7206 and controller
I have a PRI card on my cisco 7206 and have the following configuration controller t1 3/0 clock source internal channel-group 23 timeslots 1-24 interface serial3/0:23 ip address 196.168.1.1 255.255.255.0 this is suppose to be a point to point circuit. Can anyone shed some light as to why the configuration above is as is and since it's suppose to be a point to point circuit, why is it using controller ... and serial3/0:23. the connection is up and running but i'm having a hard time trying to understand this thing. thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
keepalive
on ethernet interfaces, should we set a keepalive value? _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CiscoSecure & AAA
I have CiscoSecure running and functioning. However, I'm having a little trouble getting it to authenticate when I try to go into enable mode. When I type "enable" to get into enable mode, it asks for a password, the only password that works is the one set with the "enable password ..." on the router. How can I get it to work such that it will check for a user's enable level and if they have already been authenticated it will let them through. I have the following in my router config for this: aaa authentication enable default tacacs+ enable aaa authorization commands 1 if-authenticated tacacs+ none aaa authorization commands 15 if-authenticated tacacs+ none but it is not working. Any assistance would be appreciated. Thanks. _ Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CiscoSecure & Enable
I have CiscoSecure running and functioning. However, I'm having a little trouble getting it to authenticate when I try to go into enable mode. When I type "enable" to get into enable mode, it asks for a password, the only password that works is the one set with the "enable password ..." on the router. How can I get it to work such that it will check for a user's enable level and if they have already been authenticated it will let them through. I have the following in my router config for this: aaa authentication enable default tacacs+ enable aaa authorization commands 1 if-authenticated tacacs+ none aaa authorization commands 15 if-authenticated tacacs+ none but it is not working. Any assistance would be appreciated. Thanks. _ Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CiscoWorks snmp
Can somebody what syntax to use for the SNMP Settings for CiscoWorks 2000. I'm trying to setup the ANI stuff and the snmp strings but the syntax that it has is confusing. Can anybody give a sample they are using. Thanks. _ Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CiscoWorks
I have CiscoWorks 2000 running. However after the discovery, it sees the routers, switches, etc., but it only displays the ip address for both the ip address field and the device name field. I'm trying to get it to display the device name as well as the ip address. Any assistance would be appreciated. Thanks. _ Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CiscoWorks device name
I have CiscoWorks 2000 running. However after the discovery, it sees the routers, switches, etc., but it only displays the ip address for both the ip address field and the device name field. I'm trying to get it to display the device name as well as the ip address. Any assistance would be appreciated. Thanks. _ Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN location
I'm installing a new VPN box. Traditionally, where in the network does the VPN box reside. Does it run parallel to the PIX firewall and be connected to the inside the same way as the pix or should the VPN box be located in the DMZ with a secure tunnel created between the VPN box and the PIX firewall and all requests to the inside network would go through PIX firwall via conduits, etc. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
cabletron
Can someone give me some feedback on Cabletron hubs/switches. It is good, bad, advantages, disadvantages and how it really compares to the Cisco Catalyst line of switches. If you have cabletron switches would you upgrade to Cisco Catalyst switches or would you remain with cabletron. Please responsd to this email address. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
cabletron
Can someone give me some feedback on Cabletron hubs/switches. It is good, bad, advantages, disadvantages and how it really compares to the Cisco Catalyst line of switches. If you have cabletron switches would you upgrade to Cisco Catalyst switches or would you remain with cabletron. Please responsd to this email address. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
disconnect telnet
How can I disconnect another user who is currently telnet into the router that I'm in? When I do a "show users", it displays the telnet session and the vty line. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN 3015
I have a Altiga 3015 VPN concentrator. All seems to be working except for one thing. PPTP works fine with WINS, DNS, etc and of course full connectivity via the tunnel. IPSec seems to be OK too except that when I look at the IPSec Viewer, it tells me that "Failed to set WINS info...". WINS doesn't seem to be working via IPSec, but DNS, DHCP and all else seems to be working. Any help would be appreciated. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IPX via VPN
I have a Altiga (Cisco) VPN 3015 concentrator. Once I have a tunnel established to the 3015 concentrator, can I run IPX (novell) through that or can I only run IP. If I can run IPX, what/how would I need to configure to get IPX to work. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Router & Modem
I'm trying to dial into a US Robotics 33.6 external modem connected to my Cisco 2520 router. The modem has a db-25 connector on it which I've placed a db-25 to RJ-45 convertor on it. From the RJ-45 I connected a Cisco rolled cable (console cable) to it and connected the other end of the RJ-45 cable to the AUX interface on the router. The configuration are already on the AUX interface on the router. When I dialed to it, it answers and seems to connect via hyperterminal. However, after the connection, I don't seem to be getting any response back from the router or something like that because nothing seems to echo back. Any assistance would be appreciated. Thank you. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BCRAN
Can anyone give me some tips as to how to study for the BCRAN (640-505 exam) exam. I'm studying for it and am schedule for another week or so to take the exam. Tips on what topics to study and what may be on the exam would be helpfu. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PRI connection
I need some assistance with my PRI connection starting from the CSU/DSU. How should I configure the CSU/DSU? Should it be the same (coniguration) as a normal T1?? Do I need any special cables to connect from the CSU/DSU (v.35) to the PRI (controller) port on the router. Any assistance from the CSU/DSU hardware and software configuration to the router configuration and cabling would be appreciated. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CIT Exam
I need some advice on the CIT exam. What book should I use to study for this exam. Also, there's two exams available for the CIT: 640-440 and 640-506. If I read the book for 640-440, will it be enough to pass the 640-506 exam? Any guidance would be appreciated. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Token ring and duplex
If a token ring is running at a speed of 16, should the duplex be full or half. If it's at half, what may be some problems as a result of it. thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CIT
Can someone tell me how the CIT exam is like. How does it compare to the other exams. I glanced over the CIT book and it looks like a lot of stuff is understanding different "show ..." commands and "debug ..." commands. Any hints or advice would be appreciated. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IPX
In regards to ipx routing, how and when do we determine if running ipx routing is enough as compare to when to run ipx eigrp routing? My environment is growing from about 100 sap listings to maybe 2000 sap listings via a company merger. My second question is via the following diagram Site A Site B Site C Currently, IP traffic is going between Site A, B, and C. IPX is running locally within each site but not routed to other sites. I wanted to have Site A and Site C to be able to talk IPX in order to see Novell servers on each site by enabling IPX routing. Site A has about 100 sap listings, Site B has about 2000 sap listings, and site C has about 750 sap listings. In enabling ipx routing across from A to C, how can I go about such that Site A only certain server sap advertisements from Site C. Basically, I only want to be able to see servers across A and C and don't need to see ipx enabled clients. Also, in this type of environment with the above number os sap listings, should I just use ipx routing or should I use "ipx eigrp"? Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
switch console logging
On a Cisco Catalyst 6500 and 4000 series switch, how can I stop system messages from displaying onto the console. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX w/ 3 Interfaces
Currently my PIX has two interfaces. I'm getting ready to add another interface to my PIX to make it 3 interfaces to make a separate DMZ network. My question is, when a user on the outside tries to access a server on on the network on the inside (not dmz), is that doable. Also, I haven't been able to find a full blown very very detailed sample config of a 3 interface PIX configuration. If someone could share their 3 interface PIX configuratin with me, I would greatly appreciate it. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
multiple PRI dialup
I have a central site with two routers each with a PRI. I have numerous remote sites with BRI dialing into the PRI as dial backup only. I would like to set it up such that when the T1 link goes down at the remote site the BRI ISDN initiates dialing to the PRI for backup. What I want to do is set it up such that it will dial the first PRI at the central site and if that is busy it will dial the second PRI. How do I go about doing this so that it will dial (maybe randomly) either PRI and if one PRI is down or busy, it will dial the other PRI automatically. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
multiple PRI dialup
I have a central site with two routers each with a PRI. I have numerous remote sites with BRI dialing into the PRI as dial backup only. I would like to set it up such that when the T1 link goes down at the remote site the BRI ISDN initiates dialing to the PRI for backup. What I want to do is set it up such that it will dial the first PRI at the central site and if that is busy it will dial the second PRI. How do I go about doing this so that it will dial (maybe randomly) either PRI and if one PRI is down or busy, it will dial the other PRI automatically. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DNS and access-list
I want to allow a particular server to do DNS queries such that when they type www.cisco.com or something like that, it will go to the specify DNS server and find the ip address. I have an access list allowing port 53 for tcp and udp and it doesn't work. Can anyone help. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IPX RIP and EIGRP
I have a dilema with my ipx environment. The following is a diagram and a description of it. aaa --| | - iii bbb --| S0S1 | - hhh ccc --|RtrA --- fff --- RtrB ---| - ggg ddd --| 1.1.1.1 1.1.1.2 | - jjj eee --| | - kkk RIP EIGRP 47 IPX Network aaa, bbb, ccc, ddd, eee are attached to the left network which is RtrA. IPX network iii, hhh, ggg, jjj, kkk are attached to the right network which is RtrB. The left network (RtrA) and the right network (RtrB) are joined using IPX network fff. There is full IP capability everywhere in the left network and the right network. I'm connecting ipx from the left network to the right network via a tunnel. However currently RIP is on the left network and EIGRP 47 is on the right network. What I'm trying to acocmplish is for ipx network aaa and bbb on the left side to be able to see all ipx network (iii, hhh, ggg, jjj, kkk) on the right side and vice versa. At the same time I don't want network (ccc, ddd, eee) to be in EIGRP 47. I want to enable EIGRP 47 on the left side such that any ipx servers on aaa and bbb will be able to see all ipx servers on the entire right network. At the same time, I want all ipx servers on all ipx networks on the left network to be able to see any other server on the left network. I have the following config RtrA: - ipx routing tunnel 0 no ip address ipx network fff tunnel source S0 tunnel destination 1.1.1.2 Serial 0 ip address 1.1.1.1 255.255.255.0 ipx router eigrp 47 network aaa network bbb network fff ipx router rip no network fff RtrB: - ipx routing tunnel 0 no ip address ipx network fff tunnel source S1 tunnel destination 1.1.1.1 Serial 1 ip address 1.1.1.2 255.255.255.0 ipx router eigrp 47 network iii network hhh network jjj network ggg network kkk network fff Can anyone help me with this and let me know if this is the right way to do it and if not what is the right way. How can I accomplish what I wan to accomplish in my description and diagram above. Also if RIP and EIGRP are running on the same router, will they automatically redistribute to each other? Basically, I wan to keep the left and right network separate but at the same time for some ipx servers on the left network to be able to see and access ipx servers on the right network and vice versa. Thank you. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IPX RIP and EIGRP
I have a dilema with my ipx environment. The following is a diagram and a description of it. aaa --| | - iii bbb --| S0S1 | - hhh ccc --|RtrA --- fff --- RtrB ---| - ggg ddd --| 1.1.1.1 1.1.1.2 | - jjj eee --| | - kkk RIP EIGRP 47 IPX Network aaa, bbb, ccc, ddd, eee are attached to the left network which is RtrA. IPX network iii, hhh, ggg, jjj, kkk are attached to the right network which is RtrB. The left network (RtrA) and the right network (RtrB) are joined using IPX network fff. There is full IP capability everywhere in the left network and the right network. I'm connecting ipx from the left network to the right network via a tunnel. However currently RIP is on the left network and EIGRP 47 is on the right network. What I'm trying to acocmplish is for ipx network aaa and bbb on the left side to be able to see all ipx network (iii, hhh, ggg, jjj, kkk) on the right side and vice versa. At the same time I don't want network (ccc, ddd, eee) to be in EIGRP 47. I want to enable EIGRP 47 on the left side such that any ipx servers on aaa and bbb will be able to see all ipx servers on the entire right network. At the same time, I want all ipx servers on all ipx networks on the left network to be able to see any other server on the left network. I have the following config RtrA: - ipx routing tunnel 0 no ip address ipx network fff tunnel source S0 tunnel destination 1.1.1.2 Serial 0 ip address 1.1.1.1 255.255.255.0 ipx router eigrp 47 network aaa network bbb network fff ipx router rip no network fff RtrB: - ipx routing tunnel 0 no ip address ipx network fff tunnel source S1 tunnel destination 1.1.1.1 Serial 1 ip address 1.1.1.2 255.255.255.0 ipx router eigrp 47 network iii network hhh network jjj network ggg network kkk network fff Can anyone help me with this and let me know if this is the right way to do it and if not what is the right way. How can I accomplish what I wan to accomplish in my description and diagram above. Also if RIP and EIGRP are running on the same router, will they automatically redistribute to each other? Basically, I wan to keep the left and right network separate but at the same time for some ipx servers on the left network to be able to see and access ipx servers on the right network and vice versa. Thank you. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
transfer rate
How do we go about calculating how long it takes to calculate something and the speed at which it is transferring. For instance, if we have a T1 circuit (full 1.544MB) or a 128KB link, how long will it take to transfer a 230MB file and how fast does it transfer per second, minute, etc. I can't seem to find anything that deals with calculating this sort of thing on Cisco's site. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX question
In regards to a pix, I have the following question. When I'm trying to restrict access from the inside to the dmz, how would I do that and can you give some examples. For example, do I use an access list or an outbound command and what are the differences between the two. In addition, is there a book out there that teaches us PIX configuration? Is there a Cisco PIX certification at the present time? Thanks. Scott _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
subnets [7:638]
Our existing network consists of a flat network at 172.16.0.0 with a mask of 255.255.0.0 and 172.31.0.0 with a mask of 255.255.0.0. Since it is flat, the networks are 172.16.2.0 - 172.16.12.0 mask 255.255.0.0. EIGRP is running. Now, the question I have is, if I create new subnets to segment the place with networks like 172.20.10.0, 172.20.11.0, 172.12.0, etc all with masks of 255.255.255.0 and if I run EIGRP also. If I were to run both the above networks at once and within the same EIGRP process, would it cause any problems. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=638&t=638 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Written [7:639]
Can anyone give some advice as to what is the best book to use for the CCIE written. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=639&t=639 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Written [7:834]
What is the best book to use for studying the CCIE written exam?. I've seen several: Lammle, Caslow and Giles but am not sure which is the best. Any suggestions would be greatly appreciated. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=834&t=834 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
eigrp path [7:837]
I have a network that is running EIGRP to provide for redundancy, for some reason, for this one remote site, it is taking the long route to get to there. For instance, we have the following: RTR-A /\ / \ RTR-B---RTR-C The host we're trying to get to is on RTR-A and we are trying to get there from RTR-C. Every link has the same bandwidth. For some reason we a client on RTR-C is trying to get to a host on RTR-A, it goes from RTR-C to RTR-B then to RTR-A and finally to the host on RTR-A instead of directly from RTR-C to RTR-A and to the host. Any help would be appreciated. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=837&t=837 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
HSRP [7:903]
There are two routers: Rtr-A and Rtr-B. HSRP is running between these two groups with RTR-A set with a priority of 100 and RTR-B set with a priority of 150. Currently, RTR-A is the active router. However RTR-B shows that it's in a state of INIT. When I do a "show int fa0/0", it shows that the line is up but the protocol is down. The configuration looks fine and HSRP is tracking the serial interface. Any suggestion as to why RTR-B is not in standby state and how to resolve the problem to get it out of INIT state. If RTR-A goes down now, RTR-B will not pick up and become active as it stands now. Any assistance would be appreciated. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=903&t=903 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
routes and subnet [7:1210]
I have a flat network of 172.20.1.0 172.20.5.0 with a subnet of 255.255.0.0 thus it is flat. I'm running eigrp with no summary. If I add a network of 172.21.10.0 with a subnet of 255.255.255.0 and run it in eigrp and no summary, would that cause any problems. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1210&t=1210 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
telnet [7:1212]
I want to allow this one network to be able to to telnet into my router, but when then telnet into it I only want to give them access to the "show interface" command and nothing else. However when I telnet into it from my network I want to be able to access everything. What I've done is set the password on vty 0 4 and use the command login. However when they telnet to it and type the password to login then can access a lot of other commands including "show version", "show logging", "show standby", a lot of others even though they can't get into config t mode. Can anyone show me how to configure it to restrict the above telnet to only a few commands. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1212&t=1212 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
T1 pinout [7:1297]
Anyone know the pinout to a cable that use to connect two fractional T1 CSU/DSU back to back for testing. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1297&t=1297 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
authentication [7:1697]
Can Cisco ACS be used for Internet access authentication? If it can, is it recommended since I'm using Cisco ACS for my router authentication and VPN authentication. Also, what software do you recommend for logging web access on a Cisco PIX. I've used WebTrend in the pass but wanted to get someone else's opinion. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1697&t=1697 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
TTL [7:1700]
If I wanted to increase the TTL on a Cisco router, how can I do that? Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1700&t=1700 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ftp security [7:2124]
Anyone know of a ftp software that does encryption. Normal ftp does not encrypt the data. I'm trying to find one that does encryption. Even if we pay for it, that will be ok too. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2124&t=2124 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX and sniffing [7:2265]
I have a pix that protects my internal network from vendors. So the internal lan interface is Inside and the interface to the vendor is Outside. There's a full conduit allowing anything from the vendor's network (Outside) into our Inside network. I'm sniffing the wire on the Inside now for problems. The question is, when the vendor comes in through the Outside interface and goes into my network via the Inside interface, when I sniff, will I be able to see the exact ip address of the vendor or does the pix hide that when it comes in. When I sniff, I don't see anything from the vendor coming in at all. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2265&t=2265 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
SPAN [7:2622]
On a Catalyst 3524XL, how do I enable SPAN (switch port analyzer) so I can have one port mirror traffic on another port so I can sniff it. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2622&t=2622 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT Design [7:2738]
I need some advice on NAT design. Here's the scenario. This is my current scenario. I have my site at RTRA and a LAN there. At RTRA, all the vendor connections come in through it as shown by Vendor_1 and Vendor_2. Eventually, there will be Vendor_3, Vendor_4, etc. S2 LAN_SwitchRTRA---\ E1\S1 \ \Vendor_2 \ Vendor_1 What I want to do is provide NAT such that when Vendor_1, Vendor_2 and eventually Vendor_3, Vendor_4 access stuff at RTRA, they will be using a NAT address. I have three questions: 1. Can I configure NAT such that E1 is the "NAT Inside" interface and have S1 and S2 both as "NAT Outside" interfaces and then of course the statics. 2. Should I have a switch hook up to E2 (not shown in drawing), then hook Vendor_1, Vendor_2, Vendor_3, etc. hook up to the same VLAN on that switch and have E2 configure as the only "NAT Outside" interface. That way, E2 is the only "NAT Outside" interface, but all the Vendors that connect through that switch will use the same NAT address. 3. Is this sort of NAT recommended to be configure on the core router where all WAN connections come in or should I have another router that connects directly to RTRA and then do that through there and use any of the questions in 1 or 2 as the solution. Basically, what is the best design for my scenario even if my solution/question above is not right, any recommendations would be appreciated. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2738&t=2738 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT Design [7:2766]
I need some advice on NAT design. Here's the scenario. This is my current scenario. I have my site at RTRA and a LAN there. At RTRA, all the vendor connections come in through it as shown by Vendor_1 and Vendor_2. Eventually, there will be Vendor_3, Vendor_4, etc. S2 LAN_SwitchRTRA---\ E1\S1 \ \Vendor_2 \ Vendor_1 What I want to do is provide NAT such that when Vendor_1, Vendor_2 and eventually Vendor_3, Vendor_4 access stuff at RTRA, they will be using a NAT address. I have three questions: 1. Can I configure NAT such that E1 is the "NAT Inside" interface and have S1 and S2 both as "NAT Outside" interfaces and then of course the statics. 2. Should I have a switch hook up to E2 (not shown in drawing), then hook Vendor_1, Vendor_2, Vendor_3, etc. hook up to the same VLAN on that switch and have E2 configure as the only "NAT Outside" interface. That way, E2 is the only "NAT Outside" interface, but all the Vendors that connect through that switch will use the same NAT address. 3. Is this sort of NAT recommended to be configure on the core router where all WAN connections come in or should I have another router that connects directly to RTRA and then do that through there and use any of the questions in 1 or 2 as the solution. Basically, what is the best design for my scenario even if my solution/question above is not right, any recommendations would be appreciated. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2766&t=2766 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT Design [7:2881]
I need some advice on NAT design. Here's the scenario. This is my current scenario. I have my site at RTRA and a LAN there. At RTRA, all the vendor connections come in through it as shown by Vendor_1 and Vendor_2. Eventually, there will be Vendor_3, Vendor_4, etc. S2 LAN_SwitchRTRA---\ E1\S1 \ \Vendor_2 \ Vendor_1 What I want to do is provide NAT such that when Vendor_1, Vendor_2 and eventually Vendor_3, Vendor_4 access stuff at RTRA, they will be using a NAT address. I have three questions: 1. Can I configure NAT such that E1 is the "NAT Inside" interface and have S1 and S2 both as "NAT Outside" interfaces and then of course the statics. 2. Should I have a switch hook up to E2 (not shown in drawing), then hook Vendor_1, Vendor_2, Vendor_3, etc. hook up to the same VLAN on that switch and have E2 configure as the only "NAT Outside" interface. That way, E2 is the only "NAT Outside" interface, but all the Vendors that connect through that switch will use the same NAT address. 3. Is this sort of NAT recommended to be configure on the core router where all WAN connections come in or should I have another router that connects directly to RTRA and then do that through there and use any of the questions in 1 or 2 as the solution. Basically, what is the best design for my scenario even if my solution/question above is not right, any recommendations would be appreciated. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2881&t=2881 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Modem [7:3028]
How do I configure a US Robotics modem to work on an AUX port on a router. What do I have to configure on the AUX port and what do I have to configure on the modem.I want to connect the US Robotics modem to the AUX port for dialin. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3028&t=3028 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
encapsulation [7:3701]
Should I use hdlc or ppp encapsulation on a point to point connection between two wan sites. The connection is used to access data. And also what is the benefit and disadvantages of using one over the other. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3701&t=3701 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
trunking [7:6123]
My environment is currently running Cabletron equipment that has trunking set to 802.1q. I'm putting in a new Catalyst 6500 switch and will be tieing that into the Cabletron network. My question is, since I'm not going to trunk between the two but just to have a cross connect to communicate between the two networks, should I be using ISL trunking on the Cisco switch or should I be using 802.1q so that it is compatible with the Cabletron network. In addition, if I do use 802.1q trunking, will that mess up the Cabltron side. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6123&t=6123 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
chat [7:6287]
Anyone know if there's a forum such as IRC, ICQ where we engineers can have techy talks. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6287&t=6287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Racks [7:7752]
Can anyone tell me what are the best racks to use to rack my Cisco gear. Where can I go on the web to find them. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=7752&t=7752 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Subnet usage [7:9509]
Got a question re: subnet usage. I'm using /30 to subnet 10.100.1.x so that I only have two addresses per subnet. The question is, there will be approximately subnets and two hosts per subnet if I subnet it this way. Now, does it make sense to scatter these subnets everywhere (Site 1, Site 2, Site 3 ... Site X or should I keep it at one site and use the other subnets on that for other use at that site? _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=9509&t=9509 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ATM Home Lab [7:9834]
If I have several Cisco 2600 routers, is it possible to create a home lab that runs ATM (for practicing) if I buy the ATM modules. If yes, what modules should I buy. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=9834&t=9834 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN status [7:12499]
What does it mean when that L2 status is in state=init instead of state=established as in the following message. Layer 2 Status: TEI = 82, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI = 84, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI 82, ces = 1, state = 5(init) spid1 configured, no LDN, spid1 sent, spid1 valid Endpoint ID Info: epsf = 0, usid = 70, tid = 1 TEI 84, ces = 2, state = 5(init) spid2 configured, no LDN, spid2 sent, spid2 valid Endpoint ID Info: epsf = 0, usid = 71, tid = 1 Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12499&t=12499 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DLCI [7:12679]
Can we have two DLCI having the same number on the same router but point to different destinations on different interfaces? _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12679&t=12679 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BRI state [7:12802]
I have a question regarding BRI state. The following is a capture of my "show isdn status": ISDN BRI4/0 interface dsl 24, interface ISDN Switchtype = basic-ni Layer 1 Status: ACTIVE Layer 2 Status: TEI = 88, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI = 97, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI 88, ces = 1, state = 5(init) spid1 configured, spid1 sent, spid1 valid Endpoint ID Info: epsf = 0, usid = 0, tid = 1 TEI 97, ces = 2, state = 5(init) spid2 configured, spid2 sent, spid2 valid Endpoint ID Info: epsf = 0, usid = 1, tid = 1 Layer 3 Status: 0 Active Layer 3 Call(s) Activated dsl 24 CCBs = 0 The Free Channel Mask: 0x8003 Notice that a few lines down the "state = 5(init)" and it's also in the same state for the other channel. Doesn't that have to be in a "established" state to use the line. I know that Cisco docs say that if the state is a "init" or "established" that the line is good. I know that it's good, but can't dial out for some reason and wanted to know if that was it and what the exact meaning of the init state is and if there's a way to bring it to an established state. Do a clear int bri4/0 didn't do it either. Any suggestions will be appreciated. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12802&t=12802 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IOS [7:12833]
What is the difference between an IOS that is IP and IP Plus? _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12833&t=12833 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Internet Rtr ACL [7:13559]
Does anyone have a sample config of their ACL on their Internet router that allows certain traffic to go out and certain ones to come in. I'd like a sample of a live config to see how people are doing it. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=13559&t=13559 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
bgp [7:13786]
What is the recommended router if I wanted to run bgp on my dual internet connection. I currently have a 2651 and will be upgrading it to 128MB but am not sure if that's enough to run bgp considering the size of the bgp routing table. Thank you. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=13786&t=13786 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN and Firewall [7:15375]
Where is the best place to install a VPN box - vpn inside interface behind the pix, vpn outside interface behind the pix, vpn outside to internet, vpn inside to lan, etc. What should be the best practice and if someone can point out a link where I can see some configuration I would appreciate it. Thank you. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=15375&t=15375 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
switch broadcast
I have two Catalyst 6500 with supervisor and MSFC. The MSFC is performing the routing for the vlans. When sniffing it, I see a lot of broadcast (50%) coming from the MAC of vlan interface on the MSFC. Both ip and ipx are running on this. Is this normal? I have "no ip redirects" and "no ip directed-broadcast" on the interface. Any suggestions, hints, configuration, etc help would be appreciated. Thank you. Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Access List ping
I want to create an access list such that a user can ping out and get a response, but at the same time to be able to not have anyone to ping in. I tried an access list denying icmp for IN on that interface, but that totally stops the pings from going out or in. Any assistance on how I can get this accomplish would be greatly appreciated. Thankx. Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
No Subject
On a Cisco PIX, if you have license for lets say 100 connections but end up using 110 connections, what would happen. I'm not referring to the number of users but rather the number of connections Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PRI Connection
I need assistance with hooking up a PRI. Telco has already brought in the PRI line into a circuit in the room with a jack. I want the PRI to work with my router. My router does have a PRI Multi-Channel card to handle this. My question is, how do I connect the PRI line such that it will work with the PRI multi-channel card. Will I need to connect the PRI line to a CSU/DSU and then from the CSU/DSU to the RJ45 on the PRI multi-channel card. If this is the connection type, on my CSU/DSU, the connection on it to the router is a v.35 connector. How can I accomplish this. Thank you. Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Blocking IRC
The port for Internet Relay Chat (IRC) is 194 for UDP and TCP. In fact, after block TCP and UDP port 194, IRC traffic seems to be going through still. However blocking that port does block out much IRC traffic because IRC seems to be using random ports as well such as 7000, 6000, etc. Can anyone tell me how I can block out IRC traffic entirely. Any assistance would be greatly appreciated. Thanks. Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX configuration
My network is as follows: Ethernet Segment ---|PIX||RTR|--OUT TO INTERNET INTERNAL DMZ EXTERNAL I have a few servers out in the DMZ zone. How and what is the standard for security configuration for the PIX and the RTR (router). Is the RTR suppose to shield only the servers in the DMZ and allow all other access inside? Is the PIX suppose to be configured such that any traffic from the Ethernet Segment on the INTERNAL network going through the INTERNET is filtered and allowed via the OUTBOUND list on the PIX. How about the conduit? How is that suppose to be used. I have the network pretty much setup, but wanted some suggestions as to if I'm doing it right. I'm currently using the RTR to protect the servers in the DMZ as well as placing some security for inbound connections while using the PIX to establish/filter what traffic can go outbound and what can't. How about traffic coming inbound from the INTERNET, should that type of traffic be filtered on the RTR or by using the conduit on the PIX. Any help with how to setup security at what section of the network (where) would be greatly appreciated. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX configuration
My network is as follows: Ethernet Segment ---|PIX||RTR|--OUT TO INTERNET INTERNAL DMZ EXTERNAL I have a few servers out in the DMZ zone. How and what is the standard for security configuration for the PIX and the RTR (router). Is the RTR suppose to shield only the servers in the DMZ and allow all other access inside? Is the PIX suppose to be configured such that any traffic from the Ethernet Segment on the INTERNAL network going through the INTERNET is filtered and allowed via the OUTBOUND list on the PIX. How about the conduit? How is that suppose to be used. I have the network pretty much setup, but wanted some suggestions as to if I'm doing it right. I'm currently using the RTR to protect the servers in the DMZ as well as placing some security for inbound connections while using the PIX to establish/filter what traffic can go outbound and what can't. How about traffic coming inbound from the INTERNET, should that type of traffic be filtered on the RTR or by using the conduit on the PIX. Any help with how to setup security at what section of the network (where) would be greatly appreciated. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PRI & CSU/DSU
I have a PRI that is used to backup all my remote sites. The PRI is a full T1. My question is, when I setup the CSU/DSU, how should I setup the channels. Do I just assign all channels to the data port, do I have to configure it any different from a normal T1? Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ntp
What is a good time server to use out there. I'm setting up NTP on my routers, etc. and don't want to use the router as a NTP device where it will serve as a server. I want it to go to a machine that will act as a server. What software is good for that and hopefully it's free. Thanks _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ftp out
How do I configre an access list such that it only allow users to ftp out, but not any ftp in. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX to access inside server
I am using a Cisco PIX 520 with an inside interface and an outside interface. I have the following scenario: Internal server has an address of 10.10.1.150, the external server has an ip address of 128.200.111.100. The external server is in the dmz zone. The internal server has been assigned a global address 0f 128.200.111.150 that maps to the inside server of ip address 10.10.1.150. I want the external server of 128.200.111.100 to be able to communicate with the inside server only through port 135. I assigned a static ip address to the inside host with the following command: static (inside,outside) 128.200.111.150 10.10.1.150 netmask 255.255.255.255 0 0 I assigned the permission for the external server to be able to access the inside server only via port 135 using the following command. conduit permit tcp host 128.200.111.100 eq 135 host 128.200.111.150 eq 135 Is this the right way of doing it? If I'm doing it wrong, can someone show me how to do this. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
pix
I am using a Cisco PIX 520 with an inside interface and an outside interface. I have the following scenario: Internal server has an address of 10.10.1.150, the external server has an ip address of 128.200.111.100. The external server is in the dmz zone. The internal server has been assigned a global address 0f 128.200.111.150 that maps to the inside server of ip address 10.10.1.150. I want the external server of 128.200.111.100 to be able to communicate with the inside server only through port 135. I assigned a static ip address to the inside host with the following command: static (inside,outside) 128.200.111.150 10.10.1.150 netmask 255.255.255.255 0 0 I assigned the permission for the external server to be able to access the inside server only via port 135 using the following command. conduit permit tcp host 128.200.111.100 eq 135 host 128.200.111.150 eq 135 Is this the right way of doing it? If I'm doing it wrong, can someone show me how to do this. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
removing nat entries
I currently have a nat entry as follows: "ip nat inside source static tcp 192.168.32.200 192.168.32.200 extendable". When I try to remove that entry with the following command: "no ip nat inside source static tcp 192.168.32.200 192.168.32.200 extendable" it gives me the following message: "%Static entry in use, cannot remove". Can anyone give me some pointers as to how I can remove that entry. Keep in mind that this is a static translation, not a dynamic translation so using the "clear ip nat translation ..." command will not apply to this as it is static not dynamic. Any assistance would be appreciated. Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
helper address and bay router
I have a cisco router at a remote site and a bay router at the central site. The dhcp server is at the central site where the bay router is. The cisco router at the remote site has a help-address pointing to the dhcp server at the central site. On the Bay router, a forwarding interface has already been setup. However, clients at the remote site still cannot get dhcp addresses from the dhcp server at the central bay router site. Any insight on this would be appreciated. Thanks. Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ip and subnet
If on one floor I use 10.150.0.0 255.255.0.0 and on the remaining 2 floors I use 10.150.100.0 255.255.255.0 and 10..150.102.0 255.255.255.0, will this work in terms of all three networks being able to communicate with each other. Will there be any problems, etc. Can someone help me reason this out. Thanks. Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP Addressing
I currently have one floor where my routers and servers are. These are address as 10.100.1.x and 10.100.2.x addresses with a subnet of /16. I'm adding two more floors. However, in adding two more floors can I address these floors as for instance 10.100.11.x, 10.100.12.x, 10.100.13.x, and 10.100.14.x with a subnet mask of /24. I'm confused as to how this may work if I have them all at a /24 subnet mask, a /16 subnet mask in the current floor and /24 subnet mask in the new floors, or even changing everything including the existing floor and new floors all to reflect /24. Any help with this ip address stuff and how the new floors can be integrated would be greatly appreciated. Thanks. Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
two T1s
I'm at one location with two T1s to corporate. How can I configure these two T1s to load balance each other, provide redundancy for each other etc. For instance, if one T1 goes down, all traffic that normally goes through that T1 would now be re-routed to the other T1 which is up. Also is there a way to sort of multiplex or in Catalyst switch term port-channel, so that these two T1s can be load balancing and redundant. Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2 subnets in 1 vlan
I want to have one Vlan (for example vlan 100) and have both 10.100.5/24 and 10.100.6/24 on the same subnet so that I can use the same gateway. Is there a way to accomplish this? Thanks. Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP Addressing
I currently have one floor where my routers and servers are. These are address as 10.100.1.x and 10.100.2.x addresses with a subnet of /16. I'm adding two more floors. However, in adding two more floors can I address these floors as for instance 10.100.11.x, 10.100.12.x, 10.100.13.x, and 10.100.14.x with a subnet mask of /24. I'm confused as to how this may work if I have them all at a /24 subnet mask, a /16 subnet mask in the current floor and /24 subnet mask in the new floors, or even changing everything including the existing floor and new floors all to reflect /24. Any help with this ip address stuff and how the new floors can be integrated would be greatly appreciated. Thanks. Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
some ping "request timed out"
I have a 4006 with two GBICs each trunked to a 6509. My 6509 has a MSFC to perfom my routing. For whatever reason, when I do a ping on a client to the vlan assigned to the 4006, it will ping and then time out for between 5 and 20 seconds and then will come back alive. I'm running spanning tree and yes portfast is enabled. Pruning is enabled. Can anyone shed any light on this. Thank you. Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ip duplicates
I have a couple of catalyst 6500 with supervisors that have msfc. These msfc are performing the routing functions for the different vlans that I have setup. HSRP is running between the msfc for each vlan. Each msfc have a different ip address for each vlan. For instance, one msfc will have a 10.20.20.5 for vlan 200 and another will have 10.20.20.6 for vlan 200 also. Of course hsrp is running between them with an ip address of 10.20.20.1 for vlan 200. I notice that on the msfc, the mac on all the vlans are the same. My logs don't show me any errors, but when I use the Fluke to do a scan, it reports that several of the macs on the vlans on the msfc have duplicate ip of 10.20.20.5 which is ip address on one of the vlan on the msfc. Can someone shed some light on this. Thanks. Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
