destination.
  7 The graph(very pretty with nice colours  ) is stored as a png file and
a
  HTML document is created to reference it.
 
  What does this mean?
  7 You can basically get a graphical representation of your network from
any
  two points
  7 All of this is dynamic because it follows your routing table
entries.
  7 Makes troubleshooting simpler
  Etc
 
  Well, we were stoked to see the end product (in which we are doing final
  testing and formulating a module). I was wondering if this would be
useful
  to you out there ? If so, just leave a comment. This will give us a
rough
  idea on how user friendly we need to package this
 
 
  Here is a sample diagram :
 
http://www.superplasmas.com.au/routeparser/10.25.159.1_10.47.200.30.png
 
  With IE, you will need to enlarge the pic to view it correctly... (just
run
  your mouse over and click on the enlarge button).
 
 
  Any feedback will be good. Please remember this program is free.
 
  Cheers
 
  Raj




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=69764t=69738
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN 3000 concentrator question [7:69676]

[Robert Edmonds]

To the first part of your question, yes, that is it basically.  If you are
using the Cisco VPN client, you will enter the group name and password under
the Authentication tab.  You can also use the VPN client that is built
into Windows, in which case you do not need the group name and password, but
you have to set up the Base Group to accetp PPTP and L2TP connections.  One
thing about your setup.  If your users in London are behind a NAT device,
you need to make sure that your VPN client is set up to do NAT Traversal
(NAT-T), sometimes referred to as IPSEC over UDP or IPSEC over NAT.
Microsoft just release a Windows update that allows the PPTP client in
Windows 2000 to do this.
The difference between users and groups is the same as in any NOS.  Users
can be members of groups, and therefore can inherit the group's properties.
This is beneficial when you have, say 50 users that all need the exact same
policies, and/or you want them to pull their IP addresses from the same
pool.  You just set up a group with the options you want, set the IP pool
for that group, then create the users and add them to the group.
Richard Campbell  wrote in message
news:[EMAIL PROTECTED]
 Hi..  I am new to this VPN 3000 concentrator.  I want to ask if I have a
VPN
 3000 concentrator device in NY.  Can I connect my VPN client in London to
 it?  What info do I need?  Just the external IP of the VPN server and VPN
 client group name + password?  Is the VPN client free for download?

 When I go to the VPN3000 web interface--configuration--User Management
I
 saw the group and users?  What is the difference?

 _
 Protect your PC - get McAfee.com VirusScan Online
 http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=69704t=69676
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Packet retransmit questiion [7:69715]

[Robert Perez]

Hi all,

I have a question on the CCIE 350-001 test.  I have heard differing opinions
on this but when traffic crosses a WAN connection and there are problems who
does the retransmit?? Host or RTR??

1.) In Frame relay there is a line hit or corrupt packet on the WAn, who
retransmits, should be the source router correct?

2.) In a point to point circuit w/HDLC there is a line hit or corrupt packet
who retransmits, should be the source router correct??

3.) In a bridged environment with a WAN a T-1 takes a line hit or corrupt
packet who retrnasmits, should be the source host correct??




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=69715t=69715
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Layer 3 and 2 question. [7:69576]

[Robert Edmonds]

I'm not sure I understand the question correctly, but I do know that it is
never a good idea to duplicate IP addresses on your network.  This can only
lead to trouble.  My advice would be, don't do it.

Nuurul Basar  wrote in message
news:[EMAIL PROTECTED]
 I am planning to configured both my core and distributions as L3 device,
and
 let the access switch to distribution using L2.
 I was advice that by doing this on my network two identical ip address on
 same subnet/vlan but in a different access switch can exist.
 And a packet that is attend to a host in the different switch might end up
 in the else where.  Is this real?.

 Sorry, but I have never think off this before.

 Thanks

 Nuurul Basar Mohd Baki
 Network Engineer
 DDSe




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=69591t=69576
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Leased line/1721 problem [7:69573]

[Robert Edmonds]

I had almost the exact same problem with a T1 line.  In order to convince
the telco, I replaced the WIC cards at both ends and then called them and
told them I didn't care what it took, but they better fix the line.  They
then came out and performed an on-site test again, and lo and behold, there
was a bad pair.  Where did that come from?  Anyway, sometimes you have to do
all the work yourself to get the telco to do theirs.  No offense to telco
guys, but we all know that none of our equipment (both the network and the
telco guys) is ever bad ;-)

James Gosnold  wrote in message
news:[EMAIL PROTECTED]
 Dear all,

 I have something of a problem I hoped someone might offer some advice on.

 We have a 1721 router at each end of a 128k leased line. The line went
down
 this morning, red alarm light on the CSU, router showed as Serial
Interface
 Up, Line protocol down. Ok fair enough, reported the fault, telco claimed
to
 repair the fault.

 Alarm light on CSU is no longer red but 'show interface serial0' still
shows
 Interface Up, Line protocol down. I've power-cycled the routers with no
joy.
 Engineers from the telco have actually come on site and performed an end
to
 end test and are telling me it's fine.

 Looking at the advice offered here by Cisco:

http://www.cisco.com/en/US/products/hw/routers/ps221/products_configuration_guide_chapter09186a008007cd3d.html#xtocid8
they tell me that the problem could be: The local or remote router, a
problem with the leased line or a problem with the CSU/DSU. Great thanks,
that's helpful!!

 Can anybody offer any suggestions on what might have gone wrong? It seems
 strange to me that a pair of routers that worked perfectly fine for 8
months
 have developed a fault at exactly the same time as the leased line did?
How
 can I prove to the telco that it is their problem?

 The config of these routers is really simple by the way, 1 x Ethernet
 Interface, 1 x Serial (WIC) interface, static route, encapsulation ppp, no
 chap/pap, that's about it!

 Thanks, James.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=69586t=69573
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Debug display to VTY [7:66762]

[Robert Perez]

Do a show log  and see if logging is disabled
You might need to do a logging on

-Original Message-
From: James Gosnold [mailto:[EMAIL PROTECTED] 
Sent: Thursday, April 03, 2003 12:38 PM
To: [EMAIL PROTECTED]
Subject: Debug display to VTY [7:66762]

Um, probably a silly one for you all.

I have a 1721 router at either end of a leased line. I telnet into the
router and:

Router#debug serial int
Serial network interface debugging is on
Router#terminal monitor

And nothing. Shouldn't I get some debug messages here, keep alives and such
between the CSU and my router? It's a live connection and the line works, as
far as I knew this was all I needed to enter to view debug output from a
telnet session? In fact I don't appear to be getting debug output for
anything so I'm missing something silly here but I thought 'terminal
monitor' was sufficient?

Regards, James.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66771t=66762
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Debug display to VTY [7:66762]

[Robert Perez]

It looks good to me,
All that is necessary is the following:

Logging on 
Logging monitor debug
Term mon (Each time you telnet in)
Debug 
Traffic to your telnet session should now be generated.

-Original Message-
From: James Gosnold [mailto:[EMAIL PROTECTED] 
Sent: Thursday, April 03, 2003 1:47 PM
To: [EMAIL PROTECTED]
Subject: RE: Debug display to VTY [7:66762]

Hi Robert,

This is what I have.

Router#show log
Syslog logging: enabled (0 messages dropped, 0 messages rate-l
Console logging: level debugging, 413770 messages logged
Monitor logging: level debugging, 285 messages logged
Logging to: vty6(0)
Buffer logging: disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
Trap logging: level informational, 36 message lines logged




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66779t=66762
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: regulations [7:66267]

[Robert Edmonds]

I can't help too much with the banks, but I used to run the network for
hospital and supported several doctor's offices that used our network.  The
main thing you need to worry about there is that you meet the requirements
outlined in the HIPAA (Health Insurance Portability and Accountability Act
of 1996) regulations.  I hope you're up for some dry reading.  However, this
has been going on for quite a while, so they will be well aware of at least
the general ramifications.

www.wedi.org/snip

That should get you started.  It has plenty of information and links to
other sites.


Stull, Cory  wrote in message
news:[EMAIL PROTECTED]
 Where could I go to find information on network security regulations for
 banks and medical offices?.  Information on firewalls and rules they have
to
 abide by and that sort of thing?

 Thanks

 God Bless our troops.

 Cory Stull
 CCNP,CCDP,MCSE4/2k
 Communications Concepts Unlimited
 262-814-7214




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66275t=66267
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Redistribution question [7:66071]

[Robert Edmonds]

Thanks a lot Daniel.  That was exactly the type of solution I was looking
for.

Robert

Daniel Cotts  wrote in message
news:[EMAIL PROTECTED]
 Try
 passive-interface default
 no passive-interface s0 (or whatever)
 Works for EIGRP. Not sure about RIP.


  -Original Message-
  From: Robert Edmonds [mailto:[EMAIL PROTECTED]
  Sent: Monday, March 24, 2003 9:51 AM
  To: [EMAIL PROTECTED]
  Subject: Redistribution question [7:66071]
 
 
  I have a network with approximately 20 VLANs, running EIGRP
  as my routing
  protocol.  One of my VLANs, VLAN12, runs RIP for connectivity
  to another
  organization.  The others do not need to receive RIP updates.  So, the
  solution I came up with is to make the other 19 VLANs passive
  interfaces so
  that RIP updates are not sent out interfaces that do not have any RIP
  routers.  I also have 3 VLANs where I only need a static
  route, so I have
  added those as passive interfaces for EIGRP too.  My question
  is:  is this
  the most efficient way to do it?
  I imagine that in a very large network, adding every single
  interface as a
  passive interface would get old rather quickly.  Any suggestions?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66207t=66071
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IGRP Metric calculation [7:66062]

[Robert Edmonds]

Try the following Cisco link on IGRP metrics:

http://www.cisco.com/en/US/tech/tk826/tk365/technologies_tech_note09186a0080
09405c.shtml


Tim Champion  wrote in message
news:[EMAIL PROTECTED]
 When calculating the metric of an IGRP route (with non-default 'K' values)
 which load and reliability values does one use? Do you use the highest,
 lowest or average value for the entire route?

 Also if anyone could point me to a document on the above it would be
 appreciated.


 Many thanks in advance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66067t=66062
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Redistribution question [7:66071]

[Robert Edmonds]

I have a network with approximately 20 VLANs, running EIGRP as my routing
protocol.  One of my VLANs, VLAN12, runs RIP for connectivity to another
organization.  The others do not need to receive RIP updates.  So, the
solution I came up with is to make the other 19 VLANs passive interfaces so
that RIP updates are not sent out interfaces that do not have any RIP
routers.  I also have 3 VLANs where I only need a static route, so I have
added those as passive interfaces for EIGRP too.  My question is:  is this
the most efficient way to do it?
I imagine that in a very large network, adding every single interface as a
passive interface would get old rather quickly.  Any suggestions?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66071t=66071
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Confused over NAT [7:65926]

[Robert Perez]

You would need to have routing out on the internet that says how to get back
to those addresses or what would do is get rid of the nat pool and nat using
the Serial interface address.

-Original Message-
From: James Gosnold [mailto:[EMAIL PROTECTED] 
Sent: Friday, March 21, 2003 9:55 AM
To: [EMAIL PROTECTED]
Subject: Confused over NAT [7:65926]


Dear all,

Just having a slight problem getting my head around NAT regarding the
example configurations in the study guides I have.

access-list 1 permit 10.0.0.1 0.0.0.255 (defines list of addresses)

ip nat pool mynatpool 222.2.2.1 222.2.2.254 netmask 255.255.255.0 (defines
pool of inside global addresses NAT can replace the SA with)
ip nat inside source list 1 pool mynatpool (applies the addresses laid out
in the access-list as inside addresses and tells router to replace SA from
mynatpool)

int eth0
ip address 10.0.0.1 255.255.255.0
ip nat inside (tells NAT that this is where inside addresses come from)

int ser0
ip address 133.4.4.1 255.255.255.0
ip nat outside

So here is my confusion: 

If the Ser0 interface is the WAN address (133.4.4.1) and it replaces the
inside local address with a SA from mynatpool (222.2.2.1 - 222.2.2.254) then
how will the packet get back to the WAN interface? I thought that NAT would
replace the inside local address with the address of the WAN interface, not
a group of different public ip addresses? How will the packet get back if
the SA is from the range 222.2.2.1 - 254 and yet the IP address of the WAN
interface is clearly not from this range?

Confused from London

Regards, James.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65931t=65926
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Difference on L3 switching of Cat4500 and Cat6500? [7:65832]

[Robert Edmonds]

Actually, Multiprotocol Label Switch is MPLS.  MLS is MultiLayer Switching.
This refers to a switch that can do not noly what Kiran said about L3
switching, but can make forwarding decisions based on higher level
protocols, such as tcp, udp, etc.


Kirankumar Patel  wrote in message
news:[EMAIL PROTECTED]
 Dear

 L3 switching is nothing but switch acting as a router.

 MLS -- Multiprotocol Label Switch -- Can enables routers to make
forwarding
 decisions based on short labels, thereby avoiding the complex
 packet-by-packet look-ups used in conventional routing.

 With MLS, can run faster then ATM switch.

 Regards,

 Kiran


 From: Neil Arlante
 Reply-To: Neil Arlante
 To: [EMAIL PROTECTED]
 Subject: Difference on L3 switching of Cat4500 and Cat6500? [7:65802]
 Date: Thu, 20 Mar 2003 02:56:26 GMT
 
 Hi group,
 
 What is the difference between L3 switching capabilities of 4500 and
6500?
 Catalyst 4500 docs mentioned it support L3 switching, but not MLS. What
is
 the
 main difference between L3 switching of 4500 and MLS of 6500?
 
 TIA
 _
 Cricket World Cup 2003 http://server1.msn.co.in/msnspecials/worldcup03/
 News, Views and Match Reports.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65832t=65832
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX Questions [7:65806]

[Robert Perez]

Newer versions of the PIX OS have more routing protocol support such as
OSPF. Vs. 6.3

-Original Message-
From: Ben W [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 20, 2003 2:16 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX Questions [7:65806]


The PIX is not a router, however it does have a routing table and can
participate in a limited fashion in certain routing protocols, like RIP.

To answer your 2nd question, there is no functional difference between the
IOS and PIX doing nat/pat.  Its just a difference in configuration really.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65874t=65806
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco Instructor - CCNA Class [7:65742]

[Robert Raver]

Hey,

I have been given the duty to teach a CCNA class.  Have any of you done this
before?  I was wondering what did and didn't work for you?  What tips you
might have.  What the best way of approaching this would be.  We will be
using
the Cisco Press book for the class and each student will have three routers
and a switch.

Thanks,
Robert Raver




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65742t=65742
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Open http: traffic on firewall... [7:65755]

[Robert Edmonds]

First, you need to define your inside and outside interfaces for NAT.
Usually, the interface where your webserver is connected will be defined as
inside and all others are outside.  This would look something like this,
assuming your web server is on interface ethernet 0:

interface ethernet 0
 ip address 2.2.2.1 255.255.255.240
 ip nat inside
interface serial 0 (or interface serial 0.1 for frame relay subinterface,
depending on your setup)
 ip nat outside

Next, you'll need to define a static translation between your web server and
your outside IP addresses assigned by your ISP.  I will use 10.0.0.1 to
represent your web server address and 2.2.2.2 for your ISP assigned address.

ip nat inside source static 10.0.0.1 2.2.2.2

Or, if you want to get fancy and do PAT:

ip nat inside source static tcp 10.0.0.1 80 2.2.2.2 80 extendable

Next, tell your router to send all traffic destined for 2.2.2.2 (the outside
address of your web server) to the proper interface.

ip route 2.2.2.2 255.255.255.255 ethernet 0

Your setup may demand something a little different, but in general I think
this should get you started.

Robert


SMAN  wrote in message
news:[EMAIL PROTECTED]
 I have a cisco 2611 router/firewall that I need to open up for http:
 traffic.  I need to configure NAT to point to the static IP on the web
 server.  How do I do this?  What are the specifics?

 Thanks

 Ken




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65763t=65755
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Linux recommendations [7:65671]

[Robert Edmonds]

I know this is the Cisco forum, but I know many of you folks use Linux on
your networks, so I am asking for your recommendations.

I have a Cisco network with a PIX firewall in place.  I would like, if
possible, to put a Linux server on the network to act as a proxy
server/internet monitoring computer.  My goal is to dump the log files into
something like MS Access and be able to run reports off of it based on
user/computer name.  I would prefer free, but inexpensive is good too.  Does
anyone do anything like this on their network?  If so, I am open to
suggestions.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65671t=65671
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Finding device on network via cisco switch [7:65670]

[Robert Edmonds]

Start at your core and work your way out.  For example, if you have a core
switch connected to other switches at the distribution or accesss layers via
trunks, do a show mac-address-table (or show cam dynamic for CatOS switches)
and see which trunk port it is coming from.  Then go to the next switch and
do the same thing.  Eventually you will get to the switch to which it is
directly connected and get the actual port.
Of course, if you are using VLANs or otherwise subnetting your network, you
can narrow down your search quite a bit by only searching switches that
carry that VLAN.

David Ristau  wrote in message
news:[EMAIL PROTECTED]
 given an IP address and a MAC address, how can I use my cisco switch to
 identify which port an unknown device is attached to ?

 can I view the switching table cache entries ?

 I've got an IP device on the network and nobody seems to know where it is.
 heh!

 given a catalyst 3500XL running ios v 12.0

 thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65679t=65670
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE [7:65426]

[Robert Raver]

That is the laugh I needed on this Friday.

Thanks,
Robert Raver


- Original Message -
From: Juan Blanco 
To: 
Sent: Friday, March 14, 2003 6:34 AM
Subject: CCIE [7:65426]


 Team,
 I got this from a friend but I not sure if you have seen this or not but
 only someone pursuing the CCIE would laugh at it!!
 In the course of my day-to-day work, people ask me what is a CCIE? I
thought
 about this for some time. I wrote some notes. And this is what I came up
 with:
 I am a dynamic figure, often seen scaling 8 foot computer racks and
charming
 magnetic security cardswipes. I have been known to remodel SME networks on
 my lunch breaks, making them more efficient in the area of capital
 deployment, reliability and performance. I translate technobabble for
 Management, I write award-winning technical presentations and deliver them
 better than an American president announcing tax cuts.
 I can recite complete chapters of the Cisco Documentation CD, backwards
and,
 with little effort and at the same time, perform decimal to binary
 conversion for very large numbers.
 I woo women with my sensuous and godlike MIDI playing on a notebook. I can
 pilot computer trolleys up severe inclines with unflagging speed, and I
can
 rack Cisco gear faster than Arnold Schwarznegger can bench press. I am an
 expert in network diagramming tools, a veteran in web surfing, and know
the
 Cisco Web Site better than I know my own family.
 Just to keep it interesting, I occasionally tread water for three days
while
 programming Cisco practice labs. I manage time efficiently and can
complete
 a timesheet every week. In addition, I know the part number for every
Cisco
 router cable.
 Using only a Chinese AC power cord and a large glass of water, I once
 single-handedly rebuilt the network core of major co-location facility
after
 the roof fell in. I used to play games, but now it's serious. I am the
 subject of numerous urban myths and I am the creator of a few as well.
When
 I'm bored, I test fiber optic cable, calculate power loss sums on UTP and
 the minimum refraction index for 50 micron multimode fiber. I mean, what
IS
 the point of it ?
 I understand that DLSW and Source Route Translational Bridging actually
has
 a reason for existence. It's not just IBM playing a practical joke.
Really.
 I enjoy urban guerilla activities. I can build a 802.11b parabolic dish
 antennae using surplus antennae from defunct satellite companies and a
juice
 can. It has better performance than off the shelf products. I think that
 having a wind generator and solar array as power backup for my practice
lab
 is not only responsible preparation, it's environmentally friendly too. On
 Wednesdays, after work, I repair old monitors free of charge for my local
 charity.
 I know that canonical to non-canonical conversion is not about religion,
 it's about ART.
 Microsoft geeks worldwide swoon over my original line of corduroy evening
 wear, which I don't understand -- it was supposed to be funny. I don't
 perspire. I am a private citizen, yet I receive fan mail. I have been
caller
 number ten and have won the cash jackpot.
 I can speak IPX NLSP, AppleTalk, ATM PVC, QoS, and BGP to name a few, and
 redistribute routes at will, with filtering, using non contiguous masks. I
 install IPV6 on customer sites whenever I can, just so I can play with it.
 Same for OSPF NSSA. Children trust me.
 I can hurl squishy giveaway tradeshow toys at sales personnel with
stunning
 accuracy, and ensure that the dweeb from administration gets the blame. I
 have charisma beyond normal mortals; if I didn't the boss would have sent
 the other guy to this exam.
 I once read Cisco Quality of Service, Caslow Bridges and Routers 2nd Ed,
and
 Jeff Doyles' Routing TCP/IP Vol2 in one day, and still had time to do
 practice on a Frame Relay multipoint network, using OSPF and IGRP, split
 horizon, route maps and ISDN. I know the exact location of every food item
 in the supermarket and I use a link state protocol to calculate the
shortest
 path to get there.
 I have performed several covert operations with the CIA. It was kind of
fun
 having them follow me around. I know that security and privacy is a
 phantasm-like myth created by security companies to extract money from
IT
 Managers who can't implement a decent security policy. But it's great fun
to
 play with.
 I sleep once a week; when I do sleep, I sleep in a chair. I know exactly
how
 much coffee my body will take to sustain me at peak function. While on
 vacation, I successfully negotiated with the hotel to fix their network in
 return for free accommodation. The laws of society do not apply to me.
 I balance, I weave, I dodge, I frolic, and my bills are all paid. On
 weekends, to let off steam, I participate in full-contact tech stock day
 trading. Years ago I discovered the meaning of life but forgot to write it
 down.
 I can originate default routes, conditionally, after redistributing from a
 classful distance vector protocol. I

RE: OT - CDP: Is it treated as a 'vulnerability' in your world? [7:65297]

[Lopez, Robert]

In a Cisco IP voice environment, cdp must be enabled to communicate
aux-vlan, power and 
QoS issues.  I don't think that there is any workaround with this, is there?

Robert

-Original Message-
From: Ian Henderson [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 13, 2003 5:40 AM
To: [EMAIL PROTECTED]
Subject: Re: OT - CDP: Is it treated as a 'vulnerability' in your world?
[7:65285]


On Thu, 13 Mar 2003, John Neiberger wrote:

 I can't think of any valid reason to turn off CDP within your network.  On
 the edges--any connections to other networks, including the internet--I'd
 turn it off.  But inside?  Why turn it off?  If someone already has access
 to your router in able to see the CDP information you've got much bigger
 problems than CDP!

We actually used it as an auditing tool with a bit of perl hackery.

The program created an array of CDP neighbours for each router, and then
used that to create a network map database. This was used for generating
real-time network maps (if something goes away, it leaves the map) and
auditing to see if something was on the network that shouldn't be.

Rgds,



- I.

--
Ian Henderson CCNA, CCNP
Senior Network Engineer, Chime Communications
LEGAL NOTICE
Unless expressly stated otherwise, this message is confidential and may be
privileged. It is intended for the addressee(s) only. Access to this E-mail
by anyone else is unauthorized. If you are not an addressee, any disclosure
or copying of the contents of this E-mail or any action taken (or not taken)
in reliance on it is unauthorized and may be unlawful. If you are not an
addressee, please inform the sender immediately.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65297t=65297
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Problem with Cicso VPN Client 3.6.3.B-k9 connectin [7:65152]

[Robert Raver]

John,

What version did you roll back to?  Was the stateful firewall Always on
checked?  Do you have an firewall, system utilities software on this
machine?

Thanks,
Robert Raver
Cisco Systems Inc.
[EMAIL PROTECTED]
(801) 736-3939 Ext. 55664
Hrs. 6-2:30 MST


- Original Message -
From: John Brandis 
To: 
Sent: Tuesday, March 11, 2003 3:48 PM
Subject: RE: Problem with Cicso VPN Client 3.6.3.B-k9 connectin [7:65107]


 I rolled back the client...

 -Original Message-
 From: Brian [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, 12 March 2003 3:56 AM
 To: [EMAIL PROTECTED]
 Subject: RE: Problem with Cicso VPN Client 3.6.3.B-k9 connectin [7:65038]


 David,

 I encountered a similar problem.. The VPN client I was using had an
 intrinsic firewall that was blocking all traffic apart from that belonging
 to the VPN (even when it wasn't 'live').

 To check this, right click on the VPN client icon within your system
 tray. can you see a 'Stateful Firewall' or 'Firewall' option ???

 If so, uncheck this option and try to ping your machine - it should be as
 expected now.

 If not then you have a different problem elsewhere 


 Hope this helps,

 Brian



 d tran wrote:
 
  Hi,
 
  I have Cisco VPN client version 3.6.3.B-k-9 (latest version) running
  windows XP
 
  Service Pack 1.  The IP address of this window machine is
  172.16.1.200.
 
  I set up extended authentication on the Pix firewall for remote Cisco
  VPN users
 
  and everything is working great.  The outside interface of the
  firewall is 172.16.1.1
 
  with a netmask of 24
 
  The problem is that whenever the windows is rebooted, no one on the
  172.16.1.0/24
 
  network can ping this Windows XP machine.  I do have a unix machine on
  the
 
  same network (172.16.1.100).  Basically the windows XP machine can not
  do
 
  anything because it has no network connectivity.  Even the firewall
  can not ping
 
  the Windows XP machine.  The only way for this to work is for me to
  uninstall
 
  Cisco VPN Client and reboot the Windows XP box.  After the reboot,
  windows is
 
  working again.  Now under Windows XP Task Manager, I do see a process
 
  CVPND.exe running that I don't recall with previous versions of
  Cisco VPN Client.
 
  Anyone has run into this problem before?
 
  Regards,
 
  David
 
 
 
  -
  Do you Yahoo!?
  Yahoo! Web Hosting - establish your business online
 **

 visit http://www.solution6.com

 UK Customers - http://www.solution6.co.uk

 **

 The Solution 6 Head Office and NSW Branch has moved premises.
 Please make sure you have updated your records with our new details.

 Level 14, 383 Kent Street, Sydney NSW 2000.

 General Phone: 61 2 9278 0666

 General Fax: 61 2 9278 0555

 **

 This email message (and attachments) may contain information that is
 confidential to Solution 6. If you are not the intended recipient you
cannot
 use, distribute or copy the message or attachments.  In such a case,
please
 notify the sender by return email immediately and erase all copies of the
 message and attachments.  Opinions, conclusions and other information in
 this message and attachments that do not relate to the official business
of
 Solution 6 are neither given nor endorsed by it.

 *




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65152t=65152
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: to the moderator [7:65037]

[Robert Edmonds]

Well, I would like to take this opportunity to thank Paul then.  I have
learned a lot just reading the interesting posts here.  In fact, I keep a
document of any particularly good tips for future reference.  I would also
like to thank a couple of the most active folks here, like Larry and
Priscilla for sharing their obvious experience.  This free site helps make
my (and I'm quite sure, other folks') job a lot easier.

Robert

John Neiberger  wrote in message
news:[EMAIL PROTECTED]
 just wondering who is the moderator here?
 yesterday i could send messages ok, now, i can't, can u tell what you
 changed? and if so the reasons that made you do so?

 Paul, the list owner and operator, was working on a problem with the
 GroupStudy email system most of yesterday.  It appears that it has been
 fixed.

 To answer your first question, there are actually several participants
 that act as moderators but we don't have any control over the actual
 operation of the system.  Paul is the owner/operator and is also who we
 should thank for GroupStudy even being in existence.  I mention that
 because he doesn't get nearly the credit he deserves for the amount of
 work he puts into a FREE site.  :-)

 Regards,
 John
 One of several possible moderators




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65121t=65037
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Bandwidth calculations [7:65008]

[Robert Perez]

Anyone know how the conversion techniques for converting bits, bytes,
kilobits, etc, to calculate bandwidth usages?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65008t=65008
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: default router for 2950 switch [7:64489]

[Robert Edmonds]

I believe the command you are looking for is ip default-gateway .
Since the 2950 is an IOS based switch, the set commands don't apply here.


J. Johnson  wrote in message
news:[EMAIL PROTECTED]
 All,

 Is there a way to set a default router for a 2950 switch?  Apparently
other
 2900 switches have the set ip route default GATEWAYADDR command (see

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2900/cgcr29k/index.ht
m
 - thanks, Priscilla) but not, as far as I can tell, on the 2950 (see

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12112cea/2950cr)
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX firewall port redirection [7:64533]

[Robert Perez]

Can the following be done??

Inside int:  10.1.1.0
outside int: 172.16.1.0

static (inside, outside) 10.1.1.0 10.1.1.0 netmask 255.255.255.155
static (inside, outside) tcp 10.1.1.1 telnet 207.208.203.21 telnet netmask
255.255.255.255

Since these are overlapping, will it work?  Thx
 
***
| Bob Perez   |
| Intercept Payment Solutions |
| [EMAIL PROTECTED]  |
| 100 West Commons BLVD   |
| New Castle, DE  19720   |




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64533t=64533
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Silly EIGRP question [7:64259]

[Robert Edmonds]

If show ip eigrp doesn't give
you what you're looking for, I think you're going to have to break down and
use debug.  If I'm wrong, I'm sure someone will correct me.


Michael Williams  wrote in message
news:[EMAIL PROTECTED]
 I know this question sounds silly, but I can't for the life of me figure
out
 how to do this:

 Short of debugging, how can I tell the last EIGRP update that was received
 on a router, from what neighbor that update came, and for what network(s)
it
 updated?

 I know I can 'sh ip prot' and see when the last update was, but this isn't
 what I'm looking for.

 TIA,
 Mike W.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64271t=64259
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NAT on Cisco Catalyst 3550 [7:64239]

[Robert Edmonds]

I checked the Network Address Translation Catalyst Switch Support Matrix on
Cisco's website and confirmed that the 3550 does not support NAT.

Michael Williams  wrote in message
news:[EMAIL PROTECTED]
 I don't believe the 3550 supports NAT.  There was a recent discussion
about
 this on the IE mailing list, and the conclusion was that the 3550 doesn't
 support NAT.

 There are some debug commands relating to NAT, but it seems to be part of
 the clustering.

 Mike W.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64272t=64239
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN client conflict [7:63951]

[Robert Edmonds]

I'm not sure what the actual cause or fix is, but I had the same problem.  I
ended up uninstalling the ATT client to get it to work.

supernet  wrote in message
news:[EMAIL PROTECTED]
 I have ATT VPN client on my laptop. It stopped working after I
 installed Cisco VPN client. Is there any conflict between them? Is there
 a work around? Thanks. Yoshi.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63989t=63951
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ACS Database [7:64007]

[Robert Perez]

Hi All,

With Cisco Secure ACS and the PIX Firewall if I use the PIX to auth VPN
client connections with the shared password and then use the TACACS+ Server
to ask for credentials will that info be passed to and from the client in
clear text format over the internet? PAP??  I have not configured the ACS to
use rRadius or anything just plain TACACS.  Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64007t=64007
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Eigrp neighbor loss [7:63925]

[McManus, Robert BGI SDC]

I was hoping someone could help out with a problem I am seeing.  I just
enabled logging of eigrp neighbor changes for the first time and noticed
that there are constant neighbor changes going on over our WAN/LAN.  First
guess was the hello timers but since it is on the LAN this is not the issue.
Some vlan interfaces have been up for weeks while others seem to go up and
down every few seconds but both are going over the same ATM link between
sites. Has anyone seen this behavior before?  Code is 12.1(14).  

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63925t=63925
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: L3 Switching Huh???? [7:63728]

[Robert Edmonds]

Layer 3 switching combines the best of switching and routing in one
platform.  The main advantage here is speed.  The way it works is, in a
switch you have some kind of layer 3 routing engine (aka route processor, or
RP).  For example, the MSFC2 (Multilayer Switch Feature Card 2) is one of
the options available for the Cisco 6500 (and a couple of others, I think)
switches.  When the switch receives a packet bound for a different VLAN, it
sends it to the RP.  The RP makes the routing decision and puts an entry in
the route cache for the switch.  The first packet in a flow is routed and
the rest are switched at wire speed, hence the increase in speed.  That's
kind of a simplified view, but I think it gets the general idea across.  So,
layer 3 switching is both routing and switching, but faster (usually,
anyway).

DeVoe, Charles (PKI)  wrote in message
news:[EMAIL PROTECTED]
 I am under the impression that switching is a layer 2 function and that
 routing is a layer 3 function.  I have seen several discussions talking
 about layer 3 switching.  Could someone explain this to me?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63738t=63728
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: new access list problem [7:63715]

[Robert Edmonds]

Couldn't you just use the wildcard mask 0.0.4.255 to deny 192.17.73.0 -
192.17.77.0?  I used the Boson wildcard mask calculator to check this, and
it gave me those networks.

Andrew Larkins  wrote in message
news:[EMAIL PROTECTED]
 the first access-list will not work.
 The second one will also deny networks 192.17.72.0 and 78.0 as well as
79.0
 -
 You are correct about zeros must make at 1's are don't care, but you need
to
 understand the basic of subnetting. A 248.0 subnet mask means 8 Class C
 subnets. You have to start at a valid network address which in this case
is
 192.17.72.0

 Router(config)#access-list 11 deny 192.17.73.0 0.0.7.255
 Router#sho access-list 11
 Standard IP access list 11
 deny   192.17.72.0, wildcard bits 0.0.7.255


 Notice that it fixes your mistake for you.

 Regards

 Andrew
 CCNP, CCDP, CSS1

 -Original Message-
 From: Jason Steig [mailto:[EMAIL PROTECTED]
 Sent: 25 February 2003 16:26
 To: [EMAIL PROTECTED]
 Subject: new access list problem [7:63715]


 Hello i networks 192.17.73.0 - 192.17.77.0

 is there anyway to deny these networks with one entry in an access list?


 such as deny 192.17.73.0 0.0.248.255?

 is this going to deny these networks?  it's also going to black hole
several
 other networks though.  Or does the list have to be

 deny 192.17.73.0 0.0.7.255 ?

 i thought zeros must match and ones we don't care.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63742t=63715
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: new access list problem [7:63715]

[Robert Edmonds]

I replied earlier, but it didn't seem to come through.  Anyway, you should
use the wildcard mask 0.0.4.255.  That will match the addresses
192.17.73.0 - 192.172.77.255, which I think is what you want.  In case you
don't already have it, download Boson's free wildcard mask calculator at the
following link.

http://www.boson.com/promo/utilities/wildcard/wildcard.htm

Hope that helps.

Robert

Jason Steig  wrote in message
news:[EMAIL PROTECTED]
 Hello i networks 192.17.73.0 - 192.17.77.0

 is there anyway to deny these networks with one entry in an access list?


 such as deny 192.17.73.0 0.0.248.255?

 is this going to deny these networks?  it's also going to black hole
several
 other networks though.  Or does the list have to be

 deny 192.17.73.0 0.0.7.255 ?

 i thought zeros must match and ones we don't care.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63758t=63715
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: cisco 2950 and trunk negotiation [7:63466]

[Robert Edmonds]

The reason that the 2950's do not support ISL trunking is that Cisco is
gradually moving towards supporting the major standards more and proprietary
standards less.  As part of this plan they are beginning to make switches
that only support dot1q trunking.  At least that's what a TAC engineer told
me.  However, this brought up the question, What about EIGRP?  He assured
me that some of the proprietary stuff like EIGRP, where there is a real
tangible benefit to using it, will stay.

Robert

John Brandis  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi,

 Any one else noticed that on the 2950, and I guessing other catalyst low
end
 switch's, that one cant define the encapsulation of the trunk link. Yes it
 will auto negotiate, however I feel that control has been pulled away from
 me. I also dont like on the 4006, that you can only define this same
setting
 (if you have a GBIC Module) for the first 2 GBIC ports. The rest of the
 ports default to dot1q. Thankfully I use this, but I am betting that there
 are the odd people out there who may use ISL...

 Can some one tell me, is possible, how to define what type of trunk I wish
 to use on the 2950 using IOS 12.1(11)

 Thanks all

 John
 (please correct where I am wrong)


 **

 visit http://www.solution6.com

 UK Customers - http://www.solution6.co.uk

 **

 The Solution 6 Head Office and NSW Branch has moved premises.
 Please make sure you have updated your records with our new details.

 Level 14, 383 Kent Street, Sydney NSW 2000.

 General Phone: 61 2 9278 0666

 General Fax: 61 2 9278 0555

 **

 This email message (and attachments) may contain information that is
 confidential to Solution 6. If you are not the intended recipient you
cannot
 use, distribute or copy the message or attachments.  In such a case,
please
 notify the sender by return email immediately and erase all copies of the
 message and attachments.  Opinions, conclusions and other information in
 this message and attachments that do not relate to the official business
of
 Solution 6 are neither given nor endorsed by it.

 *




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63509t=63466
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VLAN routing [7:63412]

[Robert Edmonds]

By default a trunk port will carry all VLANs, which it will need to do in
the setup you have illustrated.  If you prune the other VLANs at the second
switch, the users in VLANs 3 and 4 on the third switch will be cut off.

Happy World  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Dear All,

 I am new newbie in VLAN routing and don't have enough equipments to test
 myself. If I have the following setup. The tagged port 1 need include vlan
 1,2,3,4 or simply include vlan 1,2 to make all 4 VLANs routable? Similiar
in
 tagged port2, include 1,2,3,4 or 3,4 only?


 Layer3 switch
  /\
 /  \
 tagged port1  tagged port2
/\
   /  \
   Layer2 switchLayer2 switch
   /\ /   \
vlan1 vlan2 vlan3vlan4

 Thanks in advance.

 rgds,
 Happy World




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63422t=63412
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: layer 3 switch [7:63407]

[Robert Edmonds]

Just set the 3550 as a VTP client in your current domain and it will just be
a layer 2 device.  Or order it with the SMI software load rather than the
EMI.

 wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hello All:

 Question - By default, out of the box, will a L3 switch simply act as a L2
 switch?

 I am planning to purchase a Cisco 3550-12G, along with other fiber gigabit
 ready L2 switches for a LAN upgrade. The current LAN is one huge flat
 network with a mixture of hubs and switches. I plan to install the 3550
and
 use it simply as a device to connect the different areas. I do not want
the
 3550 to act as a L3 switch to start. Is it possible to install this switch
 and have it act as a L2 device. I would then later start segmenting and
 enabling the L3 functions of the 3550.

 Any other suggested implementation methods?

 This goes along well with my current CCNP switching exam studies, nothing
 like a little OJT.

 Thanks,
 Tim






 Note: This e-mail contains PRIVILEGED and CONFIDENTIAL information
intended
 only for the use of the specific individual or entity named above. If you
or
 your employer is not the intended recipient of this e-mail or an employee
or
 agent responsible for delivering it to the intended recipient, you are
 hereby notified that any unauthorized dissemination or copying of this
 e-mail is strictly prohibited. If you have received this transmission in
 error, please immediately delete the message and advise the above by
 telephone, email or fax response to this message.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63420t=63407
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN Client help!! [7:63333]

[Robert Edmonds]

Don't quote me, but I do believe the access list is necessary as it actually
tells the router which traffic to encrypt.  PERMIT =ENCRYPT and DENY=DON'T
ENCRYPT.

I think the following Cisco link may help answer your question best.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secu
r_c/scprt4/scdipsec.htm#37434

Antero Vasconcelos  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi,
 I have a router connected to internet and remote clients with VPN-Client
 1.1. They need to browse the networkview some hosts and access to some
 network services.

 the service don't work until I configure the access-list in the interface

 interface Serial0.80 point-to-point
  description  Ligacao para VPNs sobre internet ***
  bandwidth 192
  ip address xxx.xxx.xxx.210 255.255.255.252
  ip access-group 180 in
  no ip route-cache
  no ip mroute-cache
  no cdp enable
  frame-relay interface-dlci 80
   class net-112k
  crypto map mymap

 access-list 180 permit ahp any host xxx.xxx.xxx.210
 access-list 180 permit esp any host xxx.xxx.xxx.210
 access-list 180 permit udp any host xxx.xxx.xxx.210 eq isakmp
 access-list 180 permit tcp any host 192.168.0.2 eq 137
 access-list 180 permit tcp any host 192.168.0.2 eq 138
 access-list 180 permit tcp any host 192.168.0.2 eq 139
 access-list 180 permit udp any host 192.168.0.2 eq netbios-ss
 access-list 180 permit udp any host 192.168.0.2 eq netbios-dgm
 access-list 180 permit udp any host 192.168.0.2 eq netbios-ns
 access-list 180 permit tcp any host 192.168.0.4 eq 137
 access-list 180 permit tcp any host 192.168.0.4 eq 138
 access-list 180 permit tcp any host 192.168.0.4 eq 139
 access-list 180 permit udp any host 192.168.0.4 eq netbios-ss
 access-list 180 permit udp any host 192.168.0.4 eq netbios-dgm
 access-list 180 permit udp any host 192.168.0.4 eq netbios-ns
 access-list 180 deny   ip any any log

 Isthis necessary, or i miss something



 Thx in advance.
 Antero Vasconcelos




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63353t=6
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Can this nat be done on a pix?? [7:63281]

[Robert Perez]

Please help, I went with PIX instead of CP and I cannot
find a way to do this now!!!

Setup

PIX 515E-ur
-
|   PIX inside PIX intf2|
| 192.168.25.0/24  10.178.25.25/16  |

  |  |
  | |
  | Inside get nat when  |
  | going to intf2   |
  Network Network

I want the following NAT setup to happen:

If src inside=any, dst intf2=10.178.10.10 then xlate src=10.178.70.20
If src inside=any, dst intf2=10.178.10.11 then xlate src=10.178.80.30
If src inside=any, dst intf2=10.178.10.12 then xlate src=10.178.90.40
otherwise
if src inside=any, dst intf2=any  then no Xlate


I do not want to use statics because there are alot of different boxes
and there is no router in this setup that can perform the nat




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63281t=63281
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Layer 3 switching [7:63304]

[Robert Edmonds]

I'm fairly certain the answer to your first question is no, the switch will
not be intelligent enough to switch it to the appropriate port
automatically.  The reason is that the switch must go through a layer 3
device to get from one VLAN (aka IP subnet) to another.  I don't think this
is a real issue since the rest of the traffic is switched at wire speed,
introducing very little (almost no) latency.  There are however switches on
the market, even by Cisco that will do this.  Any layer 3 switch will do.
For example, the Cisco 2948G-L3 switch.  Check out their website under
Products and Technologies for more information.


Han Chuan Alex Ang  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 hi, I am trying to have a clearer picture of the layer 3 switching

 concept.

 Assuming that I have a Core Catalyst 6 series switch with layer 3

 switching capabilities, I have a Access layer switch connected to the

 core with two port label Vlan 1 subnet 1 and Vlan 2 subnet 2,

 when frames is sent from from Vlan 1 to Vlan 2 on the same Access

 switch, my understanding is that for layer 3 switching , it will

 evoke a route one and switch the rest concept , my question is that,

 after the first route , if no Access list has been created, will the

 the Access switch be smart enough to perform internal

 switching, that is , frame direct from Vlan 1 to Vlan 2 internally

 within the Access switch. If the answer is no, Are there switches on

 the market that is routing by this concept, please advice ,

 thanks to all the guys who have tried to entertain all my questions




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63312t=63304
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX enable SYN Floodguard by default on outer int? [7:63314]

[Robert Edmonds]

Check the following link and see if it has the answer to your question:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration
_guide_chapter09186a008008d313.html


Richard Campbell  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi..  Group,

 May I know whether the SYN Floodguard is enabled on PIX outside interface
or
 I have to manually enable by the following command

 PIX(config)#nat (outside) 1 0.0.0.0 0.0.0.0 8000 8000

 Is the command correct? assuming my nat_id is 1.

 Thanks a lot







 _
 Add photos to your messages with MSN 8. Get 2 months FREE*.
 http://join.msn.com/?page=features/featuredemail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63314t=63314
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN Dialer Watch on 4500 [7:62423]

[Robert Perez]

And you have a dynamic routing protocol watching the routes and it is able
to see when the one you specify disappears?

Could you post your config?

-Original Message-
From: Nelson Herron [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, February 04, 2003 12:55 AM
To: [EMAIL PROTECTED]
Subject: ISDN Dialer Watch on 4500 [7:62423]


Are there any special tricks to getting a dialer watch to work on a 4500
NP-4B?  I have tried the configurations from the web site and from Solie's
book on a 4500 w/4B connecting to a 4000M/4B via a Teltone Demonstrator.  I
cannot get the ISDN to show any dialer event activity when I unplug the
serial cable.  Packet debug shows the dialer conditions appropriately
(primary, secondary down) but no attempt appears to be made to dial out. 
I'm using IOS 12's.  I've tried clearing the int bri's, shut/no shut the bri
on each end, turning off the demonstrator, reloading the router.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62439t=62423
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Nat question [7:62379]

[Robert Perez]

Hi all,
I have the following config and want to know if there will be a problem
since two route-maps point to the same pool?  If I get a successful FTP
connection and then try the HTTP connection the router drops the packet.
Can a pool only be used by one nat statement?


ip nat pool to-home 208.248.24.37 208.248.24.37 prefix-length 24

ip nat inside source route-map map1 pool to-home overload
ip nat inside source route-map map2 pool to-home overload

access-list 108 permit tcp 192.168.0.0 0.0.255.255 host 68.46.102.299 eq ftp
access-list 125 permit tcp 192.168.0.0 0.0.255.255 host 68.46.102.299 eq www

route-map map1 permit 10
match ip address 108
!
route-map map2 permit 10
match ip address 125

 
***
| Bob Perez   |
| Intercept Payment Solutions |
| [EMAIL PROTECTED]  |
| 100 West Commons BLVD   |
| New Castle, DE  19720   |
| Phone: 302.326.0700 |
| Cell:  302.420.6883 |
| www.intercept.net   |
| |
--
| |
||   ||
|   :|: :|:   |
|  :|||:   :|||:  |
|  ..:|||:...:|||:..  |
| ___ |
|  C i s c o  S y s t e m s   |
|   CCNA  CCNP  MCSE   NET+   |
| |
***
 
Confidentiality Notice: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62379t=62379
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

In a pix or router, can you nat the Source IP based on dest [7:62277]

[Robert Perez]

***
| Bob Perez   |
| Intercept Payment Solutions |
| [EMAIL PROTECTED]  |
| 100 West Commons BLVD   |
| New Castle, DE  19720   |
| Phone: 302.326.0700 |
| Cell:  302.420.6883 |
| www.intercept.net   |
| |
--
| |
||   ||
|   :|: :|:   |
|  :|||:   :|||:  |
|  ..:|||:...:|||:..  |
| ___ |
|  C i s c o  S y s t e m s   |
|   CCNA  CCNP  MCSE   NET+   |
| |
***
 
Confidentiality Notice: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62277t=62277
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: debug commands [7:62107]

[Robert Perez]

logging on
logging buffered informational

Access-list 101 permit ip 10.10.10.1 0.0.0.0 any log
access-list 101 permit ip any any

Apply that ACL to an interface in the direction traffic will be flowing and
when that host traverses the Router you can do a show log and it should have
created an entry.

-Original Message-
From: Sam Sneed [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, January 29, 2003 11:49 AM
To: [EMAIL PROTECTED]
Subject: debug commands [7:62107]


If I want to see all IP traffic from host 10.10.10.1 on a cisco router, what
would the debug command look like? I looked at the help menu and I think its
debug ip packet but then the options are:
Access list
Access list (expanded range)
  

Do I have to create an access-list for the hosts I want to monitor? I'm used
to using tcpdump and snoop so the debug commands are awkward for me. Its a
production router so I know I can crash it if I'm not careful with this.

Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62118t=62107
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IOS version question [7:62108]

[Robert Perez]

Look here.

http://www.cisco.com/warp/public/620/roadmap.shtml

-Original Message-
From: Raj [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, January 29, 2003 11:49 AM
To: [EMAIL PROTECTED]
Subject: IOS version question [7:62108]


on the 1700 routers,
Which is the latest version of these two:
12.2.13 OR 12.2(4)YA2

thank you




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62119t=62108
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Need help with PIX natting [7:62044]

[Robert Perez]

I am using 3 interfaces,  Inside 100 and Eth2(Vendor1) 90 and eth3(Vendor2)
80

I want all traffic leaving the inside going to ethernet 2 to not have nat.
So I have setup statics as follows:

access-list vendor1-outbound permit tcp host 204.26.258.32 host
254.254.254.254 eq ftp
access-list vendor1-outbound deny ip host 204.26.258.32 any
access-list vendor1-outbound permit ip any any

access-list vendor2-outbound permit ip any any
 
ip address outside 127.0.0.1 255.255.255.255
ip address inside 172.31.1.10 255.255.0.0
ip address vendor1 172.30.254.10 255.255.255.0
ip address vendor2 67.128.7.129 255.255.255.192
ip address intf4 127.0.0.1 255.255.255.255
ip address intf5 127.0.0.1 255.255.255.255

static (inside,vendor1) 172.16.5.0 172.16.5.0 netmask 255.255.255.0 0 0
static (inside,vendor1) 172.16.4.0 172.16.4.0 netmask 255.255.255.0 0 0
static (inside,vendor1) 172.31.0.0 172.31.0.0 netmask 255.255.0.0 0 0
static (inside,vendor1) 254.254.254.254 254.254.254.254 netmask
255.255.255.255

access-group vendor1-outbound in interface vendor1
access-group vendor2-outbound in interface vendor2

Now this all works beautifully but I want to change it so that when 172.16.5
goes to 
204.26.258.32 it gets natted to 254.254.254.254 otherwise it stays the same
going 
anywhere else.

PLEASE HELP


***
| Bob Perez   |
| Intercept Payment Solutions |
| [EMAIL PROTECTED]  |
| 100 West Commons BLVD   |
| New Castle, DE  19720   |
| Phone: 302.326.0700 |
| Cell:  302.420.6883 |
| www.intercept.net   |
| |
--
| |
||   ||
|   :|: :|:   |
|  :|||:   :|||:  |
|  ..:|||:...:|||:..  |
| ___ |
|  C i s c o  S y s t e m s   |
|   CCNA  CCNP  MCSE   NET+   |
| |
***
 
Confidentiality Notice: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62044t=62044
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

trunking 10/100 access ports for avaya ip phone [7:62045]

[Lopez, Robert]

Anyone have any insight on the pro's or con's regarding applying trunks to
all 10/100 access ports on a 6509.  Presently, I have a cisco voIP
environment - using a data vlan and an auxiliary vlan for voice traffic. 

I've been asked to make an avaya phone work in this environment.  Input from
Avaya had me make the access port a trunk, make the data vlan the default
vlan and apply the aux vlan to the port as well.  It does work - my question
is in regards to performance and/or design best practices.  TIA

Robert


LEGAL NOTICE
Unless expressly stated otherwise, this message is confidential and may be
privileged. It is intended for the addressee(s) only. Access to this E-mail
by anyone else is unauthorized. If you are not an addressee, any disclosure
or copying of the contents of this E-mail or any action taken (or not taken)
in reliance on it is unauthorized and may be unlawful. If you are not an
addressee, please inform the sender immediately.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62045t=62045
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX to Router -Urgent [7:61450]

[Robert Perez]

All depends if you setup natting within the Linux box.  If not the IP will
stay the same and never change.

-Original Message-
From: Guruprasad Sanjeevi [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, January 22, 2003 10:30 AM
To: [EMAIL PROTECTED]
Subject: RE: PIX to Router -Urgent [7:61450]


A basic question to group and u. 
My internal network is 192.168.50.x my valid segment is 210.4.51.x network
on which my internet router lies. To access these 2 networks I have linux
machine with 2 NIC's one for 50.x and another for 210.x which is enabled as
a router  firewall. When I try to ping from my inside network i.e 1.x to my
210 network will the source ip address change? OR what would be the ip
address of any packet coming out of the linux box?

Sorry if this a very basic question .Need explanation

Expecting a reply

Thanks
Guruprasad

I don't have access to the book u mentioned. Still waiting for an
example




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61587t=61450
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco VPN Client 4.0 -- BETA [7:61589]

[Robert Raver]

Hey,

For all those interested the 4.0 VPN Client(BETA) will be in March/April.
This VAN Client is totally rebuilt and has some very nice new features.
Thought I would just let everyone know.

Thanks,
Robert Raver




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61589t=61589
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco VPN Client 4.0 -- BETA [7:61589]

[Robert Raver]

Charles,

Some of the new features will include:
-New SHIM Interface(This is the biggest)
-This will let it run with other VPN Clients on the machine
-This will let it work with DNS/WINS allot better.
-With the new SHIM interface it will support products such as NetMeeting
-It will support AES
-New authorization features(such as integration with RSA SoftID.)

Thanks,
Robert Raver



- Original Message -
From: Charles Riley 
To: 
Sent: Wednesday, January 22, 2003 12:04 PM
Subject: Re: Cisco VPN Client 4.0 -- BETA [7:61589]


 Robert,

 What new features does it have,and what problems will it solve?

 TIA,

 Charles

 Robert Raver  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Hey,
 
  For all those interested the 4.0 VPN Client(BETA) will be in
March/April.
  This VAN Client is totally rebuilt and has some very nice new features.
  Thought I would just let everyone know.
 
  Thanks,
  Robert Raver




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61611t=61589
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: vlan on a 3548 catalyst [7:61398]

[Robert Perez]

Thanks all but it does not support the interface range command so I had to
do it thru the gui!

-Original Message-
From: Larry Letterman [mailto:[EMAIL PROTECTED]] 
Sent: Monday, January 20, 2003 5:45 PM
To: [EMAIL PROTECTED]
Subject: Re: vlan on a 3548 catalyst [7:61398]


Its not available on this version of software on the 3548 I
use for my lab...
the version is listed below

Cisco Internetwork Operating System Software
IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5.2)XU,
MAINTENANCE INTERIM SOFTWARE

Larry Letterman
Network Engineer
Cisco Systems


- Original Message -
From: MADMAN 
To: 
Sent: Monday, January 20, 2003 1:31 PM
Subject: Re: vlan on a 3548 catalyst [7:61398]


 I don't have a 3548 to look at but does it supoort the
interface
 range command?  if so yes you do have the one swoop
capability.

Dave

 Robert Perez wrote:
  Bob Perez  wrote in message news:...
 
 Can I assign multiple ports to a vlan in one swoop
rather than each
 one individually?
 
 IOS on a 3548XL
 --
 David Madland
 CCIE# 2016
 Sr. Network Engineer
 Qwest Communications
 612-664-3367

 You don't make the poor richer by making the rich
poorer. --Winston
 Churchill
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61455t=61398
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Connecting WIC-1DSU? [7:61487]

[Robert Perez]

yes you can do it.
It uses pins 1,2 4,5.
So you make a crossover cable with each pair
1  2
2  1

4  5
5  4

-Original Message-
From: Mike Mihalas [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, January 21, 2003 2:32 PM
To: [EMAIL PROTECTED]
Subject: Connecting WIC-1DSU? [7:61487]


Is it possible to connect a WIC-1DSU-T1 to another WIC-1DSU-T1 to simulate a
circuit? I have two 2600's that I would like to connect to do some testing
with. If it is possible, do I need a special cable?

Thanks in advance,

Mike




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61502t=61487
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

vlan on a 3548 catalyst [7:61398]

[Robert Perez]

Bob Perez  wrote in message news:...
 Can I assign multiple ports to a vlan in one swoop rather than each 
 one individually?
 
 IOS on a 3548XL




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61398t=61398
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: cisco 2600 rtr [7:61399]

[Robert Perez]

Bob Perez  wrote in message news:...
 I have a 2620 rtr and would like to debug the traffic of a particular 
 ip but the only way I know to do it is byu the following: debug ip 
 packet 101 where 101 is an acl that says ermit ip any any.
 
 Is there a better way to do this so that it only logs that particular 
 ip top the screen rather than all the traffic?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61399t=61399
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BGP load balancing questions [7:61095]

[Robert Fowler]

Hello groupstudy,
 
I've been banging my head against the wall and figured I would defer this
question to those of you more learned and experienced. Here is the the
scenario:
 
2 routers running BGP
Router 1 has a connection to ISP 1 and router 2 has a connection to ISP 2 
Each receives full routes.
Each provider has given us a class C address
Only the class C from provider 1 is actively used, because provider 2 will
probably be dropped eventually(ssshhh don't tell ARIN)
 
 
The class C is advertised to both ISPs, however ISP 1 aggregates this
address space so instead of being 1.1.1.x /24 it's 1.1.x.x /16 
This was checked using various looking glasses.
 
What that means is that traffic to my Class C will arrive primarily via ISP
2 because it will see the /24 I advertise though it. That is bad, for
various reasons. Mainly because we are charged by usage from ISP2, but also
because we are going to upgrade ISP1 to a fractional t3 and use ISP 2
primarily as a backup eventually. Also the traffic coming in is 90% via ISP
2 and 10% via ISP 1. 
 
If I remember from my studying so long ago, even prepending my AS number to
ISP 2 will not work, becuase it doesn't even make it to that criteria, but
rather see the /24 and chooses that route.

I searched some newsgroups, but amazingly enough nobody seemed to have this
issue. I saw someone who had a larger block than /24 and some suggestions
there but that would not work in this case.
 

Options not available:
Using the Class C from Carrier 2 to load balance using IP space and traffic
types
Getting a class C independant of a provider from ARIN. (That costs money :))
 
 
Robert




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61095t=61095
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]