Caslow's BRS book... [7:40438]
Hi all, I have a copy of Caslow's Bridges Routers Switches for CCIEs which I am using to study for the CCIE written.. but I have the first edition. Can anyone comment on the amount of new stuff that's been added to the second edition? Is it worth going out and re-purchasing a book I already have? Just curious what everyone thinks... -Travis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=40438t=40438 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Switch Design Question [7:39888]
Although most of the latency comes from your wireless link and the ISP connection, it still doesn't mean you shouldn't optimize the setup a bit. You mentioned in a later email that the reason for switch2 and 3 is that they needed more ports. That's fine, and there's nothing wrong with that type of configuration. The only real problem here is that in a simple network (without much redundancy that is...) all of your critical devices should be plugged into the same switch so they can communicate over the fast backplane of the switch. For that reason, I would pick one of the two switches, and call it the core switch. Take switch2, since it obviously has the required fiber ports already. So on Switch2, plug in all your servers, key users, and links to other switches hubs (including the wireless bridge). That way all of the high-traffic devices are sharing the same physical switch. [PC]---[Switch1]---Fiber---[Switch2]---[WirelessBridge]---distance2miles---[ WirelessBridge]---[4Switch10Mb]---[Router]---[ISPInternet] | [Switch3] Although that won't affect the speed of your Internet access (the ISP is still the bottleneck), it reduces the number of points of failure (switch3 can fail without affecting any users except the ones plugged into switch3), and might provide some speed increases for the network as a whole. -Travis KM Reynolds wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All, I am looking at this configuration: [PC]---[Switch1]---Fiber---[Switch2]---[Switch3]---[WirelessBridge]---distan ce2miles---[WirelessBridge]---[4Switch10Mb]---[Router]---[ISPInternet] The switches are all consist of 10Mb ports. The question. Whould it not be a better design to take out switch2 and switch3 and replace it with one switch with more ports. This would elimate one switch to traverse when the clients are accessing the Internet. Any thoughts on this or if you see other things that may help with the design. TIA KM _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39970t=39888 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Switch Design Question [7:39888]
Although most of the latency comes from your wireless link and the ISP connection, it still doesn't mean you shouldn't optimize the setup a bit. You mentioned in a later email that the reason for switch2 and 3 is that they needed more ports. That's fine, and there's nothing wrong with that type of configuration. The only real problem here is that in a simple network (without much redundancy that is...) all of your critical devices should be plugged into the same switch so they can communicate over the fast backplane of the switch. For that reason, I would pick one of the two switches, and call it the core switch. Take switch2, since it obviously has the required fiber ports already. So on Switch2, plug in all your servers, key users, and links to other switches hubs (including the wireless bridge). That way all of the high-traffic devices are sharing the same physical switch. [PC]---[Switch1]---Fiber---[Switch2]---[WirelessBridge]---distance2miles---[ WirelessBridge]---[4Switch10Mb]---[Router]---[ISPInternet] | [Switch3] Although that won't affect the speed of your Internet access (the ISP is still the bottleneck), it reduces the number of points of failure (switch3 can fail without affecting any users except the ones plugged into switch3), and might provide some speed increases for the network as a whole. -Travis KM Reynolds wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All, I am looking at this configuration: [PC]---[Switch1]---Fiber---[Switch2]---[Switch3]---[WirelessBridge]---distan ce2miles---[WirelessBridge]---[4Switch10Mb]---[Router]---[ISPInternet] The switches are all consist of 10Mb ports. The question. Whould it not be a better design to take out switch2 and switch3 and replace it with one switch with more ports. This would elimate one switch to traverse when the clients are accessing the Internet. Any thoughts on this or if you see other things that may help with the design. TIA KM _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39971t=39888 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Lab equpment recommendation [7:39966]
Have a look at the Home Network white paper at http://www.ccprep.com/resources/cc-whitepapers/ccpapers.htm (watch the word-wrap) -Travis Shawn Sousa wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Yes I've seen thatI guess I should be more specific. Does anyone have a list of equipment that details how much to buy of each particular router and switch. In otherwords, what would it take to build a self-sufficient home lab to prep for the Lab Exam? Thanks for the reply Reggie! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39974t=39966 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: I love this caveat!
Actually, it causes twice as many bugs... but they're coming out with the 14400 soon... - Original Message - From: "Howard C. Berkowitz" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 02, 2001 7:25 PM Subject: Re: OT: I love this caveat! Open caveat in 12.1(7): CSCds22442 A Cisco 3600 series router will stop sending out Local Management Interface (LMI) packets. Workaround: Replace the Cisco 3600 chassis with a Cisco 7200 series platform. I wish all bug workarounds were this easy! Expensive, but easy g Are you sure? I will observe that 3600 is half of 7200. Would the 7200 fix two buggy 3600s? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 1 Mbps ATM PVC running BGP
First thing I would check is traffic-shaping parameters. Ask your ISP for _exact_ shaping specs for your PVC. If there is a mismatch on either side, one of you will drop cells. Once a single cell drops, you start re-transmitting entire packets... Then you might drop a cell from the re-transmitted packet. basically all hell breaks loose. Hope this helps, Travis - Original Message - From: "Ibrahim" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 16, 2001 5:42 AM Subject: 1 Mbps ATM PVC running BGP Hi, I've 1 Mbps ATM PVC (VBR-nrt)to other ISP and trying to run BGP on it. But the BGP is always up and down (for 2-3 minutes). Anyone have experienced with kind this problem ? Also I always can't get success when I'm doing ping using 4000 bytes datagram through this PVC although the MTU on the ATM interface is 4470 bytes. regards Ibrahim _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: No Domain Server Found
One possible reason is that if your PDC is also your proxy server, you should check what packet filtering you are performing on the proxy server. If it is not allowing packets to the correct ports for RPC and Netlogon type services (I don't know which ports those are off hand, but I'm sure support.microsoft.com can help you out with that one), then you won't be able to communicate with the PDC to authenticate. Travis Gamble - Original Message - From: "Mr. Oletu Hosea Godswill, CCNA" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, January 11, 2001 3:34 AM Subject: No Domain Server Found Hi all, I have a little problem with my LAN. Most likely I am not think alright = presently. In a bid to preserved our public IP Address, I installed a proxy Server = Software on one of the PCs that have a public IP Address, this PC is = connected to a central Switch to which the main radio gateway to our = Service Provider is connected. The Proxy Server host PC have two NICs installed one pointing outside = and the other pointing inward. I assigned private IP Address 192.168.z.x = to the one pointing inward. The other PCs in the LAN have address ranges = of 192.168.z.x+1. The internet explorer was configured to use the proxy = to connect to the internet. When I try to log into the domain from the workstations, I keep = receiving the message 'No Domain Server Available to validate your = Password.". When I click Okay, and the systems boots. I found out = that I can ping the Domain controller and other workstations in the LAN = and can as well browse the internet via the proxy on the Domain = controller, but when I click Network Neigborhood I can only see the = current workstation. This senerio had been working fine for me in my former place of work, = the only difference is that both NICs from the Proxy server PC are not = connected to the Switch, one is connectec directly to the gateway and = the other to the LAN. I believe I am missing something out somewhere, the multi-million dollar = question is 'What is that?. Thanks in advance. OLETU Hosea Godswill, CCNA. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
LANE over PVCs
Hi all, I've run into a problem using a LANE blade to carry VLAN traffic over PVCs. Normally, you would have LANE blades in SwitchA and in SwitchB, both of them with corresponding statements like: atm pvc 826 0 826 aal5snap atm bind pvc vlan 826 826 So then, any traffic for VLAN 826 is carried over a PVC on 0/826. All of the devices in the two switches can talk happily. The problem I have is that the other end of my tunnel is not a second LANE blade, but the ATM interface of a 7204 router. We have several devices in a VLAN on one switch, and they all need to talk to the router at the other end. Is there a way to terminate these PVCs on the router, and have it communicate correctly with the VLAN? So on SwitchA, we have a VLAN, 826 with several IP devices on it... the VLAN is sent through to the LANE blade, and is bound to a PVC with statements like: atm pvc 826 0 826 aal5snap atm bind pvc vlan 826 826 Then PVC 0/826 runs through an ATM network, and arrives at the ATM 1/0 interface of a router. All of that works fine but once it gets there, the router doesn't seem to know what to do with this traffic. If it were an Ethernet interface I would say "encapsulation isl 826"... but that doesn't apply on an ATM interface. Any ideas? The way I tried, was to make a sub-interface on the ATM interface of the router interface ATM1/0.826 multipoint ip address 172.16.1.1 255.255.255.0 atm pvc 826 0 826 aal5snap inarp 1 map-group VLAN826 map-list VLAN826 172.16.1.2 atm-vc 826 broadcast Then try to ping across it... traffic shows up on the PVC, but doesn't ever reach the VLAN correctly. Any ideas? Should that configuration have worked? If so, maybe I made a dumb mistake, because traffic was definitely flowing to the PVC. By the way... we are unable to implement a full-scale LANE system (with a LECS and a LES and a BUS and all that jive). I know that would fix it, but it would introduce new problems in our configuration. I definitely would appreciate any input. Regards, Travis Gamble _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: tough VPN question
One thing I've noticed is that Windows tries to cache passwords. When they first turn on their computer, they aren't generally connected to the VPN, so they can't login normally at that point. Make sure they are still setup to logon to the domain, even if they can't. Have them enter the correct username and password at the login prompt, and just say "OK" when it complains that it can't find a domain controller. Keep hitting OK until it boots, without the domain controller. This will cache the correct username/password combination, so that when it does try and connect to an NT server, it will send the correct information. Also, as others have said, make sure you have WINS or an LMHOSTS file working to allow them to find the domain controller(s). Hope this helps, Travis Gamble Systems Engineer Attache Group Inc. - Original Message - From: "Jim Bond" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, December 07, 2000 1:18 AM Subject: tough VPN question Hello, I'm trying to set up a IPSec between a PIX (branch office) and router (central office). All PCs at branch office share 1 ip address. IPSec seems to be working fine because clients can ping/telnet/email/map drives from/to central office. The problem is they can't logon NT domain. They can ping domain controller though. Any idea why they can't log on NT domain? (The machines were already added to domain) Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX question
If you have enough external IP addresses, then yes, you can have an entire subnet be accessible from the outside world. If you check the static (inside,outside) command, there is a way to specify a network address and subnet mask for the translation. However, if you only have a few addresses then no, it isn't possible. If you think about it... if you have 200 web servers, and only 10 external addresses... if a request comes in on one of those 10 external addresses, how would the PIX know which server to send it to? Travis - Original Message - From: "Jim Bond" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, October 28, 2000 2:44 PM Subject: PIX question Hello, Is there any way to have outside users access an internal subnet? I see from CCO that you can only have ouside users access a particular internal host. Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Messenger - Talk while you surf! It's FREE. http://im.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Novell VPN
You need an NWHOST file... it goes in the \novell\client32 directory, and is exactly like a HOSTS file, except for Netware servers and trees... You only need two lines, if your netware server is at 192.168.1.1: NAME_OF_YOUR_TREE 192.168.1.1 NAME_OF_YOUR_SERVER 192.168.1.1 That's it. Travis Gamble - Original Message - From: "Scott Meyer" [EMAIL PROTECTED] To: "Cisco" [EMAIL PROTECTED] Sent: Thursday, October 26, 2000 1:46 PM Subject: Novell VPN I am trying to get a VPN working. Clients dial into a ISP, use Cisco's VPN client to connect to a 3640 router. I can ping by IP address to my hearts content and everything responds. However, we can't login to a Novell 4 server running IP. What do I need to enable to allow login? I don't know enough about the login process for a Novell server running IP. I would appreciate a nudge in the right direction. Scott Meyer CCNA, CCDA, MCSE, etc [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How do I break out of traceroute?
CTRL and ^ (or CTRL, SHIFT and 6...) Travis - Original Message - From: "Sean Lee" [EMAIL PROTECTED] To: "Cisco@Groupstudy. Com" [EMAIL PROTECTED] Sent: Tuesday, September 12, 2000 6:50 PM Subject: How do I break out of traceroute? Hello All, What's the key combination to break out of traceroute? Thanks! Sean **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: A question about IPSec
Each protocol also has a number, a few other people posted links to lists of those protocol numbers. In an access list, you can specify them like this: access-list 102 permit tcp 192.168.1.0 0.0.0.255 192.168.100.0 0.0.0.255 This would allow all TCP traffic to go from 192.168.1.0 subnet over to the 192.168.100.0 subnet... pretty standard access list command. In that command, the keyword tcp (access-list 102 permit TCP...) specifies the protocol in use. If you want to allow protcol #50 instead... you would do something like access-list 102 permit 50 192.168.1.0 0.0.0.255 192.168.100.0 0.0.0.255 Or something to that effect. Just substitute the # of the protocol in where you would normally put "tcp" or "udp" or "ip". Hope this helps, Travis Gamble -Original Message- From: George Zhang Sent: 31 August 2000 15:33 To: [EMAIL PROTECTED] Subject: A question about IPSec I read the following form Cisco documentation about IPSec: "IKE uses UDP port 500. The IPSec ESP and AH protocols use PROTOCOL numbers 50 and 51. Ensure that your access-list are configured so that 50, 51 and UDP port 500 traffic is not blocked ..." My question is, what are the PROTOCOL numbers? This is the first time I read or heard about "PROTOCOL number"? I know many protocols by names such as TCP, UDP, ICMP etc, by I have never heard about PROTOCOL numbers? What protocols 50 and 51 are associated with? Could someone please explain that to me? Thanks. George Zhang, CCNP ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] The information in this e-mail is confidential to the ordinary user of the e-mail address to which it was addressed. If you receive it in error, you should not use or disseminate the information in it; instead, please e-mail it back to the sender then delete the message from your system. Internet communications are not 100% secure and it is the responsibility of the recipient to ensure that this email has not been tampered with and that its attachments are virus free. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX
Nope, the Pix is Intel based. Unfortunately, you would need to have exactly the same motherboard, NICs and everything in between. Probably is possible, but you'd need pretty detailed information. Travis Gamble - Original Message - From: "William E Gragido" [EMAIL PROTECTED] To: "Cisco Cisco" [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, August 31, 2000 5:49 PM Subject: RE: PIX No kidding, well, I don't know...the quick reference guides never really go too far in detail and I have never seen anyone rip a pix apart just to see what makes it tick. I am guessing that its not the case though considering Cisco's priclivity towards the RISC processors etc. I somehow doubt that they are simply basic PCs if for no other reason than their price tags. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Cisco Cisco Sent: Thursday, August 31, 2000 4:27 PM To: [EMAIL PROTECTED] Subject: PIX Somebody told me that a PIX can be built by using common PC components. I have the PIX OS and would like to build a box for home use only to study on. Does anybody know or heard how to do this? I would love to buy a real PIX but my budget is really tight right now - I am sure many of you can relate to this! Thanx PC _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pix firewall and PAT
Hi all, Here's something I've been pondering. How many external addresses do you need with a PIX firewall to have your PIX, PAT for the internal clients and to redirect port 80 to a web server? On an IOS router, you can do something like: (where 1.1.1.1 is an external IP and 10.x.x.x is internal) interface ethernet 0/0 ip address 1.1.1.1 ip nat outside interface ethernet 0/1 ip address 10.1.1.1 ip nat inside ip nat inside source list DoTheNat interface e0 overload ip nat inside source static tcp 1.1.1.1 80 10.1.1.2 80 extendable Or something like that. That would allow you to use 1 IP address for PAT, access to an internal web server. With a PIX, I can't seem to find the same functionality. With a PIX (at least one that's running 4.4) it seems to me that I need one IP address for the PIX, one for PAT and another one for the web server to use. Anyone know of a workaround for that, or do I need to start getting a block of IPs? Regards, Travis Gamble ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco VPN Client (off topic question)
I haven't tried to install the VPN client on 2000... but the reason for that is because 2000 supports IPSec already. No need for the client, just set it up on the box, no additional software should be required. Travis Gamble -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Marco Rodrigues Sent: July 26, 2000 9:54 AM To: [EMAIL PROTECTED] Subject: Cisco VPN Client (off topic question) I've tried installed it on Windows 2000 , even though the system requirements say it has to be Win9x or WinNT 4.0. I was just curious has anyone got IPsec to work with Windows 2000 connecting to a Cisco PIX Firewall? Any feedback would be appreciated. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Nat addressing
There are two concepts, NAT and PAT. Nat is a one-to-one mapping of internal to external addresses, while PAT is what you are referring to, where many internal addresses can be mapped onto a single (or a few) external addresses. It does this by using unique port numbers for each internal request. When the reply comes back, it does a lookup of the port it arrives back at, and re-addresses it and forwards it back to the appropriate internal IP address. Hope this helps, Travis Gamble (Oh, by the way... PAT stands for Port Address Translation, I think) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Patrick Duggan Sent: June 7, 2000 7:01 AM To: '[EMAIL PROTECTED]' Subject: Nat addressing Hi one and all, I have a newby Nat addressing query, no smirking please. Nat translates private ip addresses, does this mean it is a simple one to one translation or can a full private addressing schema be implemented requiring maybe one allocated ip address on an interface? If so how does it work? Pat ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Very interesting RIP issue
Actually Lance was referring to a RIP packet, and it would make sense that a RIP packet would begin with an extremely low TTL field (of either 1 or 2) so that it would only be propagated to neighboring routers. You wouldn't want a routing update to go any further than that. Travis Gamble -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Cormac Long Sent: June 4, 2000 7:14 AM To: Lance Simon; [EMAIL PROTECTED] Subject: Re: Very interesting RIP issue Not sure what the nature of the problem is here, but here are a couple of points to note: 1. The TTL field is in the IP header and not the UDP header. 2. The TTL is only decremented after the packet crosses a router hop ( a switch hop does NOT count). 3. The inital TTL=15, and it gets decremented after that as it crosses routers. This makes it surprising that you're seeing TTL=1 or 2. It implies alot of router hops. Cormac Cormac Long, CCSI#21600 http://www.cormaclong.com --- Lance Simon [EMAIL PROTECTED] wrote: Hi group! I am a lurker at best here, but today I saw something that really puzzled me. While I was looking at a trace file I noticed something unusual about the ttl values for RIP updates on a PacketEngines switch. This switch is connected to a Cat5000 and I had a sniffer in between the two. My understanding of RIP is that the ttl value = 2 and that it is decremented as it enters a switch/router and then it is looked at. Therefore, a ttl=2 would become ttl=1 before the packet is even looked at. If the ttl=1 it would become ttl=0 and then, instead of being looked at, it would be discarded. Is this correct? First, let me say that the Packet Engines 2200 switch is a very good box and it is communicating well with the Cat5k. The RIP updates are being handled well by both sides, but; when looking at the sniff, the ttl value from the packet Engines box is set to =1. How can this be? Do I totally misunderstand the UDP ttl value in relationship to RIP? Any insights would be helpful. BTW, I have got a call into a PacketEngines s/w engineer and am waiting for a response. Thanks, Lance ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] = http://www.cormaclong.com __ Do You Yahoo!? Yahoo! Photos -- now, 100 FREE prints! http://photos.yahoo.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]