Help Please! BGP question, why do I get Not advertised to any [7:31528]
BGP question, why do I get Not advertised to any peer Below is from an isolated lab configuration, appologies to the actual owners of any addresses of AS numbers used. I have two routers connected together via a serial line. They are in AS400. They are both connected to AS100 via another serial line. Both have a route map affecting advertisements to AS100. They each have an ethernet with a /24 on it. The /24 is getting into BGP via a network command. The two routers have the loopbacks 6.6.6.6 and 9.9.9.9 network 100.0.0.0 /24 is connected to the ethernet of router 6.6.6.6 network 100.0.1.0 /24 is connected to the ethernet of router 9.9.9.9 When I am on router 6.6.6.6 and I look at the advertisement of network 100.0.1.0 /24 is looks fine When i am on router 9.9.9.9 and I look at the advertisement of network 100.0.0.0 /24 it says Not advertised to any peer Any ideas why the difference Why can't 100.0.0.0 be avertised to any peer? Both routers have been rebooted. The configs look almost identical. router_#sho ip bgp 100.0.1.0 BGP routing table entry for 100.0.1.0/24, version 2 Paths: (1 available, best #1, table Default-IP-Routing-Table) Advertised to non peer-group peers: 10.0.0.17 Local 10.0.0.38 from 10.0.0.38 (9.9.9.9) Origin IGP, metric 0, localpref 100, valid, internal, best router_#show ip bgp 100.0.0.0 BGP routing table entry for 100.0.0.0/24, version 9 Paths: (1 available, best #1, table Default-IP-Routing-Table) Not advertised to any peer Local 10.0.0.37 from 10.0.0.37 (6.6.6.6) Origin IGP, metric 0, localpref 100, valid, internal, best router interface Loopback0 ip address 6.6.6.6 255.255.255.255 ! interface Ethernet0 ip address 100.0.0.1 255.255.255.0 ! interface Serial0 ip address 10.0.0.18 255.255.255.252 ! interface Serial1 ip address 10.0.0.37 255.255.255.252 ! router bgp 400 no synchronization bgp log-neighbor-changes network 100.0.0.0 mask 255.255.255.0 neighbor 10.0.0.17 remote-as 100 neighbor 10.0.0.17 route-map set_meds out neighbor 10.0.0.38 remote-as 400 no auto-summary ! ip classless ip route 9.9.9.9 255.255.255.255 10.0.0.38 no ip http server ! access-list 20 permit 100.0.0.0 access-list 21 permit 100.0.1.0 route-map set_meds permit 10 match ip address 20 set metric 5 ! route-map set_meds permit 20 match ip address 21 set metric 10 Router ! interface Loopback0 ip address 9.9.9.9 255.255.255.255 ! interface Ethernet0 ip address 100.0.1.1 255.255.255.0 ! interface Ethernet1 no ip address ! interface Serial0 ip address 10.0.0.38 255.255.255.252 no fair-queue clockrate 200 ! interface Serial1 ip address 10.0.0.34 255.255.255.252 clockrate 200 ! router bgp 400 no synchronization bgp log-neighbor-changes network 100.0.1.0 mask 255.255.255.0 neighbor 10.0.0.33 remote-as 100 neighbor 10.0.0.33 route-map set_meds out neighbor 10.0.0.37 remote-as 400 no auto-summary ! ip classless ip route 6.6.6.6 255.255.255.255 10.0.0.37 no ip http server ! access-list 20 permit 100.0.0.0 access-list 21 permit 100.0.1.0 route-map set_med permit 10 match ip address 21 set metric 5 ! route-map set_med permit 20 match ip address 20 set metric 10 Tom Pruneau Technical Trainer Network Operations GENUITY 225 Presidential Way Woburn Ma. 01888 --- This email is composed of 82% post consumer recycled data bits --- Once in a while you get shown the light in the strangest of places if you look at it right Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31528t=31528 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP question, why do I get Not advertised to any peer [7:31468]
BGP question, why do I get Not advertised to any peer Below is from an isolated lab configuration, appologies to the actual owners of any addresses of AS numbers used. I have two routers connected together via a serial line. They are in AS400. They are both connected to AS100 via another serial line. Both have a route map affecting advertisements to AS100. They each have an ethernet with a /24 on it. The /24 is getting into BGP via a network command. The two routers have the loopbacks 6.6.6.6 and 9.9.9.9 network 100.0.0.0 /24 is connected to the ethernet of router 6.6.6.6 network 100.0.1.0 /24 is connected to the ethernet of router 9.9.9.9 When I am on router 6.6.6.6 and I look at the advertisement of network 100.0.1.0 /24 is looks fine When i am on router 9.9.9.9 and I look at the advertisement of network 100.0.0.0 /24 it says Not advertised to any peer Any ideas why the difference Why can't 100.0.0.0 be avertised to any peer? Both routers have been rebooted. The configs look almost identical. router_#sho ip bgp 100.0.1.0 BGP routing table entry for 100.0.1.0/24, version 2 Paths: (1 available, best #1, table Default-IP-Routing-Table) Advertised to non peer-group peers: 10.0.0.17 Local 10.0.0.38 from 10.0.0.38 (9.9.9.9) Origin IGP, metric 0, localpref 100, valid, internal, best router_#show ip bgp 100.0.0.0 BGP routing table entry for 100.0.0.0/24, version 9 Paths: (1 available, best #1, table Default-IP-Routing-Table) Not advertised to any peer Local 10.0.0.37 from 10.0.0.37 (6.6.6.6) Origin IGP, metric 0, localpref 100, valid, internal, best router interface Loopback0 ip address 6.6.6.6 255.255.255.255 ! interface Ethernet0 ip address 100.0.0.1 255.255.255.0 ! interface Serial0 ip address 10.0.0.18 255.255.255.252 ! interface Serial1 ip address 10.0.0.37 255.255.255.252 ! router bgp 400 no synchronization bgp log-neighbor-changes network 100.0.0.0 mask 255.255.255.0 neighbor 10.0.0.17 remote-as 100 neighbor 10.0.0.17 route-map set_meds out neighbor 10.0.0.38 remote-as 400 no auto-summary ! ip classless ip route 9.9.9.9 255.255.255.255 10.0.0.38 no ip http server ! access-list 20 permit 100.0.0.0 access-list 21 permit 100.0.1.0 route-map set_meds permit 10 match ip address 20 set metric 5 ! route-map set_meds permit 20 match ip address 21 set metric 10 Router ! interface Loopback0 ip address 9.9.9.9 255.255.255.255 ! interface Ethernet0 ip address 100.0.1.1 255.255.255.0 ! interface Ethernet1 no ip address ! interface Serial0 ip address 10.0.0.38 255.255.255.252 no fair-queue clockrate 200 ! interface Serial1 ip address 10.0.0.34 255.255.255.252 clockrate 200 ! router bgp 400 no synchronization bgp log-neighbor-changes network 100.0.1.0 mask 255.255.255.0 neighbor 10.0.0.33 remote-as 100 neighbor 10.0.0.33 route-map set_meds out neighbor 10.0.0.37 remote-as 400 no auto-summary ! ip classless ip route 6.6.6.6 255.255.255.255 10.0.0.37 no ip http server ! access-list 20 permit 100.0.0.0 access-list 21 permit 100.0.1.0 route-map set_med permit 10 match ip address 21 set metric 5 ! route-map set_med permit 20 match ip address 20 set metric 10 Tom Pruneau Technical Trainer Network Operations GENUITY 225 Presidential Way Woburn Ma. 01888 --- This email is composed of 82% post consumer recycled data bits --- Once in a while you get shown the light in the strangest of places if you look at it right Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31468t=31468 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
cat 1900 what's the diff between mac-adx-table restricted and [7:14498]
The CCNA study guide does a real poor job (as does the cisco command reference) of describing exactly what the difference between mac-address-table restricted and mac-address-table permananet does. Resticted seems to just make sure that only a specific source mac can be plugged into a specific port But permanent seems to route frame with a specific destination mac out a specific interface (or interfaces) Which to me seems like routing, and I'm hard pressed to figure out why you would want to do that statically. Any feedback would be appreciated Thanks Tom Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 8AM-4PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- Once in a while you get shown the light in the strangest of places if you look at it right Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14498t=14498 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: no ip classless [7:7100]
Cisco routers by default are still classfull, even though the internet has long since gone classless. For a router to effective understand CIDR routes that don't fall on classfull boundrys it is necessary to turn off the default by executing the command ip classless If for some reason you live in a time warp, and your network is fully classfull, and you just got a used router from someone who was using it on a classless network, and you wanted to convert it back to being classfull you would execute the command no ip classless. Why Classless? Lets say you have a large network, and you happen to own a class A network. Lets say the 5.0.0.0 network. Lets say that one of the interfaces on your router connects to another router which connects to your larger network. Let say that on your end the interface address is 5.0.0.1 /30 and on the other end the address is 5.0.0.2 /30. Lets say you have a default route pointing out the serial interface that has the 5.0.0.1 interface. If you then tried to reach something else in the 5.0.0.0 network, say 5.1.2.3, the packet would go to your router. (remember our router is configured for classfull, the default). Then your router would say to itself hey I have an interface in the 5 network, that means that all of 5.0.0.0 /8 must be connected to me, but I don't see the specific network I'm trying to reach (5.1.2.3) sop I guess it doesn't exist so I'll throw the packet away That's what happens if your router is set to classful SO to recap Classfull cisco default BAD Classless need ip classless command GOOD hope this helps Tom At 12:31 PM 06/04/2001 -0400, [EMAIL PROTECTED] wrote: In what situation would you use the command no ip classless? Cisco's site says ip classless --- This command allows the software to forward packets that are destined for unrecognized subnets of directly connected networks. The packets are forwarded to the best supernet route. no ip classless --- When this feature is disabled, the software discards the packets when a router receives packets for a subnet that numerically falls within its subnetwork addressing scheme, if there is no such subnet number in the routing table and there is no network default route. When would you use this in the real world? Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 8AM-4PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- Once in a while you get shown the light in the strangest of places if you look at it right Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=7139t=7100 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Transparent Bridging ? [7:7126]
It sounds to me like you still have a layer three address somehwere on one of your routers, and that you maight still have a default gateway on one of your PCs pointing to that adx. I would pose the question, are both PC's configured to be on the same network? DO they have the same mask? If either of them have a default gateway configured I would turn that off for the testing just to limit the number of variables. If the routers arte configured to be bridges they should be totally transparent. You should not be able to ARP them because ARP requires a destination IP address, and if they are just bridges they won't have any IP addresses my $.02 At 03:22 PM 06/04/2001 -0400, Philip Barker wrote: Hi Group, I vill say ziss only vonce. Okay, its my second attempt at trying to work out how I can bridge IP across to 2500's. I have 2 2500's configured with no ip routing. 2 PC's are connected at either end, i.e one to bridge 1 and one to bridge 2. I have a sniffer on both PC's. I am attempting to ping from one PC to the other. IEEE spanning tree is applied on both bridges. The bridges are connected via a serial cable and the serial ports of the bridges as well as the Ethernet ports are in bridge group 1. I have verified spanning tree operation and one of the serial ports has been elected root port on bridge 1, the other bridge is the designated bridge. Ref : Radia Perlman, Interconnections p.83. So far so good. I have configured the PC's with a default gateway to the IP address of each of the bridges. When I attempt to ping from one PC to the other, I can see from my Sniffer trace that the PC ARP's for the MAC Address of the bridge, this ARP is successful and the PC then sends out an ICMP echo request. This echo request appears to be my problem since the destination MAC address of this packet contains the Ethernet Mac address of the local bridge and the local bridge consequently disregards the packet. Should the PC have an ARP entry installed for the destination IP address that I am pinging ? Has anyone achieved this scenario ? or am I way off mark with my thinking here. The reason I set this LAB up was because so many questions appear to be being asked at CCIE written level akin to this setup i.e can PC 1 ping PC 2 in similar arrangement using (RSRB/DLSW+/SRB etc) Any comments welcome. Regards, Phil. Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 8AM-4PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- Once in a while you get shown the light in the strangest of places if you look at it right Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=7143t=7126 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF summary-address question [7:6487]
remember that with ospf if you are redisting a network without its classfull mask IE if you are using the network 10.0.0.0 255.255.255.0 that you must use the subnets keyword, or else the route will not be redistributed. Or something like that. As with everything on cisco's it assumes classfull (whgich is long dead) as a default and you must use a special command to get CIDR (which is the defacto standard on the internet) to work go figure At 01:38 PM 05/30/2001 -0400, [EMAIL PROTECTED] wrote: I'm working through Slatterly and Hutchnik's Lab Practice Kit and I'm stuck on the very last portion of their OSPF lab. In this portion of the lab they have OSPF redistributing into IGRP. On the router with OSPF and IGRP, the IGRP interface has an IP address with a 24 bit mask. Because of this, the OSPF networks being redistributed into IGRP need to have 24 bit masks. The book's recommendation was to add a summary-address command to the OSPF process to set the OSPF networks being redistributed into IGRP to a 24 bit subnet mask. This would be affecting the redistribution from OSPF into IGRP. My understanding was that the summary-address command was to affect networks being redistributed into OSPF. Also, adding the summary-address command doesn't work for me, although using the area range command on an ABR does allow the routes to be successfully redistributed into IGRP. Can someone tell me if the summary-address command is supposed to work in this scenario and if there are any gotchas in getting it working. Thanks, Rob The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 8AM-4PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- Once in a while you get shown the light in the strangest of places if you look at it right Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6496t=6487 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP question [7:4973]
Greetings All I think the context of some of the conversation is missing. BGP can handle any class of address, and in fact the BGP being run on the net at present (BGP4) is classless. The whole reason for CIDR was that it was intended to shrink the size of the BGP routing tables. SO them saying BGP will only work with class C is totally bogus! BUT Any ISP running BGP will implement a BGP policy, a hopefully uniform way in which they do BGP routing and handle BGP peering with their customers. There may be rules they have set up regarding how they do BGP, and you may be asking for something outside of the capabilities of their Policy. That doesn't mean BGP can't do it, it means they do not do that. As for your having a class A address. Who do you work for? There are only 127 class A addresses, mopst belonging to ISPs or the Government, or Reserved. I can think of one compnay who has a Class A, HP, they have the 15.0.0.0 network. However if you have a RFC1918 Class A that you're using that's a whole different story. What is your address range, and which ISP told you they couldn't handle class A addresses? Inquiring minds want to know Tom Rizzo Damian wrote: Hey folks, I have a quick question regarding BGP. We are looking for an alternative ISP for our Internet. One company we spoke with that offers a 100MB connection, said that in order to use their services we need to implement BGP on our Internet router. We currently utilize a class A address on our Internet router, and they said BGP will only work with Class C addresses. I don't know enough about BGP yet to argue this fact, so I turn to you to ask if you agree or disagree with this comment? Thanks a lot! -Rizzo FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 8AM-4PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- Once in a while you get shown the light in the strangest of places if you look at it right Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=5275t=4973 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CEF Question [7:3891]
What is the difference between doing the commands show adjacency and sho ip cef adjacency How does the information which is output differ? What are they telling you? omm Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 8AM-4PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- Once in a while you get shown the light in the strangest of places if you look at it right Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3891t=3891 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP Dampening, What is a flap? [7:1128]
Greetings All I am in the process of writing a BGP class, at present I am specifically working on a section covering dampening. My question is "what is a flap" The two possible answers are: Answer one A flap is whenever path information changes for a route. By this definition if a route goes away, that would be a flap. When the route comes back, that would be another flap. So a route going away then coming back would be 2 flaps. Answer two A flap is a route transition from up to down back to up. So a route going away then coming back would count as one flap. I am mucking with this in my lab and the lab would seem to indicate that answer two is the correct one, but when I read the Sam Halabi copyright 1997 internet routing architectures book, page 440 and 441 it says the answer is Answer one. I am at best confused Any help? Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 8AM-4PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1128t=1128 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CAT 5000 what does port status inactive mean?
I have a catalyst switch and a number of its ports are showing up as inactive. The cisco web page does not list inactive as one of the possible values in the status field of a show port command, yet there it is Anyone know what this means? They were not connected until I assigned them to a VLAN, then they showed up as inactive Thanks Tom cat5000-3 (enable) sho port Port Name Status Vlan Level Duplex Speed Type - -- -- -- -- -- - 1/1 notconnect 1 normal half 100 100BaseTX 1/2 notconnect 1 normal half 100 100BaseTX 2/1 inactive 4 normal auto auto 10/100BaseTX 2/2 inactive 4 normal auto auto 10/100BaseTX 2/3 inactive 4 normal auto auto 10/100BaseTX 2/4 inactive 4 normal auto auto 10/100BaseTX 2/5 inactive 4 normal auto auto 10/100BaseTX 2/6 inactive 4 normal auto auto 10/100BaseTX 2/7 inactive 4 normal auto auto 10/100BaseTX 2/8 inactive 4 normal auto auto 10/100BaseTX 2/9 inactive 4 normal auto auto 10/100BaseTX 2/10inactive 4 normal auto auto 10/100BaseTX 2/11inactive 4 normal auto auto 10/100BaseTX 2/12inactive 4 normal auto auto 10/100BaseTX 3/1 inactive 331normal auto auto 10/100BaseTX 3/2 inactive 331normal auto auto 10/100BaseTX 3/3 inactive 331normal auto auto 10/100BaseTX 3/4 inactive 331normal auto auto 10/100BaseTX 3/5 inactive 332normal auto auto 10/100BaseTX 3/6 inactive 332normal auto auto 10/100BaseTX 3/7 inactive 332normal auto auto 10/100BaseTX 3/8 inactive 332normal auto auto 10/100BaseTX 3/9 inactive 333normal auto auto 10/100BaseTX 3/10inactive 333normal auto auto 10/100BaseTX 3/11inactive 333normal auto auto 10/100BaseTX 3/12inactive 333normal auto auto 10/100BaseTX 3/13inactive 334normal auto auto 10/100BaseTX 3/14inactive 334normal auto auto 10/100BaseTX 3/15inactive 334normal auto auto 10/100BaseTX 3/16inactive 334normal auto auto 10/100BaseTX 3/17inactive 335normal auto auto 10/100BaseTX 3/18inactive 335normal auto auto 10/100BaseTX 3/19inactive 335normal auto auto 10/100BaseTX 3/20inactive 335normal auto auto 10/100BaseTX 3/21inactive 336normal auto auto 10/100BaseTX 3/22inactive 336normal auto auto 10/100BaseTX 3/23inactive 336normal auto auto 10/100BaseTX 3/24inactive 336normal auto auto 10/100BaseTX 4/1 notconnect 1 normal auto auto 10/100BaseTX 4/2 notconnect 1 normal auto auto 10/100BaseTX 4/3 notconnect 1 normal auto auto 10/100BaseTX 4/4 notconnect 1 normal auto auto 10/100BaseTX Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 8AM-4PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: how to find snmp traffic for an interface
Create an access list on that interface that permits the specifed traffic. Then periodically check the access list and see how many mathces it has had. Also don't forget to put a permit ip any any at the end of your access list to let through all the other taffic which wasn't explicitly permited At 02:31 AM 02/27/2001 -0800, pratik shah wrote: Hi all, I want to find out is there any way i could find out how many bytes/packets are being transferred on an interface that is of a particular protocol. I want to find out snmp overhead on an interface. thanks in advance pratik __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 8AM-4PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Spanning Tree Question - Root Port Selection
When switch send spanning tree updates those updates are sent in BPDUs (bridge protocol data units). The BPDU will have a source mac address associated with the originating switch/VLAN number. If a switch recieves multiple BPDUs that indicate the same root cost it will pick the one which came from the switch with the lowest (I'm pretty sure it's lowest and not highest but I may be wrong) MAC address. There is also a port priority which I believe (I'm not sure) can be configured to aid in the selection of the root port At 09:01 AM 02/06/2001 -0600, Jim Dixon wrote: Hi Nathan, Have you read Radia Perlman's Interconnections. There are two. The second edition I believe is the latest. She wrote spanning tree. This book does cover it in detail. ISBN# 0201634481 At the time I looked Amazon had a used one in GOOD condition for 15 bucks. (FYI) -Original Message- From: Miller, Nathan - BSC [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 06, 2001 8:09 AM To: [EMAIL PROTECTED] Subject: Spanning Tree Question - Root Port Selection I have been looking for a while for further documentation of the process by which a switch selects its root port. Most of the books that I have searched for this information say something similar to the following quote from a CCO page: "A bridge's root port is the port through which the root bridge can be reached with the least aggregate path cost, a value that is called the root path cost." My problem is that they all seem to stop there. My question is this. If the root path cost is the same on multiple switch ports, how does STA determine which is the root port? Does it follow the same course as it would when selecting a designated port (root bridge, root path cost, sender ID, sender port). Many thanks for your thoughts. Nathan Miller _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 8AM-4PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP unnumbered and OSPF
Greetings Karl I can't remember exactly where I read that , but I did. More specifically you can't have ip unnumbered on an interface running OSPF because there is no address to be neighbors with. If what you want to do is have a router with some ospf interfaces and some other interface not running ospf, and you want unnumbered on the non-OSPF interfaces, I think taht would be OK. Tom At 03:22 PM 01/31/2001 -0500, Karl R. West wrote: Refresh me please... I remember reading some where why you should not have IP UNNUMBERED running on the router your going to put OSPF on. Can some one refresh my memory. Regards, Karl _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ip route question
I think it will work, but I suspect there is a caveat. Think about it, Lets say your ethernet 0 interface is 1.1.1.1 /24 and you have a default route ip route 0.0.0.0 0.0.0.0 ethernet 0 then lets say my router receives a packet destined for an IP address it doesn't otherwise know a route to, let's say 10.10.10.10 how could that work? How would it know which device (assuming there are multiple devices) on the ethernet to send the packet to? With that default router I am assuming that you would have to arp for the mac address associated with 10.10.10.10 If a device on the ethernet knew a route to 10.10.10.10, and it had proxy arp enabled, then it could respond to the arp and the packet would be sent to it. Proxy arp is usually on by default on a per interface basis on ciscos. You can see if proxy arp is on by doing a show ip interface e0 (or whatever number interface you're dealing with) But I'd bet if you had proxy arp turned off it would not work! Tom At 11:31 AM 12/29/2000 -0600, Stull, Cory wrote: I know I'm showing my ignorance here but I'm tired of trying to find the answer on CCO. Must be looking in the wrong places. I just saw a Boson question asking about ip route 0.0.0.0 0.0.0.0 int ethernet0 I thought you could only point static routes like that out of point to point interfaces? For example: ip route 0.0.0.0 0.0.0.0 int ser0 Cory _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF transport question...
its protocol 89 At 08:55 AM 11/22/2000 -0600, Brian wrote: On Wed, 22 Nov 2000, keith wood wrote: OSPF routes IP data. What part of the IP stack does OSPF itself run over? Is it TCP, UDP or does it interface directly onto IP (as ICMP does). My protocol diagrams dont make it that clear, and a search of the cisco website seems to tell you about how OSPF is structured but not how it actually is transported - any ideas? OSPF has its own IP protocol number, like EIGRP. Brian Thanks. Keith _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: switch port IP address
I'm not sure what is downstream of your switch, what types of devices, but I'm pretty damn sure that there is no command on a catalyst switch (a layer two device) which will tell you the IP addresses of the devices connected to it. The switch not only doesn't know, it doesn't care. Presumably you have a router which is upstream of the switch and all devices hanging off of the switch have the ip address of the router interface (which connects to the switch) as their default gateway. Only the router will know the IP addresses. Depending on your needs and urgency the only way to really deal with this would be to write a script which takes the cam table from the switch (which will list mac addresses and ports to which they connect) and the arp table from the router (which will map mac addresses to IP addresses) and match them up so you end up with a list of IP associated with MAC associated with switch port. I am pretty much positive the switch doesn't know the ip addreses. As you mentioned cdp neighbor detail will tell you the address, but that will only work for cisco devices running cdp. Doesn't help you at all for devices from other manufacturers. At 02:25 PM 11/14/2000 -0500, Peter Van Oene wrote: What about looking at the arp cache "sh ip arp" or "sh cam dynamic" This will list the port, mac, ip relationships on a switch. Pete *** REPLY SEPARATOR *** On 11/14/2000 at 11:51 AM Sites, Bob wrote: I guess I need to clarify this a little. Yes, I'm talking about Cisco switches, 6509 5000's. No, I'm not looking for MAC addresses. I thought that there was a command that would list the IP of all connecting devices on (all) ports on the switch. The "sho cdp nei det" or other variations only shows the ip of the ports that are "trunking." I need all of the ports, not just the trunking ports. Any ideas? Can someone refresh my memory on this. What is the command on a switch that will show you the IP address of connecting devices on the ports? Can't seem to get any hits in the archives. I use it so seldom I've forgotten what it was? Bob Sites, CCNA System Engineer _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ********* Access List Enquiry **************
I think it is the normal practice because historically that was the only capability which routers had (filtering on destination ports) and as the IOS became more capable people were either unsure, or reluctant to change their ways. The second example is more secure, and to take it a step further (towards tighter security) I would filter on established too (where appropriate). The gt 1023 refers to the random high numbered port that a hosts assigns for the response to any packet sent to a well known port. Another observation of your example is that you are filtering on TCP port 53. TCP port 53 is only used for zone transfers between a 2ndry and a primary DNS server. Normal lookups, the type done by the majority of hosts on the net, use UDP port 53. Tom At 10:28 PM 10/30/2000 +0800, GNOME wrote: Hi All Which one of the access-list is normally use? Example 1 --- access-list 102 permit tcp any host 172.16.0.1 eq 80 access-list 102 permit tcp any host 172.16.0.1 eq 53 Example 2 --- access-list 102 permit tcp any gt 1023 host 172.16.0.1 eq 80 access-list 102 permit tcp any gt 1023 host 172.16.0.1 eq 53 (notice the gt 1023) I saw from most of the books that Example 1 is common. I don't know what is the normal practice generally Appreciate if anyone can share with me his/her comments. Thanks alot Regards Orion [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2511 Flash Memory Question
Greetings All I have a 2511 with 4 MB of flash in it. I need to upgrade the IOS needs 7MB. I tried canabalizing another 2511 I had and adding it's 4MB to the 1st routers 4MB making what I believed to be 8MB. But when I tried to tftp the new image over I still got an error saying not enough memory, and yes I had opted to erase the flash first. When I went and looked at the flash the router saw it as two 4MB cards instead of 1 8MB. What do I need to do to get the flash blended together to act as 1 8MB? Thanks Tom Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP Question
Does anyone know what the size of the ConnectRetry timer is? Is this a configurable value? If so what is the command used to configure it? I checked the TAC and searched for ConnectRetry timer and got nothing of suybstance back. The RFC references the ConnectRetry timer but makes no mention oof it size, more so it seems to indicate that its size is a vendor proprietary value from 1654 "The exact value of the ConnectRetry timer is a local matter, but should be sufficiently large to allow TCP initialization." If you know the answer, where did you get it from? I have the Halabi BGP book as well as the John Stewart book, is there another poeice of reference material which would aid in delving deeply into BGP? Thanks for the assistance Tom Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP Question?
Does anyone know what the size of the ConnectRetry timer is? Is this a configurable value? If so what is the command used to configure it? I checked the TAC and searched for ConnectRetry timer and got nothing of suybstance back. The RFC references the ConnectRetry timer but makes no mention oof it size, more so it seems to indicate that its size is a vendor proprietary value from 1654 "The exact value of the ConnectRetry timer is a local matter, but should be sufficiently large to allow TCP initialization." If you know the answer, where did you get it from? I have the Halabi BGP book as well as the John Stewart book, is there another poeice of reference material which would aid in delving deeply into BGP? Thanks for the assistance Tom Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Arcane BGP question
Greetings All I have a fairly Arcane BGP question, so any help will be appreciated I'm specifically looking at the flags in the attribute type field of the update packet. Bit 0 is the optional/well known bit Bit 1 is the transitive/non-transitive bit What I can't figure out is what determines whether a well known attribute is a "well known mandatory" or a "well known discretionary" mandatory and discretionary don't seem to be the same thing as transitive and non-transitive (although they do seem similar) but there is no bit (at least according to the documentation I'm referenceing (internet routing architectures by halabi and BGP 4 by John Stewart) which specifically states whether a well knonw is mandatory or discretionary. Any Help? Thanks Tons Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Napster Question
How about just permitting established connections. That should do it, only allowing responses to you requests At 12:16 AM 10/03/2000 -0400, Dorroh, Hunter wrote: Hello everyone, I searched through the archives and found lots of good information on blocking but I did not see anything on the possibility of allowing users to connect to Napster and download music but NOT be permitted to upload. Any thoughts on how to allow this to happen via PIX or IOS FW? I was thinking this might limit a company's legal exposure. Thanks, Hunter -Original Message- From: Trevor Corness, CCNA [mailto:[EMAIL PROTECTED]] Sent: Friday, September 29, 2000 3:49 PM To: Hal White; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Napster Question The list went through this several times already. Blocking ports , , , is useless.. since Beta6, Napster has been able to work on ANY port, INCLUDING 80.. so to kill Napster, you would have to kill all access to http/tcp80.. NOT good. Blocking the IPs is the best and most thorough solution at this time. Also, besides blocking the access to the main Napster sites will block most users, and for those that go around it, there should be a user policy in place. It is not totally your job to govern what the users do and do not do.. the users should also be held responsible. Put a political policy in place, and if it is broken by a user by using something such as opennap, discipline from management will solve this issue. Regards, Trevor Corness, CCNA MCSE MCP+I Network Systems Engineer, DataCom BMS Communications Ltd. http://www.bmscom.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hal White Sent: Friday, September 29, 2000 11:55 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Napster Question Blocking these IP addresses will only block users from accessing the main napster servers and will not block access to other napster servers, such as, opennap, which can be found easily by using the napigator program. The best way to block Napster is to block the ports that the client uses which are ,,,. Don't quote me on these ports because I can't find my documentation at the moment, but I think they are right. Hal From: "Fowler, Joey" [EMAIL PROTECTED] Reply-To: "Fowler, Joey" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: Napster Question Date: Fri, 29 Sep 2000 13:15:19 -0400 If you search the archives it has some info on this, but I just implemented it this morning and it seems to working here. If you are using PIX firewall (or any other) create an access list using the outbound and apply commands to block the following addresses: 208.184.216.0 /24 208.178.167.0 /24 208.178.163.61 208.184.175.130 208.184.175.131 208.184.175.132 208.184.175.134 208.49.239.242 208.49.239.247 208.49.239.248 People will start wandering by your desk asking if you've ever heard a program called Napster. I personally like to dumb. Joey -Original Message----- From: Tom Pruneau [mailto:[EMAIL PROTECTED]] Sent: Friday, September 29, 2000 12:29 PM To: [EMAIL PROTECTED] Subject: Napster Question Greetings Group Does anyone know what ports Napster usies for handshaking? Inbound, outbound port number? What would it take to block Napster? Thanks Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UP
OSPF MaxAge Question
Greetings All I am trying to determine what the actual numeric value of OSPF MaxAge is The RFC (2328) makes about a million references to MaxAge but it never tells you what number it is (I suspect it may be vendor dependant). I looked through the cisco web, and rthey reference MaxAge a couple of times but never tell what ity is. The OSPF Network Design Solutions book (by Thomas Thomas) doesn't even talk about it, which is a bit irritating. SO the question is; What is MaxAge? (what number) I know what it does, just not what number it is Thanks Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HELP - OSPF question
It depends on what type of a stub area you are talking about Stubs block type 5 LSAs (allow 3 and 4) Totally stubby block 3, 4, and 5 Not so stubby NSSA block type 5 but can have ASBRs within them, which send out type 7's (which are converted to type 5's by the ABR (allow 3 and 4) Not so stubby totally stubby areas block 3,4, and 5 but can have ASBRs within them, which send out type 7's (which are converted to type 5's by the ABR my $ .02 At 11:07 AM 10/02/2000 -0400, Bradley J. Wilson wrote: I'd agree that that's a typo, or just a plain mistake. Stub areas block type 4 and 5 LSAs, and totally stubby's go even further and block the type 3's as well. - Original Message - From: Miller, Nathan (AZ15) To: [EMAIL PROTECTED] Sent: Monday, October 02, 2000 10:49 AM Subject: HELP - OSPF question The ACRC Exam certification guide from Cisco press (ISBN 0735700753) states on page 156 that a stub area "...will not accept external summary routes. The LSAs blocked are types 3 and 4 (summary link LSAs that are generated by the ABRs)." The paragraph then goes on to state that in a stub area the only way that a router can see out of the AS is via a default route but that the router can see all networks within the AS. It seems to me that a stub area would accept the type 3 and 4 summary LSAs from the ABRs but that it would not access the type 5 LSAs (external summary). Am I missing something here? Thanks in advance for your thoughts. Nathan Miller **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: weird bgp flapping problems!!
also when you say your line went down, check your logs and see if it didn't go up and down a hundred times or so within a brief period of time, this type of behavior wouldhave a much more adverse affect on BGP then the line just going down and staying down for a while then coming back up At 10:40 AM 10/02/2000 -0400, Howard C. Berkowitz wrote: At 12:22 AM -0500 10/2/2000, Yee, Jason wrote: hi anyone knows why when my link goes down for 2 mins and up again BGP is still flapping and regains its full functionality only after several hours , by right it should come up by itself quite fast after the serial came up right . It should not be down for several hours when my link is only down for 2 minutes . Any form of input would be greatly appreciated thanks Jason You haven't given enough information for more than a guess. BGP problems rarely can be assessed in relation to a single link, but rather with respect to a routing system. Given those disclaimers, check to see if the route is being dampened. -- "What Problem are you trying to solve?" ***send Cisco questions to the list, so all can benefit -- not directly to me*** Howard C. Berkowitz [EMAIL PROTECTED] Technical Director, CertificationZone.com Senior Product Manager, Carrier Packet Solutions, NortelNetworks (for ID only) but Cisco stockholder! "retired" Certified Cisco Systems Instructor (CID) #93005 **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Napster Question
Greetings Group Does anyone know what ports Napster usies for handshaking? Inbound, outbound port number? What would it take to block Napster? Thanks Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Easing Internet backbone traffic..thoughts..!
Well actually the "Big 11" ISPs which were refferred to in the article do the same thing with each other. Most of the big ISPs privately peer with each other (avoiding overcrowded MAEs etc.) and having been doing so for some time. Do a few traceroutes and see. If you are not directly connected to one of the "Big 11" or more correctly "Tier One" ISPs then you are probably connected to a smaller DSP (downstream provider) who is directly connected to them. You hand your traffic to youre DSP, they hand it to their upstream ISP who in turn hands it to whichever Tierone ISP the destination address hangs off of (or something like that). There are a lot of smaller fish who still move their traffic through the MAEs (which tend to be slow and congested) and the Tier One ISPs still maintain a presence at the MAEs, they just don't peer with everyone there. The thing to keep in mind is that traffic on the net tends to be asynchronous so its important that both the outbound and the return path for a connection have ample available bandwidth. This is what drives a lot of the peering relationships the Tier One ISPs enter into; a garantee that both sides have a robust coast to coast network. If you bought a direct connection from a Tier one ISP you should get the same level (if not better) of throughput you would get from Internap My $.02 At 09:57 AM 09/28/2000 -0700, Erick B. wrote: I looked at that article, and it sounds kind of like a old approach to a new problem. Go to X company who has access to everything and you'll be set. In the long term, it's going to cost lots of $ to maintain a connection to every backbone ISP and associated costs with each of those connections. I don't know what they charge their customers, but for local companies it may be cheaper in the long term to run fiber and connect directly to their network perhaps. --- Ejay Hire [EMAIL PROTECTED] wrote: It kind of violates the way it's supposed to work though. If everyone skips off to an alternate backbone service, Will we still keep upgrading the existing (free/mostly free) backbone? Original Message Follows From: Priscilla Oppenheimer [EMAIL PROTECTED] Reply-To: Priscilla Oppenheimer [EMAIL PROTECTED] To: "Nigel Taylor" [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Easing Internet backbone traffic..thoughts..! Date: Wed, 27 Sep 2000 18:23:55 -0700 Sounds like a creative way to optimize traffic forwarding on the Internet. Seems a bit like MPLS, but more real-time. Locating the company in Seattle is probably a good idea. Not only is Amazon in Seattle, but maybe they'll get Microsoft as a customer too? Hopefully some of the gurus will comment also. Thanks for telling us about this interesting article. Priscilla At 11:17 PM 9/27/00, Nigel Taylor wrote: Hi All, http://www.eetimes.com/story/OEG2926S0089 I was reading this article over at EE Times and was wondering if you folks had any thoughts on what this means or how it applies to the already existant/non-existant BGP routing policies between the Major players(digex, UUNet, MCI etc) Howard, I'm really interesting in yuor thoughts on if this could be a solution to the Internet routing problem seeing the current inexperience and knowledge of BGP in the use of the protocol. __ Do You Yahoo!? Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! http://photos.yahoo.com/ **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ACL question
I'm not sure I quite understand the question, but based on what I think is being asked, I would say that allowing only traffic addressed from the local lan to enter the router through the local ethernet interface would prevent anyone on the local lan from using a spoofed address to launch and attack onto the internet. The profelactic result would be similar to using Reverse Path Verification on the upstream router. my $ .02 At 10:19 AM 09/25/2000 -0500, [EMAIL PROTECTED] wrote: What are the advantages/disadvantages/logic behind creating an access list that would permit only the local subnet to access and enter a router's one and only ethernet LAN interface? For instance, if one creates E0 to have IP address 192.168.16.1/24 would it be sensible to create an access list to permit only the 192.168.16.0 subnet to enter the router? Or would this be redundant, implied and unnecessary? Thank you, Raul De La Garza III CCNA NNCSS MCSE CNE Senior Network Engineer EmCare Incorporated Work 214.712.2085 Mobile 817.991.7889 FAX 214.712.2444 Pager 877.270.9755 e-mail: [EMAIL PROTECTED] WHEN a man begins to think that the grass will not grow at night unless he lies awake to watch it, he generally ends either in an asylum or on the throne of an emperor. ?G.K. Chesterton **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BECN s on Frame-Relay
BECNs are mesages from the network; sourced by the network switches which the telco has control over, they are used to inform end devices or frame-relay subscribers (like yourself) that they (the telco switch) have entered a congested state. If elevated traffic levels continue the switch will begin to relieve congestion by selectively discarding frames with the DE (discard eligible) bit set to one. In other words these messages (BECNs) are intended to make users aware of a possible degraded network state. Its a warning (from the Telco) saying if you're over utilizing your link, back off because we're gonna have to start dropping frames if this congestion doesn't subside. If you notice continual accrual of BECNs causing you grief (delays, latency etc) you might want to get the telco to reconfigure your path (PVC) through their network. At 09:26 AM 09/25/2000 -0700, Patrick Stiever wrote: Ladies and Gentlemen, I have question on BECN s on a Frame-Relay Link. What would I have to configure on the Routers to eliminate them, would it be a matter of setting up buffers? Any info would be helpful. Thanks. Patrick Stiever Communications Engineer 24 Hour Fitness (760) 918 4459 [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
problem , terminal servers being hung
Greetings All I currently have a ticket open with the cisco TAC on this , but it's been open for over a week and they are just scratching their heads (or virtually scratching their heads). I have a lab environment. There are a number of routers in the lab, most 2500 series but also a couple of 4000s. The routers console ports are all connected to terminal servers (two of them with the routers in the equipment racks). These terminal servers are then on a network. There is also a classroom with a mix of dumb terminals and PCs running terminal emulators (hyperterminal). The dumb terminals and OCs are tied into a third terminal server which is in the classroom. Students go from ther classroom terminal server into the lab one and connect to the routers. The problem is is that when they disconnect (using cntrl-shft-6 x) the lines on the router end tend to stay busy. I can log into the lab terminalk servers (either of them) and see that even though the student has disconnected the line is still busy. I can clear the lines (clear line #) or clear disconnect the session (disco #) but the line just comes busy again. The only way to clear it is to reboot the router. The intent was fro students to be able to access the console ports of many different routers. It seems line when twe break the cxonnection on the lab terminal server that the router is still trying to talk to it so it busies the line ansd there is then no way to get in (other than a reboot). I can't believe the terminal servers are supposed to work like this (which is what the TAC is implying). You should be able to log into a router; log out; then have someone different log in. Isn't that the whole point of a terminal server? I have swapped cables and terminals servers so I know that that is not the problem. Any Ideas? Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF question...
Greetings Eric On a router (lets call it router A) , if you have seperate OSPF processes; lets say process 1 and process 2 They will NOT be mixed on router A. Router A will have two seperate OSPF tables. When you do a show ip route you should see both but I suspect the routes from process 1 will have a 1 in front of them somewhere and the ones from process 2 will have a 2 in front of them somewhere. You were correct in saying that the only way to get the routes from process 1 into process 2 (or vice versa) is to redistribute them. Keep in mind though that that separation only happens on router A lets say router A has three interfaces s1 s2 s3 s1 is connected to router B s2 is connected to router C s3 is connected to router D s1 is listed in its network statement (on router A) under process 1 s2 and s3 are listed under process 2. Usually when you have multiple processes its for a reason, your intent is to somehow segregate your network. Lets say Routers B and C are also running process 2 If you were to accidentally hook router A s1 to the router B or C connection you would then effectively mix the routes from the 2 processes. Advertisements pay no attention to the process number. All they care about is if you're a neighbor and your password is correct (and your timer values are the same). hope that helps Tom At 10:48 AM 6/8/00 -0500, McMasters, Eric wrote: Okay I have been looking for this answer and I still can't find it, so I am bringing my question to all of the OSPF guru's that reside on this list. Here is what I want to know. I know that you can run multiple routing processes on a single router, i.e. router ospf 1 and router ospf 2 Now will the networks that are configured under the each of these processes know about networks in the other process, without redistributing? Will they maintain separate routing tables? If so, will all the routes be displayed when issuing the "show ip route" command? I just want to know if the networks that are configured under each process will be logically separated on the router, or will they share the same routing table? I'm getting frustrated, since I can't find the answer and the 6 cups of coffee that I've already had aren't helping mattersI appreciate any and all responses, and the time that you take in reading my caffeine induced rants and raves..thank you! Eric L. McMasters, CCNP/CCDA OSSN - Sr. Network Engineer Phone:913.859.1986 PCS:913.485.9734 Fax: 913.859.1234 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF RIP
Also OSPF allows VLSM At 11:30 AM 5/23/00 -0700, Billy Monroe wrote: Hello: An interviewer asked if I could enable RIP and OSPF on the same network. I answered that it is possible to overlap protocols, but it is not recommended. I said that OSPF has an Administrative Distance lower than RIP, so OSPF will be the procotol in use. Is that a complete/correct answer ? Billy CCNA ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: dual ip address per ethernet interface
Also be aware that any traffic from that router , like ping responses etc, will probably have the interfaces primary address as the source address of any packets the router sends out. At 02:40 PM 5/24/00 +1000, Justin Vo wrote: Hi all, I'm just about to implement the dual ip address on a single Ethernet interface. Has anyone encounter any problems regarding this setup ? or any potential flaws against this. Any comments are appreciated. Kind regards, Justin Vo [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access-lists
The reply coming back will be on a random numbered port greater than 1023, if you open up all UDP ports greater than 1023 then the response will be allowed back in. Also you probably don't need to permit TCP domain. ALl DNS lookups happen using UDP port 53. DNS zone transfers (which only need to happen between primary and secondary servers) are the only machines which need TCP port 53. So if you permit UDP port 53 out and UDP greater than 1023 back in it should work fine. If you want to make your filters a bit beefier you could permit only packets which have a destination port of UDP 1023 and a source port of UDP 53 (since the response will be coming from a DNS server it will be on UDP port 53). Tom At 11:22 AM 5/18/00 +0300, Palis Michael wrote: I am configuring an access-list in oder to allow only WWW and DNS to go into my net. Here is the configuration internetrouter--internal network access list is access-list 110 permit tcp any any eq www access-list 110 permit tcp any any eq domain access-list 110 permit udp any any eq domain access-list 110 deny ip any any the access list in applied as inbound to serial interface of the router The problem is that user on the internal netwotk cannot browse. I beileve that the above access-list denies the reply packets from the internet. Any suggestion will be appreciated Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
