RE: Source Routing
Use IP Policy Routing on the RSM to set the next hop for specific users. For instance, if the users are on subnets 10.10.1.0/24 and 10.10.2.0/24, you could use: access-list 1 permit ip 10.10.1.0 0.0.0.255 access-list 1 permit ip 10.10.2.0 0.0.0.255 interface vlan40 ip policy route-map OLDNET ip local policy route-map OLDNET route-map OLDNET permit 10 match ip address 1 set ip next-hop 10.1.1.1 Regards, Eric Sineath CCIE (R/S & Design) Senior Consultant SBC DataComm -Original Message- From: Michael Fountain [mailto:[EMAIL PROTECTED]] Sent: Monday, November 27, 2000 3:15 PM To: [EMAIL PROTECTED] Subject: Source Routing Kind of a bizarre situation, but... We have a large, productional network that can't be messed with too much. Basic network could be looked at like this - core(5500rsm) - distro(4700) - access(1720s) / ---/ What we need to be able to to do is route a couple of the customers on the 1720s towards the new internet connection until we are ready to swing everyone over to it. Since we already have a default route to the existing internet connection, what is the easiest way to do this? I've considered creating tunnels between the 1720s and the new internet routers, but have always heard things about tunnels and CPU usage. It is an ethernet environment only, so I don't know of any way to source route. Any suggestions? _ Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router with Web Cache Engine
Use IP WCCP WEB-CACHE. That will enable cache discovery globally. You must then use IP WCCP REDIRECT-OUT on the interface connected to your cache server's segment. You may need to use IP WCCP WEB-CACHE REDIRECT-LIST XXX (where XXX is access-list #) globally to filter specific IP's that should NOT be redirected. Regards, Eric Sineath CCIE (R/S & Design) #4504 Senior Consultant SBC DataComm -Original Message-From: Minh Vu [mailto:[EMAIL PROTECTED]]Sent: Tuesday, November 21, 2000 6:22 PMTo: Tim Schlosser; [EMAIL PROTECTED]Subject: Re: Router with Web Cache Engine I'm running Enterprise version 12.1 and 11.3 which I believe they will have the "ip wccp enable". According Cisco document, they said "ip wccp enable" was implemented on 11.2 and later, but they didn't mention which hardware will supported.. - Original Message - From: Tim Schlosser To: Minh Vu ; [EMAIL PROTECTED] Sent: Tuesday, November 21, 2000 3:06 PM Subject: Re: Router with Web Cache Engine 12.07T has the wccp code enabled. I believe you need the T train, and at a minimum of 12.04T - Original Message - From: Minh Vu To: [EMAIL PROTECTED] Sent: Tuesday, November 21, 2000 11:09 AM Subject: Router with Web Cache Engine Hi, Anyone know which IOS (ie: IP, Enterprise, FW, etc...) support the Web Cache Engine ? I tried to find the command on my router but I couldn't find it on Cisco 1005 and 2501 with Enterprise feature set. I did went thru cisco document site. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/webcache/ce15/ver15/wc1pre.htm and here http://www.cisco.com/univercd/cc/td/doc/product/iaabu/webcache/ce15/ver15/wc1inst.htm#16914 they said type in command in global configuration mode: ip wccp but when I tried on those two routers it was unknown command. Anyone have any hint? Thanks
RE: simple NM question
The network modules w/out integrated CSU's have a DB15 connector and must connect to an external CSU. The ones with CSU's connect directly to the network with an RJ-48 cable. The reasons I normally use them are that you have better management, fewer devices to support and SmartNet maintenance. Regards, Eric Sineath CCIE (R/S) #4504 CCIE (Design) #4504 Senior Consultant SBC DataComm -Original Message- From: Stull, Cory [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 15, 2000 3:10 PM To: '[EMAIL PROTECTED]' Subject: simple NM question What would be a normal reason to get a NM-1FE1CT1-CSU as opposed to just a NM-1FE1CT1 ? Obviously one has a CSU and one doesn't but I would appreciate it anyone can elaborate on why you would need one over the other... Thanks Cory _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Design Lab passed
They were different, but equally challenging. The Design lab was definitely more reflective of the types of infrastructures being deployed today, while the R/S was a bit more abstract. Regards, Eric Sineath CCIE (R/S) #4504 CCIE (Design) Senior Consultant SBC DataComm -Original Message- From: Bruce Williams [mailto:[EMAIL PROTECTED]] Sent: Monday, November 13, 2000 6:33 PM To: [EMAIL PROTECTED] Subject: Re: CCIE Design Lab passed Congratulations!! What certification did you find more difficult, the CCIE Design or the CCIE R&S? Bruce [EMAIL PROTECTED] ""SINEATH, JOSEPH E (AIT)"" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Folks, > > I passed the CCIE Design Lab last week, and quite a bit of my study over the > past three months was done right here. The scenario posts were extremely > helpful. This lab was a heck of a lot more "real-world" than the R/S one. > > Regards, > Eric Sineath > CCIE (R/S) #4504 > CCIE (Design) > Senior Consultant > SBC DataComm > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Design Lab passed
Folks, I passed the CCIE Design Lab last week, and quite a bit of my study over the past three months was done right here. The scenario posts were extremely helpful. This lab was a heck of a lot more "real-world" than the R/S one. Regards, Eric Sineath CCIE (R/S) #4504 CCIE (Design) Senior Consultant SBC DataComm _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX QUESTION********
Peter, I believe that the correct configuration would be to deny 10.6.x.x access to any outside addresses: outbound 102 deny 10.6.x.x 255.255.255.255 0 0 and then to allow access to the 200.121.x.x server on port 1222 with an except statement: outbound 102 except 200.121.x.x 255.255.255.255 1222 tcp Please let me know if that worked for you. Regards, Eric Sineath CCIE (R/S) #4504 CCIE (Design) Passed, but no number yet Senior Consultant SBC DataComm -Original Message- From: Peter Gray [mailto:[EMAIL PROTECTED]] Sent: Friday, November 10, 2000 7:27 PM To: [EMAIL PROTECTED] Subject: Fwd: PIX QUESTION I am using PIX 515 IOS ver 4.4. I have to allow only one inside user to access an Internet address on a particular port. I am using outbound statement with except to do this. But it is not working. Can anyone put some light on that. Here is what I am doing: A user from 10.6.x.x subnet needs to access internet address 200.121.x.x on port 1222. outbound 102 permit 200.121.x.x 255.255.255.255 1222 tcp outbound 102 except 10.6.x.x 255.255.255.255 0 0 apply (inside) 102 outgoing_dest _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Design Lab
Group, I am sitting for the CCIE Design lab next Wednesday, 11/8. I passed the written at Networker's in July, and have been basically studying the objectives and references page since then. I've been scouring the newsgroups and mailing lists, as the Design lab is supposed to be a new format. I haven't been able to find anyone who's taken it, much less passed it. Cisco states that a "Network Verification Tool (NVT)" will be used to assess the design; I'm assuming NetSys. Any input? Regards, Eric Sineath, CCIE #4504 Senior Consultant SBC DataComm _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Bruce Caslow
I attended Bruce's class in 1998, just prior to taking my CCIE lab. I can honestly say that I got more out of his class than in any of the Cisco, Microsoft, Novell, etc. classes that I had taken previously. It was compressed, absolutely; the amount of material presented in 5 days couldn't have been done without compression. I did pass my lab, though, and definitely appreciated the class. Regards, Eric Sineath, CCIE #4504 Senior Consultant SBC DataComm -Original Message- From: Brian [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 26, 2000 2:32 PM To: Michael Le Cc: info; [EMAIL PROTECTED] Subject: Re: Bruce Caslow On Thu, 26 Oct 2000, Michael Le wrote: > I took the course last week. Fred Ingham (who edited > about 10 chapters of Bruce's book) taught the class. > It was a very good class. I averaged about 15 hour > days, starting from 8:30-9 until they kicked my out at > 12 midnight. So yes, you get to work into the wee > hours, past all the other classes that leave at 5pm. > Fred made no claims as to how many people pass and > specifically said that taking the class without much > additional practice will make it very hard. > The class does cover most of what is needed though. > Most but not all, in that Cisco will use some weirder > configs and stricter ways to configure things. > Overall, all the past posts that said this class is > the best... I concur. What is the current cost of the class? Brian > > Michael Le > > --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: W2K Radius
You need to set up the Internet Authentication Service (IAS) under W2K. It supports Cisco RADIUS, as well as many other features. Simply define your NAS (router) as a client, give it a key, and you should be OK. You will need to unselect MS-CHAP, which is the default. Then all you have to do is use the "Grant Dialin Permission" on your use accounts to enable. Regards, Eric Sineath CCIE #4504 Senior Consultant SBC DataComm -Original Message- From: Tony Russell [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 24, 2000 9:19 AM To: '[EMAIL PROTECTED]' Subject: W2K Radius I had Win NT 4 Radius server up and running and using it with a 1605 configured for AAA. When I upgraded the box to W2K, the router will no longer authenticate using the Radius server. Does anyone know why this would be? I figured a simple upgrade shouldn't change anything since my router config stayed the same. What is it about W2K Radius that is different? Tony Russell Network Engineer IBEAM Broadcasting _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN calls gets connected but disconnects immediately
This is probably an indication of PPP authentication problems. Turn on "debug ppp auth" and take a look when you are dialing. Regards, Eric Sineath, CCIE #4504 Senior Consultant SBC DataComm -Original Message- From: Hans Schimek [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 19, 2000 4:14 PM To: [EMAIL PROTECTED] Subject: ISDN calls gets connected but disconnects immediately hi! i am simulating an isdn call on an isdn switch with 2 S0 interfaces. i am trying to configure DDR . as i am trying to ping the remote router ( 192.168.0.1 ) the call gets initiated but gets disconnected immediately. i included the output of the isdn q931 command and my running config. any advice ? thanx in advance = Hans Schimek Student Fachhochschule St. Pölten f. Telekommunikation und Medien mailto: [EMAIL PROTECTED] gsm : +43 699 10605315 fax : +43 3613 2311 4 icq : 22308773 www : www.schimek.net = _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
