RE: routername(boot) ??? [7:64188]
(boot) is for "boot-helper" image. That means that the configuration registers were set in a manner to either purposefully boot to boot helper mode or to boot to it if you have an error loading up an image from any other location. The boot helper image is basically a trimmed down version of the regular IOS images. You use it to have more functionality than the rommon. To "get rid of it" (which is technically not possible since they're on ROM chips), you should check to see what your config-registers are set to by using "show version". Set them to 0x2102 to boot up the first regular IOS image it encounters on the flash memory. If the registers are already set to this, then you might not have a bootable image on flash (check this by "show flash"). Hope this helps, scott -Original Message- From: Steven Aiello [mailto:[EMAIL PROTECTED] Sent: Saturday, March 01, 2003 6:53 PM To: [EMAIL PROTECTED] Subject: routername(boot) ??? [7:64188] I have recently received some routers for a home lab. When I boot one it displays the following. routername(boot)> what is this "(boot)" mean and how do I get ride of it? I've worked on routers before and never seen this. Thanks in advance. Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64279&t=64188 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: tftp to flash timeout [7:64226]
He still should be able to place it into flash irregardless of what router its meant for. I think the problem is a size issue. Every 12.0 ios requires 8MB of flash and I suspect the one he's trying requires 16MB. He should use the command "no partition" first to combine the flash partitions into one (which is 8MB) and then find an image that will require only 8MB. -Original Message- From: Larry Letterman [mailto:[EMAIL PROTECTED] Sent: Sunday, March 02, 2003 9:48 PM To: [EMAIL PROTECTED] Subject: Re: tftp to flash timeout [7:64226] is your text below a typo ? It looks like your trying to put C2500 code on a 4500 router... cisco 4500 (R4K) processor (revision B) with 32768K/8192K bytes of memory. Processor board serial number 04058420 R4600 processor, Implementation 33, Revision 1.0 c2500-ik8s-l.122-6-ipplussec Larry Letterman Network Engineer Cisco Systems - Original Message - From: Jason Steig To: [EMAIL PROTECTED] Sent: Sunday, March 02, 2003 8:24 PM Subject: tftp to flash timeout [7:64226] Copyright (c) 1986-1995 by cisco Systems, Inc. Compiled Wed 01-Nov-95 15:04 by vatran Image text-base: 0x600087E0, data-base: 0x60248000 ROM: System Bootstrap, Version 5.2(7b) [mkamson 7b], RELEASE SOFTWARE (fc1) Router uptime is 33 minutes System restarted by power-on Running default software cisco 4500 (R4K) processor (revision B) with 32768K/8192K bytes of memory. Processor board serial number 04058420 R4600 processor, Implementation 33, Revision 1.0 G.703/E1 software, Version 1.0. X.25 software, Version 2.0, NET2, BFE and GOSIP compliant. 2 Ethernet/IEEE 802.3 interfaces. 4 Serial network interfaces. 128K bytes of non-volatile configuration memory. 4096K bytes of processor board System flash (Read/Write) 4096K bytes of processor board Boot flash (Read/Write) Configuration register is 0x2102 Router(boot)# Here is my 4500M. I'am trying to tftp into flash the new 12.2 c2500-ik8s-l.122-6-ipplussec IOS. however it is failing in the transfer becuase the router timesout. This is becuase of the 16mb limit correct? what do i have to upgrade for the router to stop timing out? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64281&t=64226 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Silly EIGRP question [7:64259]
Show ip eigrp neighbor, will show the hold time. The hold time is updated when a hello packet is received. The default hello time interval is 5 seconds so you're neighbors will always be reporting a hold time between 10-15 seconds. scott -Original Message- From: Michael Williams [mailto:[EMAIL PROTECTED] Sent: Monday, March 03, 2003 7:59 AM To: [EMAIL PROTECTED] Subject: Silly EIGRP question [7:64259] I know this question sounds silly, but I can't for the life of me figure out how to do this: Short of debugging, how can I tell the last EIGRP update that was received on a router, from what neighbor that update came, and for what network(s) it updated? I know I can 'sh ip prot' and see when the last update was, but this isn't what I'm looking for. TIA, Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64284&t=64259 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: pinout for terminal cable [7:64269]
If the Livingston port is a eia-232/DTE then you're basically set to go. Just use a roll-over cable. On the chance that the livingston port is a DCE, use a straight-through cable (which might be the answer since it was a female to begin with). scott -Original Message- From: John Golovich [mailto:[EMAIL PROTECTED] Sent: Monday, March 03, 2003 9:53 AM To: [EMAIL PROTECTED] Subject: pinout for terminal cable [7:64269] Can anyone help me for the pinouts for this cables. >From the back of a Livingston Portmaster 2E I have a gender changer plugging into a db25 cisco terminal to rj45 adapter. >From here I want to plug a cat5 cable into the console of my ciscos. I could use some help with the pinouts if anyone has already done this. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64285&t=64269 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 2511 and US robotics modem [7:64261]
I'm sure that the default usrobotics modemcap will work on your modem. What exactly is not working on your connection? What process have you gone through to connect it? Modemcap entries can be viewed on the router by 'show modemcap' to reveal the names of the modems supported by default scripts and then 'show modemcap usr_sportser' to show the actual AT commands used for that entry. The AT commands used by your modem can usually be seen in the help menu if you terminal into your modem. at$ or at$h usually brings up the help. scott -Original Message- From: Joupin [mailto:[EMAIL PROTECTED] Sent: Monday, March 03, 2003 8:20 AM To: [EMAIL PROTECTED] Subject: Cisco 2511 and US robotics modem [7:64261] Hi I got really confused that Why can`t I connect e US ROBOTICS 56 k Message modem to a Cisco 2511 Router , I think my problem is because of MODEM CAP Properties. where can I find a Modem cap resources regarding this issue ? ANy Response appreciated Joupin www.joupin.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64286&t=64261 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help Pix 501 [7:64278]
I agree with richard the only way you're going to do this with a single ip address is by setting up a vpn and then telneting as a second step. scott ""Richard Deal"" wrote in message news:[EMAIL PROTECTED] > Juan, > > The PIX does not permit you to telnet into it from the "outside" > interface--this is a security feature. There are two solutions available: > SSH and a VPN. My recommendation is to go the hard route and set up a remote > access VPN connection to the PIX--SSH has been shown recently to have some > vulnerabilities. > > Cheers! > -- > > Richard A. Deal > > Visit my home page at http://home.cfl.rr.com/dealgroup/ > > Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access > Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration > Exam Cram > > Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco > exams on the market. > > > > ""Juan Blanco"" wrote in message > news:[EMAIL PROTECTED] > > Team, > > I want to be able to telnet to my internal network(terminal server) via > the > > Pix 501, I have a connectivity via my cable provider, I have only one IP > > address. Before using the pix I have a router and I used to telnet to it > > from the Internet then connect to my terminal server, now I can't do it > > because there is no telnet capabilities from the Pix 501, Remember I have > > only one IPAny ideas how to do thisI looked in the Cisco Web > and > > the examples that I was able to find they assume that I have more than 1 > IP > > which is no my case.At the present time I have not problem connecting > to > > the Pix from the Internet > > > > I really appreciate your help. > > > > Thanks, > > > > Juan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64364&t=64278 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PPP vs HDLC [7:64362]
I've never heard efficiency as a reason to use PPP over HDLC. there are more options with PPP, but otherwise both are based upon SDLC and therefore nearly identical from a protocol perspective. I suppose HDLC are a couple bytes smaller, but this would be negligable. I'd say if your PPP is configured and working fine, why bother to go through the motions of changing for a 0.1% benefit? scott ""Stuart Pittwood"" wrote in message news:[EMAIL PROTECTED] > It has been mooted to me that we might get better performance from our > 1Mb line by using HDLC rather than PPP. > > > > Is this correct? > > > > If so is it just a case of changing the Encapsulation PPP to > Encapsulation HDLC on both ends of the link? > > > > Are there any implications I should be aware of? > > > > Thanks > > > > _ > > Stuart Pittwood, MCSE > > IT Technician > > Amery-Parkes Solicitors Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64365&t=64362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ip ospf dead-interval [7:64311]
shoulds like you're trying to answer a trick question on a test? I suppose "The Long and Winding Road" wanted you to work for your answer, but I'll come out and tell you. ospf defaults the dead-interval/hold-time as a multiple of the hello time, so if you change the hello time the dead interval changes automatically also. scott ""nilesh bothra"" wrote in message news:[EMAIL PROTECTED] > Q. Change OSPF dead interval to 60 seconds. > You are not allowed to use the command 'ip ospf dead-interval" for > accomplishing this task. > > Suggestions pls > > Nilesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64387&t=64311 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: My Favorite Topic - RIP route propagation / redistribution [7:64388]
"In my setup I saw that so long as I had the 200.0.0.4 address on the R4 loopback that the 200.0.0.0/24 refused to propagate. it did not show up in the R4 table. " it has to be in your R4 routing table as a directly connected subnet. I suppose what you mean is that it doesn't show up as either a ospf or rip dynamic route. every router should send an update that its in their routing table, but because of administrative distances, the directly connected one always wins with a 0 distance. if he's getting something dynamically sent, I'd say he either didn't put the address/mask correctly on r4 or he changed administrative distances. scott ""The Long and Winding Road"" wrote in message news:[EMAIL PROTECTED] > Cisco Nuts sent me this one off line. > > R3---R4---R5 > OSPF RIP > > R4 redistributes RIP to OSPF and visa versa > > > each router has a loopback with an address of 200.0.0.X / 32, where X is the > router number > > RIP version 1 on R4 and R5. The loopback on R4 is in the OSPF domain, and > the loopback on R5 is in the RIP domain. > > CN apparently did not see the same phenomenon that I did. In his setup, he > saw the summary-address of 200.0.0.0/24 propagated onto R4. > > In my setup I saw that so long as I had the 200.0.0.4 address on the R4 > loopback that the 200.0.0.0/24 refused to propagate. it did not show up in > the R4 table. > > damn, I forgot to ask his IOS version. I'm running 12.1.5T10 > > solution? has to do with the various ways one can trick RIP into behaving as > VLSM capable. > > > -- > TANSTAAFL > "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64388&t=64388 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: creating console cable for cs11152 [7:64368]
the console port is identical to every other cisco router (eia-232, 9600 baud). http://www.cisco.com/en/US/products/hw/accessor/ps107/products_tech_note0918 6a0080094ce6.shtml scott ""Sam Sneed"" wrote in message news:[EMAIL PROTECTED] > Has anyone done this before? I have a few CSS but don't have the adapters > for console ports. I'm hoping I can create my own cable using cat5. If > someone could enlighten me on how to do this that'd be great. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64393&t=64368 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT ON PIX QUESTION [7:64398]
basically yes, I think your statement is correct. 1) I haven't configured a PIX recently, but I don't recall it requiring an access-list for static address translation, since the port is actually part of the static (or conduit) command. Now I'm sure you'd want a ACL, but simply for the same reason you'd put it on any interface, nothing specific to NAT though. 2) as far as dynamic being one way, thats correct, but the way you worded the sentence seems to imply that its also a one way from outside to inside. dynamic is always inside to out and is blocked outside to inside. scott ""Sam"" wrote in message news:[EMAIL PROTECTED] > Hey Guys. > First of all, there aren't any words to express my appreciation for this > list and all the guys who are always so helpful in here. > > These questions are regarding NAT in reference to PIX only. > > 1)Static NAT works both ways. From outside to inside and vice versa. > However, You need an access-list configured if you are accessing from a > lower-security interface to a higher-security one. > > 2)Dynamic NAT on the contrary doesn't work both ways. Connections can be > initiated only from one interface to another and the other can only reply > statefully. Am I right? > Eg: If I configure an internal network(10.0.1.0) to translate to > 64.4.4.10-64.4.4.30, 30 connections can be initiated towards the internet > and they would work fine. Replies can be sent back to those initiated > connections but no connections can be initiated from the Internet to the > internal network. Hence, I call it stateful. > Am I right about this full statement? > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64404&t=64398 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: creating console cable for cs11152 [7:64368]
hopefully this time priscilla doesn't chastise me for helping out with CCO material!! ;) the link you supplied clearly states that its 9600 baud & rs-232 and the table below it doesn't say anything in regards to pinouts for any console port. the "rs-232" specification IS the pinout specification. CSS 11050 Front Panel Connectors and LEDs All front panels of the CSS 11050 models contain connectors and LEDs that vary according to their model number. For example, the CSS 11051 in Figure 2-3 has: a.. 1 RS-232 Console connector (9600 baud) b.. 1 RS-232 Diag connector, reserved for field service use only (115,200 baud) c.. 8 10/100-Mbps auto-sensing Fast Ethernet connectors and their associated Link/Activity status, 10/100 (Mbps), and Duplex (Half or Full) LEDs d.. Power, Status, and Ready LEDs ""Sam Sneed"" wrote in message news:[EMAIL PROTECTED] > Actually its not. You need a special adapter to console into these switches. > They come with them but I only have 1, I need 4. On Cisco's site they have > the following but it looks like a typo > > http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_installation_ > guide_chapter09186a00800df9d6.html#xtocid3 > > if you look at the table they RXD and DSR both going to to pin 3. > > > ""Scott Roberts"" wrote in message > news:[EMAIL PROTECTED] > > the console port is identical to every other cisco router (eia-232, 9600 > > baud). > > > http://www.cisco.com/en/US/products/hw/accessor/ps107/products_tech_note0918 > > 6a0080094ce6.shtml > > > > scott > > > > ""Sam Sneed"" wrote in message > > news:[EMAIL PROTECTED] > > > Has anyone done this before? I have a few CSS but don't have the > adapters > > > for console ports. I'm hoping I can create my own cable using cat5. If > > > someone could enlighten me on how to do this that'd be great. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64405&t=64368 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ip ospf dead-interval [7:64311]
good point, I'm new to the forum and wasn't quite sure of what approaches to answers people expected. I do like his approach to answering it, because if you look at the link, the answer is in there (with the use of some deductive logic). the only thing that worries me though, is that if people never get a straight answer, will they then stop asking questions? its nice to see an open forum about cisco networking thats actually well populated, I'd like to support it as much as I can. scott ""Priscilla Oppenheimer"" wrote in message news:[EMAIL PROTECTED] > Scott Roberts wrote: > > > > shoulds like you're trying to answer a trick question on a > > test? I suppose > > "The Long and Winding Road" wanted you to work for your answer, > > but I'll > > come out and tell you. > > Why did you come out and tell the original poster the answer? Wouldn't the > poster learn more from working it out? I liked "The L&W Road's" answer much > better. :-) > > Wouldn't the poster be a better representative of the relevant certification > having worked it out? For example, if the poster is going for CCNP and > manages to pass because people provided answers instead of methods for > figuring out the answer, is that a good thing for the rest of us who wish > CCNP to be a respected certification? > > The poster asked for suggestions, not answers, and that's what we should > have provided. > > Hopefully the poster will try this in a lab. There is at least one minor > gotcha that I can think of. > > Hey, you had to expect to get slammed for this! ;-) I'm doing this with all > due respect and a recognition of how fun it is to give an answer. I think a > lot of us participate on the list partly to give answers because it's fun > and a nice ego stroke, myself included. But the real goal of Group Study is > to help people learn. > > Priscilla > > > > > > ospf defaults the dead-interval/hold-time as a multiple of the > > hello time, > > so if you change the hello time the dead interval changes > > automatically > > also. > > > > scott > > > > ""nilesh bothra"" wrote in message > > news:[EMAIL PROTECTED] > > > Q. Change OSPF dead interval to 60 seconds. > > > You are not allowed to use the command 'ip ospf > > dead-interval" for > > > accomplishing this task. > > > > > > Suggestions pls > > > > > > Nilesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64409&t=64311 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: can one someone pls recommend [7:64380]
boy you don't give up do you!! have you tried the http://www.ccbootcamp.com/index.asp scott ""Mirza, Timur"" wrote in message news:[EMAIL PROTECTED] > a hands-on lab training course for the ccie lab exam...i want to prepare > myself for my 6th attempt...i believe there was ecp course but i don't have > the details...thx in advance > > Timur Mirza > Principal Network Engineer > Enterprise Core Network > Verizon Wireless > 15505-B Sand Canyon Avenue > Irvine, California 92618 > 949.286.6623 (o) > 949.697.7964 (c) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64395&t=64380 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: creating console cable for cs11152 [7:64368]
I see what you're after now. yes you can do this. the adapters are the trick here. cisco will use a rollover cable to essentially pair wire 1 on one end to wire 8 on the other end (2 to 7, 3 to 6, etc...). in theory what this does is reverses the the Tx and the Rx and the other corresponding wires for flow control and modem control. the adapter then comes in for when you plug it in to the interface. for example if I have a eia-232 configuration, then my adapter will have to be wired correctly to place the correct pin from the adapter to the correct wire on the rollover cable. same thing can be said if I have a v.35 cable, I need to have the adapter connect the Tx pin to the Tx wire of the cable. this is why cisco advertises their db-60 interface as being 5-in-1, because depending on how the pins match the wire, they have 5 different specifications possible(one being eia-232) now sticking to eia-232, the specification calls for 8 pins, which is perfect for 8-wire cable and thus why cisco uses it for all their modular console ports. now the adapters come into play. the adapters can serve one of two purposes, 1) straight-through or 2)rollover. if the cable you use is a rollover, well then the wires have already turned the Tx into a Rx wire and thus your adapter needs to be straight-through to accomplish having the ends stay Tx to Rx. if the cable you use is straight, well then the wires are Tx to Tx and thus you'll need an adapter to change the Tx to the Rx. now heres the kicker and the reason I suspect you're having problems. this whole discussion of Tx going to a Rx end-to-end depends on the fact that the console port of a router (or a CSS) is a DTE and your PC serial port is a DTE and thus needs to be rolled-over. on the other hand some older cisco equipment had their console ports configured as DCEs, which might very well be you case. so what to do? put the adapter onto your computers serial port, plug the cisco rollover cable into it and then right into the console port of your css. if it works you're done, if not get a standard straight-through cat5 cable to use instead of the cisco rollover, that one will then work. ""Sam Sneed"" wrote in message news:[EMAIL PROTECTED] > When i plug rollover cable that i use for routers into routers console it > works. When I plug it into CSS11152 console it doesn't work When I use the > CS11152 adapter on rollover it does work. What I'm trying to figure out is > what do I have to do to a cat5 cable to make it work without the CSS11152 > adapter. > > ""Scott Roberts"" wrote in message > news:[EMAIL PROTECTED] > > hopefully this time priscilla doesn't chastise me for helping out with CCO > > material!! ;) > > > > the link you supplied clearly states that its 9600 baud & rs-232 and the > > table below it doesn't say anything in regards to pinouts for any console > > port. the "rs-232" specification IS the pinout specification. > > > > CSS 11050 Front Panel Connectors and LEDs > > All front panels of the CSS 11050 models contain connectors and LEDs that > > vary according to their model number. For example, the CSS 11051 in Figure > > 2-3 has: > > > > a.. 1 RS-232 Console connector (9600 baud) > > > > > > b.. 1 RS-232 Diag connector, reserved for field service use only > (115,200 > > baud) > > > > > > c.. 8 10/100-Mbps auto-sensing Fast Ethernet connectors and their > > associated Link/Activity status, 10/100 (Mbps), and Duplex (Half or Full) > > LEDs > > > > > > d.. Power, Status, and Ready LEDs > > > > > > > > ""Sam Sneed"" wrote in message > > news:[EMAIL PROTECTED] > > > Actually its not. You need a special adapter to console into these > > switches. > > > They come with them but I only have 1, I need 4. On Cisco's site they > have > > > the following but it looks like a typo > > > > > > > > > http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_installation_ > > > guide_chapter09186a00800df9d6.html#xtocid3 > > > > > > if you look at the table they RXD and DSR both going to to pin 3. > > > > > > > > > ""Scott Roberts"" wrote in message > > > news:[EMAIL PROTECTED] > > > > the console port is identical to every other cisco router (eia-232, > 9600 > > > > baud). > > > > > > > > > > http://www.cisco.com/en/US/products/hw/accessor/ps107/products_tech_note0918 > > > > 6a0080094ce6.shtml > > > > > > > > scott > > > > > > > > ""Sam Sneed"" wrote in message > > > > news:[EMAIL PROTECTED] > > > > > Has anyone done this before? I have a few CSS but don't have the > > > adapters > > > > > for console ports. I'm hoping I can create my own cable using cat5. > If > > > > > someone could enlighten me on how to do this that'd be great. > Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64506&t=64368 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 10 half or 100 full [7:64482]
yes cat3 can be used for 100base, but only wih 100baseT4 and chances are that the cards in your workstations are only TX. so its safer to run 10base over cat3 cabling. scott ""Mike Momb"" wrote in message news:[EMAIL PROTECTED] > To all, > > I know this subject has been talked about on a workstation level but I want > to ask it on a network level. We recently replaced our Nortel network with > Cisco switches and we seem to have a slowness level across the network at > certain times. We have a raging debate on what speed to set the NIC cards > and switches. Some folks say set the switches and PCs at 10mb & half duplex > and others say set them at 100mb & full duplex and still others say auto on > both ends should work. It has been my experience that auto has never worked > very well. My question is this, what has been this groups experience on how > to set the ports for the maximum bandwith. We are using a combination of > Cat 5 & Cat 3 cables. Any advice would be appreciated. > > thanks > Mike Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64520&t=64482 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Password recovery without reload? [7:64453]
"what? you don't have all your passwords printed out in large type on a sheet of paper taped to the equipment rack? what kind of operation you running there? :->" damn I really did LOL at this! sorry oscar I think you're screwed without some form of password, the snmp idea is good, but the question is do you have it setup for snmp? scott ""The Long and Winding Road"" wrote in message news:[EMAIL PROTECTED] > ""oscar"" wrote in message > news:[EMAIL PROTECTED] > > Can I see the configuration of a Cisco router without a password recovery? > > The problem is that the configuration was removed from the startup-config > by > > mistake and nobody remember the password and a password recovery here > means > > loose the configuration. > > > > what? you don't have all your passwords printed out in large type on a sheet > of paper taped to the equipment rack? what kind of operation you running > there? :-> Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64538&t=64453 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN switch (beyond simulator) [7:64628]
if you didn't need the the simulated telco switch d-channel, then your best bet would be to use a PBX system. in other words, if you simple needed the lines to be circuit switched like a isdn cloud would do without the actual isdn protocols. this is basically putting in an NT2, but bypassing any need for a NT1 by not having any real outside isdn service. scott ""Howard C. Berkowitz"" wrote in message news:[EMAIL PROTECTED] > We've all dealt with ISDN simulators, that look like a CO to a single > or small set of interfaces. I'm dealing with a situation where I need > to interconnect several simulated training sites (i.e., physically in > the same room) and telephony servers through a PSTN simulation. > > In other words, I need a small CO switch, with the ability at least > to interconnect several trunks (probably both T1 E&M and ISDN PRI), > with a static calling plan among tens of telephones. The switch would > emulate several end offices, plus the PSTN interoffice connectivity > between them. For the latter, however, I don't need to have physical > interoffice trunks as long as I can simulate their effect in a > dialing plan. > > The switch should also be able to simulate dedicated data links between > sites. > > In the real world, this is no problem to do with off-the-shelf > equipment that would support thousands of lines. Within the Cisco > product line, I suspect I get close with an MGX or the like, but > probably fall short in circuit-switch call supervision and routing. > > Thoughts? I'm going to review my Nortel Passport documents to see if > it has the loop supervision capabilities available; I vaguely > remember a version that might. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64648&t=64628 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cheap Domain Name register? [7:64557]
considering that register.com provides DNS service also, I think its cheap. for eample, Time Warner charges $4/months for DNS service! scott ""Wes Stevens"" wrote in message news:[EMAIL PROTECTED] > Any advice on a cheap and good domain name register? I am > tired of paying out the nose for register.com. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64661&t=64557 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Password recovery without reload? [7:64453]
next question is, who or why did they let the last admin near the servers/routers after he was fired? President Bigshot: "sorry bob, I'm going to have to let you go" Bob: "no problem, I'll just go get my things" next day President Bigshot: "bob? you're still here? I thought I fired you yesterday?" Bob: "oh yes you did, I just had a few loose ends to tie up, all done now, bye!" ""oscar"" wrote in message news:[EMAIL PROTECTED] > but the pribles is that there is not only a password but a login. So I'm > gonna need 3 years to discover the login/password :-( > > > - Original Message - > From: "Troy Leliard" > To: > Sent: Thursday, March 06, 2003 12:48 PM > Subject: Re: Password recovery without reload? [7:64453] > > > > You can always try a brute force password attack. Solarwinds have some > apps > > that do this, (that you can get on 30 day trial too ) > > M.C. van den Bovenkamp wrote: > > > > > > oscar wrote: > > > > > > > SNMP is not an option because it is disabled. In fact the > > > > startup-configuration wasn't erased by mistake. The last > > > admin did it > > > > because he was fired. > > > > > > Oh what fun. In that case you're out of luck. I think. > > > > > > Regards, > > > > > > Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64662&t=64453 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF attempting to form adjacencies with non-DR/BDR [7:64664]
it might be interesting to see what would happen if you put their priorities up and rebooted the existing DR/BDRs, let them complete their adjacencies and then put them back down to normal (or even 0). then see if the behavior goes back to the previous. after that I'd try a different IOS image and report it as a bug. what IOS are you using right now anyway? scott ""Kelly Cobean"" wrote in message news:[EMAIL PROTECTED] > Hey all, > I'm seeing some weird behavior on a pair of 6509's that I can't > explain. These two 6509/MSFC's are on an ethernet segment with two > other routers that are the DR and BDR. The DR and BDR have formed > adjacencies with the 6509s and with each other, the weird thing is that > the 6509's are constantly trying to form adjacencies with each other. > My understanding of OSPF was that routers on broadcast media only form > adjacencies with the DR/BDR. Is it within the operation of the protocol > that non-DR/BDR's will just continually try to form adjacencies with > each other and fail from the 2-way state? These two 6509's do just > that...They sit in 2-way state until the timeout expires, then they > fall-back to a down state, then start all over again. Any idea's on > what's going on? Configs are very basic, no tricky stuff. "debug ip > ospf adjacencies/events" show's nothing out of the ordinary. > > Confused, >Kelly Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64664&t=64664 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Main Diagnostic Menu on 2501 router??? [7:64427]
what I would check isopen up the case and see if there is a "credit card"/PC card/pcmcia flash memory module inserted into the mainboard (you'll see the slot, its obvious). also make sure there is standard memory inserted in the regular memory slots. lets us know what you find. scott ""Jean-Marc Simard"" wrote in message news:[EMAIL PROTECTED] > I just bought a 2501 router through Ebay for my CCIP/CCNP study and it's not > supposed to have an IOS on it. When I power it up, instead of getting the > rommon> prompt, I get the Main Diagnostic Menu as shown below. If I execute > the diag tests offered all the tests pass, but I just can't get past this > menu. > > Can someone, please, tell me what is wrong with it or how I can work around > it? > > Thanks a lot > > JM > > (I had some problems with my mailer, so sorry if it gets posted twice) > > --- (output at power up)-- > cisco Systems > Diagnostic Monitor > > Testing boot state > Exiting boot state > Testing Main Memory from 0h to E000h. data equals address > Testing Main Memory from 0h to E000h. checkerboard > Testing Main Memory from 0h to E000h. inverse checkerboard > Clearing bss > Enabling interrupts > Exiting init > > Diagnostic Monitor for CANCUN, Version 1.7.4(4) > Compiled by haidung on Wed 19-Nov-97 14:26 > > Main Diagnostic Menu > a: alter diag flags > b: basic utilities > c: do all diags in this menu > d: do group of diags in this menu > e: bus error test > f: image checksum test > g: timer interrupt test > h: size memory > i: main memory test > j: main memory parity test > k: shared memory test > l: shared memory parity test > m: flash memory test > n: nvram test > o: aux port test > p: serial cookie test > q: serial interface test > s: ethernet (Am79C90-LANCE) test > FLAGS: Continuous OFF Stop on error OFF Ext. loopback ON Abbr. test OFF > > enter Main Diagnostic Menu item > > --- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64665&t=64427 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PPP vs HDLC [7:64362]
I guess my understaning is limited, so I'm interested in hearing the results of this also. I've seen the flags left off of various protocols before, but I assumed they were simply being sloppy. I can't understand how any protocol could be transmitted without any flag/preamble at all. scott ""Priscilla Oppenheimer"" wrote in message news:[EMAIL PROTECTED] > s vermill wrote: > >> Cisco HDLC just > > > has this: > > > > > > Address - 1 byte > > > Control - 1 bytes > > > Protocol - 2 bytes > > > > > > It's curious that Cisco HDLC doesn't have the flag fields. > > > Maybe they just aren't mentioned in the only document I have > > on > > > Cisco HDLC?? The 0x7E flag is present in most derivatives of > > > HDLC, including SDLC. It's used to signal the beginning and > > end > > > of a frame and can be sent multiple times and during silence > > to > > > keep the link up, from what I remember. > > > > Every HDLC derivative I've ever worked with uses the ol' 7E7E > > idle pattern. Next time I have an o'scope out, I'll take a > > peek at a Cisco HDLC encapsulated link. > > Oh, yes, do please get your scope out! :-) I'm really curious about Cisco > HDLC and expect the doc I have doesn't tell the whole story. > > I wonder if a scope would strip out the flags, sort of like an Ethernet > analyzer doesn't show the preamble, though. > > THANKS > > Priscilla > > > > > >Howard would know for > > > sure, but I thought it was necessary in order for the other > > end > > > to synch up. > > > > Than's the general idea. You don't want to wait until there's > > data to be transferred before declaring protocol down. Loss > > of, say, three consecutive idles can trigger a protocol down > > condition. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64736&t=64362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ip ospf dead-interval [7:64311]
in real life its hard for me to keep my mouth shut, so even if I intend to be elusive in answers from now on, I'll probably just shoot my mouth off here too and just give the answer. I suppose some of us new-comers will keep you 'old farts' on your toes! ;) (you know who you are!) scott ""fred barreras"" wrote in message news:[EMAIL PROTECTED] > CiscoPress book for CCNP routing is very specific on changing hello setting > and having dead/interval setting changing automatically. I would have given > the answer and said where I found it. What some people are suggesting is > that when anybody posts a question the answer should be, "buy my book". If > people do not to want help other people out, or at least point them in the > right direction, then what is the point of groupstudy? Just like any other > sire, this one is also not perfect. I guess I just have to learn whose > threads to bypass and not read at all. Just curious. nilesh bothra wrote: Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64737&t=64311 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Silly EIGRP question [7:64259]
never heard of that command...doesn't exist to my knowledge (at least on 12.0) scott ""Shyam, Sharma S (CAP, GECIS)"" wrote in message news:[EMAIL PROTECTED] > Missed the command > > show ip eigrp timers > > rgds > > > -- > > From: Shyam, Sharma S (CAP, GECIS) > > Reply To: Shyam, Sharma S (CAP, GECIS) > > Sent: Thursday, March 06, 2003 6:33 AM > > To: [EMAIL PROTECTED] > > Subject: RE: Silly EIGRP question [7:64259] > > > > Michael > > > > I am not much experiencd but can we use for this. > > > > Rgds > > Sky > > > > > -- > > > From: Michael Williams[SMTP:[EMAIL PROTECTED] > > > Reply To: Michael Williams > > > Sent: Tuesday, March 04, 2003 6:41 AM > > > To: [EMAIL PROTECTED] > > > Subject: RE: Silly EIGRP question [7:64259] > > > > > > Priscilla Oppenheimer wrote: > > > > A protocol analyzer? ;-) And one that does a decent job with > > > > EIGRP. A lot of them don't. I think EtherPeek does in its > > > > latest software. Network Associates does a good job with EIGRP. > > > > > > I'll span a the port connecting out WAN router to the core switch (I'm > 99% > > > sure we're getting hit with updates from the WAN). We use NA, but > haven't > > > had the need to use it for EIGRP.. > > > > > > > You can turn the router into a troubleshooting tool with the > > > > various debug commands, of course. There's quite a few for > > > > EIGRP and at least one would give you the info that you seek, > > > > (probably debug eigrp packet). But, you didn't want to use > > > > debugging, for good reason probably. > > > > > > Yeah we don't take debugging on the core routers/switches to easily > =) > > > Ever since a new guy decided to debug EIGRP in an EIGRP storm without a > "no > > > logging console". > > > > > > Thanks! > > > Mike Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64740&t=64259 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP for CCIE Written [7:64707]
I agree completely. I think the whole "hybrid" was a marketing department decision. I'm just glad to find out I wasn't the only one who thought this. scott ""Peter van Oene"" wrote in message news:[EMAIL PROTECTED] > At 03:54 PM 3/7/2003 +, The Long and Winding Road wrote: > >""Peter van Oene"" wrote in message > >news:[EMAIL PROTECTED] > > > At 12:11 PM 3/7/2003 +, Johan Bornman wrote: > > > >Is EIGRP a Hybrid or Distance Vector protocol? > > > > > > Cisco calls it Hybrid. It looks pretty distance vector to me though. > > > >in what way? the hop count is pretty well hidden in the dark interior of the > >code. all those cost numbers, the ( also somewhat hidden ) topology table, > >and the ( somewaht hidden ) successor table certainly give it the appearance > >of link state. > > In a link state algorithm, a router builds a complete topology table for > the bounded area in which it operates and then uses a spanning tree like > algorithm (dijkstra in most cases) to calculate loop free paths. EIGRP > simply does not do this. Primary and secondary paths in EIGRP are > calculated based upon indirect information relayed by direct neighbors only > using an advanced distance vector algorithm (DUAL). > > I think Cisco likes to call it Hybrid since many folks feel distance vector > routing is inferior to link state and thus by labelling EIGRP as the best > of both approaches, Cisco has put a positive spin on the protocol. This is > typical marketing garbage from one of the best spin companies on the planet > (in a neck and neck race with Microsoft and Harley Davidson for that matter) > > Pete > > > > >Chuck > >who considers all this stuff a kind of magic > > > > > > > > >A hello mechanism and adjacencies does not a link state one make. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64741&t=64707 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: it started out as a really good idea ... [7:64638]
nice catch daniel, I've never used that before, will be mulling this one over in my lab for the next week. learn something new everyday, scott ""Daniel Cotts"" wrote in message news:[EMAIL PROTECTED] > standby track (interface) might do the trick. > http://www.cisco.com/warp/public/619/6.html > I've never seen HSRP on both sides of a router. Maybe each side could track > the ethernet interface on the other side. If the far side goes down then the > monitoring side decrements its priority and allows the other router to take > over. > > > -Original Message- > > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] > > Sent: Thursday, March 06, 2003 6:52 PM > > To: [EMAIL PROTECTED] > > Subject: Re: it started out as a really good idea ... [7:64638] > > > > > > Larry Letterman wrote: > > > > > > that was my answer as well...the broken connection will black > > > hole the path on > > > one side or the other... > > > > > > Larry Letterman > > > Network Engineer > > > Cisco Systems > > > > Whew! I wasn't losing it. :-) > > > > For this to work, you would need a way to tell Router 1 (as > > well as Router > > 2), "if my E0 interface goes down, make sure I'm not the > > default gateway on > > my E1 interface." (And vice versa.) > > > > Maybe you can do that with HSRP? I don't know how though. > > > > HSRP does have an advanced feature to avoid LAN users using a default > > gateway that has lost its access to the "rest of the network" > > on its other > > interface. I can't remember how to do that, but it's > > supported somehow, from > > what I understand. But I don't think that helps. It's not the > > same as no > > longer being the default gateway for the LAN that reaches the > > "rest of the > > network" because you're no longer the default gateway on the > > local LAN. > > > > Sorry if that's convoluted. I can't think of a better way of > > saying it! ;-) > > > > I think a routing protocol solves the problem too, but there are some > > gotchas. > > > > Assuming I understand his topology correctly, with a > > distance-vector routing > > protocol, Router 2 would not send via its E0 interface a > > route that tells > > Router 1 that Router 2 can get to network 10.3.0.0, due to > > split horizon. > > That's fine. > > > > However, Router 2 would tell Router 1 this information via > > its E1 interface. > > > > When there's no problem, Router 1 would ingore this > > information because > > Router 1 can get to network 10.3.0.0 directly already. > > > > Now Router 1's E0 goes down. After the route comes out of > > holdown (could be > > a long time for some routing protocols) Router 1 will accept > > Router 2's > > offer to send to network 10.3.0.0. > > > > Now, it gets a little hairy. > > > > Packet comes in on Router 1's E1 interface destinated to > > 10.3.x.x. (That's > > the ping reply from PC 2 to PC1.) Router 1 should send the > > packet back out > > E1 and let Router 2 pick it up. Router 1 may send an ICMP > > redirect too, > > which would avoid the extra hop in the future, except that > > ICMP redirects > > are often disabled with HSRP. > > > > I think that would work? It's not too pretty, but that's OK, > > he said it was > > a lab network. :-) > > > > I think the general-purpose answer is that the original > > poster did sort of > > misunderstand HSRP's purpose. In a hierarchical network > > design, you probably > > wouldn't have a router that was a default gateway on both sides of it. > > > > Instead, you might have two routers on a LAN acting together > > (with HSRP) as > > the default gateway. Both these routers can also get out to > > the rest of the > > network, for example the rest of the enterprise network or > > the Internet, so > > it doesn't matter which one gets used. > > > > Priscilla > > > > > > > > > > > - Original Message - > > > From: Priscilla Oppenheimer > > > To: [EMAIL PROTECTED] > > > Sent: Thursday, March 06, 2003 3:23 PM > > > Subject: Re: it started out as a really good idea ... > > > [7:64638] > > > > > > > > > Um, he already has both the E0s in the same subnet and both > > > the E1s in the > > > same subnet, according to his config. > > > > > > His drawing is confusing but I think he's got PC1 and both > > > E0s in subnet > > > 10.3.0.0/16, say on a hub or a switch. > > > > > > He's got PC2 and both E1s in subnet 10.4.0.0, on another hub > > > or switch. > > > > > > If the problem isn't related to misconfiguration of the > > > default gateway on > > > the PCs, I do have another theory. :-) > > > > > > Say he pulls the E0 cable on Router 1. No problem, PC1 will > > > start using > > > Router2. > > > > > > Then he pings from PC1 to PC2. The ping will probably get > > > there but what > > > about the reply coming back? > > > > > > What happens if PC2 is using Router 1 and Router 1 has no way > > > to send PC2's > > > packet from itself to Router 2 due to the missing cable, not > > > to mention > > > lack > > > of any routing pr
Re: network design [7:64422]
I guess I'm the only one with the problem of that many then. I'll take your words for it that it works OK, but I still keep thinking back to that one study (don't recall its name), and can't help but think effiecency would go by some noticeable degree. anybody can through switch and hubs around, we're supposed to do it right, not just "to get by". I mean if 700 is ok, then why not 1000? at some point you have to agree there is going to be a performance hit. hasn't any manufacturor thought to retest this performance issue with the newer equipment? scott ""Priscilla Oppenheimer"" wrote in message news:[EMAIL PROTECTED] > Great answer Chuck. It sounds like you figured out his/her basic needs, > though we would need more detail to provide a detailed design, of course, > and payment for design services. :-) Well, actually your idea of asking a > vendor to do an RFP might mean a free design (that would be biased toward > the vendor, of course, but still a good start.) > > I'm not in disagreement that today 700 nodes in one broadcast domain might > be OK. In other words, I would probably recommend no VLANs as a start. VLANs > complicate matters. If the network admins are somewhat new to networking, > they should avoid VLANs to start. > > The reason 700 nodes in one broadcast domain could work is because NICs and > CPUs are really not bothered by broadcasts like they were in the mid-1990s. > They are much fast, have better buffers, etc. Some would argue they never > were affected as much as Cisco claimed! > > I help out once in a while on a city-wide school network with that many > nodes in one broadcast domain. It has all the risk factors: > > Lots of AppleTalk traffic > Lots of Novell traffic > Lots of NetBIOS traffic > Lots of IP traffic > Ancient PCs with slow CPUs > > There are no performance issues. > > Priscilla > > The Long and Winding Road wrote: > > > > ""ferry ferry"" wrote in message > > news:[EMAIL PROTECTED] > > > I need a scheme of network.It need seven hundreds > > points.please give me > > some > > > advice on how to design it.It include that how to select > > network > > > product,product configuration.They are seted in a building.It > > have twenty > > > layers. > > > > > > Let's see if I understand you correctly. > > > > A company is located in a multistory building. There are 700 > > users spread > > out among 20 floors. So on average there are 35 users per floor. > > > > I'm going to assume a single data center with your servers and > > internet > > connection. > > > > Got fiber running from your data center to the various floors? > > How is this > > structured? how far from the dataccenter to each of the floors? > > > > the answer to this will help determine if you use a collapsed > > backbone or if > > you connect your switches in series. > > > > do you have groups of users who should logically be separated > > from > > eachother. Some companies like their payroll department to be > > on a separate > > network from other departments, for example. are there some > > services that > > need to be separated and unavailable to some users? > > > > These days, 700 uses, particularly in a switched environment, > > is not such a > > large braodcast domain ( stop grinding your teeth, Priscilla > > ;-> ) but > > still, you might just want to separated out logical groups into > > vlans. or > > maybe do it by grouping a couple of florrs together into vlans. > > > > my knee jerk thought, not knowing too much about the > > particulars, is > > determine your port counts per floor, determine connectivity - > > fiber runs > > between closets, and where those runs terminate. if it's > > copper, you got > > troubles :-> > > > > determine your logical / vlan structures. who needs to see what > > and when. > > > > Then go through the provisioning process. > > > > Don't be afraid to call in a couple of vendors to help you. ask > > for > > proposals. If you have a vendor who works closely with you and > > wants to help > > educate you, that's your guy ( or gal, for the politically > > correct ) > > > > hope this helps you get started. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64756&t=64422 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Teminal server problems [7:64746]
you didn't show your interface configuration, do you have at least one not shut down with the ip address 1.1.1.1 ? scott ""McHugh Randy"" wrote in message news:[EMAIL PROTECTED] > I cant seem to access any of my routers from the term server . Here is the > config and what errors i am getting > ! > ! > ip subnet-zero > no ip domain-lookup > ip host r1 2097 1.1.1.1 > ip host r2 2098 1.1.1.1 > ip host r3 2099 1.1.1.1 > ip host r4 2100 1.1.1.1 > ip host r5 2101 1.1.1.1 > ip host fr 2102 1.1.1.1 > ip host cat 2103 1.1.1.1 > ! > TS# > TS#clear line tty 97 > [confirm] > [OK] > TS#clear line tty 98 > [confirm] > [OK] > TS#clear line tty 99 > [confirm] > [OK] > TS#clear line tty 00 > ^ > % Invalid input detected at '^' marker. > > TS#clear line tty 100 > [confirm] > [OK] > TS#clear line tty 101 > [confirm] > [OK] > TS#clear line tty 102 > [confirm] > [OK] > TS#clear line tty 103 > [confirm] > [OK] > TS#r1 > Translating "r1" > Trying r1 (1.1.1.1, 2097)... > % Destination unreachable; gateway or host down > > TS# > > Any one have any suggestions? I am working remotly. > Randy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64747&t=64746 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Dynamic Natting with a CISCO 1601R [7:64757]
try putting more memory in, the max i think is 24, but default is like 12. ios 12.0 requires 8MB, so you're only really working with 4MB. scott ""Hyman, Craig"" wrote in message news:[EMAIL PROTECTED] > ALL- > > I am having a problem with Dynamic Natting using a 1601R router over Frame > Relay. Every time I set it up to use over 60 addresses the router hangs or > reboots. > > I am using IOS 120221a IP PLUS > I am being told by CISCO that this IOS is not specifically used for any form > of natting. What do I do if I need to use Dynamic or PAT NAT Mapping? > > Any help would be well appreciated? > > Thanks in Advance > > SRS Implementation Team > SRS Tier 2 > Pager# 1-888-860-5913 > Virtual Office# 303-604-0037 > SUN Office# 303-272-2661 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64765&t=64757 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 10 half or 100 full [7:64931]
if I understand what you're saying, I think its always been like that, cisco hasn't changed it. you're refering to the fact that the IOS switch don't let you change the speed? I think thats strange also, the set based switch can allow you to change speed, but after the IOS "upgrading" of switches they don't allow you to change a 10/100 at the switch, but rather require you to configure the desktop to 10 or 100 speed manually. I suppose the idea is that everyone should be using autonegotiation according to cisco. scott ""John Neiberger"" wrote in message news:[EMAIL PROTECTED] > I wanted to mention that we've been in the process of upgrading our > switches, as well, and I discovered that since we've started using the new > Cisco switches we've been having all sorts of problems getting the speed and > duplex settings set correctly. > > We've discovered that if you have relatively new NICs with updated drivers, > set both sides to AUTO. Never, ever, set only one side to AUTO. I'd also > avoid manually configuring the speed and duplex unless you have to do so to > fix a specific problem. Here's why: > > There is no standardized behavior for 100BaseTX when you manually configure > settings! The only setting mentioned in the specification is AUTO; the > behavior of the NIC with any other setting is up to the vendor and not > everyone handles it the same way. Cisco appears to have changed the way > they handle it, which is the cause of a lot of our problems. > > If you hard-set the speed and duplex there are two ways to handle this: > > 1. Use the configured settings and still participate in autonegotiation > only offering the configured settings. > > 2. Use the configured settings and do not participate in autonegotiation > > Cisco's new switches seem to use option #2, while a great number of our end > devices use option #1. Why is this a problem? Here's what happens when you > connection an option #1 device to an option #2 device: > > #1 participates in autonegotiation, only offer the configured settings. > #2 does not participate in autonegotiation at all and will forcefully use > the configured settings. > #1, seeing that there's nothing on the other side using auto assumes it is > connected to a HUB, and just might set itself to 10/Half regardless of the > manually configured settings! > > As you can guess, this is bad mojo. The moral of the story is that you > should try to start using AUTO on BOTH sides if you're using newer Cisco > switches, in particular the 2950 series. In some cases this won't work and > you'll have to resort to manual settings. > > HTH, > John > > > >>> Priscilla Oppenheimer 3/10/03 10:58:56 AM >>> > Mike Momb wrote: > > > > To all, > > > > We recently replaced our Nortel switches and routers with Cisco > > 2980 switches and 6509 routers. We have two buildings, 10 > > floors each and a router in each building. We have a > > combination of NT and Novell servers. After replacing all > > this equipment, we have noticed that when we access files on > > the NT servers, the speed is acceptable. When we access files > > on the Novell servers, it is very very slow. Could the > > switches or routers be configured incorrectly for IPX. Is > > there something that we can change. On Cisco's web page it > > mentioned something about enabling ipx > > broadcast-fastswitching. Any input or comments would be > > appreciated. > > I doubt that ipx broadcast-fastswitching will help you unless you are using > an ipx helper-address. With ipx helper-address (just like ip helper-address) > you can tell a router to forward a broadcast, which it normally doesn't do. > This would be useful for some rare IPX application that sent broadcasts that > needed to reach the other side of the router. In typical IPX networks, > there's no such need. When there is a need, you can speed it up with the ipx > broadcast-fastswitching command. > > You titled your message "10 half or 100 full." I think this was a Freudian > slip. I bet your problem is related to a full-duplex mismatch. Perhaps the > NICs in the NT servers negotiated correctly but the NICs in the Novell > servers did not and you have a mismatch. > > With a mismatch, the full duplex side will send whenever it wants. The half > duplex will get upset if it sees the other side sending while it is also > sending and will backoff and retransmist, leaving behind a CRC-errored runt. > That side will reports a collision. The other side will report runts and CRC > errors. > > So, look for lots of Ethernet errors when you do a show int or show port. > > Also feel free to send us the output of various show commands and your > router config. There are some IPX gurus on this list. > > ___ > > Priscilla Oppenheimer > www.troubleshootingnetworks.com > www.priscilla.com > > > > > > > thanks > > Mike Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64947&t=64931 ---
Re: 10 half or 100 full [7:64931]
I see what you're saying now. what would be nice to see is what traffic there is on a protocol analyzer. I would think that #2 should be the situation and your #1 is not the proper negotiation. I've never tried to cpature auttonegotiation with an analyzer before, I wonder if you can even capture that stuff? scott ""John Neiberger"" wrote in message news:[EMAIL PROTECTED] > No, that's not at all what I was referring to. I'm speaking of the behavior > of switch interfaces when they're set to AUTO. Nortel switches (at least > the ones that we used) and some older Cisco switches like the 2924XL seemed > to behave like Option #1 below, while the 2950 behaves like Option #2. > > If both the switch and the device are using Option #1 you'll be fine. If you > then upgrade to a Catalyst 2950 that uses Option #2, you'll have all sorts > of issues that need to be resolved. > > We've had a mixture of 2924XL and Bay 303/310 switches at our branchse for > quite a while with no issues. When we started replacing the Bays with > Catalyst 2950s we started having all sorts of problems, and it took quite a > bit of research into FastEthernet NWAY/Autonegotiation to determine the > problem. > > Just a forewarning. :-) > > >>> Scott Roberts 3/10/03 12:12:48 PM >>> > if I understand what you're saying, I think its always been like that, cisco > hasn't changed it. > > you're refering to the fact that the IOS switch don't let you change the > speed? I think thats strange also, the set based switch can allow you to > change speed, but after the IOS "upgrading" of switches they don't allow you > to change a 10/100 at the switch, but rather require you to configure the > desktop to 10 or 100 speed manually. > > I suppose the idea is that everyone should be using autonegotiation > according to cisco. > > scott > > ""John Neiberger"" wrote in message > news:[EMAIL PROTECTED] > > I wanted to mention that we've been in the process of upgrading our > > switches, as well, and I discovered that since we've started using the new > > Cisco switches we've been having all sorts of problems getting the speed > and > > duplex settings set correctly. > > > > We've discovered that if you have relatively new NICs with updated > drivers, > > set both sides to AUTO. Never, ever, set only one side to AUTO. I'd also > > avoid manually configuring the speed and duplex unless you have to do so > to > > fix a specific problem. Here's why: > > > > There is no standardized behavior for 100BaseTX when you manually > configure > > settings! The only setting mentioned in the specification is AUTO; the > > behavior of the NIC with any other setting is up to the vendor and not > > everyone handles it the same way. Cisco appears to have changed the way > > they handle it, which is the cause of a lot of our problems. > > > > If you hard-set the speed and duplex there are two ways to handle this: > > > > 1. Use the configured settings and still participate in autonegotiation > > only offering the configured settings. > > > > 2. Use the configured settings and do not participate in autonegotiation > > > > Cisco's new switches seem to use option #2, while a great number of our > end > > devices use option #1. Why is this a problem? Here's what happens when > you > > connection an option #1 device to an option #2 device: > > > > #1 participates in autonegotiation, only offer the configured settings. > > #2 does not participate in autonegotiation at all and will forcefully use > > the configured settings. > > #1, seeing that there's nothing on the other side using auto assumes it is > > connected to a HUB, and just might set itself to 10/Half regardless of the > > manually configured settings! > > > > As you can guess, this is bad mojo. The moral of the story is that you > > should try to start using AUTO on BOTH sides if you're using newer Cisco > > switches, in particular the 2950 series. In some cases this won't work > and > > you'll have to resort to manual settings. > > > > HTH, > > John > > > > > > >>> Priscilla Oppenheimer 3/10/03 10:58:56 AM >>> > > Mike Momb wrote: > > > > > > To all, > > > > > > We recently replaced our Nortel switches and routers with Cisco > > > 2980 switches and 6509 routers. We have two buildings, 10 > > > floors each and a router in each building. We have a > > >
Re: Network Design - What Priscilla did NOT cover in her book: [7:64957]
wow, I've never worked on such a large order, but the RFPs I've designed out have never been this much of a joke. it seems that the IT staff of this company had no clue what they wanted or needed and decided to get some free advice! the only similair scenario I can mention is when a small private school was looking to upgrade their network to gigabit (yet never fully utilized the old FE) and were shocked at the cost of the equipment. they dropped the whole upgrade totally at that point. I'm interested in hearing if any others have seen such a poor of a 'scope of work' put out before? scott ""Symon Thurlow"" wrote in message news:[EMAIL PROTECTED] > Yikes! You must have big plums to persist with a customer like that. > > It sounds like a disaster waiting to happen! > > Symon > > -Original Message- > From: The Long and Winding Road > [mailto:[EMAIL PROTECTED] > Sent: 08 March 2003 19:44 > To: [EMAIL PROTECTED] > Subject: Network Design - What Priscilla did NOT cover in her book: WAS > [7:64842] > > > ""Symon Thurlow"" wrote in message > news:[EMAIL PROTECTED] > > Hey Chuck, > > > > How did that big design go, the one you mentioned on the list a few > > months ago? > > > > Symon > > You mean the Never Ending Design? The Nightmare before the CCIE Lab? > > Here is a brief rundown. I will say in advance that as all of you who > work in the real world with real world management, real world customers, > and real world situations already know, the real work is at layers 8,9, > and 10. > > Project Summary: large organization, 2000+ employees, 10,000 data ports, > 3 dozen locations, with each location being a campus of several > buildings or several floors within buildings. The project RFP called for > a complete forklift of the existing infrastructure - routers, switches, > PBX. It also called for wireless for voice and data. The project goal > was to create a network fully capable of providing seamless integrated > services for data, voice, and video. Oh yes, there was a three week > turnaround deadline for the response, and there was no flexibility in > this. Meet the customer date or lose the opportunity. On top of that, as > is typical with most RFP's, all questions are to be submitted in > writing, and all responses go to all bidders. > > Clues that something is strange: > > 1) for any wireless response this complex, detailed site surveys are > required. there is not time to do this. > > answer: well then just do a site survey. besides, we have aerial > photographs of all of our locations posted on our web site. you can use > those to determine what you need. > > 2) you're RFP provides numbers of IDF's in each location and total > number of ports required. e.g. site X has 7 IDF's and 257 data ports. do > you have detail as to how many data ports are in each specific closet? > > answer: use an average, or come out here and do a site survey and figure > it out for yourself. > > 3) you're RFP calls for L3 switching in each and every closet. Is this > necessary, given that there is only a single ingress/egress, and that > all sites are hub and spoke? plus L3 is more expensive, and I'm not sure > there is anything to gain. > > answer: we want L3 everywhere. are you saying your ( Cisco ) equipment > does not do L3? > > Customer: oh by the way, we will be opening a new location sometime in > the next 18 months. I want you to include that location in this > response. > > 4) how many closets? how many phones? how many data ports? > > answer: just take locations a,b, and c, and average those out to get the > numbers. > > These were the major things, and should give you a pretty good idea of > the upper layer issues. > > Well, I work my ass off to meet the deadlines. We and a couple of other > vendors respond. The presentation meeting takes place with all vendors > in the same room at the same time. Oh joy, but at least we can see > eachothers' hands. > > All vendors come back with total cost in the 8-9 million range. > > Now the customer reveals that his budget is 5 million. This is something > that was asked, and which the customer refused to discuss previously. I > should add that as this is a non profit organization, and some of the > funding is from grant money with particular restrictions, this is not as > straightforward in terms of budget as might first appear. The grants > will pay for some types of equipment and services, but not others. The 5 > mil is for a "complete package" including data circuits, all equipment, > and all services. so subtract the total 5 year cost of data circuits > from that 5 mil. divvy up what's left between what the grants will buy > and what the customer himself will buy. > > OK, so now we have to scramble. The customer finally gets a clue that > things cost money, and the more you want, the more you have to pay. So - > trim your proposals, and get back with just what is required for end to > end voice over IP plus new WAN equipment. No wireless. No new switches > other
is 10baseT dead? [7:65077]
I don't know why I started to think about this topic over the weekend, but I got to thinking about network design using 10baseT ethernet. I'm a network engineer and work closely with sales. everytime in the past two years we've gone into a project, sales has always used upgrading to 100baseTX as a huge selling point. I can understand this, since the salemen and the customers can readily see 100 as being better than 10, but honestly IMO more than half the users have no reason to upgrade to 100base. plus considering that on many of these projects they don't use anything greater than 100base from the switches to the main server block, so therefore with all the desktops running 100base and browsing the internet, they are technically oversubscribed. what I'm wondering is, how should I say to the salemen that this isn't right, to keep them at 10base for the casual users and only the power users get 100base? I just don't have enough to really take away their best selling point. anyone work in a large company where its implemented like this or is everyone putting the average users desktop to 100base and oversubscribing the uplinks? scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65077&t=65077 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help In T1 CSU/DSU [7:64962]
what command are you using and what type of line are you trying to connect to? (frame or t1?) what are the specifications of that line? scott ""Monu Sekhon"" wrote in message news:[EMAIL PROTECTED] > Hi all > I have T1 Csu/dsu card on 2691 platform > Whenever I execute any service module command it gives the following error > Example:command given service module t1 clock source internal > %Serive moduule command failed,Lock timeout error > Can any body guide me out what is this error > why I am unable to execute the commands > Thanx in advance > Monu Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65083&t=64962 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Bandwidth calculations [7:65008]
what do you mean by "bandwidth useage"? if you talking about baseband, the entire bandwidth is used. broadband of course would be calculated upon what spectrum range you're using. scott ""Robert Perez"" wrote in message news:[EMAIL PROTECTED] > Anyone know how the conversion techniques for converting bits, bytes, > kilobits, etc, to calculate bandwidth usages? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65084&t=65008 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX Question [7:65095]
strange that it would create another translation instead of using the old one?? I suppose its more an error in the client software thinking it still has a valid server connection and tries to open a brand new one then. the only thing that comes to my mind would be to expire your translations faster, but I've never done this, so I don't even know if its possible. scott ""Manny"" wrote in message news:[EMAIL PROTECTED] > I ran into a situation today where we had a machine that was trying to FTP > through the firewall. We allow FTP outbound. The problem that came up was > that the user had no idea that an FTP client was setup on his machine. The > FTP client (spyware) kept trying to connect to a server (ispynow.com) using > the incorrect user name and password. For every attempt an xlate entry was > created. It created about 7000 entries in a matter of minutes. The firewall > was paralyzed. I had to console in and look at the xlate table. Even through > the console I had a hard time viewing the table. Is there any way to prevent > this from happening again?This is the second time this year an incident of > this nature with the xlate table has occurred. How can I monitor the xlate > table for strange behavior? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65331&t=65095 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: slow wan connection [7:65165]
my guess is similair to guys, I think you might be getting some routing issue with packets not going optimally between your two carriers. obviously try tracing and better than that use the ip option for recording routes. see how the packets are really negotiating the outside. scott ""Lupi, Guy"" wrote in message news:[EMAIL PROTECTED] > Are both of these T1s from the same provider, or is one from Sprint and one > from Qwest? From looking at your NAT pools, and the whois information > (below), it appears to be one from Sprint and one from Qwest. I am not sure > how the router would make the decision when doing PAT, but it is going to > pick one of the NAT pools, and then load balance across the T1s (whether per > destination or per packet cannot be determined without seeing if CEF is > turned on and seeing the whole serial interface configurations). > In this scenario, you would be trying to send some packets out to each > provider with source IP addresses that are not valid source IPs for that > network, this may or may not be your problem. Some portion of your packets > may be being dropped by the providers when they see source IP addresses that > they did not provide you. Or, all of your packets are sourced from Qwest, > since that is the first NAT pool, and you are load sharing outbound, but all > return traffic is coming in on the Qwest T1 and using up all your inbound > bandwidth. Check to see which one of these is the case, or if neither > applies, and get back to us. > > > whois -h whois.arin.net 65.120.161.167 > Qwest Communications NET-QWEST-BLKS-4 (NET-65-112-0-0-1) > 65.112.0.0 - 65.127.255.255 > THREE Z PRINTING COMPANY Q1007-65-120-161-160 (NET-65-120-161-160-1) > 65.120.161.160 - 65.120.161.191 > > # ARIN WHOIS database, last updated 2003-03-11 20:00 > # Enter ? for additional hints on searching ARIN's WHOIS database. > > whois -h whois.arin.net 65.160.124.199 > Sprint SPRINTLINK-2-BLKS (NET-65-160-0-0-1) > 65.160.0.0 - 65.174.255.255 > PowerNet Global Communications SPRINTLINK (NET-65-160-124-192-1) > 65.160.124.192 - 65.160.124.223 > > # ARIN WHOIS database, last updated 2003-03-11 20:00 > # Enter ? for additional hints on searching ARIN's WHOIS database. > > > -Original Message- > From: Terry Oldham [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 12, 2003 9:59 AM > To: [EMAIL PROTECTED] > Subject: slow wan connection [7:65165] > > > Hello All, > > I recently posted to the newsgroup about configuring a mulitple T1 > connection to a single network. I have since then got the configuration up > and running however the connection out to the net is very slow. I cannot > seem to figure out why. Here is the basics of the config: > > Fasteth0ip address 172.16.100.2 > ip nat inside > > Serial0 ip address 144.x.x.x >ip nat outside > > Serial1ip address 65.x.x.x > ip nat outside > > ip nat pool Qwest 65.120.161.167 65.120.161.190 netmask 255.255.255.224 > ip nat pool Sprint 65.160.124.199 65.160.124.222 netmask 255.255.255.224 > ip nat inside source route-map Qwest1 pool overload > ip nat inside source route-map Sprint1 pool overload > ip nat inside source static 172.16.100.5 65.120.161.162 > ip nat inside source static 172.16.200.5 65.160.124.194 > ip nat inside source static 172.16.100.6 65.120.161.163 > ip nat inside source static 172.16.200.6 65.160.124.195 > ip nat inside source static 172.16.100.7 65.120.161.164 > ip nat inside source static 172.16.200.7 65.160.124.196 > ip nat inside source static 172.16.100.8 65.120.161.165 > ip nat inside source static 172.16.200.8 65.160.124.197 > ip nat inside source static 172.16.100.9 65.120.161.166 > ip nat inside source static 172.16.200.9 65.160.124.198 > ip classless > ip route 0.0.0.0 0.0.0.0 65.x.x.x > ip route 0.0.0.0 0.0.0.0 144.x.x.x > ip route 65.0.0.0 255.0.0.0 Serial1 > ip route 144.0.0.0 255.0.0.0 Serial0 > ip route 172.0.0.0 255.0.0.0 FastEthernet0 > ip http server > ! > ! > access-list 10 permit 172.16.100.0 0.0.0.255 > access-list 10 permit 172.16.200.0 0.0.0.255 > > The Serial interfaces are not showing any kind of problems and packets are > going out of each of them. > > Thanks in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65334&t=65165 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Layer 3 Switches Vs Routers [7:65215]
> In the end, the device either routes or bridges the frames it > receives, but takes no action that can be distinctly described as layer > three switching. > > Pete > to my basic understanding ALL routing has a switching component to it already, whether we're talking about regular routers or L3 switches. process switching, fast switching, autonomous switching, distributed switching, etc... are all the ways the packets are moved between interfaces on a router. therefore both layer 2 and layer 3 'switch' irregardless of the name on the chassis. I personally view the sole distinction between the standard routers/bridges and the multilayer switches as the use of ASICs. scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65449&t=65215 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Main Diagnostic Menu on 2501 router??? [7:64427]
thanks for letting us know, it seems rare that people respond and let us know what happened. glad you know whats wrong now! those boot roms only cost about $20 on ebay. scott ""Jean-Marc Simard"" wrote in message news:[EMAIL PROTECTED] > You were pretty close. I opened it last week and I found 2 Diag roms instead > of the needed boot roms. > > Thanks everyone. > > JM > > ""Scott Roberts"" wrote in message > news:[EMAIL PROTECTED] > > what I would check isopen up the case and see if there is a "credit > > card"/PC card/pcmcia flash memory module inserted into the mainboard > (you'll > > see the slot, its obvious). also make sure there is standard memory > inserted > > in the regular memory slots. > > > > lets us know what you find. > > > > scott > > > > ""Jean-Marc Simard"" wrote in message > > news:[EMAIL PROTECTED] > > > I just bought a 2501 router through Ebay for my CCIP/CCNP study and it's > > not > > > supposed to have an IOS on it. When I power it up, instead of getting > the > > > rommon> prompt, I get the Main Diagnostic Menu as shown below. If I > > execute > > > the diag tests offered all the tests pass, but I just can't get past > this > > > menu. > > > > > > Can someone, please, tell me what is wrong with it or how I can work > > around > > > it? > > > > > > Thanks a lot > > > > > > JM > > > > > > (I had some problems with my mailer, so sorry if it gets posted twice) > > > > > > --- (output at power up)-- > > > cisco Systems > > > Diagnostic Monitor > > > > > > Testing boot state > > > Exiting boot state > > > Testing Main Memory from 0h to E000h. data equals address > > > Testing Main Memory from 0h to E000h. checkerboard > > > Testing Main Memory from 0h to E000h. inverse checkerboard > > > Clearing bss > > > Enabling interrupts > > > Exiting init > > > > > > Diagnostic Monitor for CANCUN, Version 1.7.4(4) > > > Compiled by haidung on Wed 19-Nov-97 14:26 > > > > > > Main Diagnostic Menu > > > a: alter diag flags > > > b: basic utilities > > > c: do all diags in this menu > > > d: do group of diags in this menu > > > e: bus error test > > > f: image checksum test > > > g: timer interrupt test > > > h: size memory > > > i: main memory test > > > j: main memory parity test > > > k: shared memory test > > > l: shared memory parity test > > > m: flash memory test > > > n: nvram test > > > o: aux port test > > > p: serial cookie test > > > q: serial interface test > > > s: ethernet (Am79C90-LANCE) test > > > FLAGS: Continuous OFF Stop on error OFF Ext. loopback ON Abbr. test > OFF > > > > > > enter Main Diagnostic Menu item > > > > --- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65451&t=64427 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Back-to-back FR P2P circuits with Different Dlci's [7:65595]
that command isn't necessary with back-to-back cabling. the interface's controller can determine the cablings orientation and set the interface to the correct type automatically. what I don't see is the dce providing a clocking rate. scott ""John Neiberger"" wrote in message news:[EMAIL PROTECTED] > In addition, one side needs to act as the frame relay DCE. Use the > 'frame-relay intf-type dce' command to accomplish this. > > John > > >>> Larry Letterman 3/14/03 11:38:56 AM >>> > somewhere in the routers config there will need to be a frame > switch command and a frame route command, which is how the Frame > Switch that Scott mentions works... > > Larry Letterman > Network Engineer > Cisco Systems > > > - Original Message - > From: s vermill > To: [EMAIL PROTECTED] > Sent: Thursday, March 13, 2003 12:10 PM > Subject: RE: Back-to-back FR P2P circuits with Different Dlci's [7:65355] > > > Cisco Nuts wrote: > > > > Hello, > > Does any one know why if 2 routers configured back-to-back for > > frame relay > > point-to-point intf. using different dlci's does NOT work? > > Well, it's been a while since I worked with FR. But if you think about a > "true" FR circuit, DLCIs are locally significant but both the customer prem > equipment and the FR switch have to have matching DLCIs. It's essentially > a > logical circuit ID that needs to be agreed to by both end points in order > for communication to take place. If you have three routers, you can > configure one to act as a FR switch. Then two spur routers can talk, via > the "switch," on different DLCIs. > > > Unless, they are defined the same on both routers, does it > > work!! > > Here is my config: > > R5#ri s1.1 > > Building configuration... > > > > Current configuration : 147 bytes > > ! > > interface Serial1.1 point-to-point > > ip address 1.1.1.1 255.255.255.0 > > ip router isis > > frame-relay interface-dlci 102 > > clns router isis > > end > > > > R5# > > > > > > R6#ri s0.1 > > Building configuration... > > > > Current configuration : 200 bytes > > ! > > interface Serial0.1 point-to-point > > ip address 1.1.1.2 255.255.255.0 > > ip router isis > > ip pim sparse-dense-mode > > frame-relay interface-dlci 102 > > clns router isis > > isis circuit-type level-1 > > end > > > > R6#ping 1.1.1.1 > > > > Type escape sequence to abort. > > Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: > > ! > > Success rate is 100 percent (5/5), round-trip min/avg/max = > > 32/32/36 ms > > R6# > > > > > > Now change the dlci # on R6: > > > > R6#ri s0.1 > > Building configuration... > > > > Current configuration : 200 bytes > > ! > > interface Serial0.1 point-to-point > > ip address 1.1.1.2 255.255.255.0 > > ip router isis > > ip pim sparse-dense-mode > > frame-relay interface-dlci 201 > > clns router isis > > isis circuit-type level-1 > > end > > > > R6#ping 1.1.1.1 > > > > Type escape sequence to abort. > > Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: > > . > > Success rate is 0 percent (0/5) > > R6# > > > > > > Can any one explain?? > > Thank you. > > Sincerely, > > CN > > > > > > > > > > > > > > _ > > Help STOP SPAM with the new MSN 8 and get 2 months FREE* > > http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65595&t=65595 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE [7:65426]
yes definitly a knock, couldn't remember where I had heard a lot of this before, but the link reminded me. still parts of this were good, some though need some work. perhaps we could all rewrite part of this to come up with a really good job description? I'd change the part "at the same time, perform decimal to binary conversion for very large numbers." to 'at the same time, perform hexidecimal to binary to decimal coversions for very large numbers." scott ""nrf"" wrote in message news:[EMAIL PROTECTED] > Ah, so I see somebody is familiar with Hugh Gallagher's infamous essay. > > http://urbanlegends.miningco.com/library/blbyol3.htm > > > > > > > > - Original Message - > > From: "Juan Blanco" > > To: > > Sent: Friday, March 14, 2003 6:34 AM > > Subject: CCIE [7:65426] > > > > > > > Team, > > > I got this from a friend but I not sure if you have seen this or not but > > > only someone pursuing the CCIE would laugh at it!! > > > In the course of my day-to-day work, people ask me what is a CCIE? I > > thought > > > about this for some time. I wrote some notes. And this is what I came up > > > with: > > > I am a dynamic figure, often seen scaling 8 foot computer racks and > > charming > > > magnetic security cardswipes. I have been known to remodel SME networks > on > > > my lunch breaks, making them more efficient in the area of capital > > > deployment, reliability and performance. I translate technobabble for > > > Management, I write award-winning technical presentations and deliver > them > > > better than an American president announcing tax cuts. > > > I can recite complete chapters of the Cisco Documentation CD, backwards > > and, > > > with little effort and at the same time, perform decimal to binary > > > conversion for very large numbers. > > > I woo women with my sensuous and godlike MIDI playing on a notebook. I > can > > > pilot computer trolleys up severe inclines with unflagging speed, and I > > can > > > rack Cisco gear faster than Arnold Schwarznegger can bench press. I am > an > > > expert in network diagramming tools, a veteran in web surfing, and know > > the > > > Cisco Web Site better than I know my own family. > > > Just to keep it interesting, I occasionally tread water for three days > > while > > > programming Cisco practice labs. I manage time efficiently and can > > complete > > > a timesheet every week. In addition, I know the part number for every > > Cisco > > > router cable. > > > Using only a Chinese AC power cord and a large glass of water, I once > > > single-handedly rebuilt the network core of major co-location facility > > after > > > the roof fell in. I used to play games, but now it's serious. I am the > > > subject of numerous urban myths and I am the creator of a few as well. > > When > > > I'm bored, I test fiber optic cable, calculate power loss sums on UTP > and > > > the minimum refraction index for 50 micron multimode fiber. I mean, what > > IS > > > the point of it ? > > > I understand that DLSW and Source Route Translational Bridging actually > > has > > > a reason for existence. It's not just IBM playing a practical joke. > > Really. > > > I enjoy urban guerilla activities. I can build a 802.11b parabolic dish > > > antennae using surplus antennae from defunct satellite companies and a > > juice > > > can. It has better performance than off the shelf products. I think that > > > having a wind generator and solar array as power backup for my practice > > lab > > > is not only responsible preparation, it's environmentally friendly too. > On > > > Wednesdays, after work, I repair old monitors free of charge for my > local > > > charity. > > > I know that canonical to non-canonical conversion is not about religion, > > > it's about "ART." > > > Microsoft geeks worldwide swoon over my original line of corduroy > evening > > > wear, which I don't understand -- it was supposed to be funny. I don't > > > perspire. I am a private citizen, yet I receive fan mail. I have been > > caller > > > number ten and have won the cash jackpot. > > > I can speak IPX NLSP, AppleTalk, ATM PVC, QoS, and BGP to name a few, > and > > > redistribute routes at will, with filtering, using non contiguous masks. > I > > > install IPV6 on customer sites whenever I can, just so I can play with > it. > > > Same for OSPF NSSA. Children trust me. > > > I can hurl squishy giveaway tradeshow toys at sales personnel with > > stunning > > > accuracy, and ensure that the dweeb from administration gets the blame. > I > > > have charisma beyond normal mortals; if I didn't the boss would have > sent > > > the other guy to this exam. > > > I once read Cisco Quality of Service, Caslow Bridges and Routers 2nd Ed, > > > and > > > Jeff Doyles' Routing TCP/IP Vol2 in one day, and still had time to do > > > practice on a Frame Relay multipoint network, using OSPF and IGRP, split > > > horizon, route maps and ISDN. I know the exact location of every food > item > > > in the supermarket and I use a
Re: Upgrading IOS with new flash on my 2500's [7:65472]
I can honestly say that I've never upgraded my IOS's by console cable. I didn't even know that the 2500 supported that, I only thought that it was the 3600 that supported transfer over the console cable? has anyone done a console cable transfer with a 2500? william, you can do your upgrade in one of two ways, put the new flash into the secondary flash bank and tftp copy to the second flash partition or you can boot to the rom boot-helper with your new flash in the first bank and then tftp. another possibility i suppose you could do is have enough dram memory and do a network boot and then do a tftp copy to the flash. scott ""Clements, William (Bill)"" wrote in message news:[EMAIL PROTECTED] > All, > I recently bought some new flash for my 2500's and would like to know if > there is an easier way to upload the newest IOS, other than with the console > cable. > > Thanks, > > Bill Clements MCSE, CCNP > Network Engineer > INS Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65677&t=65472 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Unable to delete flash [7:65529]
from the cisco IOS command reference: delete: "When you delete a file, the software simply marks the file as deleted, but it does not erase the file. This feature allows you to later recover a "deleted" file using the undelete command. You can delete and undelete a file up to 15 times. To permanently delete all files marked "deleted" on a Flash memory device, use the squeeze command." erase: "When a file system is erased, none of the files in the file system can be recovered. The erase command can be used on both Class B and Class C Flash file systems only. To reclaim space on Flash file systems after deleting files using the delete command, you must use the erase command. This command erases all of the files in the Flash file system. " scott ""Sales"" wrote in message news:[EMAIL PROTECTED] > Some possible things to try would be to use the /force switch with the > delete command. Also try erase versus delete to see if that helps. > > > Thanks, > > www.ccie4u.com > Rack Rentals and Lab Scenarios > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > John Tafasi > Sent: Saturday, March 15, 2003 11:09 PM > To: [EMAIL PROTECTED] > Subject: Unable to delete flash [7:65529] > > Hi Group, > > I have a problem deleting a file from a 4500 series flash memory. The > file > shows up as been deleted but the available free space indicates that the > file has not been deleted yet. I tried to use the squeeze command but it > will not work with this file system. Can you guys suggest something. > > Thanks > > John Tafasi > > r1#show fla > > System flash directory: > File Length Name/status > 1 10031664 c4500-a3jk8s-mz.122-7b.bin [deleted] > 2 3668568 c4500-i-mz.120-25.bin > [13700360 bytes used, 3076856 available, 16777216 total] > 16384K bytes of processor board System flash (Read/Write) > > r1#delete flash:c4500-a3jk8s-mz.122-7b.bin > Delete filename [c4500-a3jk8s-mz.122-7b.bin]? > Delete flash:c4500-a3jk8s-mz.122-7b.bin? [confirm] > %Error deleting flash:c4500-a3jk8s-mz.122-7b.bin (No such file or > directory) > r1# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65773&t=65529 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DS3 bandwidth issues [7:65790]
why do people refer to a DS3 as a DS3 and not a T3? is there something I'm missing? scott ""Nate"" wrote in message news:[EMAIL PROTECTED] > We've run a bandwidth test on our DS3 with nothing connected to it but a > workstation (and obviously a router/pix). We went to testmyspeed.com as > well as dslreports.com. We both got very good bandwidth tests (upward 6m/s) > however in transferring a 200m file to/from a workstation behind the > connection, we got over 30 minutes while our existing T1 got 26 minutes. > Anyone mind explaining this phenomenon? Just a side note, we have no > encryption between GRE tunnels. Thanks in advanced. > > -Nate Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65864&t=65790 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Why did Cisco do this? Off Topic [7:65834]
why not? my boss came to me this morning prior to the announcement and thought they were going to say they were buying checkpoint! scott ""Elijah Savage"" wrote in message news:[EMAIL PROTECTED] > Cisco buys Linksys. > > http://www.quicken.com/investments/news/story/?story=NewsStory/BW/20030320/a 5141_1048177983.var&p=CSCO > > > -- > "BSD is for people who love Unix - > Linux is for people who hate Microsoft" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65866&t=65834 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Unable to delete flash [7:65529]
boot into boot-helper mode (conf-reg 0x2101) this will allow the flash to be in read/write and not just read only mode. let us know please if this solved it for, its always nice to hear what works in the end. scott wrote in message news:[EMAIL PROTECTED] > Question with similar interest... > > I have a file marked for delete in the bootflash of a 7513. When I issue the > squeeze command I get the following... > > 7513#show bootflash > -#- ED --type-- --crc--- -seek-- nlen -length- -date/time-- name > 1 .D image5BE93E76 6D42E8 22 6898280 Mar 04 2002 08:32:35 > rsp-boot-mz. > 122-7a.bin > 2 .. image7415A36D DC4F08 24 7277472 Aug 13 2002 12:41:14 > rsp-boot-mz. > 122-8.t5.bin > > > 7513#squeeze bootflash > All deleted files will be removed. Continue? [confirm] > Squeeze operation may take a while. Continue? [confirm] > %Error squeezing bootflash (File open for write) > > A reboot has been suggested. Any other ideas? > > Thanks, > Tim > > -Original Message- > From: Scott Roberts [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 19, 2003 3:16 PM > To: [EMAIL PROTECTED] > Subject: Re: Unable to delete flash [7:65529] > > > from the cisco IOS command reference: > > delete: > "When you delete a file, the software simply marks the file as deleted, but > it does not erase the file. This feature allows you to later recover a > "deleted" file using the undelete command. You can delete and undelete a > file up to 15 times. To permanently delete all files marked "deleted" on a > Flash memory device, use the squeeze command." > > erase: > > "When a file system is erased, none of the files in the file system can be > recovered. > > The erase command can be used on both Class B and Class C Flash file systems > only. To reclaim space on Flash file systems after deleting files using the > delete command, you must use the erase command. This command erases all of > the files in the Flash file system. " > > > > scott > > ""Sales"" wrote in message > news:[EMAIL PROTECTED] > > Some possible things to try would be to use the /force switch with the > > delete command. Also try erase versus delete to see if that helps. > > > > > > Thanks, > > > > www.ccie4u.com > > Rack Rentals and Lab Scenarios > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > > John Tafasi > > Sent: Saturday, March 15, 2003 11:09 PM > > To: [EMAIL PROTECTED] > > Subject: Unable to delete flash [7:65529] > > > > Hi Group, > > > > I have a problem deleting a file from a 4500 series flash memory. The > > file > > shows up as been deleted but the available free space indicates that the > > file has not been deleted yet. I tried to use the squeeze command but it > > will not work with this file system. Can you guys suggest something. > > > > Thanks > > > > John Tafasi > > > > r1#show fla > > > > System flash directory: > > File Length Name/status > > 1 10031664 c4500-a3jk8s-mz.122-7b.bin [deleted] > > 2 3668568 c4500-i-mz.120-25.bin > > [13700360 bytes used, 3076856 available, 16777216 total] > > 16384K bytes of processor board System flash (Read/Write) > > > > r1#delete flash:c4500-a3jk8s-mz.122-7b.bin > > Delete filename [c4500-a3jk8s-mz.122-7b.bin]? > > Delete flash:c4500-a3jk8s-mz.122-7b.bin? [confirm] > > %Error deleting flash:c4500-a3jk8s-mz.122-7b.bin (No such file or > > directory) > > r1# > This message has been scanned for viruses by the McAfee Security e500 > Appliance. > > > > > > Note: This e-mail contains PRIVILEGED and CONFIDENTIAL information intended > only for the use of the specific individual or entity named above. If you or > your employer is not the intended recipient of this e-mail or an employee or > agent responsible for delivering it to the intended recipient, you are > hereby notified that any unauthorized dissemination or copying of this > e-mail is strictly prohibited. If you have received this transmission in > error, please immediately delete the message and advise the above by > telephone, email or fax response to this message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65862&t=65529 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DS3 bandwidth issues [7:65790]
wow thanks for all the responses everyone! I learn something new everyday on this board. scott ""[EMAIL PROTECTED]"" wrote in message news:[EMAIL PROTECTED] > Being in the "CLEC" business I can tell you that we typically refer to T3 > when discussing "Transport only" type ciruits of 45Mbps from point to point. > When we refer to putting services on it, such as Frame Relay, ATM, PPP, > voice (PRI, Trunks, etc) then we usually refer to them as DS3. > > However, they are certainly used interchangibly by most. > > A T1 or T3 is a "Carrier" as explained below: > > To see the relationship between T-carrier, E-carrier, and DS0 multiples, see > digital signal X. > The T-carrier system, introduced by the Bell System in the U.S. in the > 1960s, was the first successful system that supported digitized voice > transmission. The original transmission rate (1.544 Mbps) in the T-1 line is > in common use today in Internet service provider (ISP) connections to the > Internet. Another level, the T-3 line, providing 44.736 Mbps, is also > commonly used by Internet service providers. Another commonly installed > service is a fractional T-1, which is the rental of some portion of the 24 > channels in a T-1 line, with the other channels going unused. > > The T-carrier system is entirely digital, using pulse code modulation and > time-division multiplexing. The system uses four wires and provides duplex > capability (two wires for receiving and two for sending at the same time). > The T-1 digital stream consists of 24 64-Kbps channels that are multiplexed. > (The standardized 64 Kbps channel is based on the bandwidth required for a > voice conversation.) The four wires were originally a pair of twisted pair > copper wires, but can now also include coaxial cable, optical fiber, digital > microwave, and other media. A number of variations on the number and use of > channels are possible. > > In the T-1 system, voice signals are sampled 8,000 times a second and each > sample is digitized into an 8-bit word. With 24 channels being digitized at > the same time, a 192-bit frame (24 channels each with an 8-bit word) is thus > being transmitted 8,000 times a second. Each frame is separated from the > next by a single bit, making a 193-bit block. The 192 bit frame multiplied > by 8,000 and the additional 8,000 framing bits make up the T-1's 1.544 Mbps > data rate. The signaling bits are the least significant bits in each frame. > > A DS0/1/3 is a Digital signal carried by the "T" carrier as explained below: > > > Digital signal X is a term for the series of standard digital transmission > rates or levels based on DS0, a transmission rate of 64 Kbps, the bandwidth > normally used for one telephone voice channel. Both the North American > T-carrier system system and the European E-carrier systems of transmission > operate using the DS series as a base multiple. The digital signal is what > is carried inside the carrier system. > DS0 is the base for the digital signal X series. DS1, used as the signal in > the T-1 carrier, is 24 DS0 (64 Kbps) signals transmitted using pulse-code > modulation (PCM) and time-division multiplexing (TDM). DS2 is four DS1 > signals multiplexed together to produce a rate of 6.312 Mbps. DS3, the > signal in the T-3 carrier, carries a multiple of 28 DS1 signals or 672 DS0s > or 44.736 Mbps. > > Digital signal X is based on the ANSI T1.107 guidelines. The ITU-TS > guidelines differ somewhat. > > > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > > MADMAN > > Sent: Thursday, March 20, 2003 4:32 PM > > To: [EMAIL PROTECTED] > > Subject: Re: DS3 bandwidth issues [7:65790] > > > > > > six of one half dozen of the other, they both describe the same > > thing. I "think" T is a Bellcore name and DS is a some standards > > body name. > > > > Dave > > > > Scott Roberts wrote: > > > why do people refer to a DS3 as a DS3 and not a T3? is there > > something I'm > > > missing? > > > > > > scott > > > > > > ""Nate"" wrote in message > > > news:[EMAIL PROTECTED] > > > > > >>We've run a bandwidth test on our DS3 with nothing connected to it but a > > >>workstation (and obviously a router/pix). We went to testmyspeed.com as > > >>well as dslreports.com. We both got very good bandwidth tests (upward > > > > > > 6m/s) > > > > > >>however in transferring a 200m file to/from a workstation behind the > > >>conn
Re: 2501 and 2503 Lab [7:65942]
you can accomplish many of the things you're looking for, the trick is to have the correct IOS image. if your routers only has a basic IP image you might not be able to do some of these functions. the other thing to conssider is the amount of memory you have to implement everything using verion 12, you'll basically need 16MB of flash and 8-16MB of DRAM. scott ""Pete Nugent"" wrote in message news:[EMAIL PROTECTED] > Just got a small Lab fo home 2 x 2501 and a 2503 here's what I really need > to know. As the MCNS is fo router security mainly will this be OK. > > Will these run BGP, OSPF, ISIS IPSec/DES/3DES. Basically what are the > limitations. They all have V12 IOS. Seems like an easy question but I dont > wanna start trying something I cant do. > > Also if I want to look at the CSSP at a later date are 2 PIX 501's enough. > > Any advice on additions to my Lab will be appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66086&t=65942 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PDM Question [7:65954]
I agree, they are a few aspects missing from PDM, such as the mentioned VPN/cryptology, but I find that it helps when you need to configure a basic firewall quickly. I find that I'll put the basic interface commands in CLI and then I'll setup NAT through the PDM interface. scott ""Steve Wilson"" wrote in message news:[EMAIL PROTECTED] > the PDM is a useful tool for a graphical view of the configuration. If you > are using your PIX to terminate VPN clients or tunnels you may stillned to > use the command line to administer and configure them. This might be > improved in the next release of the Operating System. Personally i agree > that the CLI is still the best way to program the beast. > > Best of luck > Steve > > -Original Message- > From: Hartnell, George > To: [EMAIL PROTECTED] > Sent: 21/03/2003 20:34 > Subject: PDM Question [7:65954] > > Hi there, > > I've got a 515UR failover I jus' upgraded from 5.3(1) to 6.1(4). I'd > like > to pop PDM on that system(s) and try that interface out. > > I'm a command line kind of guy, so am comfortable with CLI, but, I've > heard > that PDM is a worthy utility. > > Any words of wisdom on PDM installation? > > Best, G. > > "Nations have recently been led to borrow billions for war; > no nation has ever borrowed largely for education... > no nation is rich enough to pay for both war and civilization. > We must make our choice; we cannot have both." -- Abraham Flexner Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66088&t=65954 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT overload as security [7:66015]
I work with a lot of different vendors firewalls and IMO PAT is a security feature (to a degree). like many other security features its not perfect by itself, but when combined with other features its creates a full firewall. technically PAT alone would be an aspect of stateful inspection/translation, which is a first generation firewall. as you already stated though, you have no idea whats in the incoming packets above layer 4, so thats the risk. of course if you had a static translation or regular NAT, thats a whole different story. scott ""Doug S"" wrote in message news:[EMAIL PROTECTED] > On my home network, I rely almost exclusively on NAT overload for security. > Even though I know it's not a security measure, I've yet to hear anyone with > a good explanation of why it's not enough, at least for a home network. I > know there's a bunch of really bright people here, so if anyone would point > out the flaws in my reasoning, I'd love to hear it. > > Below are some exerpts from an email converstation with a friend that > explain how I think about it: > > --- > > I mostly rely on NAT overload for security. The only traffic that will be > allowed in is traffic for which a translation has been created. Since these > translations are only created by outbound traffic, no one from the outside > can initiate a connection unless they bypass NAT by using the actual private > ip addresses configured on the workstation. To do that, they'de have to > have no routers between them and my router (meaning my ATT segment only) as > any other router would drop packets for these addresses. To protect against > that, I deny traffic for the ip's configured behind the router. > > access-list 151 deny any 192.168.0.0 0.0.0.255 > access-list 151 permit any any > (this whole acl could just as well be: >access-list 165 permit any host (outside int IP address) > > access-list 50 permit 192.168.0.0 0.0.0.255 > > Int e0 > ip address 192.168.0.1 255.255.255.0 > ip nat inside > > Int e1 > ip address dhcp > ip nat outside > ip access-group 51 in > > ip nat inside source list 50 int e1 overload > > > > Even though NAT isn't a security feature, I think overload works pretty well > for security because no traffic will be allowed in unless an inside host has > created a NAT entry by originating the flow. All legitimate flows on a home > network are going to be created by CLIENT processes running on the machine, > so what do I care if someone tries to connect to that port. What I mean is: > > 1) I go to surf the web at 200.200.200.200, my workstation uses tcp port > 1456 to connect to tcp port 80 > > 2a) tcp port 1456 is taking in traffic only for web browser, which is a > client application that's only going to display what's sent back to my > browser. > > 2b) as this traffic passes through the router a NAT entry is created: > INSIDE LOCAL INSIDE GLOBAL OUSIDE GLOBAL > 192.168.0.100:1456 12.228.99.129:1456 200.200.200.200:80 > > 3) A 'hole' has been created that now allows traffic to my workstation. > > 4) A really good hacker wants to exploit this hole. To do this, s/he's > going to have to do a few tricky things: > > First, since this translation is only going allow traffic only from > 200.200.200.200:80 to be sent to 192.168.0.100:1456, s/he's going to have to > figure out how to spoof that address/port pair AND get the return traffic > back to his machine (if he wants any return traffic there might be) > > Second, since it's only my web browser, and not some service that's running > on port 1456, the only traffic that could possibly even be interpreted on > that port would be html. And since that port is maintaining the tcp stream > info from the original connection (seq #'s ack's) s/he's going to have to > accurately spoof that too. If all this is sucessful, I guess there is > malicious html code that s/he could run, but wouldn't it have been easier > for the hacker just to put it up on a website and let me click on it myself? > > To me it seems like NAT overload on home computers meets the security idea > of making it more difficult than what it's worth for the hacker. There is > no way I would ever rely on this on a production network with services > available, themselves initiating connections. I'd really like to hear a > security expert's views about these ideas, but so far, no one I've talked to > has explained to me a way that a hacker could get past NAT overload. > > The only two ways I can think of are > 1)bypass NAT by using the actual configured ip's of the workstations inside > > 2)Get you to install software on you're machine that will both create a nat > translation to the outside and let them connect back through that > translation to a SERVICE that's listening on that port. If they are able to > do that, even CBAC isn't going to stop them anyhow. > > Access lists trying to pro
Re: Natting problem...help!!! [7:66111]
I've never had to implement a dns change, but supposedly yes it does change the payload. there is only a few services where is does these payload changes though. another big one used to be ping, NATing modifies the payload of that also. scott ""Charles D Hammonds"" wrote in message news:[EMAIL PROTECTED] > from the below link: > > > Is that accurate??? The "ip nat outside source" command will translate the > IP in the PAYLOAD of the DNS reply packet even though it is not the > source??? doesn't sound right and I am unable to test it rite now... > > Charles > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 25, 2003 1:06 AM > To: [EMAIL PROTECTED] > Subject: RE: Natting problem...help!!! [7:66111] > > > You could get around this by doing a two way nat, or as cisco calls it, > nating for overlapping networks .. > > http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_examp > le09186a0080093f30.shtml > > JP wrote: > > > > I have the following scenario > > > > 0---0--telnet > > application > > network3network 1 network 2 > >lan wan link > > > > I need all hosts on network 3 to telnet to my "telnet > > application" > > Problem is network 3 and network 2 both have the same ip range. > > > > My question is the following: > > Is there any way i can perform natting to allow network 3 hosts > > to telnet to > > the application and use an ip address other than the one > > assigned to the > > application as the destination address??? > > > > Any ideas appreciated > > > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66406&t=66111 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Console management [7:66405]
I should warn you about my last response regarding the 'Digi portserver', I had to make my own custom cables though, the regular cisco rollover doesn't work. so if you're not used to crimping your own cables, I wouldn't go with the portserver. scott ""Kazan, Naim"" wrote in message news:[EMAIL PROTECTED] > Hi Guys > > I am looking for a not so expensive device to manage my routers for my lab > at home via the console. Any suggestions will be greatly appreciated. > > > Thanks > > Naim Kazan > FISC-SDS Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66411&t=66405 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Console management [7:66405]
if you mean like a 2511? an access server to allow you to telnet into all your routers and not keep switching the console cables around? well you could buy a 2511 (or 2512 for token ring) to do the job, it has 16 ports. the problem with this is that you'll pay a premium on ebay for it. an alternative I just bought and I think works terrific is the Digi portserver. it also has 16 ports and you can get them off ebay sometimes for less than $100. scott ""Kazan, Naim"" wrote in message news:[EMAIL PROTECTED] > Hi Guys > > I am looking for a not so expensive device to manage my routers for my lab > at home via the console. Any suggestions will be greatly appreciated. > > > Thanks > > Naim Kazan > FISC-SDS Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66410&t=66405 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BCRAN: 700 or 800 Series Router Commands? [7:66290]
I agree that you should know the generalities of the 700 series. I bought one anyway off of ebay, it was only $20 for a 776M, so I wasn't out a whole lot. the 800 is IOS so there isn't much to worry about in terms of commands. scott ""fred barreras"" wrote in message news:[EMAIL PROTECTED] > All I saw when I took exam was genral questions on the 700, such as where it > is used and max amount of profiles,etc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66409&t=66290 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router-to-external MODEM connection [7:66585]
you'll need a WIC with a async/syn serial port, I know they're available for the 1700's, but I'm not sure if the same wic will work in a 1600. then you can specify the interface as async and connect up the modem with a db60-rs232 cable. scott ""Diego Martmnez Boqui"" wrote in message news:[EMAIL PROTECTED] > Hello Steve, yes, I can do this using the aux port but my 1600 router does > not have an aux port, I need to do this using my serial sync/async > interface, I just don`t know how and have not found a document about this > type of connection. > > Thanks for your help anyway > > Peace > - Original Message - > From: "Steve" > Date: Tue, 1 Apr 2003 03:21:41 GMT > To: [EMAIL PROTECTED] > Subject: Re: Router-to-external MODEM connection [7:66585] > > this can be done look for cisco doc to connect external modem to aux port > > -- > Regards, > > Steve > > > ""Diego Martmnez Boqui"" wrote in message > news:[EMAIL PROTECTED] > > Hello Group. > > > > Is it possible to connect an external modem to a Cisco 1600 series > > router? > > > > And if it is, then how is it done? > > > > Can I connect using the serial interface? > > > > Any link with step by step instructions? > > > > Thank you all! > > -- > > __ > > Sign-up for your own FREE Personalized E-mail at Mail.com > > http://www.mail.com/?sr=signup > Diego Martmnez Boqui > > -- > __ > Sign-up for your own FREE Personalized E-mail at Mail.com > http://www.mail.com/?sr=signup Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66632&t=66585 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 2511 Hardware Issue [7:66662]
I'm assuming your configuration is fine, but what do the controllers show and are the interfaces showing any errors? scott ""Tim Champion"" wrote in message news:[EMAIL PROTECTED] > Has anyone experienced, or heard of, the following problem: > > I recently bought a 2nd hand 2511 but only async interfaces 9-16 work. 1-8 > receive data but do not transmit. Could it possibly be due to one of the > numerous jumper settings? > > many thanks in advance. > > Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66721&t=2 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router-to-external MODEM connection [7:66585]
yes daniel cotts was right, the 1601 serial interface is a asyc/sync one and since you have one you're in luck! the only thing you're missing though is a cable that is db60 to rs-232. you can get these straight from a cisco reseller or off of ebay (though its hard to find these on ebay unless you look). the configuration of a modem is an entire chapter of most books, so it depends on what you're looking to do with the modem. dial in, dial out, access the network behind the router or access the router itself? you can find configuration example in many books and also try searching cisco.com for 'modem router configuration' hope this helps, scott ""Diego Martmnez Boqui"" wrote in message news:[EMAIL PROTECTED] > Hi Scott, yes my router is a 1601 which has an integrated wic (async/sync > serial interface (db60). > > Ok, so you confirm to me that this connection is possible, the thing is that > I need some kind of instructions to do the connection. Do you know how to > do this or can you point me to some url where I can find step-by-step > instructions to configure this. > > Thanks a lot for your time and help. > - Original Message - > From: "Scott Roberts" > Date: Tue, 1 Apr 2003 19:51:34 GMT > To: [EMAIL PROTECTED] > Subject: Re: Router-to-external MODEM connection [7:66585] > > you'll need a WIC with a async/syn serial port, I know they're available for > the 1700's, but I'm not sure if the same wic will work in a 1600. then you > can specify the interface as async and connect up the modem with a > db60-rs232 cable. > > scott > > ""Diego Martmnez Boqui"" wrote in message > news:[EMAIL PROTECTED] > > Hello Steve, yes, I can do this using the aux port but my 1600 router does > > not have an aux port, I need to do this using my serial sync/async > > interface, I just don`t know how and have not found a document about this > > type of connection. > > > > Thanks for your help anyway > > > > Peace > > - Original Message - > > From: "Steve" > > Date: Tue, 1 Apr 2003 03:21:41 GMT > > To: [EMAIL PROTECTED] > > Subject: Re: Router-to-external MODEM connection [7:66585] > > > > this can be done look for cisco doc to connect external modem to aux port > > > > -- > > Regards, > > > > Steve > > > > > > ""Diego Martmnez Boqui"" wrote in message > > news:[EMAIL PROTECTED] > > > Hello Group. > > > > > > Is it possible to connect an external modem to a Cisco 1600 series > > > router? > > > > > > And if it is, then how is it done? > > > > > > Can I connect using the serial interface? > > > > > > Any link with step by step instructions? > > > > > > Thank you all! > > > -- > > > __ > > > Sign-up for your own FREE Personalized E-mail at Mail.com > > > http://www.mail.com/?sr=signup > > Diego Martmnez Boqui > > > > -- > > __ > > Sign-up for your own FREE Personalized E-mail at Mail.com > > http://www.mail.com/?sr=signup > Diego Martmnez Boqui > > -- > __ > Sign-up for your own FREE Personalized E-mail at Mail.com > http://www.mail.com/?sr=signup Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66718&t=66585 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: "off-topic" posts - WAS - RE: What tools can tell u r using [7:66723]
something tells me you never fully considered the merits of that website. take another hard look at it and then questions its relevance to cisco. ;) scott ""cebuano"" wrote in message news:[EMAIL PROTECTED] > Paul, > How many more of these "off-topic" threads are you going to allow? > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > LaWanda Daivs > Sent: Tuesday, April 01, 2003 8:38 PM > To: [EMAIL PROTECTED] > Subject: Re: What tools can tell u r using lease line or ISDN? [7:66561] > > Take a look at this web site and let me know what you > think. > > http://www.imagine2020.com/761368002. > > > --- Link Teo wrote: > > I am using leased line to connect my remote offices > > to HQ. All the leased > > line are backup by ISDN. Is there any tools which > > can inform me via email or > > other means about whether I am using leased line now > > or ISDN backup? In > > other words, any tools which can inform me when the > > primary line is down and > > the ISDN kick in? > > > > Thanks a lot. > [EMAIL PROTECTED] > > > __ > Do you Yahoo!? > Yahoo! Tax Center - File online, calculators, forms, and more > http://platinum.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66723&t=66723 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: so how does IGRP unequal load-balancing work anyway? [7:66722]
considering hold-down times and split horison, why do you think that packets would bounces in a loop under normal conditions? I think under normal conditions if a route is considered valid enough to be included in a routing table, its not going to be a loop. I think EIGRP only looked for alternate successors when the feasible successor was a really bad cost, was because of an optimization standpoint and not a loop issue. I agree that there can be some issues with classful protocols and routing, but I think the issue of load balancing legitimately discovered routes isn't worrisome. you'll pretty much have an eye on your network and know if something isn't right, but it seems like you're worried that if you setup a network and leave it for a few years unattended there might be problems, well what network won't under those circumstances? scott ""nwo"" wrote in message news:[EMAIL PROTECTED] > It occurs to me that I do not understand how IGRP unequal load balancing > works. > > Yes, I understand what the commands are, and I am well aware of the > intricacies involved in fast-switching and CEF. So please don't respond by > telling me to configure 'variance' or stuff like that. I already know all > that. > > What I don't understand is this. A fundamental part of EIGRP unequal load > balancing is the concept of the feasible successor, where routes of unequal > metric to a particular destination will be considered only if the > corresponding neighbor is a feasible successor for the destination in > question. This is in order to prevent the problem of packets being sent to > to a router that is actually further away from the destination than the > sending router is to that destination. > > Yet, I am aware of no such safeguards in IGRP. IGRP has no such concept of > a topology table with neighbor's advertised distances and whatnot. > Therefore it seems that packets could easily be forwarded away from the > destination. Furthermore, it would seem to me that packets could actually > bounce back and forth between 2 routers for awhile. > > Please say it ain't so. Yet I am unaware of any construct within IGRP that > would prevent it from being so. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66722&t=66722 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP Recertification Exam Review [7:66644]
thanks for the advice. seems like very good and concise info! I have to laugh though, I started my ccnp over two years ago, passing three of the four tests and then got caught up in work related projects (damn work!) and put my certificatiosn on the back burner. the funny thing is, my ccna was about to expire in less than a month, so I took my final ccnp test (CIT) and renewed my ccna at the same time. it almost seems like you can find a way to work the system; I was kinda even hoping that ccie would renew my ccnp/ccna and then I could wait the three years complete that and then forget about the renewal issue altogether. scott ""Priscilla Oppenheimer"" wrote in message news:[EMAIL PROTECTED] > The CCNP Recertification Exam was gruelling, and that's no April Fool's > joke. But I survived it! ;-) > > Exam number: 640-851 (the current one) > Number of questions: 112 > Time: 2 hours > Passing Score 732 > My score: 834 > > Is anyone else taking it soon? Here's some advice: > > Do study. > Take each question one at a time. > There's plenty of time. > Despite some of the gruelling questions, there are some give-aways too. > Read carefully. > Don't guess unless you absolutely have to. > BREATHE! ;-) > > There's a variety of question types, including one right answer, multiple > right answers (they tell you how many), drag-and-drop, type in the command, > select a command from a list, and that new simulator thingie that Cisco uses. > > One reason the test is so hard is that it covers so many topics, in quite a > lot of depth. After a while, your brain gets fried and you forget, is it > OSPF that considers a high priority a good thing (for DR election) or it STP > that considers a high priority a good thing (for root bridge election?) > (It's OSPF). And with OSPF, does a 0 in a mask mean "must match" like in > access lists or does it mean "don't care" like in static routes (and OSPF > range commands?!) (0 means must match in OSPF network statements.) > > Those things may seem obvious, but by about question 72, you start to get > confused, if you're like me. You just have to relax and realize that you DO > know this stuff. Don't let your brain get into a Mobius strip like mine > almost did. > > The good news is that the questions from the different qualifying tests are > not merged. It's very clear when you move between the following tests: > > Routing: > It's based on BSCI actually, not Routing, and is quite hard. Know your BGP, > OSPF, and IS-IS. I used Doyle and papers at CertificationZone. You won't be > able to just use books that you read when you passed 3 years ago. > > Support: > This didn't seem to have changed. So you could use the Cisco Press CIT book, > but there is a new resource available too. (Troubleshooting Campus Networks. > :-) > > Remote Access: > This didn't seem to have changed. The Cisco Press book edited by Catherine > Pacquet is still an excellent resource. Yes, you may encounter BCRAN > questions from last millennium's technologies and products. > > Switching: > This had changed. So know the topics listed for the latest version. I'm not > sure what you should study. I guess the official BCMSN book? I studied with > Cisco LAN Switching, by Clark and Hamilton, which is excellent, but I still > couldn't answer a lot of the questions. I suspect you need a lesser book so > you know all Cisco's latest misconceptions about LAN technologies. ;-) > > For the switching exam, know your stuff because some of the questions are > unanswerable by anyone with a logical brain. You'll get things like: Which 3 > statements are true? > > IEEE 802.3 > FDDI > SONET > Gigabit Ethernet > > Notice, the answers aren't statements! ARGH. > > Finally a word about CertificationZone. I have written troubleshooting > guides for them but am no longer compensated by them, so I hope you won't > think this is biased. Their papers were extremely helpful. Also they have > practice exams for BSCI, Support, BCRAN, and Switching. The practice exams > are very helpful, with one exception: SWITCHING! (The bane of my existence.) > Their switching exam covers too many topics that aren't on the current exam. > > Well, that's all for now. I'm just happy to be certifiable for another 3 > years. > > ___ > > Priscilla Oppenheimer > www.troubleshootingnetworks.com > www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66781&t=66644 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Computer for ISP [7:66736]
well georgeW, your questions seem a little hidden. what are you asking? why an ISP would need a server? for dns is the first example that comes to mind. btw, 4 more? scott ""George"" wrote in message news:[EMAIL PROTECTED] > A computer is to be purchased for an Internet Service Provider (ISP) that is > to be used as one of the server at the network backbone. What may be the > role of this server for the ISP? > > Can this server be put for other server related applications? > > What will be configuration of this server giving reason for selection of > various components ( economicaly wise and performance wise ) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66793&t=66736 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP route to Null0? [7:66755]
null0 is used as an alternative to access-lists. it is a blackhole. so anything routed to it gets dropped automatically. an access-list uses more processor overhead than a null interface and thus if you have a certain part of your network that you don't want to go anywhere, then use a null interface instead of access-lists. as for why its a floating route or the tie-ins to bgp, thats beyond me and hopefully someone comments on this. bgp makes my head hurt. scott ""Anil Gupte"" wrote in message news:[EMAIL PROTECTED] > I am trying to understand some IP route commands on our router. Several of > them go to Null0 - what does that mean? > > For example, I have > ip route xxx.xxx.xxx.0 255.255.255.0 Null0 200 > > What is this doing? > > I need to add another block of class Cs from the same provider. Do I need > a similar statement to the above? > > Thanx for your help. > Anil Gupte Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66790&t=66755 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hacking challenge [7:66720]
my company does a lot of firewall consulting and I run into this question all the time. frankly I don't have a great answer for it though. packet filters (i.e. access-lists) are technically first generation firewalls, so they do have a firewall in place already. the sell really comes into play when you state that first generation firewalls aren't as robust and up-to-date as the latest third generation firewalls and are open to concerted attacks. this usually they can understand. trying to explain multilayer stateful inspection to them is pointless, so don't even try. probably the best thing you can do (as already sugeested), is make sure your acl is complete and anytime a security issue comes up point out the problem as relates to no firewall. after about a year of you doing this, they'll catch on and will budget it in eventually. scott ""Wilmes, Rusty"" wrote in message news:[EMAIL PROTECTED] > there's an access list on the ethernet interface thats directly connected to > a dsl modem. > > they're allowing telnet and smpt to basically, any any plus various other > protocols from/to specific addresses. There're only two outside addresses > that are natted but its really hideous and the access list is the only thing > resembling a layer of security between the internet and their server farm. > > I was just hoping to hear some really good verbage about how vulnerable they > are. I've told them for 3 months to get a pix but it just aint sinking in. > Now they've got a worm loose on their mail server thats bringing down their > main host system and their internet line (but thats another story). > > > > > -Original Message- > > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] > > Sent: Thursday, April 03, 2003 8:46 AM > > To: [EMAIL PROTECTED] > > Subject: RE: hacking challenge [7:66720] > > > > > > Wilmes, Rusty wrote: > > > > > > this is a general question for the security specialists. > > > > > > Im trying to convince a client that they need a firewall > > > > > > so hypothetically, > > > > > > if you had telnet via the internet open to a router (with an > > > access list > > > that allowed smtp and telnet) (assuming you didn't know the > > > telnet password > > > or the enable password)that had a bunch of nt servers on > > > another interface, > > > > Do you actually mean that you are allowing Telnet and SMTP to > > go through the > > router? You said "to" above which is confusing. Allowing Telnet to the > > router unrestricted would be a horrible security hole, even > > for people who > > don't know the password because passwords are often guessable. > > > > But I don't think that's what you meant... > > > > Allowing Telnet and SMTP through the router is more common, > > especially SMTP. > > You have to allow SMTP if you have an e-mail server that gets > > mail from the > > outside world. Avoid Telnet, though, if you can. It sends all > > text as clear > > text, including passwords. > > > > The question is really how vulnerable is the operating system > > that the SMTP > > server is running on? It's probably horribly vulnerable if your client > > hasn't kept up with the latest patches, and it sounds like > > your client is > > the type that hasn't? In fact, the server is probably busy > > attacking the > > rest of us right now! ;-0 > > > > So, as far as convicing your customer > > > > The best way may be to put a free firewall, like Zone Alarm, > > on the decision > > maker's computer and show her/him all the attacks happening > > all the time. Or > > if she already has a firewall, walk her through the log. > > > > Good luck. I have a good book to recommend on this topic: > > > > Greenberg, Eric. "Mission-Critical Security Planner." New > > York, New York, > > Wiley Publishing, Inc., 2003. > > > > Here's an Amazon link: > > > > http://www.amazon.com/exec/obidos/ASIN/0471211656/opendoornetw > > inc/104-9901005-4572707 > > > > Priscilla > > > > > how long would it take a determined hacker a) cause some kind > > > of network > > > downtime and b) to map a network drive to a share on a file > > > server over the > > > internet. > > > > > > Thanks, > > > Rusty > > > > > > > -Original Message- > > > > From: Larry Letterman [mailto:[EMAIL PROTECTED] > > > > Sent: Wednesday, April 02, 2003 1:44 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: RE: VLAN loop problem [7:66656] > > > > > > > > > > > > Yes, > > > > it prevents loops in spanning tree on layer 2 switches from > > > > causing a loop > > > > by disabling the port on a cisco switch... > > > > > > > > > > > > Larry Letterman > > > > Network Engineer > > > > Cisco Systems > > > > > > > > > > > > > > > > > > > > > > > > > -Original Message- > > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED] Behalf Of > > > > > Thomas N. > > > > > Sent: Wednesday, April 02, 2003 12:18 PM > > > > > To: [EMAIL PROTECTED] > > > > > Subject: Re: VLAN loop problem [7:66656] > > > > > > > > > > > > > > > What does "portfas
Re: so how does IGRP unequal load-balancing work anywa [7:66795]
your example is fair. I haven't seen many real example of load balancing. in the case you're describing you can simply change the metrics on one of the routers 'secondary' link to the other router. this would prevent it from passing anything it received from the one router back to itself. yes the way you've created the example things would 'loop' between them, but as an experienced cisco person, you've recognized the misconfiguration and have avoid the conflict in this setup. I can come up with dozens of normal operation scenarios where if put together in such a manner (which taken alone work fine), would fall apart because they were assembled without a perspective on the greater network. its like me wondering about the validity of marriage if the possibility exists that could marry my own sister. its a possibilty if I can think of the right scenario, but with this knowledge in mind, I can be on the lookout for anyone that resembles me a bit too closely. scott ""nwo"" wrote in message news:[EMAIL PROTECTED] > OK, consider this scenario. > > You have a large network of IGRP routers. You have routers A and B who each > have a metric of, say, 10 to a given destination (I am going to use simple > values for the metrics of IGRP to make things easy). Routers A and B are > also directly connected, and the link between them has a metric of 1. > Router A sends an update to B that the destination has a metric of 10, and > router B adds the value of the link to arrive at a total metric of 11. > Therefore, router B has 2 ways to get to the destination, the first would be > through the normal way (through the path that has a metric of 10) and the > other through router A (which has a metric of 11). Vice versa is also true > with respect to router A. When you configure variance of larger than 1, > then both paths will be entered into the route table. > > If this is the case, then you can see that some packets can bounce around. > For example, router A may, through unequal load-balancing, send some of the > dest packets to B, and then B will, again through unequal balancing, send > some of those packets back to A, etc. Yes, the number of packets sent the > 'wrong way' decreases exponentially but the point is that there is still > some bouncing around. > > The only way I can see that this would not happen is if a router would > compare the metric of a received route (before the cost of the link is > added) to the metric that the router is currently holding for that route, > and if it is equal to or greater than that value, the route is rejected > unconditionally for unequal balancing. This would be something similar to > what the whole EIGRP successor algorithm accomplishes. Does anybody know > for a fact whether this is in the IGRP algorithm? > > > ""Priscilla Oppenheimer"" wrote in message > news:[EMAIL PROTECTED] > > nwo wrote: > > > > > > It occurs to me that I do not understand how IGRP unequal load > > > balancing > > > works. > > > > > > Yes, I understand what the commands are, and I am well aware of > > > the > > > intricacies involved in fast-switching and CEF. So please > > > don't respond by > > > telling me to configure 'variance' or stuff like that. I > > > already know all > > > that. > > > > > > What I don't understand is this. A fundamental part of EIGRP > > > unequal load > > > balancing is the concept of the feasible successor, where > > > routes of unequal > > > metric to a particular destination will be considered only if > > > the > > > corresponding neighbor is a feasible successor for the > > > destination in > > > question. This is in order to prevent the problem of packets > > > being sent to > > > to a router that is actually further away from the destination > > > than the > > > sending router is to that destination. > > > > > > Yet, I am aware of no such safeguards in IGRP. IGRP has no > > > such concept of > > > > I don't think such a safeguard is necessary. A router running even a > simple > > distance-vector protocol like IGRP knows the metric of its neighbors > because > > the neighbors report it in update packets. The router can add routes to > the > > routing table based on this information alone and knowledge of the > variance > > and maximum-paths values. It would be a broken protocol indeed if it added > > routes that included a next-hop neighbor that was farther away. > > > > The business of feasible successors, unique to EIGRP, helps maintain the > > routing table when changes happen, such as when a directly connected link > > fails or when update or queries arrive. I don't know if it's used for load > > balancing though. It wouldn't need to be. > > > > If you have a URL that explains what feasible successor has to do with > load > > balancing, please send it. Thanks. But I would probably still say that > it's > > not necessary for load balancing to work. > > > > > a topology table with neighbor's advertised distances and > > > whatnot. > > > Therefore it seems that
Re: WIC 2A/S working at speeds greater than 128kbps. [7:66733]
I think thats the maximum of asynchronous communication that they've put into their documentation, I don't think there is an upper limit to the real transfer rate. I suppose you could clock a asynchronous transmission way up into the Mbps range and that interface would still suck it in. granted there would probably be tons of errors/drops, but I don't think cisco has a hard limit on how much it can receive. technically I think rs-449 is rated into the Mbps range and is still considered asynchronous. correct me if I'm wrong. scott wrote in message news:[EMAIL PROTECTED] > We have a Cisco 1750 router with a WIC2A/S card installed..According to > Cisco's documentation, the WIC card supports speeds upto 128kbps. But i have > seen the serial port working at speeds of 250kbps.How??? Is Cisco's > documentation wrong or am i missing something?? > > Thanks and Regards > > Simon K. Carvalho > Sr. Network Engineer > Network Solutions Ltd. , Bangalore > Email: :[EMAIL PROTECTED] > Web : www.netsol.co.in > Phone : +91 80 5535228 ext 433 > Mobile : +91 9845349843 > > "Tomorrow's Networks.Today." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66802&t=66733 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PAT AFTER NAT (confused) [7:66734]
this is the current nat setup I have on one of my PIXs: global (outside) 1 xxx.xxx.223.235-64.172.223.236 global (outside) 1 xxx.xxx.223.237 nat (inside) 0 access-list 100 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 heres the translations: PAT Global xxx.xxx.223.237(16882) Local 192.168.2.18(2193) PAT Global xxx.xxx.223.237(16914) Local 192.168.2.18(2229) PAT Global xxx.xxx.223.237(4739) Local 192.168.2.18(2228) PAT Global xxx.xxx.223.237(16915) Local 192.168.2.18(2230) Global xxx.xxx.223.236 Local 192.168.2.17 PAT Global xxx.xxx.223.237(16880) Local 192.168.2.18(2190) Global xxx.xxx.223.235 Local 192.168.2.14 PAT Global xxx.xxx.223.237(16913) Local 192.168.2.18(2227) PAT Global xxx.xxx.223.237(16918) Local 192.168.2.18(2233) PAT Global xxx.xxx.223.237(16919) Local 192.168.2.18(2234) PAT Global xxx.xxx.223.237(16916) Local 192.168.2.18(2231) PAT Global xxx.xxx.223.237(16917) Local 192.168.2.18(2232) PAT Global xxx.xxx.223.237(16922) Local 192.168.2.18(2237) PAT Global xxx.xxx.223.237(16923) Local 192.168.2.18(2238) PAT Global xxx.xxx.223.237(16920) Local 192.168.2.18(2235) PAT Global xxx.xxx.223.237(16904) Local 192.168.2.18(2218) PAT Global xxx.xxx.223.237(16921) Local 192.168.2.18(2236) you can see that the two nat IPs are being used already and the rest are being NATed. I can only assume the NATs went through first, since PAT would take like 4000+ to fill up I believe. on another note, whats up with all those xlates for 192.168.1.18!! (I'll ignore that for now) I can't think of a recent nat I have off of a regular router, but I suspect based upon what people are saying that perhaps the PIX's nat works correctly, but the routers is kinda backward. something to setup in a lab I suppose. scott ""Marko Milivojevic"" wrote in message news:[EMAIL PROTECTED] > I have been following this thread with great interest, for I had > problems with PAT/NAT in IOS recently. It looks to me that many people have > the same confusions (hopes) as I had. > > I have a case where I have many users on private address space > (around 1000 or so) which must be NAT-ed through a pool of 768 "real" > addresses. This are all, mostly, heavy users (xDSL customers). > > I have foolishly hoped that if I configure pool with overload, IOS > will do 1:1 and when it runs out of addresses, it will do PAT. Well, I was > wrong. And that's wrong at a price. Not only that IOS is immediately > performing PAT, but PAT is *much* more CPU intensive than 1:1 NAT. Also, it > is not possible to define multiple address ranges or pools for the same > translation (I would greatly appreciate if someone corrects me here). > > So, from my experience with this matter: > > * it is not easily possible to do NAT and switch to PAT when > addresses run out > * if you define overload, IOS automatically does PAT, with more CPU > usage > > One way of getting away from running out of NAT addresses is to > lower translation timeout (default is I think 24h). This timeout defines how > long NAT relationship remains between real and private IP. You can lower > this to one hour by doing: > > ip nat translation timeout 3600 > > In my experience, this proved to be useful in this, far from 1:1 > scenario. Further lowering this to some 15 minutes or so, could cause more > load on router (guesswork), but hugely decrease your chances of running out > of translation addresses. > > > Kind regards, > Marko. > > Tolvupostur ?essi er fra Margmi?lun hf., Su?urlandsbraut 4, Reykjavik. > Fyrirvara og lei?beiningar til vi?takenda tolvuposts fra Margmi?lun hf. er > a? finna a vefsi?unni http://www.mi.is/fyrirvari Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66799&t=66734 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
