Re: Breaking out of telnet [7:63530]
CTRL-SHIFT-6 Rodgers Moore SamN wrote in message news:[EMAIL PROTECTED] From a router, I tried telnetting to another router but entered the wrong ip address so it got stuck at: Trying 192.168.5.55 ... How do i break out without waiting for those 15-20 seconds it keeps trying? thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63531t=63530 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Stupid question
Yes, two or more interfaces can share the same subnet, but bridging is involved. You just can't assign ip networks willy nilly to interfaces. :) What you're looking for is called IRB Bridging. An example follows. The ip address on the BVI interface is available through both ethernet interfaces. interface ethernet0 no ip address bridge-group 1 interface ethernet1 no ip address bridge-group 1 interface BVI 1 ip address 192.168.1.1 255.255.255.0 bridge irb bridge 1 protocol ieee no bridge 1 bridge ip bridge 1 route ip Rodgers Moore "Rick" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... !doctype html public "-//w3c//dtd html 4.0 transitional//en" html Dear all, pI have a stupid question, want to clarify. bris it I cannot make two or more interfaces share the same subnet in the Router? pThanks pBest Regards, brrick/html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Aironet 340
Do you have the omni-directional antenna, or directional? The directional is polarized and shouldn't interfere or be interfered with other RF sources. The first time I used directionals, they wouldn't get a strong signal, that is until we had both in the same orientation. I had them 90 degrees out of phase, anyway they work rather well. Rodgers Moore [EMAIL PROTECTED] wrote in message 52D26B7F4FB6D411A34800E018025FA303758D@MAIL-SK1">news:52D26B7F4FB6D411A34800E018025FA303758D@MAIL-SK1... Dennis, I've worked with the Aironet 340 wireless bridge, and my experience hasn't been a joyous one. The wireless bridge is usually used to connect buildings using an 11mbps spread spectrum radio connection. For around four months, the airbridge worked nearly flawlessly except for some excessive broadcast traffic. (my fault - didn't bother to segment into broadcast domains)Around a month ago, we started to experience tremendous amounts of interference, which would bring the airbridge down for hours at a time. For two weeks I moved the antenna, modified the configuration on the airbridge to a lower speed, and ultimately called Cisco to try to solve, what appeared to be a complete enigma. Turns out it wasn't a hardware issue or a configuration issue. A voicestream cellular tower on one of our buildings was causing the interference. Our airbridge was apparently interfering with their cell tower, and as a result, their high power testing of the tower caused interference on our airbridge. While you're using the roaming aironet 340, I thought you could still use the info. BTW, we use a 3com wireless inside our buildings for laptops and it works pretty well. Matthew -Original Message- From: Adekola, Dennis D [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 27, 2001 8:55 AM To: cisco Subject: Cisco Aironet 340 Hi Guys, I just heard that we shall be dealing in Cisco Aironet 340 roaming Has anyone had experience with this ? I have had a look on the cisco website and i can see it has something to do with wireless laptops/PC's just wondered if anyone out there could give me a brief summary of the whole idea Thanks Dennis MCSE,CCNA,CCNP -- -- - 21st century air travel http://www.britishairways.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2500 Flash ?
Show flash shows one or two partitions? You may need to issue the partition command in config mode to make the router see the flash as one 8 Mb partition. You'll only be able to reload the IOS from rommon the first time. Rodgers Moore "John Chang" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a 2504 and I put in a 8MB flash but when it starts up it says it's a 4MB flash. Is there something I need to do so that it sees it correctly? Thank you. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CISCO 1600 Windows NT, chap or ms-chap
I don't think you'll get ms-chap to work, as NT adds the domain onto the front of the user id and the Cisco router has no way of handling this as far as I know. It looks like "domain name\user-id". The only way (I know of) to handle it is to hand off authentication from the router to an NT based RADIUS or TACACS server that supports NT domain authentication. The domain name will be case sensitive, so make sure it's all upper case, everywhere. Rodgers Moore "Piatnitchi Cristian" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all I am trying to setup an Cisco 1600 dial-up into a remote WinNT 4 RAS server. No results , mainly because the NT server tryes to get authenticate in the router too (I don't know how to set a secret password on the NT box, the debugging shows me just that it tryes to use its own host name for challenge ). The debugging shows me that it tries to use ms-chap. The pap authentication work with dial-up and a remote CISCO router but not with an NT box I enabled "any authentication including clear text" on the NT but no results. It continuues to try ms-chap. Did anybody try this combination (dila-out from a C1600 into a NT box using ms-pap or chap )? Could you tell me how to stop the NT to try beeing authenticate into the Cisco router ? See below the debugging 44550: 2d04h: Se0 PPP: Treating connection as a callout 44551: 2d04h: Se0 PPP: Phase is ESTABLISHING, Active Open 44552: 2d04h: Se0 LCP: O CONFREQ [Closed] id 176 len 25 44553: 2d04h: Se0 LCP:ACCM 0x000A (0x0206000A) 44554: 2d04h: Se0 LCP:AuthProto MS-CHAP (0x0305C22380) 44555: 2d04h: Se0 LCP:MagicNumber 0x1BD1406C (0x05061BD1406C) 44556: 2d04h: Se0 LCP:PFC (0x0702) 44557: 2d04h: Se0 LCP:ACFC (0x0802) 44558: 2d04h: Se0 PPP: I pkt type 0xC021, datagramsize 29 44559: 2d04h: Se0 PPP: I pkt type 0xC021, datagramsize 29 44560: 2d04h: Se0 LCP: I CONFREQ [REQsent] id 0 len 25 44561: 2d04h: Se0 LCP:ACCM 0x (0x0206) 44562: 2d04h: Se0 LCP:AuthProto MS-CHAP (0x0305C22380) 44563: 2d04h: Se0 PPP: I pkt type 0xC021, datagramsize 29 44564: 2d04h: Se0 PPP: I pkt type 0xC021, datagramsize 29 44565: 2d04h: Se0 LCP:MagicNumber 0x2839 (0x05062839) 44566: 2d04h: Se0 LCP:PFC (0x0702) 44567: 2d04h: Se0 LCP:ACFC (0x0802) 44568: 2d04h: Se0 LCP: O CONFACK [REQsent] id 0 len 25 44569: 2d04h: Se0 LCP:ACCM 0x (0x0206) 44570: 2d04h: Se0 LCP:AuthProto MS-CHAP (0x0305C22380) 44571: 2d04h: Se0 LCP:MagicNumber 0x2839 (0x05062839) 44572: 2d04h: Se0 LCP:PFC (0x0702) 44573: 2d04h: Se0 LCP:ACFC (0x0802) 44574: 2d04h: Se0 LCP: I CONFACK [ACKsent] id 176 len 25 44578: 2d04h: Se0 LCP:PFC (0x0702) 44579: 2d04h: Se0 LCP:ACFC (0x0802) 44580: 2d04h: Se0 LCP: State is Open 44581: 2d04h: Se0 PPP: Phase is AUTHENTICATING, by both 44584: 2d04h: Se0 CHAP: O CHALLENGE id 139 len 21 from "ciscouser" 44585: 2d04h: Se0 PPP: I pkt type 0xC223, datagramsize 28 44586: 2d04h: Se0 PPP: I pkt type 0xC223, datagramsize 28 44587: 2d04h: Se0 CHAP: I CHALLENGE id 84 len 26 from "NTbox " 44588: 2d04h: Se0 CHAP: Using alternate hostname rras 44589: 2d04h: Se0 CHAP: O RESPONSE id 84 len 58 from "ciscouser" 44590: 2d04h: Se0 PPP: I pkt type 0xC223, datagramsize 16 44591: 2d04h: Se0 PPP: I pkt type 0xC223, datagramsize 16 44592: 2d04h: Se0 CHAP: I FAILURE id 84 len 14 msg is "E=691 R=1 " 44593: 2d04h: Se0 PPP: I pkt type 0xC223, datagramsize 16 44594: 2d04h: Se0 PPP: I pkt type 0xC223, datagramsize 16 44595: 2d04h: Se0 CHAP: I FAILURE id 84 len 14 msg is "E=691 R=1 " 44596: 2d04h: Se0 PPP: I pkt type 0xC223, datagramsize 16 44597: 2d04h: Se0 PPP: I pkt type 0xC223, datagramsize 16 44598: 2d04h: Se0 CHAP: I FAILURE id 84 len 14 msg is "E=691 R=1 " 44599: 2d04h: Se0 PPP: I pkt type 0xC223, datagramsize 16 44600: 2d04h: Se0 PPP: I pkt type 0xC223, datagramsize 16 44601: 2d04h: Se0 CHAP: I FAILURE id 84 len 14 msg is "E=691 R=1 " 44602: 2d04h: Se0 CHAP: Using alternate hostname rras 44603: 2d04h: Se0 CHAP: Using alternate hostname rras 44604: 2d04h: Se0 CHAP: O CHALLENGE id 140 len 21 from "rras" 44605: 2d04h: Se0 PPP: I pkt type 0xC223, datagramsize 16 44606: 2d04h: Se0 PPP: I pkt type 0xC223, datagramsize 16 44607: 2d04h: Se0 CHAP: I FAILURE id 84 len 14 msg is "E=691 R=1 " 44608: 2d04h: Se0 PPP: I pkt type 0xC223, datagramsize 16 44609: 2d04h: Se0 PPP: I pkt type 0xC223, datagramsize 16 44610: 2d04h: Se0 CHAP: I FAILURE id 84 len 14 msg is "E=691 R=1 " 44611: 2d04h: Se0 PPP: I pkt type 0xC223, datagramsize 16 Thanks for help Cristian Piatnitchi _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [
Re: Question on Cisco Voice Capabilities
Yes, search for "mode ccs" on CCO. I've done this with PRI's (T1) between two Nortel PBX's over a frame relay WAN using 3810-V3's. It's the same for your senario. Oh, I used VOFR because of its lower overhead. If you can't find an example, let me know and I'll find one up for you. Rodgers Moore ""Mitesh Khatri"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi! Does anyone know if it is possible to allow No. 7 signaling on a NEC PABX to be transferred transperantly over a WAN consisting of Cisco Voice/Data routers such as MC3810s, Cisco 2610s and Cisco 3640s to a remote NEC PABX. All the Cisco routers have a Digital Voice E1 module connecting to the NEC Pabx. The Cisco routers compress the voice to 8 k and are using VoIP between the sites. If anyone has done such a thing with Cisco routers and NEC PABX or with any other PABX , your advise will be appreciated. Thanks, Mitesh _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: bgp questions
Yuck, really bad question. No frame of reference, no nothin. What is a activate route anyway? Active route? I think the key to answering this question is the question: when would BGP not report an active route? When BGP and the IGP are not in sync, then an active route would not be reported. I say "D" is the most likely suspect, although I would change BGP to EBGP. Rodgers Moore ""Howard C. Berkowitz"" [EMAIL PROTECTED] wrote in message news:p05001900b6aff192dfe7@[63.216.127.98]... I would choose D , correct me if I am wrong --- David Tran [EMAIL PROTECTED] wrote: I have this question on my cisco prep exam fill-in-the-blank. Please = help. A BGP router reports all activate routes based from BGP __. This is = the default policy action for BGP routers. A. to all BGP peers B. to all IBGP peers C. to all EBGP peers D. and the IGP's configured on the router to all BGP peers I select choice a. Is it correct? David Tran [EMAIL PROTECTED] It's a poorly written question. If I was forced to pick, but I don't understand the first sentence. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE lab swap
Hi all, I have a March 18th lab date in San Jose and I'd like to swap for a San Jose date in April or May. email me directly if you're interested. Rodgers Moore _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: alternative to Cisco routers
Am I the only one who finds this funny? I mean, isn't John Chambers Cisco's CEO? Sorry for the OTM, Rodgers Moore "John Chambers" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Anyone who have experience with Juniper routers would like to comment on its performance (M20 and 40 series) in comparison to Cisco GSR 12000s. My company is in the process of evaluating Juniper products because we are not very happy with Cisco performance. Our router crashes almost every week which is unacceptable and Cisco didn't provide much help other than giving us buggy IOS code. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sub-interfaces and Secondary interfaces
I have a tidbit to add. Multicast is not supported on secondary networks. So you can't support protocols that use multicast on the secondary network such as WCCP or H323. Or at least you'll have to configure unicast connectivity for things like OSPF or EIGRP. Rodgers Moore ""Nabil Fares"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Greetings all, Which way do you guys recommend using in Ethernet environment if I have multiple subnets? Are there any advantages/disadvantages for using one over the other?. Thanks, Nabil _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE RS Going to be Replaced..!!
Witches or not, think about this. Cisco is end of lifing the 2500 series this year. So it is reasonable to expect that all of the routers in the lab will be 2600, 3600, and maybe 7200 series sometime this year. Now if you were to add in VIC's,WIC's and VWIC's the lab could get real interesting Remember that just because the route floats doesn't mean it's made of wood. If it weighs the same as a goose, then it's made of wood and of course, then it is a witch. Rodgers Moore "Danial wood" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... dear group I have heard a news abt the format of the CCIE RS exam is going to be changed in the next two months or so.Is that right? Danial __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Bridging IPX
All versions of IOS will bridge. If routing for a protocol is turned on, or applied to an interface, then that protocol will not be bridged. To turn on bridging do the following: router (config)# bridge 1 protocol ieee -- this selects the spanning tree protocol, dec and ibm are the other options router (config)# int e0-- select the interface router (if-config)# bridge-group 1 -- turns on bridging. do this on every interface you want to bridge in/out Rodgers Moore "Fomes Iain" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can anyone tell me whether or not ,if you are bridging IPX, whether this can take place with straight IP IOS or if it is not capable of handling this. I wish to turn off bridging which is enabled by default on all routers for IPX and turn on IP bridging but I am concerned i will flood my router if i do not have the opportunity to IPX bridging off which will require me to enter a command that will only be accepted by IP plus IOS version . Anyone's comments will be invaluable. regards Iain Fomes London Systems 44 20 7397 9347 [EMAIL PROTECTED] * DISCLAIMER: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2509 start-up message!! Still not working....
I just wanted to add a comment about the "translating" statement. I've seen this many times working with my lab equipment. When a router is behind another router acting as a terminal server you will sometimes get this message when reverse telnetted into the router. It's normal and caused by the router's prompt being echoed by the term server back to the CLI on the router you're connected to. The "no ip domain-lookup" command should be on the router behind the terminal server, this won't get rid of the "translating" line/error/whatever but it will cause the prompt to return quickly. When domain lookup is ON, I've seen it take up to two minutes before the prompt comes back. So just be patient. Rodgers Moore ""Ash Aslam"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi there, I have tried the recommendations made and it still doesn't work. As mentioned previously I get the following error at start-up: %SYS-4-CONFIG_NEWER: Configurations from version 12.0 may not be correctly under stood. I have tried the "write mem" and "reload" commands after upgrading the image, but no joy!! The registry key is set to 0x2102 which is ok. What is the remedy for the above warning message? Another problem is that the router tries to resolve the actual hostname after the boot/POST check: ===THE FOLLOWING IS AN OUTPUT DUMP OF WHEN I TURN THE 2509 ROUTER ON= System Bootstrap, Version 11.0(10c)XB2, PLATFORM SPECIFIC RELEASE SOFTWARE (fc1) Copyright (c) 1986-1998 by cisco Systems 2500 processor with 14336 Kbytes of main memory %SYS-4-CONFIG_NEWER: Configurations from version 12.1 may not be correctly under stood. F3: 15801604+290776+1074848 at 0x360 Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JOS56I-L), Version 12.1(5), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2000 by cisco Systems, Inc. Compiled Wed 25-Oct-00 01:49 by cmong Image text-base: 0x0307CABC, data-base: 0x1000 cisco 2509 (68030) processor (revision L) with 14336K/2048K bytes of memory. Processor board ID 02783771, with hardware revision Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 1 Ethernet/IEEE 802.3 interface(s) 2 Serial network interface(s) 8 terminal line(s) 32K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read ONLY) 00:00:08: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up 00:00:08: %LINK-3-UPDOWN: Interface Serial0, changed state to down 00:00:08: %LINK-3-UPDOWN: Interface Serial1, changed state to down 00:01:36: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed sta te to down 00:01:42: %LINK-5-CHANGED: Interface Serial1, changed state to administratively down 00:01:42: %SYS-5-CONFIG_I: Configured from memory by console 00:01:43: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down 00:01:45: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed state to down 00:01:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed sta te to up 00:02:26: %SYS-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JOS56I-L), Version 12.1(5), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2000 by cisco Systems, Inc. Compiled Wed 25-Oct-00 01:49 by cmong Translating "RouterC_TermServ" ==END OF ROUTER OUTPUT DUMP= As you can see on the very last line the IOS is trying to resolve the actual hostname "RouterC_TermServ". The router stops responding at this stage just before it gets to the user level (Router) prompt. I press the Return/Enter key several times but nothing happens. I found the only way around this is to physically re-boot the router, go into boot mode, change the registry from 0x2102 to 0x2142. Once the image is loaded, I go into privilege mode and change the registry key back to 0x2102. I issue the "no ip domain-lookup" command to stop the Router name from resolving, I then do "write mem", "reload". The router starts to work fine at this stage. But when I physically turn the Router off (or issue a reload command during the small lab exercises I do), it goes back to the
Re: Frame Relay Problem
If you could post the configs it would help, but here's some ideas to try. Are you sure have inverse ARP working? Have you tried a static route to R3 (from R2) gatewayed to R1's IP and the same on R3 to R2 via R1's IP? Look into Proxy ARP. Just a thought, I've never tried this but, is there a way to make a static ARP entry? Rodgers Moore "James Wilson" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All, I hope someone can shed some light on the problem I have come across in the following scenario : Three routers, R1,R2 and R3 all connected via a Frame Relay cloud with a router in the middle doing frame relay switching. The frame switch is _not_ fully meshed. R1 is acting as the hub with R2 and R3 being spokes off R1. Hence there is a PVC betweenR1 and R2 and a PVC between R1 and R3. There is _no_ PVC between R2 and R3. The particular lab exercise here specifies that each router much be able to ping every other router in the frame cloud. BUT the use of the 'frame-relay map' command is forbidden, and only R1 can be configured using a subinterface. As I have it configured R1 can ping both R2 and R3 as expected. However, both R2 and R3 can only ping R1 (the hub) yet cannot ping each other. The question stipulates you should use routing and not Layer2 to Layer3 mapping. A debug on the ping from R2 to R3 shows that there is no map entry for R3 hence encapsulation failed. A look at 'sh frame map' shows there is only 1 entry and it is for R1. This sh frame map is identical on R2 and R3. So the question is, how can I get R2 and R3 to be able to ping each other using routing and not the frame relay map command. It's got two of us here studying for our CCIE stumped, so im hoping someone out there has an idea as to how this can be accomplished. Also, as this is for the CCIE, static routes are not an option. Cheers. Jim. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to Config DSU/CSU....
The protocol down on the 1005 is because of the no keepalive on the 2501. Rodgers Moore "Minh Vu" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, How do I config EXTERNAL DSU/CSU on 1005 and 2501, I tried to simulate 56k link across those two, but I couldn't find the command or how to config this, before I was used cross-over between those two. The cross-over between two DSU/CSU was working (its display linked @56k) Here is my layout: 1005---DSU/CSUxDSU/CSU2501 DSU/CSU :Motorola 3512 IOS: 11.3.11aT1 here is "int s0" of 2501 config: interface Serial1 ip address 50.0.0.1 255.0.0.0 no keepalive ! note I using HDLC encap. !note with this 2501 config, I got Serial1 is up, line protocol is up here is 1005 config interface Serial0 ip address 50.0.0.2 255.0.0.0 no ip mroute-cache bandwidth 56000 fair-queue 64 256 0 ! also using HDLC encap. !note with this 1005 config, I got Serial0 is up, line protocol is down Anyone have sample config on EXTERNAL DSU/CSU. I looked thru cisco site, they just have sample for INTERNAL only, which I don't have those command (ie: service-module , and T1-controller). Thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Redistribution
Hi guys, (and gals, oh! and Chuck) I don't know why, but I thought I'd share how I remember [E]IGRP metrics. [E]IGRP metrics cause nightmares. So all you get from them is a "BaD Load of ReM". Have a happy Thanksgiving! Rodgers Moore ""Chuck Larrieu"" [EMAIL PROTECTED] wrote in message 004201c054be$ce833a80$[EMAIL PROTECTED]">news:004201c054be$ce833a80$[EMAIL PROTECTED]... Priscilla, off line I got a reply that show ip protocol reports that the K values are what one would expect, even with the settings what they are. In other words, according to the original poster, he looked and saw K1 and K3 = 1 and K2,4,and 5 =0 I'm curious myself, now. I can't research it right now, but somewhere I have this idea that the metrics are not effected by the redistribute route metric command. Changes in metric values have to be done another way. Bandwidth delay load reliability MTU. Gotta remember that. And yes I see that in one of the tables that 255 is 100% reliable. Again, it appears from what Jim said that these values make no difference in the metric as reported in the show ip protocol output. In his book Advanced IP routing in Cisco Networks, Slattery uses many examples of the redistribution metric. In each case it appears that he tries to match the bandwidth, but uses values of 100, 255,1 and 1500 for all other places I should have a bit of time tonight, and I will set up a quickdirty lab and experiment. Chuck -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 22, 2000 11:33 AM To: Chuck Larrieu; Cisco Mail List; James Haynes Subject: RE: Redistribution At 10:14 AM 11/22/00, Chuck Larrieu wrote: Probably the person who did it originally did not understand how the metrics should be set up. Reliability goes low to high. Lower is more reliable. You meant to say load, didn't you? 255 load means a fully-loaded network, which is generally a bad thing. A low load is good. 255 reliability means 100% reliability, which is a good thing. A low reliability value is bad. But when redistributing, I could see setting load high to make the redistributed route less favorable. What's a bit confusing is that they didn't set the reliability low, which would have been logical. So your guess that they were confused seems likely! If my brain is addled by PPP (Pumpkin Pie Preparation), forgive me. Gotta get back to it now. Priscilla Do a show ip protocol and look at the K values that are reported. I'm curious as to what they might show. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of James Haynes Sent: Wednesday, November 22, 2000 9:34 AM To: [EMAIL PROTECTED] Subject:Redistribution Hi all, I recently took a job at a new company and one of the first tasks I've been given is to go over the configuration and documentation of one of the WANs. While going thru the router config's I have found some redistribution commands that are, to me, not making sense. They are: router eigrp 113 redistribute static metric 1544 100 255 255 1500 redistribute rip metric 1544 100 255 255 1500 route-map rip-to-eigrp Now, these are not difficult commands in and of themselves and are readily understandable. The thing that has me puzzeled is the value of the metric for Load. Here the values for load are equal to 255. This to my understanding represents a fully loaded route. Am I correct? If so, why would one want to do that? If I'm not correct what is the correct interpretation of the above values. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Locked Console`
I've had a similar problem when I loaded an IOS that was able to fit in flash, but I didn't have the recommended amount of RAM installed on the router.Another possibility is the baud rate has been configured on the console port, so it runs default 9600 up until the config file is loaded then runs at the new speed set in the config file. Rodgers Moore ""Austin"" [EMAIL PROTECTED] wrote in message 8vb8tg$mnt$[EMAIL PROTECTED]">news:8vb8tg$mnt$[EMAIL PROTECTED]... I have a Cisco 2511 and the console has locked all of a sudden. I get output from the boot sequence, but after it gives me the memory stats, nothing. It does not respond to hitting the enter key ... nothing. Any thoughts on this?? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: question about ATM configuration
It seems to me your missing a map list and map group. Like below. I assume you're not using inverse ARP.In any case, I can't remember why you can't ping a local interface, but it's normal. (route caching?) interface atm 2/0 ip address 192.168.0.1 255.255.255.0 no keepalive map-group my-atm atm pvc 10 20 100 aal5snap map-list my-atm ip 192.168.0.2 atm-vc 1 broadcast Rodgers Moore ""RANMA"" [EMAIL PROTECTED] wrote in message 8vaauv$mas$[EMAIL PROTECTED]">news:8vaauv$mas$[EMAIL PROTECTED]... Hello I am now configing a ATM circuit ...but faac a problem My first machine is a 7200 VRX with a ATM OC-3 interface card (slot 2 , interface 0) and a machine which is a ERX router my configuration for the 7200 is int atm2/0 ip address 192.168.0.1 255.255.255.0 no shutdown atm pvc 10 20 100 aal5snap 9000 5000 2000 I dont konw after I typed the above config I cannot ping the interface 192.168.0.1 is there any configuration I have missed or incorrect any one can give me an example of "how to config the above interface " to me ? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE RS lab prep
I think that the most telling statement you've made is that Cisco knows about the book, and hence the lab proctors do too. So logically, this book alone will not be enough to pass the lab. Rodgers Moore "Chuck Church" [EMAIL PROTECTED] wrote in message 149867F27C65D411977900508B10457A3627@ntserver">news:149867F27C65D411977900508B10457A3627@ntserver... All, I was talking to a Cisco SE Tuesday and he mentioned that the All-In-One Cisco CCIE Lab Study Guide by Stephen Hutnik and Michael Satterlee was the book to use. Apparently many internal Cisco people in RTP use this book for preparation. I've ordered it, and am currently using the Doyle and Halabi books as well. Has anyone used this all in one guide to prepare? Was it useful? Also, I found out for sure there will be a small amount of voice on the test - FXS/FXO on a couple of routers. Any idea on where to start or what to read? Maybe some CCO URLs? TIA, Chuck Church RS Lab - Jan 12/13 RTP (AKA D-Day) CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP load balancing
Reply in-line. ""Peter Van Oene"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Couple comments/questions inserted *** REPLY SEPARATOR *** On 11/15/2000 at 2:14 AM Rodgers Moore wrote: ebgp multihop has nothing to do with load balancing traffic to and from the Internet, but it has everything to do with load balancing the the bgp connection and update itself. I would say it may have something to do with this, but certainly not everything :) It has everything to do with facilitating peering in situations where a direct connect is not feasible or optimal. If you have two parallel connections to the same router at your ISP and you configure two neighbor statements to the ebgp peer router on the connected networks you'll transfer the bgp table twice, once on each link. Possibly many megs of wasted bandwidth. Although I think this might work (configuring two routers to peer with each other twice), I can't imagine a reason for it. Am I missing something? Ok, what if the link dies that the bgp connection is configured for? You'll lose routing for both links and even if the other T1 is up nothing will be routed. If you configure one neighbor statement sourced from a loopback in your router going to a loopback interface on the ISP router, you'll have to have ebgp-multihop configured too, otherwise it won't work. Then turn off route caching and the bgp table will be sent only once and will be load balanced accross the two T1's. If one T1 dies, your still in business This I'm curious about. I am assuming that we're talking about direct connect peers using their loop backs. I am unsure about how the traffic would load balance here. Two static routes might lead to this, but would certainly not prove effective when one link died. Further, are you saying that a large, single update will actually be distributed over the two links? The only way I could see this happening would be with MLPPP over the T's which would limit this situation to equal type links. Am I missing something here as well? Yes, you have to have equal cost routes on both routers to the loopback networks. Two statics in both routers does the trick. Yes, the one large update will be distributed equally over both links. Nope, MLPPP is not required. Any configuration will work. It's the equal cost routes that maked load balancing work. It's easy to forget that routing protocols have nothing to do with load balancing. It's the routing engine that does load balancing and any time two (or more) equal routes exist, the engine will automatically take advantage of them. Before anyone yells about EIGRP, EIGRP doesn't load balance. It modifies the metric based on load, which will at some point cause two parallel paths (equal or not at 0% utilization) to become equal and hence the engine will take advantage of the two equal paths. Rodgers Moore Thanks! Pete Rodgers Moore ""Chuck Larrieu"" [EMAIL PROTECTED] wrote in message 00d401c04eb9$b6c5b360$[EMAIL PROTECTED]">news:00d401c04eb9$b6c5b360$[EMAIL PROTECTED]... EBGP multihop has nothing to do with load balancing. As for using BGP to control incoming traffic from your ISP, I would say there is no simple answer here. You will need to do a lot of reading and thinking. Basssam Halabi, Internet Routing Architectures, is a good place to start. www.nanog.org is another. Best wishes Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Andy Sent: Tuesday, November 14, 2000 7:26 PM To: [EMAIL PROTECTED] Subject: BGP load balancing Hi all, I want to know that does command ebgp-multihop provide load balancing over ATM for a router, also how can I configure ebgp to control incoming traffic from my ISP Regards Andy _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VoIP config
Believe it or not, yes I do, and it's only hard copy. Cisco TAC has this document, again only in hard copy form. That's where I got my copy from. If you don't already know this, the wiring is different for each EM type. If and when I get to it, I'll create an electronic version. I might be persuaded to share it too. ;) Rodgers Moore ""pinoal"" [EMAIL PROTECTED] wrote in message 8unip9$j3t$[EMAIL PROTECTED]">news:8unip9$j3t$[EMAIL PROTECTED]... Rodgers , Do you have the wiring diagrams for EM 4 wire. I have done a few installations and got the wiring right by trial and error. thanks ""Rodgers Moore"" [EMAIL PROTECTED] wrote in message 8uhh3t$76f$[EMAIL PROTECTED]">news:8uhh3t$76f$[EMAIL PROTECTED]... Reply in-line. Rodgers Moore "Amit Gupta" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All, Need some help in configuring VoIP I am testing the loopback connectivity between my router and EPABX by dialing a local extension number. As Soon as I dial the seizing code I get connected to the router. When I dial the destination pattern my call gets transferred to the router,s next port Right here. Do you hear PBX dial-tone? When you dial the first digit does dial-tone go away? Also at this point you should do a "show voice calls", "show voice dps". What is the state of all of the ports dsp's? Does everything look good? 90% of the time I see this problem it is incomplete or incorrect PBX programming. 9% its that the PBX set for 2 wire and router 4 wire, or the reverse, or incorrect wiring in a 4 wire config. (Cisco was putting out incorrect wiring diagrams for EM 4 wire a year ago. I assume that it's been fixed, I reported it to TAC) Low volume level, the PBX can't hear the DTMF digits. PBX is made by NEC or Lucent. Both are rather picky about DTMF frequency accuracy and volume. To test, change the codec to G.711 on the ports so that no compression is being used. Or turn on local call compression bypass. This way the PBX's DTMF just passes through unmolested back to itself. When I dial the local extension i do not get a response. I am using tone dialing,the Interface model is Type- 5 E M Type of Signalling is Immediate Thanks for your clues in advance. Amit __ Do You Yahoo!? Thousands of Stores. Millions of Products. All in one Place. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Port Assignment with Static IP
Since I'm not sure if this is a NAT/PAT question Add the "secondary" keyword to the second IP ADDRESS statement. For Example: interface ethernet 0 ip address 192.168.1.1 255.255.255.0 ip address 192.168.1.2 255.255.255.0 secondary ip address 10.2.2.1 255.255.0.0 secondary Rodgers Moore "Adele Galus" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Need the professionals here: Why is it, that you can not assign more than one Static IP Address to the same port number??? I have to configure this router on Monday. Thank you. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VoIP
Don't take this the wrong way, but I have a couple of questions. Since you're being compensated (paid) by your customer, how do you intend on compensating someone in this group for helping you? If you don't compensate someone for helping you, how do you know that your helper didn't just give you enough rope to go hang yourself in front of that customer? i.e. They gave you enough information to think you know what you're doing but not enough to besuccessful. And since money is involved, and hence the concept of harm (legal definition). Do you have adaquate liability insurance to protect not only yourself but also the person who helps you? That should just about cover it, thanks. Rodgers Moore ""Alex Madjeski"" [EMAIL PROTECTED] wrote in message 002301c04c37$648f5080$[EMAIL PROTECTED]">news:002301c04c37$648f5080$[EMAIL PROTECTED]... Does anyone have experience with VoIP on the 2600 series routers? I have acustomer that wants to connect two building via GIG fiber and I have some questions on how to get the voice between the two buildings. If you can help let me know and I will send some diagrams and more specific questions. Thanks, Alex
Re: Friday Follies
At least it didn't say AFLAC. "Jim Dixon" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Please follow the below instructions EXACTLY I have discovered a new application for voice menuing systems. ENJOY! and remember..INSTALL THAT OPTION 7 on every system you implement. OK? :) Call this number. It is funny. It is nothing bad. Call National Discount Brokers 1. dial 1-800-888-3999 (it's free) 2. listen to the options 3. after hearing #7, select 7 Every company should have an option #7. Don't ask, just do it. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VoIP config
Reply in-line. Rodgers Moore "Amit Gupta" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All, Need some help in configuring VoIP I am testing the loopback connectivity between my router and EPABX by dialing a local extension number. As Soon as I dial the seizing code I get connected to the router. When I dial the destination pattern my call gets transferred to the router,s next port Right here. Do you hear PBX dial-tone? When you dial the first digit does dial-tone go away? Also at this point you should do a "show voice calls", "show voice dps". What is the state of all of the ports dsp's? Does everything look good? 90% of the time I see this problem it is incomplete or incorrect PBX programming. 9% its that the PBX set for 2 wire and router 4 wire, or the reverse, or incorrect wiring in a 4 wire config. (Cisco was putting out incorrect wiring diagrams for EM 4 wire a year ago. I assume that it's been fixed, I reported it to TAC) Low volume level, the PBX can't hear the DTMF digits. PBX is made by NEC or Lucent. Both are rather picky about DTMF frequency accuracy and volume. To test, change the codec to G.711 on the ports so that no compression is being used. Or turn on local call compression bypass. This way the PBX's DTMF just passes through unmolested back to itself. When I dial the local extension i do not get a response. I am using tone dialing,the Interface model is Type- 5 E M Type of Signalling is Immediate Thanks for your clues in advance. Amit __ Do You Yahoo!? Thousands of Stores. Millions of Products. All in one Place. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FL's ugly vote
Cut-through works great, but one of the users apparently got paranoid and wasn't sure everything was working right, see the application software didn't give out the result he wanted, so he requested Store-and-forward as it is less prone to "error" or irregularities. It turns out that store-and-forward did work a little differently and the application software results were suddenly much closer to what he really wanted, so he complained clamorously, got friends and co-workers to to throw a fit that sneaker net was the way to go, assuming that it would cause the software to give the exact result he wanted. Alas, we are now using sneaker net. Despite the fact that the other 5 users were happy with Cut-through and Store-and-forward. Of course, it the midst of all of this, the application programmers have gotten several bug reports and complaints that the software is all wrong, somehow it keeps saying 1 + 1 = 2. That can't be right? can it? Rodgers Moore Sorry, I couldn't help myself [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED].. . Can't we just use the cut-through method instead of this tedious store and forward method of ballot counting? -Skivvy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 09, 2000 4:22 PM To: [EMAIL PROTECTED] Subject: FL's ugly vote Hey!! We're counting votes as well as we can down here.we're not fast counters, no, but we're not slow counters either. So that makes us all in a state of half-fast vote counters determing the leadership of a powerful nation. I like that. ~~ JLB, Lib. But I do know that it would be illogical, illegal, and downright ugly, kind of like what's going on in Florida. ;-) Priscilla _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: WIC 2T module question
$.02, the product lit doesn't mention the WIC-2T nor the WIC-2A/S, but the enhanced configuration tool lists both as a valid and orderable items for the 3600 series. I believe that you must be running IOS version 12.0.3T or better to support termination of more that one serial interface in a WIC slot and it must also be a newer NM module like the NM-2W, NM-1FE2W etc. etc.. This also applies to the new VWICs, but they require IOS version 12.0.07XK or better. URL for the current product literature. Requires CCO login http://www.cisco.com/warp/customer/cc/pd/rt/3600/prodlit/seral_ds.htm So it would safe to say that some of the CCO info is out dated. I ran into this issue a few of weeks ago when a Cisco SE didn't like a design I did. Rodgers Moore ""Gabriel McCall"" [EMAIL PROTECTED] wrote in message 8uhq2i$2pj$[EMAIL PROTECTED]">news:8uhq2i$2pj$[EMAIL PROTECTED]... ""Brad Ellis"" [EMAIL PROTECTED] wrote in message 8ug2vr$kgp$[EMAIL PROTECTED]">news:8ug2vr$kgp$[EMAIL PROTECTED]... Also, I believe you can NOT use a WIC-2T in a 36xx router. -Brad Ellis CCIE#5796 [EMAIL PROTECTED] You can't use a WIC-2T in the older NM-1E2W modules; however, the newer NM-1FE2W modules do support the 2T. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VOIP Troubles
1) Yes, and we had some of the same issues. The biggest was that we had tohard code the codec on all interfaces. For some reason the default codec G729ar8 wasn't always being selected or detected and since it's the default you can't hard code it. We had to opt for G729r8. We had point to point 56K circuits so it was much easier to deal with. Oh yea, we also tried to do a voice class to change the default codec for a whole router, but we had a couple of routers that ignored the voice class config, which is why we ended up hard coding every interface. 2) I think this is more an issue that IOS is a work in progress. We've always had to use an Early Deployment release to fix an issue. ( and in the process broke something else...) 3) Do it anyway. 4) Yep, and you'll be sorry you did. Even on full point to point T1's, I've seen issues. Just a suggestion, but have you considered putting voice cards in the 7206's and going VOFR? Rodgers Moore ""Chris Boyd"" [EMAIL PROTECTED] wrote in message 001d01c04b5a$6df29c50$[EMAIL PROTECTED]">news:001d01c04b5a$6df29c50$[EMAIL PROTECTED]... All right guys I need some help I have been working with Cisco for a while now on a VOIP issue. The problems lies in both call disconnects and voice distortion. We have followed all the steps for traffic shaping (QOS) and rtp header-compression but these do not seem to help. We have 150 remote sites all running 2600's with FXS modules that all come back into the host site where we have 2 7206's.Each of these links are 56k frame-relay links with 16k CIR running very few applicationsmostly small transactionsand Citrix clients. The call must then traverse two internal Ethernet segments, routing through our 6509 backbone switch and then into a 3640 before hitting the PBX. Cisco seems to think that we need to increase our bandwidth to support the voice traffic, however, that is not something I have been able to sell to the "powers that be". We sold this idea on cutting cost and in our estimations for upping the CIR to even 32k will be significant cost increase. Right now I am shaping to 16k with an 8kcommitted burst so at any one time I should be able to burst to 24k. Assuming that I am able to burst to port speed (56k)why would I have call distortion unless there is some latencycoming through the ISP's switch? We also have another company site that also comes back in this way and we have no problems with those calls.O.K. that being said (and hopefully not too confusing to follow) here come the questions: 1. Has anyone else implemented VOIP in slow links successfully? 2. Is anyone else having QOS problems with their VOIP implementations? 3. Do I need to prioritize the voice traffic through the local network? 4. Has anyone tried turning off traffic shaping and letting the voice and data compete for bandwidth? Thanks in advance for your feedback! Thanks, Chris Boyd, CCNANetwork SupportAlex Lee, Inc.120 4th Street SWHickory, NC 28601(828) 323-4103http://www.alexlee.com
Re: ATM Question about LEC
I'm no guru, but that's what I've seen when the LEC didn't or couldn't talk to the LECS. Usually, a config error, like a fat-fingered ATM address or missing command on the LEC. Rodgers Moore ""TheFish"" [EMAIL PROTECTED] wrote in message 8udadn$j2a$[EMAIL PROTECTED]">news:8udadn$j2a$[EMAIL PROTECTED]... Does anyone who is an ATM guru know why? LEC Client ID is unassigned.Why? Thanks, KT _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: pairgain T1
It depends on the exact model, but in general NO. Pairgain was never really a CSU/DSU company, but rather a HDSL T1 repeater/extender company. They did make a few models that would take T1 on the network side, but I don't remember if these had v.35 options on the DSU side. Is this a two or a four wire version? If it's a four wire, then it may be possible. You can always try it. If it doesn't work, then do something else. Rodgers Moore "Frank Kim" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi folks, I have a Pairgain T1 campus with a DSX-1/v.35 interface. Can this be used to attached to a T1? Thanks for any input. -Frank _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Radius or Tacacs
Brian, How do you propose to configure the user id password into the PIX? There's no command to allow this. So you won't be doing any authentication, except the pre-shared key which is the same for everyone. One password between your LAN and the Internet. Feel safe? You could install Radius for NT, it comes on the Option Pack 4 CD and is free. It won't work without the radius/IIS service pack 6 and some other upgrade (I forget the name). Just be forwarned, with this software you get "exactly" what you pay for. Rodgers Moore ""Parris, Brian"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Could somebody please explain to me why I would want a Radius Server when authenticating a VPN client through my PIX on an NT Server network rather than just authenticating locally on the PIX. Also, what is the advantage of Tacacs and is there any software that can perform these duties for less than the $4000 that the Steel-Belted Radius and CiscoSecure ACS software cost. I'm not going to have but a few users and can't justify these prices. TIA, Brian Parris Network Admin. www.carotek.com http://www.carotek.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: token ring question
I'm about to cause problemsa debate or something Something way back in my memory says it is possible to break one MAU into two physical rings. The real problem is that you have to voltage on a port to charge and open a port's bypass relay. If my memory is correct, you make two crossover cables and plug one into Ring in and port 4, the other into Ring out and port 5. The first active connection on one half of the MAU (lets say on port 1) will charge and open port 1 and because Ring out has no bypass relay, the voltage will make it to port 4, charging it, thus causing it's relay to open too, which completes the ring on the first half of the MAU. Now I can easily have this wrong. This actually makes three rings, one of which is un-useable as it involves 1/2 of ports RI, RO, 4 5. Oh!, I think what I'm missing is you have to have an active port on the other half of the MAU too, to complete the charging circuit, otherwise it will flap on and off. Oh hell, I'm pulling this from 1985 memory. It could be totally degraded by now. :) Or was it a Y cable plugged into a port with one pair going to RI pins 34 and the other pair going to RO pins 12 There is a way. I'll sleep on it, but you've got the idea. Someone should try it out. I would, but I don't have a MAU handy. Rodgers Moore ""Frank Wells"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Try it. From: Brian [EMAIL PROTECTED] Reply-To: Brian [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: token ring question Date: Thu, 9 Nov 2000 08:34:34 -0600 (CST) Can you configure multiple rings on a single MAU? I mean If I plug 2 2502's into a MAU can I set different rings for them, or do you really need two MAU's to do multi-ring/bridging scenerios? Brian --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: console or AUX port
You know those blue ribbon console cables you get with a new router? Look at its pin out, it's a rolled cable. This is exactly what you need to do to the cables you have to make them work in the console port. I'd just use an 8 pin modular splice and a blue console cable added onto the end of the cable you already have. Rodgers Moore ""Neil Desai"" [EMAIL PROTECTED] wrote in message 8ubmb4$7a9$[EMAIL PROTECTED]">news:8ubmb4$7a9$[EMAIL PROTECTED]... I am currently making a lab with a 2511 as my terminal server. I am plugging the octal cables into the AUX ports of the routers and everything works fine. Unfortueately the 1600's don't have an AUX port so I tried the console port but I am unable to get it to work on the console port. From what others have told me this can be done. When I went to fatkid.com and looked at their reverse telnet lab they are connecting to the AUX port, in Calsow's book it says to connect to the console port. If anyone can help me on this I would appreciate it. Thanks. Neil _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP RIP V.1 in the LAB ?
Hi all, another $.02, This doesn't look like a topology that Split horizon would be a factor. I'd suspect (given the total absence of information) that this is a classful issue. RIP from "Right" would send a null update, if there was nothing to send, ie. the other router, "Left", knows how to reach all of the "classful" networks. Left sent its update first, so, Right just sends null updates. Rodgers Moore "Phil Barker" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Hi Gang, Three Routers in a triangle. Labelled Top, Left and Right. Serial Connections between Top - Left, and Top - Right. Ethernet connection between Left and Right. Sniffer placed on Ethernet segment. The Top Router has 2 routes to the Ethernet segment and is Load Balancing. The Right Router is my problem. It only learns one route to the network TOP-Left via the Serial Route, why doesn't it learn this network via the Ethernet Segment also ? Sniffer can see the network Top-left being advertised by the Router left. debug on Router Right reveals supressing Null Update ??? When I cut the link Top-Right the Network Top-Left is eventually flushed out ??? I'm baffled, Can anyone help out ? Regards, Phil. Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rép. : Cisco Switch 2948G-L3 Question
Kevin, It's nothing like a 5K. I've been working with one of these guys and the IOS is just like a router. Well, not like, but identical to a 48 port 10/100 router. It's not like a switch at all. I haven't had enough time with it yet, but it seems VLANs are a foreign concept to it, except that you can trunk out a port by sub-interfacing and setting the encaps to ISL. (just like a router) You setup a VLAN with IRB and a BVI interface. I may be mistaken, I've only put a few hours in on the box. Rodgers Moore ""Kevin Wigle"" [EMAIL PROTECTED] wrote in message 021b01c0486c$f31b62e0$[EMAIL PROTECTED]">news:021b01c0486c$f31b62e0$[EMAIL PROTECTED]... I'm a bit confused, perhaps I haven't played with this enough but I think you're getting too complicated. The 2948G-L3 switch uses the same IOS as the Cat 5000 family. Also, I'm not sure if you can set any port to be admin or rather you can telnet into any port and admin the switch, a subtle but large difference. In the Cat 5000, by default, the admin VLAN is VLAN 1. It was mentioned that port 48 is in another VLAN (VLAN2 ?). Without inter-VLAN routing, if the device you're pinging from is connected to VLAN1 - it won't get to VLAN2, which wouldn't matter anyways because if you could ping port 48 you would still have to associate VLAN2 as being the admin vlan. You do this by configuring the sc0 interface. You must set an ip address on sc0 and then you still must be plugged into a port assigned to VLAN1. Otherwise, you can change the default admin VLAN with: set interface sc0 [vlan] [ip_addr [netmask [broadcast]]] Therefore you can assign sc0 an address and put it into any vlan you wish. Then you could telnet to it from any port assigned to that vlan. (unless routing gets you there to) Not sure this helps, I don't have a 2948G-L3 to play with but if it has the same IOS as the Cat 5000 this should apply. Kevin Wigle CCDP/CCNP - Original Message - From: "Thierry MARTIN" [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Saturday, 04 November, 2000 12:44 Subject: Rép. : Cisco Switch 2948G-L3 Question hello, Cisco switch 2948-L3 are IOS and each VLAN must be considere as Virtual Bridge. For VLAN 1, each port must have command "bridge-group 1" and you do create a BVI with number 1. The ip address for this VLNA will be in the BVI interface. Is it a configuration BRIDGE IRB. Your config will be as : ! hostname R1 ! bridge irb ! interface bvi 1 ip address 10.0.0.1 255.255.255.0 ! interface bvi 2 ip address 172.16.1.1 255.255.255.0 ! interface ethernet 0/1 bridge-group 1 ! interface ethernet 0/2 bridge-group 1 ! interface ethernet 0/3 bridge-group 1 ! interface ethernet 0/4 bridge-group 2 ! interface ethernet 0/4 bridge-group 2 ! interface ethernet 0/5 bridge-group 2 ! .../.. ! interface ethernet 0/48 ip address 192.168.1.1 255.255.255.0 ! bridge 1 protocol ieee bridge 1 bridge ip# default no bridge 1 route ip bridge 3 protocol ieee bridge 1 bridge ip# default no bridge 1 route ip ! router rip network 10.0.0.0 network 172.16.0.0 network 192.168.1.0 no auto-summary .../... You must do command in oder, or reboot is a good idea fur running IRB. == Is a CCIE Lab sujet. Best Regard THIERRY * Manoj Ghorpade [EMAIL PROTECTED] 03/11/00 02h01 Hi Group, I have a Cisco 2948G-L3 switch and want to setup the management on the switch.I tried doing things the documentation said but it won't work. The documentation says anyone of the ports (1-48 Fastetherenet) can be used for management or the 2 Gigabit ports 49-50 can be used for management. I have a VLAN of first 6 ports in Bridge 1(1-6)( which i don't want to touch) and rest all the ports in Bridge 2 (7-48). I assigned an IP address to port 48 and tried a ping but got no reply. Can anyone help me on this Best Regards Manoj Ghorpade _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Which IOS do you run in your lab?
No VOIP on his lab? It didn't come out until 12.0 Rodgers Moore ""Circusnuts"" [EMAIL PROTECTED] wrote in message 015701c04659$ff0ab7a0$[EMAIL PROTECTED]">news:015701c04659$ff0ab7a0$[EMAIL PROTECTED]... My boss came back from his First run @ the CCIE lab was angry over two things. One of the reasons he felt he did poorly, was because he didn't know any of the default differences between 11.2(18), 11.3(9)T (there was no 12.0 on his scenario). The Second reason was the cool patch panel Cisco has you work with. He said it took him all day to get comfortable with it, so when he got home he ordered one for his lab ($3000). From the experiences I have with CCIE prep material, first hand advice from friends who have taken the CCIE lab, my work environment (where we cannot use 12.0 still have LANE working properly)... stick to the 11.2's (NAT auto LMI detection started here), 11.3's (PAT a lot of the technical software additions started here), 12.0 (is the WIN98_SE of 11.3 :-) Good Luck !!! Phil - Original Message - From: "Brian" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, November 02, 2000 10:57 PM Subject: Which IOS do you run in your lab? I wanted to get an idea of which version of IOS most of you are running in your labs? You would want a version of course that is very stable, yet offers good features. I would think 11.2 at minimum, since so many major changes occured with that. Correct me if I am wrong, but CCIE lab can test features as recent as 12.0 and beyond...so I am wondering if alot of you run 12.0. Brian --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HSRP Betweem 6509 MSFC Blades
Stan, Without seeing configs it's a little hard to diagnose, but two things come to mind. Preempt on HSRP. Are you using it? Second, it sounds like you have layer two redunancy, so spanning tree should have a link in Blocking mode. When you test a failure, this link will start forwarding (how quickly depends on a few things) so your HSRP may flap back and forth until things settle down(converge). You need to use HSRP "track" to force the priorities to be correct in a failed state. You may also need to tweek the HSRP timers. I'm about to embark on a very large implementation just like you describe. I pray it goes smoothly. Rodgers Moore ""Rossetti, Stan"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Could someone tell me if they have seen this problem before or have any suggestions. Scenario: We have 2 6509 switches with msfc cards in each on the 1st floor and 4th floor of a building. We have redundant links between the switches and each switch has redundant sup 1 cards with the msfc blades. We also have 2 more 6509 switches on the 2nd and 3rd floors of the same building. The first floor switch is connected to the outside world through a 7206 router. There are multiple vlan across each switch that are connected to the user through several 3500 series switches on each floor. When we first turned HSRP on, the msfc1 vlans did not come up. We get Cisco online and they said we had a bad msfc card. So we switched over to the redundant msfc card (msfc2). The vlans came up and hsrp between the switches was working (exchange hello packets and send standby info). Each vlan knew of the other vlan standby router and ip address. To run a test we disabled our connection to the outside world to localize any problems and brought up continuous ping sessions between the switches and vlans on the 1st and 4th. Next we shut down the 1st floor switch. (Note: The 1st floor switch has the higher priority). The network went down and hsrp did no swap over to the standby switch. Additionally, when we disconnect the cable between the 1st floor and 4th floor switch we see duplicate ip address errors. We saw the same duplicate ip errors the last time we disconnected the cable between the 1st and 4th floor switches, but that was before we had hsrp installed. Some other useful info: About 3 weeks ago, before we installed the 1st floor switch the 4th floor switch acted as the interface to the outside world through the msfc card that cisco now says is bad. Then we installed the 1st floor switch and move all connections through the 1st floor switch. Essentially the 1st floor switch became the interface to the outside world with redundant link to the 4th floor and 2nd floor switch. When we did this the vlan could not talk to each other. Which means that we could ping the msfc card from the outside world but not the 6509 switch. Internally, we could ping the 6509 switch, but not the outside world. To isolate the problem we removed the connection to the 1st and 4th floor switches like we did above and everything came up, but we saw the same duplicate ip address errors. We did a hardware reset of the switch and reconnected the 1st and 4th floor switches and everything started working correctly. Any ideas? This make no sense to me and installing HSRP should not be an 8 ordeal. Thanks, Stan Rossetti Russia Services Group Email: [EMAIL PROTECTED] Phone: (256) 544-5031 Beeper: 544-1183 pin # 0112 ... _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: LANE
Sure you can. Here's a snippet of ATM config from a 3640. This is more complex than a normal config as there are 4 elans and 3 different LECS. I hope it helps, Rodgers Moore hostname 3640a ! ip subnet-zero ip host-routing no ip domain-lookup ! lane database cisco name test server-atm-address 47.009181B06439E301.00B064AD0DF1.01 name test2 server-atm-address 47.009181B06439E301.00B064AD67F1.02 name test10 server-atm-address 47.009181B06439E301.00B064AD0DF1.0A name test3 server-atm-address 47.009181B06439E301.00307B620C11.03 default-name test ! interface ATM1/0 no ip address no ip directed-broadcast atm pvc 1 0 5 qsaal atm pvc 2 0 16 ilmi no atm ilmi-keepalive lane config config-atm-address 47.009181B06439E301.00B064AD0DF3.00 lane config database cisco ! interface ATM1/0.1 multipoint ip address 192.168.1.1 255.255.255.0 no ip directed-broadcast lane config-atm-address 47.009181B06439E301.00B064AD0DF3.00 lane server-bus ethernet test lane client ethernet test ! interface ATM1/0.2 multipoint ip address 192.168.2.1 255.255.255.0 no ip directed-broadcast lane config-atm-address 47.009181B06439E301.00B064AD0DF3.00 lane client ethernet test2 ! interface ATM1/0.3 multipoint ip address 192.168.3.1 255.255.255.0 no ip directed-broadcast lane config-atm-address 47.009181B06439E301.00B064AD0DF3.00 lane client ethernet test3 ! interface ATM1/0.10 multipoint ip address 192.168.10.1 255.255.255.0 no ip directed-broadcast lane config-atm-address 47.009181B06439E301.00B064AD0DF3.00 lane server-bus ethernet test10 lane client ethernet test10 "Raymond Mak" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Is it possible to configure LANE on router, eg 7500 series, since I just see examples of LANE configuration on Catalyst 8400 etc in Cisco site? Thanks Regards, Raymond _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Two DLCI numbers?
Chuck. To be REALLY retentive. :p A single PVC that traverses 50 frame switches has 1 DLCI per interface or 2 DLCI's per switch. The DLCI's between two switches have to match. You, the customer, are only told about the two DLCI's you see. So, in this example there are actually 51 DLCI's associated with the 1 PVC and ALL of them are locally significant, otherwise we'd run out of DLCI's really quick. Another small fact is that LMI does not have to match end to end. It's locally significant too. Rodgers Moore :))) ""Chuck Larrieu"" [EMAIL PROTECTED] wrote in message 004a01c0457f$e50447c0$[EMAIL PROTECTED]">news:004a01c0457f$e50447c0$[EMAIL PROTECTED]... To be anal retentive about it, DLCI's are not locally significant because there might be more than one per pvc. There are only 10 bits in the DLCI field, meaning you can have a max of 1023. This fact alone would indicate the difficulty of having globally significant numbers. ;- One may request specific DLCI's from the provider. If you don't, the carrier will out of habit just assign beginning at 16. But in fact many net managers request specific numbers based on their design plan. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of jeongwoo park Sent: Thursday, November 02, 2000 10:07 PM To: [EMAIL PROTECTED] Subject: Two DLCI numbers? Hi all While I was reading a cisco book, I came across the fact that DLCI number has only local significance because there might be more than one DLCI number associated with one pvc. Why would any pve in frame relay network have two DLCI numbers? I know that DLCI number is given by frame relay service provider. Can someone explain this? Thanks in adv. jeongwoo __ Do You Yahoo!? From homework help to love advice, Yahoo! Experts has your answer. http://experts.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Switch 2948G-L3 Question
Are you using IRB? and did you remove port 48 frombridge group 2? Rodgers Moore "Manoj Ghorpade" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]...Hi Group, I have a Cisco 2948G-L3 switch and want to setup the management on the switch.I tried doing things the documentation said but it won't work. The documentation says anyone of the ports (1-48 Fastetherenet) can be used for management or the 2 Gigabit ports 49-50 can be used for management. I have a VLAN of first 6 ports in Bridge 1(1-6)( which i don't want to touch) and rest all the ports in Bridge 2 (7-48). I assigned an IP address to port 48 and tried a ping but got no reply. Can anyone help me on this Best Regards Manoj Ghorpade
Study group in Cincinnati Louisville
I just wanted to announce to the group that several CCIE RS canidates have formed a study group for the Louisville Cincinnati areas. If you would like to join us, just email me and I'll let you know when and where the next meeting is. (probably next Wednesday) Meeting facilities are available from both DPS where I work and from Mastec, both in Blue Ash. In Louisville, we can use the DPS facilities in Middletown. Thanks, Rodgers Moore _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ccie security beta
Title: ccie security beta I took it this morning. This test is much broader than MCNS. You shouldreview the CCIE-Security Exam Blueprint on CCO. The test is definately CCIE caliber. A few questions I disliked tremendously, as there was nocorrect answer, so it was a choose the least evil answer This is one of the few written tests that I think hands-on helps alot more than studying books. Before anyone asks: I'm not sure exactly how I did, but I feel good enough to think I'll pass. Rodgers Moore, CCDP, CCNP-Security ""Phil.Lerner"" [EMAIL PROTECTED] wrote in message ACFB5A84E724D411893F00600841E4A049E997@EXCHANGESERV">news:ACFB5A84E724D411893F00600841E4A049E997@EXCHANGESERV... Has anyone taken this yet? Similar to MCNS? Study reccommendation Thanks
Re: ccie security beta
The blue print on CCO covers it well. I want to stay in Cisco's good favor, so I'll just say that it's a technology test that at times gets very specific about commands and products. Many questions are written so that hands-on experience is more valuable than any book could be. My primary job title is Security Consultant, so I just took the test cold. I work with Firewalls and VPN's all of the time, and not just Cisco. I did have to guess on more questions than I would have liked. It was a good diversion from working on the CCIE RS lab. Rodgers Moore "Anand Bhat" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Rodgers, Did they cover Concentrator(Altiga) series ? Is it more technology oriented Test ? What books did you study , Any recommendations ? Thanks in Advance. Anand ers Moore [EMAIL PROTECTED] wrote: ccie security betaI took it this morning. This test is much broader than MCNS. You should review the CCIE-Security Exam Blueprint on CCO. The test is definitely CCIE caliber. A few questions I disliked tremendously, as there was no correct answer, so it was a choose the least evil answer This is one of the few written tests that I think hands-on helps alot more than studying books. Before anyone asks: I'm not sure exactly how I did, but I feel good enough to think I'll pass. Rodgers Moore, CCDP, CCNP-Security ""Phil.Lerner"" [EMAIL PROTECTED] wrote in message ACFB5A84E724D411893F00600841E4A049E997@EXCHANGESERV">news:ACFB5A84E724D411893F00600841E4A049E997@EXCHANGESERV... Has anyone taken this yet? Similar to MCNS? Study reccommendation Thanks __ Do You Yahoo!? Yahoo! Messenger - Talk while you surf! It's FREE. http://im.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF Demand Circuit...
Louie, Ok, here's the scoop. First, this is normal behaviour for a demand circuit and there is no provision in OSPF to handle it. BUT, Cisco has a relatively undocumented command to take care of the flapping. "no peer neighbor-route" I only found out about it's existance by calling TAC. This works great as long as you don't have any virtual links that traverse the ISDN link. You'll need to filter the virtual link traffic in the dialer list also, so the multicast traffic isn't interesting to the dialer. I'm going to be playing with this in my lab in the next week or two. I was thinking of trying to change the link type to non-broadcast, point-to-point, etc. to see if this would be a better/easier setup. I'll let you know if I dig up any more good info. Rodgers Moore ""Louie Belt"" [EMAIL PROTECTED] wrote in message 000201c03e40$f4fbb6e0$[EMAIL PROTECTED]">news:000201c03e40$f4fbb6e0$[EMAIL PROTECTED]... While configuring and OSPF demand circuit over ISDN, I noticed that the ISDN link would disconnected and immediately reconnect - because the change in ospf topology was triggering and LSA flood - forcing the ISDN line to reconnect. However, the dialer enable-timeout setting was at it's default of 15 seconds so the ISDN link should have been forced to wait 15 seconds before attempting to reconnect (and thereby giving the LSA flood time to pass). However, this did not happen. No matter what I set the dialer enable-timeout to, the redial happened immediately. Question: What am I missing? (or mis-understanding) Thanks in advance! Louie _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Alicia Silverstone teaches Cisco router configurations
Title: FW: Alicia Silverstone teaches Cisco router configurations Of course we do. Rodgers Moore "Pieter Jordaan" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Didn't Know movie stars had time for this stuff :-0http://routergod.com/aliciasilverstone/ Next time one of your customers asks for help on their cisco setups :)
Re: NT1 needed
Brian, You don't need a multi-port NT1. The wiring is a bus topology. The same way you connect multiple phones at home, just four wires instead of two. Rodgers Moore "Brian" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Does anyone know of an NT1 model that will allow the connection of 2 S/T interfaces (2 different routers) so that each can use a single chennel of the single ISDN line connected to it (like a splitter). Brian --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: here's a challange....
Mark, Maybe I'm missing something, I gather the gateway and the PIX are not the same box. So you need a route in the gateway to the PIX. Rodgers Moore ""Mark Kinley"" [EMAIL PROTECTED] wrote in message 000a01c03a04$88c584a0$140210ac@mkinley">news:000a01c03a04$88c584a0$140210ac@mkinley... Here's one for all you Cisco Mentors out there. I have recently installed a Catalyst switch 6500 here in the hospital. I have a direct T1 from my local ISP to this site. My Challange is to: Route all HTTP traffic from my client p.c's via default gateway 172.16.1.3 (port 80) to my PIX Firewall(linux server/ Red Hat)172.16.1.163 (port 8002) in other words, every p.c. that has internet access will go directly to default gateway then to the firewall and gain access to the local isp. I am playing around with access-list / extended access-list welcome any solutions / resolutions to this problem.
Re: CCIE Lab - ISDN Simulator
An Adtran Atlas 550 is alot less expensive and you only loose the ability to have DS-3 interfaces. But you'll still spend more than installing a couple of BRI's for 6 months. I doubt you'll find any Atlases on the used market. Rodgers Moore ""FRS"" [EMAIL PROTECTED] wrote in message 8smth4$kvk$[EMAIL PROTECTED]">news:8smth4$kvk$[EMAIL PROTECTED]... Hi, I am looking for recommendations for a ISDN simulator in preparation for the CCIE Lab exam. Is there a simulator used in the lab exam and if yes, what type? I have heard that I should get an Adtran Atlas 800 Switch with 2 BRI interfaces. Does anyone know the estimated cost of this unit, used not new? All advice is appreciated. Thank you _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Lab date exchange
I have a Jan 4, 2001 CCIE-RS Lab in San Jose. I's like to trade for a late November or early December date. email me, Rodgers Moore [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT, Netranger and OpenView
Tim, The last time I priced HPOV for Sun, it was about $5000. I am unaware of any free or lesser cost options. I too,would love to find a better option. Let me know if you find anything. Rodgers Moore ""Tim O'Brien"" [EMAIL PROTECTED] wrote in message 00b801c03449$90949f10$2a01010a@sjapp012">news:00b801c03449$90949f10$2a01010a@sjapp012... I recently talked to Cisco TAC and they verified that you need at least a "run-time" version of HP OpenView to run the NetRanger Sensor Management Console, and it is not included on the Management CD. My question is, can you get the OpenView runtime version free somewhere or is this something additional that I will need to purchase? I have looked at HP's site but have not really found anything worthwhile. Thanks! Tim _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sending a break on NT4 system
Paul, If you haven't upgraded Hyperterm, then you should. Hyperterm straight off the CD has a bug in it. I bet you can guess what that bug is Rodgers Moore "Paul Werner" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Robert McIntire wrote: I'm working with a used 2514 router with an unknown enable password. I've tried the standard break technique but can't abort the boot sequence. I believe that break may be disabled. I'm using Win NT 4 and hyperterminal to connect to the console port and am able to connect and SHOW VERSION. I am getting terminal feedback. I've used CTRL-BREAK AND CTRL-SHFT- 6 to no avail. How can I access ROMMON mode and change the password? Is there a jumper on the system board that can be used to circumvent the password and access the router for configuration? Any advice is appreciated, Thanks The version of hyperterm that ships with NT4 is version 2.0. It is not capable of sending a break to the router. I would recommend that you go the following web site to get a newer version of hyperterm. www.hilgraeve.com I use version 4.0 (Private edition), and it works fine. HTH, Paul Werner Get your own "800" number - Free Free voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: challenge problem
Ok, I'll take a stab at it. First a question. Have there been any BERT tests end to end (NID to frame switch interface)? If so, was an all zero's test done? Very simply, I suspect that one of the circuit's repeaters is misconfigured ESF, AMI. Everything works fine until the 1's density isn't high enough to keep zero suppression from kicking in. Then one of the bits is being set to 1, causing the CRC. Why would telnet show a problem? Easy, IP packets are 64 bytes minimum. Telnet sends a packet for each character, the rest of the data block has to be padded with something. Some telnet clients padd with zeros, hence the CRC errors when zero suppression kicks in when these packets traverse the link. Other telnet clients pad with all 1's or ctrl-Z or ctrl-D, and won't cause the zero suppression, therefore no CRC's. There's only two ways out of this, the carrier tracks down the misconfigured repeater, or you have them reconfigure for 56K channels. Let me know if I'm right and about that job. :)) Rodgers Moore, CCDP, CCNP-Security ""Fred Flinstone"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... ok here it goes we have a customer we manage that is incurring CRC'c, input errors etc on there serial interface. 1. stress tested the circuit many times from the frame cloud through the csu as good 2. tries verious cables 3. there are no interface modules i believe its a 2500 something router but i can check 4. the only times crc's cross the link (verified by a protocol analyzer) is when we telnet from our management platform to the site...even if i just enter one character in the telnet session crc's increment 5. if you telnet from a neighboring router or dial in this produces no crc's what so ever. - we have 3rd level engineers looking at this i bet if you find an answer I could get you a nice paying job...:) (well maybe) - any help would be appreiciated - thanks...kyle _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX Question
I'm not sure I understand what you're trying to do. It sounds like reverse dns, but I'm not sure why you'd want to do a reverse fix-up. Why not just implement the reverse entry in your DNS server? and don't worry about the PIX. I suspect what you want is: 'www.mydomain.com' to resolve to 12.x.x.x for the internet (the outside) and 192.168.x.x for your local LAN (the inside). Check out the ALIAS command. It is for this exact purpose. Rodgers Moore, CCDP, CCNP-Security Design and Security Consultant Data Processsing Sciences, Corp. ""oluwakemi ojo"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi everyone, There is a web server on the inside of a firewall that is not implementing NAT and the IP address is transparent to the outside world and people accessing the server are using the IP address from browsing which is a security risk (hole). Authentication is through TACACS+ or application server. What is the way forward on this issue considering that the network is isolated from the internal network that has DNS Server, which can resolve the IP address to domain name? Is there a way to specify an alias on the PIX to resolve the IP address to a domain name? _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: access list command
How is the access list used? access group? route map? distribute list? filter list? depending on how it's used depends on what it does. It could deny all traffic. Deny all route updates except the default route, or allow all routes except default routes. Before anyone questions that last one, a deny route map would reverse the expected result. Rodgers Moore ""Hubert Pun"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi what does the "access-list 100 permit ip host 0.0.0.0 host 0.0.0.0" applied to an interface do? Is it only permitting the default route going through ? Thanks in advanced Hubert **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Dual Homing to OSPF Area 0
Hi Chuck, I agree with all that you've said, but I feel that a virtual link is the only solution and since virtual links are on-demand circuits, it would only be active if and when it's needed. I feel that a consistant methodology is more desirable than having to remember when you must do something and when it's optional. my 1.532 cents worth Rodgers Moore ""Chuck Larrieu"" [EMAIL PROTECTED] wrote in message 002801c026a3$bcf3e880$[EMAIL PROTECTED]">news:002801c026a3$bcf3e880$[EMAIL PROTECTED]... A segmented area is of no concern so long as there is no overlap of address space. In your case, it would appear that there might be such an overlap. A temporary repair can be made using a virtual link. ( an interesting aside - the OSPF RFC makes short mention of segmented areas. There is nothing in the RFC prohibiting duplication of area numbers. I have done a small lab using duplicate area numbers with no problem. All routes passed. I posted the results here a month or so back, if memory serves. ) In terms of points of failure, the question is how much redundancy do you want and need, given your business operation? The world is a single point of failure, said one person whom I respect. If your business is such that 1) you require 100% availability and 2) you have the money to pay for it, then yes your design should include not only full meshing, but multiple redundant routers ( HSRP ) as well as cold spares on premise at all locations. You should also have Smart Net 7x24 by 4 hour, and locate your critical operations only within a couple of hours drive of Cisco distribution points ( usually near major airports. ) Food for thought. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Andre Riscalla Sent: Sunday, September 24, 2000 7:35 PM To: [EMAIL PROTECTED] Subject: Dual Homing to OSPF Area 0 Hi All, I ran into an interesting OSPF problem: I have multiple distribution routers (D1, D2) in OSPF area 10, dual homed to ABR's C1 and C2. C1 and C2 have a link between them, in area 0. I am doing summarization into area 0. The picture below summarizes this situation: /\ Area_0 C1 C2-^ | \ /| | | \/ | v Area_10 | / \ | | / \| D1 D2 What happens if the links between D1 C2 and D2 C1 fail at the same time? Communication between D1 D2 now has to occur through C1 C2 over area 0, which means I have segmented area 10. How is this design normally done, dual homing the "D" routers to multiple "C" routers. If the "C" routers are only ABRs for one area, does it make sense to have the link between C1 C2 in area 10 as well? Any feedback is greatly appreciated. Thanks. AR- -- Contrary to popular belief, Unix IS user friendly. It just happens to be very selective about who it decides to make friends with. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- Andre Riscalla Network Specialist - Internet [EMAIL PROTECTED]514-940-5664 Network Engineering ATT Canada +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN BRI Dialer Problem
A few things came to mind. First, my telco (Bell South) has been notorious for years about not telling customers about trailing zeros on spids. (Just something to check.) Second, are you sure your LDN, dialed number and phone number match etc.?? Third, starting this month there are new phases of 10 digit dialing within the same area code being required in service area's nationwide. Cincinnatti and Lexington near me will be adding a new area code and 10 digit dialing in a few weeks. It won't be long till we all have to dial 10 digits to call next door. Anyway, your LDN may need the area code or you may need to add the area code to the dial string. Rodgers Moore, CCDP, CCNP-Security ""Kari Nurdin"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All, I need help, I have a central site and a remote site in a ISDN BRI bridged environment. I have over and over verified the configuration and it all looks fine. I have a number of installs that are similar configurations and they all function(I have compared the configs). I am not able to connect, the following message echos: "02:37:133143986176: %ISDN-4-INVALID_CALLEDNUMBER: Interface BR0, Ignoring call, LDN and Called Party Number mismatch 02:37:14602064: %ISDN-4-INVALID_CALLEDNUMBER: Interface BR0, Ignoring call, LDN and Called Party Number mismatch 02:37:158913789952: %ISDN-4-INVALID_CALLEDNUMBER: Interface BR0, Ignoring call, LDN and Called Party Number mismatch " When running the debug dialer command the following message echos: "02:35:28: BRI0 DDR: Dialing cause bridge (0xE0E0) 02:35:28: BRI0 DDR: Attempting to dial 9965 02:35:141733920768: BRI0: wait for isdn carrier timeout, call id=0x8276 02:35:33: BRI0 DDR: Dialing cause bridge (0xE0E0)" I am researching this problem(looking over all my books), I have spoke to the telco and they say all is good, show isdn status shows: Georgian_H1#show isdn stat Global ISDN Switchtype = basic-ni ISDN BRI0 interface dsl 0, interface ISDN Switchtype = basic-ni Layer 1 Status: ACTIVE Layer 2 Status: TEI = 79, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI = 80, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI 79, ces = 1, state = 8(established) spid1 configured, spid1 sent, spid1 NOT valid TEI 80, ces = 2, state = 8(established) spid2 configured, spid2 sent, spid2 NOT valid Layer 3 Status: 0 Active Layer 3 Call(s) Activated dsl 0 CCBs = 1 CCB:callid=82A0, sapi=0, ces=1, B-chan=2, calltype=DATA The Free Channel Mask: 0x8001 Total Allocated ISDN CCBs = 1 Georgian_H1 I don't want to make this post to long, however, if anyone has any ideas. Thanks in advance. P.S. This problem is a good one for me because I am currently studing for the BCRAN. Kari CCNA CCDA _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Route-Map
Steve, The second pair of numbers on the access lists have to do with the mask that is sent in the routing update. 10.1.1.0 0.0.0.255 255.255.255.0 0.0.0.255 ++ this means network 10.1.1.0 we don't care what the 4th octet is. the second part means the mask must be at least 255.255.255.0 and we don't care what the 4th octet of the mask is. so if we got an advertisement for 10.0.0.0 mask 255.0.0.0 it would be thrown out. now what if my acl looked like this 10.0.0.0 0.255.255.255. 255.255.0.0. 0.0.0.0 this means any network that starts out with a 10 and we don't care about the rest. the second part means that only routes with a 255.255.0.0 mask.so all routes with masks other than 255.255.0.0 are thrown out. lastly, you have a good example in your config. access-list 100 permit ip any 255.255.255.128 0.0.0.127 this means we'll accept routes to any network, but only if it is a subnet of 25 bits or more. Rodgers Moore ""Steve Warner"" [EMAIL PROTECTED] wrote in message 008d01c023d9$cd8e3be0$[EMAIL PROTECTED]">news:008d01c023d9$cd8e3be0$[EMAIL PROTECTED]... Hi, Could someone explain what the right hand bit of the extended Access-list does below. This is taken from a router running an in-bound route map for BGP. This is used to reject routes. Steve route-map peer-in deny 10 match ip address 100 route-map peer-in permit 20 set local-preference 100 set community 1234:80 1234:3000 access-list 100 permit ip 192.41.177.0 0.0.0.255 255.255.255.0 0.0.0.255 access-list 100 permit ip 198.32.130.0 0.0.0.255 255.255.255.0 0.0.0.255 access-list 100 permit ip any 255.255.255.128 0.0.0.127 access-list 100 permit ip host 0.0.0.0 any access-list 100 permit ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255 access-list 100 permit ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255 access-list 100 permit ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255 access-list 100 permit ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255 access-list 100 permit ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255 access-list 100 permit ip 128.0.0.0 0.0.255.255 255.255.0.0 0.0.255.255 access-list 100 permit ip 191.255.0.0 0.0.255.255 255.255.0.0 0.0.255.255 access-list 100 permit ip 192.0.0.0 0.0.0.255 255.255.255.0 0.0.0.255 access-list 100 permit ip 223.255.255.0 0.0.0.255 255.255.255.0 0.0.0.255 access-list 100 permit ip 198.32.136.0 0.0.0.255 255.255.255.0 0.0.0.255 access-list 100 permit ip 149.20.0.0 0.0.255.255 255.255.0.0 0.0.255.255 access-list 100 permit ip 198.32.128.0 0.0.0.255 255.255.255.0 0.0.0.255 access-list 100 permit ip 192.157.69.0 0.0.0.255 255.255.255.0 0.0.0.255 access-list 100 permit ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255 access-list 100 deny ip any any **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can I picks a PIX?
Nope. Besides that would be contrary to good security policy. Rodgers Moore ""Cthulu, CCIE Candidate"" [EMAIL PROTECTED] wrote in message 8qb0n2$cip$[EMAIL PROTECTED]">news:8qb0n2$cip$[EMAIL PROTECTED]... Hi, all, Sorry for the cutesy subject header. I just got aholt of a Pix firewall; t was laying the office and I stumbled over it on my way to the vending machine to pick up some Oreos. After I ate my Oreos (a little stale, thanks for asking), I realized that this was a Pix firewall! I am 100% new to the PIX, but that's irrelevant... I immediately put it on our network like this: My laptop - Ethernet 1 PIX Firewall Ethernet 0 ---Catalyst 2900XL Anyways, I am going to learn it, adn learn it good. My question is: can I set up any of the interfaces to dynamically acquire an IP address via DHCP? I want ehternet 0 to acquire an IP address from our DHCP server. If the PIX supports it, I will put a DHCP server on it to service my laptop on ethernet 1. if it doesn't I am going to statically assign an IP address to teh laptop and to ethernet 1, and run NAT to translate between inside/outside addresses. What am I trying to accomplish? Nothing, just a learning experience for me. Time to upgrade the image! TIA, Charles **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Dampening!
Kent, Just an idea What if you put in a static route to null with an administrative distance of 200? I'm assuming the route will be learned via IGP, so when the route goes away via IGP, it's still there statically, so eBGP will continue to advertise it. Rodgers Moore "Kent" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, Is there a way by using BGP dampeing that we can make bgp advertise a route when the route is not available? I understand, normally only flaping has something to do with dampening, just want to find out if I play with those penalty configure of dampening can I make bgp advertise a dispearing route to others? Thanks Kent __ Do You Yahoo!? Send instant messages get email alerts with Yahoo! Messenger. http://im.yahoo.com/ **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Interview questions
Hey what about CDP? Rodgers Moore ""Kenneth Lorenzo"" [EMAIL PROTECTED] wrote in message 8qc570$s7p$[EMAIL PROTECTED]">news:8qc570$s7p$[EMAIL PROTECTED]... #2: Could be any of these: VTP PVST PVST+ ISL CGMP HSRP ""Atif Awan"" [EMAIL PROTECTED] wrote in message 004001c02386$9f94e8e0$181a87cb@atifawan">news:004001c02386$9f94e8e0$181a87cb@atifawan... how about cgmp ? :-) -Original Message- From: Dave Ng (Dragon) [EMAIL PROTECTED] Newsgroups: groupstudy.cisco To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Wednesday, September 20, 2000 1:34 PM Subject: Re: Interview questions Regarding #2 Could they be talking about ISL as opposed to 802.1q for VTP? David Ng Senior Systems Engineer Integration Technologies Inc. 1201 Dove Street Suite 200 Newport Beach CA 92660 Microsoft MCSE, Cisco CCNA/CCDA, Citrix CCA, Check Point CCSA "Plantier, William" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Here are some question I had on a interview that I didnt know at least at the moment: What are the reserved PVC's and what are they reserved for? What is the proprietary protocol on the Catalyst's? What are the four major configurations on a CSU/DSU? Thanks Spencer Plantier ATT Solutions LAN Engineer Phone (919) 474-1300 ext 0873 Cell (919) 696-8848 Fax (919) 474-1056 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can I picks a PIX?
If I were to reassign the IP address, I could take your site down. For some this could cost $$$. Anyway, the more you allow anything (including people) to interact with the outside world (outside of itself) the more verlnerable it becomes to subversion. A philosophy, not a hard fact. A paranoid point of view says I can count on no one, but myself. I trust no one, but myself. So in that way, is DHCP a security risk. Cisco Secure VPN Client is the software. ip local pool isn't involved in assigning the remote computer an ip address, but rather the ip stays local and a dynamic NAT translation is built in the PIX for the remote computer. Basically, the an IP from the pool becomes the tunnel end point. There's many reasons you want to do this, but the biggest is port conficts. If 10 remotes all have shared hard drives and appear as the inside IP address of the PIX, then how would you attach and mount one of them? all 10 machines would be using the same port number. Or, what if there were some protocols which travel down the tunnel and some that didn't, how would it be decided which traffic took which path?What if you had an HR policy that prohibited the viewing of pornography, the VNP client would force everything through the tunnel, where your Internet usage could be logged, monitored, or proxied. Responces from the porno sites would have to travel back to the PIX end then through the tunnel and couldn't come straight to you. etc. etc. etc. Rodgers Moore ""Cthulu, CCIE Candidate"" [EMAIL PROTECTED] wrote in message 8qdk8l$ssv$[EMAIL PROTECTED]">news:8qdk8l$ssv$[EMAIL PROTECTED]... Hey, Rodgers, Thanks! Hope you don't mind, you are the only one to respond directly, can you answer these? Why would getting an IP address dynamically assigned to the PIX's outside interface be a security risk? Also, if the PIX can't act as a DHCP server, what the heck is this command for: ip local pool "The ip local pool command lets you create a pool of local addresses to be used for assigning dynamic ip addresses to remote VPN clients. The address range of this pool of local addresses must not overlap with any command statement that lets you specify an IP address. To delete an address pool, use the no ip local pool command. Use the show ip local pool command to view usage information about the pool of local addresses." If I read that correctly, I can run some VPN software on my"remote" computer and have it get an IP address from the PIX? (inside interface?) TIA, Charles ""Rodgers Moore"" [EMAIL PROTECTED] wrote in message 8qdh7m$94h$[EMAIL PROTECTED]">news:8qdh7m$94h$[EMAIL PROTECTED]... Nope. Besides that would be contrary to good security policy. Rodgers Moore ""Cthulu, CCIE Candidate"" [EMAIL PROTECTED] wrote in message 8qb0n2$cip$[EMAIL PROTECTED]">news:8qb0n2$cip$[EMAIL PROTECTED]... Hi, all, Sorry for the cutesy subject header. I just got aholt of a Pix firewall; t was laying the office and I stumbled over it on my way to the vending machine to pick up some Oreos. After I ate my Oreos (a little stale, thanks for asking), I realized that this was a Pix firewall! I am 100% new to the PIX, but that's irrelevant... I immediately put it on our network like this: My laptop - Ethernet 1 PIX Firewall Ethernet 0 ---Catalyst 2900XL Anyways, I am going to learn it, adn learn it good. My question is: can I set up any of the interfaces to dynamically acquire an IP address via DHCP? I want ehternet 0 to acquire an IP address from our DHCP server. If the PIX supports it, I will put a DHCP server on it to service my laptop on ethernet 1. if it doesn't I am going to statically assign an IP address to teh laptop and to ethernet 1, and run NAT to translate between inside/outside addresses. What am I trying to accomplish? Nothing, just a learning experience for me. Time to upgrade the image! TIA, Charles **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.
Re: Route Print
Pure curiosity. Can you provide the source of the ICMP redirect limitation? This is the first time I've ever heard this and I need to follow up on it if it's true. Rodgers Moore ""Rodney Jackson"" [EMAIL PROTECTED] wrote in message 002b01c02433$1c2c2100$[EMAIL PROTECTED]">news:002b01c02433$1c2c2100$[EMAIL PROTECTED]... The router was not sending ICMP Redirects. I have since figured it out. Thanks for responding to my email. FYI... I found out that any Cisco Router can only send ICMP Redirect twice a second - Original Message - From: Ejay Hire To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, September 21, 2000 11:00 AM Subject: Re: Route Print Confused.Is your router sending you the route by DHCP?Is your traffic not leaving the 7600?Post what it willl and will not ping to/from, and a copy of"show Ip route"Original Message FollowsFrom: "Rodney Jackson" [EMAIL PROTECTED]Reply-To: "Rodney Jackson" [EMAIL PROTECTED]To: [EMAIL PROTECTED]Subject: Route PrintDate: Wed, 20 Sep 2000 13:00:59 -0500Guys,I have a problem:I have a 7206 with static routes and when I try to access a remote network the 7206 will not pass back the route the traffic should take. But when I connect a 2501 with static routes, the 2501 will pass the routes back to the PC. I'm lost and in of helpRodney Jackson817 7843072_Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.Share information about yourself, create your own public profile at http://profiles.msn.com.**NOTE: New CCNA/CCDA List has been formed. For more information go tohttp://www.groupstudy.com/list/Associates.html_UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.htmlFAQ, list archives, and subscription info: http://www.groupstudy.comReport misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: netmeeting through firewall..?
Cheap RADIUS software I can help with. How's free? Of course the manufacturer doesn't have a good reputation for quality or reliability, but when was the last time you got free software from Microsoft? RADIUS Services are on the NT 4.0 Option Pack CD. You'll need patches and stuff, cause it doesn't work after install, buggy as hell. The patches fix that though. I'll post a RADIUS HOW-TO and the patch files on my news server: news.zapsys.net news group: zs.ojt.microsoft.HOW-TO ttyl, Rodgers Moore ""Stull, Cory"" [EMAIL PROTECTED] wrote in message 0D7A05A19CE4D211BD050008C7330FE7015E96@CCUPDC">news:0D7A05A19CE4D211BD050008C7330FE7015E96@CCUPDC... Does anyone have any suggestions on how to allow netmeeting through a 2600 IOS firewall securely? The remote users will not have same address all of the time.. I'm geussing I will end up setting up AAA authentication to a radius type server to do it securely because I don't want to just open up the netmeeting ports to anyone. Any other suggestions on cheap radius server software, or new ideas are appreciated.. I'm not asking for assistance just ideas. So please no flames. Thanks Cory **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix Failover Question
A co-worker has seen this and it is a bug. He didn't remember the version number(s) affected. Rodgers Moore ""BE"" [EMAIL PROTECTED] wrote in message 8ptc7v$7a1$[EMAIL PROTECTED]">news:8ptc7v$7a1$[EMAIL PROTECTED]... Rodgers, Hi! Thanks for your response. The answer is YES to all of your questions. The really strange thing is, when I leave the single PIX 510 running for an extended period of time, it works great, no problems. When I add the second PIX, it just seems to grab the DMZ connection (but leaves the other two connections alone). My original guess was that there is some strange bug in 4.4 somewhere that I havent seen. Both boxes have the same config (and are sync'd up). -B ""Rodgers Moore"" [EMAIL PROTECTED] wrote in message 8ptbav$4fn$[EMAIL PROTECTED]">news:8ptbav$4fn$[EMAIL PROTECTED]... It sounds like they're both identical. That's good. Do you have ALL the interfaces in an UP state? and each pair of interfaces are on the same hub? A down interface will be considered a failure Both configs are identical? You power cycled both boxes at the same time? Rodgers Moore ""BE"" [EMAIL PROTECTED] wrote in message 8pt9cl$t1g$[EMAIL PROTECTED]">news:8pt9cl$t1g$[EMAIL PROTECTED]... Hey gang! Any Pix gurus out there? I've been playing with a couple of Pixs (510s) trying to get the failover to work. I thought it would be a piece of cake, but it just isn't showing me any love. Ive got (2) Pix 510s that each have 3 NICs in them (internal, untrusted, DMZ) each running 4.4. Everything seems all fine and dandy until about 10 minutes later when the standby PIX starts stealing the DMZ connections. Any thoughts? -Brad bellis@opts ys.net used cisco hardware: www.opt sys.net cisco hardware newsgroup: news://news.opts ys.net/cisco.hardware **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: max no of connections for vty
Well there's a trick to allow more than 5 telnets to a Cisco router. Cisco routers support more than 5 vty ports you just have to configure them before they show in the config. By default you can only telnet directly to vty's 0 - 4. The trick is to place VTy's 5 through 29 (or whatever) in a rotary group (let's say 1) so then you can telnet to the router's IP, but to port 3001 (the rotary port for group 1). However the "ip alias" command let's us map an ip address to a port number, so there's a way to hide port 3001 from the end user(s). The config to allow 25 users to telnet to the router would look something like this: (oh, and everyone telnets to 192.168.1.1 and the host(s) must have a default route or route to the router for network 192.168.1.0) enable cisco interface loopback 0 ip address 192.168.1.2 255.255.255.0 ip alias 192.168.1.1 3001 (note: part of the loopback network) line vty 5 29 rotary 1 password cisco login Enjoy, there's nothing like a little slight-of-hand.... Rodgers Moore, CCDP, CCNP-Security Design and Security Consultant Data Processing Sciences, Corp. "jason yee" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... hi , I am a instructor currently delivering CCNA course.The setup of the classroom consists of 2 routers but I have got 24 students telnetting to the 2 routers . I have problems for them telnetting to the routers because the max no of connections for the telnet sessions are 5 , my question is how can I increase the no. of connections so as to accomodate all the students without buying more routers. thanks suaveguru __ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access-lists
As a general rule, Standard access lists 0-99 should go as close to the destination as possible, and extended 100-199 should be as close to the source as possible. The exception would be when simplicity or ease is evident. apply it to one port on one router or 50 ports on 50 routers? go for the one port/one router. Rodgers Moore ""Palis Michael"" [EMAIL PROTECTED] wrote in message 000a01c01ef1$a41eafc0$[EMAIL PROTECTED]">news:000a01c01ef1$a41eafc0$[EMAIL PROTECTED]... Hello all. We are using some AS5300 for our access-network. I need to deny some ports to the dialup users. Where it is better toapply the access-lists? To the Asynchronous group or the the Ethernet port. I bielive that it is better toapply the access-list to the asynchronous group butI am thinking whether this will affect the performance of the dialup users. Anyinformation will be appreciated ../ Ppalis Micheal ../ e-mail: [EMAIL PROTECTED]
Re: Pix Failover Question
It sounds like they're both identical. That's good. Do you have ALL the interfaces in an UP state? and each pair of interfaces are on the same hub? A down interface will be considered a failure Both configs are identical? You power cycled both boxes at the same time? Rodgers Moore ""BE"" [EMAIL PROTECTED] wrote in message 8pt9cl$t1g$[EMAIL PROTECTED]">news:8pt9cl$t1g$[EMAIL PROTECTED]... Hey gang! Any Pix gurus out there? I've been playing with a couple of Pixs (510s) trying to get the failover to work. I thought it would be a piece of cake, but it just isn't showing me any love. Ive got (2) Pix 510s that each have 3 NICs in them (internal, untrusted, DMZ) each running 4.4. Everything seems all fine and dandy until about 10 minutes later when the standby PIX starts stealing the DMZ connections. Any thoughts? -Brad bellis@opts ys.net used cisco hardware: www.opt sys.net cisco hardware newsgroup: news://news.opts ys.net/cisco.hardware **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: pix
The PIX does it backwards to the rest of Cisco. In conduits, it's destination, source not the other way around. Rodgers Moore ""Kristopher B. Climie"" [EMAIL PROTECTED] wrote in message 8pl3cd$8cu$[EMAIL PROTECTED]">news:8pl3cd$8cu$[EMAIL PROTECTED]... It looks to me that you conduit is wrong. Your line is "conduit permit tcp host 128.200.111.100 eq 135 host 128.200.111.150 eq 135" In plain english what this says is, "Let any traffic originating from 128.200.111.100 on TCP port 135 go to server 128.200.111.150, to TCP port 135." The key to the reason that it is not working is the first "eq 135". Personally, I have not found a way to specify what the originating port is at the server. Usually the source port is a randomly generated port number, and the important one is the destination port. The line should read, "conduit permit tcp host 128.200.111.100 host 128.200.111.150 eq 135" K - Kristopher B. Climie, CCNP, CCPD [EMAIL PROTECTED] wrote in message D528DF24AEBCD311A17700508B92CBBF101F47@NEWMAN">news:D528DF24AEBCD311A17700508B92CBBF101F47@NEWMAN... Hi, You need to add a static statement to the internal server but something that goes like that: Static (inside,outside/dmz-I didn't really understood from you mail where it is located) 10.10.1.150 10.10.1.150. The conduit you already have. The static statement that I wrote actually say that IP address can be reach but the appropriate conduit. This is the way I usually do it. GIL CCNA,CCDA -Original Message- From: SH Wesson [mailto:[EMAIL PROTECTED]] Sent: ??? ??? 11 ?? 2000 13:14 To: [EMAIL PROTECTED] Subject: pix I am using a Cisco PIX 520 with an inside interface and an outside interface. I have the following scenario: Internal server has an address of 10.10.1.150, the external server has an ip address of 128.200.111.100. The external server is in the dmz zone. The internal server has been assigned a global address 0f 128.200.111.150 that maps to the inside server of ip address 10.10.1.150. I want the external server of 128.200.111.100 to be able to communicate with the inside server only through port 135. I assigned a static ip address to the inside host with the following command: static (inside,outside) 128.200.111.150 10.10.1.150 netmask 255.255.255.255 0 0 I assigned the permission for the external server to be able to access the inside server only via port 135 using the following command. conduit permit tcp host 128.200.111.100 eq 135 host 128.200.111.150 eq 135 Is this the right way of doing it? If I'm doing it wrong, can someone show me how to do this. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This email was scanned using ESPG @ PubliCom Haifa. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Life expectancy of Fiber Optic Cable
The life expectancy of outside plant fiber, I believe, is 30 years. This would be an average, so some could fail in 5 years, others in 100. It all depends on the environmental conditions the fiber is subject to. Water can infiltrate the sheath over time and if it freezes during winter the water expands and can cause damage. Eventually, the ice will cut the fiber enough to cause it to degrade or even fail. Optical Cable Corporation (OCC) might be a place to ask if you need more specifics. Rodgers Moore "mike delp" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have been in a discussion with a telco about fiber backbones, and they heard something about the life expectancy of a fiber cable. I have reviewed the manufacturers specs, and I can't find any mention of this. Has anyone heard anything about this?? TIA -- According to my calculations the problem doesn't exist. -- Mike Delp Director of Technical Services Database Computer Group, Inc. (515) 564-0150 FAX: (515) 564-0152 [EMAIL PROTECTED] -- **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How do i setup an adtran atlas 550 to simulate an ISDN switch??
I know Off topic, but here goes. I'm not sure what or how you want to emulate, but I'll assume a National 1 ISDN Telco switch. I don't have direct access to one so I'm doing this from memory. National is the default, but you'll see where to change it in the menus. You can select from DMS 100, 5ESS and National. 4ESS is only available for network connections. Login Go to Dial Plan Go to User connection, select the slot for the BRI card and interface to configure. Insert a new SPID (press "I" with #1 highlighted to the right), enter a phone number in the incoming field (like 555), and 5550001 in the spid field, set calls to 1, leave the rest default. Insert a second SPID, phone number 5551112, spid 55511120001, calls = 1 backup and select a different BRI interface Insert a new SPID, phone# 5551121, SPID 55511210001, calls 1 Insert a second SPID, phone# 5551122, SPDI 55511220001, calls1 believe it or not, you're done. Don't change the Source ID, leave it 0. You can prepend any of these numbers with an area code, but be sure to set the local area code in the global settings. That way you don't have to dial the area code too. What? you want the calls to roll over if the first B channel is busy? Roll to multiple BRI's? In the first case, just add one SPID but set calls to 2, to roll to multiple BRI's set the phone number exactly the same on all interfaces. The box will automatically search for multiple instances of the same destination phone number and in effect roll over from busy to unused channels. Remember, the devices you connect to the 550 must have NT1's or NT1's built in. These are true U interfaces. Use a straight-through cable, the 550 and 800 BRI interfaces tend to be polarity sensitive. I can't remember, but I think the distance limitation is around 1500 ft. Enjoy, Rodgers Moore ""JCoyne"" [EMAIL PROTECTED] wrote in message 8pm569$4qc$[EMAIL PROTECTED]">news:8pm569$4qc$[EMAIL PROTECTED]... How do i setup an adtran atlas 550 to simulate an ISDN switch?? The Adtran site tells me how to convert several BRI circuits to a PRI, but how do I set it up to be able to call from BRI to BRI? **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How does cisco router load-balancing?
Interesting question! Let's go through how it works and see "In Theory" what we might expect to happen. The first packet to a destination is always process switched, so first packets should be evenly distributed between the interfaces. But the E1 has fast caching so all subsequent packets will traverse E1. What I suspect is that the second packet of a stream, which took E0 for the first packet, will traverse E1 which will cache the destination and all subsequent packets will traverse E1. So even though E0 is used for first packets to a destination, E1 will get the second packet and will add it to the cache and ALL streams will end up using E1 effectively stealing everything from E0. The second packet on would traverse E1. E0 will barely be used. No, that's not 100 % correct. The process engine doesn't care about destination, it switches the queue. A stream (let's call it Bob) could stay on E0, but as the packets are dequeued every packet prior to a Bob packet would have to be sent to E1. You've got a 50/50 chance of that happening. So this becomes a straight forward Prob Stat exercise: flipping a coin. While the odds are 50/50 to the individual packet, the stream has a probability of the aggregation of all preceding packets. Can you flip a coin and come up heads 100 times in a row? Yes, but is unlikely. The more streams, the more coins that are flipped, and the more likely _a_ stream will be sent to E1. I think what we would see if there were 256 streams something similar to: 1st packet: 128 go to E0, 128 go to E1 2nd packet: 64 go to E0, 192 to E1 (128 1st + 64 2nd) 3rd packet: 32 go to E0, 224 to E1 (128 1st + 64 2nd + 32 3rd) 4th packet: 16 go to E0, 240 to E1 (128 1st + 64 2nd + 32 3rd + 16 4th) So the probability a stream would traverse and stay on E0 to it's completion would be computed as: p = 100/(2^n) where "p" is the percentage probability (how many out of 100), "n" is the number of packets in the stream (ie, the length). This doesn't take into account when the stream count is 0. Of course that's my theory. Anyone have time to bench and test it? Rodgers Moore, CCDP, CCNP-Security Design and Security Consultant Data Processing Sciences, Corp. "luobin Yang" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, group, I have question quite confused about. I learnt that per-packet load-balancing is used when process-switching is enabled and per-destination load-balancing is used when fast-switching is enabled. My question is, If there are two equal-cost routes between RouterA and RouterB, let's say the interfaces are E0 and E1. If I enable process-switching on E0 and fast-switching on E1, which load-balancing is used in this situation? Hope can get some answer. Luobin **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PAP, CHAP under windows98
One small comment. Windows doesn't do CHAP, but rather MS-CHAP. They like to prepend the domain name and a "\" in front of the user id. So it's not compatible with plain old CHAP. In IOS versions prior to 12.0.1 MS-CHAP is broken. And supposedly fixed since 12.0.1. Rodgers Moore ""Erick B."" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Under the dial up networking profile, if you have require encrypted password checked, thats CHAP. Otherwise it's PAP. --- Jim Bond [EMAIL PROTECTED] wrote: Hello, Is there anyway to select PAP or CHAP in windows 98/95? Thanks in advance. Jim = -/--- Erick B. / http://berk.dhs.org [EMAIL PROTECTED] / CCNP+Security+NetRanger /NNCSE, CCIE Written -/--- __ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: [ISDN]cann't ping sites outside
Two things: 1) I don't see an access-list 1 in the config, but it's referenced in the statement "ip nat inside source list 1 interface Dialer1" 2) Any time I see something work once and then fail, I turn off route caching. "no ip route-cache" on Dialer1 might help you find the real problem. Rodgers Moore "Hai Xu" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, My friend built a network like: [Inside Lan192.168.1.0/24]---cisco2620---ISDN--[Outside] When he ping sites outside, the first packet can reach, but the packets follow will fail to go out. The records in NAT table is: inside global 61.133.134.148:256 inside local 192.168.1.1:256 outside local 202.108.41.2:256 outside global 202.108.41.2:256 I cann't help him. So I ask help here. His configure file is: service timestamps debug uptime service timestamps log uptime service password-encryption no service tcp-small-servers no service udp-small-servers hostname c2620 ! enable password 54jfdj ! no ip name-server ! isdn switch-type basic-5ess ! ip subnet-zero no ip domain-lookup ip routing ! interface Dialer 1 description connected to Internet ip address negotiated ip nat outside no ip split-horizon encapsulation ppp dialer in-band dialer idle-timeout 300 dialer string 163 dialer hold-queue 10 dialer-group 1 ppp authentication chap pap callin ppp chap hostname "163" ppp chap password "163" ppp pap sent-username "163" password "163" ppp multilink no cdp enable ! interface Ethernet 0 no shutdown description connected to EthernetLAN ip address 192.168.1.254 ip nat inside keepalive 10 ! interface BRI 0 no shutdown description connected to Internet no ip address ip nat outside dialer rotary-group 1 ! ! ! Dialer Control List 1 ! dialer-list 1 protocol ip permit ! ! Dynamic NAT ! ip nat translation timeout 86400 ip nat translation tcp-timeout 86400 ip nat translation udp-timeout 300 ip nat translation dns-timeout 60 ip nat translation finrst-timeout 60 ip nat inside source list 1 interface Dialer 1 overload ! router rip version 2 network 192.168.1.0 passive-interface Dialer 1 no auto-summary ! ! ip classless ! ! IP Static Routes ip route 0.0.0.0 0.0.0.0 Dialer 1 no ip http server snmp-server community public RO no snmp-server location no snmp-server contact ! Xu,Hai CCNA Network Center, SysAdmin Univ. of Sci. Tech. of China ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP on the Brain - Design Issue
You don't know how to do anything small, do you? :))) Your pretty much "right on" across the board below. (Another person realizes BGP is not manna from heaven nor ambrosia of the gods) Here's some more to ponder. What if your two ISP's only sent you only default routes to their AS's? (instead of the full BGP tables) And, you have route caching turned on (i.e. per-destination). Would this accomplish what the pointy-hair dude wants? What if you kept the above, but then had the ISP's send you full tables also, but you filtered anything more than "N" AS's away (you limit the AS path length you accept)? (Mr Pointy hair visits playboy.com frequently and it's hosted off of ISP 1. ISP 1 and ISP 2 are twenty AS hops away from each other. N is this case might be 10) Rodgers Moore ""Chuck Larrieu"" [EMAIL PROTECTED] wrote in message 000b01c01629$f68bc840$[EMAIL PROTECTED]">news:000b01c01629$f68bc840$[EMAIL PROTECTED]... The question has been posted here once or twice. It goes something like this. "How do I use BGP to load balance between two ISP's?" I'm starting to get into BGP in earnest in preparation for the CCIE written. And I have something of a fascination with design issues. Let me see if I can sort out my thoughts. Please comment where you can. 1) First of all, the load balancing issue. BGP itself has no mechanism within it for load balancing of any kind, whether that be per packet or per destination. 2) If one could use BGP for per packet "load balancing" then one is in the position of doing suboptimal routing in many cases. For example, if I am connected to AS101 and AS202, and I want to go to a particular e-commerce site, and it is 5 hops via AS101 and 20 hops via AS202 then I have created problems for higher layers due to issues with packets arriving out of sequence. Potentially I have hurt my performance, maybe even killed it. 3) If one were to use BGP for per destination "load balancing" isn't is possible that the optimum path for all, or at least most, destinations might still lie through one AS or the other? I mean, there is no way to predict this, is there? 4) So from a design perspective, assuming Mr. Pointy-Hair insists on "load balancing between two ISP's" the setup most likely would be something like this: Inside_router-BGP_router_1ISP_1 |--BGP_Router_2---ISP_2 and doing something like setting up two 0.0.0.0 routes, one to each BGP router, and letting the inside router to the "load balancing" 5) OR - taking in a full BGP route table, and letting the BGP router determine the best path to the destination, recognizing that "load balancing" may or may not occur. 6) Are there a different set of issues if "I" am the e-commerce site? I'm thinking yes, because then the issue is ability to reach me by the optimum path. This is not a matter of "load balancing" but of raw reachabilty from the outside. Comments welcome. Just trying to clear my thinking. Chuck Please check out my new footers for a new age 1) Altruism http://www.hungersite.com/ Please help feed hungry people worldwide. A few seconds a day can make a difference to many people 2) Shameless Commerce http://www.certificationzone.com An excellent source for information, study materials, practice questions, practice exams, and practice labs. Applicable for all levels of certification, as well as the attainment of internetworking expertise. Tell them Chuck Larrieu sent you. ( disclaimer - I will receive addition free months membership when enough people mention my name upon joining ) ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: access-list interpretation
I'll assume you intended access-list 101 permit ip 160.0.0.0 0.255.255.255 255.0.0.0 0.0.0.0 This form of access list is used to filter distibution of routes. The first number is the network, the second the network's "don't care" bits, the third is the network mask and the fourth is mask's "don't care" bits. If this is the entire access list, then all routes other than 160.0.0.0 255.0.0.0 will be filtered from distribution. It isn't apparent why all but this one route will be filtered. The first don't care bits say 160.*.*.* networks are ok, but the second set say the mask must only be 255.0.0.0 If you think about it, only one valid route can pass both conditions. You can't have a route to 160.10.0.0 with a 255.0.0.0 mask. We could conclude that the network don't care bits are wrong and should really be 0.0.0.0, but that's being picky. The normal application of this type of access list is to allow the advertisement of a summary route or supernet and filter all of the subnet routes. Thus reducing the routes advertised and overhead. Rodgers Moore, CCDP, CCNP-Security ""Yee, Jason"" [EMAIL PROTECTED] wrote in message 859B90209E2FD311BE5600902751445D2E7DBF@LYNX">news:859B90209E2FD311BE5600902751445D2E7DBF@LYNX... hi, anyone knows how to interpret the access-list below : access-list 101 160.0.0.0 0.255.255.255 255.0.0.0 0.0.0.0 Jason ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN Client through firewall
Assuming you mean that the client is behind a firewall trying to connect to a different firewall elsewhere... First, you must configure static nat for the host running the client, so that the client has it's own legal IP address for the Internet. IKE/ISAKMP communicates from port 500 to port 500. PAT breaks this, so NAT is required. You then need to pass PROTOCOLS 50 and 51, NOT port numbers. ESP and AH are just like ICMP, they have there own protocol numbers. That's it, Rodgers Moore ""Denao Ruttino"" [EMAIL PROTECTED] wrote in message 8op2h5$9ro$[EMAIL PROTECTED]">news:8op2h5$9ro$[EMAIL PROTECTED]... Does anyone know which ports I need to open up on a firewall to allow the Cisco VPN client to work? TIA ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Decnet routing with using HSRP
Dove, I have IOS Enterprise 12.07T on my 2500's in my lab and they all support HSRP. I remember reading something about DECNET and HSRP on CCO. My memory recalls something about the "standby use bia" command in relation to using HSRP with IP on a network that runs DECNET also. I don't remember anything about using HSRP for DECNET. (For that matter, I can't think of a reason anyone would need HSRP for DECNET.) I could be mistaken. I'd do a search of "HSRP DECNET" on CCO. Rodgers Moore, CCDP, CCNP-Security ""Dove"" [EMAIL PROTECTED] wrote in message 8ofjoe$490$[EMAIL PROTECTED]">news:8ofjoe$490$[EMAIL PROTECTED]... Hi, My company is using Cisco 2501 and 2621 routers. We are using DECNET and TCP/IP protocols. Before that, I know that when the router is enable DECNET routing, it cannot implement HSRP. However, somebody told me that a new verison IOS can do that. Is that true? If true, where can I find this information? Regards. dovelet ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: telnet via AUX port
This is one of those fun ones. Each router listens for the break sequence and forwards the second, then resets to listening again. So when you type the break sequence: Ctrl-Shift-6 1st gets stopped at R1 (R1 looks for 'x') 2nd passed by R1 gets stopped at R2 (R2 looks for 'x') 3rd gets stopped at R1 (R1 looks for 'x') 4th passed by R1 R2, gets stopped at R3 (R3 looks for 'x') 5th gets stopped at R1 (R1 looks for 'x') 6th passed by R1 gets stopped at R2 (R2 looks for 'x') 7th gets stopped at R1 (R1 looks for 'x') 8th passed by R1 R2 R3, gets stopped at R4 (R4 looks for 'x') etc. etc. etc. To break from the 2514 (R3) to the 2503 (R2) you would type: Ctrl-Shift-6, Ctrl-Shift-6, x Rodgers Moore, CCNP, CCDP-Security "folks" [EMAIL PROTECTED] wrote in message news:8nro8n$hnk$[EMAIL PROTECTED]... Hi group Recently , I have setup my network with 3 2500 routers, and each console and AUX port are connected in chain: PCconsole 2501 AUX---console 2503 AUX---console 2514---AUX. I can telnet to 2514 from my PC via reverse telnet, but the problem is each time i issue 'ctrl+shift+6+x' from 2514,connection will be back to the very origin place where the telnet session is initiate, which is 2501 in this case, I mean to go back to 2503 when i was 2514 but fail. Can anybody help me out ,how should i do? I don't have any other router like 2509 at all. Thanks ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can you assign a subnet mask while using Cisco Secure
Steve, I'm not sure how to respond to your question. Where is the classfull mask you are talking about? If at the client, that is correct. PPP-NCP has no provision for configuring the client mask, so the client defaults to the classfull mask. Again, this is how it is supposed to work. If at the NAS, then this is wrong. The mask in the routing table should be 255.255.255.255 i.e. one route entry per dial-up host. Are you using ISL from the NAS to the switch? or multiple ethernets? (one per VLAN) Are you using a dynamic routing protocol? If so, configure distribution lists based on the proper VLAN masks out each ISL sub-interface (or vlan interface). You'll allow learning of host routes which belong to each VLAN and deny those that don't belong. You may also need access-lists applied to each VLAN interface on the NAS. This way you only let certain IP's to talk to certain IP's. Make sure on the NAS you turn off auto-summarization. Another thought is using ACS's ability to issue an Autocommand on the interfaces on a per user basis. You could apply a filter or cause the interface to join an IRB group. ( I haven't actually done this, but I know of it being done. Someone posted an example of pre-user access-lists here some months back.) Rodgers Moore, CCDP, CCNP-Security ""Donohue, Steve"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am using Cisco Secure to authenticate dial-in users. I would like to be able to assign these users IP addresses from their respective VLANs. I have set up IP address pools in my Cisco Secure. Cisco Secure applies a classful subnet mask so I can't make them appear to be on various vlans. Is it possible to change this configuration, if not what would be the best way to handle such a situation? I appreciate your assistence in this matter. Steve ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco E1 IMA compatible with Newbridge?
E1 is more standard than T1. Newbridge complies with both of the E1 standards. So I can't imagine why not. Just flip the transmit receive, configure for C4 or CAS on both sides and set the Newbridge as the clock source (unless there's a reason not to, the 36170 has a stratum 3 clock which is WAY better than any Cisco router's clock). Rodgers Moore "peter whittle" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Does anyone know if Cisco E1 ATM IMA will interwork with Newbridge 36170 IMA? Thanks Peter ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Who wants to be a CCIE... Challenge Question
It's been a while since a Friday Follies was done and there's alot of fear over CCIE, etc. becoming "paper" certs. So I though I'd combine the two concepts an post a challenge. Here's two router configurations that might challenge the best of us. Just figure out what's wrong with them and send me your answer(s). I will not post the answer(s) or give any hints etc., but I will tell you if you're right. Think of it like an NDA. Oh, and believe me, the answer(s) won't be found in any book. (sounds like the lab to me) Overview: Two routers are configured for redundancy for users on a token ring network. The serial 0's are both connected to the same location. EIRGP is the routing protocol for the token ring and serial interfaces. (There is more configuration, but that's not necessary to answer the challenge) Router A interface lo0 ip address 10.1.254.1 255.255.255.0 interface e0 ip address 10.0.1.1 255.255.255.0 interface to0 ip address 10.1.1.1 255.255.255.0 standby 1 priority 200 preempt standby 1 ip 10.1.1.3 standby 1 track s0 51 interface s0 ip address 10.1.0.1 255.255.255.252 router eigrp 1 passive-interface e0 network 10.0.0.0 Router B interface lo0 ip address 10.1.253.1 255.255.255.0 interface e0 ip address 10.0.2.1 255.255.255.0 interface to0 ip address 10.1.1.2 255.255.255.0 standby 1 priority 150 standby 1 ip 10.1.1.3 interface s0 ip address 10.1.0.5 255.255.255.252 router eigrp 1 passive-interface e0 network 10.0.0.0 Enjoy! Rodgers Moore, CCDP, CCNP-Security ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Q:PIX with multiple outside routers
Implement HSRP on the routers. Rodgers Moore, CCDP, CCNP-Security ""LB"" [EMAIL PROTECTED] wrote in message 8gi49s$p1e$[EMAIL PROTECTED]">news:8gi49s$p1e$[EMAIL PROTECTED]... Hello Group, I have a scenario where I am connected to two, ISP1 and ISP2. Both ISP's are assigning different IP subnet address to me. I have a PIX 515 (4.4) firewall connected between the two ISP and my internal network. At the moment, my PIX firewall outside ip address is configured to ISP1 and the PIX is default route to ISP1. ISP2 is used for backup purpose. Question: How can I configure the PIX to route to ISP2 when my ISP1's link is down. Can it be implemented in PIX ? Something like "floating static route". Please advise. Thanks Rgds LB -- [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN help
You sure can, but as with any Microsoft networking using IP, it's almost a black art. You'll be happier if you run WINS on the PDC and setup entries in your LMHosts. Rodgers Moore, CCDP, CCNP-Security "rtootle" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a 3640 running 12.1.1 IOS configured to run VPN w/a pre-share key and Cisco Secure VPN software running on my laptop. Is it possible to tunnel through the 3640 so I can pop mail, map drives, and ftp to servers that are located on differnet networks within my site? thanks in advance... ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: I NEED HELP!! OSPF-Frame Relay-VoIP Problems
Post a your config. Off the top of my head, you haven't configured ospf on the interfaces as non-broadcast multi-access (NBMA). And therefore have a routing problem. Or you are using loopback interfaces as dial-peer destinations and the loopbacks aren't configured in OSPF with a Network command or in the correct area. For example: int s0 ip ospf network point-to-multipoint non-broadcast enjoy, Rodgers Moore, CCDP, CCNP-Security Leonardo Silva - Tecnologia wrote in message 41506A941272D311BBB10060089E2BB10F2CCB@EXCHANGESVRITC... Group, I sent this message and didn't get any reply. I really don't have a clue what the problem is. Hello Everyone! I ran into a problem this week. I have a frame relay link running with static routes. I configured OSPF without taking out the static routes. I also have VoIP running in this link and after I configured OSPF it stopped working. It had all routes it needed and I didn't take out the static routes. After I removed OSPF commands it worked again! Does anybody know what the problem is? Leo ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
