Re: GRE Tunnel [7:62235]

[The Long and Winding Road]

--
TANSTAAFL
"there ain't no such thing as a free lunch"

""Bruno Fernandes""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi again,
>
> I already tried to give the command in the tunnel interface but the
> bridge-group command simply isn't there, I am doing this in 2600 router,
> with an enterprise image.
>
> Any comments


OK, let's figure out why I'm an idiot on this one. ( shut up, Ken, Nigel,
Phil, and CN )

Oh never mind - I've been playing with IPX bridging here - a complete waste
of time since there is no IPX on the Lab any longer. Suffice it to say I was
wrong.

sorry.




>
> Thanks in advance,
> Bruno Fernandes
>
> ""The Long and Winding Road""  wrote
> in message news:...
> > ""Bruno Fernandes""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Good morning !!!
> > >
> > > Is it possible to a Tunnel Interface to belong to a Bridge-Group ?
> >
> >
> > yes
> >
> >
> > > If yes, how ?
> >
> > same as with any other interface - enter the appropriate bridge-group
> > command
> >
> > >
> > > Regards,
> > > Bruno




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62415&t=62235
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco Doc CD Errors [7:62417]

[The Long and Winding Road]

Some of you probably know this already, but there appear to be problems with
the June 2002 Documentation CD.

I have had the Doc CD in various flavors running on this poor computer for
many months now. When I bought my 3550 switch, I got a June 2002 Doc CD,
newer than what I had. So I popped it in, turned it on, and got the
"expired" message.   I could work my way around this problem, but for the
documentation for any IOS version 12.1 or earlier, I was sent to the Cisco
public web site, not to the doc CD. 12.2 used the CD. Various network
management and switch and CAT OS documentation versions all used the doc CD.
but not IOS 12.0 or 11.3 or 12.1, all of which pointed me out to the
internet.

Several uninstall-reinstalls later I gave up, opened a TAC case, and was
provided a new version of a vdk20.lic file, which ended the "expired"
problem.

However, the problem remains with certain IOS version pointing me to Cisco's
web site, not to the doc CD.

I've asked TAC to refer this to the doc CD group - probably a failure to
change the url references when converting the web site to the CD.

Just an FYI

--
TANSTAAFL
"there ain't no such thing as a free lunch"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62417&t=62417
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: GRE Tunnel [7:62235]

[The Long and Winding Road]

""Juan Blanco""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Correct me if I am wrong but according to the CCIE Blue Print IPX is still
> on the lab, It is in the
> section of Desktop Protocols
> IPX (NLSP, IPX-RIP/SAP,IPX-EIGRP, SPX, NCP,IPXWAN,IPX Addressing, GNS)


http://www.cisco.com/warp/public/625/ccie/ccie_program/whatsnew.html#18




>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> The Long and Winding Road
> Sent: Monday, February 03, 2003 11:14 PM
> To: [EMAIL PROTECTED]
> Subject: Re: GRE Tunnel [7:62235]
>
>
> --
> TANSTAAFL
> "there ain't no such thing as a free lunch"
>
> ""Bruno Fernandes""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi again,
> >
> > I already tried to give the command in the tunnel interface but the
> > bridge-group command simply isn't there, I am doing this in 2600 router,
> > with an enterprise image.
> >
> > Any comments
>
>
> OK, let's figure out why I'm an idiot on this one. ( shut up, Ken, Nigel,
> Phil, and CN )
>
> Oh never mind - I've been playing with IPX bridging here - a complete
waste
> of time since there is no IPX on the Lab any longer. Suffice it to say I
was
> wrong.
>
> sorry.
>
>
>
>
> >
> > Thanks in advance,
> > Bruno Fernandes
> >
> > ""The Long and Winding Road""  wrote
> > in message news:...
> > > ""Bruno Fernandes""  wrote in message
> > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > Good morning !!!
> > > >
> > > > Is it possible to a Tunnel Interface to belong to a Bridge-Group ?
> > >
> > >
> > > yes
> > >
> > >
> > > > If yes, how ?
> > >
> > > same as with any other interface - enter the appropriate bridge-group
> > > command
> > >
> > > >
> > > > Regards,
> > > > Bruno




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62421&t=62235
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Documentation CD..... [7:62438]

[The Long and Winding Road]

the search engine on the doc CD is crap. Your only hope is to spend just a
little time learning where to find things using the menus.

for example, great information on regular expressions is found where? in the
dial services section under IOS.

where do you find info on setting up a router as a tftp server?

a web server?

etc.

in other words, you probably should spend some time drilling through the
menus and checking out the kinds of things in each section.

HTH

--
TANSTAAFL
"there ain't no such thing as a free lunch"




""Juan Blanco""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Team,
> I am working like a dog every day (around 5 hours) to pack down all
> different angles of all materials to be cover on the famous LAB (Folks
there
> are not shortcuts, I keep asking the Lord Jesus for giving me strength to
> continues this journey,  Wow...What a Ride). Well now to my question.
> Any tips or ideas of how to search for any topic on the Documentation CD,
I
> want to be able to find very quickly any configuration examples for any
> topic without wasting time (This is another one that is driving me crazy,
> Time is Money, well here Time is more than Money)... I know that you
can
> do things like "OSPF Tips" or "HRSP Tips" but at the same time I saw in a
> previous mail that "Tips" was not available BTW, the way I see it, if
> you need to search the Documentation for how do a particular task your
> changes of passing a very low, it is only 8 hours to put together a
network
> out of Space (Jokingnot complaining) Again, all I want to is to
make
> sure I am covering as much as I can.
>
> Thanks, and as always your comments are appreciated...
>
>
> Juan Blanco




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62446&t=62438
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DVMRP in the CCIE Lab - ??? [7:62585]

[The Long and Winding Road]

""Cisco Nuts""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello,
> Is DVMRP covered at all in the new CCIE Lab?
> Any other new/odd topics? Ex. MRM or PGM??


I'm just dying to talk about some things I did NOT see in the Lab my last
trip through. I was quite surprised.

Having said that, I'm sure the proctors or their spies will make sure I get
totally screwed next time through. ;->

I can see it now. Apollo. Vines. ISO IGRP :O




> Thank you.
> Sincerely,
> CN
>
>
>
>
>
> _
> Help STOP SPAM with the new MSN 8 and get 2 months FREE*
> http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62601&t=62585
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ASBR ROUTER [7:62570]

[The Long and Winding Road]

""hanan""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> HELLO
>
> Could you please help me?
> I want to configure Cisco router series 2600 to enable OSPF and configure
it
> as autonomous system border routers (ASBR) in one single area; the router
> has 2 interfaces one connected to ISP and the second one to my internal
> network that use OSPF protocol
> Can you tell me the commands that I must use exactly?

enable
conf t
router ospf ( whatever the process )
default-information originate always
control-z
write mem

speaking of mem, I'm doing this from mem, without a book or a router handy.
how'd I do? :->


>
> Best regards
> Hanan.mawla




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62602&t=62570
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DVMRP in the CCIE Lab - ??? [7:62585]

[The Long and Winding Road]

""Cisco Nuts""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello,
> Is DVMRP covered at all in the new CCIE Lab?
> Any other new/odd topics? Ex. MRM or PGM??
> Thank you.


on a more serious note, suppose you were asked to connect one of the routers
in your pod to a DVMRP source. Do you know where you would look to find the
commands?

this gets back to having spent some time reading the documentation - the
config guides and command references, just to get a feel for what's there
and where to find it.

I can guarantee that you will see at least one task in your lab that you
have never heard of before, at least not if you haven't spend some time
familiarizing yourself with what is in the docs.

focus on the core topics - you know what they are. And also become familiar
with the doc CD. You can pick up a couple of easy points if you have an idea
where to look. I did. For all the good it did me :- Sincerely,
> CN
>
>
>
>
>
> _
> Help STOP SPAM with the new MSN 8 and get 2 months FREE*
> http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62615&t=62585
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Off Topic - layers 8, 9, and 10 [7:62616]

[The Long and Winding Road]

When we last saw our hero ( yours truly ) he was up to his ears in a major
AVVID deal. Lorda mercy, what a motherf*  The customer RFP was crap, the
turnaround time was cruel and unusual, and then when the bidders all came
back with numbers in the high 8 million range, the customer threw us all
out, and told us to come back when we could sell a system that would cost
the customer no more than X dollars per year on a five year lease.

On top of that, you have Cisco sticking their nose in every chance they get
bitching about my choices of routers. "You can do it cheaper. we don't want
to lose the business because you're overspecifying routers" For an AVVID?
with unknown call volume? and unknown data traffic? Give me a break. It
ain't Cisco who's ass is gonna be kicked if the voice quality sucks.

Layer 8 - politics, particularly of the customer
layer 9 - politics - the sales account rep
layer 10 - Cisco

gotta say, though, this is gonna be one sweet project. for once I believe we
have a good technical solution combined with ample project hours for
assessments and implementation.

but this whole process was still a motherF*

BTW, anyone have any comments on the new 1760V and 2651V packages? I
specified them in a couple of smaller sites. I used my cutoff point as
roughly 30 phones / 100 data ports, due to the great unknowns. DSP
resources, transcoding resources, and CPU hits when doing conference
calling, transcoding, and QoS were major concerns.

37XX routers sure seem like nice boxes. anyone got any comments? Their
performance anywhere near what the spec sheet says?

--
TANSTAAFL
"there ain't no such thing as a free lunch"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62616&t=62616
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE Lab - I have seen he future and it is..... we [7:62756]

[The Long and Winding Road]

Been spending this weekend on what was once the Cisco Advanced SE Training
( ASET ) set of labs. These are available for those whose Cisco account team
approves - there are a few conditions which can be found in the wee places
of certification training.

The program is run by Lab Gear ( the only link I have is www.labgear.net,
but
this is a login page ) There are a number of labs of CCIE level, look, and
feel.

Supposed to be real equipment, but the access is via java script windows,
not terminal emulation. This makes for some interesting situations. The
windows show or provide output only when they are active. So if you had two
router sessions open, and you made changes on one router that would generate
systems messages of one sort or another you would not see those messages on
the other. also, I have yet to find a way to generate output from debugging
commands. Things like term mon and logging of one kind or another have not
been successful. so no debug ip routing and debug ip ospf adj.

As with the real lab, there are a series of tasks to be completed. Grading
is done via a script.  This is the point of most interest. Actually, I
suspect a lot of the current CCIE Lab grading is done using scripting tools.
I believe the proctors still physically examine equipment configurations for
some things, but I could be wrong.

It is of interest because to judge from the script outputs I am seeing,
there appears to be an assumption that there is one and only one way to do
things. I'm not sure this is always true. I am not sure that this results in
an entirely accurate grade.

But more importantly, given my experience with the java consoles and the
manner in which these labs must be done, I am not sure I like where this is
headed. Something Brian Dennis and Brad Ellis and some other people started
talking about back when the CCIE Lab went from two days to one - something
about the longer term goal being to do the test remotely, and having people
show up at Sylvan or some other testing center and log in remotely.

If the Lab Gear approach is any indication, this is not ready for real live
testing. I experienced far too many problems with terminal ( javascript )
sessions disconnecting mysteriously. With 8 open windows, it sometimes got
to be very hard to find the session ( router ) I was looking for. Cut and
paste is a real pain. You have to open a "scratchpad" window, which is
associated with the javascript console window. cutting and pasting is done
to this wind. there are scratchpad windows associated with each java wind,
so if you had a scratchpad open for every router session, that makes for a
LOT of junk to fight your way through looking for what you want. then there
is the problem of actually moving what you want to copy and paste. highlight
and control c control v or alt e paste don't work. you have to click on
buttons on the java consoles to copy to and from routers.

beyond that, there is the problems of whether or not the "script" answer is
the right answer. For example, in one lab, a particular instruction requires
that the rip routers on a particular segment have to use the neighbor
statement to see eachother ( and prevent other routers on that segment from
joining into the RIP domain ) well, the problem is, one of those routers is
connected to another RIP router via a different interface. need a neighbor
statement there too, but the script does not cover this, nor does the answer
configuration show this.

anyway, I have seen the future, and the CCIE Lab future looks like it may be
heading to these kinds of remote lab settings.

--
TANSTAAFL
"there ain't no such thing as a free lunch"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62756&t=62756
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Books new lab format. [7:62774]

[The Long and Winding Road]

""Nuno Lopes""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all,
>
> Anybody help me with the most complete books to prepare for the new lab
> format?
>
> In this moment i use All-In-One Cisco CCIE Lab Sudy Guide 2nd Edition and
> Cisco CCIE Lab Practice Kit.
>
> Are any more completing book in the field?


just because I'm in a bad mood tonight, I'll pick a fight. nothing personal,
but I think you're misleading yourself by looking for books to prepare using
the new lab format. as if any of the books out there now were the be all and
end all for the old lab format.

there are certain core topics you HAVE to know. no matter whose books you
are reading, you have to pick out those core topics and master them. Caslow
is as good a place to start as any. Soltie is good for this.

you have to understand redistribution in all it's manifestations. the Lab
has a way of screwing you with this. and not just in the ways you see in the
various books. those lab writers are devious.

you have to know how and where to find things using the doc CD. A couple of
days ago someone asked "is DVMRP in the Lab?" the proper question to ask is
"if a DVMRP qustion came up in the Lab, where would I find out how to
configure it?"

I've offered several other books as starting points in other posts. But when
push comes to shove, all the materials out there are just starting points.
They are not magic bullits. taking a certain course, or using a certain
book, or set of practice labs is no guarantee of passing, no matter what the
sellers of those materials ( or the users, for that matter ) might say.

as you practice more and more, I assume it just starts to dawn on you how
this stuff really works. at that point you have a good shot at passing.

but don't rely on finding the perfect book, or the perfect set of practice
labs. there ain't none.

best wishes



>
> tks all
>
>
>
>
>
>
>
> _
> STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
> http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62796&t=62774
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: explain these ACLs [7:62843]

[The Long and Winding Road]

comments  in line below


""Karagozian Sarkis""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Can someone explain what these ACLs do ???
> When applied to an interface (in)
>
> Interace e0
> !
> !
>   ip access-group 194 in


you sure about this one? see below.


> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip route-cache same-interface
> !
>access-list 194 deny   ip any any

this denies IP into the router from stations connected via E0. hope this is
an IPX segment :->

>access-list 195 deny   udp any gt 1024 any eq 1434
>access-list 195 permit ip any any

denies udp inquiries to any address with a destination port of 1434 - this
is the port that slammer slammed.


>access-list 196 deny   udp any gt 1024 any eq 1434
>access-list 196 permit ip any any


same as for 195

>
> These were applied since the SQL Worm attack...


195 and 196 where applied where exactly? all interfaces, one would think.


>
> Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62848&t=62843
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE Study Materials - Anti-Rant [7:62930]

[The Long and Winding Road]

There was some off line discussion earlier today about an attempted post
asking about CCIE study materials, in particular vendors of practice labs. I
don't see that particular post in the list today, so I'm going to assume
that the decision was made not to allow it. And I am going to rant a bit
about this and the topic of posting questions like "which study materials,
which books, which practice labs are best for whatever?"

Having been a regular participant on this news group for over three years
now, I, like many here, have seen these same questions over and over. As the
off line discussion went - maybe we should tell whomever just to go search
the archives.

My rant is this - maybe I'm cynical, and maybe I've seen all the same
questions over an over, but dammit, this newsgroup was started to help
people prepare for certifications, and dammit just because I or anyone else
has seen the same questions over an over doesn't mean that everyone else
has. These topics should be permitted, should be discussed, and names should
be named.

I appreciate the concern about commercial posts. I appreciate that there
have been a couple of people who have footers advertising all of their
business ventures, and will regularly post "that's right" answers to other
posts just to get their products and services out in front of this group.

I appreciate that folks like Howard and Priscilla also have books and other
things to sell, but are welcome here because of their unselfish
participation, and unselfish helpfulness.

I appreciate that there are other sources of study materials and rent a rack
time than those whose names come up regularly here and over on the CCIE
list.

I appreciate that some of the purveyors of books and study materials don't
bother participating on this forum, but that does not in and of itself say
anything about the value of their products or services. I think a forum like
this is an appropriate avenue to discuss the options out there.

While I personally don't care for a lot of the "what's best" questions
because I think they beg he issue and really miss the point, I do think that
the purpose of this news list remains exchange of information and advice to
those who ask and from those willing to offer.

I will finish this "anti rant" with two thoughts.

1) it's up to the participants here to determine how they want things to go.
If people don't want to read posts about "what's best" they are certainly
free to ignore them. If they can offer advice, I believe people should be
free to offer it. I certainly think people should be free to ask. I also
think that vendors should not be sneaking in here under false names and
false pretenses asking people to comment on their product.

2) in the end, I don't believe that any of the books or classes or practice
labs are better than any others in terms of preparing people for certs,
particularly for the CCIE Lab. It is more important to read a lot, study a
lot, practice a lot. Sorry to all of the purveyors of study materials for
saying it, but the key is practice with lots of different situations, not
practice with one vendor or another.

Presented for your consideration.

Chuck

TANSTAAFL
"there ain't no such thing as a free lunch"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62930&t=62930
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Myers Briggs Re: OT: New Instructor Experiences [7:62826]

[The Long and Winding Road]

""John Neiberger""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> >John has a difficult task because he has learners of all levels, from
> >different walks of life. I bet he has a huge mix of learning styles.
> >
> >Now, you might think that networking attracts hands-on learners, so if
> he
> >were teaching all "real networking people," he would have an esier
> time. I
> >have actually studied this, and that's not so. There's definitely a
> mix of
> >types who are attracted to networking, both analytical/theoretical
> types and
> >kinesthetic learners.
> >
> >A few years ago I participated in a study of personality types of
> networking
> >people. We used the Myers Briggs personality test. I came out as INTJ
> >(Introvert, iNtuitive, Thinking, Judgeing.) A lot of other people did
> too.
> >We have a tendency to do way to much theory first! ;-)
> >
> >The other side of Intuitive is Sensory. A lot of people in the
> networking
> >field have S in their Myers Briggs personality type. These folks learn
> with
> >their senses, especially their hands. They like lots of hands-on.
> >
> >Anyway, bottom line, you need to run your class in a balanced manner
> to
> >accomodate all these types as much as possible.
> >
> >There's more about the Myers Briggs personality "sorter" here:
> >
> >http://keirsey.com/
> >
> >Anyone else want to share what they are, or have we wasted enough
> bandwidth
> >on this already? :-)
> >
> >Priscilla
> >
>
> First, you're correct about the mix of learning styles in my class.
> This is just a three-hour overview of networking and TCP/IP, and it is a
> little difficult to convey the necessary information without a portion
> of the class getting lost or falling asleep.  :-)  I've heard good
> things about the class yesterday that I thought went so poorly so
> perhaps I was overreacting.
>
> As for Myers Briggs, I'm a fellow INTJ.  However, I really dislike
> their testing process.  It seems to consist of "Given a certain
> situation would you do A or would you do B" with no room for a 'maybe'
> answer.  At least a third of the time I wish there were a "sometimes A
> and sometimes B" answer.  Perhaps that means I'm an INTJ with definite
> ISTJ leanings?


no, it means you're management material, if not husband material. ;->




>
> John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62932&t=62826
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Top Down Book [7:62934]

[The Long and Winding Road]

""John Brandis""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> While we are speaking of books, I went to the bookshop just then and had a
> look at Pricilla's book. Don't know what you pay in the US for a book,
> however it was "on sale" for $140AUD...


I thought the US dollar was low worldwide. Boy, your economy sure must be
down under. :->

( the book lists at 55 USD. )


>
> That's to much for me, however it looked like a good book.
>
>
> **
>
> visit http://www.solution6.com
>
> UK Customers - http://www.solution6.co.uk
>
> **
>
> The Solution 6 Head Office and NSW Branch has moved premises.
> Please make sure you have updated your records with our new details.
>
> Level 14, 383 Kent Street, Sydney NSW 2000.
>
> General Phone: 61 2 9278 0666
>
> General Fax: 61 2 9278 0555
>
> **
>
> This email message (and attachments) may contain information that is
> confidential to Solution 6. If you are not the intended recipient you
cannot
> use, distribute or copy the message or attachments.  In such a case,
please
> notify the sender by return email immediately and erase all copies of the
> message and attachments.  Opinions, conclusions and other information in
> this message and attachments that do not relate to the official business
of
> Solution 6 are neither given nor endorsed by it.
>
> *




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62936&t=62934
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Update of Anti-Mime Software [7:63043]

[The Long and Winding Road]

""Ken Diliberto""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> The first line was just a link.  I guess the system didn't like it.
> This was it:
>
> http://www.csupomona.edu/~ken/website/TII/tiigeneral/index.htm
>
> >>> "Ken Diliberto"  02/14/03 10:22AM >>>
> Just a quick link test.  These are pictures of our construction
> project
> to upgrade the network.


love those massive construction projects. wish I could talk in detail about
the big picture of this one. it is incredible ( in the good sense of the
term )


>
> >>> "Paul Borghese"  02/14/03 08:43AM >>>
> Ok, I updated our anti-mime software.  Let's see if that fixes the
> problem of having a URL on the first line.  I personally have not been
> able to duplicate the problem.
>
> Please send me any bug reports!
>
> Paul
>
> [snip]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63060&t=63043
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Deleted PVC still works [7:63055]

[The Long and Winding Road]

""McHugh Randy""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Happy Valentines everyone
> I have a deleted PVC that still works to connect through a frame switch to
> another router. Anyone else seen this?
> Here is the config
> r1#sh frame pvc 401
>
> PVC Statistics for interface Serial0 (Frame Relay DTE)
>
> DLCI = 401, DLCI USAGE = LOCAL, PVC STATUS = DELETED, INTERFACE = Serial0
>
>   input pkts 0 output pkts 0in bytes 0
>   out bytes 0  dropped pkts 0   in FECN pkts 0
>   in BECN pkts 0   out FECN pkts 0  out BECN pkts 0
>   in DE pkts 0 out DE pkts 0
>   out bcast pkts 0  out bcast bytes 0
>   pvc create time 16:43:18, last time pvc status changed 16:43:07
> r1#ping 150.100.251.2
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 150.100.251.2, timeout is 2 seconds:
> !
> Success rate is 100 percent (5/5), round-trip min/avg/max = 68/68/68 ms
> r1#
> r4#sh frame pvc 401
>
> PVC Statistics for interface Serial0 (Frame Relay DTE)
>
> DLCI = 401, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0
>
>   input pkts 1020  output pkts 24   in bytes 288926
>   out bytes 2884   dropped pkts 0   in FECN pkts 0
>   in BECN pkts 0   out FECN pkts 0  out BECN pkts 0
>   in DE pkts 0 out DE pkts 0
>   out bcast pkts 14 out bcast bytes 1844
>   pvc create time 16:46:36, last time pvc status changed 16:45:46
> r4#ping 150.100.251.1
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 150.100.251.1, timeout is 2 seconds:
> !
> Success rate is 100 percent (5/5), round-trip min/avg/max = 68/68/68 ms
> r4#
>
> It shows 401 is active on one side and deleted on the other but I can ping
> accross to and from both sides accrose the switch.
> How can i get rid of that deleted pvc and make it active?


depends upon how it became deleted. check the interface / subinterface
configuration. check the frame maps, if you have any. reload always does
wonders :->



> Thanks
> Randy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63062&t=63055
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: explain these ACLs [7:62843]

[The Long and Winding Road]

""Barbu Alexandru""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Ok! Pay attention that the access-list that is
> actually applied to the interface for inbound traffic
> is access-list 194, which denies all ip traffic.
>
>  Now lets see what the other access-lists do.
>
>access-list 195 deny udp any gt 1024 any eq 1434
>access-list 195 permit ip any any
>
>   This one says so: access-list 195, denies udp
> traffic generated by a greater port than 1024 (gt
> 1024) that is going towards any host in your network
> at the port 1434(eq = equal).
>
>   The other entry allows all ip traffic to flow
> towards your network.
>
>   So, the access-list 195 and 196 do the same thing
> and are not applied to the eth 0 interface. The one
> applied to the eth 0 interface is 194 which denies all
> ip traffic.

being as udp port 1434 is the well know port used by slammer, which sevrely
effected internet traffic performance when it hit a few weeks ago, what the
two access-lists do, assuming both are applied appropriately to an edge
device, is stop slammer traffic into and out of wherever they are applied.
probably the enterprise border.

my question to the guy who made the original post remains. were lists 195
and 196 applied anywhere else on the router? and why does list 194 even
exist?





>
>   To apply an access-list to an interface you use the
> command: ip access-group xxx [in|out]. It depends
> whether you want to filter the traffic coming to that
> interface or traffic going out that interface.
>
>   no ip redirects
>   no ip unreachables
>   no ip proxy-arp
>   ip route-cache same-interface
>
>   These commands commands have nothing to do with
> access-lists.
>
> All the best,
> Alexandru Barbu
> CCAI
>
>
>  --- Karagozian Sarkis
> wrote: > Can someone explain what these ACLs do ???
> > When applied to an interface (in)
> >
> > Interace e0
> > !
> > !
> >   ip access-group 194 in
> > no ip redirects
> > no ip unreachables
> > no ip proxy-arp
> > ip route-cache same-interface
> > !
> >access-list 194 deny   ip any any
> >access-list 195 deny   udp any gt 1024 any eq
> > 1434
> >access-list 195 permit ip any any
> >access-list 196 deny   udp any gt 1024 any eq
> > 1434
> >access-list 196 permit ip any any
> >
> > These were applied since the SQL Worm attack...
> >
> > Thanks
> [EMAIL PROTECTED]
>
> =
> 'there is no such thing as a free meal'
>
> __
> Do You Yahoo!?
> Everything you'll ever need on one web page
> from News and Sport to Email and Music Charts
> http://uk.my.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63068&t=62843
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Dropped Packet on 6506 switch [7:63053]

[The Long and Winding Road]

""Priscilla Oppenheimer""  wrote in message
news:[EMAIL PROTECTED]...
> If nothing's plugged in, it has to drop the packets!?! :-) Are you sure
this
> isn't normal? Being a switch, it shouldn't be sending any unicasts out the
> port, because it couldn't have learned a MAC address that is out that
port,
> but it could still send broadcasts and multicasts.
>
> Sorry, if that's a clueless answer, but it is a "common sense" answer from
> someone who doesn't work with 6505 switches.. :-)


not at all clueless. I did not see a spot among all the "show" outputs where
packets dropped is indicated.

I'm thinking "show interface"

I'm also thinking that maybe there are static routes pointing out those
ports, and someone somewhere is generating traffic destined for those ports.
Maybe the author of the original post could supply some more specific
information - such as extensive outputs from the "show run" ??

for those unfamiliar with the higer end boxes, hyrid mode refers to running
Cat OS and and IOS on the same box. The lower end boxes - 2950, 3550, and
4xxx with sup 3 or better, run IOS native mode.

cat 4xxx with the sup 2 run Cat OS mode.

65xx without the MSFC card run Cat OS mode. Add the MSCF card, and you have
hybrid mode. unless somethng has changed recently, you cannot run a 65xx in
native IOS mode only - it has to be an L2 box alone, or a hybrid box,
running IOS and Cat OS.







>
> Priscilla
>
> Sam Sneed wrote:
> >
> > I'm not sure what you mean by hybrid mode. I have the sh ver,
> > sh mod, sh ver
> > for MSFC and  below. I have nothing plugged into at leat 3
> > ports which still
> > report dropped packets. 800,000 daily. Whats strange is that
> > the 800,000 is
> > almost the same on all 3 ports. I have disabled them since then
> > but would
> > like to know why I was getting those numbers. The MSFC does the
> > layer 3
> > routing, but the dropped packets were at L2 I believe. Any
> > ideas?
> >
> > Console1> sh ver
> > WS-C6509 Software, Version NmpSW: 7.1(2)
> > Copyright (c) 1995-2002 by Cisco Systems
> > NMP S/W compiled on Feb  7 2002, 16:06:00
> >
> > System Bootstrap Version: 5.3(1)
> >
> > Hardware Version: 2.0  Model: WS-C6509  Serial #:
> >
> > PS1  Module: WS-CAC-2500WSerial #:
> > PS2  Module: WS-CAC-1300WSerial #:
> >
> > Mod Port Model   Serial #Versions
> > ---  --- --- -
> > 1   2WS-X6K-SUP1A-2GESA Hw : 3.1
> >  Fw : 5.3(1)
> >  Fw1: 5.1(1)CSX
> >  Sw : 7.1(2)
> >  Sw1: 7.1(2)
> >  WS-F6K-PFC  SHw : 1.1
> > 2   2WS-X6K-SUP1A-2GESAxx Hw : 3.1
> >  Fw : 5.3(1)
> >  Fw1: 5.1(1)CSX
> >  Sw : 7.1(2)
> >  Sw1: 7.1(2)
> >  WS-F6K-PFC  Sxx Hw : 1.1
> > 3   48   WS-X6348-RJ-45  SAx Hw : 1.4
> >  Fw : 5.4(2)
> >  Sw : 7.1(2)
> > 4   48   WS-X6348-RJ-45   Hw : 6.0
> >  Fw : 5.4(2)
> >  Sw : 7.1(2)
> >  WS-F6K-VPWR Hw : 1.0
> > 5   48   WS-X6348-RJ-45  SAL0422 Hw : 6.0
> >  Fw : 5.4(2)
> >  Sw : 7.1(2)
> >  WS-F6K-VPWR Hw : 1.0
> > 6   16   WS-X6416-GBIC   SAx0JUW Hw : 1.2
> >  Fw : 5.4(2)
> >  Sw : 7.1(2)
> > 7   48   WS-X6248-TELSAD0x48 Hw : 1.0
> >  Fw : 4.2(0.24)VAI78
> >  Sw : 7.1(2)
> > 8   48   WS-X6248A-TEL   SADxx0S Hw : 2.0
> >  Fw : 5.4(2)
> >  Sw : 7.1(2)
> > 9   48   WS-X6248A-TEL   SADxxRZ Hw : 2.0
> >  Fw : 5.4(2)
> >  Sw : 7.1(2)
> > 15  1WS-F6K-MSFC SAD04xx0DSF Hw : 1.4
> >  Fw : 12.1(3a)E4
> >  Sw : 12.1(3a)E4
> > 16  1WS-F6K-MSFC SAD04xx0BHV Hw : 1.4
> >  Fw : 12.1(3a)E4
> >  Sw : 12.1(3a)E4
> >
> >DRAMFLASH   NVRAM
> > Module Total   UsedFreeTotal   UsedFreeTotal U
> > -- --- --- --- --- --- --- - -
> > 1   65408K  44172K  21236K  16384K   9786K

Re: Dropped Packet on 6506 switch [7:63053]

[The Long and Winding Road]

it's real hard to offer any suggestions without knowing more. if you could
provide a sanitized show run, that might help.

also, can you provide the show int that is indicating dropped packets. I did
not see anyting in your previous offerings.


""Sam Sneed""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> There are no static routes to these ports. I guess I am in Hybrid mode. I
> need to enter session 15 command to connect to router module. Then its IOS
> interface. The dropped packets don't appear when doing sh int on router.
I'm
> starting to wonder if it could be a bad card.
>
>
>
>
> ""The Long and Winding Road""  wrote in
> message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > ""Priscilla Oppenheimer""  wrote in message
> > news:[EMAIL PROTECTED]...
> > > If nothing's plugged in, it has to drop the packets!?! :-) Are you
sure
> > this
> > > isn't normal? Being a switch, it shouldn't be sending any unicasts out
> the
> > > port, because it couldn't have learned a MAC address that is out that
> > port,
> > > but it could still send broadcasts and multicasts.
> > >
> > > Sorry, if that's a clueless answer, but it is a "common sense" answer
> from
> > > someone who doesn't work with 6505 switches.. :-)
> >
> >
> > not at all clueless. I did not see a spot among all the "show" outputs
> where
> > packets dropped is indicated.
> >
> > I'm thinking "show interface"
> >
> > I'm also thinking that maybe there are static routes pointing out those
> > ports, and someone somewhere is generating traffic destined for those
> ports.
> > Maybe the author of the original post could supply some more specific
> > information - such as extensive outputs from the "show run" ??
> >
> > for those unfamiliar with the higer end boxes, hyrid mode refers to
> running
> > Cat OS and and IOS on the same box. The lower end boxes - 2950, 3550,
and
> > 4xxx with sup 3 or better, run IOS native mode.
> >
> > cat 4xxx with the sup 2 run Cat OS mode.
> >
> > 65xx without the MSFC card run Cat OS mode. Add the MSCF card, and you
> have
> > hybrid mode. unless somethng has changed recently, you cannot run a 65xx
> in
> > native IOS mode only - it has to be an L2 box alone, or a hybrid box,
> > running IOS and Cat OS.
> >
> >
> >
> >
> >
> >
> >
> > >
> > > Priscilla
> > >
> > > Sam Sneed wrote:
> > > >
> > > > I'm not sure what you mean by hybrid mode. I have the sh ver,
> > > > sh mod, sh ver
> > > > for MSFC and  below. I have nothing plugged into at leat 3
> > > > ports which still
> > > > report dropped packets. 800,000 daily. Whats strange is that
> > > > the 800,000 is
> > > > almost the same on all 3 ports. I have disabled them since then
> > > > but would
> > > > like to know why I was getting those numbers. The MSFC does the
> > > > layer 3
> > > > routing, but the dropped packets were at L2 I believe. Any
> > > > ideas?
> > > >
> > > > Console1> sh ver
> > > > WS-C6509 Software, Version NmpSW: 7.1(2)
> > > > Copyright (c) 1995-2002 by Cisco Systems
> > > > NMP S/W compiled on Feb  7 2002, 16:06:00
> > > >
> > > > System Bootstrap Version: 5.3(1)
> > > >
> > > > Hardware Version: 2.0  Model: WS-C6509  Serial #:
> > > >
> > > > PS1  Module: WS-CAC-2500WSerial #:
> > > > PS2  Module: WS-CAC-1300WSerial #:
> > > >
> > > > Mod Port Model   Serial #Versions
> > > > ---  --- --- -
> > > > 1   2WS-X6K-SUP1A-2GESA Hw : 3.1
> > > >  Fw : 5.3(1)
> > > >  Fw1: 5.1(1)CSX
> > > >  Sw : 7.1(2)
> > > >  Sw1: 7.1(2)
> > > >  WS-F6K-PFC  SHw : 1.1
> > > > 2   2WS-X6K-SUP1A-2GESAxx Hw : 3.1
> > > >  Fw : 5.3(1)
> > > >  Fw1: 5.1(1)CSX
> > > > 

Re: Layer3 Routers VS Switches [7:63072]

[The Long and Winding Road]

""Peter van Oene""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> At 12:22 PM 2/15/2003 +, Juntao wrote:
> >indeed with L3 switching, we can more closely arrive at wire speed, but
in
> >the course of my practice, i seen L3 switches mainly interconnecting
Lan's,
> >yes a flexwan modul exists to interconnect wan's on the same box but
usually
> >we like to separate the lan's from wans for the sack of issolation and
> >greater security implementation options.
>
> Routers have delivered OC-192 wire speed routing for a few years now.  I
> personally don't know what an L3 switch is technically.  It reminds me of
> the L2 switch.  Just another bit of marketing.


a switch with routing capability is an L3 switch. interestingly, there are
modules for the 366x and, if memory serves, 37xx routers that provide 36
10/100 ports plug 2 gig ports, making these L2 routers, I guess.

So the question is, which is better, and L3 switch or an L2 router? ;->


>
>
> >i hope the above helps
> >
> >""Larry Letterman""  a icrit dans le message de news:
> >[EMAIL PROTECTED]
> > > L3 is usually considered to be wire speed and uses faster
> > > asics...
> > > Routers such as 7200/7500 use older slower hardware to
> > > route...
> > >
> > >
> > >
> > > Larry Letterman
> > > Network Engineer
> > > Cisco Systems
> > >
> > >
> > > - Original Message -
> > > From: "Nanda"
> > > To:
> > > Sent: Friday, February 14, 2003 4:46 PM
> > > Subject: Layer3 Routers VS Switches [7:63072]
> > >
> > >
> > > > Hi Guys...
> > > >
> > > > We have Layer3 Switches and routers...In what scenario one
> > > would ideally use
> > > > Layer3 switches over routers..
> > > > Do They have any significant advantage over using
> > > routers
> > > > Why do they have layer3 switches when we have routers are
> > > good enough to do
> > > > the job...
> > > > I am confused...I wud appreciate if someone cud clarify.
> > > >
> > > > Thanks in Advance
> > > > __
> > > > With Warm Regards...
> > > > Nanda
> > > [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63117&t=63072
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Deleted PVC [7:63123]

[The Long and Winding Road]

""McHugh Randy""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Does anyone know how to correct this deleted PVC perhaps by completly
> deleting it and recreating it?


as a matter of practice, "no frame-relay inverse-arp" on all frame physical
interfaces.

clear frame-relay-inarp  ( this one doesn't always work )

why is the pvc there in the first place? it appears you have a static map.
have you issued the "no frame-relay map" command appropriately?

also, reloads do wonders :->


> r1#
> r1#sh frame map
> Serial0.1 (up): ip 150.100.250.34 dlci 102(0x66,0x1860), dynamic,
>   broadcast,, status defined, active
> Serial0.1 (up): ip 150.100.250.35 dlci 103(0x67,0x1870), dynamic,
>   broadcast,, status defined, active
> Serial0 (up): ip 150.100.251.1 dlci 401(0x191,0x6410), static,
>   broadcast,
>   CISCO, status deleted
> Serial0 (up): ip 150.100.251.2 dlci 401(0x191,0x6410), static,
>   broadcast,
>   CISCO, status deleted
> Serial0.2 (up): point-to-point dlci, dlci 104(0x68,0x1880), broadcast
>   status defined, active
>
> thx
> Randy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63125&t=63123
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Switch VoIP Commands - differences? [7:63128]

[The Long and Winding Road]

Been working on a 3550 practice lab. A particular instruction is as follows:

"Configure FastEthernet 0/2 to support a Cisco 7960 IP phone using 802.1P
priority tagged frames. Use the default native vlan to carry all traffic on
this port. Trust ingress packet COS values."

The "book" solution is as follows:

switchport access vlan 20  ( from a previous instruction )
switchport mode access  ( to make this port unconditionally an access port )
switchport voice vlan dot1p ( THIS IS PART OF THE QUESTION )
no ip address ( garbage left over )
mls qos trust cos ( THIS IS PART OF THE QUESTION )
spanning-tree portfast ( from a previous instruction )

My solution was as follows:

switchport access vlan 20
switchport voice vlan 1 ( native vlan? maybe not because of the static vlan
assignment? )
switchport priority extend trust ( MY QUESTION )
no ip address
spanning-tree portfast

My questions are:

1) what are the differences between the "mls qos trust cos" command and the
"switchport priority extend trust" command?

2) what does the "switchport voice vlan dot1p" do as opposed to the
"switchport voice vlan 1" ? Am I seeing that only one vlan is being assigned
for both the phone and the PC to share? therefore configuration to
specifically take note of dot1p frames from the telephone?

I have read the command reference for all commands in question. There
appears to be a subtlety I am missing, no doubt due to lack of hands on with
voice implementations.

Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63128&t=63128
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Switchport gigabit port priority queueing [7:63137]

[The Long and Winding Road]

Continuing with my look at a 3550 lab, a QoS task requires configuring to
prioritize video traffic. The task itself appears to have been lifted
directly from the 3550 configuration guide for the 12.1.12 release.

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12112cea/3550scg/s
wqos.htm#51764

in any case, on the egress gigabit interface. the book answer is

interface GigabitEthernet0/2
 no ip address
 priority-queue out
end

am I correct that the "priority-queue out" in and of itself does nothing?
the documentation appears to state that other queuing configuration must
take place, to wit "wrr-queue cos-map 4 6 7" or some variation thereof.

thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63137&t=63137
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Distribute-list and OSPF [7:63144]

[The Long and Winding Road]

calling it a night after spending the weekend in a post mortem of an ASET
practice lab taken a week ago.

the topic of filtering routes introduced into a domain via redistribution,
and which are advertised back to the originating router through a different
protocol. You all know the problem - the re-advertised routes come into the
originating router via a protocol with a lower AD, thus wreaking havoc on
routing tables, and causing flapping routes.

Well, the ASET book answer for this particular problem on this particular
router was to filter the particular routes using a distribute-list.

This is all well and good, except that the protocol in question is OSPF, and
as we all know from reading the documentation, distribute-list does not
apply to IS-IS and OSPF.

Well, except that distribute-list in appears to be quite effective in
blocking unwanted routes from being received by an OSPF router

distribute-list out appears to do what it is supposed to.

checking Parkhurst. re-reading the documentation.

If I were to hazard a guess, I would guess that the CCO documentation
writers screwed up. It is distribute-list out that does not work in OSPF.
( haven't checked IS-IS yet ) Distribute-list in does indeed prevent ospf
routes advertised by another ospf speaker from being installed in the
routing table. the routes still appear in the ospf database, as expected.



--
TANSTAAFL
"there ain't no such thing as a free lunch"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63144&t=63144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Dropped Packet on 6506 switch [7:63053]

[The Long and Winding Road]

hey, Dave, request for clarification


whenever I run my config tools ( either CCO or NetFormX, which validates
against Cisco's config server anyway ), the requirement is CAT OS plus IOS.
I can go CAT OS only, but I cannot get a validation using IOS only.

So is that an error in the validation engine? or is something else going on
that I don't understand.

on a 3550, I can configure all ports as routed ports, or I can configure all
ports as switched ports, or any combination.

The 4xxx boxes with sup 3 or better can go IOS only.

The 65xx seems to be the problem child, as anyone who has stumbled through
either tool mentioned above can attest to.

any clarifications you can offer?



""MADMAN""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> The Long and Winding Road wrote:
>
> > 65xx without the MSFC card run Cat OS mode. Add the MSCF card, and you
have
> > hybrid mode. unless somethng has changed recently, you cannot run a 65xx
in
> > native IOS mode only - it has to be an L2 box alone, or a hybrid box,
> > running IOS and Cat OS.
>
>Actually you can run a 6500 in native only.  In native mode all ports
> are layer 3 ports.  In fact in order to run most of the OSM cards you
> must run native mode, the inverse is true for most voice modules.
>
>Dave
>
> Native6506#sh ver
> Cisco Internetwork Operating System Software
> IOS (tm) c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(13)E, EARLY
> DEPLOYMEN
> T RELEASE SOFTWARE (fc1)
> TAC Support: http://www.cisco.com/tac
> Copyright (c) 1986-2002 by cisco Systems, Inc.
> Compiled Wed 04-Sep-02 18:45 by eaarmas
> Image text-base: 0x40008C00, data-base: 0x41A68000
>
> ROM: System Bootstrap, Version 12.1(4r)E, RELEASE SOFTWARE (fc1)
> BOOTLDR: c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(13)E, EARLY
> DEPLOYMEN
> T RELEASE SOFTWARE (fc1)
>
> Native6506 uptime is 6 weeks, 3 days, 23 hours, 24 minutes
> Time since Native6506 switched to active is 6 weeks, 3 days, 23 hours,
> 23 minute
> s
> System returned to ROM by power-on (SP by power-on)
> System image file is "slot0:c6sup12-js-mz.121-13.E.bin"
>
> cisco Catalyst 6000 (R7000) processor with 112640K/18432K bytes of memory.
> Processor board ID SAD05020HUX
> R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3 Cache
> Last reset from power-on
> Bridging software.
> X.25 software, Version 3.0.0.
> SuperLAT software (copyright 1990 by Meridian Technology Corp).
> TN3270 Emulation software.
> 8 Virtual Ethernet/IEEE 802.3  interface(s)
> 120 FastEthernet/IEEE 802.3 interface(s)
> 4 Gigabit Ethernet/IEEE 802.3 interface(s)
> 381K bytes of non-volatile configuration memory.
>
> 16384K bytes of Flash internal SIMM (Sector size 512K).
> Standby is up
> Standby has 112640K/18432K bytes of memory.
>
> Configuration register is 0x2102
>
> Native6506#
>
> Native6506#sh conf
> Using 8122 out of 391160 bytes
> !
> version 12.1
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname Native6506
> !
> boot system flash slot0:c6sup12-js-mz.121-13.E.bin
> boot bootldr bootflash:c6msfc2-boot-mz.121-4.E1
> enable password cisco
> !
> ip subnet-zero
> !
> !
> no ip domain-lookup
> !
> mls flow ip destination
> mls flow ipx destination
> !
> redundancy
>   mode rpr-plus
>   main-cpu
>auto-sync running-config
>auto-sync standard
> !
> !
> !
> interface GigabitEthernet1/1
>   no ip address
>   switchport
>   switchport trunk encapsulation dot1q
>   switchport trunk native vlan 64
> !
> interface GigabitEthernet1/2
>   no ip address
>   shutdown
>
> >
> >
> >
> >
> >
> >
> >
> >
> >>Priscilla
> >>
> >>Sam Sneed wrote:
> >>
> >>>I'm not sure what you mean by hybrid mode. I have the sh ver,
> >>>sh mod, sh ver
> >>>for MSFC and  below. I have nothing plugged into at leat 3
> >>>ports which still
> >>>report dropped packets. 800,000 daily. Whats strange is that
> >>>the 800,000 is
> >>>almost the same on all 3 ports. I have disabled them since then
> >>>but would
> >>>like to know why I was getting those numbers. The MSFC does the
> >>>layer 3
> >>>routing, but the dropped packets were at L2 I believe. Any
> >>>ideas?
> >>>
> >>>Console1> sh ver
> >>>WS-C6509 Software, Version NmpSW: 7.1(2)
> >>>Copyright (c) 1995-2002 by Cisco Systems
> >>>NMP S/W compiled on Feb  7 2002, 16:06:00
> >>>

Re: QoS on 3550 Aargh! [7:63164]

[The Long and Winding Road]

can you provide a sanitized config for the access-list in question and for
the interface in question?

--
TANSTAAFL
"there ain't no such thing as a free lunch"




""Jim Devane""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I am completely frustrated.
>
> I am trying to do something very simple but am having considerable
trouble.
> I wish only to rate-limit ALL packets coming into a particular interface
on
> a 3550
> It does have EMI and Qos is anabled. This is the config that I have tried
so
> far and the packets just blast right through... I know the burst is larger
> tahn the max speed, should not matter. Incidentally, I entered 500 000 for
> both values but the switch auto-changed the first value( I believe since
it
> is in values of 8 Kbps)
>
> Any ideas? I have read the CCO doco on this over and over and I cannot see
> what I am missing. I suspect somethign in my class map is wrong, but I am
> not sure how to manipulate it...
>
> any help appreciated.
>
>
> pwps-esw01#sh class
> pwps-esw01#sh class-map
>  Class Map match-all test2 (id 3)
>Match access-group  123
>
>  Class Map match-all test1 (id 2)
>Match any
>  Class Map match-any class-default (id 0)
>Match any
> pwps-esw01#sh poli
> pwps-esw01#sh policy-map
>  Policy Map int18
>   class  test2
>police 496000 50 exceed-action drop
>
> pwps-esw01#sh mls qos int f0/18
> FastEthernet0/18
> Attached policy-map for Ingress: int18
> trust state: not trusted
> trust mode: not trusted
> COS override: dis
> default COS: 0
> DSCP Mutation Map: Default DSCP Mutation Map
> trust device: none
>
> pwps-esw01#sh mls qos int f0/18 st
> FastEthernet0/18
> Ingress
>   dscp: incoming   no_change  classified policeddropped (in bytes)
> Others: 14938711   14938711   0  0  0
> Egress
>   dscp: incoming   no_change  classified policeddropped (in bytes)
> Others: 691426721 n/a   n/a  0  0
>
> pwps-esw01#




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63177&t=63164
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Does MLS (Layer 3 switching) require VLANs? YES [7:63147]

[The Long and Winding Road]

""Jens Neelsen""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
>
> a layer3 switch (e.g.3550-EMI) does not have layer3 interfaces.
> All interfaces (Fastethernet and GigabitEthernet) are layer2
> interfaces. They can not have IP addresses.


gentle correction. by entering the "no switchport" command, one removes the
particlar interface from the "L2" domain and into the L3 domain. At this
point one can indeed enter IP address onto the physical inerfaces.

I think you may be getting too carried away with L2 versus L3.

A physical port exists in multiple layers of the OSI model, if you want to
talk in terms of OSI.

There is the physical port. There is whatever that physical port talks to
and how. For example, an ethernet port has physical and mac layer
characteristics. otherwise, how would it communicate with other devices on
the wire? Add an IP address, and that port is now "L3" as well.

A router with an ethernet interface plugged into a switch operates at all
three "layers" of OSI.



>
> The VLANs are the (virtual) interfaces to the routing engine
> (=layer3 switch).

yes. good way of putting it.

>
> Layer2 interfaces are grouped into different VLANs and the
> Layer3 switch (=Router) enables the communications between these
> VLANs.

one can also bridge between vlans, at least in the 3550 world. fallback
bridging.

>
> A Router has to have different IP subnets on each interface.
> Because the VLANs are the interfaces to the router, you need
> different subnets on each VLAN.

if you have subnet based vlans.

remember that you can also have ip addressing on different ports, although,
as you say, these all have to be on different subnets. unless you are
etherchanneling, but that's a different story.


but to get back to point here, what is the difference between a physical
port configured with an IP address and a physical port assigned to a vlan,
with the vlan having an ip address?


>
> With secondary IP adresses you can have more than one IP subnet
> on a VLAN. But as with router interfaces the subnets of the
> VLANs cannot overlap.
>
> A 5000 switch with RSM works in the same way. This is covered in
> the Cisco BCMSN training course.
>
> With kind regards
> Jens Neelsen
>
> --- Stephen Hoover  wrote:
> > > > Say for instance I have 2 hosts on the same layer 3
> > switch, but the >
> > two
> > > hosts are on 2 different IP subnets (No VLANs are defined).
> > >
> > > That's not possible! if you are talking about 2 IP subnet,
> > than:
> > > -
> > > actually it is by doing secondaries, but i would highly
> > recommend doing
> > > vlans if possible. keep it clean and simple.
> > >
> >
> >
> > Vicki,
> >
> > You mention the use of secondary IP's. On a L3 switch (a
> > switch with the
> > router engine in it) is it not possible to define Ethernet sub
> > interfaces
> > instead of using secondary IPs - without VLANs defined?
> >
> >
> > I'm sorry to be so thick, I'm just not getting it. If a L3
> > switch (with
> > a routing module/engine in it) is essentially a wire speed
> > router, then the
> > VLAN just seems like an additional identifier on top of the L3
> > address - and
> > doesn't really serve any purpose. In my previous example, 2
> > hosts on the
> > same L3 switch, but on 2 different IP subnets - wouldn't a
> > defined Ethernet
> > subinterface be each clients respective gateway, and thus
> > normal L3 routing
> > would occur, just at switch speeds
> >
> >
> > Thanks again!
> >
> > Stephen Hoover
> > Dallas, Texas
> [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63185&t=63147
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]

[The Long and Winding Road]

""Vicky Rode""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> comment in-line:
>
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Monday, February 17, 2003 2:10 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Does MLS (Layer 3 switching) require VLANs? [7:63147]
>
>
> DEar Stefen,
>
> you are doing a bit of confusion:
>
> > so does layer 3 switching require the use of VLANs to actually do
> > the switching?
>
> It's true the contrary case: the Vlans requires L3 to be routed, or, in
> other terms, to comunicate each others. The L3 switching has no sens
without
> VLAN
>
> > Say for instance I have 2 hosts on the same layer 3 switch, but the >
two
> hosts are on 2 different IP subnets (No VLANs are defined).
>
> That's not possible! if you are talking about 2 IP subnet, than:
> -
> actually it is by doing secondaries, but i would highly recommend doing
> vlans if possible. keep it clean and simple.


one may also configure the physical interfaces as L3 interfaces - just as
one might do on a router with several ethernet ports.


>
>
>
>
> /vicky
>
>
> 1) you are talking about 2 subnet in 2 distinct sides of a router
> 2) you are talking about 2 Vlans in one L3 switch
>
> > Host A wants to talk to host B. Can the switch not look up the
> > routing info and then know to switch to that port? I am not seeing >
where
> the requirement for the VLAN comes into play.
>
> 1) host A and Host B are in two different VLAn: they need the L3 engine to
> comunicate
> 2) host A and host B are in the same Vlan but they have IP addresses (be
> careful  this anyway a mistake!) who belongs to different VLAN: A
can't
> comunicate with B because A doesn't know the MAC of B ... A can have
> knoledge of the MAC's  of
>  a) the hosts in the same subnet
>  b) the gateway of the A's subnet
> and B's MAC doesn't match either of the a and b case.
>
> Hope this halp you
>
> Greetings
>
> Luca




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63186&t=63147
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]

[The Long and Winding Road]

I've been following this thread, and have offered a comment or two along the
way. Perhaps I should offer some thoughts here at the source.

note that I have not read any of the exam study materials in question, so I
don't know what is or is not being stated in the courseware. I can offer
that just because it says so in the study materials doesn't mean that's the
way it is.

comments below


""Stephen Hoover""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I am studying for the CCNP Switching exam and it covers VLANs and layer 3
> switching moderately. It states that Cisco recommends a 1 to 1 mapping of
> VLANs to subnets. It also states that VLANs can be used to break up
> broadcast domains.

this is a reasonable, simple approach, and thus one that appeals to my
reasonably simple mind.


>
> When you create different subnets, you are already breaking up broadcast
> domains, so does layer 3 switching require the use of VLANs to actually do
> the switching?


this is where the confusion, no doubt introduced by the marketing people,
set in.

suppose you have a router with three ethernet interfaces, and each of these
interfaces is plugged into a different hub ( no switch )

hosts on each of these hubs are in the same broadcast domain ( same
collision domain too, but I digress ) hosts in each of these domains cannot
reach hosts ( or servers ) in other domians, on different hubs, without
routing.

this would be true, even if you had all hosts on the same great big hub with
500 ports. You could have hosts on the same hub, but having different L3 (
IP ) addresses. communication between hosts on different subnets, even if
they are on the same hub, require the intrercession of a router.

vlans, made possible by various 802.1 specifications, are really just a way
of expressing logical broadcast domains.

layer 3 switching is really routing. an L3 switch has the routing function
built into it, rather than using a separate piece of equipment.


>
> Say for instance I have 2 hosts on the same layer 3 switch, but the two
> hosts are on 2 different IP subnets (No VLANs are defined). Host A wants
to
> talk to host B. Can the switch not look up the routing info and then know
to
> switch to that port? I am not seeing where the requirement for the VLAN
> comes into play.

despite what others have said, you can do this. it is wasteful, in that a
host plugged into an L3 port would require 4 ip addresses because you have a
subnet with two hosts ( the PC and the port, and the net number and the
broadcast address ). whereas if you have a vlan, that vlan is a virutal port
that represents the physical ports as a single subnet to the L3 ( routing )
function.


>
> If VLANs are required for layer 3 switching, is that pretty much standard
> across the industry, or that a Cisco only thing?


forget this L3 switch versus router distinction. it is confusing, and
misrepresentational.

think instead in terms of how traffic moves through a network.

think instead of a vlan as a virtual logical construct that represents one
or more ports as a single broadcast domain to a router. it doesn't matter
that the router is integrated into the switch hardware with an ASIC and
code, or is an external device.

HTH


>
> Thanks!
> Stephen Hoover
> Dallas, Texas




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63190&t=63147
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Distribute-list and OSPF [7:63144]

[The Long and Winding Road]

""Debbie Westall""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Just a thought, but how about when
>
> redistributing the routes to the other protocol using a route-map at the
> end and tagging the routes that came from ospf. Add another route-map
> statement that any route that has been tagged deny it.
>
> Example:
>
> router ospf 100
> redistribute rip metric 130 subnets route-map RIP2OSPF
>
> route-map RIP2OSPF permit 10
>   set tag 66
> route-map RIP2OSPF permit 20
>
> router rip
> redistribute ospf 100 metric 3 route-map OSPF2RIP
>  route-map OSPF2RIP deny 10
>  match tag 66
>  route-map OSPF2RIP permit 20
>
> I just went through the ACP class and this was their solution to a
> similiar situation.


oh, sure, and this is one way of doing things.

the CCIE prep materials generally try to force you to master several
alternatives. Cisco ASET, where I got this particular exercise,
unfortunately has but a single answer, and their answer, as determined by
their grading scripts, is distribute-lists. This gets back to my posted
concern about the future of CCIE Lab testing, where everything is done by
script, and where there is only one answer, whether or not there are
alternatives.

route tagging is indeed an excellent way to control things, and should be
part of any CCIE Lab participant's toolbox.


>
> Debbie
>
>
> On Mon, 17 Feb 2003, The Long and Winding Road wrote:
>
> > calling it a night after spending the weekend in a post mortem of an
ASET
> > practice lab taken a week ago.
> >
> > the topic of filtering routes introduced into a domain via
redistribution,
> > and which are advertised back to the originating router through a
different
> > protocol. You all know the problem - the re-advertised routes come into
the
> > originating router via a protocol with a lower AD, thus wreaking havoc
on
> > routing tables, and causing flapping routes.
> >
> > Well, the ASET book answer for this particular problem on this
particular
> > router was to filter the particular routes using a distribute-list.
> >
> > This is all well and good, except that the protocol in question is OSPF,
> and
> > as we all know from reading the documentation, distribute-list does not
> > apply to IS-IS and OSPF.
> >
> > Well, except that distribute-list in appears to be quite effective in
> > blocking unwanted routes from being received by an OSPF router
> >
> > distribute-list out appears to do what it is supposed to.
> >
> > checking Parkhurst. re-reading the documentation.
> >
> > If I were to hazard a guess, I would guess that the CCO documentation
> > writers screwed up. It is distribute-list out that does not work in
OSPF.
> > ( haven't checked IS-IS yet ) Distribute-list in does indeed prevent
ospf
> > routes advertised by another ospf speaker from being installed in the
> > routing table. the routes still appear in the ospf database, as
expected.
> >
> >
> >
> > --
> > TANSTAAFL
> > "there ain't no such thing as a free lunch"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63191&t=63144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]

[The Long and Winding Road]

good for you, Cil. This discussion was ( and still is, to judge from my
in-box ) filled with misdirection and poor information. Cisco and all the
other vendors are absolutely to blame for this.

a router is a function, not a device

so is a switch.

what does it matter where the function resides, or how it is accomplished?

--
TANSTAAFL
"there ain't no such thing as a free lunch"




""Priscilla Oppenheimer""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> This might help. What does the V stand for in VLAN? Virtual. VLANs are a
> method for emulating Real LANs in a switched network. The original poster
> seems disillusioned with VLANs. Well, I am too. :-) You can't do much with
> them that you can't do with a bunch of Real LANs connected by routers.
>
> First we had hubs and bridges and routers. Then switches came out. They
were
> cheaper and faster than routers, so everyone jumped on the bandwagon and
> started designing huge flat networks with mostly switches and maybe one
> router to get out to the rest of the world.
>
> Ah, but there was a problem! A L2 switch forwards broadcasts out all
ports.
> And this was in the mid-1990s when PC CPUs were slow as molasses and got
> bogged down by broadcasts and multicasts. Dreadful protocols like SAP and
> RTMP and NetBIOS were rampant! Something had to be done.
>
> So, hu, should we go back to designing our networks with routers,
which
> don't forward broadcasts? Nah, still too expensive.
>
> Better come up with a way to emulate LAN and IP subnet benefits on a
> switched networks. OK, let's invent VLANs!
>
> But how do the VLANs talk to each other? Oh dear, we better go back to
> routers. Nah, still too slow, though it will work in a pinch. I know! We
> could speed them up and call them L3 switches.
>
>
> One last rather serious comment. This is not a comment on the newbiness of
> the original poster, but I must say that I think it is common for newbies
to
> get confused by VLANs.
>
> Cisco teaches VLANs without ever teaching basic networking 101. People
can't
> understand VLANs unless they first understand a lot more about protocol
> behavior and traffic flow. VLANs are really an advanced topic and
shouldn't
> be covered so early on in the Cisco test progression. Either that or CCNA
> should be beefed up to teach something useful, if you ask me, which they
> didn't.
>
> Priscilla
>
>
> The Long and Winding Road wrote:
> >
> > I've been following this thread, and have offered a comment or
> > two along the
> > way. Perhaps I should offer some thoughts here at the source.
> >
> > note that I have not read any of the exam study materials in
> > question, so I
> > don't know what is or is not being stated in the courseware. I
> > can offer
> > that just because it says so in the study materials doesn't
> > mean that's the
> > way it is.
> >
> > comments below
> >
> >
> > ""Stephen Hoover""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > I am studying for the CCNP Switching exam and it covers VLANs
> > and layer 3
> > > switching moderately. It states that Cisco recommends a 1 to
> > 1 mapping of
> > > VLANs to subnets. It also states that VLANs can be used to
> > break up
> > > broadcast domains.
> >
> > this is a reasonable, simple approach, and thus one that
> > appeals to my
> > reasonably simple mind.
> >
> >
> > >
> > > When you create different subnets, you are already breaking
> > up broadcast
> > > domains, so does layer 3 switching require the use of VLANs
> > to actually do
> > > the switching?
> >
> >
> > this is where the confusion, no doubt introduced by the
> > marketing people,
> > set in.
> >
> > suppose you have a router with three ethernet interfaces, and
> > each of these
> > interfaces is plugged into a different hub ( no switch )
> >
> > hosts on each of these hubs are in the same broadcast domain (
> > same
> > collision domain too, but I digress ) hosts in each of these
> > domains cannot
> > reach hosts ( or servers ) in other domians, on different hubs,
> > without
> > routing.
> >
> > this would be true, even if you had all hosts on the same great
> > big hub with
> > 500 ports. You could have hosts on the same hub, but having
> > different L3 (
> > IP ) addresses. communication between hosts on different
> > subnets, even if
> > they are on the same hub, r

Re: Cisco Certification Digest V2 #2444 [7:63202]

[The Long and Winding Road]

wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Your message to [EMAIL PROTECTED] sent Tue, 18 Feb 2003 01:10:23
> GMT cannot be delivered because the intended recipient has left the
Company.
>

oh joy, another six months of messages like this until the list gets cleaned
up.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63203&t=63202
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]

[The Long and Winding Road]

""Stephen Hoover""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > -
> > > actually it is by doing secondaries, but i would highly recommend
doing
> > > vlans if possible. keep it clean and simple.
> >
> >
> > one may also configure the physical interfaces as L3 interfaces - just
as
> > one might do on a router with several ethernet ports.
>
>
> Oo ok, now THAT statement leads me to believe the L3 switching IS
> possible without VLANs.
>


forgive the rant. you are not to blame. all the marketing hype is to blame.

forget OSI. For L-anything.

for data ( packets, frames, whatever ) to get from here to there, somethng
has to happen.

if I have a 75xx router with 300 ethernet ports, and I bridge all those
ports, do I have an L3 switch, or a router?

for data to get from here to there, it must be forwarded. I know Howard is
going to jump all over my fast and loose use of the term "forward" but that
is what happens. If my PC wants to send data to your PC, that data is
forwarded to your PC. If your PC and mine are on the same subnet / hub /
switch / vlan, it is L2 forwarding ( switching ). If the devices are on
different subnets / switches . vlans / hubs then the packets are L3
forwarded ( routed )

As Priscilla has been pointing out, the issue is one of how networks work,
how packets are forwarded, how data gets from here to there.

An L3 device is a router is able to forward packets based on an L3 address,
whether that L3 address be appletalk, IPX, or IP.

an L2 device is a switch is a bridge is able to forward packets based on L2
addreses i.e. MAC address.

the fact that some equipment can function as both a switch and a router (
anyone remember "brouters"? ) is irrelevant.

on a 3550, a physical port ( into which you plug the ethernet patch cable )
can be stand alone physical, can be part of a vlan, thus making it distinct
from ports on the same box that are not in the same vlan, or can have an IP
( L3 ) address.

an SVI ( switch virtual interface ), invoked by the command "interface vlan
x", is a representation of a group of ports that have been placed into a
single vlan. The SVI represents those ports to the routing funtion, and
behaves no differently that a router's ethernet port plugged into a hub.

I'm hoping this helps clarify the concept. I believe you have been confused
by the study materials you are reading, and by the mis-information that has
been presented here on the list.

sorry to have not taken the time to be more thorough in earlier replies.

you can never go wrong studying Priscilla's posts, either.

hope this is starting to make sense to you .


Chuck



>
> -Stephen




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63206&t=63147
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Distribute-list and OSPF [7:63144]

[The Long and Winding Road]

""nrf""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> ""The Long and Winding Road""  wrote in
> message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > ""Debbie Westall""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Just a thought, but how about when
> > >
> > > redistributing the routes to the other protocol using a route-map at
the
> > > end and tagging the routes that came from ospf. Add another route-map
> > > statement that any route that has been tagged deny it.
> > >
> > > Example:
> > >
> > > router ospf 100
> > > redistribute rip metric 130 subnets route-map RIP2OSPF
> > >
> > > route-map RIP2OSPF permit 10
> > >   set tag 66
> > > route-map RIP2OSPF permit 20
> > >
> > > router rip
> > > redistribute ospf 100 metric 3 route-map OSPF2RIP
> > >  route-map OSPF2RIP deny 10
> > >  match tag 66
> > >  route-map OSPF2RIP permit 20
> > >
> > > I just went through the ACP class and this was their solution to a
> > > similiar situation.
> >
> >
> > oh, sure, and this is one way of doing things.
> >
> > the CCIE prep materials generally try to force you to master several
> > alternatives. Cisco ASET, where I got this particular exercise,
> > unfortunately has but a single answer, and their answer, as determined
by
> > their grading scripts, is distribute-lists. This gets back to my posted
> > concern about the future of CCIE Lab testing, where everything is done
by
> > script, and where there is only one answer, whether or not there are
> > alternatives.
> >
> > route tagging is indeed an excellent way to control things, and should
be
> > part of any CCIE Lab participant's toolbox.
> >
>
>
> The problem with this method is, of course, what if the best path to reach
a
> route really is to go through the other IGP domain?  For example, what if
> there is a split in your OSPF network, and for one particular OSPF router
to
> reach another OSPF router, the best (heck, the only) path is to go through
a
> RIP domain?  All this filtering based on access-list or route-tag or
> whatever merely serves to break the redundancy that was a big reason for
> your using a routing protocol in the first place.
>
>

agreed. however, since the CCIE Lab has about as much to do with good design
as dog food has to do with good cooking, all that matters is reachability.

in the particular practice lab, the redistribution is insidious, RIP routes
on R3 are redistributed into an IS-IS domain, and the IS-IS routes are
redistributed into OSPF on R6. OSPF router R2 then propogates those routes
back to R3. Since the OSPF admin distance is 110, a route that originated in
the RIP domain is received on R3 as an OSPF route, and is installed into
R3's routingtable because of lower AD. A cascade effect occurs, with the RIP
routes having been overwritten. Since there are no RIP routes to
resdistribute into IS-IS, the routes age out of the IS-IS domain. Therefore
they cannot be advertised into OSPF. Therefore they age out of OSPF.
Therefore R3 no longer has these routes as OSPF routes, so the RIP routes
are reintroduced into the routing table ( AD 120 ) and the cycle starts
again.

granted, neither you nor I nor anyone in their right mind would ever design
a network this way. but here, the purpose of the exercise is to cause folks
to understand how things work, and options for fixing broken things.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63227&t=63144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]

[The Long and Winding Road]

""Priscilla Oppenheimer""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I'm loath to continue this discussion, but I do have a question for Kelly.
> Why do you have a VLAN at all in your example?? Isn't a single VLAN sort
of
> like one hand clapping? Seriously, what role is it playing in your
network?


said half seriously, isn't a network with NO vlans no different than a
network with ONE vlan? ;->


>
> Of course you don't have to have VLANs to do routing/L3 switching, as you
> probabaly know. But maybe there's some weird configuration gotcha,
specific
> to the 6509? Just curious. Thanks.
>
> Larry said the majority of the Cisco campus is networked with L3 switches
> and not using vlans. That says a lot right there!
>
> Priscilla
>
> Kelly Cobean wrote:
> >
> > All,
> >I'd like to add to this something that I haven't seen in
> > other posts yet,
> > and that is a quick look at layer2 function.  I have a Catalyst
> > 6509 with an
> > MSFC on it.  There is only *ONE* VLAN configured on the MSFC,
> > however, that
> > VLAN has several secondary addresses assigned to it (I know,
> > not a great
> > solution, but let's not go there).  If I do a "show mls entry"
> > on my switch,
> > it is full of entries for hosts talking to hosts on the same
> > VLAN.  My
> > point?  When a host wants to talk to a host on another subnet
> > (VLAN or not),
> > it ANDs the address with it's own mask, determines that the
> > host is in fact
> > on a different subnet, then arps (if necessary) for it's
> > default gateway
> > (the MSFC) and sends the packet on it's way.  The 6509/MSFC
> > receive the
> > packet and begin the MLS cache setup process (candidate packet,
> > timeout,
> > etc).  All this is still done inspite of the fact that the MSFC
> > only has a
> > single VLAN.
> >
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> > Behalf Of
> > Stephen Hoover
> > Sent: Monday, February 17, 2003 8:33 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Does MLS (Layer 3 switching) require VLANs?
> > [7:63147]
> >
> >
> > > > -
> > > > actually it is by doing secondaries, but i would highly
> > recommend doing
> > > > vlans if possible. keep it clean and simple.
> > >
> > >
> > > one may also configure the physical interfaces as L3
> > interfaces - just as
> > > one might do on a router with several ethernet ports.
> >
> >
> > Oo ok, now THAT statement leads me to believe the L3
> > switching IS
> > possible without VLANs.
> >
> >
> > -Stephen




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63235&t=63147
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Does MLS (Layer 3 switching) require VLANs? [7:63147]

[The Long and Winding Road]

""Ken Diliberto""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Priscilla,
>
> All I want is credit.  :-)


if it makes you feel better, Ken, I always credit you with at least two
cents worth

I'm going to be visiting some of your compadres int the next couple of
weeks. Dare I drop your name? ;->


>
> "Some guy on one of the many mailling lists I frequent put it this
> way:"   (maybe not)
>
> Ken
>
> >>> "Priscilla Oppenheimer"  02/18/03 12:06PM
> >>>
> [snip]
>
> I think Ken's example is one of the cleanest I've seen. I may have to
> borrow it for my classes.
>
> [snip]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63305&t=63147
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF - 2 subnets on the routing table when actually using [7:63368]

[The Long and Winding Road]

wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> When using multipoint interface between R1 and R2, R3 receive these
routes:
>
> 192.168.255.0/32 is subnetted, 2 subnets
> O IA192.168.255.6 [110/64] via 192.168.23.1, 00:15:30, Serial0.132
> O IA192.168.255.5 [110/128] via 192.168.23.1, 00:12:43, Serial0.132
>
> When using point-to-point interface between R1 and R2, R3 receive these
> routes:
>
>  192.168.255.0/30 is subnetted, 1 subnets
> O IA192.168.255.4 [110/128] via 192.168.23.1, 00:29:11, Serial0.132
>
> It seems that the frame-relay route map on R1 and R2 causes the first
result.
>
> Any thoughts?

yes. this is the way it works. refer to the RFC for specifics.


>
>
> R1 (192.168.255.5/30)  (192.168.255.6/30) R3
(192.168.23.1/30 ---R3
> (192.168.23.2/30)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63368&t=63368
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: can u summarize area 0 [7:63365]

[The Long and Winding Road]

""neil K.""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Folks,
>
> Can area 0 be summarized in OSPF ?

yes - on the ABR, with the summary advertised out to non zero areas.

within area 0 itself, one cannot summarize area 0 subnets to other area 0
routers.


>
> Thanks,
>
> Neil




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63370&t=63365
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: layer 3 switch [7:63407]

[The Long and Winding Road]

wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello All:
>
> Question - By default, out of the box, will a L3 switch simply act as a L2
> switch?


The Cisco 3550 series switches can act as an L2 only device out of the box.
No configuration required on your part. Well, stick in the gbics, and you
may have to enter a commannd or two on those ports. maybe a "no negotiate" ?
I kinda forget.

all ports are in vlan 1 out of the box.

now then, depending on what you are plugging into it, maybe you will have to
do a couple of other things, but since you mention you have one big flat
network now,  you probably won't have to.

as for methodology, just plug in a cuple of your segments, then test for
connectivity. that should tell you if anything more than the default
configurations are required.

have fun!



>
> I am planning to purchase a Cisco 3550-12G, along with other fiber gigabit
> ready L2 switches for a LAN upgrade. The current LAN is one huge flat
> network with a mixture of hubs and switches. I plan to install the 3550
and
> use it simply as a device to connect the different areas. I do not want
the
> 3550 to act as a L3 switch to start. Is it possible to install this switch
> and have it act as a L2 device. I would then later start segmenting and
> enabling the L3 functions of the 3550.
>
> Any other suggested implementation methods?
>
> This goes along well with my current CCNP switching exam studies, nothing
> like a little OJT.
>
> Thanks,
> Tim
>
>
>
>
>
>
> Note: This e-mail contains PRIVILEGED and CONFIDENTIAL information
intended
> only for the use of the specific individual or entity named above. If you
or
> your employer is not the intended recipient of this e-mail or an employee
or
> agent responsible for delivering it to the intended recipient, you are
> hereby notified that any unauthorized dissemination or copying of this
> e-mail is strictly prohibited. If you have received this transmission in
> error, please immediately delete the message and advise the above by
> telephone, email or fax response to this message.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63419&t=63407
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: layer 3 switch [7:63407]

[The Long and Winding Road]

""Robert Edmonds""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Just set the 3550 as a VTP client in your current domain and it will just
be
> a layer 2 device.  Or order it with the SMI software load rather than the
> EMI.


note - the 3550-12G and 12T come only with the EMI image. it's meant as the
aggregation device, and effectively the L3 part of any stack or cluster.



>
>  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hello All:
> >
> > Question - By default, out of the box, will a L3 switch simply act as a
L2
> > switch?
> >
> > I am planning to purchase a Cisco 3550-12G, along with other fiber
gigabit
> > ready L2 switches for a LAN upgrade. The current LAN is one huge flat
> > network with a mixture of hubs and switches. I plan to install the 3550
> and
> > use it simply as a device to connect the different areas. I do not want
> the
> > 3550 to act as a L3 switch to start. Is it possible to install this
switch
> > and have it act as a L2 device. I would then later start segmenting and
> > enabling the L3 functions of the 3550.
> >
> > Any other suggested implementation methods?
> >
> > This goes along well with my current CCNP switching exam studies,
nothing
> > like a little OJT.
> >
> > Thanks,
> > Tim
> >
> >
> >
> >
> >
> >
> > Note: This e-mail contains PRIVILEGED and CONFIDENTIAL information
> intended
> > only for the use of the specific individual or entity named above. If
you
> or
> > your employer is not the intended recipient of this e-mail or an
employee
> or
> > agent responsible for delivering it to the intended recipient, you are
> > hereby notified that any unauthorized dissemination or copying of this
> > e-mail is strictly prohibited. If you have received this transmission in
> > error, please immediately delete the message and advise the above by
> > telephone, email or fax response to this message.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63423&t=63407
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Off Topic - some Token Ring equipment available [7:63470]

[The Long and Winding Road]

it's token ring, but you can still practice a lot of stuff. great starter
kit, or add ports to your existing rack.

offered here before I put it out to that auction site.

send me an e-mail with the words "Token Ring" in the subject line, and you
will get a description of the items.

Chuck

--
TANSTAAFL
"there ain't no such thing as a free lunch"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63470&t=63470
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Off Topic - Free Cisco Doc CD's [7:63522]

[The Long and Winding Road]

Before you all go too crazy over this, here's what I have available

June, 2002

March, 2002

October 2000

March 1998

maybe I should just toss these last two. found them when I was cleaning out
one of my drawers.

before you all inundate me with requests, the rules are as follows:

1) contact me at [EMAIL PROTECTED]   ( do not reply to this
message, please use the e-mail address provided, so I can keep track of
requests.

2) you must be willing to send me a self address stamped envelope capable of
transporting the CD set. You can get those 5x7 padded envelopes just about
everywhere. probably 2 bucks postage will do.

This means folks outside the US can receive these CD's, just so long as they
provide me with a US postage paid envelope. Outside the US, people will have
to check rates with their own postal services.

I will accumulate requests over the weekend, and I will contact people
directly Sunday evening or Monday morning.

Chuck

--
TANSTAAFL
"there ain't no such thing as a free lunch"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63522&t=63522
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Written Traning [7:63494]

[The Long and Winding Road]

a couple of comments in-line, like the skates:


""Howard C. Berkowitz""  wrote in message
news:[EMAIL PROTECTED]
> At 10:21 PM + 2/22/03, Kaminski, Shawn G wrote:
> >You're talking about the old exam. While the Caslow book probably still
> >covers some of the material on the new exam, the new exam is much more in
> >depth on goofy stuff. Follow the blueprint for the best results.
> >
> >Shawn K.
>
> Different books have different objectives.  Caslow, I believe,
> remains the best book giving a general strategy for analyzing lab
> scenarios and planning the lab effort, although it may be dated on
> some of the specific technologies.
>

Caslow most definitely is a CCIE Lab strategy guide, and yes some specifics
are maybe a bit dated. For example, Caslow suggests confgiuring your Lab in
latyers, starting by doing the physical cabling, then adding the L2
protocols all the way around, prior to any L3 addressing. Obviously, since
the candidate does no cabling in the one day scenario ( and eventually in
the all remore rack scenario that no doubt is in the pipeline ) this
strategy is obsolete.

Even the 2nd edition was released two years ago, so yeah, it still talks
about IPX, but many of the other topics covered are well worth considering.
And yeah, Caslow doesn't cover certain topics which are seeing more point
value in the recent spate of CCIE Labs.



> Given the time lag of books -- often a year or more between first
> contract and commercial availability -- you simply may not be able to
> depend on a single review book for the written.  There certainly can
> be valid review books for specific new technologies, but they need to
> be supplemented by reading in current online sources ranging from
> CCO, to RFCs and I-D's, to reliable websites.
>
> There certainly are both free and commercial sources of scenarios
> that explore the new technologies, but those won't teach the
> underlying principles[1] -- which is more the focus of the CCIE
> Written.  Shawn gives a good starting point of printing the
> blueprints and CCO material, although that isn't always enough.
>
> Don't rule out looking at the documentation of similar features from
> other vendors.  Long before I worked for Nortel (and I don't any
> longer), I'd occasionally be baffled by something in the Cisco
> documentation.  Sometimes, I'd find the downloadable Nortel
> documentation for the equivalent feature easier to read. "Match
> template" , for example, is much more intuitive to me than
> "access-list", especially considering "access control list" already
> has  well-defined meaning in security, a meaning somewhat different
> than Cisco's.


I'm fascinated by the access-list, which is Cisco's structure for initiating
a lot of different things, including route-maps, security structures,
filtering, and the like. It's as if the access-list is central to
understanding Cisco in much the same way that certain kinds of structures
are central to C programming.


>
> I'm comfortable with RFCs and reading IETF mailing lists, but I
> recognize not everyone else is. Sort of an aside on that--with one
> more conference call, I _think_ our BMWG draft on BGP convergence
> terminology will be ready to go to RFC.  Ironically, the most
> controversial parts are in definitions that we needed to clean up
> ambiguities in the current BGP standard, RFC 1771.  The current draft
> of the new BGP standard, which you can find by going to www.ietf.org
> and navigating to "working groups" and then "IDR", is MUCH closer to
> real-world practice than is 1771.  For example, contrary to general
> belief, AS path length as a BGP route selection criterion is not in
> 1771, but is in the new draft.
>
> Howard
>
> [1] I recommend the term "principles" rather than "theory" for most
> discussions
>  in certification.  In my mind, "theory" is much more what protocol
>  designers consider in creating protocol specifications, while
> "principles"
>  detail the implementation requirements and options -- and how they
work
>  _within_ the protocol specifications.
>
> >
> >-Original Message-
> >From: Larry Letterman [mailto:[EMAIL PROTECTED]
> >Sent: Friday, February 21, 2003 2:34 PM
> >To: [EMAIL PROTECTED]
> >Subject: Re: CCIE Written Traning [7:63494]
> >
> >I studied the caslow book and did the paper by Dennis L. on
> >the sna token ring stuff.
> >The Boson test by the same Dennis was the icing on the cake
> >for me...you will probably want to
> >know MPLS/Multicast and QOS also now
> >
> >- Original Message -
> >From: "Kaminski, Shawn G"
> >To:
> >Sent: Friday, February 21, 2003 8:11 AM
> >Subject: RE: CCIE Written Traning [7:63494]
> >
> >
> >>  I don't know of any training classes for the CCIE Written,
> >probably because
> >>  the CCIE Written covers a lot of oddball technologies,
> >etc. If you did find
> >>  a class, all they would probably do is go over the topics
> >on the CCIE
> >>  Written blueprint. Why bother paying for a class when yo

Re: ospf - rip redistribution issue, [7:63647]

[The Long and Winding Road]

""Casey, Paul (6822)""  wrote in message
news:[EMAIL PROTECTED]
> Hello,
>
>
> I have ospf in to rip redistribution on a /24 classfull boundary, I
> Summarized/ area range(d) all the networks in ospf domain to /24 to get
them
> to show up in rip.domain.
>
> No real problems here, though I haved one network in ospf 200.200.0.0/16
> which is not showing up in  rip router.
> What can I do to make this /16 route cross the classfull boundary, as its
> prefix is shorter that the /24 network it need to cross  thus cant be
> summarised.
> Or should this route be capable of traversing the /24 classful boundary,
> automatically,.
> Any help  greatly appreciated.


depending upon your other restrictions ( is this a practice lab or a
production network? ) you can make make the receiveing router a RIPv2. Then
the process will accesspt the 200.200.0.0/16 CIDR prefix. In the Cisco
world, the RIPv1 routers will accept this prefix, *I think* because Cisco
rip1 routers can receive rip2 routes.

in a mixed vendor environment, this might not work at all.



>
> Kind regard.
> Paul.
>
>
>


>
> This E-mail is from O2. The E-mail and any files
> transmitted with it are confidential and may also be privileged and
intended
> solely for the use of the individual or entity to whom they are addressed.
> Any unauthorised direct or indirect dissemination, distribution or copying
> of this message and any attachments is strictly prohibited. If you have
> received the E-mail in error please notify [EMAIL PROTECTED] or
>   telephone ++ 353 1 6095000.
>
>

*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63648&t=63647
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Access List help!! [7:63644]

[The Long and Winding Road]

""Jason Steig""  wrote in message
news:[EMAIL PROTECTED]
> it worked!! thanks!Jason Steig wrote:
> >

forgive me for having gotten lost in this thread...



> > so your saying that my statement
> > ip access-list 1 permit ip 192.17.73.0 0.191.251.0 will permit
> > all hosts from network 192.17.73.0 and 192.81.73.0??
> >
> > 17 is  00010001
> > 81 is  01010001

mask =0100the "1" in the 64 place allows for either "17" or "81"

so the proper mask is 0.0.64.255  "255" allows for all values in the last
octet

I hope that's what you are saying, because that is the correct answer.


> >
> > so the bit it doesn't match on is the 64 bit.  so i just have
> > to switch it around if your saying the ones don't count
> >
> > so it would be 0.191.251.0 ??
> >
> > becuase if the zeros must match and ones don't count then that
> > would be it then??
> >
> >  or is is 0.192.252.255  becuase the last octet is 255 so it
> > allows all hosts?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63677&t=63644
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ospf - rip redistribution issue, [7:63647]

[The Long and Winding Road]

I spent a fun couple of hours setting something up and playing around. some
comments below, without giving away answers, because once you discover this
for yourself you will have learned another useful tool.


""Casey, Paul (6822)""  wrote in message
news:[EMAIL PROTECTED]
> Hello,
>
>
> I have ospf in to rip redistribution on a /24 classfull boundary, I
> Summarized/ area range(d) all the networks in ospf domain to /24 to get
them
> to show up in rip.domain.
>
> No real problems here, though I haved one network in ospf 200.200.0.0/16
> which is not showing up in  rip router.

there is an interesting command I recently learned about. "show ip rip
database"

issue this command on the redistribution router and see what you can see

> What can I do to make this /16 route cross the classfull boundary, as its
> prefix is shorter that the /24 network it need to cross  thus cant be
> summarised.

no doubt the /16 is showing up just fine in the OSPF domain :->


> Or should this route be capable of traversing the /24 classful boundary,
> automatically,.

in my tet bed:

R3R4--R5--R6---200.200.0.0/16
RIP RIPRIP/OSPF  OSPF

there is indeed someting that has to happen before the /16 shows up in the
RIP domain, but here is the proof:

C   222.222.222.4 is directly connected, Loopback1001
R199.56.1.0/24 [120/5] via 192.168.1.5, 00:00:13, Serial1
C199.1.1.0/24 is directly connected, TokenRing0
R193.1.1.0/24 [120/1] via 199.1.1.3, 00:00:21, TokenRing0
C192.168.1.0/24 is directly connected, Serial1
R195.1.1.0/24 [120/5] via 192.168.1.5, 00:00:13, Serial1
C194.1.1.0/24 is directly connected, Loopback1
R200.200.0.0/16 [120/5] via 192.168.1.5, 00:00:13, Serial1
Router_4#

all routers in question are RIPv1 - the command "version 2" has not been
added under any routing process.


> Any help  greatly appreciated.
>
> Kind regard.
> Paul.
>
>
>


>
> This E-mail is from O2. The E-mail and any files
> transmitted with it are confidential and may also be privileged and
intended
> solely for the use of the individual or entity to whom they are addressed.
> Any unauthorised direct or indirect dissemination, distribution or copying
> of this message and any attachments is strictly prohibited. If you have
> received the E-mail in error please notify [EMAIL PROTECTED] or
>   telephone ++ 353 1 6095000.
>
>

*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63684&t=63647
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Strange problem with a 2924XL. [7:63680]

[The Long and Winding Road]

""Ken Diliberto""  wrote in message
news:[EMAIL PROTECTED]
> I had a strange problem this evening with a 2924XL.  The server attached
> to port f0/13 had been generating errors and finally the switch stopped
> talking to it.  A shut/no shut combination started everything back up
> again.
>
> The configuration only says to send a trap when a broadcast storm
> happens.  There isn't anything about excessive errors.
>
> Any thoughts?  I haven't checked CCO.  I don't have a good idea what to
> search for without getting 10,000,000,000 hits.


what is the exact configuration line used? the documentation talks about
default rising and falling thresholds. of course it does not indicate
whether or not the default is to shutdown or not.

http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/29_35wc3/cref/cl
icmds.htm#xtocid51






>
> Thanks.
>
> Ken




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63685&t=63680
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Policy Routing Help. [7:63692]

[The Long and Winding Road]

""fahim""  wrote in message
news:[EMAIL PROTECTED]
> Hi Guys
> Need Help in Policy Routing. I have a Cisco 2610 router with Pix behind,
The
> 2610 has two WAN Connections, S0-256Kbps leased line and ATM0-DSL line
> 512Kbps, going to two differenct ISP, with different IP addresses.E0 will
> connect to PIX outside interface,
> I need to configure SMTP Traffic to route thru leased line, HTTP traffic
to
> route thru ATM0, DSL line.  I think it can be done by Route Map (policy
> Routing), cannot find documents in Cisco's website, or do I need
additional
> router to do this.
> If anybody had done similar setup pls do provide a sample configuration,
or
> if this setup will not work, what is the alternate suggestion.
>
> appreciate your early reply.


have you got your access-lists set up correctly? something like:

access-list x permit tcp any any eq smtp

access-list y permit tcp any any eq www

and so on. it seems important that you have a default set somewhere also.
undefined traffic goes to which provider?

once you have your access-lists set up then the route-map part is relatively
simple:

route-map policy permit 10
match ip addr x
set ip next-hop a.b.c.d
OR
set interface atm etc

route-map policy permit 20
etc

policy maps apply to nbound traffic only, so you place the policy on the
interface inbound from your network. I assume this is the ethernet
interface.

check out CCO

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_r
/iprprt2/1rdindep.htm#1017974
watch the wrap

sometimes it makes more sense if you draw a picture or two so you can
actually see what is happening.




>
> thanks n regards
> fahim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63696&t=63692
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Tonight's Homily - Multiple paths [7:63697]

[The Long and Winding Road]

was reminded again tonight, in answering a question posted here.

there may be several ways to do something. more importantly, there may be
several ways to propagate routes.
or at least to assure that reachability occurs.

my thanks to PC, whose post earlier today got me to rethink something I
thought I already knew, and led me to a deeper understanding.

route-maps
policy routing
interface commands
oddball commands
seeing the big picture

gentle rains. waters ever flowing

goodnight, everyone




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63697&t=63697
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CAM entries on 6509 switch [7:63718]

[The Long and Winding Road]

wrote in message
news:[EMAIL PROTECTED]
> Any experience to share on the following problem?
>
> The CAM entries are changing continuously.  There are not so many users
> turning off their computers. Also, on two interfaces of a Catalyst 6509,
> every 1 minute and 30 seconds there are a unexpected traffic that seems to
> be Flooding (got with Sniffer).


you *might* be suffering a mac attack / cam overflow attack. Cisco sent
something out the other day

http://www.cisco.com/en/US/netsol/ns110/ns170/ns171/ns128/networking_solutio
ns_implementation_white_paper09186a008014870f.shtml
watch the wrap

BTW, this is an interesting read for reasons other than cam overflow
atttacks.



>
>   SWITCH(enable) sh cam count dy
>   Total Matching CAM Entries = 2167
>   SWITCH(enable) sh cam count dy
>   Total Matching CAM Entries = 2205
>   SWITCH(enable) sh cam count dy
>   Total Matching CAM Entries = 2236
>   SWITCH(enable) sh cam count dy
>   Total Matching CAM Entries = 2267
>   SWITCH(enable) sh cam count dy
>   Total Matching CAM Entries = 2292
>   SWITCH(enable) sh cam count dy
>   Total Matching CAM Entries = 2321
>   SWITCH(enable) sh cam count dy
>   Total Matching CAM Entries = 2357
>   SWITCH(enable) sh cam count dy
>   Total Matching CAM Entries = 2379
>   SWITCH(enable) sh cam count dy
>   Total Matching CAM Entries = 2413
>   SWITCH(enable) sh cam count dy
>   Total Matching CAM Entries = 2438




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63720&t=63718
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ospf - rip redistribution issue, [7:63647]

[The Long and Winding Road]

""alaerte Vidali""  wrote in message
news:[EMAIL PROTECTED]
> I tried to achieve the result - no success; can you give us a tip?
>
> What I did was using a /16 mask on the link between the RIP routers. But
> when I use ip ad 200.200.1.1 255.255.255.0 RIP do not run on the
interface,
> although the interface is showed on the result of show ip protocol.
>
> R1:
>
> inter serial 0.12 point
>  ip ad 200.200.1.1 255.255.0.0


you are correct. this won't work. a ways back I did some experimenting, and
at the time I found that even if all routers are RIPv2, the process will not
accept CIDR prefixes. You had to redistribute CIDR routes into RIPv2

Think another way. Particularly since PC said this was from a practice lab.
You have to think crooked.


>
>
> R1#sh ip prot
> Routing Protocol is "rip"
>   Sending updates every 30 seconds, next due in 21 seconds
>   Invalid after 180 seconds, hold down 180, flushed after 240
>   Outgoing update filter list for all interfaces is not set
>   Incoming update filter list for all interfaces is not set
>   Redistributing: rip
>   Default version control: send version 1, receive version 1
> Interface Send  Recv  Triggered RIP  Key-chain
> Loopback0 1 1


how exactly did this happen? this is not the Cisco RIP default setting, so
something changed.



>   Automatic network summarization is not in effect
>   Maximum path: 4
>   Routing for Networks:
> 1.0.0.0
> 200.201.0.0
>   Routing Information Sources:
> Gateway Distance  Last Update
> 192.168.255.6120  00:03:52
> Distance: (default is 120)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63721&t=63647
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Workbook for CCIE Lab [7:63822]

[The Long and Winding Road]

""Masaru Umetsu""  wrote in message
news:[EMAIL PROTECTED]
> Regarding a workbook(ex$B!'(BCertificationZone.com) for CCIE Lab,
> is it good for CCIE Lab? Is it valuable to buy ?
> If there is another to recommend to buy , please tell me !

ah, the perfect opportunity to throw in my own few bucks worth.

no offense to any of the producers of CCIE practice labs. The vendors with
whom I am familiar have all done an excellent job in mimicking the Real
Thing. IP Expert, Hello Computers, Bootcamp are all first rate products.

However, buyers should be aware that each of these vendors have crafted
their labs around an equipment rack which they maintain, and hope to make
money renting to you. The real lab has a few routers and a couple of
switches. Not the dozen or so that these vendors require for their labs. OK.
I exaggerate a bit. But not much.
I believe I am accurate when I state that it can be difficult to simulate
these vendor pods with your home rack.

Nor do I think you need to, but that's another story.

Buyers and sekkers of practice materials should also do a google search on
"CCIE practice labs" and see what you can find. There are LOTS of materials
out there.

My own opinion, to be taken with the appropriate measure of salt: with all
due respect to the vendors of practice labs, it really doesn't make much
difference whose you use. They all sport lists of successful candidates who
used their materials and offer testamonials. Obviously, all of the vendors
are doing something right. There are people who use their materials and
succeed.

The real key is practice, practice, practice, and then read up on why the
answer is what it is, then practice some more.  It is incredibly important
to understand alternatives. And how to attain reachability. And how to
research something you've never heard of on the doc CD, and what to do when
your routing table is a disaster, and when you see route flapping, and
default routes pointing to the wrong router, or your routing protocol does
not communicate with another router the way that it should.

Oh - BTW - never underestimate the value of the free stuff on CCO. The
config guides, the design guides, the stuff in the TAC section, if you have
access to that. Or www.fatkid.com, for that matter.

Best wishes.

Chuck
still stuck at 21,000 feet or so.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63825&t=63822
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISIS problem in 12.2?? [7:63824]

[The Long and Winding Road]

""Jason Steig""  wrote in message
news:[EMAIL PROTECTED]
> why can't i use the router isis command in 12.2?  it won't let me into the
> ISIS sub menu.  In 12.1 I can get in just fine. whats up?


dumb question, but do you have an image that supports ISIS? Maybe you
downloaded the wrong one?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63826&t=63824
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: REdistrubution - Two way [7:63827]

[The Long and Winding Road]

""Metla Venu Gopal""  wrote in message
news:[EMAIL PROTECTED]
> Hi All
>
> In a single router can I redistribute RIP into BGP and BGP into RIP.
> is this allowed. A explanatory notes is appreciated and links if any to
> cisco notes or anywhere is highly applauded.


sure you can. why not? you can redistribute between any two protocols
subject to the quirks of the particular protocols.

is this real life or lab study? the reason I ask is because BGP implies VLSM
and CIDR prefixes, and RIPv1 is real picky about what it accepts, and
adverises. RIPv2 I would think would be a far better candidate for this kind
of thing.

However, as demonstrated in the "ospf - rip redistribution issue" thread of
yesterday, on Cisco routers, at least, you can theoreticially run RIPv1 and
still propogate CIDR and VLSM prefixes throughout your RIP domain. ;->



> thanx
> venu




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63828&t=63827
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: REdistrubution - Two way [7:63827]

[The Long and Winding Road]

""Metla Venu Gopal""  wrote in message
news:[EMAIL PROTECTED]
> Its on a real life scenario implementing MPLS


uh oh, real life. gotta be careful, 'cuz I've got very little real life in
this realm. :->


>
> Dont you thins there will be any kinda of problems when you redistrubute
RIP
> V2 stuff in BGP and again redistribute the same into RIP.
> Doesnt that cause any problem  taking into consideration the amount of
> routing table and the process and other issues.


assuming this is a Cisco environment, the biggest thing I can think of is
that BGP has an admon distance of 20 whiole RIP has an admin distance of
120. The very real danger of your RIP routes showing back up as BGP routes
with a source elsewhere will cause a very big problem. filtering is
essential.

idle curiousity, and I am asking because of my lack of real world here, but
wouldn't you prefer a better behaved and faster converging protocol than
RIP? MPLS depends upon the underlying routing protocol / routing table,
doesn't it?


>
> thanks
> venu




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63830&t=63827
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 7204 and 7206 Router Expansion [7:63856]

[The Long and Winding Road]

the problem with the 72xx series is the limited backplane. Cisco uses a
"bandwidth points" method for determining numbers and kinds of cards. There
is a "left half" and a "right half" and it is strongly recommended that you
do not exceed the bandwidth points for each side.

you may want to try out the Cisco configuration tool, found at:

http://www.cisco.com/appcontent/apollo/configureHomeGuest.html

try out the cards and see what the validation tells you.

so far as I know, the router remains operational if you exceed bandwidth
points. However, if you have performance problems, Cisco will not support
you. It may be that a 7300 might be more appropriate for your high capacity
needs.



--
TANSTAAFL
"there ain't no such thing as a free lunch"




""R.S.Sundar""  wrote in message
news:[EMAIL PROTECTED]
> Hello All,
>
> I would like to know the possibility of expanding the Cisco 7204 VXR
> (NPE-225)
> - 6 Slot and cisco 7206 VXR Routers with NPE-400 (6 Slots).
>
> Base configuration:
> 
>
> 1. Cisco 7204 VXR Router with NPE-225 I/O slot with 1 Ethernet Interface
with
> 6 Slots-IOS 12.2.4(T)3.
>
> 2. 1. Cisco 7204 VXR Router with NPE-400 I/O slot with 1 Ethernet
Interface
> with 6 Slots-IOS 12.0.4 (XE)
>
> I want to use 4 OC-3 Interface,1 Gigabit interface, 2 Fast Ethernet
> interface.
> Is this possible to use the above interfaces in both above said router?.
> If yes what IOS version required.
>
> Please mail me how many different type of  interfaces can be added to the
> available  maximum of 6 slots.
>
> Best Regards,
>
> R.S.Sundar
> SSG Manager
>
>
***
> This message is proprietary to Future Software Limited (FSL)
> and is intended solely for the use of the individual to whom it
> is addressed. It may contain  privileged or confidential information
> and should not be circulated or used for any purpose other than for
> what it is intended.
>
> If you have received this message in error, please notify the
> originator immediately. If you are not the intended recipient,
> you are notified that you are strictly prohibited from using,
> copying, altering, or disclosing the contents of this message.
> FSL accepts no responsibility for loss or damage arising from
> the use of the information transmitted by this email including
> damage from virus.
>
***




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63863&t=63856
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Backup Site - 152Mbps [7:63866]

[The Long and Winding Road]

wrote in message
news:[EMAIL PROTECTED]
> To build a backup server farm site (22 servers), with maximum requirement
> of 152Mbps (peak):
>
> Economic approach:
>
> 3640 with ATM module
> 3550-48-SMI
> 3 ATM PVCs, to the major points of the backbone (LS1010 switches and
> 6509-FlexWan ATM card); each PVC 5 Mbps SCR.
>
> Robust and Scalable approach:
>
> 6006 with ATM module
>
>
> The peak is considering the maximum rate if all servers were accessed at
> the same time (based on MRTG daily statistics).
>
> Any thoughts?
>

based on my experience, the 3640 may not give you the performance you
require. especially if you are using any access-lists, route-maps, QoS.

Also, with your peaks at well over 100 meg, you might want to consider a gig
interface on the LAN side.

a thought - use a dual ethernet router like a 3745 ( twice the performance
of the 3640 ) in combination with the switch ( which can easily handle the
load ) put your servers into two subnets / vlans and do quasi-load-sharing
across those two ethernet interfaces. depends on your traffic requirements.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63873&t=63866
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ??? IS-IS ??? [7:63875]

[The Long and Winding Road]

yes it is a routing protocol. it has been around a while. as good a place as
any to start is Radia Perlman's Interconnections book.

Cisco's web site has some resources:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c
/ipcprt2/1cdisis.htm

Doyle's book is OK.


""Steven Aiello""  wrote in message
news:[EMAIL PROTECTED]
> Hello All,
>
>I'm wondering was IS-IS is.  No pun intended.  I'm assuming it's a
> routing protocol?  I've gone through Cisco, CCNA acad. and have my CCNA
> and I've even started going over Semester 5 for the CCNP, but IS-IS is
> no where to be found...  Is this a new protocol?  Or does someone know
> where I can find a good over view?
>
> Thanks for brain food,
> Steve




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63876&t=63875
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cannot ping ospf routes from a rip router? [7:63864]

[The Long and Winding Road]

""Cisco Nuts""  wrote in message
news:[EMAIL PROTECTED]
> Hello, I have 3 routers setup, running ospf and rip ver 1 with 2 way
> redistribution on the middle router.The ospf routers have loopbacks as
> 10.8.8.8/24 and 10.9.9.9/24The rip router has a loopback of
10.2.2.2/24.The
> middle router running rip has networks 10 and netw 120 defined.I cannot
> ping 10.9.9.9 or 10.8.8.8 from the rip routerWithout configuring static
> routes, how can I ping these networks?Thank you for your help.Sincerely,CN
> Config. on the middle router running both rip and ospf:R1-E#rbr
> router ospf 999
>  log-adjacency-changes
>  redistribute connected subnets
>  redistribute rip subnets
>  network 120.20.30.0 0.0.0.255 area 0
>  network 120.20.40.0 0.0.0.255 area 0
> !
> router rip
>  redistribute connected metric 2
>  redistribute ospf 999 metric 2
>  network 10.0.0.0
>  network 120.0.0.0 From the rip router:R2-B#r
> C192.168.10.0/24 is directly connected, Ethernet0
> 10.0.0.0/24 is subnetted, 1 subnets
> C   10.2.2.0 is directly connected, Loopback0
> 120.0.0.0/24 is subnetted, 3 subnets
> R   120.20.40.0 [120/1] via 120.20.20.2, 00:00:14, Serial0
> R   120.20.30.0 [120/1] via 120.20.20.2, 00:00:14, Serial0
> C   120.20.20.0 is directly connected, Serial0 R2-B#ping 10.9.9.9Type
> escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 10.9.9.9, timeout is 2 seconds:
> .
> Success rate is 0 percent (0/5)
> R2-B# Any ideas??


I don't see any OSPF routes anywhere.  The redistribution router should have
the OSPF routes 10.8.8.8/24 and 10.9.9.9/24, in addition to the RIP routes
you are showing.

check the OSPF config between the redistribution router and the OSPF router.



>
> 
>
> MSN 8 helps ELIMINATE E-MAIL VIRUSES. Get 2 months FREE*.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63877&t=63864
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF and MTU, spawned from the OSPF vs. EIGRP thread [7:63936]

[The Long and Winding Road]

Reviving an oldie but a goodie, based on some work I was doing today. I
wanted to check something that required 3 routers, and all I had were 2
routers and the 3550 switch. well, that's ok. L3 and all. BTW, have we
decided which is better - an L3 switch or a router? Hint - the L3 switch is
FAR superior to a 2503 router :->

OK, so I set up ospf among the routers ( switch ports configured as router
interfaces ) and no ospf neighbor relationships are forming. this is BS.
Done this in my sleep.

start looking at the debugs and I keep seeing something weird from the
switch side. keeps reporting the interface down. makes no sense. I check the
speed and duplex, but you know, I know this has worked in the past.

fiddle some more. fiddle some more. finally look at things from one of the
routers' perspective, and the debug says something about a mismatched MTU.

Oh yeah, I was doing some vlan tunneling practice and to do so, you have to
set the switch MTU higher to accommodate the larger 801.q frame. can't
change the MTU size on an interface by interface basis.

quickly, I issue the interface command ip ospf mtu-ignore ( Cisco
proprietary? IIRC? ) on the interfaces in question, and viola! everything is
dandy.

quick look at the command reference, and I see this command was introduce in
12.0.3 - so that puts it into the time frame of the early days of the 65xx
and the MSFC. Dare I hazard a guess that the command was introduced in
anticipation of exactly this kind of situation - the L2 part of the switch
requiring a larger MTU for whatever reason, and the L3 part of the switch
running Ospf and running into exactly this problem?

Geez, some days I really appreciate the time I spend on this group. Amazing
the stuff I remember.

Chuck

--
TANSTAAFL
"there ain't no such thing as a free lunch"




""Kane, Christopher A.""  wrote in message
news:[EMAIL PROTECTED]
> In an attempt to find out why MTU is examined (more precisely, why it's
> examined in the Database Description packets instead of the Hello packets)
> one of my co-workers found this passage in IETF meeting minutes:
>
> "Editor's note:  These minutes have not been edited.
>
> The OSPF Working Group met on Wednesday, December 11th from 1300-2500 at
> the San Jose IETF. Minutes of the meeting follow:
>
> The second problem, reported by Dan Senie of Proteon, concerns MTU
> mismatches between OSPF neighbors. This can cause flooding between
> the two neighbors to fail, with large Link State Updates being
> continually retransmitted. To fix this, we will report interface MTU
> in Database Description packets. A router will discard received
> Database Description packet which advertise an MTU that is larger
> than the router can receive. In this way, adjacencies will not form
> between routers having MTU mismatches. Tony Li expressed a desire
> for a more general purpose mechanism. There was also a question
> whether the same thing will have to be done for OSPF for IPv6 (we
> think so)."
>
>
> Very informative. Thank goodness for meeting minutes. Here's the link if
> anyone is as hung up on this as I seem to be. :)
>
>
> http://www.ietf.org/ietf/ospf/ospf-minutes-96dec.txt




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63936&t=63936
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: some question about frame-relay configuration! [7:63973]

[The Long and Winding Road]

the frame-relay intf-type command is used on a frame relay switch, as part
of the switch to switch config. it should not be used on a customer edge
device.

if you were to enter the "frame-relay switching" commands on R1 and R3, the
interfaces would come up and the routers would engage in frame-relay switch
signaling.

You probably want to remove the frame-relay intf-type commands from R1 and
R3, making them customer edge devices, at which point they will communicate
with R2


""tigers zheng""  wrote in message
news:[EMAIL PROTECTED]
> I have a question about frame-relay!Please tell me why it happened?
> the topolofy :r1(s0)---(s0/0)r2(s0/1)---(s0/0)r3
> r1:2511,r2:2620,r3:2621
>
> the configuration:
> r1:
> interface s0
> ip address 10.10.10.1 255.255.255.0
> encapsulation frame-relay
> frame-relay lmi-type ansi
> frame-relay intf-type dte
> frame-relay interface-dlci 100
> !
> r3:
> interface s0/0
> ip address 10.10.10.2 255.255.255.0
> encapsulation frame-relay
> frame-relay lmi-type ansi
> frame-relay intf-type dte
> frame-relay interface-dlci 101
> !
> r2:
> frame-relay switching
> int s0/0
> no ip address
> encapsulation frame-relay
> clockrate 64000
> frame-relay route 100 interface s0/1 101
> frame-relay lmi-type ansi
> frame-relay intf-type dce
> !
> int s0/1
> no ip address
> encapsulation frame-relay
> clockrate 128000
> frame-relay route 101 interface s0/0 100
> frame-relay lmi-type ansi
> frame-relay intf-type dce
> !
> But the serial of all of the router is shutdown,line protocol is also
down!
> I want to know what happen!
> Thanks very much!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63987&t=63973
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Policy Routing on the 3550? [7:64074]

[The Long and Winding Road]

one of the "gotchas" of the 3550 IOS images.

There is no reference to the ip policy route-map command in the
documentation. Policy is not mentioned in the configuration guide.

I did check the "unsupported commands" section and did not see anything
specific. But I can say that there are commands that appear in the IOS
menus, and there are commands that you can enter and receive no error
message. And they still have no effect.

guessing now, but because of the experiences above, I would suggest that
policy routing is not supported in the 3550 IOS at this time.

one of the frustrations of this IOS on this platform


""W. Alan Robertson""  wrote in message
news:[EMAIL PROTECTED]
> Howdy folks...
>
> I need to set the next hop on a 3550 (with the EMI Image) based on the
> protocol type.  We've got a number of transparent proxy servers, each
> one handling a different type of traffic (One for HTTP...  One for
> SMTP...  Etc.).
>
> No problem, right?  Wrong.
>
> Merrily, I configured my access-lists to identify the various traffic
> types.  I then created the route-map statements to set ip next-hop for
> each of the types of traffic.  I then went to my vlan interface to
> apply the route-maps, but lo and behold, no "ip policy" command.
>
> How can I apply the route-maps to my interface?
>
> Is there another way to accomplish this?
>
> Thanks,
>
> Alan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64101&t=64074
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Who likes BGP? [7:64123]

[The Long and Winding Road]

""Edwin R. Gonzalez""  wrote in message
news:[EMAIL PROTECTED]
> I came across this article about BGP earlier today,
> check it out;
>
> http://news.com.com/2100-1009-990608.html
>


yada yada yada  :->

the big point seems to be the misconfigured router incident, and it is
highly unlikely that any system or protocol could have prevented that from
happening. afterall, that router was trusted by it's neighbors, as it should
have been.

against stupidity the gods themselves contend in vain.

( OK, I agree in concept. but the article fails to make it's case by citing
idiocy as a driving factor )




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64125&t=64123
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Off Topic - for those looking for cheap lab routers [7:64131]

[The Long and Winding Road]

token ring stuff is going for very reasonable prices over on that auction
site we all know and love. might be a good way to add serial ports /
complexity to an existing rack. or start building a CCNA / CCNP study rack

just a thought




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64131&t=64131
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Who likes BGP? [7:64132]

[The Long and Winding Road]

you sure it's coffee giving you that buzz, Eddie? You sent this same article
a couple of hours ago.

--
TANSTAAFL
"there ain't no such thing as a free lunch"




""Edwin R. Gonzalez""  wrote in message
news:[EMAIL PROTECTED]
> Hey,
>
> It's your friendly neighborhood CISCO MAN!
> Sorry, it's Friday night, I'm still at work with a coffee
> buzz that might last me until the morning.
>
> I came across this article that might be of interest to
> some people, check it out;
> http://news.com.com/2100-1009-990608.html?tag=fd_lede1_hed
>
>
>
> --
> _
> The harder you work, the luckier you get!
> _
> The only place success comes before
> work is in the dictionary!!!
> _




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64135&t=64132
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Question concerning a new 2501 router in home lab [7:64170]

[The Long and Winding Road]

""Jim""  wrote in message
news:[EMAIL PROTECTED]
> I recently acquired a used 2501 router for my home lab that is booting
with
> no problem. There is no configuration so it asks if you want to auto
config.
> I try to enter an N at this point and get nothing it seems as if the
> keystroke is not seen by the router. If I just run my hand across the
> keyboard the router responds with enter a yes or no to continue. Any
> suggestions to assist is greatly appreciated.


just for kicks, does it respond to the carriage return ( or the "Y" key?? )
??

at least if it does, then you could see if it is just a broken key on your
terminal ;->




>
> Jim Valentine




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64175&t=64170
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF neighbor problem [7:64176]

[The Long and Winding Road]

""Arnaud V.""  wrote in message
news:[EMAIL PROTECTED]
> Hello,
>
> I have an ospf problem. Two neighbors on a nbma
> network who have connectivity are unable to go in the
> two state, but have establish adjacency with the DR.
> I include the configurations and  ospf neighbor
> states.


the problem is that the router with the multipoint subinterface considers
that it is on an NMBA, and therefore considers itself as the DR, while the
router using the point-to-point subinterface considers that it is on a
point-to-point link, and therefore does not believe in the necessity for a
DR.

if you look at the "show ip ospf neigh" result, your see the
"attempt/DRother"  the DR is expecting a response from it's partner
indicating the partner is neither a DR or BDR.

in L2 terms, a multipoint subinterface connected to point-to-point
subinterfaces treats all connections as a series of point-to-point links.
due to the manner in which OSPF interacts with frame relay, you can easily
get situations like this.

off the top of my head, without knowing the partciulars, I would advise that
you change the ospf network type to NMBA on the spokes, and use neighbor
statements on the hub. Also, don't forget to manipulate the priorities so
that the hub router becomes the DR.



> Perhaps have I done a mistake or don't know ospf
> enough. Can u help please.
>
> Thanks in advance
>
> __
> Do you Yahoo!?
> Yahoo! Tax Center - forms, calculators, tips, more
> http://taxes.yahoo.com/
> R2
>
> interface Serial1/0
>  no ip address
>  encapsulation frame-relay IETF
>  no fair-queue
>  frame-relay traffic-shaping
>  frame-relay class R2-ts
> !
> interface Serial1/0.1 point-to-point
>  ip address 150.50.24.1 255.255.255.252
>  ip ospf message-digest-key 1 md5 cisco
>  frame-relay interface-dlci 204
> !
> interface Serial1/0.2 multipoint
>  ip address 150.50.100.1 255.255.255.224
>  ip ospf message-digest-key 1 md5 cisco
>  ip ospf network non-broadcast
>  ip ospf priority 0
>  frame-relay map ip 150.50.100.2 205 broadcast
>  frame-relay map ip 150.50.100.3 203 broadcast
> !
> router ospf 1
>  log-adjacency-changes
>  area 0 authentication message-digest
>  redistribute connected subnets
>  network 150.50.24.0 0.0.0.3 area 0
>  network 150.50.100.0 0.0.0.127 area 0
> --
--
>
> ROUTERp1R2#sh ip ospf neigh
>
> Neighbor ID Pri   State   Dead Time   Address
Interface
> 172.32.1.11   FULL/  -00:00:38150.50.24.2
Serial1/0.1
> N/A   0   ATTEMPT/DROTHER-150.50.100.3
Serial1/0.2
> 5.5.5.5 255   FULL/DR 00:01:39150.50.100.2
Serial1/0.2
> --
---
>
> ROUTERp1R2#sh ip ospf int
> Serial1/0.1 is up, line protocol is up
>   Internet Address 150.50.24.1/30, Area 0
>   Process ID 1, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 48
>   Transmit Delay is 1 sec, State POINT_TO_POINT,
>   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
> Hello due in 00:00:02
>   Index 1/1, flood queue length 0
>   Next 0x0(0)/0x0(0)
>   Last flood scan length is 1, maximum is 6
>   Last flood scan time is 0 msec, maximum is 0 msec
>   Neighbor Count is 1, Adjacent neighbor count is 1
> Adjacent with neighbor 172.32.1.1
>   Suppress hello for 0 neighbor(s)
>   Message digest authentication enabled
> Youngest key id is 1
> Serial1/0.2 is up, line protocol is up
>   Internet Address 150.50.100.1/27, Area 0
>   Process ID 1, Router ID 2.2.2.2, Network Type NON_BROADCAST, Cost: 48
>   Transmit Delay is 1 sec, State DROTHER, Priority 0
>   Designated Router (ID) 5.5.5.5, Interface address 150.50.100.2
>   No backup designated router on this network
>   Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
> Hello due in 00:00:10
>   Index 2/2, flood queue length 0
>   Next 0x0(0)/0x0(0)
>   Last flood scan length is 1, maximum is 6
>   Last flood scan time is 0 msec, maximum is 0 msec
>   Neighbor Count is 1, Adjacent neighbor count is 1
> Adjacent with neighbor 5.5.5.5  (Designated Router)
>   Suppress hello for 0 neighbor(s)
>   Message digest authentication enabled
> Youngest key id is 1
> FastEthernet4/0 is up, line protocol is up
>   Internet Address 150.50.17.2/24, Area 3
>   Process ID 1, Router ID 2.2.2.2, Network Type POINT_TO_MULTIPOINT, Cost:
1
>   Transmit Delay is 1 sec, State POINT_TO_MULTIPOINT,
>   Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
> Hello due in 00:00:07
>   Index 1/3, flood queue length 0
>   Next 0x0(0)/0x0(0)
>   Last flood scan length is 0, maximum is 0
>   Last flood scan time is 0 msec, maximum is 0 msec
>   Neighbor Count is 0, Adjacent neighbor count is 0
>   Suppress hello for 0 neighbor(s)
> R3
>
> interface Serial2/0
>  ip address 150.50.100.3 255.255.255.224
>  encapsulation fra

Re: NDA Violation or NOT [7:64179]

[The Long and Winding Road]

forgive the format. my Outlook Express client is severely misbehaving,
crashing randomly when I try to do in-line posting.

>i have a question about NDA that i am not sure about ,hope
> someone can answer me

Cisco is the ultimate arbiter. you can contact them directly at
[EMAIL PROTECTED]  I have found that they will respond if you are specific.

be aware that I have asked about potential NDA violation of specific
training materials and received conflicting answers.

>if i write about Cat3550 ,routing protocol stuff (NOT same
> question,diagram ,score ,time ... like in the real lab ) will i BREAK any
> NDA

While having been through the Lab demands that you be a little more careful,
the fact is that the equipment in the Lab and the equipment in the real
world all works the same way and has similar capability. There is only so
much that can be said.

If you were to say "here is what I saw in the CCIE Lab when I was there" and
provided information, that would be NDA. On the other hand, if you were to
start by identifying core topics, core skill sets, and go from there, you
are probably OK.

Is Caslow a violation of NDA? NLI? IPXpert? Etc?

Or maybe to put it another way, is it any real secret as to what the core
topics are?

>the lab had 2 CAT3550 and every one knew about it
> ,but if i write about a question like create vlan xx and connecting 2 cats
> together , will it fall under NDA violation if i write "NEXT TASK IS TO
USE
> CONSOLE PORT TO CONNECT the switch , allow only VLAN xx to pass,and create
> some thing to put port in :-) "

better way to put this might be to consider skill sets necessary to proclaim
"expertise" and write around emphasizing those skill sets.

So, for multiple switches in any environment, let alone the CCIE Lab, what
are the expert level things one should know? for example, trunking? VTP?
etherchannel? fallback bridging? vlan failover? various spanning tree
functions? vlan tunnels? etc?

>Like Mr Karl Solie books ,he also a ccie and his books got lots of stuff
> very close to the real lab according to amanzon feedback, how come cisco
> didnt NDA him yet ,or ciscopress can publish those NDA stuff any time they
> want ?,is it a time limit for NDA after the lab ?

I got a better one for you. Cisco publishes the ASET labs for Cisco
employees and partners to use for  CCIE preparation. Forget NDA. Is this
fair? that working for a partner I can see practice materials written by
Cisco that someone else who does not have that advantage cannot? that I can
attend Cisco sponsored training that others may not?

>Or is it freely to write any thing but the question must not look like the
> lab but still contains same routing,switching protocol like in the lab .
>

I think you're OK if you stay clear of any implication that you are
revealing what you saw in the Lab. When I wrote my white paper, available on
Cert Zone, I had not yet seen the new Lab. Now that I've been through the
new Lab, I make very sure that I do not make statements about whether or not
the paper is close to what I saw in the lab. What I do say is that the
topics covered are part of an expert skill set that I believe are required,
especially now that I am doing a lot more big campus switching projects for
customers. as such, the knowledge cannot hurt when one prepares for the Lab.


note - the message below was cut in order for me to respond without my news
client crashing.

""Nicky Lane Nicky Lane""  wrote in message
news:[EMAIL PROTECTED]
> hi everyone ,i have a question about NDA that i am not sure about ,hope
> someone can answer me .

snip




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64182&t=64179
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Help making a frame relay switch [7:64224]

[The Long and Winding Road]

""Mark W. Odette II""  wrote in message
news:[EMAIL PROTECTED]
> If I recall correctly, Asynch ports run at 115Kbps line rate (referred
> to as 'low-speed serial ports').


can still use that setup as a frame switch. A certain rack rental place used
a router with a bunch of async ports - maybe a 2522? just be sure to use a
matching clock rate on the DCE side.



>
> The idea behind using such a piece of hardware in the 2600/3600 routers
> is to make that specific router the "Terminal Server" to console into
> all the other routers.
>
> You could also connect back-to-back asynchs, I suppose, but I've never
> done it myself.
>
>
>
> -Original Message-
> From: hepppy [mailto:[EMAIL PROTECTED]
> Sent: Sunday, March 02, 2003 10:11 PM
> To: [EMAIL PROTECTED]
> Subject: Help making a frame relay switch [7:64224]
>
> Hi all,
>
> Sorry for being Naive. I am interested in creating a lab with some 10 X
> 26xx
> routers. I need to create a frame realy switch. I am not sure what to
> use. I
> have seen a Lab a couple of months back which had 8  DB60 serial cables
> connected to the 26xx router. Now I don;t have one of those with me,
> hence
> was
> searching on the net to purchase one. And I found a Description of 8
> port
> Asynch/Synch and 2 port serial. The question is Is Asynch port the same
> as
> serial ports. Can I connect DB60 back to back cables to Asynch ports.
>
> Any other suggestions or help to make this Frame realy switch will be
> appreciated
>
> Thanks to all...
>
> regds
> hepppy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64237&t=64224
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: catalyst 3550 and CGMP [7:64240]

[The Long and Winding Road]

""John Tafasi""  wrote in message
news:[EMAIL PROTECTED]
> Does any body know how to enable CGMP on a 3550 catalyst switch?
>
>

chapter 33 of the configuration guide, as found on cco




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64258&t=64240
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Bizzare Routing/VPN Issue [7:64301]

[The Long and Winding Road]

this is a complex situation that requires that you fly me out your way and
pay my stay at a five star hotel and full salary plus travel bonus for the 6
to 8 weeks it will take me to solve the problem  :->

--
TANSTAAFL
"there ain't no such thing as a free lunch"




""John Brandis""  wrote in message
news:[EMAIL PROTECTED]
> Hi All, I am sure one of you will see the problem and be able to offer a
> solution.
>
> I have 2 organisations here, one in Australia the other in NZ. In
Australia,
> we have a hub and spoke point to multi-point config from the hubs
> perspective. I run OSPF and have all sites in area 0 (yes I know i should
> break this up so that each region forms its own area, but why at this time
> ??)
>
> My problem, which only started this morning at 5am when the tech in NZ and
I
> decided to up the encryption settings on the VPN, I think is related to
> routing, or related to a crypto map error. In Sydney, I use a cisco 3005
> whilst the office initiating the IPSEC connection uses a little Watchguard
> box. Until this morning it was simple, I could see his local lan behind
the
> remote peer, and he could see my local networks, but not the office's on
my
> WAN (by design). The goal of this morning was to permit NZ to be able to
see
> all networks in Australia. We dont yet run a nice continuos IP scheme here
> (yet), so each network had to be delcared line by line rather than a nice
> summary. We implemented this network by network. I enabled my NZ
counterpart
> access to the Australian hub site and one of the spokes. Thats when the
> problem started. We tried to put the next spoke site network list in the
> list of availiable networks, then it all fell to bits. The problem now is
> that the guy in NZ can ping my spoke sites routers, however from these
spoke
> sites I cant ping him. I trace the packet, and watch it hop through my
> network with the last hop being the 3005 VPN concentrator that connects NZ
> to us. From there it times out...From my desk in the hub site in
Australia,
> I can ping both the spoke site, and the NZ techs PC. So at this stage I
can
> confirm that the route that works from sydney to NZ, has been
redistributed
> via OSPF to my spoke sites, however it just does not appear to get through
> the tunnel, however the guy in NZ says he has 100% ping to my spoke sites.
>
> Could any one suggest where a possible problem could be ?
>
> I can see IPSEC tunnels for the various networks and I can see traffic
going
> across them, however I have no idea why I cant access anything across the
> VPN from my spoke sites. The NZ guy said all traffic from Australia has a
> permit statement. I can only see the problem as access-list like problem
on
> his end, as we had this working for the central site here (hub site) and
for
> one of the spoke sites until we added more.
>
> Would appreciate any help.
>
> Thanks all
>
> Johnny b
>
>
> **
>
> visit http://www.solution6.com
>
> UK Customers - http://www.solution6.co.uk
>
> **
>
> The Solution 6 Head Office and NSW Branch has moved premises.
> Please make sure you have updated your records with our new details.
>
> Level 14, 383 Kent Street, Sydney NSW 2000.
>
> General Phone: 61 2 9278 0666
>
> General Fax: 61 2 9278 0555
>
> **
>
> This email message (and attachments) may contain information that is
> confidential to Solution 6. If you are not the intended recipient you
cannot
> use, distribute or copy the message or attachments.  In such a case,
please
> notify the sender by return email immediately and erase all copies of the
> message and attachments.  Opinions, conclusions and other information in
> this message and attachments that do not relate to the official business
of
> Solution 6 are neither given nor endorsed by it.
>
> *




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64307&t=64301
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ip ospf dead-interval [7:64311]

[The Long and Winding Road]

""nilesh bothra""  wrote in message
news:[EMAIL PROTECTED]
> Q. Change OSPF dead interval to 60 seconds.
> You are not allowed to use the command 'ip ospf dead-interval" for
> accomplishing this task.
>
> Suggestions pls


OSPF timers consist of what? and what is the timing relationship?

the answer is found by looking at the topics listed on this page:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_r
/iprprt2/1rdospf.htm
watch the wrap




>
> Nilesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64314&t=64311
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

My Favorite Topic - RIP route propagation / redistribution [7:64320]

[The Long and Winding Road]

Cisco Nuts sent me this one off line.

R3---R4---R5
OSPF   RIP

R4 redistributes RIP to OSPF and visa versa


each router has a loopback with an address of 200.0.0.X / 32, where X is the
router number

RIP version 1 on R4 and R5. The loopback on R4 is in the OSPF domain, and
the loopback on R5 is in the RIP domain.

CN apparently did not see the same phenomenon that I did. In his setup, he
saw the summary-address of 200.0.0.0/24 propagated onto R4.

In my setup I saw that so long as I had the 200.0.0.4 address on the R4
loopback that the 200.0.0.0/24 refused to propagate. it did not show up in
the R4 table.

damn, I forgot to ask his IOS version. I'm running 12.1.5T10

solution? has to do with the various ways one can trick RIP into behaving as
VLSM capable.


--
TANSTAAFL
"there ain't no such thing as a free lunch"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64320&t=64320
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Off Topic Irrelevant Reply - WAS: IS-IS in Lab [7:64403]

[The Long and Winding Road]

""Bruno Fernandes""  wrote in message
news:[EMAIL PROTECTED]
> Should I expect IS-IS in the security LAB ?

One can learn everything one needs to know about life, the universe, and
Cisco CCIE Lab preparation through the proper study of baseball.

So - if you were a major league hitter stepping into the batter's box in a
key situation, should you expect the high hard one aimed at your head?

Well, you probably should be aware that it could happen. ;->

baseball season coming up! hot dawg



>
> Thanks and Regards,
> Bruno Fernandes




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64410&t=64403
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ip ospf dead-interval [7:64311]

[The Long and Winding Road]

""Scott Roberts""  wrote in message
news:[EMAIL PROTECTED]
> good point, I'm new to the forum and wasn't quite sure of what approaches
to
> answers people expected. I do like his approach to answering it, because
if
> you look at the link, the answer is in there (with the use of some
deductive
> logic).
>
> the only thing that worries me though, is that if people never get a
> straight answer, will they then stop asking questions? its nice to see an
> open forum about cisco networking thats actually well populated, I'd like
to
> support it as much as I can.


There are a couple of ways to look at this.

give someone a fish, or teach them how to fish?

what level of expertise is the person asking the question?

The question itself - how to change one ospf timer without using the
timer-specific command - is a standard trick question for a lot of CCIE
practice labs. It's not generally the kind of thing that comes up in the
CCNA qualification exam.

Making the assumption that someone is prepping for the CCIE Lab, should they
be expecting specific answers to specific questions? Or should they be
spending a bit more time acquiring the expertise that is going to be tested
in the Lab?

Maybe there are CCNP practice labs out there that ask these kinds of
questions as well? Maybe the guy asking the question is a newly minted CCNA
and is starting his road to CCNP? Sure, ask the question.

My own opinion, and my own advice to anyone who dreams of attaining the
CCIE, is to start early and often - get into the habit of looking things up
in the documentation first. Knowing your way around the doc CD or the Cisco
CCO doc pages is a skill that will serve you well in a lot of different
places, including the CCIE Lab itself.


>
> scott
>
> ""Priscilla Oppenheimer""  wrote in message
> news:[EMAIL PROTECTED]
> > Scott Roberts wrote:
> > >
> > > shoulds like you're trying to answer a trick question on a
> > > test? I suppose
> > > "The Long and Winding Road" wanted you to work for your answer,
> > > but I'll
> > > come out and tell you.
> >
> > Why did you come out and tell the original poster the answer? Wouldn't
the
> > poster learn more from working it out? I liked "The L&W Road's" answer
> much
> > better. :-)
> >
> > Wouldn't the poster be a better representative of the relevant
> certification
> > having worked it out? For example, if the poster is going for CCNP and
> > manages to pass because people provided answers instead of methods for
> > figuring out the answer, is that a good thing for the rest of us who
wish
> > CCNP to be a respected certification?
> >
> > The poster asked for suggestions, not answers, and that's what we should
> > have provided.
> >
> > Hopefully the poster will try this in a lab. There is at least one minor
> > gotcha that I can think of.
> >
> > Hey, you had to expect to get slammed for this! ;-) I'm doing this with
> all
> > due respect and a recognition of how fun it is to give an answer. I
think
> a
> > lot of us participate on the list partly to give answers because it's
fun
> > and a nice ego stroke, myself included. But the real goal of Group Study
> is
> > to help people learn.
> >
> > Priscilla
> >
> >
> > >
> > > ospf defaults the dead-interval/hold-time as a multiple of the
> > > hello time,
> > > so if you change the hello time the dead interval changes
> > > automatically
> > > also.
> > >
> > > scott
> > >
> > > ""nilesh bothra""  wrote in message
> > > news:[EMAIL PROTECTED]
> > > > Q. Change OSPF dead interval to 60 seconds.
> > > > You are not allowed to use the command 'ip ospf
> > > dead-interval" for
> > > > accomplishing this task.
> > > >
> > > > Suggestions pls
> > > >
> > > > Nilesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64413&t=64311
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: network design [7:64422]

[The Long and Winding Road]

""ferry ferry""  wrote in message
news:[EMAIL PROTECTED]
> I need a scheme of network.It need seven hundreds points.please give me
some
> advice on how to design it.It include that how to select network
> product,product configuration.They are seted in a building.It have twenty
> layers.


Let's see if I understand you correctly.

A company is located in a multistory building. There are 700 users spread
out among 20 floors. So on average there are 35 users per floor.

I'm going to assume a single data center with your servers and internet
connection.

Got fiber running from your data center to the various floors? How is this
structured? how far from the dataccenter to each of the floors?

the answer to this will help determine if you use a collapsed backbone or if
you connect your switches in series.

do you have groups of users who should logically be separated from
eachother. Some companies like their payroll department to be on a separate
network from other departments, for example. are there some services that
need to be separated and unavailable to some users?

These days, 700 uses, particularly in a switched environment, is not such a
large braodcast domain ( stop grinding your teeth, Priscilla ;-> ) but
still, you might just want to separated out logical groups into vlans. or
maybe do it by grouping a couple of florrs together into vlans.

my knee jerk thought, not knowing too much about the particulars, is
determine your port counts per floor, determine connectivity - fiber runs
between closets, and where those runs terminate. if it's copper, you got
troubles :->

determine your logical / vlan structures. who needs to see what and when.

Then go through the provisioning process.

Don't be afraid to call in a couple of vendors to help you. ask for
proposals. If you have a vendor who works closely with you and wants to help
educate you, that's your guy ( or gal, for the politically correct )

hope this helps you get started.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64429&t=64422
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: GRE over IPSec [7:64435]

[The Long and Winding Road]

""zino""  wrote in message
news:[EMAIL PROTECTED]
> Hi,
>
> I want know different Among the crypto access-list of gre and ip command

it's morte like IPSec over a GRE tunnel, and watch the MTU if you do this.
Hard and long experience :-
> ex)access-list 100 per gre 10.0.0.0 0.0.0.255 192.168.0.0 0.0.0.255
> access-list 100 per ip 10.0.0.0 0.0.0.255 192.168.0.0 0.0.0.255


I'm not sure I'm understanding you. GRE is a tunnel protocol between two
endpoints.

interface tunnel 1
tunnel source loopback 1
tunnel destination 100.1.1.2
ip address 200.1.1.1 255.255.255.252

then add your crypto commands to enable IPSec over this tunnel

your IPSec command access-list might look something like

access-list 101 permit ip 121.1.1.0 0.0.0.255 122.1.1.0 0.0.0.255

this would permit hosts with a source address on the 121.1.1.0/24 subnet
sending traffic to hosts on the 122.1.1.0 subnet to be permitted across the
IPSec interface.

am I understanding you correctly? It's late and I'm getting sleepy.  :O

>
> --
> Thanks for Regards
>
> MCSE,CSE,CCNA,CCDA,CSS1,CCNP
> ASE,MasterASE,CCIE Security Candidate
> TEL:02-2190-5536
> C P:011-9154-1607
> Narae System Co.,Ltd
> System Technical Division
> Technical 4Team Section Manager




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64439&t=64435
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Catalyst 3550 SMI or EMI [7:64442]

[The Long and Winding Road]

""John Tafasi""  wrote in message
news:[EMAIL PROTECTED]
> How do I know if a catalyst 3550 is running EMI or SMI image. I tried
using
> show version but that gave me no clue.

sure? I think it's there somewhere...

if nothing else, the SMI image contains an "i9" while the EMI image contains
and "i5"

c3550-i9q3l2-mz.121-12c.EA1.bin  = smi

c3550-i5q3l2-mz.121-12c.EA1.bin = emi

>
> Thanks
>
> John Tafasi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64448&t=64442
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Off Topic - just screwing around and what do I see? [7:64449]

[The Long and Winding Road]

three routers in a circle. but that's irrelevant.

inbound from r3---r1--r2-r3->back to r1


I have IGRP between two of the routers. I have loopback on each of the two
routers -- 222.222.222.x/32

watching the 222.222.222.0/24 subnet advertisement. R2 sends it to R3 and R3
sends it to R2

???

wait a minute - since when does EIGRP automatically redistribute into IGRP,
even when the AS numbers are DIFFERENT

router eigrp 200
 passive-interface default
 no passive-interface Serial1
 network 199.35.1.0
 network 222.222.222.0
 no auto-summary
 no eigrp log-neighbor-changes
!
router igrp 100
 passive-interface default
 no passive-interface Serial0
 network 199.34.1.0
!
Router_3#sh ip route 222.222.222.0
Routing entry for 222.222.222.0/24, 2 known subnets
  Attached (1 connections)
  Variably subnetted with 2 masks
  Redistributing via eigrp 200
  Advertised by igrp 100



well, at least IGRP isn't in the Lab any longer..

--
TANSTAAFL
"there ain't no such thing as a free lunch"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64449&t=64449
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ??? collapsed backbone ??? [7:64467]

[The Long and Winding Road]

""Steven Aiello""  wrote in message
news:[EMAIL PROTECTED]
> Hello all,
>
>in a recent post I saw the term "collapsed backbone".  I know that
> the network backbone is usually a high speed connection that a server
> farm sits on, and could even extend out to your IFD's.  However I'm
> fuzzy on the term collapsed backbone.  What dose this imply.


I believe the term comes out of the wiring / cabling world, and not from
routing architecture.

A "collapsed" backbone has all wiring closets linked back directly to the
BDF / MDF

a "distributed" backbone has the wiring going from closet to closet in a
series





>
> Thank you all,
> Steve




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64473&t=64467
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Off Topic - just screwing around and what do I see? [7:64478]

[The Long and Winding Road]

R2
loop = 222.222.222.2/32
IGRP 100
loopback is in the igrp domain

R3
loop = 222.222.222.3/32
IGRP 100
EIGRP 200
loopback is in the eigrp domain

R2 SHOULD be advertising 222.222.222.0/24 to R3. And it is.

However, R3 is also advertising 222.222.222.0/24 to R2

Split horizon IS enable. I checked that.

I watched debug traces for an hour, and was writing my post when it occurred
to me that eigrp was interacting with igrp.

 222.222.222.0/24 is variably subnetted, 3 subnets, 2 masks
C   222.222.222.4/32 is directly connected, Loopback1001
O IA222.222.222.5/32 [110/65] via 199.45.1.5, 10:53:34, Serial1
I   222.222.222.0/24 is possibly down,
  routing via 199.34.1.3, Serial0
 199.34.1.0/29 is subnetted, 1 subnets
C   199.34.1.0 is directly connected, Serial0
 199.45.1.0/27 is subnetted, 1 subnets
C   199.45.1.0 is directly connected, Serial1
C199.1.1.0/24 is directly connected, TokenRing0
Router_2#

 222.222.222.0/24 is variably subnetted, 2 subnets, 2 masks
C   222.222.222.3/32 is directly connected, Loopback1001
I   222.222.222.0/24 [100/8976] via 199.34.1.4, 00:02:19, Serial0
 199.34.1.0/29 is subnetted, 1 subnets
C   199.34.1.0 is directly connected, Serial0
 199.35.1.0/28 is subnetted, 1 subnets
C   199.35.1.0 is directly connected, Serial1
C199.1.1.0/24 is directly connected, TokenRing0
C193.1.1.0/24 is directly connected, Loopback1
Router_3#

the "possibly down" moves from router to router slowly, as the dead time
expires.

the "problem" as I see it, it that EIGRP and IGRP are interacting. If I
remove 222.222.222.0 from the eigrp process, the problem disappears.

as a matter of intellect, it could well be a split horizon type issue, in
that both routers believe they are the source of 222.222.222.0 ( igrp on r2
and eigrp on r3 ) on the other hand, automatic summarization was turned off.

in my mind, there is some thing happening within the code that is the cause
of this problem. as I said, I thought igrp and eigrp interacted only if both
were in the same AS on the same router.



""Larry Letterman""  wrote in message
news:[EMAIL PROTECTED]
> r3 sends to r2, then r2 sends back to r3..
> you sure about that...split horizon should be enabled for
> eigrp and igrp..and igrp and eigrp will work together in the
> same as number..not sure about different as #'s
>
> Larry Letterman
> Network Engineer
> Cisco Systems
>
>
>   - Original Message -
>   From: The Long and Winding Road
>   To: [EMAIL PROTECTED]
>   Sent: Tuesday, March 04, 2003 11:04 PM
>   Subject: Off Topic - just screwing around and what do I see? [7:64449]
>
>
>   three routers in a circle. but that's irrelevant.
>
>   inbound from r3---r1--r2-r3->back to r1
>
>
>   I have IGRP between two of the routers. I have loopback on each of the
two
>   routers -- 222.222.222.x/32
>
>   watching the 222.222.222.0/24 subnet advertisement. R2 sends it to R3
and
> R3
>   sends it to R2
>
>   ???
>
>   wait a minute - since when does EIGRP automatically redistribute into
IGRP,
>   even when the AS numbers are DIFFERENT
>
>   router eigrp 200
>passive-interface default
>no passive-interface Serial1
>network 199.35.1.0
>network 222.222.222.0
>no auto-summary
>no eigrp log-neighbor-changes
>   !
>   router igrp 100
>passive-interface default
>no passive-interface Serial0
>network 199.34.1.0
>   !
>   Router_3#sh ip route 222.222.222.0
>   Routing entry for 222.222.222.0/24, 2 known subnets
> Attached (1 connections)
> Variably subnetted with 2 masks
> Redistributing via eigrp 200
> Advertised by igrp 100
>
>   
>
>   well, at least IGRP isn't in the Lab any longer..
>
>   --
>   TANSTAAFL
>   "there ain't no such thing as a free lunch"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64478&t=64478
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Catalyst 3550 SMI or EMI [7:64442]

[The Long and Winding Road]

""Steve Wilson""  wrote in message
news:[EMAIL PROTECTED]
> On the 3550 devices that I have the label on the back indicates whether it
> is EMI or SMI, beyond that if you can type in the command IP ROUTING it
> would seem logical that it is an EMI rather than an SMI.

I believe the SMI does RIP routing, so this is not necessarily proof.

the label on the switch only tells what the device was when Cisco shipped.
It is common practice for sellers on e-bay to up the image to EMI and sell
the boxes as EMI to command a few more bucks.

the sh ver will also proclaim the device as SMI, even with the EMI image
loaded.

I coulda sworn that there was somewhere else in the output that indicated
the image type, but it doesn't surprise me that I am wrong.


>Seriously though
> the software revision has all the information needed, you just need to
> understand what the filename means.
>
> Steve Wilson
> Network Engineer
> -Original Message-
> From: John Tafasi [mailto:[EMAIL PROTECTED]
> Sent: 05 March 2003 06:33
> To: [EMAIL PROTECTED]
> Subject: Catalyst 3550 SMI or EMI [7:64442]
>
> How do I know if a catalyst 3550 is running EMI or SMI image. I tried
using
> show version but that gave me no clue.
>
> Thanks
>
> John Tafasi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64480&t=64442
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Password recovery without reload? [7:64453]

[The Long and Winding Road]

""oscar""  wrote in message
news:[EMAIL PROTECTED]
> Can I see the configuration of a Cisco router without a password recovery?
> The problem is that the configuration was removed from the startup-config
by
> mistake and nobody remember the password and a password recovery here
means
> loose the configuration.
>

what? you don't have all your passwords printed out in large type on a sheet
of paper taped to the equipment rack? what kind of operation you running
there?   :->




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64483&t=64453
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Off Topic - just screwing around and what do I [7:64454]

[The Long and Winding Road]

""Larry Letterman""  wrote in message
news:[EMAIL PROTECTED]
> The only protocol for routing is eigrp...
> Looks like split horizon is on to me...


sure, but the interface report serves a different purpose. The only routing
protocols that honor split horizon are IGRP and RIP.

BGP, OSPF and EIGRP use topology tables of one kind or another ( stop
steaming at the ears, Howard :-> )

it is highly feasible that any of these latter protocols would need to
advertise routes back out the interface from which they were learned. Eg DR,
BDR, etc. BGP neighbor, etc.

>
> GigabitEthernet1/1 is up, line protocol is up
>   Internet address is 171.71.243.34/30
>   Broadcast address is 255.255.255.255
>   Address determined by non-volatile memory
>   MTU is 1500 bytes
>   Helper address is not set
>   Directed broadcast forwarding is disabled
>   Outgoing access list is not set
>   Inbound  access list is not set
>   Proxy ARP is enabled
>   Local Proxy ARP is disabled
>   Security level is default
>   Split horizon is enabled
>
> Larry Letterman
> Network Engineer
> Cisco Systems
>
>
>   - Original Message -
>   From: Troy Leliard
>   To: [EMAIL PROTECTED]
>   Sent: Wednesday, March 05, 2003 4:57 AM
>   Subject: Re: Off Topic - just screwing around and what do I [7:64454]
>
>
>   Split Horizon for EIGRP ... dont think so. !!!
>
>   Larry Letterman wrote:
>   >
>   > r3 sends to r2, then r2 sends back to r3..
>   > you sure about that...split horizon should be enabled for
>   > eigrp and igrp..and igrp and eigrp will work together in the
>   > same as number..not sure about different as #'s
>   >
>   > Larry Letterman
>   > Network Engineer
>   > Cisco Systems
>   >
>   >
>   >   - Original Message -
>   >   From: The Long and Winding Road
>   >   To: [EMAIL PROTECTED]
>   >   Sent: Tuesday, March 04, 2003 11:04 PM
>   >   Subject: Off Topic - just screwing around and what do I see?
>   > [7:64449]
>   >
>   >
>   >   three routers in a circle. but that's irrelevant.
>   >
>   >   inbound from r3---r1--r2-r3->back to r1
>   >
>   >
>   >   I have IGRP between two of the routers. I have loopback on
>   > each of the two
>   >   routers -- 222.222.222.x/32
>   >
>   >   watching the 222.222.222.0/24 subnet advertisement. R2 sends
>   > it to R3 and
>   > R3
>   >   sends it to R2
>   >
>   >   ???
>   >
>   >   wait a minute - since when does EIGRP automatically
>   > redistribute into IGRP,
>   >   even when the AS numbers are DIFFERENT
>   >
>   >   router eigrp 200
>   >passive-interface default
>   >no passive-interface Serial1
>   >network 199.35.1.0
>   >network 222.222.222.0
>   >no auto-summary
>   >no eigrp log-neighbor-changes
>   >   !
>   >   router igrp 100
>   >passive-interface default
>   >no passive-interface Serial0
>   >network 199.34.1.0
>   >   !
>   >   Router_3#sh ip route 222.222.222.0
>   >   Routing entry for 222.222.222.0/24, 2 known subnets
>   > Attached (1 connections)
>   > Variably subnetted with 2 masks
>   > Redistributing via eigrp 200
>   > Advertised by igrp 100
>   >
>   >   
>   >
>   >   well, at least IGRP isn't in the Lab any longer..
>   >
>   >   --
>   >   TANSTAAFL
>   >   "there ain't no such thing as a free lunch"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64515&t=64454
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Has anyone used this ? [7:64532]

[The Long and Winding Road]

""jeffrey schwartz""  wrote in message
news:[EMAIL PROTECTED]
> I thought I posted this before but I guess not. I am preparing for CCIE
> written then the lab and was wondering if anyone has used these guys
> http://www.amilabs.com before I invest any money? The price seems decent
for
> a starter before I go to ccbootcamp labs etc.
>
> Any info would be helpful...


personally, I wouldn't do busness with anyone whose web site is 120 columns
wide. Having to scroll right and left to read the pages irritates me to no
end.

yeah I could do that, but then these old eyes wouldn't be able to read the
damn thing.

before commiting, you may want to do a google search on CCIE rack rental (
no quotes - just these three words ), and see what you come up with.

Also, check out e-bay, where lots of rack rentals are being auctioned at
pretty reasonable prices.


best wishes in your studies

>
> Thanks...




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64552&t=64532
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Router 2500 series crashed in BGP!!! [7:64554]

[The Long and Winding Road]

""Xy Hien Le""  wrote in message
news:[EMAIL PROTECTED]
> Hi,
> I have experienced the Cisco 25xx routers crashed many time when
configuring
> BGP with the 26xx and 36xx routers, connected in a lab environment; most
of
> time happened when I do the "clear ip bgp *" command.
> Does anyone have the same problem? The 25xx routers have 16RAM and 16
FLASH
> installed.
> Any suggestion to fix this problem is very much appreciated.


there is a known bug with IOS versions lower than 12.1. Thids bug manifests
itself when you do a bgp default-information originate command under the BGP
process. Casues the router to reload. Real pain, especially when you are as
fast with the write mem as I am. :->

I have not experienced an issue related to the "clear ip bgp *" command, but
that doesn't mean there isn't one.

Which IOS version you using? Which image?


>
> Thanks,
> Xy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64559&t=64554
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cheap Domain Name register? [7:64557]

[The Long and Winding Road]

""Wes Stevens""  wrote in message
news:[EMAIL PROTECTED]
> Any advice on a cheap and good domain name register? I am
> tired of paying out the nose for register.com.


I find it hard to believe you are not receiving at least three spam messages
a day from alternative registrars.

I'm sending you some names off line - recovered from my spam blocker




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64560&t=64557
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: "Extra" IP addresses for VLANs? [7:64570]

[The Long and Winding Road]

""Mossburg, Geoff (MAN-Corporate)""  wrote in
message news:[EMAIL PROTECTED]
> I'm full of questions tonight...
> My company's Catalyst 6509's MSFC has VLANs configured with IP addresses
in
> the x.x.x.1 format, but I've noticed that I can telnet to the MSFC by
> substituting x.x.x.0 or x.x.x.255 for any of the VLAN addresses. Is this
> normal??? It seems to me like it may be a security risk, but I really
don't
> know enough about VLANs to be sure. Any ideas?


this might seem like a dumb question, but are there vlans or even hosts with
the paticular address?

in a subnet with a prefix shorter than /24, the 0 or the 255 might be a
legitimate host address.

could be a bug too, but I'd want to know the prefix length and more detail.



> Geoff Mossburg




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64612&t=64570
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Many Vlans [7:64569]

[The Long and Winding Road]

""Ron""  wrote in message
news:[EMAIL PROTECTED]
> I have need to put public access machines on the same pipe as my private
> network.  I also have need for each of the public machines not to talk to
> each other.  Is there a way to keep all ports connected to public machines
> from talking to each other except for one port connected to a printer and
> one port connected to a router going to the Internet?  Maybe all separate
> Vlans?  All of my private machines can talk to each other, but not the
> public machines, and will be going over the same Internet pipe.  I will
> probably be using Cisco 3550-48-EMI switches.  Can anyone get me an easy
way
> to do this one?


I knew I recalled reading something like this the other day. Check out the
"protected ports" feature and see if this is what you are looking for:

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12112cea/3550scg/s
wtrafc.htm#xtocid6
watch the wrap




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64614&t=64569
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ip ospf dead-interval [7:64311]

[The Long and Winding Road]

""fred barreras""  wrote in message
news:[EMAIL PROTECTED]
> CiscoPress book for CCNP routing is very specific on changing hello
setting
> and having dead/interval setting changing automatically.

just like the documentation.

a couple of IOS releases ago, the trick question used to be, how do you
change the hello timer without using the ip ospf hello command. but alas, in
the more current IOS releases, changing the dead timer does not
automatically change the hello, rendering a number of CCIE practice labs
obsolete.

>I would have given
> the answer and said where I found it. What some people are suggesting is
> that when anybody posts a question the answer should be, "buy my book". If
> people do not to want help other people out, or at least point them in the
> right direction, then what is the point of groupstudy?

good question. seriously.

let's look at it another way

"Tell me the answer" or "I was reading this book, or doing this practice lab
and this point came up. I re-read the materials but I'm missing it. Where
can I find the answer?"

that's why I posted the link to the page on CCO where the appropriate
comands are found. it is also why I suggested that a good habit to get into
is to use the doc page first.

>Just like any other
> sire, this one is also not perfect.  I guess I just have to learn whose
> threads to bypass and not read at all. Just curious.  nilesh bothra wrote:


well, the list may not be perfect, but most of us on it are. :->




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64609&t=64311
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: New Voice CCIE [7:64620]

[The Long and Winding Road]

""Skarphedinsson Arni V.""  wrote in message
news:[EMAIL PROTECTED]
> I would say it sound very intresting, sepcialy for those that have call
> manager / voice experince.
> I wonder how much routing it has, for example, I doubt you have to
configure
> BGP on this one, or what do you think ?

OTOH, bet you'd have QoS up the wazoo!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64630&t=64620
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Memory purchase [7:64605]

[The Long and Winding Road]

""Angel Leiva""  wrote in message
news:[EMAIL PROTECTED]
> Here are my two favorite WEB based Cisco router memory dealers:
>
> http://www.memoryx.net/routers.html
>
> http://www.kg2.com/memory-2500-series.html


I've had good results from both of these places, and they are good choices.
Another that you might want to check is

www.anthonypanda.com

hong kong based, but cheap ( if a bit slow ) shipping

>
> Hth,
>
> Angel
>
> Angel Leiva, EE, CCNP R&S + WAN, MCSE
> Senior Network System Consultant
> International Network Services
> Irving, TX 75038
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
> [EMAIL PROTECTED]
> Sent: Thursday, March 06, 2003 8:29 AM
> To: [EMAIL PROTECTED]
> Subject: Memory purchase [7:64605]
>
> Where can I find flash memory for 2500 series routers?
>
> Thanks in advance.
> MF




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64631&t=64605
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: it started out as a really good idea ... [7:64638]

[The Long and Winding Road]

""garrett allen""  wrote in message
news:[EMAIL PROTECTED]
> i have a need for a high availability solution for a default gateway
> configuration.  just finished the ccdp and thought it might be
> interesting to try hsrp on a pair of 2514's.  put some of that theory
> to work.  instead of highly resiliant i've managed to configure it for
> mass failure.  arg.., not exactly what i had in mind.  now, any time i
> take down 1 of the 4 links, the connect between 2 remote hosts dies.
> this is in a lab (production is not a lab, production is not a lab...)
> so it is a mystery i would like to solve, but it is not critical.
>
> here is the basic config (hope it makes it):
>
> pc host 1  -+- e0 router 1, e1 +-  pc host 2
> |  |
> |- e0 router 2, e1 |
>
> the routers act as a default gateway between the internal network
> (represented by pc host 1) and the external world (represented by pc
> host 2).  i have used 10.3 and 10.4 /16 as the addresses for each side
> of the divide.  i want to run hsrp on both sets of router interfaces so
> that in the event a router or an interface fails, the traffic impact is
> minimized.  in the real world pc host 2 will be a firewall and there
> will be other hosts off that segment as well
>
> looks easy.  sounds plausible.  read the cisco docs.  looks like it
> should work.  minimal incantations before tickling the keyboard.  key
> in the configs and it fires up nicely. do the show standby thingee and
> all looks cool.  can ping the 2 stations end to end.  most excellent.
> put a router in debug mode.  when i pull one of the 4 router cables the
> router goes through a state change but no bits make it to the far end.
> not even the shiney ones.  bitstream courtesy of ping.
>
> maybe i misunderstood what hsrp was suppose to do.  the configs are
> below, along with the show standby results.  both are 2514's (2 aui's)
> and both are running 12.2(1d).  probably forgot to put the interface in
> mumble mode or something equally easy.  no laughter, please.


HSRP assumes the ehternet interfaces to be on the same subnet. your ehternet
side is on two different subnets. hence - no failover.

to get this to work using 2514's:


E0--2514_1---E1

E0--2514_2---E1


the e0's on the same subnet, the e1's on the same subnet




>
> thanks in advance.
>
> router 1
> interface Ethernet0
>  ip address 10.3.255.2 255.255.0.0
>  no ip route-cache
>  no ip mroute-cache
>  standby 1 priority 200 preempt
>  standby 1 ip 10.3.0.2
> !
> interface Ethernet1
>  ip address 10.4.254.2 255.255.0.0
>  no ip route-cache
>  no ip mroute-cache
>  standby 2 priority 200 preempt
>  standby 2 ip 10.4.254.10
>
>
> router 2
> interface Ethernet0
>  ip address 10.3.255.1 255.255.0.0
>  no ip route-cache
>  no ip mroute-cache
>  standby 1 priority 225 preempt
>  standby 1 ip 10.3.0.2
> !
> interface Ethernet1
>  ip address 10.4.254.1 255.255.0.0
>  no ip route-cache
>  no ip mroute-cache
>  standby 2 priority 150 preempt
>  standby 2 ip 10.4.254.10
>
> results of show standby
> Router1#show standby
> Ethernet0 - Group 1
>   Local state is Standby, priority 200, may preempt
>   Hellotime 3 holdtime 10
>   Next hello sent in 00:00:00.940
>   Hot standby IP address is 10.3.0.2 configured
>   Active router is 10.3.255.1 expires in 00:00:09, priority 225
>   Standby router is local
>   20 state changes, last state change 00:22:34
> Ethernet1 - Group 2
>   Local state is Active, priority 200, may preempt
>   Hellotime 3 holdtime 10
>   Next hello sent in 00:00:01.676
>   Hot standby IP address is 10.4.254.10 configured
>   Active router is local
>   Standby router is 10.4.254.1 expires in 00:00:08
>   Standby virtual mac address is .0c07.ac02
>   17 state changes, last state change 00:23:26
> Router1#
>
> Router2#show standby
> Ethernet0 - Group 1
>   Local state is Active, priority 225, may preempt
>   Hellotime 3 holdtime 10
>   Next hello sent in 00:00:01.010
>   Hot standby IP address is 10.3.0.2 configured
>   Active router is local
>   Standby router is 10.3.255.2 expires in 00:00:09
>   Standby virtual mac address is .0c07.ac01
>   24 state changes, last state change 00:22:04
> Ethernet1 - Group 2
>   Local state is Standby, priority 150, may preempt
>   Hellotime 3 holdtime 10
>   Next hello sent in 00:00:01.272
>   Hot standby IP address is 10.4.254.10 configured
>   Active router is 10.4.254.2 expires in 00:00:09, priority 200
>   Standby router is local
>   32 state changes, last state change 00:22:25
> Router2#




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64660&t=64638
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: New Voice CCIE [7:64620]

[The Long and Winding Road]

""DAve Diaz""  wrote in message
news:[EMAIL PROTECTED]
> how are you supposed to prepare for this buty all that equipment no thanks
>


there would be a distinct advantage to substantial hands on experience.
maybe this marks the start of the trend away from the "paper" ( some use the
term "lab rat" ) CCIE's of the last couple of years?


>
>
>
>
> >From: "Maurizio Moroni"
> >Reply-To: "Maurizio Moroni"
> >To: [EMAIL PROTECTED]
> >Subject: New Voice CCIE [7:64620]
> >Date: Thu, 6 Mar 2003 16:12:11 GMT
> >
> >Hi Group,
> >
> >I would like to know what's your take on the new CCIE Voice Certification
> >Track
> >(http://www.cisco.com/warp/customer/625/ccie/ccie_program/whatsnew.html)
> >
> >Regards,
> >Maurizio
> _
> MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
> http://join.msn.com/?page=features/virus




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64675&t=64620
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: EIGRP for CCIE Written [7:64707]

[The Long and Winding Road]

""Johan Bornman""  wrote in message
news:[EMAIL PROTECTED]
> Is EIGRP a Hybrid or Distance Vector protocol?
>

Yes.

Cisco docs call it a "hybrid" protocol because it combines some link state
features, yet also has hop count ( distance ) limitations.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64717&t=64707
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: EIGRP for CCIE Written [7:64707]

[The Long and Winding Road]

""MADMAN""  wrote in message
news:[EMAIL PROTECTED]
> speaking of NDA...


if this is a question directly off the CCIE written it deserves to be
revealed and publicly ridiculed  :->


>
>Dave
>
> Reza wrote:
> > Hybrid.
> >
> >
> > ""Johan Bornman""  wrote in message
> > news:[EMAIL PROTECTED]
> >
> >>Is EIGRP a Hybrid or Distance Vector protocol?
> --
> David Madland
> CCIE# 2016
> Sr. Network Engineer
> Qwest Communications
> 612-664-3367
>
> I would rather have a German division in front of me than a French one
> behind me."
> --- General George S. Patton




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64727&t=64707
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: EIGRP for CCIE Written [7:64707]

[The Long and Winding Road]

""Peter van Oene""  wrote in message
news:[EMAIL PROTECTED]
> At 12:11 PM 3/7/2003 +, Johan Bornman wrote:
> >Is EIGRP a Hybrid or Distance Vector protocol?
>
> Cisco calls it Hybrid.  It looks pretty distance vector to me though.

in what way? the hop count is pretty well hidden in the dark interior of the
code. all those cost numbers, the ( also somewhat hidden ) topology table,
and the ( somewaht hidden ) successor table certainly give it the appearance
of link state.

Chuck
who considers all this stuff a kind of magic



>A  hello mechanism and adjacencies does not a link state one make.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64728&t=64707
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: EIGRP for CCIE Written [7:64707]

[The Long and Winding Road]

""John Hutchison""  wrote in message
news:[EMAIL PROTECTED]
> My netacad states:
>
> "Technically, EIGRP is an advanced distance-vector routing protocol that
> relies on features commonly associated with link-state protocols"
>

in none of the Cisco exams I have ever taken has there ever been the more
appropriate answer of "it depends"
:->




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64745&t=64707
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: network design [7:64422]

[The Long and Winding Road]

""Scott Roberts""  wrote in message
news:[EMAIL PROTECTED]
> I guess I'm the only one with the problem of that many then. I'll take
your
> words for it that it works OK, but I still keep thinking back to that one
> study (don't recall its name), and can't help but think effiecency would
go
> by some  noticeable degree. anybody can through switch and hubs around,
> we're supposed to do it right, not just "to get by".
>
> I mean if 700 is ok, then why not 1000? at some point you have to agree
> there is going to be a performance hit. hasn't any manufacturor thought to
> retest this performance issue with the newer equipment?


to bring a bit of real world into this, I am working with a couple of large
organizations, for projects that involve good sized campus switched
networks. Several of my coworkers are involved in similar projects. We are
finding places where there may well be a couple thousand ddevices in a
single broadcast domain. The IT folks in these orgs do know that sometimes
there are problems. However, most also say that in general, they don't have
a great deal of problems.

an apocryhal story, but a couple of years back I interviewed with a large
bank in this area. They were looking for detailed sniffer experience ( which
I did not have ) because, they said, they had as many as 1000 stations on a
segment, and whenever there were network performance issues, they sniffed
like crazy, swapped out any nic that they considered "over the edge" and in
general did everything they could to limit things that might adversely
effect the ability of their users to do what they had to do, much of which
was to get wire ( money ) transfers completed quickly and accurately.

I worked in brokerage a few years. In that business, broadcast IS the
business. About 200 stations in a shared hub domain was too much. Moving
folks to 24 stations on a hub, with the hubs connected to switch ports, was
quite effective. in terms of reduction of performance complaints. I would
never do it this way these days.

As for the manufacturers, all they care about is selling equipment, so of
course they are going to promote thresholds which support the selling of
more equipment.


>
> scott
>
> ""Priscilla Oppenheimer""  wrote in message
> news:[EMAIL PROTECTED]
> > Great answer Chuck. It sounds like you figured out his/her basic needs,
> > though we would need more detail to provide a detailed design, of
course,
> > and payment for design services. :-) Well, actually your idea of asking
a
> > vendor to do an RFP might mean a free design (that would be biased
toward
> > the vendor, of course, but still a good start.)
> >
> > I'm not in disagreement that today 700 nodes in one broadcast domain
might
> > be OK. In other words, I would probably recommend no VLANs as a start.
> VLANs
> > complicate matters. If the network admins are somewhat new to
networking,
> > they should avoid VLANs to start.
> >
> > The reason 700 nodes in one broadcast domain could work is because NICs
> and
> > CPUs are really not bothered by broadcasts like they were in the
> mid-1990s.
> > They are much fast, have better buffers, etc. Some would argue they
never
> > were affected as much as Cisco claimed!
> >
> > I help out once in a while on a city-wide school network with that many
> > nodes in one broadcast domain. It has all the risk factors:
> >
> > Lots of AppleTalk traffic
> > Lots of Novell traffic
> > Lots of NetBIOS traffic
> > Lots of IP traffic
> > Ancient PCs with slow CPUs
> >
> > There are no performance issues.
> >
> > Priscilla
> >
> > The Long and Winding Road wrote:
> > >
> > > ""ferry ferry""  wrote in message
> > > news:[EMAIL PROTECTED]
> > > > I need a scheme of network.It need seven hundreds
> > > points.please give me
> > > some
> > > > advice on how to design it.It include that how to select
> > > network
> > > > product,product configuration.They are seted in a building.It
> > > have twenty
> > > > layers.
> > >
> > >
> > > Let's see if I understand you correctly.
> > >
> > > A company is located in a multistory building. There are 700
> > > users spread
> > > out among 20 floors. So on average there are 35 users per floor.
> > >
> > > I'm going to assume a single data center with your servers and
> > > internet
> > > connection.
> > >
> > > Got fiber running from your data center to the various floors?
> > > How is this
> > > struc

Re: EIGRP for CCIE Written [7:64707]

[The Long and Winding Road]

""MADMAN""  wrote in message
news:[EMAIL PROTECTED]
> I agree 100%, it is ENHANCED, read glorified, IGRP.


the REAL question is "which is better, EIGRP or  L3 switching?"   ;->


>
>Dave
>
> John Neiberger wrote:
> > This really isn't the case.  EIGRP is purely distance vector.  In no way
> > does it behave like a link state protocol.  It establishes neighbor
> > relationships  and it uses hellos, as do OSPF and IS-IS, but those have
> > nothing whatsoever to do with whether protocol is DV or LS.  Some people
> > get hung up on the complex metric, but who says DV protocols have to use
> > only hop count?
> >
> > The actual operation of EIGRP is DV.  There are no LS components to
> > EIGRP.
> >
> > Regards,
> > John
> >
> >
> "Scott Terminiello"  3/7/03 8:28:00
> >>>
> > AM >>>
> > EIGRP is a hybrid.  It can be said that it is a distance vector
> > routing
> > protocol that acts like a link state routing protocol.
> >
> > Scott
> > - Original Message -
> > From: "Johan Bornman"
> > To:
> > Sent: Friday, March 07, 2003 7:11 AM
> > Subject: EIGRP for CCIE Written [7:64707]
> >
> >
> >
> >>Is EIGRP a Hybrid or Distance Vector protocol?
> --
> David Madland
> CCIE# 2016
> Sr. Network Engineer
> Qwest Communications
> 612-664-3367
>
> I would rather have a German division in front of me than a French one
> behind me."
> --- General George S. Patton




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64775&t=64707
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]