Re: Studying Switching [7:75030]
Priscilla, Didn't Radia write a poem that starts something like I have never seen a tree as lovely as a spanning tree? BTW, is it still possible to get a free copy of 802.1s w. I looked on the IEEE site but couldn't find them. Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem Priscilla Oppenheimer wrote: Get a copy of Cisco LAN Switching by Kennedy Clark and Kevin Hamilton. It's right up there with Doyle as one of the best networking books ever written. It makes switching fun again! ;-) It's well written, technicaly accurate and interesting, and it doesn't just throw the latest marketing trends at you with no explanation of their history, like some switching material does. Also, CertificationZone has some good articles and study materials for switching. By the way, switching isn't as dull as it might seem. The spanning tree algorithm can be quite interesting to study. And there are enhancements to it now like 802.1s (multiple spanning trees) and 802.1w (rapid spanning tree protocol). Good luck! Priscilla Oppenheimer Nakul Malik wrote: Hi all, I started off studying routing and found it to be a topic that interested me a lot. I just couldn't get enough of halabi Doyle and the rest. I studied a lot, practiced a lot and was thrilled when I passed the exam in beta. Next I started studying for switching. That didn't turn out as well as I thought it would. I couldn't just work up the same level of interest. I have been analyzing the reasons and have come up with the following: 1. I've never worked with switches much, so I don't know too much about them, as opposed to routers. 2. Study materials. I've been wondering, has anyone else faced similar problems in their quest for CCNP. Also, could someone recommend some good materials/resources for switching other than the official Cisco book? Any/all answers would be appreciated. Thanks. -N -- Nakul Malik H-342 New Rajendra Nagar New Delhi - 110060 Mobile: +91-9811424477 Ph: +91-11- 2582 3488 +91-11- 2585 0155 Fax:: +91-11- 2575 2904 [EMAIL PROTECTED] **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75090t=75030 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Please Help - CIDR - How the bits work [7:75050]
We are now teaching VLSM/CIDR in the CCNA curriculum. Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem Priscilla Oppenheimer wrote: Reimer, Fred wrote: No offense, but this is CCNA material. Do they still teach classful for CCNA, though? Perhaps the only thing that's hard for him is that 192.168.24.0 has a mask of 255.255.255.0 in a classful system. Moving the prefix over to the left of that classful boundary isn't something they teach for CCNA yet. (They will soon. The new Networking Academy books teach it from the start now.) Priscilla If you are going for your CCNP, then you should already have your CCNA and know the answer. But anyway... If you need a network with 400 hosts, the smallest subnet would have a /23 mask. So take the first part of your given network and assign it to that: 192.168.24.0/23 (192.168.24.0-192.168.25.255) Then you need one with 200 hosts. Well, that could fit within a /24 subnet, so assign the next available to that: 192.168.26.0/24 (192.168.26.0-192.168.26.255) Now you only have 192.168.27.0/24 left from the original 192.168.24.0/23 (which covered 192.168.24.0-192.168.27.255). You need two 50's, so that should fit within /26 subnets each. Assign them: 192.168.27.0/26 (192.168.27.0-192.168.27.63) 192.168.27.64/26 (192.168.27.64-192.168.27.191) Finally, you need three subnets that can have two hosts each, which would fit within /30 subnets. So assign: 192.168.27.192/30 192.168.27.196/30 192.168.27.200/30 Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Steven Aiello [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 8:02 AM To: [EMAIL PROTECTED] Subject: Please Help - CIDR - How the bits work [7:75050] I just started my routing class for my CCNP. We are covering CIDR. The book is VEERY vague on how the bit patterns break down and are used. This was a problem posed in one of my CCNP labs I have network number 192.168.24.0 / 22 from this I need networks with 400 hosts 200 hosts 50 hosts 50 hosts 2 hosts (for serial int - no ip un-numbered allowed ) 2 hosts 2 hosts Also no NATing Thanks all I really could use the help Steve **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75118t=75050 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Please Help - CIDR - How the bits work What I figured out [7:75127]
Another way to look at it is that you have one long contiguous line of addresses that you need to break up into different size groups that must also be contiguous. For example: 192.168.1.0 /24 Assume we need three networks (nets ab) with 40 hosts, two networks (nets cd) with 25 hosts, and 3 networks (nets e,f,g) with 12 hosts. Our available subnet area is 192.168.1.0 - 192.168.1.255 Shown graphically (hope this doesn't get munged in transmission; if so copy and paste into word using fixed width and 10). .0 .255 /24: |---| .128 /25: |-|-| .64 .192 /26: |-|---|---|-| (a)( b) .160 .224 /27: |-|---|-|-|--|--| (c) (d) .208 .240 /28: |-|---|-|-|-|||-| (e) (f) (g) From this we can see that Subnet blocks 192.168.1.0 .64 are used for nets a b. Blocks .128 .160 are used for nets c d, while blocks .192, 208 224 are used for nets e, f, g. This leaves one block, .240 for future use or to further subnet for /30's to address serial links. By looking at it visually, there isn't any danger of overlapping previously assigned blocks. It also shows us where supernetting will occur so we can properly assign the blocks for easy aggregation. Since the blocks must be recombined for supernetting in the same manner they were subnetted, we can see that nets a b could be put on one router and we would only advertise a /25 (192.168.1.0) upstream. Likewise, blocks .128 .160 could be on a second router and advertised as a /26 (192.168.1.128). We can also see that we couldn't put nets a-d on the same router and advertise as a /25 because they don't all come from the same /25 block. We would have to use two advertisements, a /25 /26, if they were on the same router. The same method can be used for address ranges that cross octet boundries: 172.16.0.0 /16 0.0 255.255 /16: |---| 128.0 /17: |---|---| and so on. I find showing it visually to my students makes understanding a lot easier. HTH, Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem John Neiberger wrote: The key is that you must completely unlearn classful thinking. Forget that you ever learned it. Completely ignore any prior classful subnet boundaries that you were forced to memorize. It's all just one big IP address space that you choose to carve up any way you like. As long as you do it correctly and don't have any overlap the subnetting scheme is up to you. Another helpful tip: don't ever use classful terminology any more! Don't say Class A to refer to an 8-bit prefix or subnet mask; don't say Class C to refer to a 24-bit mask, or /24. That will help move your brain away from that type of thinking. Think of your address space as a big pie, and each time you cut a segment in half you're adding one more bit to the subnet mask. Here's an example: You start with 10.20.30.0/24 (255.255.255.0) and we'll think of that as a whole pie. You don't need that many addresses in your subnet so you decide to break it up into smaller pieces. What do you do? Cut your pie in half (draw this out, it helps!). Your pie now has two halves and these represent two subnets with /25 masks with no overlap. Let's say you want to further subnet one of those subnets. Cut it in half again! You now have a /25 and two /26s with no overlap. If you further cut one of those /26 subnets into two pieces you have two /27s. See how easy that is? Draw this out on paper and write down your subnet information as you go, like this: 10.20.30.0/24 (10.20.30.0-255) becomes 10.20.30.0/25 (10.20.30.0-127) and 10.20.30.128/25 (10.20.30.128-255) 10.20.30.128/25 further subnetted becomes 10.20.30.128/26 (10.20.30.128-191) and 10.20.30.192/26 (10.20.30.192-255) And so on... practice it this way for a while and after a short time it will be second nature for you to subnet existing networks without accidentally overlapping them. HTH, John Steven Aiello 9/9/03 12:03:06 PM I was stuck on the idea that you could ONLY re subnet a remaining piece of a subnetwork. And not apply a mask to the whole span of the total available network. You can (unless I'm incorrect here) you just have to watch out for address over lap neer your subnetwork boundries. I think I got
Re: Please Help - CIDR - How the bits work What I figured out [7:75129]
Another way to look at it is that you have one long contiguous line of addresses that you need to break up into different size groups that must also be contiguous. For example: 192.168.1.0 /24 Assume we need three networks (nets ab) with 40 hosts, two networks (nets cd) with 25 hosts, and 3 networks (nets e,f,g) with 12 hosts. Our available subnet area is 192.168.1.0 - 192.168.1.255 Shown graphically (hope this doesn't get munged in transmission; if so copy and paste into word using fixed width and 10). .0 .255 /24: |---| .128 /25: |-|-| .64 .192 /26: |-|---|---|-| (a)( b) .160 .224 /27: |-|---|-|-|--|--| (c) (d) .208 .240 /28: |-|---|-|-|-|||-| (e) (f) (g) From this we can see that Subnet blocks 192.168.1.0 .64 are used for nets a b. Blocks .128 .160 are used for nets c d, while blocks .192, 208 224 are used for nets e, f, g. This leaves one block, .240 for future use or to further subnet for /30's to address serial links. By looking at it visually, there isn't any danger of overlapping previously assigned blocks. It also shows us where supernetting will occur so we can properly assign the blocks for easy aggregation. Since the blocks must be recombined for supernetting in the same manner they were subnetted, we can see that nets a b could be put on one router and we would only advertise a /25 (192.168.1.0) upstream. Likewise, blocks .128 .160 could be on a second router and advertised as a /26 (192.168.1.128). We can also see that we couldn't put nets a-d on the same router and advertise as a /25 because they don't all come from the same /25 block. We would have to use two advertisements, a /25 /26, if they were on the same router. The same method can be used for address ranges that cross octet boundries: 172.16.0.0 /16 0.0 255.255 /16: |---| 128.0 /17: |---|---| and so on. I find showing it visually to my students makes understanding a lot easier. HTH, Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem John Neiberger wrote: The key is that you must completely unlearn classful thinking. Forget that you ever learned it. Completely ignore any prior classful subnet boundaries that you were forced to memorize. It's all just one big IP address space that you choose to carve up any way you like. As long as you do it correctly and don't have any overlap the subnetting scheme is up to you. Another helpful tip: don't ever use classful terminology any more! Don't say Class A to refer to an 8-bit prefix or subnet mask; don't say Class C to refer to a 24-bit mask, or /24. That will help move your brain away from that type of thinking. Think of your address space as a big pie, and each time you cut a segment in half you're adding one more bit to the subnet mask. Here's an example: You start with 10.20.30.0/24 (255.255.255.0) and we'll think of that as a whole pie. You don't need that many addresses in your subnet so you decide to break it up into smaller pieces. What do you do? Cut your pie in half (draw this out, it helps!). Your pie now has two halves and these represent two subnets with /25 masks with no overlap. Let's say you want to further subnet one of those subnets. Cut it in half again! You now have a /25 and two /26s with no overlap. If you further cut one of those /26 subnets into two pieces you have two /27s. See how easy that is? Draw this out on paper and write down your subnet information as you go, like this: 10.20.30.0/24 (10.20.30.0-255) becomes 10.20.30.0/25 (10.20.30.0-127) and 10.20.30.128/25 (10.20.30.128-255) 10.20.30.128/25 further subnetted becomes 10.20.30.128/26 (10.20.30.128-191) and 10.20.30.192/26 (10.20.30.192-255) And so on... practice it this way for a while and after a short time it will be second nature for you to subnet existing networks without accidentally overlapping them. HTH, John Steven Aiello 9/9/03 12:03:06 PM I was stuck on the idea that you could ONLY re subnet a remaining piece of a subnetwork. And not apply a mask to the whole span of the total available network. You can (unless I'm incorrect
Re: Please Help - CIDR - How the bits work [7:75050]
No, the new curriculum recognizes the subnet zero command. Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem Daniel Cotts wrote: Tom, In the old CCNA books if a question came up about how many subnets could be formed from a block - the all zeros and all ones subnets were not counted. Does this still hold with the new curriculum? -Original Message- From: Tom Lisa [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 3:54 PM To: [EMAIL PROTECTED] Subject: Re: Please Help - CIDR - How the bits work [7:75050] We are now teaching VLSM/CIDR in the CCNA curriculum. Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75149t=75050 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: in FECN [7:74642]
The FECN bits are getting set, so traffic from the remote router (to your router) is experiencing congestion somewhere within the Frame Relay cloud. There's not really much you or your router can do about it. FECNs are sort of useless since by the time your router sees them the congestion has already occured. The Frame Relay cloud will set the BECN bits in frames traveling to the remote. If THAT router has Frame Relay traffic shaping enabled it may adapt by slowing down the rate at which it sends your router traffic. - Tom On Tue, 02 Sep 2003 06:20:44 -0400, Md Nazri wrote: hi guys, this is the output of my sh frame-relay pvc DLCI = 171, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0.171 input pkts 1435560 output pkts 9358712 in bytes 370699089 out bytes 1069864391 dropped pkts 0 in pkts dropped 0 out pkts dropped 0out bytes dropped 0 in FECN pkts 7738in BECN pkts 56 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 193438 out bcast bytes 12380032 5 minute input rate 2 bits/sec, 7 packets/sec 5 minute output rate 13000 bits/sec, 12 packets/sec pvc create time 1w6d, last time pvc status changed 4d00h what will happen if 'in FECN' is increasing..how do router adapt to it..? thanks GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74662t=74642 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: OT Microsoft worm [7:74045]
Hmmm, are IT Gals also easy to recognize??? Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem Priscilla Oppenheimer wrote: Evans, Timothy R (BearingPoint) wrote: I know of several organizations in the Washington / NoVa / MD area that were effected - the MD Motor Vehicle Administration was offline for quite some time, for example. Sadly - too many people, many who should know better, assumed that as long as the edge was secured than all was good. Unfortunately it only takes one laptop (for ex) to break that theory :). Makes me wonder about people's security policies. Bringing in a laptop that isn't running software approved by IT shouldn't be allowed. This software should include patched OSs, anti-virus, and personal firewall. Of course, enforcing that is difficult. Friday night I was walking by a local bank and noticed that the ligths were still on. I had to chuckle when I looked inside and noticed IT guys hunched over PCs at the tellers' stations. I'm pretty sure I know what they were doing. And yes, IT guys are easy to recognize. You know who you are. :-) Today I went to my favoriate local coffee shop. The public Internet acccess PC was turned off with a sign that said, Not in service due to virus. Bye, bye Miss American Pie. Ah, the day the music died. This blaster thing is yet another wake-up call. The big one is still coming. We are lucky that so far it's been benign tricksters attacking our networks. Sorry for the dire warning, but I truly predict a huge failure at some point. Argh Luckily - this was/is a very sloppy worm: Noisy enough to easily tracedown Poor propogation method Limited vectors of attack No destructive payload (don't get me wrong - having a backdoor is bad, but let's say it wiped data from hardrives 8 hours after infecting them, or performed some other non-randon act of data destruction) ... and, to top it all off, its attempted DoS was to the wrong URL and was easily sidestepped, although some people caused local RST floods on their network by attempting to mitigate it incorrectly :) It's not just Microsoft that has software bugs! Getting the wrong URL was an amazingly stupid bug, but benign. A lot of the infamous worms of the past spread unintentionally like wildfire because of software bugs. Why is software so hard to get right? Well, I know why. But this has gotta change Priscilla Thanks! TJ ... not all windows admin's are incompetent ... and some are network admins as well :) -Original Message- From: Reimer, Fred [mailto:[EMAIL PROTECTED] Sent: Saturday, August 16, 2003 4:23 PM To: [EMAIL PROTECTED] Subject: RE: OT Microsoft worm [7:74045] For reasons of confidentiality I won't and can't name any names, but I am aware of several hospitals that were affected pretty seriously. Everyone here knows that Cisco Call Manager runs on Windows, so imagine what happens to your entire phone infrastructure if you are running VoIP. Network grinds to a halt and admitting can't access the applications to admit people in the ER. Lab orders don't go through, so meds can't be dispersed based on the results of tests. Everything goes back to a paper fall-back scheme until the Windows administrators patch the systems like they should have done weeks ago. So no, don't assume that even large organizations have a handle on things. Especially hospitals which are notoriously on the low end as far as adequately staffing, at the right levels, their IT staff. One thing I sincerely hope is changed in our lexicon is calling Windows administrators network administrators. It makes me physically ill, because those folks don't administer the network, if anything they actually do can be classified as competent administration. They should be called what they are systems administrators, or, if you want to be more specific, Windows administrators. I personally think they deserve a classification of their own. All I can say is that the Windows systems that our group has to use and is responsible for were patched long ago, and did not exhibit any issues. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you
Re: 3500XL - duplicate IP and Windows NT/2000 server [7:73868]
As far as the duplicate MACs go, it sounds like you have a layer-2 loop. Especially considering that all of your servers are experiencing the problem. When they ARP to verify that no other station has their IP, they see their own ARP and assume that another station is doing the same thing. Layer-2 Loops will also cause MACs to appear to be sourced from different switches in the network. Is STP enabled everywhere? Mismatched channelling will also cause the same behavior. Firesox wrote: I have a bunch of 3500XL switches thruout my customer's lan. They are having a problem with unknown mac keep appearing and disappearing from the network. I can trace the mac-address of the unknown station by show mac from the swtich CLI. What's strange is that it appears at one switch, but a minute later it appears in the different switch. what's even more strange is that all NT/2000 servers log shows there is an IP conflict with this mac address. Of course, the servers IP function stops due to this duplicate IP, but comes back in a few minutes. All the servers report the duplicate IP comes from the same mac address. Has anyone seen this problem? Thanks **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73892t=73868 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: 3500XL - duplicate IP and Windows NT/2000 ser [7:73868]
Oops, I read the post as if the MACs were duplicated. I have also come across a situtation where a faulty station (Wyse terminal actually) responded to all ARPs as if it owned the IP. I had an interesting conversation with Wyse support who remained convinced that it was impossible for their terminals to do that, since they weren't programmed that way. The fact that I had a packet capture of it happening didn't even phase them! I ended up tracing down the Wyse terminal via its MAC (it wasn't changing ports as described in the original post) and replaced it. Windows computers use ARPs to detect duplicate IPs. Perhaps something similar is happening? It could also be a Proxy ARP issue. Zsombor Papp wrote: There are duplicate IP addresses, not duplicate MACs. And all the duplicate IP addresses come from the same MAC address, as if a single machine had suddenly all the IP addresses configured on the same interface. I don't see how this can be attributed to a L2 loop. Firesox, what is this phantom MAC address? Thanks, Zsombor **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73912t=73868 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Back to Back Routers [7:73897]
Keep in mind that neither the 1601 or the 2509 are beefy routers. You may be hitting a practical limitation. You may want to verify that CEF is enabled (or at least fast switching if CEF isn't supported). How does your router CPU utilization look? Paul Carter wrote: I have a 1601 router and a 2509 to practice with. I've connected them with a DCE/DTE cable off the s0 ports on each router and set a clock rate on the DCE end, the 1601. On Sundays I can use a fiber connection with this setup. I have this coming in the e0 on the 1601. The E0 on the 2509 is crossover cabled to a PC. 10Mbps in at switch(10.140.240.1/30) --- (10.140.240.2/30) e0-1601 / s0-1601(172.16.96.1/30) --- (172.16.96.2/30)s0-2509 / e0-2509(10.140.240.161/27) (10.140.240.162/27)PC 10.140.240.160 is my inside network My problem seems to be a lack of bandwidth to the PC end. At speed test sites on the net I'm only getting about 1.6 Mbps. I think I may be bottlenecked somewhere in the router back to back setup. The configs are close to what they were originally set up as to keep my boss happy in case he needs one in a hurry. I've changed the addresses to similar types of networks but private numbers. The ethernet ports are ARPA and the serial ports HDLC. I've set bandwidth to 1Kbps at each port. I originally had the clock rate at 64000 but didn't know if that was a bottleneck. -- Router1601#sh run Current configuration: ! version 11.2(not enough memory to upgrade) service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption no service udp-small-servers no service tcp-small-servers ! hostname 1601 ! boot system flash enable secret 5 enable password 7 ! ip subnet-zero clock timezone PST -8 clock summer-time pdt recurring ! interface Ethernet0 description E0 10Mbps connection to Fiber ip address 10.140.240.2 255.255.255.252 media-type 10BaseT no cdp enable ! interface Serial0 description S0 to 2509 S0 ip address 172.16.96.1 255.255.255.252 bandwidth 1 clockrate 400 ! no ip classless ip route 0.0.0.0 0.0.0.0 64.240.140.1 ip route 10.140.240.160 255.255.255.224 172.16.96.2 logging buffered 4096 debugging snmp-server community RO ! snip Banner stuff ! end Router2509#sh run Current configuration : 2227 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service udp-small-servers service tcp-small-servers ! hostname Router2509 ! boot system flash enable password 7 ! ! clock timezone PST -8 clock summer-time pdt recurring ip subnet-zero ! interface Ethernet0 description to LAN ip address 10.140.240.161 255.255.255.224 ! interface Serial0 bandwidth 1 ip address 172.16.96.2 255.255.255.252 no fair-queue ! interface Serial1 no ip address shutdown ! no ip classless ip route 0.0.0.0 0.0.0.0 172.16.96.1 ip route 10.140.240.160 255.255.255.224 10.140.240.162 no ip http server ! end Any ideas? ... ... PC **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73947t=73897 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Back to Back Routers [7:73897]
Keep in mind that neither the 1601 or the 2509 are beefy routers. You may be hitting a practical limitation. You may want to verify that CEF is enabled (or at least fast switching if CEF isn't supported). How does your router CPU utilization look? Paul Carter wrote: I have a 1601 router and a 2509 to practice with. I've connected them with a DCE/DTE cable off the s0 ports on each router and set a clock rate on the DCE end, the 1601. On Sundays I can use a fiber connection with this setup. I have this coming in the e0 on the 1601. The E0 on the 2509 is crossover cabled to a PC. 10Mbps in at switch(10.140.240.1/30) --- (10.140.240.2/30) e0-1601 / s0-1601(172.16.96.1/30) --- (172.16.96.2/30)s0-2509 / e0-2509(10.140.240.161/27) (10.140.240.162/27)PC 10.140.240.160 is my inside network My problem seems to be a lack of bandwidth to the PC end. At speed test sites on the net I'm only getting about 1.6 Mbps. I think I may be bottlenecked somewhere in the router back to back setup. The configs are close to what they were originally set up as to keep my boss happy in case he needs one in a hurry. I've changed the addresses to similar types of networks but private numbers. The ethernet ports are ARPA and the serial ports HDLC. I've set bandwidth to 1Kbps at each port. I originally had the clock rate at 64000 but didn't know if that was a bottleneck. -- Router1601#sh run Current configuration: ! version 11.2(not enough memory to upgrade) service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption no service udp-small-servers no service tcp-small-servers ! hostname 1601 ! boot system flash enable secret 5 enable password 7 ! ip subnet-zero clock timezone PST -8 clock summer-time pdt recurring ! interface Ethernet0 description E0 10Mbps connection to Fiber ip address 10.140.240.2 255.255.255.252 media-type 10BaseT no cdp enable ! interface Serial0 description S0 to 2509 S0 ip address 172.16.96.1 255.255.255.252 bandwidth 1 clockrate 400 ! no ip classless ip route 0.0.0.0 0.0.0.0 64.240.140.1 ip route 10.140.240.160 255.255.255.224 172.16.96.2 logging buffered 4096 debugging snmp-server community RO ! snip Banner stuff ! end Router2509#sh run Current configuration : 2227 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service udp-small-servers service tcp-small-servers ! hostname Router2509 ! boot system flash enable password 7 ! ! clock timezone PST -8 clock summer-time pdt recurring ip subnet-zero ! interface Ethernet0 description to LAN ip address 10.140.240.161 255.255.255.224 ! interface Serial0 bandwidth 1 ip address 172.16.96.2 255.255.255.252 no fair-queue ! interface Serial1 no ip address shutdown ! no ip classless ip route 0.0.0.0 0.0.0.0 172.16.96.1 ip route 10.140.240.160 255.255.255.224 10.140.240.162 no ip http server ! end Any ideas? ... ... PC **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73913t=73897 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: FW: Has anyone configured a US Robotics Courier ISDN modem [7:73362]
Try sh isdn history or debug dialer. Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem [EMAIL PROTECTED] wrote: I have sorted this out..it is now working. Is there a command in ISDN to view the number dialled? I have connected an analogue telephone to the isdn modem and am using it of the isdn line. Is there a command for me to view the number I dialled and the statistics? My Router is a 2600 with isdn ports and 1 ethernet. Tx Pooven -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 01 August 2003 09:58 AM To: [EMAIL PROTECTED] Subject: Has anyone configured a US Robotics Courier ISDN modem [7:7] Hi All, Has anyone configured a USRobotics courier ISDN/v.34 modem? I managed to install the correct drivers and have done the test through the USRobotics Courier I-modem Configuration Manager which results in a successful check on the line to the ISDN 2600 router.However when I dial to the router it errors with Error678 the remote computer did not respond. Has anyone has any ideas on this ISDN modem as I suspest that some configuration on the modem is wrong. Pooven Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73362t=73362 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com
Re: FW: Has anyone configured a US Robotics Courier ISDN modem [7:73393]
Try sh isdn history or debug dialer. Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem [EMAIL PROTECTED] wrote: I have sorted this out..it is now working. Is there a command in ISDN to view the number dialled? I have connected an analogue telephone to the isdn modem and am using it of the isdn line. Is there a command for me to view the number I dialled and the statistics? My Router is a 2600 with isdn ports and 1 ethernet. Tx Pooven -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 01 August 2003 09:58 AM To: [EMAIL PROTECTED] Subject: Has anyone configured a US Robotics Courier ISDN modem [7:7] Hi All, Has anyone configured a USRobotics courier ISDN/v.34 modem? I managed to install the correct drivers and have done the test through the USRobotics Courier I-modem Configuration Manager which results in a successful check on the line to the ISDN 2600 router.However when I dial to the router it errors with Error678 the remote computer did not respond. Has anyone has any ideas on this ISDN modem as I suspest that some configuration on the modem is wrong. Pooven **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73393t=73393 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Gigabit Copper Switch [7:73116]
Don't forget that you are still limited by the Cross-stack maximum speed. You won't be able to get 90-Gbps across the 32-Gbps stack backplane. Ismail Al-Shelh wrote: Hi chuck, I think they cisco mentioned it officially , yesterday I read some documents about the 3750 , and I found that you can take for example 3 port from the first switch and 4 ports from the second one and as much as you can take from the other stacked switch and bundle them in a way they will act as a single port, this is amaze I was thinking with myself that if I have 9 switches stackable then I can bundle 5 ports from each switch , 5 x 9 = 45 ports then the speed will be 45 Gig * 2 (full duplex) = 90 Gig , wow. Here is what was written Cross-Stack EtherChannel Connections Because all the ports in a stack behave as one logical unit, EtherChannel technology can operate across multiple,physical devices in the stack. Cisco IOS Software can aggregate up to eight separate physical ports from any switches in the stack into one logical channel uplink. Up to 12 EtherChannel groups are supported on a stack. Refer to http://www.cisco.com/application/pdf/en/us/guest/products/ps5023/c1244/ccmig ration_09186a008017b238.pdf Ismail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73243t=73116 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What protocol win? [7:73152]
Pichit, Both routing protocols will learn about the networks. Neither routing protocol will be responsible for placing the routes in the routers routing table -- the administrative distances of the routing protocols are both higher than the administrative distance of a directly connected interface. The networks will be in the routing table because they are directly connected, not because they are known via OSPF or BGP. - Tom Pichit Ruangroj wrote: Hi guys, I've a question to ask. Follow the config show below. What routing protocol are supposed to put the route 203.113.38.0 , 203.113.39.0 and 203.113.94.175 into the table? Shall it be OSPF or BGP? Pichit Config === interface GigabitEthernet0/0/0 ip address 203.113.38.241 255.255.255.0 interface GigabitEthernet8/0/0 ip address 203.113.39.241 255.255.255.0 interface Loopback0 ip address 203.113.94.175 255.255.255.255 router ospf 100 router-id 203.113.94.175 log-adjacency-changes redistribute static subnets network 203.113.38.0 0.0.0.255 area 0 network 203.113.39.0 0.0.0.255 area 0 network 203.113.94.175 0.0.0.0 area 0 maximum-paths 6 ! router bgp 9737 no synchronization bgp router-id 203.113.94.175 bgp log-neighbor-changes redistribute connected neighbor 203.113.94.182 remote-as 9737 neighbor 203.113.94.182 update-source Loopback0 neighbor 203.113.94.183 remote-as 9737 neighbor 203.113.94.183 update-source Loopback0 no auto-summary ! = show ip route === lty_vpngw_01#sh ip route 203.113.38.0 Routing entry for 203.113.38.0/24 Known via connected, distance 0, metric 0 (connected, via interface) Redistributing via bgp 9737 Advertised by bgp 9737 Routing Descriptor Blocks: * directly connected, via GigabitEthernet0/0/0 Route metric is 0, traffic share count is 1 lty_vpngw_01#sh ip route 203.113.39.0 Routing entry for 203.113.39.0/24 Known via connected, distance 0, metric 0 (connected, via interface) Redistributing via bgp 9737 Advertised by bgp 9737 Routing Descriptor Blocks: * directly connected, via GigabitEthernet8/0/0 Route metric is 0, traffic share count is 1 lty_vpngw_01#sh ip route 203.113.94.175 Routing entry for 203.113.94.175/32 Known via connected, distance 0, metric 0 (connected, via interface) Redistributing via bgp 9737 Advertised by bgp 9737 Routing Descriptor Blocks: * directly connected, via Loopback0 Route metric is 0, traffic share count is 1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73164t=73152 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco menu logins [7:72931]
A couple of days ago I came across a new (to me anyway) Cisco feature, menus. So naturally I configured a router with menus to see how it works... Everything seems to work fine, except the login option. When Telneting to this router, I use the username and password as specified within the configuration file (attached in its entirety at the end of this post). Note: The login authentication default command isn't under the line configuration because it's default. After logging in the menu immediately appears as expected. All of the menu options work, but when I choose option 3 (which requires a second authentication), the command never runs! Here is an example where I re-authenticate properly: ... text omitted ... 9 Sign off Enter your selection, HUMAN: 3 Login required User Access Verification Username: fry Password: --More-- Welcome to my Cisco router All your base are belong to us. ... text omitted ... Here is the output when I do not authenticate properly ... text omitted ... 9 Sign off Enter your selection, HUMAN: 3 Login required User Access Verification Username: alsdkfj;alsdkfj Password: % Authentication failed. --More-- Welcome to my Cisco router All your base are belong to us. ... text omitted ... Has anyone ever successfully configured menus with a secondary authentication? Any ideas??? - Tom Full router configuration - Current configuration : 1593 bytes ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Rtr-3 ! logging queue-limit 100 enable secret 5 $1$F30N$HeewMLSkB0BkSZWKFr9BP1 ! username fry password 0 guy aaa new-model ! ! aaa authentication login default local aaa session-id common ip subnet-zero ! ! no ip domain lookup ! mpls ldp logging neighbor-changes ! ! ! ! ! ! ! ! ! no voice hpi capture buffer no voice hpi capture destination ! ! mta receive maximum-recipients 0 ! ! ! ! interface Loopback0 ip address 1.0.0.1 255.255.255.0 ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface Serial0/0 no ip address shutdown ! interface FastEthernet0/1 ip address dhcp duplex auto speed auto ! interface Serial0/1 no ip address shutdown ! ip http server ip classless ! ! ! ! menu TEST title ^C Welcome to my Cisco router All your base are belong to us. ^C menu TEST prompt ^C Enter your selection, HUMAN: ^C menu TEST text 1 Show IP routing stuff menu TEST command 1 show ip route menu TEST text 2 Show IP protocol info menu TEST command 2 show ip protocol menu TEST text 3 Show the time menu TEST command 3 show clock menu TEST options 3 login menu TEST command bye menu-exit menu TEST text 9 Sign off menu TEST command 9 exit menu TEST line-mode ! ! radius-server authorization permit missing Service-Type call rsvp-sync ! ! mgcp profile default ! dial-peer cor custom ! ! ! ! line con 0 logging synchronous line aux 0 line vty 0 4 autocommand menu TEST ! ! end Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72931t=72931 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco menu logins [7:72931]
But I should keep the All your base are belong to us line in there??? :) It's a lab router! - Tom Reimer, Fred wrote: If you use this in production you probably don't want to put Welcome in there. Plenty of note in Cisco course material on why not... Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Tom Martin [mailto:[EMAIL PROTECTED] Sent: Thursday, July 24, 2003 9:47 AM To: [EMAIL PROTECTED] Subject: Cisco menu logins [7:72931] A couple of days ago I came across a new (to me anyway) Cisco feature, menus. So naturally I configured a router with menus to see how it works... Everything seems to work fine, except the login option. When Telneting to this router, I use the username and password as specified within the configuration file (attached in its entirety at the end of this post). Note: The login authentication default command isn't under the line configuration because it's default. After logging in the menu immediately appears as expected. All of the menu options work, but when I choose option 3 (which requires a second authentication), the command never runs! Here is an example where I re-authenticate properly: ... text omitted ... 9 Sign off Enter your selection, HUMAN: 3 Login required User Access Verification Username: fry Password: --More-- Welcome to my Cisco router All your base are belong to us. ... text omitted ... Here is the output when I do not authenticate properly ... text omitted ... 9 Sign off Enter your selection, HUMAN: 3 Login required User Access Verification Username: alsdkfj;alsdkfj Password: % Authentication failed. --More-- Welcome to my Cisco router All your base are belong to us. ... text omitted ... Has anyone ever successfully configured menus with a secondary authentication? Any ideas??? - Tom Full router configuration - Current configuration : 1593 bytes ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Rtr-3 ! logging queue-limit 100 enable secret 5 $1$F30N$HeewMLSkB0BkSZWKFr9BP1 ! username fry password 0 guy aaa new-model ! ! aaa authentication login default local aaa session-id common ip subnet-zero ! ! no ip domain lookup ! mpls ldp logging neighbor-changes ! ! ! ! ! ! ! ! ! no voice hpi capture buffer no voice hpi capture destination ! ! mta receive maximum-recipients 0 ! ! ! ! interface Loopback0 ip address 1.0.0.1 255.255.255.0 ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface Serial0/0 no ip address shutdown ! interface FastEthernet0/1 ip address dhcp duplex auto speed auto ! interface Serial0/1 no ip address shutdown ! ip http server ip classless ! ! ! ! menu TEST title ^C Welcome to my Cisco router All your base are belong to us. ^C menu TEST prompt ^C Enter your selection, HUMAN: ^C menu TEST text 1 Show IP routing stuff menu TEST command 1 show ip route menu TEST text 2 Show IP protocol info menu TEST command 2 show ip protocol menu TEST text 3 Show the time menu TEST command 3 show clock menu TEST options 3 login menu TEST command bye menu-exit menu TEST text 9 Sign off menu TEST command 9 exit menu TEST line-mode ! ! radius-server authorization permit missing Service-Type call rsvp-sync ! ! mgcp profile default ! dial-peer cor custom ! ! ! ! line con 0 logging synchronous line aux 0 line vty 0 4 autocommand menu TEST ! ! end Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72942t=72931 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: certification expire [7:72786]
You can continue to complete your CCNP exams, but you will not be CCNP certified until you recertify your CCNA. Normally, successfully completing a higher level exam would recertify your lower level certification. However, if it has already expired then you must take that recert exam. If you have any other questions you can contact Cisco at: www.cisco.com/go/certsupport HTH, Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem Justin Vo wrote: Dear All, I would like to know what happen if my CCNA expire but i have two passed exams of the CCNP. Do you loose all these exams and redo the whole thing ? or can I continue with the CCNP once I redo my CCNA exam ? or even if you know any email of cisco that I can ask this question is also good. Much appreciate. Justin Vo [EMAIL PROTECTED] [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72815t=72786 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Starting off towards a CCNP [7:72734]
In the Academy program we offer BSCI first then follow with BCRAN , BCMSN and finish with the CIT course. The new CIT exam, when released, is supposed to kick the difficulty level up a couple of notches. HTH, Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem [EMAIL PROTECTED] wrote: hi ppl, Im planning to start on my ccnp--- first step joined groupstudy (as i did for my ccna ;-) ). Just have a few queries regarding the certification. 1. I have the CCNP materials dated 2000. do they still hold good for the current certifications? 2. Im planning to start of with the BCRAN certification first. Any opinions on that? thanks in advance... regards, aj [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72742t=72734 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ODR, was RE: CCDA: changes in syllabus. [7:72380]
John, I have come across ODR in production a couple of times. Up until recently I had thought that ODR worked quite well for hub and spoke topologies... My most recent involvement with ODR occurred when replacing a 2621 with a 3745, which was the hub of the hub-and-spoke topology. I quickly learned that the 3745 doesn't enable CDP by default. I was also reminded that Cisco doesn't save configuration commands that are considered default... What ended up happening was CDP was not enabled by default and when I enabled it (cdp run) the command wouldn't save because it was considered a default command! Each time the router booted CDP was disabled again! I recommend to everyone that ODR not be used in a Cisco production environment. You never know when an IOS (platform?) bug will render your WAN unusable! - Tom John Neiberger wrote: I've never heard of anyone using ODR. Anyone here know of anyone using ODR in a production environment? Are there any environments where ODR is recommended over other options? John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72693t=72380 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Why ppp encaps at physical as well as dialer int? [7:72440]
Greg, The configuration on the dialer interface is used when making outbound calls. When an incoming call comes in, it isn't associated with a specific dialer interface. If you don't specify the encapsulation on the interface any incoming calls will be treated as HDLC. - Tom Greg Kirkness wrote: Subject pretty much says it all. Why is ppp encaps specified at the dialer interface as well as on the physical? Where are the LCP extensions available? Cheers Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72694t=72440 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help PLEASE FAST [7:72603]
Describe how your clients lose their network connection. Do IP pings fail? Does DNS lookups fail (say, pinging www.google.com)? Do server shares become unreachable? Is network neighborhood not working? It also would be very helpful to get a network capture during the problem. If you don't already have a favorite, check out www.ethereal.com. - Tom E. Keith J. wrote: Hi all HELP! The clients on my network seem to be loosing their connection to the network for no apparent reason. we have a main office and a spoke location running over vpn. The problem seems to be at main office because it happens here and was happening before the other location came on-line. There are some internal DNS issues also. I haven't determined if they are related but is happening at both locations now. it is a AD domain and the other site is part of the domain. I need help in getting this resolved soon. I will try to answer any questions as best I can. I know this may not be Cisco issue but I do have Cisco products and this is the best list of people with experience will all types of problems that I know. I know of none better. I know someone here has had this issue before, and can help me. I just hope they read this email soon. A reboot of the machine seems to fix the problem. Lease time is 24 hours. DHCP is being used. I need to resolve this soon as it is a critical situation. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72701t=72603 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How do I check if load balancing works ? Catalyst 2900 and [7:72700]
Chris, Since you are choosing the link based on MAC addresses and only one switch LED is blinking, is your test traffic to stations located across a router? The router will obviously have a single MAC address, so EtherChannel based on MACs will use only a single link. Perhaps you should change to IP balancing. Regarless of whether you use MAC or IP balancing, make sure that your test includes multiple destinations or you will only ever use one link! - Tom Chris wrote: Hi everybody I have a Compaq server with 2 NC3121 cards. According with the docs, the card supports Fast Etherchannel static configuration (ON). I couldn't find a procedure to set up Fast Etherchannel for the network card so I did what I thought it was better. I selected the following : Teaming control =Load balancing Load balancing options: --- [x]Switch assisted load balancing [ ]Transmit load balancing --- [x ]Balance with MAC addresses [ ]Balance with IP addresses --- On the switch side I set up the following: interface Port-channel no ip address flowcontrol send off ! interface FastEthernet0/1 no ip address channel-group 1 mode on ! interface FastEthernet0/2 no ip address channel-group 1 mode on Everything looks fine, the redundancy works but how can I see if it works ? I mean the load balancing. I don't know the SNMP OID to monitor that interface. Judging by the blinking lights it works only on one interface. I made the tests selecting different classes of IPs (10 mod 2 and 10 mod 5) for transmission on the server side I set up the switch on source balancing. Not very sure that both MAC aren't in the same class (MAC) mod 2. The 'show int' command shows me load only on the first interface of the channel. The 'debug etherchanel' shows that the switch senses the disconnecting of the interfaces (if I test this). Any clue ? Thank you Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72700t=72700 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 1601 flash card. [7:72560]
Johan, Sure! Linux has the ability to read and write various flash types and formats. I did something very similar a while back, albeit not with a 1600. There's a really good chance that your Linux system will pick up the flash, but not necessarily out-of-the-box. I had to recompile my kernel before I could read flash cards... Once the flash is recognized you may be able to mount the flash (if the filesystem is supported by the kernel). If not, and it probably won't be, perform a dd to image the flash card to a file -- it will be much easier and faster to work from. If the format is proprietary, and honestly I have no idea what format is used by the 1600 series, then you might have to write a standalone interpreter for it. I've had to do this with some old CP/M images. Although it's not terribly difficult it does require a programming background. If you just want to be able to read and write files using your notebook and don't care about being able to use them in your 1600 then things are a bit easier. You'll still have to know a thing or two about Linux though. - Tom Johan Bornman wrote: Can this type of flash card be installed in a notebook PCMCIA slot to copy files? This e-mail may contain confidential information and may be legally privileged and is intended only for the person to whom it is addressed. If you are not the intended recipient, you are notified that you may not use, distribute or copy this document in any manner whatsoever. Kindly also notify the sender immediately by telephone, and delete the e-mail. When addressed to clients of the company from where this e-mail originates (the sending company ) any opinion or advice contained in this e-mail is subject to the terms and conditions expressed in any applicable terms of business or client engagement letter . The sending company does not accept liability for any damage, loss or expense arising from this e-mail and/or from the accessing of any files attached to this e-mail. At present, the integrity of e-mail across the Internet cannot be guaranteed and messages sent via this medium are potentially at risk. The recipient should scan any attached files for viruses. All liability arising as a result of the use of this medium to transmit information by or to e-Innovation is excluded to the extent permitted by law. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72705t=72560 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Late Friday Funnies [7:72614]
Let me apologise in advance for this one. I just couldn't resist. These friars were behind on their belfry payments, so they opened up a small florist shop to raise funds. Since everyone prefered to buy flowers from the men of God, a rival florist across town thought the competition was unfair. He asked the good fathers to close down, but they would not. He went back and begged the friars to close. They ignored him. So, the rival florist hired Hugh MacTaggart, the roughest and most vicious thug in town to persuade them to close. Hugh broke their windows and trashed their store, saying he'd be back if they didn't close up shop. Terrified, they did so, thereby proving that , Hugh, and only Hugh, can prevent florist friars. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72614t=72614 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: cisco IOS [7:72454]
KW S, You need to obtain Smartnet on the routers. Once you do you will get a CCO and download access. Contact your local Cisco partner for more information: http://tools.cisco.com/WWChannels/LOCATR/jsp/partner_locator.jsp - Tom KW S wrote: Dear all Does anyone know where I can download cisco IOS. I am not a cco member and therefore unable to access the cisco cco site. I just bought 2 used cisco 2501 and I want to upgrade the IOS to a more up to date version. Does ver 12.0 works on a 2501 ? what is the requirement to run ios ver 12.0 ? Regards, kws Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72491t=72454 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Static Routes and Administrative Distance [7:72495]
John, The behavior changed with the IOS releases. Newer IOS releases with static routes pointing to an interface will have an administrative distance of 1, not 0. Older versions will have an administrative distance of 0. Unfortunately I do not know the exact release in which the behavior changed. The term myth is too strong and it's possible that the people that haven't worked with the older IOSs do not realize that this behavior was once different. This is the output from one of my routers running 12.2(15)T: Lab#show ip route 10.1.1.0 Routing entry for 10.1.1.0/24 Known via static, distance 1, metric 0 (connected) Routing Descriptor Blocks: * directly connected, via Serial0 Route metric is 0, traffic share count is 1 As far as I know, certification study materials still expect you to think that a static route to an interface has an AD of 0. - Tom John Neiberger wrote: I accidentally deleted the posting about this but I wanted to make a point. It's been said that a static route has an AD of 1 unless it points directly out an interface, in which case it has an AD of 0. Sasa just mentioned that this has been discussed in the past and is a myth. However, I'd like to agree with the 'myth'. A directly connected route has an AD of 0. If you create a static route pointing directly out an interface, that route will show up as directly connected in the routing table, and would therefore have an AD of 0. In fact, if you look at a static route you'll see the usual [AD/metric] listed as [1/0]. However, if you look at a static route pointing out an interface this is missing. This is because the router treats that route as if it were directly connected to the interface. If I'm wrong about this--and I certainly might be--please let me know where my reasoning is incorrect. Regards, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72501t=72495 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Standard ACLs and distribute-list [7:72253]
Fred, If the access-list were applied as an inbound or outbound interface filter, it would match a single host. Since the access-list is being applied using a distribution list it doesn't match just a single host -- it matches the network 131.108.0.0 and must match every bit exactly. It wouldn't hurt to have access-list 1 permit 131.108.0.0 0.0.255.255, which also matches 131.108.0.0. But in theory it could also allow other networks to be advertised (such as 131.108.1.0, 131.108.2.0, etc). Since you're running RIP I this wouldn't be an issue, but personally I think having the specific host match is cleaner. Remember that the wildcard only specifies which bits must be an exact match and which bits are wild. Using the host keyword (or wildcard 0.0.0.0) does not necessarily imply that you are matching a host, it just means that every bit must match! Cisco's documentation was not wrong. - Tom Reimer, Fred wrote: Here's what should be a simple question. If standard access lists are used with a distribute list, how is the mask treated if none is specified in an ACE? The Cisco documentation says: The following router configuration mode example causes only one network (network 131.108.0.0) to be advertised by a RIP routing process: access-list 1 permit 131.108.0.0 access-list 1 deny 0.0.0.0 255.255.255.255 router rip network 131.108.0.0 distribute-list 1 out I asked one of the mentors at KnowledgeNet, and they said: That is not a network, 131.108.0.0. It is a host. You must add the wildcard mask to make it a network address. Sorry, but the Cisco doc is incorrect. So, the entry in the routing table is 131.108.0.0/16, yet Cisco documentation says that a ACE entry of 131.108.0.0 with no wildcard specified, would match. How, exactly, does IOS match routing entries when using a standard ACL in a distribute list? Does it consider any ACEs without a mask to have a normal classful mask? Like 131.108.0.0 would have a mask of /16, and 192.168.1.0 would have a mask of /24? Another example in the IOS 12.2 docs is: In the following example, access list 1 is applied to outgoing routing updates, and Intermediate Sytem-to-Intermediate System (IS-IS) is enabled on Ethernet interface 0. Only network 131.131.101.0 will be advertised in outgoing IS-IS routing updates. router isis redistribute ospf 109 distribute-list 1 out interface Ethernet 0 ip router isis access-list 1 permit 131.131.101.0 0.0.0.255 So, it would appear that if you don't want the classful mask to be used (when none is specified in the ACE) then you need to include wildcard bits. Thanks, Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72293t=72253 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Standard ACLs and distribute-list [7:72253]
Comments are inline. Reimer, Fred wrote: So would it match a network of 131.108.0.0/24? From what Cisco says, that it matches the classful mask if none is specified, it should not match. From what you say it sounds like you think it would match. An access-list with wildcards (131.108.0.0 0.0.255.255) would match 131.108.0.0/16, 131.108.0.0/24 and 131.108.1.0/24. The fact that there is a 24-bit prefix on some of these networks doesn't really matter, only the network bits are being matched. I don't think wildcard bits are real wildcard bits when used in a distribute list. I think they are used to match the prefix of the route in the routing table. Your theory about 131.108.0.0 0.0.255.255 possibly matching other networks, such as 131.108.1.0/24 (presumably /24) and 131.108.2.0/24 is an interesting theory, but I'd like to know the facts. I don't have time to test this at the moment myself, but I certainly will once we get our CCIE lab up and running. Wildcard bits are real wildcard bits even in distribute lists. If you want to permit/deny based on prefix length you need to use a prefix-list instead of an IP access-list so that you can match on both the network and prefix length. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72310t=72253 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What Hardware do I need? [7:71712]
Justin, The lab I use is at work, and I need remote access to it to do labs at home. I use a Linux PC with a Moxa PCI serial port card (8 serial ports). With the 2 built-in serial ports, I can connect to 10 Cisco devices. I have users set up so that when user R1 logs in via SSH the console window immediately appears... I looked around and found it to be much more cost effective than purchasing a used 2509, as well as far more functional since it also serves as a source of traffic. I also have home-grown scripts to automate the downloading and archiving of router configs/network topology which is nice. Anyway, that's what worked for me. - Tom Justin Clark wrote: I currently have 3 2501 routers and a 1924 switch. I use them as a study lab but when I'm not using it, it just sits there. I'm trying to find out what is the least expensive way to share those to the internet. I want to be able to give access to one IP that a person can telnet to and then console out to the 4 devices. What do i need to do this? Console server, terminal server, what? Preferably I would like it to be a seperate piece of hardware so i can just leave the cisco hardware on and no need a computer to run it all. Also, keep in mind, i'm just doing this some someone else can get use out of them when I'm not using them so i really dont want to spend a lot of money to get this up and running. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72006t=71712 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco catalyst 3548 and Radius [7:71991]
Robert, Kind of annoying isn't it? I looked a while ago and the short answer was it's not there and you can't do it. Some quick checking on Cisco's site showed that they might finally have released it in newer code though: http://www.cisco.com/en/US/partner/products/hw/switches/ps637/prod_release_note09186a00800c8102.html#xtocid17 The release notes are for 12.0(5)WC5a, which might not even be the latest. Perhaps you just need to update your software? - Tom Robert Perez wrote: Hi all, I am configuring Radius on a cat 3548 and I do not have the global config radius command available. Anyone know what the commands ought to be to create a server, key, etc.. Normally it is Radius-server key, radius-server host.. Can't figure it out.. I have IOS 12.0(5.2)XU Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72009t=71991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Quoting in Replies [7:71366]
Oh dear, first I'm threatened with an attorney and now The Howard has threatened me with Deanna's mom. It is indeed time to cease and desist. I'll be good now. Worf the Contrite Howard C. Berkowitz wrote: Need I have Lxwana talk to both of you? At 11:57 PM + 7/2/03, Tom Lisa wrote: Puny Marvin, It is appropriate that you ended you last sentence with I'm afraid. You should be afraid, very afraid!!! I have the new and improved, ultra special, galaxy class disrupter. I say pshaw to your lowly Q-36. This will be my last statement on this as I must return to annihilating useless redundant posts on the associate list! HAHAHAHAHA No regards, Worf the Merciless Moderator John Neiberger wrote: Worf the Moderator dares challenge Marvin the Moderator?? My Illudium Q-36 Explosive Space Modulator can easily disrupt your puny Klingon Disrupter Ray! Your threat forces me to take drastic action and I'm going to have to blow up your entire planet, I'm afraid. Kind regards, Marvin Tom Lisa 7/2/03 12:56:58 AM Stop this thread immediately or I will be forced to annihilate all of you with my Anti-Proton Sub-Space Internet Disrupter Ray! Worf Wilmes, Rusty wrote: According article 4 section 10 subsect ym, of the Charter Of Interspatially Recognized Internet Keyword Search Lookup People, use of illudium, in either a peaceful or dastardly fasion, is punishable by Death Ray. Ming The Merciless -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 01, 2003 3:51 PM To: [EMAIL PROTECTED] Subject: Re: Quoting in Replies [7:71366] Cosmic ray machines are a violation of the GroupStudy TOS. Please discontinue the use of such devices. Failure to comply will result in retaliation with an Illudium Q-36 Explosive Space Modulator. Your compliance is appreciated, Marvin David Cooper 7/1/03 4:30:09 PM On Tuesday 01 July 2003 15:29, Jamie Johnson wrote: Cool! My cosmic ray machine must be working. Better put on your tinfoil hats. From: Recent escapee from the ex-dot.commer insane asylum John Neiberger wrote: - jvd 7/1/03 12:32:02 PM Hi my Quote button disappeared! No serious, there used to be a quote button next to my Post button but now it's gone. I refreshed the page as well and still nothing. Maybe the cosmic rays hit my PC's memory, corrupted it and deleted my Quote button :-) No serious, is anybody else also having this problem? That's rather odd. What browser are you using? Could that be considered a Denial of Service attack? [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71882t=71366 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Quoting in Replies [7:71366]
Stop this thread immediately or I will be forced to annihilate all of you with my Anti-Proton Sub-Space Internet Disrupter Ray! Worf Wilmes, Rusty wrote: According article 4 section 10 subsect ym, of the Charter Of Interspatially Recognized Internet Keyword Search Lookup People, use of illudium, in either a peaceful or dastardly fasion, is punishable by Death Ray. Ming The Merciless -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 01, 2003 3:51 PM To: [EMAIL PROTECTED] Subject: Re: Quoting in Replies [7:71366] Cosmic ray machines are a violation of the GroupStudy TOS. Please discontinue the use of such devices. Failure to comply will result in retaliation with an Illudium Q-36 Explosive Space Modulator. Your compliance is appreciated, Marvin David Cooper 7/1/03 4:30:09 PM On Tuesday 01 July 2003 15:29, Jamie Johnson wrote: Cool! My cosmic ray machine must be working. Better put on your tinfoil hats. From: Recent escapee from the ex-dot.commer insane asylum John Neiberger wrote: - jvd 7/1/03 12:32:02 PM Hi my Quote button disappeared! No serious, there used to be a quote button next to my Post button but now it's gone. I refreshed the page as well and still nothing. Maybe the cosmic rays hit my PC's memory, corrupted it and deleted my Quote button :-) No serious, is anybody else also having this problem? That's rather odd. What browser are you using? Could that be considered a Denial of Service attack? [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71772t=71366 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Quoting in Replies [7:71366]
Puny Marvin, It is appropriate that you ended you last sentence with I'm afraid. You should be afraid, very afraid!!! I have the new and improved, ultra special, galaxy class disrupter. I say pshaw to your lowly Q-36. This will be my last statement on this as I must return to annihilating useless redundant posts on the associate list! HAHAHAHAHA No regards, Worf the Merciless Moderator John Neiberger wrote: Worf the Moderator dares challenge Marvin the Moderator?? My Illudium Q-36 Explosive Space Modulator can easily disrupt your puny Klingon Disrupter Ray! Your threat forces me to take drastic action and I'm going to have to blow up your entire planet, I'm afraid. Kind regards, Marvin Tom Lisa 7/2/03 12:56:58 AM Stop this thread immediately or I will be forced to annihilate all of you with my Anti-Proton Sub-Space Internet Disrupter Ray! Worf Wilmes, Rusty wrote: According article 4 section 10 subsect ym, of the Charter Of Interspatially Recognized Internet Keyword Search Lookup People, use of illudium, in either a peaceful or dastardly fasion, is punishable by Death Ray. Ming The Merciless -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 01, 2003 3:51 PM To: [EMAIL PROTECTED] Subject: Re: Quoting in Replies [7:71366] Cosmic ray machines are a violation of the GroupStudy TOS. Please discontinue the use of such devices. Failure to comply will result in retaliation with an Illudium Q-36 Explosive Space Modulator. Your compliance is appreciated, Marvin David Cooper 7/1/03 4:30:09 PM On Tuesday 01 July 2003 15:29, Jamie Johnson wrote: Cool! My cosmic ray machine must be working. Better put on your tinfoil hats. From: Recent escapee from the ex-dot.commer insane asylum John Neiberger wrote: - jvd 7/1/03 12:32:02 PM Hi my Quote button disappeared! No serious, there used to be a quote button next to my Post button but now it's gone. I refreshed the page as well and still nothing. Maybe the cosmic rays hit my PC's memory, corrupted it and deleted my Quote button :-) No serious, is anybody else also having this problem? That's rather odd. What browser are you using? Could that be considered a Denial of Service attack? [EMAIL PROTECTED] [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71803t=71366 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multipoint cost [7:71619]
Mohamed, OSPF calculates costs based on interface bandwidth, each router assigning the link cost based on its idea of the bandwidth. For multipoint the costs for a link may be different depending on which router it is being viewed from. - Tom Mohamed Saro wrote: How can the router calculate the OSPF cost for multipoint interface -- Cost 100 Cost 390 I R1 I-IR2I II Bandwidth 1024Bandwidth 256 I I -- Multipoint Int'f Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71689t=71619 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Multicast [7:71577]
rbx10, 224.0.0.0-255 multicast addresses are translated into L2 addresses the same way as the rest of the multicast addresses. For Ethernet, the MAC address becomes 0100.5e followed by the last 23 bits of the multicast IP address. Take 224.0.0.1. Last 23 bits are 000 0001. Translate the last 23-bits back into hexadecimal (00.0001). The MAC address becomes 0100.5e00.0001. The fact that the multicast packets will never leave the segment (routers never forward the packets, TTL=1 as a failsafe) does not affect how the L2 addresses are derived. - Tom rbx10 Defcom wrote: I understande how Multicast routers should not forward any multicast datagram with destination addresses in this range (224.0.0.0 - 224.0.0.255 ) bec. of ttl not able the address to go to the next hop. But I dont' remember how those addresses are translated to L2 addresses. Or maybe I'm not reading into it...or the link local terminology is throwing me off. Thanks all for you answers. rbx10Priscilla Oppenheimer wrote: Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71693t=71577 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access-list ?? [7:71684]
You might try the below: access-list 10 deny 192.100.34.96 0.0.0.3 access-list 10 deny 192.100.34.151 0.0.0.0 access-list 10 deny 192.100.34.152 0.0.0.7 access-list 10 permit 192.100.34.96 0.0.0.31 access-list 10 permit 192.100.34.128 0.0.0.31 The 1st three lines block the unwanted portions of the ranges allowed by the last 2 lines. Don't forget the implied deny all after the last line that blocks all other addresses. Some folks like to put an explicit deny any as the last line. Can be applied inbound on the external interface(s) or outbound on the internal interface(s). Happy 4th of July! :) HTH, Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem Hyman, Craig wrote: ALL- I know you have answered this question before, but I hope somewhere in your 4th of July heart you can help me. I have a 1600 router running a 12021 IP PLUS --- I have tried to add access-lists to block all sites incoming except 192.100.34.100-150. Can someone help with the correct lists. Thanks in advance SRS Level 2 SRS Implementation Team Cell phone# 720-840-4887 SUN PH# 303-272-2661 Virtual Office# 303-604-0037 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71704t=71684 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Proxy [7:70959]
Gbenga, Proxy Server 2.0 was the last version released before ISA server, and it did not support transparent proxy. Supporting transparent proxy is important here, since the HTTP header for a proxy request will always contain certain lines (such as Host:), whereas direct HTTP 1.0 requests may eliminate these lines. For a proxy server to work correctly, it is important that it know both the destination IP/host and the URL. If the proxy does not receive all of the required information, it can't service the proxy client. I am more familiar with Squid (I don't know whether Squid is supported on Windows) which can be configured to fix-up HTTP requests on the fly (recreating the Host line from the URI for example), allowing it to be used as a transparent proxy... IP helper addresses don't apply to the problem you are trying to solve. Policy-based routing and WCCP won't do anything for you either, since you are limited by the Proxy server. You either have to use the bundled Proxy client software to force users to use the proxy or use a different proxy server. - Tom OLUGBENGA BANKOLE wrote: Tom, I refer to Microsoft Proxy server. i.e can I direct traffic to a microsoft proxy just like I would a DHCP server by using the ip helper address command. Regards, Gbenga To God be the Glory.Gbenga. - Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71139t=70959 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Transporting Multiple Vlans over point-to-point [7:71074]
Alaerte, I can think of a couple ways to doing this. Be forewarned. Both are ugly. Method #1: Relocate the servers /30 subnet -- We'll say the server's IP address is 192.3.3.254/24. Create a secondary IP address on R2 for 192.3.3.252/30. R2's secondary address becomes 192.3.3.253/30, the server can stay 192.3.3.254/24. Make sure that R3 knows how to reach the 192.3.3.252/30 subnet (either static route or a classless routing protocol). How it works: Proxy ARP. Stations on VLAN 300 attempting to connect to the server will ARP for 192.3.3.254, for which R3 has a better route, and will respond to the ARP with its own MAC. Traffic to 192.3.3.254 will be routed to R2. The reverse will happen when 192.3.3.254 attempts to respond to the client, it ARPs, R2 knows of a route and responds with its MAC, the packet is routed back. Other info: - I've assumed that the server address was 192.3.3.254, it could have been anything. The /30 subnet would change accordingly. - I've assumed that .252 and .253 were not already in use. If they were, connectivity to these stations would be broken. You can get around this problem by configuring (and redistributing) static routes for 192.3.3.252/32 and 192.3.3.253/32 pointed back towards Vlan 300 on R3. - L2 Broadcasts will not be available to/from the new server Method #2: Virtual router - This method has the unique property of being both cleaner (from a caveat perspective) and uglier at the same time. Imagine walking into this at a customer site -- how long would it take you to figure out what was going on? :) Once again we'll say the server's IP address is 192.3.3.254/24. Configure a static route on R3 as follows: ip route 192.168.3.254 255.255.255.255 (ip_of_R2) On R2, determine an IP address that isn't used for use as a virtual router. We'll say 192.168.2.254/24 isn't used. Create a static route on R2 to the server through the virtual router: ip route 192.168.3.254 255.255.255.255 192.168.2.254 The virtual gateway doesn't exist so pings to it will fail. Don't worry about that yet. Move the server to VLAN 200 without changing its IP address or mask. Determine the MAC address of the server. We'll say 0001.0002.0003. On R2, configure the MAC for the virtual router to be the server's IP: arp 192.168.2.254 0001.0002.0003 arpa You must perform similar steps on the server. We'll assume that its default gateway has not changed. We'll also assume that its default gateway was 192.3.3.1. Configure a static ARP entry for the default gateway that reflects R2's Ethernet MAC (0102.0304.0506): arp -s 172.30.16.254 01:02:03:04:05:06 Make sure that R3 knows how to reach the 192.3.3.254/32 subnet (either add a static route or redistribute on R2). How it works: Vlan 300 stations broadcast ARP, and R3 responds with its MAC (Proxy ARP). R3 forwards the packets to R2. R2 forwards the packets directly to the server (although it believes it is forwarding to another gateway). The server receives the packet because the MAC was correct, notices that it is the end station, and processes the packet. Traffic from the server to VLAN 300 is possible using Proxy ARP as describe in Method 1. Traffic to/from other VLANs (VLAN 100) will also work fine since the server forwards all of its default gateway traffic to the correct default gateway, R2. Other info: - I've assumed that the server address was 192.3.3.254, it could have been anything. - The only 192.3.3.0/24 address used on VLAN 200 (other than the servers IP) is the Ethernet IP address of R3. - L2 Broadcasts will not be available to/from the new server - Pings to the virtual router will fail (it /is/ virtual after all), even though the server will have full network connectivity. If you get around to actually doing either of these in the lab and run into trouble, let me know (the above was written from memory, and I may have missed a step or two). I originally came across these ideas after reading Doyle and configured them in the lab just to see if I could pull it off. Yep. :) You would be surprised with some of the crazy labs you can make for yourself when IP addresses don't need to be contiguous or need to match the local router! - Tom alaerte Vidali wrote: Need to transport multiple Vlans over PoS. Any Thoughts? It is a short term need. It is necessary to move a server without changing its IP address from Vlan 300 to Vlan 200 and a server from Vlan 100 to Vlan 200. Vlan 100 (192.1.1.0) R1 --- R2 (192.2.2.0) Vlan 200 | | | | Vlan 300 (192.3.3.0) R3--- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71147t=71074 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct
Re: VTP Domain Server Question [7:70942]
Dave, Comments are inline. - Tom Dave C. wrote: I have a question regarding VTP. I am working with a network configuration that has dual 6509's as core switches. One is the VTP domain server, the other is a VTP domain client. All other 4000 switches are defined as client also. I need to take both 6509's down to upgrade the Cat-OS on them, however I am concerned about what happens to the other switches when the VTP domain server goes away while the other 6509 is in client mode. You will not have ANY problems taking down the VTP servers and leaving only clients in your network. VTP server and VTP clients perform almost identical roles. The only difference between the two is that you can console (or Telnet) in to make VLAN and VTP modifications on a VTP server, VTP clients must learn their changes from other switches in the network. VTP clients learn, remember (while they have power anyway) and propagate VTP information, just as VTP servers do. Your other switches will not be affected while the VTP servers are offline, aside from obvious connectivity limitations. :) I know that I can assign multiple VTP servers to a domain. My original thought is to first make sure that the client 6509 is running the same VTP revision # as the server 6509. Then I should be able to change the client 6509 to VTP server mode. Then in theory either server can take over VTP responsibilites, because one will be able to act as the other if the other one goes away. You can have multiple servers in the VTP domain, but there is no take over responsibilities functionality. VTP servers and VTP clients both learn and propagate VTP information. VTP servers will learn VTP information from clients (assuming the client has a higher revision number) just like VTP clients will learn VTP from VTP servers (assuming the server has a higher revision number). You need at least one VTP server in your network, since the VTP server remembers its VTP information between reboots (also you need at least one switch in your network where you can change VLAN information, right? :) Once you have chosen at least one switch to be a VTP server, the remaining switches in your network can be VTP clients or VTP servers. There are some notable design and redundancy issues with having only a single VTP server -- but network functionality will not be affected. I think that VTP client is supposed to be a security safeguard, keeping changes from being made except from authorized (VTP server) switches. But that has never really make sense to me since you need to be in enable mode to change VLAN information anyway. If you have access to enable mode you can just as easily change the switch to VTP server, make your changes, then change the mode back to client. There's no real security advantage. What I was also wondering, do all VLAN's go disabled if I were to only have a single VTP server and shut it down when the rest of the switches are clients? If so, would this happen right away, or after 5 minutes? If I take the 6509 server down, it will not be able to tell anyone that a topology change has occurred, but will the clients be looking for the VTP 5 minute updates? VLANs will not be disabled unless you power off all of your VTP servers and reboot all of your VTP clients at the same time. If anyone could help clarify this, I would appreciate it. Based on the other posts, I seem to be going against conventional thinking. If you need further clarification, I can provide CCO links. Thanks. Dave C. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70971t=70942 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: STP problem [7:70797]
It's probably a LinkSys Hub. Didn't Cisco buy them a short time ago? :) Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem Larry Letterman wrote: Priscilla has a Hub that makes dinner..wonder when I can the cisco people To make switches that will do that. Larry Letterman Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 6:53 PM To: [EMAIL PROTECTED] Subject: Re: STP problem [7:70797] My hub is calling me to dinner so I have to make this quick. [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70910t=70797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: dhcp packets not visible in 6509 [7:70898]
Vik, There could be any number of reasons that DHCP isn't working. The client may not be requesting DHCP, the switch may not have portfast enabled, a router not having an IP helper address, DHCP server offline, DHCP server without a scope for the VLAN, and so on. Perform a packet trace from the DHCP client and if necessary on the DHCP server (using SPAN). You will be able to determine the problem by identifying which packets are present in the capture and which are not. For example, you may find that the client sends a DHCP discovery packet but does not receive an offer packet from the DHCP server. If you see the same behavior on the server port (discovery, no offer) then it's possible that: - The DHCP server isn't operational or the service/daemon isn't running - The DHCP server doesn't have a scope defined for that VLAN - The DHCP server has run out of IP addresses for that VLAN On the other hand, if you the capture shows a discovery packet is sent by the client but the packet is never seen by the DHCP server it's much more likely that you have a missing (or incorrect) IP helper address. Once you perform the packet capture(s) you will probably need no further help. If you do, the information obtained from the capture would be enough for the group to point you in the right direction. - Tom Vik Vikky wrote: Hi *, am fairly new to cisco products/ commands. have a problem got a WS-X6348-RJ-45 module at slot 3 of 6509. In which am unable to get DHCP broadcast /address from the main dhcp server. configured all the ports to respective vlan-x and at the routing module in a core switch (6509 with msfc) I hv given the ip helperaddress for this vlan. rest of the catalyst 4006 switch fetches dhcp frm this scope. Below is the module capabilities: Type 10/100BaseTX Speedauto,10,100 Duplex half,full Trunk encap type 802.1Q,ISL Trunk mode on,off,desirable,auto,nonegotiate Channel yes Broadcast suppressionpercentage(0-100) Flow control receive-(off,on),send-(off) Security yes Dot1xyes Membership static,dynamic Fast start yes QOS scheduling rx-(1q4t),tx-(2q2t) CoS rewrite yes ToS rewrite DSCP UDLD yes Inline power no AuxiliaryVlan1..1000,1025..4094,untagged,dot1p,none SPAN source,destination COPS port group 3/1-48 Link debounce timer yes Module configuration: set vlan 68 3/1-48 set port auxiliaryvlan 3/1-48 none set port qos 3/1-48 trust-ext untrusted set port qos 3/1-48 cos-ext 0 set port enable 3/1-48 set port speed 3/1-48 auto set port trap 3/1-48 enable set port name 3/1-48 set port dot1x 3/1-48 port-control force-autho set port dot1x 3/1-48 multiple-host disable set port dot1x 3/1-48 re-authentication disabl set port security 3/1-48 disable age 0 maximum set port broadcast 3/1-48 100.00% set port membership 3/1-48 static set port protocol 3/1-48 ip on set port protocol 3/1-48 ipx auto set port protocol 3/1-48 group auto set port flowcontrol3/1-48 send off set port flowcontrol3/1-48 receive off set cdp enable 3/1-48 set udld disable 3/1-48 set udld aggressive-mode disable 3/1-48 Cat-OS version: cat6000-sup.6-3-9.bin Can you guide me, anything I am missing out. Thank you _ Get 10mb of inbox space with MSN Hotmail Extra Storage http://join.msn.com/?pgmarket=en-sg Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70926t=70898 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Bridging [7:70912]
Milind, The 3550 switches do not support AppleTalk, which explains why your printer doesn't work when you disable bridging. Have you tried enabling TCP/IP printing on the printer? If you're running an older MacOS, TCP/IP printing may not be available to you. I'm not intimately familiar with MacOS, nor did you indicate which version of Mac OS you are using, but OSX supports both AppleTalk and TCP/IP. If your clients are not OSX you can configure an OSX print server (spooler) that prints to the printer using TCP/IP but advertises the printer to the local VLAN using AppleTalk. I've assumed that since you're running Macs that you probably have access to an OSX server. If not, you can accomplish the same thing using Linux, Windows or Netware. - Tom milind tare wrote: Dear All, I have following setup in my company 2 Core 6506 Redundancy 3500 series distribution and access switches. configured 20 vlan's in my network and having 130 switches. configured bridging in my network. but now i remove netbios from user's PC. And in my network i hv Network printer which is running on MAC. if i remove bridging from my network it will affect on network printer. i mean network printer will not work if i remove bridging. can anyone give me solution on this. coz i want to remove bridging from the network. Thanks Regards, Milind Tare __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70930t=70912 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: STP problem [7:70797]
Chris, STP should be enough to avoid these types of problems. In order to cause a bridging loop the station would have to have both interfaces in the same VLAN and forward all L2 traffic except for BPDUs. Even if this were the case the wireless network (10-Mbps?) shouldn't be enough to bring the LAN to its knees (100-Mbps?). If you have STP enabled on all of your switches, I'm doubt that a single station is bringing the network down. Once you find the offending switch that you need to reboot, you can issue console commands to determine the root bridge and any blocked ports. Make sure that things are normal. You do have your root bridge set manually, don't you? :) To find out which port is causing the loop, take a look at the interface counters. You should see an unreal amount of traffic on the offending port (and the uplink to the core switch). When STP has been enabled I have only come across layer-2 loops twice. Once when a few HP switches had gone bad, and another time when a customer had configured channeling on one side but not the other (3500 series, no channel negotiation). In both cases I found that the problem was made worse with increasing traffic levels, and the problem also revolved around the same set of switches. The channeling problem was a bit more difficult to narrow down though, since it disabled MLS on the core switch and every segment appeared to have problems!!! I hope that helps, - Tom Christopher Dumais wrote: Hi all, We are having an STP problem where we think a user with an integrated wireless and LAN NIC is creating a bridge loop and bringing down the entire network. The problem occurs then goes away after 20 or so minutes unless we can narrow down which closet it is coming from and reboot the switch. All of our management tools die during the outage. Does anyone have any ideas on how we might prevent this from happening or track down the offender? We have 6509's in our Core and a mix of 3548's and 3550-SMI. Any thoughts are appreciated. Thanks! Chris Dumais, CCNP, CNA Sr. Network Administrator NSS Customer and Desktop Services Team Maine Medical Center (207)871-6940 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70812t=70797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP OSPF DUAL MUTUAL REDISTRIBUTION [7:70643]
Jason, Chuck answered pretty completely, but there's another option that works well, changing administrative distances. At the redistribution points, set the default administrative distance for each protocol to something like 200. Next create an access-list that identifies all routes internal to each routing domain, and override the default administrative distance (200) with the normal AD (something less than 200). This has the effect of assigning all 'internal' routes the normal AD, and prevents route feedback. Routes will only be redistributed if they are not already present in the internal table. This also has the advantage of providing additional redundancy. If a route becomes inaccessible for some reason, but is still available via another routing protocol, it will be learned using the alternate path. With route filtering this is not possible. A very good explanation of this can be found in Chapter 13 of Doyle's TCP/IP Routing Vol. I. - Tom Jason Viera wrote: Can't figure this one out. I am mutually redistributing eigrp into ospf (dual redistribution points) and vice versa, I also have a separate redistribution point in the eigrp domain which introduces external (AD170) routes into the Eigrp domain, upon redistribution into OSPF these (external eigrp) routes are given an AD of 110, creating suboptimal routing. The only solution I could devise was based on modifying the distance of the external routes in the eigrp domain. What would be the best approach to tackle the problem, Any insight would be greatly appreciated!! Thanks Jason Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70716t=70643 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Dynamic VLAN [7:70445]
Lo, Dynamic VLANs are based on MAC address, so a PC with one NIC will have one MAC even if you have two IP addresses configured on it. The switch will put the PC in the correct VLAN based on its database. The PC will end up in one VLAN, and as such will only be able to communicate with one of the servers. - Tom Lo Ching wrote: Dear All, Suppose there is a PC have 2 IP address configured in single NIC (10.x, 20.x) and connect catalyst 35xx switch that configured with dynamic vlan. (NOT tagged) And there are 2 servers with IP 10.x and 20.x connected to the same switch as well. The server belongs to VLAN 10 and VLAN 20 based on the IP address. Can the client PC connect to both server in the same time? In other words, can the switch port allow both VLAN 10 and VLAN 20? Thanks. rgds, LoChing Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70579t=70445 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RJ48-RJ48 cable [7:70596]
Thomas, You can use a straight-through CAT5 or CAT3 patch cable. The difference is in the meaning of the pins. From a cabling perspective it doesn't matter. - Tom Thomas N wrote: Hi All, I am wondering what is the difference between the RJ48 and RJ45 connector/cable? I am setting a router with a integrated CSU/DSU (WIC-1DSU-T1) with a T1 RJ48 connection hand off by the ISP. They however do not provide the cable. Could I make a cable with RJ45 connectors for this? What would be the pinout for both end of the cable? Does the direction of the cable connection matter? It's urgent. Please help. Thanks in advance! Thomas. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70600t=70596 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: I will be taking BCRAN [7:70498]
I read the Cisco Press Exam certification guide for 640-505 three times, went through Knowledgenet CBT once and purchased Self-test software practise exam. Scored 950 on first attempt after 4 weeks study. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70616t=70498 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: route-map V distribute list's [7:70121]
DJ, A route-map is just way more flexible. A distribute-list will afford you a single access-list in which you must define everything, where as a route-map allows you to use multiple access-lists. This is especially important during temporary changes to a network topology, where a new route-map clause can be added without changing the existing access list. Route-maps also allow you to match on more than the routes to be redistributed (such as outgoing interface, next hop IP, advertising router, etc). For most implementations, I've found that a distribution list is all that's required. Even so I still use route maps, because you never know what you'll need down the road. - Tom maine dude wrote: Hi Can someone clarify why you would use a route-map instead of distribute list? Thanks in advance, -DJ - Yahoo! Plus - For a better Internet experience Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70125t=70121 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to trace conversations of Yahoo and Acess to Sex sites [7:70130]
Bala Ware, With all due respect, it seems to me that you have a political problem on your hands. You're dealing with a GM that wants (more or less) direct access to the Internet and manages the person(s) responsible for managing the firewall. Of course there's ways to identify what he's doing on the Internet, but it sounds as if the GM has enough authority to make this process difficult (assuming he finds out) and your job could end up in jeopardy. It may not be fair, but sometimes that's life. Perhaps your boss should talk to the GM (or his boss). I'm not sure that a technical approach would be appropriate given the situation. My 2 cents anyway. - Tom Mr piyush shah wrote: Hello all I will be highly appreciable if someone will help me.In our organisation there is a newly joineD to whom we have provided internet access through proxy server .However being slightly technical he has insistently taken public Ip address and have opened all the ports on firewall ,wherein from his pc to external world all ports are opened .My boss is worrying whether this chap is utilising this facility for chating using yahoo messanger woth sex chat rooms as well as acessing many more sex sites.Unfortunately there is no way to trace whetgher what is he accessing .I request you to suggest some software which will track what site is he accesiing and what conversation is he doing. I know that I can load websense or surfcontrol on f/w,but unfortunately f/w is being controlled by one of the engineer who reports to tha GM.Hence no access to f/w. I sincererly request to help me. Regards BALA WARE Missed your favourite TV serial last night? Try the new, Yahoo! TV. visit http://in.tv.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70130t=70130 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIM-SM Join Messages. [7:70014]
Ken, PIM messages are sent multicast, either to 224.0.0.2 or 224.0.0.13 depending on the PIM version. PIM Joins are sent periodically, every 60 seconds. - Tom [EMAIL PROTECTED] wrote: Hello, I have two questions here on the above. Are PIM joins sent multicast or unicast. Some docs says it's unicast, but I see it as multicast in my trace. Also, If a flow maintains state for a period of time, do PIM-Join messages get sent periodically to the RP or root of the source, if so how often? Many thx Ken For more information about Barclays Capital, please visit our web site at http://www.barcap.com. Internet communications are not secure and therefore the Barclays Group does not accept legal responsibility for the contents of this message. Although the Barclays Group operates anti-virus programmes, it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Barclays Group. Replies to this email may be monitored by the Barclays Group for operational or business reasons. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70086t=70014 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: LLQ on Ethernet subinterfaces [7:70020]
Watch for wrap: http://www.cisco.com/en/US/customer/tech/ tk543/tk545/technologies_tech_note09186a0080114326.shtml neil K wrote: Can somebody tell me how to configure LLQ on Ethernet subinterfaces connected to two VLAN's. Will appreciate it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70087t=70020 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Please expalin the numbers in the source-bridge statement?? [7:70093]
Robert, The local Token Ring number is 9. The interface will bridge traffic from this ring to ring number 23. The Token Ring RIF will indicate the router as bridge 3. - Tom Robert Perez wrote: interface TokenRing0 ip address 192.168.34.3 255.255.255.0 ring-speed 4 source-bridge 9 3 23 source-bridge spanning Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70093t=70093 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VTP pruning verses clear trunk [7:69844]
'clear trunk' is used to prevent VLAN traffic from ever crossing a trunk link. VTP pruning is used to prevent broadcasts from trunk links only when there are no hosts on the VLAN on the other side of the trunk link. listmailing wrote: Same, not the same? From what I am reading, Clear trunk will deny the VLAN from the trunk. VTP Pruning will do the same but also mentioned host broadcast suppression. Also I have read pruning is dynamic, where clearing is static. Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69869t=69844 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Load Balance [7:69611]
Salvatore, ebg-multihop is not required for load balancing. It can be beneficial to use a loopback to peer from/to, similar to IPX internal networks provide better load balancing for NetWare servers. If you feel it's a good idea to peer to/from loopack interfaces (redundancy, better balancing) then you'll need ebgp-multihop since you are adding hops. If you have multiple directly connected interfaces to the BGP neighbor and don't use loopback interfaces, you don't need ebgp-multihop. - Tom Salvatore De Luca wrote: Understood.. but does the command neigh x.x.x.x ebgp-multihop X by itself provide load-balancing? I could be wrong.. but from my undrstanding this just states that you have the capability of peering with neigh that are not directly connected.. You could very well acheive loadbalancing when 2 EBGP routers peer with its neighbors loopbacks.. Yes.. in this case you would need to be directly connected.. so why would you need neigh x.x.x.x ebgp-multihop... Please enlighten me with your thoughts.. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69755t=69611 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Dynamic Route Graphs...... [7:69738]
Raj, Is the software going to be open source? I have a large collection of scripts for automating configuration (during rollouts) and basic troubleshooting. I've had intentions of providing a GUI front-end at some point, either in Java or PHP, but never seem to have the time to get around to it. Most of the advanced troubleshooting is performed by our technicians anyway (as opposed to directly by the customer), so not having a graphical interface has not been a big deal. Either way, since you've obviously done some work in that area it might be nice to merge some sources to provide additional functionality. For example, I can see where it might be nice to see which switches are encountered between hops, especially if the next hop isn't reachable. I wouldn't imagine this would be terribly difficult, since the code is already written. Just a thought. - Tom Raj Santiago wrote: Hi All, A friend and myself have recently completed a program, in which WE think is going to be very helpful to all engineers out there. Basically its a network-graphing program. How does it work ? 7 logs on to all known routers in your network and issues term len 0 and then show ip route. These outputs are then stored under the name of the router. 7 Next you specify a source ip(or name) and a destination ip (or name) 7 Our code basically works out the starting point(s) and then builds a graph based on the routing table(stored as files) to the destination. 7 The graph(very pretty with nice colours ) is stored as a png file and a HTML document is created to reference it. What does this mean? 7 You can basically get a graphical representation of your network from any two points 7 All of this is dynamic because it follows your routing table entries. 7 Makes troubleshooting simpler Etc Well, we were stoked to see the end product (in which we are doing final testing and formulating a module). I was wondering if this would be useful to you out there ? If so, just leave a comment. This will give us a rough idea on how user friendly we need to package this Here is a sample diagram : http://www.superplasmas.com.au/routeparser/10.25.159.1_10.47.200.30.png With IE, you will need to enlarge the pic to view it correctly... (just run your mouse over and click on the enlarge button). Any feedback will be good. Please remember this program is free. Cheers Raj Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69758t=69738 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help with Cisco 3745 configuration [7:69765]
J B, If you're familiar with Cisco routers, WAN troubleshooting (probably T1 or Frame) and QoS intricasies, then $5,500 is way too much. You could set up the routers well within a single day, probably closer to 1/2 day. If you're not familiar with Cisco routers, especially QoS since quality problems may only arise under certain load conditions, then having an outside company do it correctly may very well be worth it. I suppose it all depends on how important uptime is to your company. If your company stands to lose money if voice calls can't go through or if reliability is an issue, pony up and pay the $5,500. If you're up to the challenge, poke around Cisco's site. There's not much detail on your environment, but you'll probably be interested in PPP interleaving, FRF.11 or 12, LLQ and the various classification techniques. Getting voice over your data circuit reliably requires that you look at the path end-to-end, so you might also be interested in looking at what layer 2 classification/prioritization is available on your switches. As far as IP connectivity, not much has changed in the last 2 years. Assign valid addresses, pick a routing protocol and whalla! That should be enough to get you started anyway. :) - Tom J B wrote: Hi, Everyone I just been awarded the responsibility of installing 4 3745 Cisco routers. The local phone company wanted $5500 dollars for the installation and my employer thinks is to much. I was looking at the Cisco website for sample configurations but I couldn't find them. I need to share the T1 channels link for voice and data. I haven't done Cisco for like 2 years. Can someone help me with some guidance to find some information in how to do that. Thanks JBary Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69775t=69765 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Need help for CCNA 3.0 [7:69772]
(Watch for word wrap) Guruprasad Sanjeevi wrote: Group, I am going to take ccna 3.0 as my ccna 1.0 has expired. Can anyone please tell me the topics that I need to focus on? . I'm working on routers for past 3 years TIA guru Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69781t=69772 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Need help for CCNA 3.0 [7:69772]
The URL was stripped from the earlier post: http://www.cisco.com/warp/public/10/wwtraining/ certprog/testing/current_exams/640-607.html Tom Martin wrote: (Watch for word wrap) Guruprasad Sanjeevi wrote: Group, I am going to take ccna 3.0 as my ccna 1.0 has expired. Can anyone please tell me the topics that I need to focus on? . I'm working on routers for past 3 years TIA guru Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69787t=69772 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Dynamic Route Graphs...... [7:69738]
Priscilla, I've found that CDP works great for identifying transit Ethernet switches since CDP details IP addresses, and suprisingly picks up more that just Cisco equipment. I've noticed HP switches providing CDP, but most of the networks I work with are primarily Cisco. One of the biggest benefits of CDP is that it's really easy to remotely automate and parse, allowing automated network topology generation. Granted STP works more globally, but doesn't have any way of showing an associated IP address (most of my scripts have been geared towards troubleshooting, where most often it's valuable to Telnet to the next hop and get it's perspective). I suppose STP contains a bridge ID that can be cross-referenced to an IP address, assuming a central database exists. To be honest I haven't done anything too elaborate with STP scripting since CDP has worked out so well, except on a couple of occasions where I found platforms/IOSs where CDP isn't enabled by default... I had plans of extending my scripts with STP to identify root bridge placement and identify L2 transit paths. Perhaps someday I'll actually have the free time to do it! :) - Tom Priscilla Oppenheimer wrote: Since switches do transparent bridging, how would you know that they are there? It's hard to see something that is transparent. Perhaps there's some spanning-tree info you could gather that would illuminate the logical topology and the path frames would take. It would only be for that LAN though. Of course, if you meant L3 switches, then his program already works with those probably. Thoughts? I'm just thinking out loud here. The program sounds great! Congratulations on the accomplishment and good luck with its marketing. Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69800t=69738 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Dynamic Route Graphs...... [7:69738]
Priscilla, I've found that CDP works great for identifying transit Ethernet switches since CDP details IP addresses, and suprisingly picks up more that just Cisco equipment. I've noticed HP switches providing CDP, but most of the networks I work with are primarily Cisco. One of the biggest benefits of CDP is that it's really easy to remotely automate and parse, allowing automated network topology generation. Granted STP works more globally, but doesn't have any way of showing an associated IP address (most of my scripts have been geared towards troubleshooting, where most often it's valuable to Telnet to the next hop and get it's perspective). I suppose STP contains a bridge ID that can be cross-referenced to an IP address, assuming a central database exists. To be honest I haven't done anything too elaborate with STP scripting since CDP has worked out so well, except on a couple of occasions where I found platforms/IOSs where CDP isn't enabled by default... I had plans of extending my scripts with STP to identify root bridge placement and identify L2 transit paths. Perhaps someday I'll actually have the free time to do it! :) - Tom Priscilla Oppenheimer wrote: Since switches do transparent bridging, how would you know that they are there? It's hard to see something that is transparent. Perhaps there's some spanning-tree info you could gather that would illuminate the logical topology and the path frames would take. It would only be for that LAN though. Of course, if you meant L3 switches, then his program already works with those probably. Thoughts? I'm just thinking out loud here. The program sounds great! Congratulations on the accomplishment and good luck with its marketing. Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69809t=69738 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RHCE Vs. CCIE [7:69801]
Joseph, I noticed that too, but never really thought about it. I browsed the article (http://www.certmag.com/issues/jan02/feature_sosbe.cfm). Figure 4, 6 and 9 all rank RHCE at the top. If a well-known third party ranked your certification as overall best overall quality, I'm sure you'd advertise it too. I know I would! It looks as though your message was part of an existing thread that didn't show up for me, but for what's it worth CCIE was missing from the certifications examined, so it's really not much of an RHCE vs. CCIE comparison. - Tom Joseph Brunner wrote: Want a laugh.. I was installing Redhat 8 (graphical install) during the install was an advertisement for the RHCE. I would like REDHAT to answer this... If your RHCE is so great (Top Overall IT Certification), then why is a Cat6k (sup1/2 clearly visible) in the background ? check out these screenshots... http://www.kiatex.com/rhce/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69817t=69801 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: default-information originate with route-map [7:69558]
Maroun, OSPF routers don't really send out routes to their neighbors, they send LSAs. For most things you can think of them as being the same, except in situations like yours. Your router is presumably creating the default route (use 'show ip ospf database' to verify) and therefore creating the LSA for it. The LSA is flooded to all neighbors. In a redundant network the LSA could even be sent from multiple neighbors. The end result is that all routers WILL get the default gateway LSA. To get around this problem, you need to use a distribution list on the router that should not honor the default gateway. The router will still get the LSA, will still enter the LSA into its database and will still flood the LSA to its neighbors. But if you use a distribution list it will NOT put the route in its routing table. It sounds like this is what you're looking for. In other words put the filter on the router where the filtering needs to take place, not on the sending router. You could also accomplish this by using multiple areas and filtering at the ABR. - Tom Maroun Waked wrote: hi, I have a router running ospf that needs to send a default route to its neighbors. For this, I have used the command default-information originate. Then I wanted one of the neighbors not to receive the default route. I thought that the route-map option at the end of the default-information originate, would help. However, each time I create a route-map, the default route will not be advertised to any of the neigbors. I tried using match interface, but I never got any matches. In brief, things didn't work. Can anyone help thank you __ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69714t=69558 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Virtual Link Problem [7:69640]
Kevin, It might just be an oversight, but R5 and R6 don't seem to have a loopback or explicit router ID defined. Also, what is the OSPF network type on R2? It's set manually on R5 and R6, but left to the default on R2. I believe (but haven't verified) the default would be non-broadcast not point-to-multipoint. - Tom Kevin Love wrote: Hey Team, I cannot figure this out. I've configured lots of virtual links, but no matter what I do this isn't working. I had md5 authentication configured for Area 0, but to isolate the problem, I removed authentication and the virtual link still isn't up. I need another set of eyes (or two) looking at this. Please help if you can! Here's the topology: Area 2 (Loopback 0) | R2 \ \ FR Area 1 /\ R5R6 \/ Area 0 Ethernet Here are the salient config snippets: R2 ! interface Loopback0 ip address 192.168.2.2 255.255.255.255 ip ospf network point-to-point ! interface Serial1.256 multipoint ip address 172.16.56.2 255.255.255.248 ip ospf priority 255 frame-relay map ip 172.16.56.2 105 frame-relay map ip 172.16.56.5 105 broadcast frame-relay map ip 172.16.56.6 106 broadcast no frame-relay inverse-arp ! router ospf 1 log-adjacency-changes area 1 virtual-link 192.168.5.5 area 1 virtual-link 192.168.6.6 network 172.16.56.0 0.0.0.7 area 1 network 192.168.2.2 0.0.0.0 area 2 ! R5 interface Ethernet0 ip address 172.16.200.5 255.255.255.128 ip ospf hello-interval 15 ! interface Serial0 ip address 172.16.56.5 255.255.255.248 encapsulation frame-relay ip ospf network point-to-multipoint frame-relay map ip 172.16.56.2 501 broadcast frame-relay map ip 172.16.56.5 501 frame-relay map ip 172.16.56.6 501 broadcast no frame-relay inverse-arp frame-relay lmi-type cisco ! router ospf 1 log-adjacency-changes area 1 virtual-link 192.168.2.2 network 172.16.56.0 0.0.0.7 area 1 network 172.16.200.0 0.0.0.127 area 0 network 192.168.5.5 0.0.0.0 area 5 ! R6 interface Serial0 ip address 172.16.56.6 255.255.255.248 encapsulation frame-relay ip ospf network point-to-multipoint frame-relay map ip 172.16.56.2 601 broadcast frame-relay map ip 172.16.56.5 601 broadcast frame-relay map ip 172.16.56.6 601 no frame-relay inverse-arp frame-relay lmi-type cisco ! interface FastEthernet0 ip address 172.16.200.6 255.255.255.128 ip ospf hello-interval 15 half-duplex ! router ospf 1 log-adjacency-changes area 1 virtual-link 192.168.2.2 network 172.16.56.0 0.0.0.7 area 1 network 172.16.200.0 0.0.0.127 area 0 network 192.168.6.6 0.0.0.0 area 6 ! R2#sh ip ospf vir Virtual Link OSPF_VL5 to router 192.168.5.5 is down Run as demand circuit DoNotAge LSA allowed. Transit area 1, Cost of using 65535 Transmit Delay is 1 sec, State DOWN, Timer intervals configured, Hello 10, 40, Wait 40, Retransmit 5 Virtual Link OSPF_VL4 to router 192.168.6.6 is down Run as demand circuit DoNotAge LSA allowed. Transit area 1, Cost of using 65535 Transmit Delay is 1 sec, State DOWN, Timer intervals configured, Hello 10, 40, Wait 40, Retransmit 5 R2# Trust me on the router-IDs for the virtual link statements - I have triple-checked them. I have reloaded the routers with no luck. What am I missing here?! Thanks! Kevin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69720t=69640 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Packet retransmit questiion [7:69715]
First of all, I wouldn't post a question advertising it to be from the 350-001 test to a public newsgroup. It just seems like a bad idea. I'm responding to the question based on the fact that I took the test a couple weeks ago and didn't see the question. I'm HOPING that the question is from your study material for the test. Robert Perez wrote: Hi all, I have a question on the CCIE 350-001 test. I have heard differing opinions on this but when traffic crosses a WAN connection and there are problems who does the retransmit?? Host or RTR?? Generally the sending host. 1.) In Frame relay there is a line hit or corrupt packet on the WAn, who retransmits, should be the source router correct? Frame Relay includes a CRC to detect corrupted frames. The CRC is checked at the end router and is used to detect corrupted frames so that they can be dropped. Neither router will retransmit the frames, assuming of course that neither router is the source of the traffic. If one of the routers is sourcing the traffic, perhaps Telneting to the other router, then the routers would resend corrupted frames (actually the router would resend the IP packet, possibly resending multiple frames). But at this point the router is performing the role of a host. 2.) In a point to point circuit w/HDLC there is a line hit or corrupt packet who retransmits, should be the source router correct?? Same as Frame Relay. There is no link-level ACK, resends are the responsibility of the upper-layer protocols on the sending host. 3.) In a bridged environment with a WAN a T-1 takes a line hit or corrupt packet who retrnasmits, should be the source host correct?? Yes. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69725t=69715 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Networkers: is there a consistent link from CCO to [7:66054]
Howard, I don't know if you would call this consistent but here are the links to the presentations from 1999 - 2002: http://www.cisco.com/networkers/nw99_pres/index.htm http://www.cisco.com/networkers/nw00/pres/ http://www.cisco.com/networkers/nw01/pres/ http://www.cisco.com/networkers/nw02/post.html HTH, Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem Howard C. Berkowitz wrote: I'll have to admit that I usually go to a specific presentation for which I already have the URL, and then work backwards to find the presentation index for a particular Networkers' event. Is there a better way? When I search on CCO for a root to Networkers, all I seem to come up with is registration information for upcoming ones or salesy stuff on why I should attend. Does anyone know if there is a consistent place to go and find the starting point for the presentation archives for a given Networkers? [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66054t=66054 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Networkers: is there a consistent link from CCO to [7:66053]
Howard, I don't know if you would call this consistent but here are the links to the presentations from 1999 - 2002: http://www.cisco.com/networkers/nw99_pres/index.htm http://www.cisco.com/networkers/nw00/pres/ http://www.cisco.com/networkers/nw01/pres/ http://www.cisco.com/networkers/nw02/post.html HTH, Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem Howard C. Berkowitz wrote: I'll have to admit that I usually go to a specific presentation for which I already have the URL, and then work backwards to find the presentation index for a particular Networkers' event. Is there a better way? When I search on CCO for a root to Networkers, all I seem to come up with is registration information for upcoming ones or salesy stuff on why I should attend. Does anyone know if there is a consistent place to go and find the starting point for the presentation archives for a given Networkers? [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66053t=66053 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Instructor - CCNA Class [7:65742]
Or the super-normal way is to have a Cisco Certified Academy Instructor (CCAI) from an authorized Cisco Networking Academy with both on-line curriculum and textbooks with a plethora of routers, switches, hubs, modems, isdn/pots/t1 simulators, test equipment and numerous lab experiments. :) Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem Jens Neelsen wrote: Hi, the normal way is to have an experienced certified instructor from a Cisco Learning Partner with the original coursebook from Cisco and the necessary lab. Jens --- Robert Raver wrote: Hey, I have been given the duty to teach a CCNA class. Have any of you done this before? I was wondering what did and didn't work for you? What tips you might have. What the best way of approaching this would be. We will be using the Cisco Press book for the class and each student will have three routers and a switch. Thanks, Robert Raver [EMAIL PROTECTED] [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65787t=65742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ip ospf dead-interval [7:64311]
So, what layer does ARP run at? Sorry, I couldn't resist. :) Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem Priscilla Oppenheimer wrote: Welcome to Group Study. Nobody ever gets a straight answer here! ;-) And usually they shouldn't. With the exception of the ones and zeros that go across the wire (or air), most other things in this industry are simply not black-and-white. Just wait till the next time someone asks what a L3 switch is or what layer ARP runs at! :-) Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64451t=64311 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ??? IS-IS ??? [7:63875]
Steve, Yes, it is a routing protocol and has just recently been added to the new BSCI (was BSCN) exam. Unfortunately, the folks that make the decisions about what's added to the certification exams didn't give the Academy folks any lead time to change our Advanced Routing curriculum. We should have a new curriculum (hopefully) with IS-IS by the Fall of this year. You can go to www.ciscopress.com and download the chapter on IS-IS from the new BSCI book they are releasing. At least you could a month or so ago. Also, search on CCO for IS-IS and you should get a lot of information about it. HTH, Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem Steven Aiello wrote: Hello All, I'm wondering was IS-IS is. No pun intended. I'm assuming it's a routing protocol? I've gone through Cisco, CCNA acad. and have my CCNA and I've even started going over Semester 5 for the CCNP, but IS-IS is no where to be found... Is this a new protocol? Or does someone know where I can find a good over view? Thanks for brain food, Steve [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63899t=63875 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Core Layer L2 or L3 [7:63708]
Peter, The current rumour for the Academy CCNP program is that Cisco is dropping the 3 layer model and moving to a 2 layer model with L3 in the core for the BCMS course. I guess I'll find out for certain at Networkers in Orlando, Fla. this June. Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem Peter van Oene wrote: At 11:05 AM 2/25/2003 +, Skarphedinsson Arni V. wrote: In a Core-Distribution-Access Layer design, would you keep the Core L2 or with high end L2/L3 switches such as the Cat6500 do you think it would be better to do L3 in the core ? I personally haven't found the need to have a Distribution layer in most networks. It's a model designed by vendors to sell boxes imho. Pete [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63803t=63708 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: New Instructor Experiences [7:62826]
John, A good classroom experience begins with three things: preparation, preparation, preparation! This is not to say that you didn't prepare, but each class requires additional preparation even if taught before. Another issue that arises is that every class has its own synergy. The concepts that were readily assimilated by one group become more difficult to unravel than a Gordian Knot by the next. You may have been lulled into a false sense of security by the first couple of groups and then got blind-sided by the last. I suspect that you felt your explainer was broken because you were only prepared to explain things in one way and ran into a group that needed it in another format. Individuals have different learning modes (preferences). A diagnostic instrument called VARK (Visual, Aural, Read/Write, Kinesthetic), developed by Neil Fleming, Lincoln University, Canterbury, New Zealand, shows how learning preferences affect the teaching process. If you prefer to learn in one mode, you tend to teach in that mode. However, if it doesn't match the preferred mode of the majority of your class, then you will have one of those days. If you're interested in learning more about it, you can go to the National Learning Teaching Forum at www.ntlf.com. Click on the search link and enter the search term VARK. Teachers must always be prepared to be multi-modal and have more than one way of explaining difficult concepts (and sometimes even the simple ones). I'm still searching for the One All-Inclusive way of teaching sub-netting to products of our marginally effective K-12 schools systems. Basic math appears to be a foreign concept to many of my students. BTW, I still have days when I think my explainer is broke. This teaching gig is harder than it looks! :) HTH, Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem John Neiberger wrote: I just feel the need to rant/vent for a bit and I knew there were a bunch of you who might be able to relate to this. I've started teaching a short, one-session general networking class for some of the people here at the bank. The first session, which was really just a runthrough with a handful of students, went fairly well. In fact, it went so well that they increased the number of overall attendees to about 60 or so. Last week I had another session that went exceptionally well, except for a couple of students who really didn't want to be there. I couldn't have asked for it to go better, and my boss heard lots of good things about it. One person even said I should be a professor! :-) Now, that brings us to today Today I had an afternoon class, and in my opinion it sucked rotten eggs. I feel embarrassed to have been involved with it.I can't think of too many ways in which it could have gone worse. I rambled, I flew through 2.5 hours of material in about an hour, I lost my place a lot. I'm not certain that I ever formed a train of thought longer than a couple of cars, and I think even those trains were without engine and caboose. Have any of you other instructors had days like that? As I even mentioned in class, I felt like my 'explainer' was broken today, and it certainly was. I'm hoping that I could get some sympathy from other instructors with similar experiences. Okay, I'm going to go drown my disappointment in some coffee! John [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62837t=62826 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Catalyst 4000 and DHCP [7:62632]
Tunde, If configuring static IP addresses served as a temporary workaround, your problem is DHCP. Enabling Spanning Tree portfast on the ports to which stations directly attach will fix your problem: set spantree portfast enable - Tom On Fri, 07 Feb 2003 12:16:47 +, Tunde Kalejaiye wrote: hi all, we just upgraded our network to a switched, a catalyst 4006 to be exactsome users have been getting 'no domain server available ' error message. they usually have to try more than 4 - 6 times to successfully log on to the network. has anybody come across this problem before? what work around did u use besides configuring static ip addresses? thanks for your response(s) in advance Tunde Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62702t=62632 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Catalyst 4000 and DHCP [7:62632]
Tunde, If configuring static IP addresses served as a temporary workaround, your problem is DHCP. Enabling Spanning Tree portfast on the ports to which stations directly attach will fix your problem: set spantree portfast enable - Tom On Fri, 07 Feb 2003 12:16:47 +, Tunde Kalejaiye wrote: hi all, we just upgraded our network to a switched, a catalyst 4006 to be exactsome users have been getting 'no domain server available ' error message. they usually have to try more than 4 - 6 times to successfully log on to the network. has anybody come across this problem before? what work around did u use besides configuring static ip addresses? thanks for your response(s) in advance Tunde Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62695t=62632 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CBAC, PPTP and NAT Interaction [7:62727]
I have a user that I need to support with the following configuration. Host Site has Cisco 806 with 12.2 IOS FW 3DES Remote Site has Cisco 806 with 12.2 IOS FW 3DES Want to implement IPSec Peer to Peer Tunnel between two 806s Want to implement PPTP for a remote user with a Dynamic IP terminated on the 806 Want to use combination of CBAC, NAT and ACL to secure router Here's what I've got, IPSec No problem. PPTP No problem. Securing router using CBAC, NAT and ACL will break IPSec or PPTP and sometimes other protocols coming through router. I am looking for some good information on the interaction of CBAC, NAT and ACL as to what gets processed in what order, what interactions they have, if any, etc. Looking at TAC, I have found many articles on each, but not much that combines them. Anybody been successful using these all on the same router at the same time? Tom Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62727t=62727 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Help with CCIE Study's!!! [7:62547]
I have been a Network Engineer for over 3 years and have my CCNP. I have been reading posts and researching about CCIE. I am fortunate enough to have a lab with 9 routers and a 2924 switch. I would love to get a 3550, voice and ATM, but like you too much $$$. Help!!! I am so intimidated. I don't want to start down the wrong path in the beginning. I am not asking those CCIE's or guys who have taken the test and failed to break any NDA agreements, but Where to start? I have the books, Doyle, Satterlee, Caslow. I am going to start going through these, but how do you know when you are ready? After I have gone through these books I am planning on buying CCbootcamps lab subscription etc. Help!!! I guess I need motivation or a direction, can you talk to me about your road successful or not? My email address is [EMAIL PROTECTED] if you want to email me privately with the upmost confidentiality. I am not looking for a free ride or to cheat, but to not start out with bad habbits, and come up with an end. Thanks for reading my panic attack. Scratch __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62547t=62547 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Traceroute troubles [7:61247]
Priscilla Oppenheimer wrote: Here's how it works, from my book Troubleshooting Campus Networks, that everyone should get, especially if you are studying for the Support test for CCNP. It covers all topics for that test. Hey, my publisher won't do any marketing for me. I'll have to do it myself. Hope that's OK, if I keep it to a minimum. :-) Anyway, here's the info. (There are more details in the book.) Hey, I'm recommending it to my students. Does that mean I get promotional fee? :) Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61415t=61247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Traceroute troubles [7:61247]
Well, considering what she's probably getting paid for writing it, I doubt it. :( So, Priscilla (please note I didn't use any of the prohibited abreviations; wouldn't want to upset the boss), based on the hours you put in writing it, how many cents per hour are you making? Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem Larry Letterman wrote: Tom, That means you now work for Priscilla's marketing dept. Hope she pays you well.:) -- Larry Letterman Network Engineer Cisco Systems Tom Lisa wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Priscilla Oppenheimer wrote: Here's how it works, from my book Troubleshooting Campus Networks, that everyone should get, especially if you are studying for the Support test for CCNP. It covers all topics for that test. Hey, my publisher won't do any marketing for me. I'll have to do it myself. Hope that's OK, if I keep it to a minimum. :-) Anyway, here's the info. (There are more details in the book.) Hey, I'm recommending it to my students. Does that mean I get promotional fee? :) Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem [EMAIL PROTECTED] [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61423t=61247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network Academy Router Simulator [7:60894]
Materials provided by the Cisco Networking Academy program are for the exclusive use of students enrolled in the program even if they are free to them. Unless this instructor has received permission from Cisco to distribute it freely to anyone, he should have that area of the webpage password protected. In other words, yes, it appears to be a violation of Cisco's property rights. You might do this person a favor by reminding him of his responsibility to protect Academy resources from distribution to the public at large. Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem cheekin wrote: Hi all, I recently, kind of, stumbled onto an instructor's webpage that allows free, uncontrolled download of the Network Academy Router Simulator. Anyone who accesses this page can download this simulator. I believe the instructor is an academy instructor. Has there been any form of violation? Thanks, cheekin [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60963t=60894 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fwd: RE: CCIE Vs. BS or MS dergree [7:59481]
It is amazing to me how some individuals feel that they have a right to have their questions answered. This without even indicating that they have done any independent research on their own prior to querying the list. Oh well, Happy Holidays to all, and to all a good night! Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem Howard C. Berkowitz wrote: At 1:37 PM + 12/20/02, Mr piyush shah wrote: Dear friends It has been quite long that I have been hearing whether CCIE is superior or MS. I thing it is high time we should wrap the topic.I dont understand ,whether why this forum for ? It should b a purely technical. For a typically type of questioning like this, there are resposes which lasts for weeks but there are some questions for whom nobody seems to be bothered ? There was a queation which was thrown on this on TACACS ACS whether What could the issue that I am able to authenticate and not authorisation ,not a single person on this site bothered to answered ,not even Priscilla . Let's consider whether people bother to respond. First, remember that everyone who does so is volunteering their time. They are not a substitute for the TAC or reference materials. Have you considered that at the time you asked the question, Priscilla might be on vacation, another expert has limited list access while on business travel (perhaps behind a strict firewall), and two others are trying to finish projects for which they are paid? The latter might scan the list, but not have 10-30 minutes to write a post. Indeed, many of those experts do not have the answer memorized, but would have to look it up -- admittedly much faster than would a beginner. Which sounds to be very starnge. There are so many people who r new to networking tech ,hence comes with some querry which might b stupid to some of our colleages but pls ensure that u were also like them during your initial phase , The following is not meant to be a put-down, but a reality of how some people started in networking technology. I was first responsible for a network in 1970, using Bell 100 series modems (300 bps) to a PDP-11 running critical medical applications. Most links were acoustically coupled dialups, but we did have a few dedicated lines (again at 300 bps). With about 10 user ports on the machine, we sometimes just ran out. Since one of the dedicated lines was only needed for backups at night, and another for reporting, I realized I could switch them to dialup during the day. There was no Black Box Catalog or the like. I needed to get a copy of RS-232 and learn the wiring, decide how many pins I had to switch, go to the electronics store and get an appropriate rotary switch and other components, and physically build the box, soldering the wires to the switch. I made some incorrect assumptions the first time, and had to use electronic test instruments to find what I had done wrong -- it turned out I wasn't clear about the functions of the Pin 1 and Pin 7 grounds. At the same time all of this was going on, I was the head of software development for the medical applications, so needed to both design, write, and manage development, as well as researching expert system rules for blood banking and clinical chemistry. So no, not everyone had the luxury of a list or even colleagues. hence try to rectify the querry rather than spending your precious time on stupid questions like ccie is superior or MS , what is the salary of CCIE ? And I will be perfectly honest. Sometimes, I may be in a hurry when reading the list, and there's a stupid question that I can answer from personal experience. Even when I answer a technical question with which I am very familiar, I often check the documentation -- Cisco or IETF -- to be sure I'm referring to the right document. On another list, for example, there was a DNS question. I knew the answer was in RFC 1033, 1034, or 1035, but wasn't sure which, and didn't have time to look it up. I cited the three documents, and said I _thought_ it was 1034. Looking it up later, it was 1035. I hope the message is clear to everybody Regards PIYUSH Note: forwarded message attached. Missed your favourite TV serial last night? Try the new, Yahoo! TV. visit http://in.tv.yahoo.com X-Apparently-To: [EMAIL PROTECTED] via web8002.mail.in.yahoo.com; 20 Dec 2002 07:36:38 +0500 (IST) Return-Path: X-Track: 1: 100 Return-Path: Received: from groupstudy.com (66.220.63.9) by mta102.in.mail.yahoo.com with SMTP; 20 Dec 2002 07:34:44 +0500 (IST) Received: from localhost (mail@localhost) by groupstudy.com (8.9.3/8.9.3) with SMTP id CAA32069; Fri, 20 Dec 2002 02:04:32 GMT Received
Re: VLSM Question [7:58569]
If the test prep you are using is for the CCNA exam then C is the correct Cisco answer (the use of Class B/Class C terminology makes me think this is the case). This is because Cisco still insists, at the CCNA level, on computing subnets using the formula 2^n-2. This assumes that subnet zero and the all ones subnet are unusable. Therefore you have to create 16 subnets, resulting in 14 usable to get the required 8 subnets. In the real world, 255.255.224.0 is correct. BTW, what is the VLSM question here? HTH, Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem Richard Burdette wrote: A prep test I am using has a question for which I disagree with the answer. Here is the question If I had a Class B address, what subnet mask would I use if I wanted to split it into 8 class C addresses? a.255.255.240.0 b.255.255.255.0 c.255.255.248.0 d.255.255.254.0 The answer from the test is c. I think the answer is not even listed; 255.255.224.0 because to add eight additional subnets we need 2^3=8 bits of subnet which equates to 224 of mask. Am I right or wrong? Rich [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58605t=58569 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic - Missed it by that much - CCIE Lab report [7:58606]
Chuck, Sorry to hear you contracted the Agent 86 disease. However, it sounds like you won't have any problem the next time around. Good Luck, Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem The Long and Winding Road wrote: In the words of the esteemed Maxwell Smart, missed it by that much. Good test. Liked it a lot. Can't say much about the content, obviously. The 3550's were there. I think that those who have expressed reservations about this will find little to worry about. The Lab writers did a pretty good job of integrating the devices into the rack and the exam. I think I was more surprised by what I did NOT see than by what I did see. Wish I could say more. There were the usual off the wall requirements. I knew the names, or had heard of the technology, but had never practiced it. Here's where the doc CD came in handy. It was very easy to locate the information and do the required configuration. I did have one very odd problem I was unable to solve. My own practice, not to mention the doc CD configuration guide, told me that a particular configuration should have worked. But it didn't. I've mocked up the configuration here at home, and it took a total of 10 minutes to start from a router with no configuration and have it up and running correctly. But in the Lab it just would not work. I have an inquiry in to the CCIE Lab folks, asking them to check the rack. I believe there is a physical problem, although for the life of me I cannot come up with a plausible explanation as to why. I would get more specific, except this would be a direct violation of NDA. I will say that anyone who sits at rack 12 in San Jose - if you are absolutely certain your configuration is correct, tell the proctor. I hesitated to do so, and I paid the price. You'll know when you see it ;-) I did one stupid thing, and the more I think about it, I should have corrected it immediately when I discovered it. When I first created my notepad file with my alias commands, I stupidly did most of them as alias configure rather than alias exec Given that the lab is graded pretty much by scripts, I have this bad feeling that this mistake may have interfered with the operation of some of those scripts, meaning that I was not given credit for successfully completed tasks just because the script was unable to function properly. You are no longer given a point total in your report. When I counted up points in the late afternoon, I thought I had between 60 and 70. I had no reachability problems, save to one interface, and that interface had nothing depending upon it. I knew I didn't have enough points to pass, but I thought I was close. To judge from my score report, the final total was maybe 35-45 depending. As those of you who have been there know, the dependings will kill you every time. :-) I can say I had a lot of fun doing this test. That's probably part of the reason I failed - I'm having too much fun. I can also say I'm hot to trot. I can taste it. I'm yay close to passing, and I want back in as soon as I can get there. You can bet I'm checking CCO regularly for those open dates. Afterwards, I had the pleasure of hooking up with groupstudy regular Larry Letterman. Larry - thanks for the tour - it was impressive. I was reminded of exactly why I got into the tech business in the first place - the desire to do things like you are doing, important things, things that keep businesses competitive. You're doing a great job and I appreciate your taking some time to show me what you're working on. well, another time. Back on the road again. -- TANSTAAFL there ain't no such thing as a free lunch [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58606t=58606 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Regarding Router rental business? [7:58422]
dey shore r et r cologe! Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem B.J. Wilson wrote: Guys, the spelling is getting terrible. Even painful to read. Agreed. The three R's are *not* readin', routin', and 'rithmetic. ;-) BJ [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58520t=58422 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question about multicast [7:57423]
Dovelet, Use a static MAC address: (config)# mac-address-table 01.00.5e.11.22.33 fastethernet 0/1 fastethernet 0/2 fastethernet 0/3 vlan 1 Just make sure that the MAC address correctly represents the multicast IP. I chose the MAC address for 224.17.34.51, mainly because I'm not particularly creative. :) - Tom dovelet wrote: Hi all, I am using a Cisco Cat.2950 switch to connect the network. Assume I have 5 computers are connected to the switch. 3 of them will tell using multicast. I don't want the other computers listen this multicast. How can I control only these three switch ports can send and receive this multicast. Please node that all the computers do not support IGMP. Regards, Dovelet Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58046t=57423 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE R amp;amp;amp;S LAB [7:57050]
Charles, You can get the information from Cisco's web site using the following URL. It requires a CCO user account to access it though: http://www.cisco.com/en/US/partner/learning/le3/le11/learning_ccie_resource_guide.html#18 Relevant verbage in case you to not have a CCO account: 18. Lab Exam Content and Equipment Changes CCIE Candidates should note the following changes to the technical content and equipment for the CCIE Lab exam. The content changes affect the CCIE Routing and Switching Lab exam, while the equipment changes affect all CCIE certification tracks. The CCIE program continually monitors the topics and technologies covered in the CCIE certification tracks. The end result of this process is that a topic may be removed from the exam to allow greater emphasis on features or technologies that are more current in the industry. Therefore, effective November 4th, 2002, the following topics will no longer be tested on the CCIE Routing and Switching exam: IGRP Token Ring Token Ring Switching IPX Please note that DLSw+ will remain as a valid topic on the exam. Between September 1, 2002 and November 4th, 2002 all CCIE labs will replace the current Catalyst 5000 switches with Catalyst 3550 switches. However, the only switching features tested during this time will be those common to both devices - additional features on the Catalyst 3550 will only be tested beginning November 4th, 2002. Please note that except for the change in switches, no new topics are being added to the content covered by the Routing and Switching exam. However, many features currently tested will now be able to receive more weight on the exam beginning November 4th. If you have questions regarding these changes, please contact [EMAIL PROTECTED] . Please allow up to 72 hours for a response. - Tom cer wrote: Brad, Where did you get your information from, and is there a Cisco URL that I can look at to confirm? TIA, Charles Brad wrote in message news:200211081509.PAA29591;groupstudy.com... No, that stuff is now gone. thanks, -Brad Ellis CCIE#5796 (RS / Security) Network Learning Inc [EMAIL PROTECTED] www.optsys.net (Cisco hardware) Mike Peterson wrote in message news:200211071521.PAA27543;groupstudy.com... Hi All, Soon I will be going for the RS LAB and I am not seeing that CISCO took out :IGRP, IPX, Token Ring from the LAB yet. Does anyone knows why or they will still keep those on the LAB ? Thanks, [EMAIL PROTECTED] Tired of spam? Get advanced junk mail protection with MSN 8. archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57166t=57050 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How RIPv1 masks are determined - confused [7:57049]
Robert, I believe that your diagram should reflect R1's serial interface to R2 as s0/1 instead of s0/0. This caused me some confusion in trying to figure out the configs. Actually, there is still some confusion given the a duplicate IP (172.16.66.1) assigned to both routers on that serial link -- and that the routing updates are being sourced from that duplicate IP. Perhaps this was your intention??? Anyway, to help answer your question: I expected that the router would choose netmask belonging to the subnet of update source (172.16.66.1/25 in this case). This would make more sense - or maybe I am wrong?? The receiving router, R2 in this case, has no idea what the subnet of the update source is since this information isn't carried in the update itself. Instead, R2 assumes that the advertised RIP network has the same subnet as the network configured on its receiving interface. Since all three of the IP addresses belong to the same major network as the sender, all three are valid candidates for being the intended recipient of the update. The valid IP address that R2 seems to be using to interpret the advertised network is obviously 172.16.77.3/29. You make a strong argument that a more logical interpretation would be to use the local IP address 172.16.66.1/25 to interpret the route since it is the only IP address that is on the same subnet as the sending router (since the other IPs configured on the link should, based on normal IP rules, require another router to communicate with the sender). All documentation I've come across and configuration I have done indicates that the receiving router validates the update based on major network only, and then uses the mask of the locally configured address of that network to interpret the incoming networks. So, technically, interpreting the route as 172.16.77.0/29 isn't wrong -- it's just one of 3 possible ways of interpreting the advertised network. I'm curious as to whether your configuration works at all given the next-hop address (172.16.66.1) is also a valid IP address on R2. Are you able to ping 172.16.200.1 from R2? It seems to me that R2 should be dropping the traffic instead of forwarding it to R1. If R2 isn't dropping the traffic I'd like to know to why -- Was this intentional and part of your intended lab? Anyway, I hope that this provides some help. - Tom Robert Slaski wrote: Hi, I was almost sure I understood RIP a little. Until today, grr ;-) My goal was to inject 172.16.200.0/25 OSPF routes into 172.16.12.0/26 RIP domain and I tried to use secondary addresses to extend /25 to RIP domain. We have two routers connected via serial link on the edge of a network: R1 (s0/0) (s0/1) R2 (s0/0) the rest of a network. R1 is doing OSPF/RIP redistribution and R2 only in RIP domain: router ospf 666 log-adjacency-changes redistribute rip subnets network 172.16.100.0 0.0.0.7 area 1 ! router rip redistribute ospf 666 metric 6 passive-interface Serial0/0 network 172.16.0.0 distribute-list 1 out Serial0/1 ! access-list 101 permit ip 172.16.200.0 0.0.0.7 any R1: interface Serial0/1 ip address 172.16.66.1 255.255.255.128 secondary ip address 172.16.12.2 255.255.255.192 no ip split-horizon 172.16.0.0/16 is variably subnetted, 4 subnets, 3 masks O IA 172.16.200.0/25 [110/65] via 172.16.100.2, 02:29:30, Serial0/0 C 172.16.12.0/26 is directly connected, Serial0/1 C 172.16.100.0/29 is directly connected, Serial0/0 C 172.16.66.0/25 is directly connected, Serial0/1 R2: interface Serial0/0 ip address 172.16.77.3 255.255.255.248 secondary ip address 172.16.66.1 255.255.255.128 secondary ip address 172.16.12.1 255.255.255.192 clockrate 64000 172.16.0.0/16 is variably subnetted, 3 subnets, 3 masks C 172.16.12.0/26 is directly connected, Serial0/0 C 172.16.77.0/29 is directly connected, Serial0/0 C 172.16.66.0/25 is directly connected, Serial0/0 Now a RIPv1 update is received: Mar 1 01:12:44.149: RIP: received v1 update from 172.16.66.1 on Serial0/0 *Mar 1 01:12:44.149: 172.16.200.0 in 6 hops and the routing table looks now: C205.2.3.0/24 is directly connected, Loopback10 172.16.0.0/16 is variably subnetted, 4 subnets, 3 masks R 172.16.200.0/29 [120/6] via 172.16.66.1, 00:00:15, Serial0/0 C 172.16.12.0/26 is directly connected, Serial0/0 C 172.16.77.0/29 is directly connected, Serial0/0 C 172.16.66.0/25 is directly connected, Serial0/0 We see that an update about 172.16.200.0 was received from 172.16.66.1 (secondary of serial interface of R1) and installed in route table. But the netmask was chosen not as I expected: not /25 subnet locally configured on s0/0 (172.16.66.2/25) has been chosen but longest-match rule was applied and /29 mask configured on one of subinterfaces won. This behaviour get me confused. Doyle vol.1 doesn't even mention of choosing masks
Re: Slightly off Topic PIX [7:56994]
David, Absolutely. When specifying the translation commands, instead of specifying a full IP translation just specify the port. For example, assuming you wanted your public IP (12.12.12.12) to redirect HTTP traffic to 192.168.0.1 and HTTPS traffic to 192.168.0.2: static (inside,outside) tcp 12.12.12.12 80 192.168.0.1 80 netmask 255.255.255.255 0 0 static (inside,outside) tcp 12.12.12.12 443 192.168.0.2 443 netmask 255.255.255.255 0 0 conduit permit tcp host 12.12.12.12 eq 80 any conduit permit tcp host 12.12.12.12.eq 443 any - Tom Dave Tyler wrote: This is just a bit off topic and I have several questions about the PIX. We currently run a Symantec Enterprise Firewall and we are considering moving to a Cisco PIX 506E or 515E. The SEF runs DNS and has the ability to listen to a range of IP addresses on a single interface then proxy the calls. The question about a PIX is whether it can do the same thing? As I read the documentation from Cisco I did notice the SMTP redirection. Can the PIX redirect for https and http from different different public IP address calls on a single interface? Like OWA over https to one system and http traffic to a different system? David Tyler IT Manager Clear Technology Inc. [EMAIL PROTECTED] www.clear-technology.com This document, and any attachments, may contain confidential and proprietary information of Clear Technology, Inc. Any unauthorized dissemination or copying is strictly prohibited. If you are not the intended recipient, please destroy or return this document without reading or copying it, and notify us immediately. Clear Technology will protect its intellectual property rights to the maximum extent possible under law. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57169t=56994 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VoIP+QoS+xDSL+H.323Gatekeeper [7:57121]
Mark, It sounds like the voice traffic is being prioritized correctly since the voice is rock solid after the connection is made. Looking at your config this is strange as the default IP Precedence should be 0 for voice traffic and I do not see where you have specified this in your dial peer. Based on your explanation I would expect to see something like: dial-peer voice 1 voip destination-pattern . session target ... ip qos dscp cs5 media -or- dial-peer voice 1 voip destination-pattern . session target ... ip precedence 5 With the classification statements missing from your configuration, I would expect voice to be choppy and unintelligible. The default classification for router-originated voice traffic is supposed to be ip precedence of 0 (DSCP=00). Perhaps Cisco has changed this in the latest IOS releases? You should also have ip qos dscp cs5 signaling present in your dial-peer configuration to identify the signalling traffic as having IP precedence=5 so that it is classified correctly and sent down your voice PVC. As it stands now, your signalling traffic should be using your data PVC. You can find some decent QoS configuration examples on Cisco's web site relating to LLQ which might also help along these lines. Cisco usually recommends setting signaling to af31 and media to ef (to make sure that if signaling and media contend for bandwidth voice quality is not affected). Since your configuration is already classifying explicitly on ip precedence=5, it might just be simpler to set the ip precedence of both media and signaling traffic to 5. I hope this helps. :) - Tom Mark S wrote: For those of you trying to email me from the link in the message, here is the updated post. Sorry about the duplicate. *** Well, this should give you enough to chew on since voice is becoming a hot topic. I am trying to configure VoIP with QoS. Why over IP and not over ATM, you say? I have to controll the call with a H.323 Gatekeeper, and that is IP. My problem appears to be that the call setup (or maybe signalling?) appears to be delayed. The test results are as follows: If the WAN link is saturated with data packets PRIOR to establishing the voice call, the first 10 to 15 (approximately) seconds of the call are lost. After the call is established, voice is rock solid and no voice packets are delayed or lost. If the voice call is established PRIOR to saturating the WAN link with data packets, the voice call is rock solid and no voice packets are delayed or lost. Thoughts or configs would be appreciated. --Mark version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! logging buffered 4096 debugging ! memory-size iomem 25 ip subnet-zero ! no ip domain lookup ! ip cef ! voice call carrier capacity active voice rtp send-recv ! no voice hpi capture buffer no voice hpi capture destination ! vc-class atm vip vbr-rt 256 256 10 precedence 5 no bump traffic no protect vc no protect group ! vc-class atm normal vbr-nrt 192 192 precedence other no protect vc no protect group ! interface ATM0/0 ip address 1.1.1.254 255.255.255.0 ip nat outside no atm ilmi-keepalive bundle-enable bundle qosmap protocol ip 1.1.1.1 encapsulation aal5snap pvc-bundle data 0/37 class-vc normal pvc-bundle voice 0/36 class-vc vip ! dsl equipment-type CPE dsl operating-mode GSHDSL symmetric annex A dsl linerate AUTO h323-gateway voip interface h323-gateway voip id Gatekeeper ipaddr x.x.x.x 1718 h323-gateway voip h323-id Gateway ip rsvp bandwidth 64 64 ip rsvp resource-provider wfq pvc ! interface FastEthernet0/0 ip address 10.200.100.1 255.255.255.0 ip nat inside speed auto ! ip nat inside source list 1 interface ATM0/0 overload ip classless ip route 0.0.0.0 0.0.0.0 1.1.1.1 no ip http server ip pim bidir-enable ! access-list 1 permit 10.200.100.0 0.0.0.255 ! call rsvp-sync ! voice-port 2/0 station-id name StaID station-id number 111222 caller-id enable ! voice-port 2/1 station-id name StaID station-id number 111222 caller-id enable ! dial-peer cor custom ! dial-peer voice 1 voip destination-pattern T session target ras ! gateway ! line con 0 line aux 0 line vty 0 4 login ! no scheduler allocate end Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57139t=57121 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problems w/Hyperterminal?? [7:56619]
Greg, Let's be politically correct here. We are not suffering from Alzheimer's. We are merely enjoying the occurrence of randomly generated Senior Moments. Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem Greg Macaulay wrote: It's not nice to flame an active member of the Bar who is still in good standing Alzheimer's (Cisco type) may indeed be overtaking me here, but my legal brain cells are still quite sharp. So flame me at your own risk! Perhaps I can obtain enuf from a lawsuit to purchase an ISDN simulator Don't anybody take the above para in the wrong vein! I was simply having a bad day (and then I had to take my grandchildren trick or treating for hours -- while I searched through my Alzheimer-ridden brain cells to identify a solution to my problem. Now back to my problem. Greg Macaulay Oldest Human Being preparing for the CCIE Lab Lifetime AARP member Retired Attorney/Law Professor -Original Message- From: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com]On Behalf Of Tom Lisa Sent: Thursday, October 31, 2002 8:10 PM To: [EMAIL PROTECTED] Subject: Re: Problems w/Hyperterminal?? [7:56619] Priscilla, The real reason not to flame him is because he may come out of retirement and sue all of us! :) Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem Priscilla Oppenheimer wrote: I wouldn't flame the oldest CCDP on the planet ;-), but, what do you mean you can't ping from HyperTerminal? HyperTerminal just gets you serial access to the console port. Priscilla Greg Macaulay wrote: Hi all -- I'm suffering thru a terrible newbies type problem and cannot seem to identify the error of my ways. I know it's something very basic -- and it brings back memories of high school geometry homework where I stared at objects for hours on end trying to understand!!! The thrust of my pitiful situation is: I cannot ping from hyperterminal -- altho' I can readily ping from a DOS prompt on the same PC. I have the parameters set properly 8-N-1-None -- and I have tried with the TFTP server setup on the same PC and on another in my home network (I have 10 pcs in my home network -- most old -- but they still work!). Neither works. Any suggestions. And please don't waste time flaming me -- I know I should be able to figure this out -- but even after researching the archives and CCO, I am no closer to a solution than I am to passing the LAB on the first try! So any and all helpful suggestions would be welcome. Thanks to all -- in advance!! Greg Macaulay Oldest Human Being preparing for the CCIE Lab Lifetime AARP member Retired Attorney/Law Professor [EMAIL PROTECTED] [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56707t=56619 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problems w/Hyperterminal?? [7:56619]
Priscilla, The real reason not to flame him is because he may come out of retirement and sue all of us! :) Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem Priscilla Oppenheimer wrote: I wouldn't flame the oldest CCDP on the planet ;-), but, what do you mean you can't ping from HyperTerminal? HyperTerminal just gets you serial access to the console port. Priscilla Greg Macaulay wrote: Hi all -- I'm suffering thru a terrible newbies type problem and cannot seem to identify the error of my ways. I know it's something very basic -- and it brings back memories of high school geometry homework where I stared at objects for hours on end trying to understand!!! The thrust of my pitiful situation is: I cannot ping from hyperterminal -- altho' I can readily ping from a DOS prompt on the same PC. I have the parameters set properly 8-N-1-None -- and I have tried with the TFTP server setup on the same PC and on another in my home network (I have 10 pcs in my home network -- most old -- but they still work!). Neither works. Any suggestions. And please don't waste time flaming me -- I know I should be able to figure this out -- but even after researching the archives and CCO, I am no closer to a solution than I am to passing the LAB on the first try! So any and all helpful suggestions would be welcome. Thanks to all -- in advance!! Greg Macaulay Oldest Human Being preparing for the CCIE Lab Lifetime AARP member Retired Attorney/Law Professor [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56645t=56619 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hate cisco's new site? [7:56236]
I can't get to cisco.com either, must be down. Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando Restituit Rem Carroll Kong wrote: Well, a few work arounds. You can just go straight to the documentation CD (right now the site seems down for me, ugh, so I cannot verify 100%, the links are pretty close, and if you navigate hard enough it really just links back to the universal cd anyway) http://www.cisco.com/univercd/ OR just go to the bottom right and click on GO TO THE OLD SITE. And presto you get your old site back. Ironically it usually takes a very long time to load the old site As for general navigation, if you guys want to find docs, I think it was under support, hardware (for stuff like the pix) and software for IOS, then you can drill down and one of them eventually brings you back to the universal cd. ;) While I hate it too, but come on guys we are powerful Cisco Study candidates, we should be able to solve anything that comes up quickly! If we can crunch Cisco problems we can navigate this new nasty site as well! :) I used to bitch about the old one and am now totally screwed... I guess I'll learn to like it ;-( Tim sam sneed wrote in message news:200210241956.TAA01985;groupstudy.com... Am I the only one that hates Cisco's new site? I can't find anything that I'm looking for on the there. Its driving me up the wall. -Carroll Kong [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56286t=56236 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Catalyst 8540CSR [7:56172]
Been running a few 8540CSR's for a couple of years now. E-mail me off-topic, and we can exchange information. -Tom Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56197t=56172 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP Candidates - Free Study Sources for new BSCI exam [7:55732]
I refuse to respond any further on the grounds it may encourage you further, as if you need any! :) Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Howard C. Berkowitz wrote: At 11:20 PM + 10/15/02, Tom Lisa wrote good stuff about IS-IS. I have one question, if it doesn't break NDA. Is there anything about Bill Clinton's definition of IS-IS? Perhaps a menage a trois? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55732t=55732 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP Candidates - Free Study Sources for new BSCI exam [7:55747]
Your Honor, I rest my case! Howard C. Berkowitz wrote: At 6:57 PM + 10/16/02, Tom Lisa wrote: I refuse to respond any further on the grounds it may encourage you further, as if you need any! :) I see you have recognized I am incorrigible, and you refuse to incorrige me. Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Howard C. Berkowitz wrote: At 11:20 PM + 10/15/02, Tom Lisa wrote good stuff about IS-IS. I have one question, if it doesn't break NDA. Is there anything about Bill Clinton's definition of IS-IS? Perhaps a menage a trois? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55747t=55747 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP Candidates - Free Study Sources for new BSCI exam [7:55648]
All- The link below to ciscopress provides information on the new BSCI exam as well as links to pertinent material on CCO about IS-IS. Also, in mid-Nov they will be providing free chapters on-line about IS-IS. http://www.ciscopress.com/link.asp?link=54 Here are the links they provide if you want to go directly there and not pass go. IS-IS: A Brief Introduction http://www.ciscopress.com/content/images/1587200015/downloads/ISIS.pdf?session_id={009BD592-28D3-4DB9-BB97-99F0C2697AAD} Introduction to Intermediate System-to-Intermediate System Protocol http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/insys_wp.htm Configuring IS-IS for IP on Cisco Routers http://www.cisco.com/warp/public/97/is-is-ip-config.html Configuring Integrated IS-IS http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt2/1cdisis.htm (No NDA or IPR violations occurred in the creation of this email) {:-) HTH, Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55648t=55648 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF for ISPs [7:54540]
Howard, Is there an audio tape that goes with the slides. If so, I'd being willing to pay so I could show this presentation to my CCNP students, including the shameless plug. BTW, liked your concise explanation of CIDR vs VLSM. Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Howard C. Berkowitz wrote: At 2:58 PM + 9/30/02, Don wrote: Rather than run OSPF to customers, it is generally much better to have them use a default route to the ISP and for the ISP to run static routes to the customer. OSPF to the customer is a huge land mine for the ISP and should be avoided in almost every case. Don I agree completely with Don that an ISP _never_ should link its IGP to that of the customer. Don't fall into the trap of assuming that BGP needs a full routing table or will consume excessive resources. I remain confused why a default route wouldn't serve, unless there are multiple connections between the ISP and customer. By send the block to the customer, do you mean the block is in the customer's space? You could certainly use a second static route, which can be generated automatically as part of your address assignment (see my NANOG presentation, http://www.nanog.org/mtg-9811/ppt/berk/index.htm). If that's not appropriate, have the customer announce his two blocks to you with BGP and receive default from your BGP. Chris Headings wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Good morning all. I was wondering if someone could lend me a little help about engineering OSPF in the backbone for an ISP network. I just had a couple of questions and hopefully someone can give me some guidance.or even some CCO links with some specific examples or better yet any material anywhere. Say, for example, that a customer has a small block of IP's and a distribution router knows where that block is, via a connected route, like a /30 on a serial link. But later down the line the customer requests an additional block of 64 IP addresses, what is the best way to send this block to the customer? Do I need to run OSPF on the customer equipment? If the customer router is not running OSPF, how do the routers know how to get to this destination? I assume via static routing??? Thanks as always. Chris [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54565t=54540 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: LAN Design [7:54023]
I'm hurt to say the least. I touch on all of those, albeit briefly. After all, I'm not teaching CCDA/DP courses. Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Priscilla Oppenheimer wrote: Thank-you very much for the recommendations for Top-Down Network Design. I probably don't express my gratitude often enough to the many people who bought the book. I suspect that we may be helping a Cisco Networking Academy student with homework. ;-) This sounds a lot like the exercises they do. That program has a tendency to teach a bottom-up design methodology that focuses on physcial size and technology/media selection, before gaining an understanding for: business and political concerns budget user expectations for reliability, response time, etc. application requirements for bandwidth, delay, etc. appliation behavior in terms of broadcasts, traffic patterns, etc. You all did a good job of pointing out the importantance of these concepts, so I will say no more. Priscilla Chuck's Long Road wrote: Tim Medley wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... If you are serious about designing this netwoek and designing ir correctly for scalability and functionality, pick up a good network design book. My reccomendation is Top Down Network Design, by Priscilla Openheimer. U have two copies one at home and one at the office, I refer to this tome quite often. Great book, excellent methodology. CL: a good book indeed. the irony here is that oftentimes, particularly in smaller environments, the person who has to make these decisions is under a severe time constraint, and does not have time to attain the background that all of us study. back in the days when I was a network manager, I never had time to learn this stuff. my own road to correct network thinking began after I was downsized. :- Tim Medley, CCNP+Voice, CCDP, CWNA Sr. Network Architect VoIP Group iReadyWorld -Original Message- From: Jimmy [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 24, 2002 11:01 PM To: [EMAIL PROTECTED] Subject: LAN Design [7:54023] If i have to design network for 3 storey on a building. There are around 200-300 workstations in 2 storey each. Is it advisable to use Ethernet to link them up. As for the other storey it is for admin purpose. The distance is around 150m between the further storey. However it is possible to put a switch/router at the middle for interconnect. Cheers, Jimmy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54140t=54023 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: LAN Design [7:54023]
Yes, Sem1 does concentrate on Layer 1. We teach the concepts from the bottom up. But, as we all know, Top Down Network Design is best. Didn't someone write a book on it? All good design starts by getting Layer 8 issues resolved first. Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Priscilla Oppenheimer wrote: Tom Lisa wrote: I'm hurt to say the least. I touch on all of those, albeit briefly. After all, I'm not teaching CCDA/DP courses. Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy I'm sure experienced, knowledgable professors such as yourself do teach design in a well-rounded fashion. ;-) It's more the Academy course materials I was concerned about. They teach design from a cabling, hardware, product viewpoint, which does have some value, by the way. As Chuck mentioned, you have to think about the positioning of wiring closets, the MDF, etc. Cisco Networking Academy harps on that a lot, from what I remember. Priscilla Priscilla Oppenheimer wrote: Thank-you very much for the recommendations for Top-Down Network Design. I probably don't express my gratitude often enough to the many people who bought the book. I suspect that we may be helping a Cisco Networking Academy student with homework. ;-) This sounds a lot like the exercises they do. That program has a tendency to teach a bottom-up design methodology that focuses on physcial size and technology/media selection, before gaining an understanding for: business and political concerns budget user expectations for reliability, response time, etc. application requirements for bandwidth, delay, etc. appliation behavior in terms of broadcasts, traffic patterns, etc. You all did a good job of pointing out the importantance of these concepts, so I will say no more. Priscilla Chuck's Long Road wrote: Tim Medley wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... If you are serious about designing this netwoek and designing ir correctly for scalability and functionality, pick up a good network design book. My reccomendation is Top Down Network Design, by Priscilla Openheimer. U have two copies one at home and one at the office, I refer to this tome quite often. Great book, excellent methodology. CL: a good book indeed. the irony here is that oftentimes, particularly in smaller environments, the person who has to make these decisions is under a severe time constraint, and does not have time to attain the background that all of us study. back in the days when I was a network manager, I never had time to learn this stuff. my own road to correct network thinking began after I was downsized. :- Tim Medley, CCNP+Voice, CCDP, CWNA Sr. Network Architect VoIP Group iReadyWorld -Original Message- From: Jimmy [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 24, 2002 11:01 PM To: [EMAIL PROTECTED] Subject: LAN Design [7:54023] If i have to design network for 3 storey on a building. There are around 200-300 workstations in 2 storey each. Is it advisable to use Ethernet to link them up. As for the other storey it is for admin purpose. The distance is around 150m between the further storey. However it is possible to put a switch/router at the middle for interconnect. Cheers, Jimmy [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54186t=54023 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CVOICE book: VoATM and VoFR [7:53909]
Priscilla wrote: I have gotten quite a few of these simple voice/data networks up and running. It's very easy. There is no Call Manager! And, as you mentioned, the major benefit is that you bypass long-distance charges because you simply use the existing data network. You may need to prioritize voice, and break up big data packets to get the low level of delay required for voice, but other than that, there's not much to it For many purposes there's not much for the network administrator to do, as you mention. In other contexts such as a company that has a bunch of expensive PBXs that have to be integrated onto the WAN portion of the data network, one must exercise care to benefit from bypassing PSTN and other legacy solutions. Later steps can be taken to evolve to the full AVVID solution discussed in the CIPT book, but for now I have to focus on the Cvoice model, namely, using VoFR, VoATM and VoIP to stop the hemorrhage of funds into legacy long-distance voice networking. Getting those PBXs talking to each other over an FR or ATM cloud is no small matter, and the economic benefit is huge. -- TT Original Message Subject: RE: CVOICE book: VoATM and VoFR [7:53567] Date: 19 Sep 2002 00:29:26 - From: [EMAIL PROTECTED] (Priscilla Oppenheimer) Organization: GroupStudy.com Discussion Groups Newsgroups: groupstudy.cisco Tom Scott wrote: Having asked about VoMPLS transcoding from analog voice to MPLS frames without intermediate IP packets, my lab partner noticed that the CVOICE book (edited by Steve McQuerry etal) discusses VoFR and VoATM (chapters 8 and 9): analog+---+ +---+ analog phone A1 | | ATM | | phone B1 ... | rtr A | or FR | rtr B |... analog | | cloud | | analog phone Ai +---+ +---+ phone Bj Are we reading this correctly, that the analog phones plug into the cisco routers and the analog voice traffic is transformed into FR frames or ATM cells, with no IP packets in between? It makes sense to do it that way in some applications. For example, if you have a call center in a distant suburb across a LATA line or two, that services a metropolitan area, then you'd want to bypass long-distance charges if at all possible. This seems like an easy way to do it. But what handles the call control? Does the router do that? Some of the diagrams in the CVOICE book have no PBX (or CCM) in them. Does the router translate the call-control signaling from the analog phone into corresponding pass-through signaling in the ATM/FR packets (sort of like user-to-user signaling that could be passed through SS7, in this case the users are the routers and the network is the ATM/FR switches)? Yup, you got it, although it may be even simpler than you imagine. Before AVVID, Cisco did VoIP, VoFR, and VoATM, as discussed in the CVOICE class. With these solutions, you simply connected analog phones to FXS ports on routers. The routers digitized and compressed the dialed digits and the voice itself and packetized it. If it was VoATM or VoFR, there was no IP. The data was simply put into data-link-layer frames (or cells with ATM). You asked about the call-control signaling from the analog phone, but how much would there be? These phones would be your basic $5.99 KMart special with no bells and whistles, so to speak. The router provides dial tone and picks up the dialed digits and forwards them to the other router. As you can probably tell, I'm not a telepony expert, but I have gotten quite a few of these simple voice/data networks up and running. It's very easy. There is no Call Manager! And, as you mentioned, the major benefit is that you bypass long-distance charges because you simply use the existing data network. You may need to prioritize voice, and break up big data packets to get the low level of delay required for voice, but other than that, there's not much to it. The original CVOICE class covered only these types of solutions and I'm sure the book still has a lot of this flavor, although both the book and the newer version of CVOICE also cover newer solutions too these days probably. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com -- TT Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53909t=53909 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Question [7:53832]
Well... Close. I was using conduit statements more so than access lists. After seeing what you had put down, I think my error was in the global statement. I had... global (outside) 1 interface Tom Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53875t=53832 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]