Spanning Tree Enhancements [7:39920]
Hi Folks, Can someone please answer my following questions regarding various IEEE Standards that have been advanced to enhance the Spanning Tree Protocol: 1. Has some vendor implemented the 802.1V, 802.1W, and 802.1X standards in their equipment ? 2. If yes, then has it resulted in addition of more switching commands to augment STP implementation ? 3. With STP enhancements, is there a possibility that Ethernet networks can rival SONET's restoration times of 50msec or less in practical reality ? Any information will be welcome. TIA. Aziz S. Islam Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39920t=39920 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Why use wildcard mask [7:30473]
I think a major motivation of a lot of silent lurkers (like myself) and those who actively participate on this list is to benefit from the comments of such great industry stalwarts such as Howard Berkowitz, Priscilla Oppenheimer, Pamela Forsyth, etc, etc,. They always enrich their comments with their experience, and Howard Berkowitz also adds spice to it with his wit and humour. I have read almost all his books and would recommend them to everyone seeking in-depth knowledge of networks. I think he has got a unique flair for writing. It would be a sad day for me if someone drives them off this list with their uncouth comments. I would also name some more persons such as Chuck Larrieu, Elijah Savage, Brad Ellis, Kent Hundley, Keyur Shah, etc (and the list goes on ) whose insights from real hands-on experiences, coupled with their marvellous ability to explain things, has greatly benefitted this list. I wish everyone a Happy New Year and greater opportunities in the years ahead. Aziz S. Islam Sr. Infrastructure Splst.- CCIE(R/S) Design Engineering EDS Canada Inc. 33 Yonge Street, Suite 400 Toronto, Ontario M3A 2R6 CANADA Ph:(416)814-1696 Fx:(416)814-1821 http://www.eds.com mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 31, 2001 9:12 AM To: [EMAIL PROTECTED] Subject: Re: Why use wildcard mask [7:30473] Speaking only for myself, I look forward to your wit and wisdom when providing us wannabees with the knowledge we so desperately seek. While you're at it, can you provide us with a list of the RFC's you have written? And the books? I'd like to check them out. Anything to improve my own understanding of how things work. Best wishes, Chuck Cisco Cisco wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Howard, If you actually worked on a router in the real world rather than just tell people you do, you would know that Cisco has supported access-list remarks for some time now. Oh I'm sure you're going to reply to this e-mail with some stupid story like, This reminds me when I was talking to a developer at Apple about Mac OS 1.0 but I had never really worked on an Apple or some worthless story like that. Also do us all a favor and quit cross posting from other mailing list. We don't want to see your replies to the juniper and ccie mailing list posts. Cross posting can be dangerous when you're on some of the list the you are on wink, wink ;-) Howard C. Berkowitz wrote: Yes, it does make simple tasks a little more complicated. However, using inverse masking can make complex tasks much easier. Take this issue. Say you are asked to filter access to all odd 192.168.x.0 /24 routes. Your method. 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0 192.168.5.0 255.255.255.0 FAQ, list archives, and subscription info: I see your approach, Marc, and I have even encountered real-world situations where such filtering might be appropriate. It happened when an enterprise wanted to leave room for expansion, but didn't understand summarization. They assigned odd-numbered subnets to different sites/areas, thinking the even ones would be for future use. My approach, incidentally, is to figure out the number of potential areas or sites, then divide by a power of 2, at least 4, to be summarization-friendly. There's no question that your approach takes fewer lines of code. Personally, I wouldn't use it except in a huge network where there was no other way to fit that many lines into NVRAM. My motivation for not doing so is maintainability. The more complex the mask, the more difficult it will be for some subsequent administrator to figure out what was being done. I might be more open to the idea if Cisco saved comments with the configuration, but, of course, it doesn't. __ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30541t=30473 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Private VLAN's amp; VTP [7:27940]
Hi Folks, Do VLAN's configured as PVLAN's get communicated throughout the VTP domain via VTP messages or are they kept segregated ? Can someone please enlighten me on this ? Thanks very much. Aziz Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27940t=27940 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Design Question - Spanning-tree Protocol. [7:23614]
Hi Folks, I have a design in which Cisco 3548 XL's are GBIC-stacked on various floors of a campus and are uplinked to a core Cat 6509 switch. The uplink from every floor stack is ether-channeled to the core via two parallel equal-cost paths. One uplink path starts forwarding and the other goes into blocking mode from each floor stack. Here is my confusion... If only one link of a 400 MBps full-duplex ether-channel fails from the forwarding path , will it invoke spanning-tree recalculation ??? Or will the 'now' sub-optimal path still remain in forwarding mode and the now more-bandwidth path remain in blocking mode ??? Since spanning-tree recalculation causes a lot of ripples throughout the switched network, I would assume that the latter were true. However, I would like to hear views from people who would think that the former scenario is more probable. Thanks very much. Aziz Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=23614t=23614 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Can some PIX expert please respond.... [7:20858]
Hi Folks, I am trying to get timestamps alongwith my 'syslog' output by using the PIX command logging timestamps. However, even with this command, whenever I do a show syslog, I fail to see any timestamps logged. Am I missing something ??? How can I append timestamps with the syslog messages. Or timestamps cannot be appended in show syslog when I use the command logging buffered debugging logging timestamps, i.e. when I use the internal buffer of PIX to log syslog messages ? Can someone please advise me. Thanks. Aziz Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20858t=20858 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: No One on List can help for this??? [7:19169]
Hi Cisco Lover, To mitigate your agony and probably help you prevent any further grief, may I suggest that you dig a bit deeper into MAC-Layer ACL's. Configuring newer ones and understanding the current ones may, in fact, seem like a breeze. Just browse through the following URL. http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/ibm_c /bcprt1/bcsrb.htm It contains a lot of examples at the end. Try converting it into binary form and understand them in greater depth. I recall a previous email by Priscilla Oppenheimer explains them also. So, may I suggest that you also search the 'grourstudy archives' for them. And let me assure you that once you start understanding them you will start enjoying them too. Have fun. ( One little bit of advice also. You cannot cram an ACL's because this approach may do more harm than good in the longer run.) Aziz S. Islam. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Cisco Lover Sent: Sunday, September 09, 2001 4:12 AM To: [EMAIL PROTECTED] Subject: No One on List can help for this??? [7:19169] Hi Cisco Guys.. I am mashing my head for a long time for the answer of this Question and have sent on list various times but no reply yet. CAn any one help to remove this confusion WHAT shoud be the address and mask when we deals with SNA traffic in DLSW+ LSAP ACLS.?? I found ACL having two entries in Caslow as 0x0004 0x0001 0x0404 0x0001 but at some other places,I saw this as 0x0d0d 0x0001 and even as 0x 0x0d0d ?? Now I am really confused what is right or wrong ??? As far as I know this is the output of some ANDING but i am not sure where it came from??? Any guy/CCIE can explain this plz. Thanks a lot. A Cisco lover _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19178t=19169 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Usage of Spanning-tree GUARD and UDLD features. [7:15568]
Hi Folks, Can someone please guide me on the usage of Spanning-tree GUARD and UDLD (Uni-directional Link Detection) features in the Catalyst switches? My specific question is would there be a need to use both in a situation, as they seem to serve the same basic purpose ? Or is Spanning-tree GUARD feature superior as it checks certain software features such as Ether-channel and trunks also ? Aziz S. Islam Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=15568t=15568 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Off topic - Tools for measurement - SLA [7:13087]
Paulo, You may first want to skim through RFC's 1242/2285 for terminology of tests and measurements, plus RFC's 1944, 2544 and 2889 for the methodology of these tests. This may seem like a lot of reading but would definitely help. As far as measuring equipment is concerned you may want to look at packet generators such as SmartBits and many more. The packet generation capability of Cisco routers by typing an undocumented command ttcp may also be worth considering. Some custome stuff is also available which helps you measure and verify SLA's. A thorough understanding of the traffic patterns of the network-under-test is also very essential for finding out where on the network should you employ measurement tools. Aziz S. Islam -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Paulo Cesar Buerger Sent: Friday, July 20, 2001 9:20 AM To: [EMAIL PROTECTED] Subject: Off topic - Tools for measurement - SLA [7:13087] Dear all, I would like to deploy some measurements for an IP backbone. The idea is to publish some report giving information about packet loss, latency, availability and other stuff related to SLA. What is the best way of doing this ? Latency and packet loss measurements are enough ? Could you list some good tools for this (a kind of a probe that could helping on collecting e publishing the results to the Web)? I would appreciate your help. Paulo Buerger Global Village Telecom Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13278t=13087 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: can you mix and match Cisco RAM? And related RAM [7:2682]
I have done that on a PIX firewall, but not on a router. 3rd party RAM worked fine on a PIX. Aziz S. Islam -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of RF Sent: Monday, April 30, 2001 4:52 PM To: [EMAIL PROTECTED] Subject: can you mix and match Cisco RAM? And related RAM questions. [7:2617] Hi all: Still looking to upgrade my routers on the cheap, wondering if anybody knows any of the following. Once again, I should state that none of my routers will ever be in a production environment, so I am not worried about blowing any warranty or Smartnet contract or anything like that. 1) Can you mix and match Cisco RAM, provided the memory type and form factor is the same? I am aware that there is a problem with mixing 2610 and 2650 RAM. But can I take, for example, 2610 RAM and put it in a 1750 (because they both use 100 pin DRAM DIMM's)? Or how about mixing 3600, 4700 and 2500 memory (all 72pin DRAM Simm's) amongst each other? 2) Is there some easy chart on CCO that shows the kind of RAM/flash each router uses? Thanx in advance XC FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=2682t=2682 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: [sc] DLSW+ Problem [7:2616]
Hi Fawad, DLSw related issues can also crop up if there is insufficient RAM for the number of concurrent SNA sessions. Do a show log and see if you are seeing any MEMORY ALLOCATION FAILURES. If yes, then you need to size your router's RAM with the sessions it can sustain simultaneously. I remember there is a good note on Cicso's web-site on how much RAM you need for DLSw. Aziz S. Islam -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Fawad Alam Sent: Monday, April 30, 2001 4:59 PM To: [EMAIL PROTECTED] Subject: RE: [sc] DLSW+ Problem [7:2616] I am not having problem with DLSW+ connectivity. THe peers are up but I am seeing session drops from application perspective. On the routers I don't see sny connectivity problem or problems with DLSW+. From application point-of-view my user sees SNA communication and SNA SYSTEM RESOURCE FAILURE messages. Thanks.. Fawad From: Qurashi, Iftikhar To: 'Fawad Alam' Subject: RE: [sc] DLSW+ Problem Date: Mon, 30 Apr 2001 16:14:37 -0400 MIME-Version: 1.0 Received: from [159.231.69.23] by hotmail.com (3.2) with ESMTP id MHotMailBCB7120E00784004314F9FE745179B760; Mon Apr 30 13:11:58 2001 Received: from cbmrd-xscc001im.scc.intria.com (localhost [127.0.0.1])by unixs09.scc.intria.com (8.11.2/8.11.2) with ESMTP id f3UKCJS22386for ; Mon, 30 Apr 2001 16:12:26 -0400 (EDT) Received: by CBMRD-XSCC001IM with Internet Mail Service (5.5.2650.21)id ; Mon, 30 Apr 2001 16:10:08 -0400 From [EMAIL PROTECTED] Mon Apr 30 13:13:36 2001 Message-ID: Return-Receipt-To: Qurashi, Iftikhar X-Mailer: Internet Mail Service (5.5.2650.21) Dear Fawad, I am also working on exactly same scenario where I have 2621 on one end and 2612 on other end. let me know more about your scenario and may be I can help you somehow in this regard Iftikhar. -Original Message- From: Fawad Alam [mailto:[EMAIL PROTECTED]] Sent: Monday, April 30, 2001 2:59 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [sc] DLSW+ Problem Hi I am having some performance problem with DLSW+. The peers are 2621 with IOS Version 12.0(3)T3 and at the other end I have Cisco 2612 with version 11.3(9)T. Our testing setup with obviously less load worked fine but when we moved to production the sessions started dropping. I have checked circuit load and it looks fine. Probably some DLSW+ parametes with some timing features or problem with IOS is causing this problem. Or may be its related to 2600 routers. Is there anyone who experienced same kinda issues in past. Any comments. Thanks... Peter _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. -- To unsubscribe: echo unsubscribe cisco-cert | mail [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=2681t=2616 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: best location for ccie lab - rtp [7:2149]
I have only been to the Halifax site. It has cheap hotels (if you are spending in US $$), five-minute walk to the CCIE lab, very fair and friendly Proctors, plus a historical city to see (for which one may not have the time). And if you manage to pass, you can celebrate with a feast of fine lobsters. Aziz S. Islam -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rob Sent: Thursday, April 26, 2001 2:13 PM To: [EMAIL PROTECTED] Subject: best location for ccie lab - rtp [7:2149] what's the best location to take the CCIE lab exam? I realize that the exams are standardized worldwide but I'm looking for the overall picture, the friendlieness, good cheap hotels, easy commute to the lab facility etc.. I'm considering NC, halifax and maybe CA.. thanks FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=2188t=2149 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP Commands [7:708]
Here is a little explanation. "show ip bgp" shows the bgp routing table. This may or may not be different from the IP routing table for a particular router. "show ip bgp summ" shows the EBGP IBGP neighbor/peer relationships that a router has been able to establish. "show ip route bgp" shows all the BGP routes (both IBGP EBGP) that have qualified to enter the IP routing table of a router. Again this may be a subset of what is being seen with the first command "show ip bgp" I have a feeling that you may still need to do a lot of reading as all this is very basic to BGP. I would also say the same thing that has been repeatedly said on this list many times that Bassam Halabi's "INTERNET ROUTING ARCHITECTURES" is one of the best books to learn about BGP. Aziz S. Islam -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hunt Lee Sent: Sunday, April 15, 2001 9:21 AM To: [EMAIL PROTECTED] Subject: BGP Commands [7:708] Can anyone please explain to me what is the difference between the command "show ip bgp" (or show ip bgp summary) and "show ip route bgp"? I have read the BSCN book between page 348 and 352 many times, but I'm still very confused. The book said "show ip bgp" displays BGP routing table?? But I thought that should be "show ip route bgp". Please help. Regards, Hunt Lee IP Solution Analyst Cable and Wireless FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=710t=708 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN Tunnel-in-a-Tunnel [7:528]
Hi All, I am in a situation where I need to VPN-tunnel into a private network using IPSec, and again use another VPN Gateway (located in the private network) to VPN-tunnel into a second private network, again using IPSec. In effect, I have to use two different VPN-clients on my PC, and logically, it becomes a situation of tunnel-in-a-tunnel. I hope I am able to explain what I am trying to accomplish. Let me also clarify that I have no other path into the second network other than through the first network. Now my questions to the list are: 1. Any disadvantages of such a setup ? 2. Any better and less-involved alternates ? 3. Any other things that I need to be aware of. 4. Any Internet resources that someone is aware of which deals with the specific situation. Thanks in advance. Aziz S. Islam Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=528t=528 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Lab Report - unsuccesful
Hi Chuck, Thanks for taking the time to narrate your candid and thorough post-lab experiences. The outcome should not discourage you as the whole group remains impressed with your wealth of knowledge, the desire to know more, and your fine power of expression. I have been there too, and finally sailed through. Believe me, the pleasure of conquering it would be immense. Just hang-in there without losing your sense of direction and you will succeed. Best of luck. Aziz S. Islam All the CCXX (Routing Switching) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chuck Larrieu Sent: Saturday, April 07, 2001 9:34 PM To: Cisco Mail List Subject: CCIE Lab Report - unsuccesful Hey, everyone, how you all been? The short story is I did not make it to day 2. The rest of this is a bit long winded, and easily skipped. First of all, I was quite pleased to find upon reading through my Day 1 scenario that there was nothing I couldn't do, given time. There are plenty of practice labs from several different sources which cover all the core topics, so there were no surprises for me. Secondly, I was quite pleased when during my review of Day 1 results with the proctor, he told me they were going to change the written instruction on a particular section because of the solution I used. I'm actually quite surprised it hasn't been done before. I was grudgingly given points, although I was told my solution was definitely not what they had in mind. However, in the end, it was a few simple omissions that cost me the points I would have needed to squeak into Day 2. Only one of the six of us who began together was invited to the second day. Things I learned: 1) having the core topics down cold is CRUCIAL. No kidding! 2) Time is crucial, but not, I believe, in the way I have seen it discussed in many places. I highly doubt that typing 80 words a minute versus my 20 WPM was the difference. Not when I spent as much time as I did contemplating. You can't think it. You have to know it. By 2:00 p.m. I knew I didn't have a prayer of hitting all the requirements. At that point I started counting points, putting myself in a defensive mode. By quitting time, if I got full credit for everything I thought I deserved, I would have had 31 points. As I found out in my review, I missed a few simple things, and blew myself out of the water. This leads back to the internalization of the core topics. You can't be thinking about how to configure anything. You have to just bang them out, the same way you bang out shaving or washing your hands or eating your lunch. 3) Methodology is crucial. You have to have a good methodology that is internalized and is habitual. You can't be thinking "what's next?" I don't believe it matters what your methodology is, so long as you are consistent and quick. My own methodology failed me because I was constantly adjusting, rather than banging it out. 4) I spent a good two hours last night in my hotel room debriefing myself. I have six pages of notes regarding my day one experience. This will form the basis of my study plan for my second attempt. I know that it is highly unlikely I will have a scenario like the one I just worked on next time through. But I will focus on methodology and speed. 5) Good rapport with the proctor is helpful. I was able to get the information I needed by carefully wording my questions and making sure that my desired result was understood. The proctor is under a bit of stress himself, with so many folks vying for his attention. He may think you are asking something you are not. I made sure that if I was not getting an answer that made sense that I clarified my request, so that the answer was one that helped me understand. I will say also that the test I saw was reasonably clear. The questions I had tended to be the result of outputs from various show and debug commands, to clarify what the expectation was. A few other comments: I was far too aggressive in scheduling my lab date. Should have pushed it out 60 days. Don't be in a hurry. Those without a lot of hands on need to spend several months of several hours a day practicing. No two ways about it. There has been a lot of discussion about the patch panels used in the lab. All I can say is that the panels are clearly labeled. IMHO you have nothing to worry about. That said, I did have to revisit the rack twice, in order to make a cabling change. This was purely the result of a chicken or egg situation, and not due to any difficulty with the rack itself. People with home labs know well the issue with hooking up routers back to back. I sat next to a guy this morning ( a day 1 candidate ) who was getting up every few minutes and going to the back of the rack to move cables around. Completely unnecessary and driving the proctor nuts. There is no need for any candidate to touch the back of the rack. You can't let little stuff stop you. Those with extensive hands on experience know that
RE: Cisco IOS Documentation: How useful is it, really?
Well if you have a desire to pass the CCIE Lab, I think it would be very difficult, shall I say virtually impossible, to sail through without a fair command over Cisco IOS Configuration Guides and Command References. I realize that it may be very difficult to remember every bit of it, but the ability to navigate to where a feature is located and to retreive it quickly may make the difference between pass and fail. In my case I never studied Bruce Caslow's book or Jeff Doyle's (Routing TCP/IP) but still managed to pass. So, it all depends, if you skip Cisco IOS Configuration Guides and Command References, the sailing may not be very smooth. Aziz S. Islam -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Control Program Sent: Sunday, April 08, 2001 11:37 AM To: [EMAIL PROTECTED] Subject: Cisco IOS Documentation: How useful is it, really? I'm interested in thoughts and opinions on the practical utility of the official Cisco IOS Configuration Guides and Command References available in print, on CCO, and on the documentation CD-ROMs that ship with Cisco products. There have been a number of allusions on and off this list to the importance (or even necessity) of studying the official docs if "you're serious about CCIE preparation." I even recall seeing some advice given by someone that one should read the entire set of configuration guides and command references before attempting the lab exam. How useful do you all find the IOS documentation, both with respect to CCIE study, and in general? Have you succeeded in using it to learn to configure services you were previously unfamiliar with, or is it just useful as a reference once you already mainly know what you're doing? Is it even useful as a reference? My own thoughts: I ask because I find the IOS documentation hard to digest at best, and actively confusing at worst. I use it frequently, but almost exclusively as a reference to look up command options and syntax details. Even then, half the time I find that there either isn't enough detail in the manual to answer the question I have, or there's so much detail that the information I'm looking for is buried in an avalanche of optional parameters and unrelated features. The idea of resorting to the IOS documentation to, say, learn how to set up async and ISDN interfaces using a combination of static and dynamic addressing to support user dialin and backup/DDR functions on an access server makes my blood run cold. It could be done - eventually - but it would require piecing the information together from eight different chapters, one of which would provide 200 pages of information just on PPP, another of which would provide 150 pages of information on ISDN signaling, and so on. I just can't imagine the official documentation as the preferred means to learn to do something new. Should you be familiar with the structure and contents? Of course. It's still the last word when it comes to resolving ambiguities or finding information on that one option you knew was there but couldn't remember the keyword for. Is it time well-spent to sit there and study these manuals as an attempt to increase your knowledge and proficiency? Not in my experience. That's not to say you won't learn anything by doing it - just that there are better ways to use your time. Comments encouraged! Maybe some of you have actually devised a way to triage the documentation and learn a lot from it despite the way it's organized. If so, I'd love to hear your strategies. -- _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OFF TOPIC - Juniper's concept of multiple routing tables.
Hi Folks, Can anyone ( specially the likes of Berkowitzs, Forsyths, Oppenheimers, etc ) comment on the advantages of having multiple "IP routing tables" in a router such as featured by Juniper in its M-Series machines. Would it not consume comparatively more hardware resources on a router in terms of RAM, CPU cycles, etc ? Thanks in advance. Aziz S. Islam _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: why NAT breaks VPN?
Folks, A very good explanation ( by Lisa Phifer, Core Competence ) of where NAT and IPSec are in harmony and where they are not can be found at : http://www.cisco.com/warp/public/759/ipj_3-4/ipj_3-4_nat.html Happy reading. Aziz S. Islam _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Seeking PPP authentication resource...
Hi Group, Can anyone please suggest a resource which has an in-depth explanation of the following Cisco IOS commands. I have not been able to understand their usage in all variations. The Cisco IOS Dial Solutions Configuration Guides Command Reference doesn't do a good job of explaining it at my level of comprehension. 1. "ppp chap hostname --" 2. "ppp pap sent username - password -" A good resource would be highly appreciated. Thanks in advance. Aziz _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: interface stats, physical problem or high utilization?
You need to look into the following things in this particular scenario: 1. The output queue drops on the serial interface and if they increase during the file transfer. 2. The queueing type configured on the interface such as WFQ, FIFO, etc. 3. The "buffers" situation in terms of their depletion. 4. The mix of applications that are being transported over the WAN link. 5. A Sniffer WAN trace may also prove helpful in this situation. 6. Observe the "5-minute traffic rate" on the serial interface during a large file transfer and see if it peaks to 56 Kbps. 7. Is something driving the interface into "process-switched mode" ? 8. You can prioritize the application that is being impacted the most by using any of the queueing mechanisms. However, this decision may have some adverse effects if not properly researched. Here I am assuming that the frame PVC has been provisioned correctly and that it is delivering as per the rated CIR/EIR. This was just to trigger your thought-process as you have not provided enough information to be able to correctly pin-point the cause. Aziz S. Islam -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kane, Christopher A. Sent: Tuesday, December 26, 2000 9:59 AM To: '[EMAIL PROTECTED]' Subject: interface stats, physical problem or high utilization? I'm looking for some feedback to a discussion I had with a co-worker. I'm not looking for troubleshooting assistance with this problem. Rather, I would like to know if anyone else has experienced a similar situation in which a utilization problem looks like a physical problem? We had a customer with a 56k Frame ckt terminating into a Cisco 2524 with an integrated 4-wire CSU/DSU. The end user was complaining of dropping when trying to pull large files (3 meg). The interface stats showed Input errors, CRCs and carrier transitions. Myself and the telco were able to test end-to-end clean several times. We then swapped the 2524 for fear that the integrated CSU/DSU was flaky. The problem remained. Then my co-worker made a statement that I am having a hard time agreeing with. He stated that it must be heavy utilization by the end user that is causing the problem. Could that be? A utilization problem that looks like a physical problem according to the stats provided by the serial interface? It's always fun to banter with co-workers. Round-table discussions in front of the whiteboard are my favorite part of the job. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: interface stats, physical problem or high utilization?
You need to look into the following things in this particular scenario: 1. The output queue drops on the serial interface and if they increase during the file transfer. 2. The queueing type configured on the interface such as WFQ, FIFO, etc. 3. The "buffers" situation in terms of their depletion. 4. The mix of applications that are being transported over the WAN link. 5. A Sniffer WAN trace may also prove helpful in this situation. 6. Observe the "5-minute traffic rate" on the serial interface during a large file transfer and see if it peaks to 56 Kbps. 7. Is something driving the interface into "process-switched mode" ? 8. You can prioritize the application that is being impacted the most by using any of the queueing mechanisms. However, this decision may have some adverse effects if not properly researched. Here I am assuming that the frame PVC has been provisioned correctly and that it is delivering as per the rated CIR/EIR. This was just to trigger your thought-process as you have not provided enough information to be able to correctly pin-point the cause. Aziz S. Islam -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kane, Christopher A. Sent: Tuesday, December 26, 2000 9:59 AM To: '[EMAIL PROTECTED]' Subject: interface stats, physical problem or high utilization? I'm looking for some feedback to a discussion I had with a co-worker. I'm not looking for troubleshooting assistance with this problem. Rather, I would like to know if anyone else has experienced a similar situation in which a utilization problem looks like a physical problem? We had a customer with a 56k Frame ckt terminating into a Cisco 2524 with an integrated 4-wire CSU/DSU. The end user was complaining of dropping when trying to pull large files (3 meg). The interface stats showed Input errors, CRCs and carrier transitions. Myself and the telco were able to test end-to-end clean several times. We then swapped the 2524 for fear that the integrated CSU/DSU was flaky. The problem remained. Then my co-worker made a statement that I am having a hard time agreeing with. He stated that it must be heavy utilization by the end user that is causing the problem. Could that be? A utilization problem that looks like a physical problem according to the stats provided by the serial interface? It's always fun to banter with co-workers. Round-table discussions in front of the whiteboard are my favorite part of the job. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Token ring to Ethernet coversion
Hi Nicolas, A word of advice since I was part of a team that did such a project. Since the token-ring network surely would have evolved into a much bigger enterprise than what it originally was, the first thing to do would be to determine traffic patterns. This can be done using an analyser such as a Sniffer. This has to be done over a period of time to accurately graph traffic trends, such as, at various times of the day, for instance. More often than not, such an exercise points to some very obvious sub-optimal traffic patterns and server placements which may have remained unnoticed as the network evolved. This can be optimized thereby reducing broadcasts and unnecessary network traffic resulting in a cleaner and relatively problem-free network. This is the planning part and often gets overlooked. And this would also give you more insight into your network and its traffic patterns and can be helpful for deploying any new software/application in future. Most of the problems that we faced were in the conversion of desktops/laptops from Token-Ring to Ethernet. This involves loading up new network drivers and a slew of application and software-related problems. So roll up your sleeves. It will be a lot of fun and learning too. Aziz S. Islam -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Nicholas Pandola Sent: Tuesday, December 12, 2000 7:48 PM To: [EMAIL PROTECTED] Subject: Token ring to Ethernet coversion Hi, I am working on a token ring to Ethernet upgrade 2000 users. I would = like to know if anybody out there has preformed this type of conversion = before and what where the main issues. I know that MTU. and = Fragmentation will be a major concern. My feeling on this is that once = the servers get converted to Ethernet that the issues should be = alleviated. The design we have is that server's tie into 6509's = directly on one side and on the user side, tie into a 2980 which connect = to a 6509 though a fiber trunk. =20 Thanks=20 Nicholas _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Off Topic - Ask Miss Manners - Protocol and Behaviour
Hi Chuck, Glad you asked. I was in a similar situation at Networkers 2000 in Orlando. I was attending a "power session" on MPLS. Bruce Davies, a Cisco Fellow, was the speaker. After the session was over I walked up to him and requested him to sign his book " MPLS - Technology and Applications". He did it with a very comforting and reassuring smile and also shook my hand. You can make your own conclusions. Thanks. Aziz S. Islam -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chuck Larrieu Sent: Wednesday, December 06, 2000 5:27 PM To: Cisco Mail List Subject: Off Topic - Ask Miss Manners - Protocol and Behaviour Dear Miss Groupstudy Manners, I have the privilege and good fortune of attending a meeting at which someone who is recognized as one of the top people in the field, and author of a well received book on the subject, will also be in attendance. My question is this: is it considered rude, not to mention obsequious, to whip out my copy of said person's book and ask for an autograph? Should this be done during the introductions, at the first break, or out in the parking lot? Also, how do I keep from hurting myself nodding my head in agreement with said guru? Thanks. Chuck -- I am Locutus, a CCIE Lab Proctor. Xx_Brain_dumps_xX are futile. Your life as it has been is over ( if you hope to pass ) From this time forward, you will study US! ( apologies to the folks at Star Trek TNG ) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Speed Tip
Hi Folks, For the sake of completeness, please take the following command into account also: no logging console Since during configuration of Layer 2/Layer 3 protocols, the absence of the above command can slow one down considerably. Just my 0.02 cents (Canadian) worth. Aziz -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of James Wilson Sent: Saturday, December 02, 2000 11:27 PM To: Chuck Larrieu Cc: Tony Olzak; [EMAIL PROTECTED] Subject: Re: Speed Tip Hi Chuck, Whilst you are permitted to use Notepad or any other program present on your Testing PC, the rules of the CCIE Lab state without that at _no time_ can you save a file to the hard disk. If during the marking breaks the CCIE proctor finds that you have saved a file to the hard drive anywhere he will fail you immediately. Cheers. On 0, Chuck Larrieu [EMAIL PROTECTED] wrote: Rules of the game: I trust you mean that you must remember to delete the file from the PC you are using prior to leaving. I.e. you can't leave it for the next person to find. Correct? I have received tips such as Tony's from other sources. If you check my feeble web site www.chuck.to/CCIEAdvice.txt you will see that one of those from whom I have gathered advice has offered something similar. I have also received this advice verbally from a couple of folks as well. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of James Wilson Sent: Saturday, December 02, 2000 7:41 PM To: Tony Olzak Cc: [EMAIL PROTECTED] Subject: Re: Speed Tip Good tip... but be very very careful -- If you accidently saved this file somewhere you would be disqualified immediately as part of the CCIE lab rules. Cheers. On 0, Tony Olzak [EMAIL PROTECTED] wrote: Hard to believe, but most people don't know you can use notepad in the lab. Here's how I do a base config on all my routers: en config t ip classless ip subnet-zero no ip domain-lookup alias exec cb clear ip bgp * alias exec ci clear ip route * alias exec cx clear ipx route * alias exec i show ip route alias exec ix show ipx route alias exec si show ip interface brief alias exec sx show ipx interface brief enable secret cisco line con 0 exec-timeout 0 0 password cisco line aux 0 exec-timeout 0 0 password cisco line vty 0 4 exec-timeout 0 0 password cisco Then at the end just type "hostname router name" and you are done. Put all this in notepad, copy it, then paste to host while in the terminal program. I couldn't believe how many people tell me they type all this junk at every router. This will save you probably 20 minutes. Tony -- [=[ www.cisco.com ]] James Wilson cisco Systems Customer Service Engineer, I Global On Site Services |||| |||| Phone : +61-2-8448-7919 Pager : +61-2-9430-6381 ..:||:..:||:.. [=[ USA +1-800-829-2447 ]=[ Aust 1800-121-531 ]] "I am convinced that life is 10% what happens to me and 90% how I react" _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] -- [=[ www.cisco.com ]] James Wilson cisco Systems Customer Service Engineer, I Global On Site Services|||| |||| Phone : +61-2-8448-7919 Pager : +61-2-9430-6381 ..:||:..:||:.. [=[ USA +1-800-829-2447 ]=[ Aust 1800-121-531 ]] "I am convinced that life is 10% what happens to me and 90% how I react" _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Speed Tip
Because all routers are connected to the Communication Server through their console port, and by default, logging to console is on. So, for instance, when one configures the frame-relay pvc's on the router interfaces, all dlci state changes show on the command line while one may be in the process of typing-in commands. Similarly, any interface state changes are reflected on the command line. This may cause some distractions and may prevent one from gaining some vital time advantage. It was for this reason that I had recommended that the command "no logging console" should be typed in initially to avoid any unnecessary distractions when setting up various tasks. However, it may make more sense to return to the default status (i.e logging console), if one is lucky enough to sail through to the troubleshooting part. Aziz -Original Message- From: Andy Walden [mailto:[EMAIL PROTECTED]] Sent: Sunday, December 03, 2000 4:46 PM To: Urooj's Hi-speed Internet Subject: RE: Speed Tip Why is that? Thanks, Andy On Sun, 3 Dec 2000, Urooj's Hi-speed Internet wrote: Hi Folks, For the sake of completeness, please take the following command into account also: no logging console Since during configuration of Layer 2/Layer 3 protocols, the absence of the above command can slow one down considerably. Just my 0.02 cents (Canadian) worth. Aziz -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of James Wilson Sent: Saturday, December 02, 2000 11:27 PM To: Chuck Larrieu Cc: Tony Olzak; [EMAIL PROTECTED] Subject: Re: Speed Tip Hi Chuck, Whilst you are permitted to use Notepad or any other program present on your Testing PC, the rules of the CCIE Lab state without that at _no time_ can you save a file to the hard disk. If during the marking breaks the CCIE proctor finds that you have saved a file to the hard drive anywhere he will fail you immediately. Cheers. On 0, Chuck Larrieu [EMAIL PROTECTED] wrote: Rules of the game: I trust you mean that you must remember to delete the file from the PC you are using prior to leaving. I.e. you can't leave it for the next person to find. Correct? I have received tips such as Tony's from other sources. If you check my feeble web site www.chuck.to/CCIEAdvice.txt you will see that one of those from whom I have gathered advice has offered something similar. I have also received this advice verbally from a couple of folks as well. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of James Wilson Sent: Saturday, December 02, 2000 7:41 PM To: Tony Olzak Cc: [EMAIL PROTECTED] Subject:Re: Speed Tip Good tip... but be very very careful -- If you accidently saved this file somewhere you would be disqualified immediately as part of the CCIE lab rules. Cheers. On 0, Tony Olzak [EMAIL PROTECTED] wrote: Hard to believe, but most people don't know you can use notepad in the lab. Here's how I do a base config on all my routers: en config t ip classless ip subnet-zero no ip domain-lookup alias exec cb clear ip bgp * alias exec ci clear ip route * alias exec cx clear ipx route * alias exec i show ip route alias exec ix show ipx route alias exec si show ip interface brief alias exec sx show ipx interface brief enable secret cisco line con 0 exec-timeout 0 0 password cisco line aux 0 exec-timeout 0 0 password cisco line vty 0 4 exec-timeout 0 0 password cisco Then at the end just type "hostname router name" and you are done. Put all this in notepad, copy it, then paste to host while in the terminal program. I couldn't believe how many people tell me they type all this junk at every router. This will save you probably 20 minutes. Tony -- [=[ www.cisco.com ]] James Wilson cisco Systems Customer Service Engineer, I Global On Site Services|||| |||| Phone : +61-2-8448-7919 Pager : +61-2-9430-6381 ..:||:..:||:.. [=[ USA +1-800-829-2447 ]=[ Aust 1800-121-531 ]] "I am convinced that life is 10% what happens to me and 90% how I react" _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] -- [=[ www.cisco.com ]] James Wilson cisco Systems Customer Service Enginee
RE: GRE VS. IPSEc
Great explanation!!! Adam Quiggle. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Adam Quiggle Sent: Thursday, November 23, 2000 1:13 PM To: Liwanag, Manolito; 'Cisco Group Study' Subject: Re: GRE VS. IPSEc Liwang, You aren't comparing apples to apples in your questions. Let me see if I can shed some light on the subject. IPSec is a VPN technology that is responsible for securing a data stream between two VPN peers. It does not provide multi-protocol support, so if you need to transport anything other than IP, you will need to use a GRE tunnel. (assuming you only connect to the outside world using IP) A GRE tunnel does not provide any security. It is a tunneling protocol that can give you the illusion that two tunnel interfaces are connected together. You can then set attributes within those two tunnel interfaces as if you they are directly connected to each other (not everything, but most everything). Thus, GRE tunnels do provide multi-protocol support. In order to determine which technology would be best suited for your needs, your VPN business case should provide you with answers to the following questions: 1) Are there just two sites that need to be connected together? (i.e. are there plans for a large scale deployment?) 2) Do you need encryption? 3) Do you need authentication? 4) Do you need to protect against a replay attack? 5) Who are you protecting your data from? Cisco Encryption Technology (CET), which is frequently used with GRE tunnels, is a precursor to IPSec and has been available since IOS 11.2. While there are similarities between IPSec and CET, they do not provide the same functionality. This is why I asked the previous questions. CET can only encrypt your data streams, while IPSec can encrypt, authenticate and provide protection against a replay attack. CET does not provide for a Public Key Infrastrucutre (PKI) and thus if you had 100's of sites to connect, CET could become an administrative nightmare. On the other hand, IPSec does provide for a PKI which can ease administrative burdens, but can give you a whole different set of problems. For example, who administers the Certificate Authority server and where do they get their authority. This is important if it is an Extranet VPN. In an Intranet VPN this is not nearly as important since most Companies can inherently trust themselves (notice I said MOST not ALL ;-). CET is fairly simple to setup, especially since it only encrypts your data streams. IPSec, has a tremendous amount of flexibility and as we all know the more flexibility a technology has, the more complicated it gets. IPSec can take a while to understand all of the underlying technology, but it can give you an extremely secure environment. Personally, assuming that: 1) We want a simple Intranet VPN protecting our data crossing the public Internet 2) We aren't protecting trade secrets worth millions of dollars 3) There are no plans on increasing the number of VPN connections I would go with a GRE tunnel with CET. If any of the above criteria aren't met I would go with IPSec. HTH, AQ At 08:46 AM 11/23/00, Liwanag, Manolito wrote: I have a remote site that I want to connect to our central site that has a PIX. I was thinking of using IPSec with context based access control. But I was wondering if GRE is just as good ? ( to Qualify - reliable, easy to set up, secure and can handle plenty of tunnels) Can anyone advise ? Manolito _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ** Adam Quiggle Senior Network Engineer MCI Worldcom/BP Amoco [EMAIL PROTECTED] ** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]