Re: Gigabit Ethernet & Collisions [7:73555]
Additionally, gigabit need not run full duplex. Specifically, look into the Gigastack modules for switches. They can run full duplex when there are only two switches in the stack, but the moment you add a third switch, it becomes a shared bus, and all interfaces are forced to half-duplex operation. - Original Message - From: "David j" To: Sent: Tuesday, August 05, 2003 6:11 PM Subject: RE: Gigabit Ethernet & Collisions [7:73555] > Is it really working at gigabit speed?, there are several interfaces which > are able to work at 10/100/1000 speeds > > Neil Andersen wrote: > > > > What would cause show interface for a Gigabit interface to show > > increasing collisions? My understanding is that Gigabit > > Ehternet only runs in FULL DUPLEX. > > > > Thanks, > > Neil > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73572&t=73555 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: default router for 2950 switch [7:64489]
You just use 'ip default-gateway XXX.XXX.XXX.XXX' Adding the IP address to the VLAN interface (for administration) turns the switch into an IP host. It just needs a default gateway, like any other host on your network. Alan - Original Message - From: "J. Johnson" To: Sent: Wednesday, March 05, 2003 11:06 AM Subject: default router for 2950 switch [7:64489] > All, > > Is there a way to set a default router for a 2950 switch? Apparently other > 2900 switches have the "set ip route default GATEWAYADDR" command (see > http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2900/cgcr29k/in dex.htm > - thanks, Priscilla) but not, as far as I can tell, on the 2950 (see > http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12112cea/2 950cr). > > The 2950 lets you set an administrative IP address on an interface, like > other 2900 switches. It seems reasonable that it should also allow a > default router for that interface. > > James [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64530&t=64489 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2 questions [7:64263]
Sam, Addressing your questions in order: 1)Yes, some people do use publically routable addressing within their enterprise, but it's considered very Bad Practice. It will bite them when someone tries to access an Internet resource that legitimately owns those addresses. Instead of traffic being routed out to the Internet, it will be routed to the Internal network with the bad addresses, and the Public resource will appear unavailable. 2)You can configure a PIX to act in the manner you're describing. Basically, you'd connect and address the PIX interfaces to their respective network segments, do a static NAT translation for the 10.1.1.0 network (Translate the 10.1.1.0/24 network space to 10.1.1.0/24 from the inside to the outside... Seems silly, but your PIX will work a lot better if you do this.), and create a rule that permits all ip traffic from the outside to the inside network. HTH, Alan - Original Message - From: "Sam" To: Sent: Monday, March 03, 2003 11:51 AM Subject: 2 questions [7:64263] > 1) Do some private networks use public ip's sometimes in their router > configurations,etc. Or is that rare? > > 2) Can i use my pix as a router? I simply want to connect two networks > 10.1.1.0 and 192.168.1.0 to two ethernet ports on the pix and do routing > between them. I dont want to use any NAT,etc. Can i do that? > > thank you. > Sam [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64287&t=64263 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Policy Routing on the 3550? [7:64074]
Thanks for the replies...
My TAC case worker believes the same to be true, although he's still
trying to verify this with absolute certainty.
I'll have to cross my fingers and hope that they add it in the future,
although by then, it won't matter for this project. We're going to
have to go another route for now.
- Original Message -
From: "Erick B."
To:
Sent: Saturday, March 01, 2003 1:28 AM
Subject: Re: Policy Routing on the 3550? [7:64074]
> route-map isn't listed as a command in the
> documentation so it's probably something from full IOS
> that isn't supported. They may add support in the
> future.
>
>
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12112cea/355
0scg/swuncli.htm#xtocid24
>
> Unsupported route map commands on 3550 (latest code):
>
> match route-type {level-1 | level-2}
> set as-path {tag | prepend as-path-string}
> set automatic-tag
> set dampening
> set ip destination ip-address mask
> set ip next-hop
> set ip precedence value
> set ip qos-group
> set metric-type internal
> set metric-type internal
> set tag tag-value
>
>
> --- "W. Alan Robertson"
> wrote:
> > Howdy folks...
> >
> > I need to set the next hop on a 3550 (with the EMI
> > Image) based on the
> > protocol type. We've got a number of transparent
> > proxy servers, each
> > one handling a different type of traffic (One for
> > HTTP... One for
> > SMTP... Etc.).
> >
> > No problem, right? Wrong.
> >
> > Merrily, I configured my access-lists to identify
> > the various traffic
> > types. I then created the route-map statements to
> > set ip next-hop for
> > each of the types of traffic. I then went to my
> > vlan interface to
> > apply the route-maps, but lo and behold, no "ip
> > policy" command.
> >
> > How can I apply the route-maps to my interface?
> >
> > Is there another way to accomplish this?
> >
> > Thanks,
> >
> > Alan
>
>
> __
> Do you Yahoo!?
> Yahoo! Tax Center - forms, calculators, tips, more
> http://taxes.yahoo.com/
[EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64162&t=64074
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Policy Routing on the 3550? [7:64074]
Howdy folks... I need to set the next hop on a 3550 (with the EMI Image) based on the protocol type. We've got a number of transparent proxy servers, each one handling a different type of traffic (One for HTTP... One for SMTP... Etc.). No problem, right? Wrong. Merrily, I configured my access-lists to identify the various traffic types. I then created the route-map statements to set ip next-hop for each of the types of traffic. I then went to my vlan interface to apply the route-maps, but lo and behold, no "ip policy" command. How can I apply the route-maps to my interface? Is there another way to accomplish this? Thanks, Alan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64074&t=64074 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Bandwidth command!! [7:44055]
Revise and extend: There is no direct correlation between the values of the interface "bandwidth" and the "ospf cost" commands. OSPF does not examine the interface "bandwidth" statement, nor does EIGRP examine the interface "ospf cost" statement. I didn't mean to suggest that OSPF cost isn't related to bandwidth... I should have written more clearly. :) I yield the balance of my time... - Original Message - From: "John Neiberger" To: ; Sent: Monday, May 13, 2002 3:37 PM Subject: Re: Bandwidth command!! [7:44055] > >>> "W. Alan Robertson" 5/13/02 1:06:25 PM > >>> > >Rajesh, > > > >Correct... The bandwidth statement has no impact on other routing > >protocols, like OSPF. OSPF looks at the "cost" of a link in > >determining best path. There's no direct correllation between > >"bandwidth" and "cost." > > There isn't? How does OSPF determine the cost of a link? > > Regards, > John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44096&t=44055 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Bandwidth command!! [7:44055]
Rajesh, Correct... The bandwidth statement has no impact on other routing protocols, like OSPF. OSPF looks at the "cost" of a link in determining best path. There's no direct correllation between "bandwidth" and "cost." As for what to set "bandwidth" to, you set it on both ends of a connection based on the lower speed. As an example, if you had two routers connected via frame-relay, one of which utilized a T-1, and the other utilizing a 256k Fractional T-1, you should set the bandwidth to 256kbps. Most likely, you'd be terminating each PVC to it's own Serial sub-interface, so on the sub-interface, you'd set the bandwidth value to 256kbps (You may also consider basing the bandwidth assignment on CIR (Committed Information Rate), rather than the actual port speed). If, on the other hand, you were running OSPF, you'd simply adjust the ospf cost on each sub-interface. Alan - Original Message - From: "Rajesh Kumar" To: Sent: Monday, May 13, 2002 12:54 PM Subject: Bandwidth command!! [7:44055] > Hi all, > > CCIE Practical studies - Vol I book - EIGRP chapter says that the > bandwidth command used in serial interfaces should be set to a value > equal to the remote port speed to which the serial interface is > connected to. > > [snip] > > My question is - Is it not going to affect the other routing protocols > like OSPF where we set the bandwidth decides the cost of the outgoing > interfaces. > > Can somebody shed some light on this please? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44084&t=44055 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pinging all the way!!! [7:34611]
Sure, that's one way, but the preferred method is to format C:, and install Linux. (Warning: This may cause data loss...) ;) - Original Message - From: "Scott Baron" To: Sent: Wednesday, February 06, 2002 9:27 AM Subject: RE: Pinging all the way!!! [7:34611] > ping -t 198.133.219.25 > > -Original Message- > From: Tel Khan [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 06, 2002 9:22 AM > To: [EMAIL PROTECTED] > Subject: Pinging all the way!!! [7:34611] > > > Hi folks, > As far as i know if you ping an address it will usally responsed with 4 > lines TTL. If i want to continue the ping lets say for over an hour is > there > a command to do this? > > Thanks in advance. > > Tel > > Example: > > C:\>ping cisco.com > > Pinging cisco.com [198.133.219.25] with 32 bytes of data: > > Reply from 198.133.219.25: bytes=32 time=160ms TTL=238 > Reply from 198.133.219.25: bytes=32 time=160ms TTL=238 > Reply from 198.133.219.25: bytes=32 time=160ms TTL=238 > Reply from 198.133.219.25: bytes=32 time=161ms TTL=238 > > Ping statistics for 198.133.219.25: > Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), > Approximate round trip times in milli-seconds: > Minimum = 160ms, Maximum = 161ms, Average = 160ms [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34625&t=34611 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34586]
Well, that's exactly what I'm seeing, but it certainly wasn't what I expected. Nor did it appear to be what our TAC engineer expected... I'm going to get the case notes in the morning, and I'll share them with the list. Thanks for mocking this up Przemek... Now if you can manage to get that config time down to 20 minutes, instead of an hour, you're going to kick butt in the Lab. ;) - Original Message - From: "Przemyslaw Karwasiecki" To: "W. Alan Robertson" Cc: "Peter van Oene" ; "Groupstudy - CCIELAB" ; "Groupstudy - Cisco Certification" Sent: Tuesday, February 05, 2002 10:50 PM Subject: Re: Undocumented iBGP Behavior (Confirmed by Cisco) > I have prepended it in the router in AS3. > > I wanted to simulate longer paths from one of the ASes, > like it happens between AS1 and AS 701 in reality. > > Main point I wanted to prove is that initialy both routers > have all routes, but after BGP converged, righ router (r6) > selected routes learned via iBPG from r5, and withdrawn > routes via AS3 from its advertisments to left router (r5). > > Przemek > > > On Tue, 2002-02-05 at 22:40, W. Alan Robertson wrote: > > How are you ending up with a greater number of AS hops for the route > > on R6 learned via AS3? > > > > > r6#sh ip bgp 10.0.0.0 > > > BGP routing table entry for 10.0.0.0/8, version 3 > > > Paths: (2 available, best #2, table Default-IP-Routing-Table) > > > Advertised to non peer-group peers: > > > 1.1.34.3 > > > 3 3 1 > > ^^^ > > | Why does there seem to be an as-prepend here? --Alan > > > > > 1.1.34.3 from 1.1.34.3 (1.1.34.3) > > > Origin IGP, localpref 100, valid, external > > > 2 1 > > > 1.1.24.2 from 2.2.2.1 (2.2.2.1) > > > Origin IGP, localpref 100, valid, internal, best > > > > Again, in this case, the iBGP learned route is preferred because it is > > only two AS hops away... The externally learned route, from peer > > 1.1.34.3, shows AS3 twice in the path, making this route 3 AS hops > > away. > > > > > > - Original Message - > > From: "Przemyslaw Karwasiecki" > > To: "W. Alan Robertson" > > Cc: "Peter van Oene" ; "Groupstudy - CCIELAB" > > ; "Groupstudy - Cisco Certification" > > > > Sent: Tuesday, February 05, 2002 10:15 PM > > Subject: Re: Undocumented iBGP Behavior (Confirmed by Cisco) > > > > > > > Ok, > > > > > > Lab is done. I expected 20 minutes, it tooks 1 hour. > > > Important lesson about time management learnt :) > > > > > > small legend: > > > r5 and r6 are routers in AS4 > > > > > > If anyone care I can send complete configs. > > > > > > Przemek > > > > > > r5#sh ip bgp summ > > > BGP router identifier 2.2.2.1, local AS number 4 > > > BGP table version is 2, main routing table version 2 > > > 1 network entries and 1 paths using 133 bytes of memory > > > 1 BGP path attribute entries using 60 bytes of memory > > > 1 BGP AS-PATH entries using 24 bytes of memory > > > 0 BGP route-map cache entries using 0 bytes of memory > > > 0 BGP filter-list cache entries using 0 bytes of memory > > > BGP activity 1/9 prefixes, 2/1 paths, scan interval 60 secs > > > > > > NeighborVAS MsgRcvd MsgSent TblVer InQ OutQ Up/Down > > State/PfxRcd > > > 1.1.24.24 2 23 22200 00:18:14 > > 1 > > > 2.2.2.2 4 4 27 26200 00:21:53 > > 0 > > > r5#sh ip bgp 10.0.0.0 > > > BGP routing table entry for 10.0.0.0/8, version 2 > > > Paths: (1 available, best #1, table Default-IP-Routing-Table) > > > Advertised to non peer-group peers: > > > 2.2.2.2 > > > 2 1 > > > 1.1.24.2 from 1.1.24.2 (1.1.1.1) > > > Origin IGP, localpref 100, valid, external, best > > > r5# > > > telnet-server#6 > > > [Resuming connection 6 to r6 ... ] > > > > > > r6#sh ip bgp summ > > > BGP router identifier 2.2.2.2, local AS number 4 > > > BGP table version is 3, main routing table version 3 > > > 1 network entries and 2 paths using 169 bytes of memory > > > 2 BGP path attribute entries using 120 bytes of memory > > > 2 BGP AS-PATH entries using 48 bytes of memory > > > 0 BGP route-map cache entries using 0 bytes of memory > > > 0 BGP filter-list cache entries
Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34582]
How are you ending up with a greater number of AS hops for the route on R6 learned via AS3? > r6#sh ip bgp 10.0.0.0 > BGP routing table entry for 10.0.0.0/8, version 3 > Paths: (2 available, best #2, table Default-IP-Routing-Table) > Advertised to non peer-group peers: > 1.1.34.3 > 3 3 1 ^^^ | Why does there seem to be an as-prepend here? --Alan > 1.1.34.3 from 1.1.34.3 (1.1.34.3) > Origin IGP, localpref 100, valid, external > 2 1 > 1.1.24.2 from 2.2.2.1 (2.2.2.1) > Origin IGP, localpref 100, valid, internal, best Again, in this case, the iBGP learned route is preferred because it is only two AS hops away... The externally learned route, from peer 1.1.34.3, shows AS3 twice in the path, making this route 3 AS hops away. - Original Message - From: "Przemyslaw Karwasiecki" To: "W. Alan Robertson" Cc: "Peter van Oene" ; "Groupstudy - CCIELAB" ; "Groupstudy - Cisco Certification" Sent: Tuesday, February 05, 2002 10:15 PM Subject: Re: Undocumented iBGP Behavior (Confirmed by Cisco) > Ok, > > Lab is done. I expected 20 minutes, it tooks 1 hour. > Important lesson about time management learnt :) > > small legend: > r5 and r6 are routers in AS4 > > If anyone care I can send complete configs. > > Przemek > > r5#sh ip bgp summ > BGP router identifier 2.2.2.1, local AS number 4 > BGP table version is 2, main routing table version 2 > 1 network entries and 1 paths using 133 bytes of memory > 1 BGP path attribute entries using 60 bytes of memory > 1 BGP AS-PATH entries using 24 bytes of memory > 0 BGP route-map cache entries using 0 bytes of memory > 0 BGP filter-list cache entries using 0 bytes of memory > BGP activity 1/9 prefixes, 2/1 paths, scan interval 60 secs > > NeighborVAS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd > 1.1.24.24 2 23 22200 00:18:14 1 > 2.2.2.2 4 4 27 26200 00:21:53 0 > r5#sh ip bgp 10.0.0.0 > BGP routing table entry for 10.0.0.0/8, version 2 > Paths: (1 available, best #1, table Default-IP-Routing-Table) > Advertised to non peer-group peers: > 2.2.2.2 > 2 1 > 1.1.24.2 from 1.1.24.2 (1.1.1.1) > Origin IGP, localpref 100, valid, external, best > r5# > telnet-server#6 > [Resuming connection 6 to r6 ... ] > > r6#sh ip bgp summ > BGP router identifier 2.2.2.2, local AS number 4 > BGP table version is 3, main routing table version 3 > 1 network entries and 2 paths using 169 bytes of memory > 2 BGP path attribute entries using 120 bytes of memory > 2 BGP AS-PATH entries using 48 bytes of memory > 0 BGP route-map cache entries using 0 bytes of memory > 0 BGP filter-list cache entries using 0 bytes of memory > BGP activity 1/6 prefixes, 2/0 paths, scan interval 60 secs > > NeighborVAS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd > 1.1.34.34 3 21 20300 00:15:20 1 > 2.2.2.1 4 4 27 28300 00:22:13 1 > r6#sh ip bgp 10.0.0.0 > BGP routing table entry for 10.0.0.0/8, version 3 > Paths: (2 available, best #2, table Default-IP-Routing-Table) > Advertised to non peer-group peers: > 1.1.34.3 > 3 3 1 > 1.1.34.3 from 1.1.34.3 (1.1.34.3) > Origin IGP, localpref 100, valid, external > 2 1 > 1.1.24.2 from 2.2.2.1 (2.2.2.1) > Origin IGP, localpref 100, valid, internal, best > r6# > > > Once better route is selected in Local-RIB, the other, > previously advertised is withdrawn. > > > > On Tue, 2002-02-05 at 21:15, W. Alan Robertson wrote: > > > If you can, build your test scenario to look like this: > > > > > > [eBGP ] > > ___[AS 1]___ > > | | > > | | > > [ eBGP ] [ eBGP ] > > [ AS 2 ] [ AS 3 ] > > | | > > | | > > | | > > | | > > [ BGP ] [ BGP ] > > [ AS 4 ] [ AS 4 ] > > | | > > | | > > _|___|_ > > > > > > Originate a route (say the 10.0.0.0/8 route) in AS 1, and see what > > happens in AS 4. > > > > You should see two entries for the 10/8 network in 'show ip bgp' > > output, one of which is learned via the eBGP peer, and gets installed > > in your routing table, and the second, learned via the iBGP peer, > > which does not get installed in your routing table. > > > > That is the time-honored behavior, the behavior we've all come to know > > and l
Re: Catalyst 5000 not being routed [7:34566]
Sean, sc0 and the port that the "Default Gateway" device is attached to need to be in the same VLAN. I am uncertain if in your message you mean that you can ping the default gateway from the Catalyst itself, of if you mean that you can ping the gateway device from other stations. I am guessing you meant the latter... - Original Message - From: "Sean Knox" To: Sent: Tuesday, February 05, 2002 9:22 PM Subject: Catalyst 5000 not being routed [7:34566] > Hi folks, > > I assume this is a very simple problem, but it has me stumped. > Despite having set up the sc0 interface, enabling it, and defining a default > route, I am not able to access external subnets. I can ping and telnet to > the default gateway ok however (and vice-versa). I confirmed it is a > configuration problem with the Catalyst as I configured a laptop with the > same IP address and default route as the Catalyst, and it had no problem > reaching external subnets. Before I go on any further, is this because sc0 > is part of vlan1 by default? What else could I be missing? > > - Sean [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34580&t=34566 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34548]
- Original Message - From: "Kent Yu" To: Sent: Tuesday, February 05, 2002 8:30 PM Subject: Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34548] > Alan, > > TAC engineer actually told you this is a new feature? Did you ask him since > when? As I mentioned in another post, my co-worker was the one actually doing the talking. He didn't say it was a feature, but rather "a change in the behavior." To me, a new feature means that I can type in a command, and gain some kind of advantage... This happens all by itself. > BGP only tells its peers the best route it selects, this is not a new > feature, AFAIK. Right... Only routes that actually get selected and installed on a router are eligible to be advertised to other BGP peers (Be they iBGP, or eBGP). That has not changed. > If you consider your AS as one unit, it should look like this: > > For the routes that your AS prefers AS1, in your router connects to AS1, > you will only see one ebgp path for this route, as this is the best path > this router is using, it will tell its ibgp peers which is the router links > to AS701. On the 701 router, you will see two bgp paths with the ibgp path > being preferred, but there is no point for this router to advertise its ebgp > path for this route to the first router, because the ebgp path is not the > best path. All I can tell you is that it always has in the past... That route should sit there, ignored, in the Adj-RIB-in (you should see it in the output of 'sh ip bgp'). That table contains _all_ of the learned paths to a spefic network/prefix, not just the _best_ path. The best path is marked with ">", and is the one that gets installed into the router's routing table, provided the router meets syncrhonization and next-hop-reachability restrictions (which are normally addressed with "no synchronization" and "next-hop-self"). Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34572&t=34548 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34563]
If you can, build your test scenario to look like this: [eBGP ] ___[AS 1]___ | | | | [ eBGP ] [ eBGP ] [ AS 2 ] [ AS 3 ] | | | | | | | | [ BGP ] [ BGP ] [ AS 4 ] [ AS 4 ] | | | | _|___|_ Originate a route (say the 10.0.0.0/8 route) in AS 1, and see what happens in AS 4. You should see two entries for the 10/8 network in 'show ip bgp' output, one of which is learned via the eBGP peer, and gets installed in your routing table, and the second, learned via the iBGP peer, which does not get installed in your routing table. That is the time-honored behavior, the behavior we've all come to know and love since the dawn of time, etc, etc, amen. :) Now, in 12.0(20), this behavior is changed to they behavior I have described in this thread. I don't know when this change occurred, but hope to have that question answered tomorrow. Most of my other BGP customers are running 12.1 stuff... - Original Message - From: "Przemyslaw Karwasiecki" To: "W. Alan Robertson" Cc: "Peter van Oene" ; "Groupstudy - CCIELAB" ; "Groupstudy - Cisco Certification" Sent: Tuesday, February 05, 2002 8:53 PM Subject: Re: Undocumented iBGP Behavior (Confirmed by Cisco) > Yes, it is no brainer. > > My point will be expressed much cleaner if I will > add that second route is learned via iBGP, and first > via eBGP. > > Please see: > r1#sh ip bgp summ > BGP router identifier 10.10.1.1, local AS number 100 > BGP table version is 2, main routing table version 2 > 1 network entries and 1 paths using 133 bytes of memory > 1 BGP path attribute entries using 60 bytes of memory > 1 BGP AS-PATH entries using 24 bytes of memory > 0 BGP route-map cache entries using 0 bytes of memory > 0 BGP filter-list cache entries using 0 bytes of memory > BGP activity 1/8 prefixes, 2/1 paths, scan interval 60 secs > > NeighborVAS MsgRcvd MsgSent TblVer InQ OutQ Up/Down > State/PfxRcd > 10.1.1.84 1 55 55200 > 00:51:291 > 10.10.1.2 4 100 54 53200 > 00:48:570 > r1# > telnet-server#2 > [Resuming connection 2 to r2 ... ] > > r2#sh ip bgp summ > BGP router identifier 172.168.32.1, local AS number 100 > BGP table version is 4, main routing table version 4 > 1 network entries and 2 paths using 169 bytes of memory > 2 BGP path attribute entries using 120 bytes of memory > 2 BGP AS-PATH entries using 48 bytes of memory > 0 BGP route-map cache entries using 0 bytes of memory > 0 BGP filter-list cache entries using 0 bytes of memory > BGP activity 1/13 prefixes, 2/0 paths, scan interval 60 secs > > NeighborVAS MsgRcvd MsgSent TblVer InQ OutQ Up/Down > State/PfxRcd > 10.1.1.64 2 48 49400 > 00:42:301 > 10.10.1.1 4 100 54 55400 > 00:49:081 > r2# > > Please also note that r1 is not learning from r2 via iBGP any routes, > because r2 is not advertising any routes. > > r2#sh ip bgp neighbors 10.10.1.1 advertised-routes > > r2# > > And the reason is that active (selected) bgp route on r2 is learned > from r1 via iBGP so it cannot be advertised back. > > Przemek > > Ps. > Sorry for line wraps, I just switched to Evolution and dont know > yet how to increase line length :-) > > On Tue, 2002-02-05 at 20:44, W. Alan Robertson wrote: > > > > >From your 'sh ip bgp' output, it's a no-brainer that it selected the > > second route... In addition to a Local Preference, you've got AS > > pre-pending occurring on the path learned via 10.1.1.6. These two > > routes are not "equal" in the eyes of BGP... One is a single AS hop > > away, and the other is Four (4) AS Hops away. > > > > You've also originated a route prefix in two separate AS's, which > > while technically possible (I guess), is never supposed to happen. > > > > Alan > > > > - Original Message - > > From: "Przemyslaw Karwasiecki" > > To: "Peter van Oene" > > Cc: "W. Alan Robertson" ; "Groupstudy - > > CCIELAB" ; "Groupstudy - Cisco Certification" > > > > Sent: Tuesday, February 05, 2002 8:27 PM > > Subject: Re: Undocumented iBGP Behavior (Confirmed by Cisco) > > > > > > > After siple lab experiment I need to disagree with your statement. > > > > > > > cisco by default prefers ebgp over ibgp. it should not, by > >
Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34561]
- Original Message - From: "Przemyslaw Karwasiecki" > 5) In phase 5 some of eBGP routes which has lost >in BGP selection in phase 3 and has been advertised >over iBGP in phase 2 needs to be withdrawn Yes, that's exactly what is happening, but that represents a change! (And is ultimately the point of my original post) The selection process hasn't changed... All of the old rules apply... The change is that the iBGP peers never used to issue withdraws in the past. Those alternative, less attractive paths always remained in the Adj-RIB-in table of a router, and if the installed route for a prefix needed to come out due to the loss of an external peer, or a withdraw from that peer, the formerly less attractive route could be promoted, and installed. Now, instead of the local router promoting the less attractive route itself, it does not have that route in it's Adj-RIb-in. It forwards the withdraw notice to it's iBGP peer, which turns around and advertises that prefix back to the peer, and it then gets installed. This represents a change in the way the Cisco code is treating these less preferred routes. As I mentioned in another post, this is a very clever change, in that it reduces the amount of memory consumed by these less preferred routes, and from a functional standpoint, all of the redundancy of full peering connections to multiple upstream ISPs is preserved. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34561&t=34561 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34556]
>From your 'sh ip bgp' output, it's a no-brainer that it selected the second route... In addition to a Local Preference, you've got AS pre-pending occurring on the path learned via 10.1.1.6. These two routes are not "equal" in the eyes of BGP... One is a single AS hop away, and the other is Four (4) AS Hops away. You've also originated a route prefix in two separate AS's, which while technically possible (I guess), is never supposed to happen. Alan - Original Message - From: "Przemyslaw Karwasiecki" To: "Peter van Oene" Cc: "W. Alan Robertson" ; "Groupstudy - CCIELAB" ; "Groupstudy - Cisco Certification" Sent: Tuesday, February 05, 2002 8:27 PM Subject: Re: Undocumented iBGP Behavior (Confirmed by Cisco) > After siple lab experiment I need to disagree with your statement. > > > cisco by default prefers ebgp over ibgp. it should not, by default, enjoy > > the ibgp routes learned from the peer over the ebgp learned routes. > > I belive that you are overinterpreting meaning of administrative > distance. > > You are right that aministrative distance of eBGP routes is 20 > versus 200 for iBGP routes, but in the situation when BGP process > receives 2 routes for the same prefix, it applies first standart > BGP selection mechanism: > http://www.cisco.com/warp/public/459/25.shtml > and after best route is selected it is going to be inserted into > routing table with specific administrative distance. > > I have replicated following scenario in my lab. > > There are 2 external ASes 1, and 2, originating > prefix 1.1.1.0/24 and advertising it to 2 routers > r1 and r2 via eBGP. > > Routers r1 and r2 are iBGP peers. > > Prefix 1.1.1.0/24 originated from AS2 has longer AS_PATH > (as prepend applied 3 times) > > > Please see folowing commands executed on r2: > > r2#sh ip bgp > BGP table version is 4, local router ID is 172.168.32.1 > Status codes: s suppressed, d damped, h history, * valid, > best, i - > internal > Origin codes: i - IGP, e - EGP, ? - incomplete > >Network Next HopMetric LocPrf Weight Path > * 1.1.1.0/24 10.1.1.6 0 0 2 2 2 2 i > *>i 10.1.1.8 0100 0 1 i > r2#sh ip rou > r2#sh ip route > Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP >D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area >N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 >E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP >i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS > inter area >* - candidate default, U - per-user static route, o - ODR >P - periodic downloaded static route > > Gateway of last resort is not set > > 1.0.0.0/24 is subnetted, 1 subnets > B 1.1.1.0 [200/0] via 10.1.1.8, 00:09:26 > 172.168.0.0/24 is subnetted, 1 subnets > C 172.168.32.0 is directly connected, Loopback0 > 10.0.0.0/16 is subnetted, 2 subnets > C 10.10.0.0 is directly connected, Serial0 > C 10.1.0.0 is directly connected, Ethernet0 > r2# > > As you can see, BGP process on r2 selects route learned > from its iBGP peer over route learned via eBGP, > and this route is eventualy inserted to routing table > with administrative distance of 200 > > > Correct me if I am ovrlooking something, > and thank you for excelent idea for testing. > > > Przemek > > > On Tue, 2002-02-05 at 19:35, Peter van Oene wrote: > > cisco by default prefers ebgp over ibgp. it should not, by default, enjoy > > the ibgp routes learned from the peer over the ebgp learned routes. > > > > > > > > At 05:37 PM 2/5/2002 -0500, Przemyslaw Karwasiecki wrote: > > >Correct me if I am wrong but this: > > > > > > > if an iBGP peer learns that another iBGP peer already has a better > > > > route to a specific prefix, it will issue a withdrawl to that peer > > > > for the prefix(es). > > > > > >is perfectly normal, standart behaviour. > > >If your Genuity route is better, you will select this route > > >in your routing table, and if by any chance before you had > > >there UUNET route which you have advertised, you need to send > > >update with new, better, selected route. > > > > > >BGP will never advertise both routes. > > >This is distant vector after all. > > > > > >So if during convergence phase your route selection > > >is shuffling your routes in your Loc-RIB, you should > > >to expect serie
Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34550]
- Original Message - From: "Ouellette, Tim" > The 2nd router that only has 700 routes in it's routing > table that it learned from it's IBGP still has the other > 103k routes in it's adj-rib-in from it's ebgp peer right, > they are just sitting dormant? So if the other router > somehow lost it's ebgp peer, it'll send withdraws to the > ibgp peer and the other guy will take over with 104k > routes correct? Exactly... > Could you define what you meant buy "if an iBGP peer > learns that another iBGP peer already has a better route > to a specific prefix, it will issue a withdrawl to that > peer for the prefix(es)." Let me see if I can articulate that a little better... [ eBGP ] [ eBGP ] [AS 701] [ AS 1 ] | | 104k| |104K | | | | [ BGP ] [ BGP ] [AS "X"] [AS "X"] | | | My router that connects to AS 1 has learned roughly 104k prefixes via eBGP... My router that connects to AS 701 has also learned roughly 104k prefixes via eBGP... Via iBGP, the AS1 connected router tells my other router of the 104k prefixes that it has learned... At the same time, my AS701 connected router is transmitting the 104k prefixes it has learned to the AS1 connected router... Once each of my routers has finished their mutual exchange of routes, the AS701 connected router sees that for all but approximately 700 prefixes, the AS1 connected router has an equally good path, and via the iBGP connection, he issues withdraws for 103.3k of the routes that he had previously announced to my other router... At this point, each of the routers has a full table learned via eBGP, and 'show ip route' yields about 4 gazillion pages of output... A 'show ip bgp' also yields a ton of output, but the AS701 connected router shows two entries for each prefix (One learned via the external peer, and one learned via the internal peer), but the AS1 connected router has a single entry per prefix. > If both of those routers are receiving full routes, and > without any other configuration, how would the routes > learned from one provider be any better than the other? With no additional configuration, "customer" routes (those that originate in a directly connected external AS, or are a single hop away, if single homed) would be fewer AS hops away... They would be preferred... > Thanks and great post! Thank you... > ;) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34550&t=34550 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34548]
Yes it does, and that would determine which of the two available routes makes it into the actual IP routing table... It does not explain why the router only has one BGP learned route to choose from... - Original Message - From: "Peter van Oene" To: "Przemyslaw Karwasiecki" ; "W. Alan Robertson" Cc: "Groupstudy - CCIELAB" ; "Groupstudy - Cisco Certification" Sent: Tuesday, February 05, 2002 7:35 PM Subject: Re: Undocumented iBGP Behavior (Confirmed by Cisco) > cisco by default prefers ebgp over ibgp. it should not, by default, enjoy > the ibgp routes learned from the peer over the ebgp learned routes. > > > > At 05:37 PM 2/5/2002 -0500, Przemyslaw Karwasiecki wrote: > >Correct me if I am wrong but this: > > > > > if an iBGP peer learns that another iBGP peer already has a better > > > route to a specific prefix, it will issue a withdrawl to that peer > > > for the prefix(es). > > > >is perfectly normal, standart behaviour. > >If your Genuity route is better, you will select this route > >in your routing table, and if by any chance before you had > >there UUNET route which you have advertised, you need to send > >update with new, better, selected route. > > > >BGP will never advertise both routes. > >This is distant vector after all. > > > >So if during convergence phase your route selection > >is shuffling your routes in your Loc-RIB, you should > >to expect series of updates to follow up. > > > >Przemek > > > > > >On Tue, 2002-02-05 at 16:45, W. Alan Robertson wrote: > > > Folks, > > > > > > Just to let you know, I ran across what looked like a bug in Cisco's > > > BGP code... Turns out, this is undocumented new behavior. > > > > > > We just deployed a pair of 3640s for one of our customers, for > > > dual-router, dual-homed Internet connectivity. We are taking full > > > tables from Genuity (AS 1), and Worldcom (AS 701). > > > > > > Each router was learning 104,000+ prefixes from each of the external > > > peers, but the iBGP peering was acting really strange. One of the > > > routers was learning the full table from the other, but the second > > > router was only taking like 700 prefixes. > > > > > > When we cleared the internal peer (soft or hard), we could see the > > > whole table being transferred... It would climb as though it were > > > going to learn them all, and then as it approached 100,000 prefixes, > > > it would rapidly drop back down to 700. I debugged the iBGP peer, and > > > saw it issuing withdrawls for all of these routes. > > > > > > We opened a ticket with the TAC, and they initially believed it to be > > > a bug as well. Upon further review, they came back and told us that > > > this was the desired behavior in the newer code (We are running > > > 12.0(20) on these boxes). In order to conserve memory, and processor, > > > if an iBGP peer learns that another iBGP peer already has a better > > > route to a specific prefix, it will issue a withdrawl to that peer > > > for the prefix(es). > > > > > > I spent quite a while second guessing what seemed to be a very simple, > > > straighforward configuration. I have done several near identical > > > deployments in the past. > > > > > > I guess the moral is this: If you know your config is correct, and > > > the router behavior is not what you expect, do not hesitate to call > > > the TAC. > > > > > > I hope they are as helpful on Monday, when I call them from the CCIE > > > Lab in RTP. ;) > > > > > > Regards... > > > > > > Alan > > > _ > > > CCIE Security list: http://www.groupstudy.com/list/security.html > >_ > >CCIE Security list: http://www.groupstudy.com/list/security.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34548&t=34548 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34546]
I mis-spoke... Naturally, only one of the routes will make it into the actual routing table (unless there are two equal cost paths, and you have enabled 'maximum-paths 2' or better). I should have said that these routes were not in the Loc-RIB table... A 'show ip bgp' revealed a single entry for each prefix, where there ought to have been two (one learned via the eBGP peer, and a second learned via the iBGP peer). Under normal circumstances, the eBGP learned prefix would be flagged with the '>', indicating that it was the perferred route, and installed in the actual routing table. - Original Message - From: "Przemyslaw Karwasiecki" To: "W. Alan Robertson" Cc: "Groupstudy - CCIELAB" ; "Groupstudy - Cisco Certification" Sent: Tuesday, February 05, 2002 5:37 PM Subject: Re: Undocumented iBGP Behavior (Confirmed by Cisco) > Correct me if I am wrong but this: > > > if an iBGP peer learns that another iBGP peer already > > has a better route to a specific prefix, it will issue a > > withdrawl to that peer for the prefix(es). > > is perfectly normal, standart behaviour. > If your Genuity route is better, you will select this route > in your routing table, and if by any chance before you had > there UUNET route which you have advertised, you need > to send update with new, better, selected route. > > BGP will never advertise both routes. > This is distant vector after all. > > So if during convergence phase your route selection > is shuffling your routes in your Loc-RIB, you should > to expect series of updates to follow up. > > Przemek > > > On Tue, 2002-02-05 at 16:45, W. Alan Robertson wrote: > > Folks, > > > > Just to let you know, I ran across what looked like a bug in Cisco's > > BGP code... Turns out, this is undocumented new behavior. > > > > We just deployed a pair of 3640s for one of our customers, for > > dual-router, dual-homed Internet connectivity. We are taking full > > tables from Genuity (AS 1), and Worldcom (AS 701). > > > > Each router was learning 104,000+ prefixes from each of the external > > peers, but the iBGP peering was acting really strange. One of the > > routers was learning the full table from the other, but the second > > router was only taking like 700 prefixes. > > > > When we cleared the internal peer (soft or hard), we could see the > > whole table being transferred... It would climb as though it were > > going to learn them all, and then as it approached 100,000 prefixes, > > it would rapidly drop back down to 700. I debugged the iBGP peer, and > > saw it issuing withdrawls for all of these routes. > > > > We opened a ticket with the TAC, and they initially believed it to be > > a bug as well. Upon further review, they came back and told us that > > this was the desired behavior in the newer code (We are running > > 12.0(20) on these boxes). In order to conserve memory, and processor, > > if an iBGP peer learns that another iBGP peer already has a better > > route to a specific prefix, it will issue a withdrawl to that peer > > for the prefix(es). > > > > I spent quite a while second guessing what seemed to be a very simple, > > straighforward configuration. I have done several near identical > > deployments in the past. > > > > I guess the moral is this: If you know your config is correct, and > > the router behavior is not what you expect, do not hesitate to call > > the TAC. > > > > I hope they are as helpful on Monday, when I call them from the CCIE > > Lab in RTP. ;) > > > > Regards... > > > > Alan > > _ > > CCIE Security list: http://www.groupstudy.com/list/security.html > _ > CCIE Security list: http://www.groupstudy.com/list/security.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34546&t=34546 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Undocumented iBGP Behavior (Confirmed by Cisco) [7:34541]
Yes, it does... So, if the Router with 104k routes from iBGP, and eBGP, loses one from his eBGP neighbor, he will issue a withdrawl to the iBGP peer. The iBGP peer will turn around an announce that it has a route to that prefix... I understand why this sounds, on the surface, like a terrible thing. In practice, however, it works very well, and makes a lot of sense. I didn't open the case directly (my co-worker did while I was staring at telnet sessions, and cursing under my breath), and I didn't get a chance to ask if this behavior could be disabled. The case is still open, and I'll find out tomorrow. If there's no switch to turn it off, I'll certainly ask for it to be added. Alan - Original Message - From: "Przemyslaw Karwasiecki" To: "Manny Gonzalez" Cc: "W. Alan Robertson" ; "Groupstudy - CCIELAB" ; "Groupstudy - Cisco Certification" Sent: Tuesday, February 05, 2002 5:50 PM Subject: Re: Undocumented iBGP Behavior (Confirmed by Cisco) > Alan, > > This router with 700 routes via iBGP does have remaining 103300 routes, > but from eBGP, right? > > Przemek > > > On Tue, 2002-02-05 at 17:33, Manny Gonzalez wrote: > > Is there a STOP command? Something to let us turn that behaviour off? > > The way I see it is, if the router with the 104000+ routes suddenly > > dies, the other router (the one with 700 routes) has to then get all > > these routes from it's remote-as peer and that could take a while (if > > never, or until refreshed) Unless I missed something in your email, this > > is not what would like my routers to behave like... > > > > :-)) > > > > "W. Alan Robertson" wrote: > > > > > > Folks, > > > > > > Just to let you know, I ran across what looked like a bug in Cisco's > > > BGP code... Turns out, this is undocumented new behavior. > > > > > > We just deployed a pair of 3640s for one of our customers, for > > > dual-router, dual-homed Internet connectivity. We are taking full > > > tables from Genuity (AS 1), and Worldcom (AS 701). > > > > > > Each router was learning 104,000+ prefixes from each of the external > > > peers, but the iBGP peering was acting really strange. One of the > > > routers was learning the full table from the other, but the second > > > router was only taking like 700 prefixes. > > > > > > When we cleared the internal peer (soft or hard), we could see the > > > whole table being transferred... It would climb as though it were > > > going to learn them all, and then as it approached 100,000 prefixes, > > > it would rapidly drop back down to 700. I debugged the iBGP peer, and > > > saw it issuing withdrawls for all of these routes. > > > > > > We opened a ticket with the TAC, and they initially believed it to be > > > a bug as well. Upon further review, they came back and told us that > > > this was the desired behavior in the newer code (We are running > > > 12.0(20) on these boxes). In order to conserve memory, and processor, > > > if an iBGP peer learns that another iBGP peer already has a better > > > route to a specific prefix, it will issue a withdrawl to that peer > > > for the prefix(es). > > > > > > I spent quite a while second guessing what seemed to be a very simple, > > > straighforward configuration. I have done several near identical > > > deployments in the past. > > > > > > I guess the moral is this: If you know your config is correct, and > > > the router behavior is not what you expect, do not hesitate to call > > > the TAC. > > > > > > I hope they are as helpful on Monday, when I call them from the CCIE > > > Lab in RTP. ;) > > > > > > Regards... > > > > > > Alan > > > _ > > > CCIE Security list: http://www.groupstudy.com/list/security.html > > _ > > CCIE Security list: http://www.groupstudy.com/list/security.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34541&t=34541 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Undocumented iBGP Behavior (Confirmed by Cisco) [7:34521]
Folks, Just to let you know, I ran across what looked like a bug in Cisco's BGP code... Turns out, this is undocumented new behavior. We just deployed a pair of 3640s for one of our customers, for dual-router, dual-homed Internet connectivity. We are taking full tables from Genuity (AS 1), and Worldcom (AS 701). Each router was learning 104,000+ prefixes from each of the external peers, but the iBGP peering was acting really strange. One of the routers was learning the full table from the other, but the second router was only taking like 700 prefixes. When we cleared the internal peer (soft or hard), we could see the whole table being transferred... It would climb as though it were going to learn them all, and then as it approached 100,000 prefixes, it would rapidly drop back down to 700. I debugged the iBGP peer, and saw it issuing withdrawls for all of these routes. We opened a ticket with the TAC, and they initially believed it to be a bug as well. Upon further review, they came back and told us that this was the desired behavior in the newer code (We are running 12.0(20) on these boxes). In order to conserve memory, and processor, if an iBGP peer learns that another iBGP peer already has a better route to a specific prefix, it will issue a withdrawl to that peer for the prefix(es). I spent quite a while second guessing what seemed to be a very simple, straighforward configuration. I have done several near identical deployments in the past. I guess the moral is this: If you know your config is correct, and the router behavior is not what you expect, do not hesitate to call the TAC. I hope they are as helpful on Monday, when I call them from the CCIE Lab in RTP. ;) Regards... Alan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34521&t=34521 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN PRI to BRI [7:33882]
When you order a PRI, you don't get individual SPIDs for each channel. You get a single phone number, and inbound connections are handled round-robin. Each of your satellite locations will be configured to dial to the same point. The first inbound call is routed to Channel 1, the second to Channel 2, etc. Alan - Original Message - From: "Muthuraja Ayyanar" To: Sent: Thursday, January 31, 2002 12:14 PM Subject: ISDN PRI to BRI [7:33882] > Hello All, > > when i order and get a ISDN PRI will i get 23/24 SPID ?? I know when i order > ISDN BRI i will get two SPID for the two B channels and trying to understand > how it would be for ISDN PRI , let's say if i want to provide ISDN dial > backup from abt 15 spokes ( BRI) to central site ( ISDN PRI) , i would go > abt and order 15 ISDN BRI for individual spokes , what would i get in terms > of identification if i order a ISDN PRI ?? Is it just one SPID ? > > Appreciate your assitance, > > Muthu Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33907&t=33882 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2924XL and Blue Screen of Death: Resolved [7:33203]
Actually, It's not just spanning-tree that causes it... Are you familiar with "set port host?" It's a macro in newer CatOS. In addition to enabling portfast on a port, it also disables channel and trunk negotiation, with is enabled by default. On older CatOS code, you have to perform each of these three steps independantly, but you can achieve the same results. This has always corrected the problem for me... HTH, Alan - Original Message - From: "John Neiberger" To: Sent: Friday, January 25, 2002 12:17 PM Subject: RE: 2924XL and Blue Screen of Death: Resolved [7:33203] > I don't think the issue is the switch, but the fact that spanning tree > is running. I would guess that any feature that causes the network to > be unavailable when one of these machines boots up would cause this > problem. In fact, it happens even if you're not connected to the > network at all. > > The problem appears to be a combination of issues with the NIC and the > new Novell Client software. This problem does not occur in the previous > software with these same NICs. > > John > > >>> "Bill Carter" 1/25/02 10:13:01 AM >>> > I wonder if these cards would have problems with 3Com switches > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > John Neiberger > Sent: Friday, January 25, 2002 9:58 AM > To: [EMAIL PROTECTED] > Subject: 2924XL and Blue Screen of Death: Resolved [7:33203] > > > Well, sort of resolved. This turned out to be a known issue with Dell > machines, specifically machines using a 3COM 3C905C NIC. They expect > the network to be available almost immediately upon bootup and can't > handle the delay caused by spanning tree. In some cases, even > portfast > did not reduce the time sufficiently. > > So, watch out for those 3COM NICs! > > John [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33226&t=33203 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Parkhurst Ch. 8, first lab, RESOLVED [7:30317]
Chuck, Can you contact my privately? Alan - Original Message - From: "Chuck Larrieu" To: Sent: Friday, December 28, 2001 2:51 PM Subject: Re: Parkhurst Ch. 8, first lab, RESOLVED [7:30317] > my version of ( C2500-JOS56I-L), Version 12.1(11), also works. this is the > version Cisco let me download after I reported the bug where entering the > BGP default-information orginate command caused routers to reload. I am > still not sure if the image I have is the one available in the normal > download area. for obvious reasons I am reluctant to experiment. > > HTH > > Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30372&t=30317 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Will One Of Your New Year's Resolutions Be To Save [7:30286]
> > PAY ONLY - 4.9 CENTS PER MINUTE! > > On All Interstate Long Distance Phone Calls. > Actually I find it cheaper by using two cans and a string. What? Nobody converting to VOIP in their homes? Why are we paying for these broadband connections? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30286&t=30286 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT - My Employer's VPN! I'm so happy!! [7:30272]
You do indeed hope that it's one of their VPN Concentrators... I've set up three of those things for three different clients in the past three weeks. They are super sweet! My favorite installation so far was integrated into the networks OSPF routing domain, and utilized SecureID/Radius for user authentication. I also got to dink around with one of the 3002 Hardware clients, which basically provides the VPN connection for an entire remote location (Small LAN... 8-ish users). You should not be some random beta tester though, Chuck... You ought to be on the head-end side. What is your company thinking? - Original Message - From: "Chuck Larrieu" To: Sent: Thursday, December 27, 2001 10:08 PM Subject: Off Topic - My Employer's VPN! I'm so happy!! [7:30267] > Off topic VPN comment. My employer is FINALLY moving to VPN access to our > company network. This instead of that crappy ISDN RAS telco solution they've > been running for years. I'm so lucky to have been chosen as one of the beta > testers. Probably because I've been complaining so loud for so long. > > In any case, our laptops are Window NT 4.0 and W2K. the client is the Cisco > secure client, and because we are a Cisco partner, I presume that we are > connecting via one of another of the Cisco VPN products. One can hope it is > a CVPN3xxx box, but with my employer, you never can tell ;-> > > In any case, the scripted installation worked like a charm and I am happy as > a clam doing company work via a much faster connection. In my job I often > have to move some very large Excel and Visio files from here to there. Not > to mention the kinds of things I have to download from vendor sites for > study and meeting preparation. > > So yes VPN stuff can work, can be easy ( recognizing the front end > preparation that obviously took place ) and so far, the Cisco client has > been flawless to work with. Knock on my wooden head :-> > > I know there are a lot of people from my company who read this list. All I > can say is I hope you keep the pressure up on your managers. this is so much > better! > > Chuck [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30272&t=30272 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Mask in L3 Packet [7:29182]
What you have just described is commonly referred to as "A Duplicate IP Address," and is considered in some circles to be bad practice. ;) Let's see if I can explain this well... A host device knows two categories of addresses... Those that are local, and those that are not. When a host attempts to send a packet to another host, it decides based on it's own address and locally configured subnet mask whether or not it will have to send the packet to a router in order to get the packet to the destination. To modify your scenario: Let's say Host A (172.16.1.1/16) wants to send a packet to Host B (172.16.2.1/24). Host A believes that his local network is 172.16.0.0, and that every other host with an IP address that begins with 172.16 is locally attached. Host A would send the packet out as though Host B were local, instead of sending it to a router. In the reverse case, where Host B wants to send a packet to Host A, Host B believes that his local network is 172.16.2.0 (And that the third octet, the '2', is part of the network identifation), and that Host A, with an address of 172.16.1.1, is not local. He would send the packet to a router. Subnet masks are a Local thing. I hope this helps... Alan~ - Original Message - From: "Steven A. Ridder" To: Sent: Friday, December 14, 2001 2:07 PM Subject: Re: Mask in L3 Packet [7:29182] > Say I have 2 networks: > > Network 1. 172.16.x.x/16 > and > Network 2. 172.16.2.x/24 > > We all agree that they are two different networks, right? > > Now if Host A on > Network 1 is 172.16.2.1/16 > > and > > Host B is on Network 2 is 172.16.2.1/24, > > How does the host know that the second host is on a different network? Are > they differnt addresses because of the mask, or are they considered the same > address regardless of mask, and therefore illegal? I understand ANDing on > the local host. It's just if 2 hosts had the same numbers, only marked > differently by the mask, are they the same or not? [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29241&t=29182 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What about ISIS? Re: OSPF or EIGRP [7:28966]
John, Technologically speaking, IS-IS would probably be very well suited to such an environment, but more often than not, IS-IS only hits on two of the three criteria I most base a selection on: 1.Topology - Good Fit. Unlike OSPF, IS-IS isn't limited to a two-tier hierarchy, nor is there a need for a single "core". This flexibility can carry you a long way. 2.Design Goals - Good Fit. No question that you'll get good route selection, and "most direct" traffic flows, considering roughly equal amounts of traffic between each of the satellite locations, and the three main locations. 3.Supportable - ??? - This is usually the "Gotcha" that takes IS-IS out of the running in selecting a routing protocol. Like you mentioned, there just aren't a whole lot of people with a good deal of IS-IS experience, and those that have it are typically working in Big ISP environments, not "Corporate" networks. If this were for my own network, yeah, I could probably go with IS-IS and lead a happy life... As fate would have it, I design, deploy, and troubleshoot networks for other people (I'm a consultant). When I mention IS-IS to my cleints, they think I am referring to a goddess from the ancient Egyptian pantheon, or the kids TV show that ran parallel to Captain Marvel during the '70s (I loved his cape... Looked like it was made from Paper Towels). They don't know that there's a routing protocol of the same name. In Europe, perhaps there is a greater awareness of IS-IS in non-ISP environments, but in here in the US, it continues to languish for the most part as "The Undiscovered Protocol." Alan~ - Original Message - From: "John Neiberger" To: ; Sent: Thursday, December 13, 2001 2:50 PM Subject: What about ISIS? Re: OSPF or EIGRP [7:28966] > In an environment that large with no clearly defined > area 0, would not IS-IS also be a viable choice from > a technological standpoint? I understand that not as > many people are familiar with it but it seems like it > might be a good fit there. > > It seems like the argument is always EIGRP vs > OSPF, but I think people really should consider > IS-IS in the mix if it fits. > > What are your thoughts? > > John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29137&t=28966 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What is our Quest? [7:29085]
I don't know why that message appeared to come from both Howard and Me... Mail client snafu... I doubt I could duplicate it. - Original Message - From: "W. Alan Robertson" ; To: Sent: Thursday, December 13, 2001 1:10 PM Subject: Re: What is our Quest? [7:29085] > [snip] > > > In Pythonesque terms, Type 3 scenarios teach you > > to deal with the troll, but with the issue being the > > clock rather than the velocity of the sparrow. > > [snip] > > Wait for it... > > "African or European?" [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29128&t=29085 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF or EIGRP [7:28966]
One reason that you may prefer EIGRP over OSPF would be in a particluarly "meshy" environment. In an OSPF network, inter-area traffic must pass through area zero (commonly called the core). Traffic between Areas 1 and 2 must be sent through Area 0, even if Areas 1 and 2 have a direct connection. This is the default behavior, which can be addressed in a number of ways (virtual links, extending area 0, etc), but you'd hardly want to start off having to resort to this kind of trickery. EIGRP, on the other hand, would handle this configuration out of the box, and you would get desirable traffic flows without having to do anything fancy. 1 year ago, I was deploying a network for a large federal institution that had 3 Main locations, and over 2000 satellite locations that were triple homed to each... The main locations had dozens of routers, and each router hundreds of connections (Frame-relay circuits, with a lot of DLCIs per circuit). There was no good location to define as Area 0, as an equal amount of traffic would be going to each of the 3 main locations. OSPF, as much as I like it, is not well suited to an environment like this. EIGRP, with a good addressing plan, and good summarization, handles it like a champ, and will continue to scale even if they add another 2000 sites. Summarize everything you can, everywhere that you can, and keep that in mind while figuring out your addressing. The biggest mistake that people make when deploying, or living with, and OSPF network, is that they tend to get sloppy with Area 0. If your topology doesn't allow for a clearly defined core, then you probably shouldn't try to force it... OSPF will make you pay later, and dearly. Look at your topology, and the flow of traffic that you anticipate... >From what you have described below, you seem to have a topolgy that would probably work well with OSPF. It sounds like you will have a Core location, and that you anticipate any Remote-site to Remote-site traffic to come through the core anyway. OSPF will probably work out well for you, but don't feel like you have to switch to it. An elegantly designed network, with good addressing and summarization is impressive regardless of routing protocol. Don't let it become a Holy War... Protocol selection should be dictated by topology, design goals, and supporability (Does your networking Team have sufficient experience with OSPF? They already know, or are at least familiar with EIGRP); don't let it become about religion. ;) Alan~ - Original Message - From: "Mears, Rob" To: Sent: Thursday, December 13, 2001 12:40 PM Subject: RE: OSPF or EIGRP [7:28966] > Hi All, > > To your question; we are, as all should be, a pure IP and Cisco shop (:. > As to why we originally went Eigrp, who knows it was before my time but I > would guess Cisco had some influence on it, but now we are growing and plan, > no not plan but have bought the routers\switches for 400 locations and will > be deploying @ the beginning of the year. > > I know EIGRP will scale well and will handle our growth for the time being. > As my research points, we will be good with EIGRP for a long time and the > differences I found between the two are really nominal. But since the > network we are rolling out is in parallel to the present, we do not have to > worry about the migration part, so we have the opportunity to do it right > and impress people long after I am gone. > > So correct me where I am wrong and please show me the light OSPF or EIGRP. > > > Thanks > Rob > > -Original Message- > From: Gregg Malcolm [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 12, 2001 3:40 PM > To: [EMAIL PROTECTED] > Subject: Re: OSPF or EIGRP [7:28966] > > Rob, > > Few questions. What routed protocols you plan to run? Just IP or > IP/IPX/AT,etc.? Any other vendor equipment other than cisco? Firewalls > running OSPF for failover? Why did you initially choose EIGRP? Does the > network design lend itself well to a backbone area? Redundant links > (including DDR) ? > > I think if you can answer some of these questions, it will help the group > give you a better response. > > Gregg > > > ""Mears, Rob"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi all, > > > > We are in the middle of building out a new ATM network for the Core and on > > the outside we are going to be running about 80 3640 or 2600. We are in a > > big debate about the routing protocol, we are currently EIGRP. > > > > I have collected lots of info off Cisco's Web site about the two but > wanted > > to hear it from the Engineers in the trenches. > > What's your take on it? If it were you what would you run (EIGRP, OSPF) > and > > why? > > > > > > > > Thanks > > Rob [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29125&t=28966 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report mi
Re: What is our Quest? [7:29085]
[snip] > In Pythonesque terms, Type 3 scenarios teach you > to deal with the troll, but with the issue being the > clock rather than the velocity of the sparrow. [snip] Wait for it... "African or European?" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29109&t=29085 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF or EIGRP [7:28966]
This is wisdom... I can only add that the whole "EIGRP v OSPF" debate, and EIGRP's alleged scaling problems are mostly related to the lack of clueful design from the onset. The things you have to do to get good scaling from EIGRP are the very same things you do by default when designing for OSPF (ie: Good Hierarchical IP Design, effective summarization, etc). When designing an OSPF network, things are things that *must* be taken into account at the beginning. More often than not, in an EIGRP network, these things have been overlooked because EIGRP does not strictly require them in a small to medium-ish environment, and as a result, when the environment grows larger, these poor design choices manifest themselves as instability, and people tend to blame the protocol, rather than themselves. Had they followed good design principles from the beginning, they would most likely be satisfied by EIGRP's stability and scalability. That said, a good understanding of OSPF will make a person a better engineer/designer in the EIGRP arena as well. Good practice applies equally to the two protocols. - Original Message - From: "Howard C. Berkowitz" To: Sent: Thursday, December 13, 2001 10:06 AM Subject: Re: OSPF or EIGRP [7:28966] > He observed "to build big networks, you have to have clue what you are > doing." > > Then, he burped. Man does not own beer; man only leases it. > > "But, EIGRP allows you to be clueless and survive longer than OSPF." > > The two of us generally preferred using OSPF, unless there was a > specific need for Apple or Novell. But, in fairness, we are both very > experienced network architects, and our experience has taught us that > rigorous design at the start of a network design leads to much easier > lives when you have to expand and troubleshoot. OSPF _forces_ you to > do that design, while EIGRP won't at first -- but may need it when > you scale. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29090&t=28966 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: how to change the serial port IP of remote end [7:28665]
Scott mentions the safest way to do this, which is to have out-of-band remote console access to the far side equipment. If you're provisioned for this, great... If not, setting it up may be more trouble than it's worth. Assuming you don't have dial-up access to the remote equipment, here's what I'd do: 1.On the far side equipment, issue the reload command, with a 10 minute delay. 2.Change the far side IP address, which will sever your connectivity temporarily. 3.Change the local IP address. 4.Verify that connectivity has been restored (Attempt to ping the remote side at it's new address). 5.Telnet back into the remote equipment, and cancel the pending reload. 6.Save your configs. "reload in XX" (where XX equals a number of minues) is a lifesaver, and armed with that command, all manner risk associated with remote reconfiguration can be minimized. In this example, should something so horribly awry, in 10 minutes, connectivity would be restored. Good luck... - Original Message - From: "Scott Hoover" To: Sent: Monday, December 10, 2001 8:50 AM Subject: Re: how to change the serial port IP of remote end [7:28665] > You need some sort of console connection to the remote router, be it direct > connect or dial-up through the aux. port. If you try to do it over the > primary circuit, you will lose your connection as soon as you hit enter. > > > ""Rajneesh Yadav"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi all, > > > > I want to change serial IP of my both the router one is placed in UK.so my > > question is,can i change it remotely and how its possible.please if > anyboby > > can help me out. > > > > Regards > > > > Rajneesh [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28684&t=28665 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What's the critical difference between level 3 switching [7:28414]
Just to follow up what Chuck said, understand that the "Layer-3 Switching" phenomena is a means of countering the performance penalty commonly associated with Network layer forwarding, as compared to Data-link layer forwarding. The practical reality used to be that bridging/switching was faster than routing. Much of this was due to the implementation of the forwarding mechanism being moved to hardware in the form of ASICs (Application Specific Integrated Circuits). Layer-3 switching solutions have reduced the "Routing penalty" by again moving some of the forwarding mechanism to hardware... The basic difference is that a switch used to cache the MAC infomation only... Now, in a Layer-3 enabled switch, it caches both the MAC information, and the IP information for each connected device. In essence, the switch now acts as a router, but can do packet forwarding at near wire-speed, a claim that traditional routers could not boast. - Original Message - From: "Chuck Larrieu" To: Sent: Thursday, December 06, 2001 6:01 PM Subject: RE: What's the critical difference between level 3 switching > so says the market speak. > > in terms of how things really work, it makes not > one whit of difference how the forwarding cache > is constructed. look at bits C through D to determine > the MAC or bits A through B to determine the IP > address. The processor can do either one about as > fast. The layer three header still has to be stripped > before placing the packet on the local wire, which > operates at the MAC layer anyway. > > so my cache can say that MAC .. is > out port 4 or it can say 192.168.1.1 is out port 4. > No difference. I'm guessing the gains here are in > that a separate lookup or process does not have > to be involved, meaning there is a performance > enhancement if "layer 3" switching is used. > > as far as placing the packet onto the local wire, > it shouldn't matter. > > Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28414&t=28414 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Keep losing Cisco 3640 startup config [7:14376]
I would begin by checking my config register... It sounds like it may be set to bypass the stored config. - Original Message - From: "kwock99" To: Sent: Tuesday, July 31, 2001 12:30 PM Subject: Keep losing Cisco 3640 startup config [7:14376] > Hi, > > I have a Cisco 3640 router and found that everytime I power down the router, > the startup config is missing and restart the "setup". > > I have "copy run start" many times. > > Anyone has the idea to fix it? > > > Best regards > Francis Tsui [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14379&t=14376 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP, TCP, & Firewalls [7:14286]
John, Not to the best of my knowledge... The way I understand it, after you've got each router configured, they will each periodically attempt to bring up the session. This session is like any other normal TCP session. The initiator uses an arbitrary port above 1024 to originate, and attempts to connect to the other router on well-known port 179. All traffic will flow across this connection. Alan - Original Message - From: "John Abruzzese" To: "W. Alan Robertson" ; Sent: Tuesday, July 31, 2001 3:04 AM Subject: Re: BGP, TCP, & Firewalls [7:14286] > Alan, > > When trying to connect to a peer using eBGP don't both routers have to allow > port 179 inbound to complete the BGP synchronization process before 2 eBGP > speakers can talk? like the notification process etc? Just wondering. > > John > > - Original Message - > From: "W. Alan Robertson" > To: > Sent: Monday, July 30, 2001 4:53 PM > Subject: Re: BGP, TCP, & Firewalls [7:14286] > > > > Yes, you need to allow TCP port 179 outbound... This way, only your > > internal BGP speaker will be allowed to initiate the connection, and > > external probes inbound on 179 will fail (No need to let those nasty > > hacker know that you're running BGP through the firewall, right?). > > > > Alan > > > > - Original Message - > > From: "Circusnuts" > > To: > > Sent: Monday, July 30, 2001 7:14 PM > > Subject: BGP, TCP, & Firewalls [7:14286] > > > > > > > I'm surveying a project I have been slated for @ work & I was > > wondering if > > > the > > > BGP guru's could help clear-up a question. If I were to run > > internal BGP & > > > external BGP, am I forced to leave a TCP port open in the firewall > > ??? > > > > > > I had not an answer when the customer asked me this :-P > > > > > > Thanks > > > Phil > > [EMAIL PROTECTED] [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14299&t=14286 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP, TCP, & Firewalls [7:14286]
Yes, you need to allow TCP port 179 outbound... This way, only your internal BGP speaker will be allowed to initiate the connection, and external probes inbound on 179 will fail (No need to let those nasty hacker know that you're running BGP through the firewall, right?). Alan - Original Message - From: "Circusnuts" To: Sent: Monday, July 30, 2001 7:14 PM Subject: BGP, TCP, & Firewalls [7:14286] > I'm surveying a project I have been slated for @ work & I was wondering if > the > BGP guru's could help clear-up a question. If I were to run internal BGP & > external BGP, am I forced to leave a TCP port open in the firewall ??? > > I had not an answer when the customer asked me this :-P > > Thanks > Phil [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14292&t=14286 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: access list w/ prime numers [7:14117]
At first I thought this was a joke... It can however, be done, but certainly on in a 1-line access-list... You'd basically have: deny 192.168.1.2 deny 192.168.1.3 deny 192.168.1.5 deny 192.168.1.7 deny 192.168.1.11 ...to whatever the greatest prime is below 254... For exact syntax, read a book. :) Alan - Original Message - From: "Wojtek Zlobicki" To: Sent: Monday, July 30, 2001 11:54 AM Subject: Re: access list w/ prime numers [7:14117] > > Hola All! > > > > I want to set up an access list that do the following: > > deny all packets from subnet 192.168.1.0 with last octect a prime numer. > > I dont think you realize the complexity of what you are asking for. This is > a very complex rule (I sure would not my router making such decisions, they > would be very time consuming). If I am wrong and this is a true rule, I > shall pay homage to the router gods.. [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14201&t=14117 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Re: 1,000 Commission Per Sale! (Hmm... Smells like Spam [7:13924]
My Favorite Part is the .sig block: [snip] __ We strongly oppose the use of SPAM email and do not want anyone who does not wish to receive our mailings to receive them. As a result, we have retained the services of an independent 3rd party to administer our list management and remove list. This is not SPAM. [/snip] So remember kids... As long as you tell your victim that the completely unsolicited, not to mention wholly off-topic, commercial email is not SPAM, and make up some song and dance about how you've gone to great lengths to get some kid in the basement of the science building to set up the Majordomo on his Linux box, then it's not SPAM. Right... - Original Message - From: "Chuck Larrieu" To: Sent: Thursday, July 26, 2001 8:37 PM Subject: RE: 1,000 Commission Per Sale! 10215 [7:13920] > screw the CCIE - this one offers higher pay, and sampling the product is a > hell of a lot more fun! It's tempting Chuck... Very tempting... Alan~ CCIE # [Recently dispatched from the San Jose lab... ;) ] [ to be replaced soon... Hopefully...] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=13924&t=13924 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem with home network [7:6922]
Paul and Steve, Don't be deceived... There is absolutely a technical answer for this. As we were discussing in another thread, a Hub does not have the ability to support full-duplex connectivity. For full-duplex, you absolutely need a switch. One of your devices (maybe both of them) was attempting to communicate in full-duplex. The result was that it was likely transmitting while another station had the medium (A shared medium, in a hub). This produced a collision. When you replaced the hub with a switch, the problem went away. Paul, to verify that there is nothing wrong with either of your ethernet cards, or with the hub you've just replaced, connect two stations that have been manually configured for half-duplex, and do some pinging or file transferring. Make certain that both stations are set for half-duplex. Do not trust 'auto-negotiation.' It's a nice idea, but in practice, it simply cannot be relied upon. Best of luck, Alan - Original Message - From: "Stephen Skinner" To: Sent: Monday, June 04, 2001 11:39 AM Subject: Re: Problem with home network [7:6922] > paul, > > you may just have been looking at a faulty hub.i`ve seen some strange > things with hubs.like being able to ping your gateawy but not bieng > able to ping yourself(not loopback).here`s a good test.plug the hub back > in with everything live...5 `ll get ya 10 it works fine...(don`t switch > anything off..just plug the hub into the mains and then move the network > cables)i recon it will work fine > > there is really no technical (DONT SHOOT,list) answer for this..it`s not a > bug in the hub/ethernet protocol or anything it just happens... > Windows crahses.hubs don`t like changes (bieng switched on or off) > > steve > > >From: "Paul Borghese" > >Reply-To: "Paul Borghese" > >To: [EMAIL PROTECTED] > >Subject: Re: Problem with home network [7:6922] > >Date: Mon, 4 Jun 2001 09:17:16 -0400 > > > >Ok, I changed the HUP with a 10/100 MB switch. That fixed the problem. > >Why? I have no idea. It is quite puzzling how a hub would affect the > >connection one hop away. > > > >I am wondering if it is a combination of the hub/ethernet card/ and > >software > >problem (as described in another response). This started when I upgraded > >the kernel to the latest version. > > > >Anyway changing the hub fixed the problem. I just bugs the heck out of me. > > > >Take care, > > > >Paul Borghese > > > >W. Alan Robertson wrote: > > > > > > Paul, > > > > > > If the ethernet driver was setting the card up for 100Mbps, and > > > you > > > were using a 10Mbps Hub, then you'd likely get no connectivity > > > at all, > > > rather than partial connectivity with a high percentage of > > > packet > > > loss. > > > > > > I'd be inclined to look into the duplex settings, as Daniel > > > mentioned. > > > A hub, even a so-called "dual-speed" hub, doesn't have the > > > capability > > > of providing for full duplex operation. When you cable the two > > > machine together directly, they can communicate in full-duplex, > > > which > > > is most likely the reason the problem goes away when not using > > > the > > > hub. Manually configure both the Linux box, and the PC, for > > > half-duplex operation, and your problem should go away. > > > > > > Alan > __ ___ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=7220&t=6922 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem with home network [7:6922]
Paul, If the ethernet driver was setting the card up for 100Mbps, and you were using a 10Mbps Hub, then you'd likely get no connectivity at all, rather than partial connectivity with a high percentage of packet loss. I'd be inclined to look into the duplex settings, as Daniel mentioned. A hub, even a so-called "dual-speed" hub, doesn't have the capability of providing for full duplex operation. When you cable the two machine together directly, they can communicate in full-duplex, which is most likely the reason the problem goes away when not using the hub. Manually configure both the Linux box, and the PC, for half-duplex operation, and your problem should go away. Alan - Original Message - From: "Paul Borghese" To: Sent: Saturday, June 02, 2001 9:55 PM Subject: RE: Problem with home network [7:6922] > Yea, I have a theory. It has to do with the Linux box, defaulting to > 100MB. Let's suppose the Linux box and PC are both running at 100 MB/sec > but the hub is only 10 MB/sec. Maybe the timing is such that it will not > work past one hop. > > When I recompiled the kernel, maybe the new kernel release changed how the > modules works on the Ethernet card, causing it to not detect 10 MB/sec > connections and to default to 100 MB/sec. > > I will do a diff on the code. > > > Who knows? > > Paul > > Daniel Cotts wrote: > > > > Since you touched the Linux box it would be the first suspect. > > Can you verify that there was no configuration change? - even > > by accident? > > If there was a change, can you roll it back to original? > > Are there other computers or printers connected to the hub? > > Is the hub single speed or dual speed? (10/100) > > (Thinking about speed/duplex mismatches.) > > How does the Linux box configure the default route? Does it > > point to its own > > E0 interface or to the remote GW? (Thinking about filling its > > ARP cache) > > > > > -Original Message- > > > From: Paul Borghese [mailto:[EMAIL PROTECTED]] > > > Sent: Saturday, June 02, 2001 7:42 PM > > > To: [EMAIL PROTECTED] > > > Subject: Problem with home network [7:6922] > > > > > > > > > I have a cable modem connected to a linux box that is > > > performing NAT from my > > > invalid home network of 172.16.1.0/24 to my valid IP address > > > 209.160.20.67. > > > The 172.16.1.0 network is going into a small inexpensive hub. > > > This setup > > > has worked for about a year. > > > > > > A few days ago, I needed to do some things on the linux box. > > > When I hooked > > > everything back up my internet access was horrid. Found the > > > following: > > > > > > If I ping from 172.16.1.98 (my PC) to the following addresses: > > > > > > 172.16.1.1 (PC's Default GW, E1 interface on Linux box) > > > 0% Packet Loss > > > 209.160.20.67 (E0 Linux IP address and address PC is being > > > NATed to) 0% > > > Packet loss > > > 209.160.20.1 (GW of Linux Box) > > > 70% Packet Loss > > > > > > If I ping from the Linux box I see no packet loss to > > 172.16.1.98 or > > > 209.160.20.1. So I can now deduce the connection between the > > > Linux box and > > > the default GW is clean. > > > > > > But something is occuring with the NAT translations that > > > causes 70% packet > > > loss through the box. > > > > > > > > > Ok, so here is the puzzling thing. If I remove the hub and > > > use a crossover > > > cable between the PC and Linux box the address which is > > problamatic > > > 209.168.20.1 receives no packet loss when pinging from the PC > > > - hence fixing > > > the problem. > > > > > > So in other words, removing the hub on the 172.16.1.0 network > > > fixes the > > > connection at 209.168.20.1 ?!? > > > > > > Any ideas? > > > > > > > > > Paul Borghese > > > Report misconduct > > > and Nondisclosure violations to [EMAIL PROTECTED] [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6981&t=6922 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Repost: GIADDR and Secondary Interface problems - help [7:6848]
So did it work? I've been waiting all day to hear... :) Alan~ - Original Message - From: "Kenneth" To: Sent: Friday, June 01, 2001 7:38 AM Subject: Re: Repost: GIADDR and Secondary Interface problems - help [7:6741] > Thanks Alan. > > Yeah, we do have a maintenance window for this so rebooting is not really a > problem except I'm targeting 104 weeks of uptime!!! :-) Guess that'll have > to wait another 104 weeks > > I'll give the 1st 2 ideas a try first and hopefully that fixes their > problem. > > Thanks for the help, you guys have been great!!! > > Kenneth > > > ""W. Alan Robertson"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Kenneth, > > > > It sounds to me like a bug... Have you checked the Cisco bug > > database? > > > > Short of that, here's what I'd do: > > > > First, remove the ip helper-address from the interface, and then add > > it again... See what happpens. It's possible that the ip > > helper-address function checks the interfaces primary IP address when > > the command is added, but has no mechanism to check it again after > > being initialized. > > > > If that doesn't work, I'd remove it again, shut down the interface, > > bring the interface back up, and then add the help address again. > > > > As a last resort, reloading the router should clear the problem, but I > > understand your reluctance to do so... 100% uptime is a noble > > pursuit, but there's no avoiding maintenance. I don't suppose you > > have a maintenance window, do you? > > > > Hope this helps... > > > > Alan > > > > - Original Message - > > From: "Kenneth" > > To: > > Sent: Thursday, May 31, 2001 9:10 PM > > Subject: Repost: GIADDR and Secondary Interface problems - help > > [7:6695] > > > > > > > Hi, guys. It's been a while since I've posted something here but I'm > > pretty > > > stumped with this problem somehow. Anyway, here's my problem: > > > > > > Remote office subnet: 192.168.5.0 255.255.255.0 > > > Plan to change subnet into 192.168.19.0 255.255.255.0 > > > Router relaying dhcp requests to 192.168.1.11 (DHCP Server in > > Central site) > > > Current fa0/0 interface on LAN: 192.168.5.1 255.255.255.0 > > > > > > I recently configured the interface to have > > > 192.168.19.1 as its primary address > > > 192.168.5.1 as its secondary address > > > > > > On the DHCP Server, I've deleted the 192.168.5.0 scope and activated > > the > > > 192.168.19.0 scope > > > > > > The reason I have 2 ip addresses on the FastEthernet interface of > > the router > > > is to allow people who haven't rebooted their computer to still be > > able to > > > access email and services at the central site and print to their > > local LAN > > > LPR printers... > > > > > > The problem I'm having is that once the computers have rebooted, and > > I did a > > > debug ip dhcp server events, packets, linkage, I keep seeing the > > router > > > still setting the GIADDR of the request as 192.168.5.1 ... since > > it's > > > forwarding this information, the DHCP server on the central site > > wasn't > > > responding because of the non-existence of the 192.168.5.0 scope > > > > > > Reading Cisco's documentation, I thought the router uses the primary > > ip > > > address of the interface as its GIADDR? > > > > > > I have read something about ip dhcp smart-relay but I doubt it > > applies to > > > this problem... > > > > > > BTW, this is the way that it should be done and I know a lot of > > people hate > > > the "secondary" ip address but I'm really trying to make this change > > as > > > transparent to the users as possible! > > > > > > Thanks guys! > > > > > > Kenneth > > [EMAIL PROTECTED] [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6848&t=6848 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: another OT: why you UNIX guys look down on we NT guys? [7:6714]
Maybe the trainer wasn't qualified to teach mouse operations, as the topic wasn't spoon fed to him in the course notes... Alan (Sinister laugh, BOFH style...) - Original Message - > This is becoming one of those why do NT guys look down on Unix guys > thing. I once seen a Unix admin attend a NT course and was rejected by > the trainer on the first day because he doesn't know how to use a mouse, and > the trainer insisted that he is not going to train someone how to use the > mouse on a Admin course. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6714&t=6714 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Repost: GIADDR and Secondary Interface problems - help [7:6709]
Kenneth, It sounds to me like a bug... Have you checked the Cisco bug database? Short of that, here's what I'd do: First, remove the ip helper-address from the interface, and then add it again... See what happpens. It's possible that the ip helper-address function checks the interfaces primary IP address when the command is added, but has no mechanism to check it again after being initialized. If that doesn't work, I'd remove it again, shut down the interface, bring the interface back up, and then add the help address again. As a last resort, reloading the router should clear the problem, but I understand your reluctance to do so... 100% uptime is a noble pursuit, but there's no avoiding maintenance. I don't suppose you have a maintenance window, do you? Hope this helps... Alan - Original Message - From: "Kenneth" To: Sent: Thursday, May 31, 2001 9:10 PM Subject: Repost: GIADDR and Secondary Interface problems - help [7:6695] > Hi, guys. It's been a while since I've posted something here but I'm pretty > stumped with this problem somehow. Anyway, here's my problem: > > Remote office subnet: 192.168.5.0 255.255.255.0 > Plan to change subnet into 192.168.19.0 255.255.255.0 > Router relaying dhcp requests to 192.168.1.11 (DHCP Server in Central site) > Current fa0/0 interface on LAN: 192.168.5.1 255.255.255.0 > > I recently configured the interface to have > 192.168.19.1 as its primary address > 192.168.5.1 as its secondary address > > On the DHCP Server, I've deleted the 192.168.5.0 scope and activated the > 192.168.19.0 scope > > The reason I have 2 ip addresses on the FastEthernet interface of the router > is to allow people who haven't rebooted their computer to still be able to > access email and services at the central site and print to their local LAN > LPR printers... > > The problem I'm having is that once the computers have rebooted, and I did a > debug ip dhcp server events, packets, linkage, I keep seeing the router > still setting the GIADDR of the request as 192.168.5.1 ... since it's > forwarding this information, the DHCP server on the central site wasn't > responding because of the non-existence of the 192.168.5.0 scope > > Reading Cisco's documentation, I thought the router uses the primary ip > address of the interface as its GIADDR? > > I have read something about ip dhcp smart-relay but I doubt it applies to > this problem... > > BTW, this is the way that it should be done and I know a lot of people hate > the "secondary" ip address but I'm really trying to make this change as > transparent to the users as possible! > > Thanks guys! > > Kenneth [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6709&t=6709 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Newbie Question - Pinging hosts [7:6677]
Well, if RouterA can ping the ethernet interface of RouterC, then it will also be able to ping any workstation on that ethernet segment provided that the workstation has a correctly assigned IP address, and default gateway (Should be set for RouterC's ethernet IP address). If RouterA cannot ping RouterC's ethernet Interface, then you need to get the appropriate routing information into A, and B. This can be accomplished either through the use of static routes on each, or by the use of a routing protocol on each. Good luck... Alan - Original Message - From: "Cisco Boy" To: Sent: Thursday, May 31, 2001 6:46 PM Subject: Newbie Question - Pinging hosts [7:6677] > Here's a newbie question for you all. > > I have 3 routers that are connected to each other side > by side as such and each router is able to ping each > other's interfaces okay. > > A -> B -> C---2924 Switch > > I've added a 2924 switch and connected it to an > Ethernet interface on Router C. If I plug in a > workstation on one of the ports on the switch, what > other configuration do I need in order for my Router A > to ping the workstation? > > __ > Do You Yahoo!? > Get personalized email addresses from Yahoo! Mail - only $35 > a year! http://personal.mail.yahoo.com/ [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6688&t=6677 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Wanna Be a CCIE? Try This One [7:6076]
> I am not very sure but I believe OSPF will prefer > Intra-Area routes despite having an alternate path >that seemingly has a lower cost. Please correct me if I am > wrong. Could this be an administrative distance thing? Kevin, just for clarification, what you are describing has nothing to do with administrative distance. Administrative distance is about comparing the relative "trustworthyness" of routes learned via different routing protocols. Your dilema relates to the route selection criteria wholly within OSPF, and you're right... OSPF prefers Intra-area routes to Inter-area routes, regardless of cost. Cost is used when "all else is equal" in the previous steps of the route selection process, and the real bottom line is that cost becomes signifgant only when talking about routes within a single area. > As much as I would have liked to come up with an ingenius > solution, I was not able to. I have since changed Area 1 into > Area 0. It works fine now but I have this nagging feeling that > something more constructive could have been done. The > solution I adopted seems more like a cheap work around. But > I guess it works and that matters more. Don't feel too bad... You have acheived your goal. There's always going to be a "sexier" solution, and if you haven't noticed, put together in a room (or a mailing list), quality engineers will often disagree on matters of implementation. > By the way, the network is much bigger than what I have illustrated. It > consist of around 40 routers spanning over 16 countries. Its a private IP > network that runs on MPLS to provide VPN's. My next project would be to > implement traffic engineering. See, everybody... Bigger network than was initially described... BGP FOREVER!! ;) Alan (Doing the dance... Feeling the flow...) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6621&t=6076 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: SNMP and password recovery?? [7:5852]
This all seems like a lot of work... Since you have the RW password, why not use SNMP to upload a config file consisting of only: enable secret [password] or enable password [password] Alan - Original Message - From: "Chris Rock" To: Sent: Wednesday, May 30, 2001 8:21 PM Subject: RE: SNMP and password recovery?? [7:5852] > Would it also be possible to use SNMP to copy the config from the router to > the TFTP server, remove the service password encryption command from the > config, and replace those encrypted password statements with new ones that > aren't encrypted? Once the new config has been re-installed on the router, > then key in the service password encrypt command to scramble them. > > Would this work as well? > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6544&t=5852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: elementary? [7:6359]
Chuck, It's pretty much an issue of semantics... Another station could send to you, but the frame would be buffered by the switch until the current frame had finished sending. It would be transmitted to you afterward. Also, to confirm Peter's statement that he's never seen a full-duplex hub... Such an animal does not/can not exist. This is one of the key differences between hubs and switches. A hub, by it's very nature, cannot provide full-duplex operation. It has no means of bufferring frames, nor of providing segmentation on a per node basis. A hub is layer 1 device, and the network is provides is a shared medium. Vijay, chances are that if it has a 1Gbps uplink, it is a switch, and depending on the number of connected 100Mbps stations, and your network traffic patterns, you very well might be able to saturate the uplink connection, because a switch allows for multiple simultaneous conversations. Under the right conditions, you could fill up virtually any pipe, but unless your traffic demands are really outlandish, you probably won't. If you do, you should examine the reasons, and revise the design of your network accordingly. Alan - Original Message - From: "Chuck Larrieu" To: Sent: Wednesday, May 30, 2001 11:14 AM Subject: RE: elementary? [7:6359] > Hhh... Not so sure this is exactly right.. > > With full duplex, you have effectively created two "directions" --- there > and back. > > I believe it is accurate to say that only one packet can be on the wire per > direction at one time. > > I can send to you at the same time you are sending to me. But Someone else > can not send to you at the time my packet is on the wire. > > Correct me if I'm wrong. > > Chuck > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Peter I. Slow > Sent: Wednesday, May 30, 2001 7:40 AM > To: [EMAIL PROTECTED] > Subject: Re: elementary? [7:6359] > > N. > nononononono. > CSMA/CD only gets used when you are not in full duplex. (/me ducks) ( i > have NEVER seen a full-dup. hub) meaning that if i am using a switch capable > of full duplex (as most are) ..conversations, every station can transmit as > much as they want. this is what differentiates between a hub and a switch. > (but not the only thing) > you are correct in that a 100 meg HUB with a gig uplink could never fully > utilize the link, but the case is completly different with a switch. > > > > - Original Message - > From: "Vijay Ramcharan" > To: > Sent: Wednesday, May 30, 2001 9:54 AM > Subject: RE: elementary? [7:6359] > > > > Thanks everyone for their replies. As I now understand it, the 1Gb > > uplink just moves data faster than... say, a 100Mb uplink. Correct? > > Conversations between hosts on each switch still take place one at a > > time, thereby obeying Ethernet rules of one station transmitting at a > > time. Correct? > > Okay my next question. Is there any point at which this 1Gb uplink can > > become saturated, since it's only handling station to station sessions- > > one at a time. > > If a number of stations on each switch were doing large file transfers > > to each other via the uplink, would there be some point at which the > > uplink would be maxed out- in terms of bandwidth? Or is the only > > limiting factor, the workstations inability to pump data out fast enough > > to max out the uplink when they're only running 100Mb? > > > > I'm thinking that it's really not possible to max out a 1Gb uplink when > > stations are only running 100Mb. If this is correct then I lay this > > question to rest. > > > > Thanks. > > > > Vijay Ramcharan > > > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > > Vijay Ramcharan > > Sent: Wednesday, May 30, 2001 12:06 AM > > To: [EMAIL PROTECTED] > > Subject: elementary? [7:6359] > > > > > > Forgive me if this sounds a little bit basic but this is what happens > > when you rush into things without understanding the fundamentals. > > Suppose a 24 port 100Mbit switch called A is uplinked to another 24 port > > 100Mb switch called B via a 1Gb connnection. Suppose hosts D through N > > are on switch A and hosts M through X are on Switch B. Would > > conversations between the hosts from Switch A to Switch B occur one at a > > time or are multiple conversations multiplexed over the 1Gb uplink? > > > > I'm just trying to find out if and how that 1Gb uplink is used up. > > Thanks in advance. I'd put TIA but I hate those little acronyms. No > > flames please. > > > > Vijay Ramcharan > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list
Re: booting from the rommon command prompt [7:6447]
I'm sure that someone will correct me if I'm wrong, but I believe the router is computing a checksum to be verified against the image. In short, it's ensuring that the image file is complete, and uncorrupted, before it attempts to uncompress and load it. Alan - Original Message - From: "Lists Wizard" To: Sent: Wednesday, May 30, 2001 11:10 AM Subject: booting from the rommon command prompt [7:6447] > Hello, > > I have a router that gives me a series of Cs at boot time before it starts > decompressing the image. What the router is doing before decompressing > the IOS image? > > > Thanks > > > rommon 3 > boot slot0:gsr-p-mz.120-16.ST.bin > CC CC > > CC CC > > CC CC > > CC CC > > CCC > Self decompressing the image : > # > ## ## > > ## ## > > ## ## > > ## ## > > ## ## > > ## ## > > ## ## > > ## ## > > ## ## > > ## ## > > ## ## > > ## ## > > ## ## > > # [OK] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6461&t=6447 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: can we "ping" via MAC address? [7:6387]
I hate following up my own posts, but I went to one of my Linux boxes to see if there was a 'rarp' command. It turns out there is, and it works just like the arp command I listed below. The only problem was that I don't have rarp support compiled into my kernel, so I couldn't use it. The drawback to each of these commands, however, is that they don't perform an arp or rarp queries. They simply offer a means of displaying, or clearing, the entries in the arp or rarp tables. It doesn't really matter though... Like I said before, the quickest way to get the machine to initiate a query is to simply ping something. If the entry doesn't already exist in the cache, it will perform the query without intervention. [Side note: Ever notice that when you ping something from a Cisco, like a device on a connected ethernet segment, that the first ping typically fails, but the remaining 4 pings work fine, and subsequent pings work 5/5? That's arp in action.] Alan ----- Original Message - From: "W. Alan Robertson" To: Sent: Wednesday, May 30, 2001 9:36 AM Subject: Re: can we "ping" via MAC address? [7:6387] > That's really close, but I don't know of an application that allows > you to arbitrarily RARP... There is a way you can display the MAC to > IP mappings that works from either Windows or Unix machines, though > the syntax may differ slightly for each, depending on flavor. > > From a DOS prompt, or a Unix shell, type: > > arp -a > > This will list all of the MAC addresses and their corresponding IP > addresses that are in the system's cache. Sometimes it's helpful to > ping the segment's IP broadcast address prior, because arp entries > time out. Pinging the broadcast address should cause a flurry of arp > action on the segment, and should populate the arp cache. Remember, > you must do this from a machine on the same segment/subnet. Arp is > locally signifigant. You cannot arp for a device on a different IP > subnet. > > Hope this helps, > > Alan > > - Original Message - > From: "Dyson Kuben" > To: > Sent: Wednesday, May 30, 2001 6:44 AM > Subject: RE: can we "ping" via MAC address? [7:6387] > > > > You won't be able to ping a MAC-Address, but if you only want to > find an IP > > associated with the MAC, try using RARP! (Reverse ARP) > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6433&t=6387 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: can we "ping" via MAC address? [7:6387]
That's really close, but I don't know of an application that allows you to arbitrarily RARP... There is a way you can display the MAC to IP mappings that works from either Windows or Unix machines, though the syntax may differ slightly for each, depending on flavor. >From a DOS prompt, or a Unix shell, type: arp -a This will list all of the MAC addresses and their corresponding IP addresses that are in the system's cache. Sometimes it's helpful to ping the segment's IP broadcast address prior, because arp entries time out. Pinging the broadcast address should cause a flurry of arp action on the segment, and should populate the arp cache. Remember, you must do this from a machine on the same segment/subnet. Arp is locally signifigant. You cannot arp for a device on a different IP subnet. Hope this helps, Alan - Original Message - From: "Dyson Kuben" To: Sent: Wednesday, May 30, 2001 6:44 AM Subject: RE: can we "ping" via MAC address? [7:6387] > You won't be able to ping a MAC-Address, but if you only want to find an IP > associated with the MAC, try using RARP! (Reverse ARP) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6422&t=6387 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: another OT: why you UNIX guys look down on we [7:6358]
Phil, Welcome to the fold... At the risk of prolonging an off topic thread that had probably gone on too long already, let me just say, a Fortune 500 company that pays 2-3 times market value for skillsets that are in abundance will probably not occupy a spot in the Fortune 500 for long. When I estimate 2-3 times market value, I am not referring to the NT skillset either. A veteran project manager can reasonably expect to make $120-$150k/yr. There are bound to be exceptions, but I doubt highly that anyone making above that range would bother bragging to a Cisco list about it, particularly touting himself as an NT expert, where the high end of the range is probably $80-$100k/yr. Further, an hourly billing rate of $150/hr translates north of $300k/yr ($312k, to be precise). Finally, an answer to the original question, why Unix guys look down on NT guys... My personal grudge against Microsoft is multifaceted... For starters, I'm not fond of Microsoft's business practices. Their efforts to stifle innovation, to the point of destroying other companies that actually did manage true innovation, are legendary, and well documented. As a proponent of the free-market, and a firm believer that competition in the marketplace benefits the consumer, how can I possibly be pro-Microsoft? I am also not pleased about the fact that the average Windows user has absolutely no idea how these wonderful machines work, and I lump NT Administrators in with that group (Average Windows Users). The term "IT Professional" implies a certain degree of expertise, or it used to. The teeming masses of know-nothing NT system administrators have forever tainted that category of skilled labor. Compare an NT systems administrator's depth of knowledge to that of a Unix systems administrator. There is very little to compare. In addition to knowing how to maintain his boxen, the Unix guy typically knows how to program, and I don't mean Visual Basic... I mean C, C++, and countless methods of shell scripting for automation. A Unix guy knows about system security... He does not run non-essential system services, because he understands that each active process on his machine represents a possible security vulnerability. As a result, he turns those services off. Ever run a system sweep against the average NT box? My god, who knew that there were corresponding services for all of those TCP port numbers? Run the same scan against the average Unix box... Chances are, it'll be far more mundane, with maybe a dozen services in use. An NT Administrator wears a tie... A Unix sysadmin wears a T-shirt, and occasionally it may even be clean. The Unix guy knows that he is indispensable to the organization, because he is capable of performing acts of deep wizardry. The NT guy hopes to make a good impression, because he knows that kids are getting out of High School with their MCSE, and he knows damn well he can be replaced. An NT Administrator sees that his shiny new Win2K box has an OSPF service, whatever that is, and he turns it on. A Unix sysadmin knows bloody well what OSPF does, and he turns it on, so that he can redirect network traffic through his desktop machine, perform some traffic shaping, and hog all of the network bandwidth for Napster and Porn downloads (Ok, maybe that's just me, but would an NT guy have thought of a way to do that?) While I could go on endlessly, further alienating NT Admins everywhere, I choose instead to close with this one salient point... A Unix guy not only knows what a FAQ is, but he generally makes an effort to find it, and once found, he typically reads it. When the time comes, he sends an email to majordomo, with a body of "unsubscribe cisco". Can the same be said of your average NT guy? I think not... Alan [To all of the genuinely useful NT folk out there, please accept my not so humble apology...] cc: alt.flame replys: /dev/null - Original Message - From: "Circusnuts" To: Sent: Tuesday, May 29, 2001 10:46 PM Subject: Re: another OT: why you UNIX guys look down on we NT guys? [7:6344] > Because Unix is all a cult !!! The only thing worse than Unix guys, are > SNA/ Main Frame dudes (with their VTAM's, FEP's, & Lu Lu Sessions :o) > > Pray for me- I start Unix classes Friday :-P > > Phil > > - Original Message - > From: Jim Bond > To: > Sent: Tuesday, May 29, 2001 10:14 PM > Subject: Re: another OT: why you UNIX guys look down on we NT guys? [7:6335] > > > > Oh yeah?! I'm win2000 roll out project manager for a > > fortune 500 company. I make $150 per hour. Hope you > > can figure out, SMART Unix guy. > > > > And Chuck, no problem. I just don't like some people > > (like SMART Russ) knows a little than others then show > > off that much. > > > > > > > > --- Russ Kreigh wrote: > > > We look down upon you because you have to brag about > > > how much you make. > > > > > > > > > - Original Message - > > > From: "Jim Bond" > > > To: > > > Sent: Tuesday, May 29,
OT: WINS Configuration (Was: Re: Questions about vlan?) [7:6347]
While I could tell you, I think I'll defer to our resident $240k/yr NT expert... Alan (Still laughing...) - Original Message - From: "Derric" To: Sent: Tuesday, May 29, 2001 10:28 PM Subject: Re: Questions about vlan? [7:6329] > then how to configure the wins server? > thanx a lot. > > Derric Gu > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6347&t=6347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Questions about vlan? [7:6329]
The use of VLANs erects barriers to contain "broadcast domains." As a result, you need an external mechanism for cross-subnet browsing for the Network Neighborhood. Most people find it useful to utilize a WINS server. When a node is configured to use WINS, it registers it's name an IP address on startup. It also uses the WINS server database for resolving the names and addresses of other nodes throughout the network. When properly configured, the WINS servers acts as a "browse master," and populates the contents of your "Network Neighborhood" icon/folder/directory. You can then use it just like you normally would. Alan - Original Message - From: "Derric" To: Sent: Tuesday, May 29, 2001 9:28 PM Subject: Questions about vlan? [7:6329] > How can i find the users of other vlans in the "network neighbours"? > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6336&t=6329 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Wanna Be a CCIE? Try This One [7:6076]
I have not yet begun to tizzy! ;) - Original Message - From: "Peter I. Slow, CCNP Voice Specialist" To: "W. Alan Robertson" ; Sent: Tuesday, May 29, 2001 2:16 PM Subject: Re: Wanna Be a CCIE? Try This One [7:6076] > ...don't get all in a tizzy, i recognize that you have a good idea. > I just don't like it =P > > /me ducks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6272&t=6076 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Wanna Be a CCIE? Try This One [7:6076]
What about the fact that OSPF will install an Intra-area route over and Inter-area route regardless of cost? :) - Original Message - From: "Hire, Ejay" To: Sent: Tuesday, May 29, 2001 12:46 PM Subject: RE: Wanna Be a CCIE? Try This One [7:6076] > Okay, based on all of the information, we can come up with a solution. > > Scenario: > 4 routers connected in a ring by various speed links > > Objectives: > Router A's traffic for Router C should be sent directly to C > Router B's traffic for Router D should be sent directly to D > Router A's Traffic for B or D should be sent to RouterB > Router B's Traffic for C or A should be sent to RouterB > OSPF should be configured in such a way as to allow the network to maintain > reachability in the event of any single link failure. > Do as little configuration as possible > > Scenario Solution: > See Drawing 1 > http://www.miscenterprises.com/schwantz.gif > Meets all of the requirements except for the "Do as little work as possible" > because you have to manually configure the cost of every link... > Anyway, you give the FastEthernet Link a low cost, and give the San > Jose-NewYork link a high cost, but not so high that it causes traffic from D > to C to go D-B-A-C. > > If I missed any of the objectives, let me know and I'll wiggle the numbers > around to make it work. > > -Ejay > > > > -Original Message- > From: Kevin Schwantz [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, May 29, 2001 11:38 AM > To: [EMAIL PROTECTED] > Subject: Re: Wanna Be a CCIE? Try This One [7:6076] > > > Thanks for the recommendations. Firstly, let me explain why I need the > routing to behave in such a way. The reasons are purely geographical and I > want to reduce latency. Routers A and B are in London and connected back to > back via FastEth. Routers C and D are in and SanJose and NewYork > respectively(Connected to both London routers via FR). > I certaintly won't want traffic originating from RouterA ( London ) destined > for RouterD (NewYork) to have to go to SanJose first. It would be much > better if the hop is A-B-D instead of A-C-D. > > Schwantz > > ""EA Louie"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > ... or route-map the router D network(s) to go through Router B at Router > A > > > > > > - Original Message - > > From: "Chris Larson" > > To: > > Sent: Tuesday, May 29, 2001 7:24 AM > > Subject: RE: Wanna Be a CCIE? Try This One [7:6076] > > > > > > > Place a summary route to null 0 for the networks on Router D on your > OSPF > > > routers and set the metrics appropriately for the summary route > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > > Kevin Schwantz > > > Sent: Tuesday, May 29, 2001 10:03 AM > > > To: [EMAIL PROTECTED] > > > Subject: Re: Wanna Be a CCIE? Try This One [7:6076] > > > > > > > > > routerArouterB > > > AREA0AREA0 > > > || > > > routerC routerD > > > AREA1-AREA1 > > > > > > > > > Since we are on the topic of OSPF, could someone help me out on the > > scenario > > > above? > > > > > > Routers A and B have interfaces in Area 0 and Area1. I want traffic > from > > > routerA destined for routerD to go via router B. This is not the case in > > my > > > network because I realise that routerA prefers Intra-Area routes and > thus > > > would route traffic to routerD via routerC. > > > What tweaks must I make in order to force the traffic from routerA to > > > routerD to go via routerB ? Someone suggested building a GRE tunnel > > between > > > routerA and routerB and then configure the tunnel to be in AREA1. > > > > > > Any suggestions? > > > > > > Kevin > > > > > > > > > ""W. Alan Robertson"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Guys, > > > > > > > > The actual traffic will not be routed up to area 0... Area 0 has been > > > > extended > > > > down to R2, so R2 is now a backbone router. R2 has interfaces in 3 > > areas > > > > now: > > > > Area1, Area2, and Area0 by means of it's virtual link. > > > &g
Re: Wanna Be a CCIE? Try This One [7:6076]
Peter, OSPF has a distance of 110, and yes, iBGP has a distance of 200. By having seperate routing domains for North America and Europe, he could use eBGP (Distance - 20) between his two networks. Distance wouldn't really do anything in this case, though, because European routes would not be learned via OSPF (Remember, we have theoretically split OSPF into two seperate routing domains, never the two shall meet). Instead, eBGP would be bridging the gap between the two OSPF networks. This would afford the opportunity to really take control of what routes were advertised between the two, and excercise strict control of the routing metrics, manipulating them in such a way as to ensure that the best path across the pond were utilized under all normal circumstances, but providing the redundant "less preferred" path in the event of some kind of outage. Can the same be accomplished via OSPF? Yes, but because we're dealing with Intra-area, and Inter-area routes, it may be more complex than by simply manipulating the link costs. Remember that OSPF chooses an Intra-area route with a Cost of 4,000,000 over an Inter-area route with a cost of 100. That's just one of the quirks of the protocol. As for "Why would you want to break up an AS that small into two seperate private ASes?", it's called thinking outside the box. We tend to think that a small network could not be better served by applying the same principles that we might use for a larger environment. Why is that? Instead of letting the number of devices determine the right solution (Or more properly, a good solution), let's form a solution based on the specific requirements. A network with a small number of devices, but consisting of multiple sites, and redundant links, presents a unique challenge. Forget the number of devices, and look at both the physical topology, and the problem that needs solving. BGPs powerful policy routing tools make it a good fit for this environment, when viewed from a requirements perspective. It's not the only solution, but it is a valid solution, and in my opinion, it's a good solution. Alan - Original Message ----- From: "Peter I. Slow, CCNP Voice Specialist" To: "W. Alan Robertson" ; Sent: Tuesday, May 29, 2001 1:02 PM Subject: Re: Wanna Be a CCIE? Try This One [7:6076] > Absolutely, but he has traffic going from one router to another, it's not > ever exiting the system. > ...why would you want to break up an AS that small into two seperate private > ASes? > besides... the OSPF routes are going to take precedence, not that the admin > dist. cant be changed, but ospf is 120, and BGP int routes are 200 > (right?) > > - Original Message - > From: "W. Alan Robertson" > To: "Peter I. Slow, CCNP Voice Specialist" ; > > Sent: Tuesday, May 29, 2001 12:42 PM > Subject: Re: Wanna Be a CCIE? Try This One [7:6076] > > > > Peter, > > > > With all due respect, he doesn't have an IGP problem... He has a > > routing problem, and would like the ability to influence the flow of > > traffic under certain circumstances to provide for better network > > performance. > > > > After hearing a better explanation of the real issue, path selection > > for an International site, the use of BGP might go a long way toward > > solving the issue. > > > > He could very simply address his issues by breaking his OSPF into two > > seperate routing domains, and utilizing BGP as a means of > > interconnecting them. He could manipulate the traffic through the use > > of something as simple as AS-path prepending, or the other mechanisms > > Chuck mentioned (local preference, weight, or meds). > > > > Routing protocols are but tools, a simple means to an end. Like all > > tools, each has it's strengths and weaknesses. Most important is that > > you select the right one for a given situation. In the absence of > > more information, the use of BGP sounds like a pretty good solution to > > the given problem. > > > > Alan > > > > - Original Message - > > From: "Peter I. Slow, CCNP Voice Specialist" > > To: > > Sent: Tuesday, May 29, 2001 11:29 AM > > Subject: Re: Wanna Be a CCIE? Try This One [7:6076] > > > > > > > next time you recomend using bgp to fix an IGP problem, im going > > to.., well, > > > uh, just dont do it again. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6261&t=6076 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Wanna Be a CCIE? Try This One [7:6076]
Peter, With all due respect, he doesn't have an IGP problem... He has a routing problem, and would like the ability to influence the flow of traffic under certain circumstances to provide for better network performance. After hearing a better explanation of the real issue, path selection for an International site, the use of BGP might go a long way toward solving the issue. He could very simply address his issues by breaking his OSPF into two seperate routing domains, and utilizing BGP as a means of interconnecting them. He could manipulate the traffic through the use of something as simple as AS-path prepending, or the other mechanisms Chuck mentioned (local preference, weight, or meds). Routing protocols are but tools, a simple means to an end. Like all tools, each has it's strengths and weaknesses. Most important is that you select the right one for a given situation. In the absence of more information, the use of BGP sounds like a pretty good solution to the given problem. Alan - Original Message - From: "Peter I. Slow, CCNP Voice Specialist" To: Sent: Tuesday, May 29, 2001 11:29 AM Subject: Re: Wanna Be a CCIE? Try This One [7:6076] > next time you recomend using bgp to fix an IGP problem, im going to.., well, > uh, just dont do it again. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6250&t=6076 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is it really worth it? "CCIE" [7:5725]
As a consultant, you'd better believe it's important, and becoming moreso all the time. Here's an example. A couple of weeks ago, a buddy of mine (who is a CCIE) and I were at our office. Our sales guy got a call about a problem at a bank, and he called me into the office so I could get some information about the problem. Token Ring environment, with some DLSW. After I'd gotten as much as I could over the phone, they asked how quickly I could be at the site. We told them about a half hour... They asked specifically for a CCIE. My buddy got the call. Fortunately, I went along too, as I wasn't doing anything important at the time. It's good thing I did too, because in a previous life, I had a ton of Token Ring experience, and my co-worker had virtually none. As it turned out, I was the one that did most of the talking while on site, and I was the one that gave them the troubleshooting strategy that ended up getting the problem identified, and ultimately solved. Did they ask which of us had more experience? (I have 8+ years of Cisco, my friend has about 4.) No, they didn't ask that. Did they ask which of us had experience relevant to their specific environment? (I have a great deal of Token Ring, and alot of production DLSW; my friend has virtually no Token Ring experience, and only enough DLSW to have passed the lab) No, they didn't ask that. They asked if I was a CCIE. No, I'm not yet a CCIE. My co-worker is though, and they wanted him to come solve their problem. This is the unfortunate reality of the marketplace. The certification talks, and the experience is being overlooked. I only decided to get my CCIE about a year ago, because I saw this kind of thing starting to happen more frequently. Because of the waiting list for the lab, I haven't yet had a chance to take it. Had I begun a year earlier, I'd probably have had a chance to take it 2 or 3 times by now. I don't view the CCIE as some sort of life changing event in my life... I'm getting it out of self-defense. If I am being compared to another candidate, I want to be certain that the number of years, and the diversity of my experience, are factored into the comparison. Right now, if the other candidate is a CCIE, I can't be sure that my resume will even be read. My pursuit of the CCIE is motivated by the need to be taken seriously. When the number of CCIEs was very low, this wasn't much of a problem. Now that it's become a little more common, I find that I'm losing my competitive edge "on paper," and that's going to change. Alan - Original Message - From: "Duncan Stuart" To: Sent: Monday, May 28, 2001 11:05 AM Subject: RE: Is it really worth it? "CCIE" [7:5725] [snip] > I believe in the contracting market it is important to combine > the experience with recognized certification. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6120&t=5725 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Wanna Be a CCIE? Try This One [7:6076]
Guys, The actual traffic will not be routed up to area 0... Area 0 has been extended down to R2, so R2 is now a backbone router. R2 has interfaces in 3 areas now: Area1, Area2, and Area0 by means of it's virtual link. Any traffic originating in Area2 destined for Area1 will be routed directly by R2. This satisfies the "Interarea traffic must traverse the backbone" rule, because R2 *is* a backbone router. This is not theory... It is fact. Alan - Original Message - From: "Andrew Larkins" To: Sent: Monday, May 28, 2001 10:13 AM Subject: RE: Wanna Be a CCIE? Try This One [7:6076] > agreedto area 0 then on to the intended area > > -Original Message- > From: Circusnuts [mailto:[EMAIL PROTECTED]] > Sent: 28 May 2001 15:50 > To: [EMAIL PROTECTED] > Subject: Re: Wanna Be a CCIE? Try This One [7:6076] > > > Chuck- my answer is Yes. The traffic from the Virtual Linked psuedo-ABR > passes back to Area 0, before it's sent onto the intended Area (even if it's > directly connected). > > Phil > > > - Original Message - > From: Chuck Larrieu > To: > Sent: Sunday, May 27, 2001 8:59 PM > Subject: Wanna Be a CCIE? Try This One [7:6076] > > > > Ever wonder what the CCIE candidates talk about on the CCIE list? > > > > The following message came through today. I thought the bright folks on > this > > list might be curious, and might want to venture an answer. > > > > Begin original question: > > > > Guys, > > > > I wonder if there is anybody who remembers the discussion on Virtual > > Links in OSPF. It was posted some time ago but I can't seem to find it. > > > > The scenario was something like this: > > ___ ___ > > |Area 0 | |Area1||Area2| > > |R0|--| R1 |--| R2 | > > |__| |_||_| > > > > There is a virtual link from area 2 to Area 0 via Area1. Traffic needs to > > get to R1 in Area 1 from R2 in Area 2. Assume that the virtual link has to > > use R1 (To create the V.Link). Does the traffic flow passed R1 (in Area 1) > > to Area 0 and then back to area 1, or does the actual flow just to R1 from > > R2. > > > > I cant remember the conclusion, and I cant seem to find it on the > archives. > > Quite interesting issues. > > > > End of original question > > > > > > Chuck > > > > One IOS to forward them all. > > One IOS to find them. > > One IOS to summarize them all > > And in the routing table bind them. > > > > -JRR Chambers- > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6117&t=6076 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Wanna Be a CCIE? Try This One [7:6076]
Chuck, Is that what set off the great "Virtual link" thread, which I might add, has become quite heated? I was just skimming the list for the past couple of days, so I didn't really catch the beginning. I'm not sure it's been resolved yet, but I know the answer to the question if that's of any interest. It's kind of a trick question... In OSPF, traffic between two non-zero areas (such as area1 and area2 in the diagram below) must traverse the backbone, area0. This is a special circumstance though, because router2 is virtually linked to area0, since it doesn't have a direct connection. The end result is that traffic between areas 1 and 2 does pass through area0, but not in the way most people think. R2 is a backbone router, by virtue of it's virtual link, so it may pass traffic between areas1 and 2 directly. This does not break any rules, and is in fact a desired behavior. Alan - Original Message - From: "Chuck Larrieu" To: Sent: Sunday, May 27, 2001 8:59 PM Subject: Wanna Be a CCIE? Try This One [7:6076] > Ever wonder what the CCIE candidates talk about on the CCIE list? > > The following message came through today. I thought the bright folks on this > list might be curious, and might want to venture an answer. > > Begin original question: > > Guys, > > I wonder if there is anybody who remembers the discussion on Virtual > Links in OSPF. It was posted some time ago but I can't seem to find it. > > The scenario was something like this: > ___ ___ > |Area 0 | |Area1||Area2| > |R0|--| R1 |--| R2 | > |__| |_||_| > > There is a virtual link from area 2 to Area 0 via Area1. Traffic needs to > get to R1 in Area 1 from R2 in Area 2. Assume that the virtual link has to > use R1 (To create the V.Link). Does the traffic flow passed R1 (in Area 1) > to Area 0 and then back to area 1, or does the actual flow just to R1 from > R2. > > I cant remember the conclusion, and I cant seem to find it on the archives. > Quite interesting issues. > > End of original question > > > Chuck > > One IOS to forward them all. > One IOS to find them. > One IOS to summarize them all > And in the routing table bind them. > > -JRR Chambers- > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6085&t=6076 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does Solaris box and microsoft PC run RIP? [7:5862]
I just wanted to follow up on this... First, Zebra is really cool. The guy responsible for it obviously is Cisco proficient, and as a result, the commands and syntax will be very familiar to us all. I've only got a couple of routers to mess with here at the house, but by utilizing Linux/Zebra, I have been able to add additional simulated routers, adding a great deal of complexity to the kind of scenarios I can investigate. Once you have a Zebra routing process up (Each protocol runs as a seperate process), you telnet into it as though it were a stripped down Cisco router. It can be reconfigured interactively, utilizing 'conf t.' Second, an answer to the "Why do you need your servers to route?" It is rarely a good idea to have servers in a production environment perform routing functions. What is useful, particularly in multi-homed servers, or single-homed servers that attach to a segment with multiple routers/exit points, is for the server itself to be able to choose the most effective/efficient path selection. By disabling the actual packet forwarding features of the box, but allowing the server to participate in the routing process, a server will be able to determine the best "first-hop" for outbound traffic, regardless of the number of interfaces it has, or the weaknesses of HSRP strategies or default gateways. In certain circumstances, this kind of functionality makes a great deal of sense. Alan - Original Message - From: "Jason Roysdon" To: Sent: Friday, May 25, 2001 4:04 AM Subject: Re: Does Solaris box and microsoft PC run RIP? [7:5862] > "GNU Zebra manages IPv4 and IPv6 routing protocols. It supports BGP-4 > protocol as described in RFC1771 (A Border Gateway Protocol 4) and BGP-4+, > RIPv1, RIPv2, RIPng, OSPFv2 and OSPFv3. GNU Zebra has a good client > interface, so the user can change configuration dynamically." > http://freshmeat.net/projects/zebra/ > > Win2K supports RIPv2 and OSPF (not sure the version). > > My question would be: Why do you need your servers to route? Do they have > multiple NICs? If not, just have your routers doing what they do best, and > if you're worried about redundancy configure default gateways on your > servers to each of the routers. > > IMHO, you're more likely to cost your company more money in the long run > trying to have servers routing than to buy a Cisco box. Especially when it > comes to support and maintenance. > > -- > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > List email: [EMAIL PROTECTED] > Homepage: http://jason.artoo.net/ > > > > ""Robert Nelson-Cox"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > >how about OSPF and IGRP and etc?? > > > > GateD will run OSPF, not sure about IGRP, GateD have a web site, but I > can't > > remember what it is (www.gated.org?). You can normally download a basic > > version, but multicast, and other features ned to be licensed, at a cost. > > > > Rob./ > > > > >-Original Message- > > >From: Robert Nelson-Cox [mailto:[EMAIL PROTECTED]] > > >Sent: Friday, May 25, 2001 2:55 PM > > >To: [EMAIL PROTECTED] > > >Subject: Re: Does Solaris box and microsoft PC run RIP? [7:5862] > > > > > > > > > > > > > >Dear all > > > > > > > >I have a router configured with RIP routing protocol "router > > > >ripnetwork > > > >50.0.0.0" then I found it discover some route from a solaris box > > > >50.100.45.3 and point some routes (as shown below) to solaris box, as > the > > > >solaris box got route to all these network. My question is " Does > > >Solaris > > > >box and microsoft PC run RIP? if yes, how to enable and configure it?" > I > > > >thought RIP can only discover the route from the router? am I wrong? > > > > > >Most unices run RIP by default. If you disable the routed process, this > > >will stop rip running. If you can't find routed, look for gated. > > > > > >NT runs RIP so i am lead to believe, how you disable it I don't know. > > > > > >Rob./ > > > > > >_ > > >Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > >FAQ, list archives, and subscription info: > > >http://www.groupstudy.com/list/cisco.html > > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > >== > > >De informatie opgenomen in dit bericht kan vertrouwelijk zijn en > > >is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht > > >onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en > > >de afzender direct te informeren door het bericht te retourneren. > > >== > > >The information contained in this message may be confidential > > >and is intended to be exclusively for the addressee. Should you > > >receive this message unintentionally, please do not use the contents > > >herein and notify the sender immediate
Re: OSPF [7:5808]
Only on interfaces which have been activated under the OSPF process, through the use of the network statements. Alan - Original Message - From: "Lupi, Guy" To: Sent: Thursday, May 24, 2001 6:32 PM Subject: OSPF [7:5808] > When a router has OSPF configured, are hello packets transmitted out all > interfaces, or only the ones that have a network statement in the > configuration? Thanks in advance. > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=5813&t=5808 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE written is outdated. [7:5756]
To be honest, I'm kind of glad that the written test includes all of the esoteric knowledge that makes it challenging. I've been waiting since January to sit for the lab exam, and I'm still 2 months away. How long would the wait be if the written exam were easier? Another advantage to having such a wide variety of topics on the written exam are for cases like mine. I've taken exactly 1 "Cisco Approved" course in my life, the ACRC course, but have over 10 years experience. Being self-taught, I am largely a product of the environments I've been exposed to. This left quite a fews gaps in my base of knowledge. I'd never worked in an Appletalk, or Novell environment. Having these topics on the exam forced me to go read enough to get a functional understanding of how these types of networks work. The likelihood of me finding myself entrenched in a Vines environment are not very good, but if for some reason it happened, at least I now have a good idea which direction to start paddling. Alan - Original Message - From: To: Sent: Thursday, May 24, 2001 4:59 PM Subject: Re: CCIE written is outdated. [7:5756] > But do I really need to know how to read a RIF? How often do you read a RIF? > I know some day you could run into a situation where you really need to know > how to read a RIF or know how to configure Apollo, Banyan VINES or XNS. I > guess I am just frustrated with the trivial parts of this test. > > Does anyone else out there feel this way about this test? > > > . - Original Message - > From: "Howard C. Berkowitz" > To: > Sent: Thursday, May 24, 2001 1:49 PM > Subject: Re: CCIE written is outdated. [7:5756] > > > > Just from a learning standpoint, I agree the lab and written should > > coincide. Perhaps a desktop/legacy specialization might be in order. > > > > But there's a finite amount that people can learn and demonstrate, > > and frankly, I'd rather see somewhat more depth in IP, and also MPLS, > > than having lots and lots of depth yet being somewhat superficial in > > the things you need to know about really big networks. Perhaps my > > design bias is showing. > > > > I do wonder about X.25. There's an old Army saying that you never > > need a pistol until you need one very, very much. I still believe > > X.25 can be an extremely useful niche protocol. > > > > > > >I agree you should know how to do that stuff but I think the written and > the > > >lab should coincide. > > >- Original Message - > > >From: "Darren Crawford" > > >To: > > >Sent: Thursday, May 24, 2001 12:04 PM > > >Subject: Re: CCIE written is outdated. [7:5756] > > > > > > > > >> Because as a CCIE you should know how to do this stuff. ;^) > > >> > > >> D. > > >> > > >> At 01:04 PM 05/24/2001 -0400, [EMAIL PROTECTED] wrote: > > >> >The following have been removed from the lab. Why haven't the been > > >removed > > >> >from the CCIE written? > > >> > > > >> >LAT, DECnet, Apollo, Banyan VINES, ISO CLNS, XNS, ATM LANE, and X.25. > > >> >Effective February 1, 2001, Appletalk will also be removed from the > lab > > >exam > > > > >content. > > > > > > > x$:0`0:$xx$:0`0:$xx$:0`0:$xx$:0`0:$x$:0`0:$xx > > >> > > >>Darren S. Crawford > > >>Network Systems Consultant > > >>Lucent Technologies - Sacramento > > >> > > >>email: [EMAIL PROTECTED] > > >>page via email: [EMAIL PROTECTED] > > >>pager: 800-467-1467 > > >> > > > > x$:0`0:$xx$:0`0:$xx$:0`0:$xx$:0`0:$x$:0`0:$xx > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=5803&t=5756 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CORRECTION: Re: reverse telnet [7:5655]
Yeah, I started thinking the same thing after my post. Since the telnet session is really just setting you up to do a console connection the connected router, typing 'exit' would only drop you back to the "Press enter to continue" blah message... The telnet session is really established to the 2511, and since your keystrokes are redirected to the serial line, the 'exit' is never seen by the term server. So what's the best way to do this? Would it be typing 'exit,' and then issuing a Ctl-Shift-6 - x, followed by another 'exit?' ----- Original Message - From: "Circusnuts" To: "W. Alan Robertson" ; Sent: Thursday, May 24, 2001 12:05 AM Subject: Re: CORRECTION: Re: reverse telnet [7:5655] > I was thinking the same, but this would clear all lines. The next telnet > session onto the 2511 would require re-establishing the session & clearing > the line to pass onto the UNIX box (if I am understanding the setup > correctly). > > I'm thinking the user needs to turn their underwear back around to the > correct direction or use an Alias :o) > > Phil > > - Original Message - > From: W. Alan Robertson > To: > Sent: Wednesday, May 23, 2001 11:30 PM > Subject: Re: CORRECTION: Re: reverse telnet [7:5655] > > > > When I first read the original message, my response seemed too simple, so > I > > didn't reply... > > > > Here it is: Type 'exit', and hit enter. > > > > Does this not meet the requirements? Does the line get hung up or > something? > > Is there more to this question than meets the eye? > > > > - Original Message - > > From: "Frank Kim" > > To: > > Sent: Wednesday, May 23, 2001 10:55 PM > > Subject: CORRECTION: Re: reverse telnet [7:5655] > > > > > > > Hi folks, > > > I know about the ctrl-shift-6 x. Please read my message again. I am > not > > > telnet'ing from the 2511. I sit on another workstation which is on the > > > same network as the ethernet segment of the 2511 and I telnet from > there. > > > Please re-read my question. Sorry for the confusion. > > > > > > > > > -Frank > > > > > > > > > On Wed, 23 May 2001, Kevin Wigle wrote: > > > > > > > with this simple scenario all you need do is: > > > > > > > > control-shift-6 (all at one time) > > > > > > > > release > > > > > > > > and then type x > > > > > > > > this should bring you back to the terminal server > > > > > > > > then type the command: disconnect 1 > > > > > > > > r1 is gone and you're left with the terminal server connection > > > > > > > > Kevin Wigle > > > > > > > > - Original Message - > > > > From: "Frank Kim" > > > > To: > > > > Sent: Wednesday, 23 May, 2001 20:38 > > > > Subject: reverse telnet [7:5655] > > > > > > > > > > > > > Below is my config of a 2511. My question is if I sit on another > > > > > workstation and telnet to 192.168.1.1 2001 which brings me to R1. > Once > > > > > I am in, is there a 'key-stroke' I can enter in to have the 2511 > > > terminate > > > > > my session? I'm currently closing out my telnet application to have > > the > > > > > session terminated. Thanks for any help. > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=5681&t=5655 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CORRECTION: Re: reverse telnet [7:5655]
When I first read the original message, my response seemed too simple, so I didn't reply... Here it is: Type 'exit', and hit enter. Does this not meet the requirements? Does the line get hung up or something? Is there more to this question than meets the eye? - Original Message - From: "Frank Kim" To: Sent: Wednesday, May 23, 2001 10:55 PM Subject: CORRECTION: Re: reverse telnet [7:5655] > Hi folks, > I know about the ctrl-shift-6 x. Please read my message again. I am not > telnet'ing from the 2511. I sit on another workstation which is on the > same network as the ethernet segment of the 2511 and I telnet from there. > Please re-read my question. Sorry for the confusion. > > > -Frank > > > On Wed, 23 May 2001, Kevin Wigle wrote: > > > with this simple scenario all you need do is: > > > > control-shift-6 (all at one time) > > > > release > > > > and then type x > > > > this should bring you back to the terminal server > > > > then type the command: disconnect 1 > > > > r1 is gone and you're left with the terminal server connection > > > > Kevin Wigle > > > > - Original Message - > > From: "Frank Kim" > > To: > > Sent: Wednesday, 23 May, 2001 20:38 > > Subject: reverse telnet [7:5655] > > > > > > > Below is my config of a 2511. My question is if I sit on another > > > workstation and telnet to 192.168.1.1 2001 which brings me to R1. Once > > > I am in, is there a 'key-stroke' I can enter in to have the 2511 > terminate > > > my session? I'm currently closing out my telnet application to have the > > > session terminated. Thanks for any help. > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=5672&t=5655 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP question [7:4973]
If my ISP told me that, I wouldn't believe another thing they had to say. BGPv4 supports CIDR and Classful addressing. It will advertise whatever address range you tell it to, with whatever mask you provide. Perhaps the ISP was really talking about their own policies, with regard to address space that they provide their customers. They certainly weren't referring to any limitations of BGP. - Original Message - From: "Rizzo Damian" To: Sent: Friday, May 18, 2001 9:38 AM Subject: BGP question [7:4973] > Hey folks, I have a quick question regarding BGP. We are looking for an > alternative ISP for our Internet. One company we spoke with that offers a > 100MB connection, said that in order to use their services we need to > implement BGP on our Internet router. We currently utilize a class A address > on our Internet router, and they said BGP will only work with Class C > addresses. I don't know enough about BGP yet to argue this fact, so I turn > to you to ask if you agree or disagree with this comment? Thanks a lot! > > > -Rizzo > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4979&t=4973 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What is the source address when i do standard ping [7:4936]
The source address of the ping packet is the address on the Interface closest to the destination, as determined by your routing table. For instance, if you are pinging a device that is directly attached to your e0 interface, then the router will source the ping using e0's IP address. If you do an extended ping, you can specify the IP address that you want the ping to originate from. - Original Message - From: "SAM Meng Wai" To: Sent: Thursday, May 17, 2001 9:45 PM Subject: What is the source address when i do standard ping [7:4936] [snip] > Do anybody know how cisco router use it source address when > i do a standard ping command as i have few interface and each > interface has its own ip address. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4939&t=4936 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 100mb Ethernet over Type 1 ... [7:4897]
Type-1 cabling is more commonly known as "Shielded Twisted Pair." It's a heavy gauge 2 pair cabling that was used in legacy Token Ring environments, before UTP caught on. It's excellent cable, due to it's braided shielding. It's flaws were it's cost, and it's size (very thick, and somewhat difficult to work with). It's clear to me where Timothy is coming from... He's got a client with an existing Token Ring network looking to migrate to Fast Ethernet, and they'd like to leverage what must have been a tremendously expensive cabling infrastructure since they've already paid for it. >From http://www.ece.ac.ae/techstuff/networking/fetech.html : ---[Pasted Text]--- 100BASE-TX Physical Layer This physical layer defines the specification for 100BASE-T Ethernet over two pairs of Category 5 UTP (unshielded) or Type 1 STP (shielded) twisted-pair wire. With one pair for transmit and the other for receive, the wiring scheme is identical to that used for 10BASE-T Ethernet. The UTP connector, an RJ-45, is also identical to the one used for 10BASE-T Ethernet, wired in exactly the same fashion. However, the punch-down blocks in the wiring closet must be Category 5 certified. Where these blocks do not meet the standard, an upgrade is necessary. The STP connector is the same DB-9 used for Token Ring networks. ---[End Paste]--- It would appear that there is nothing to prevent the use of Fast Ethernet over Type-1, but I've never seen it done. You can be sure that someone has done it though... Keep looking... Alan - Original Message - From: "Brijesh" To: Sent: Thursday, May 17, 2001 3:55 PM Subject: Re: 100mb Ethernet over Type 1 ... [7:4897] > What is type 1 cabling? Please let me know. What I have implemented is > Category 3,4, and 5 UTP cabling. > > Brijesh > - Original Message - > From: "Hornbeck, Timothy" > To: > Sent: Friday, May 18, 2001 12:54 AM > Subject: 100mb Ethernet over Type 1 ... [7:4897] > > > > Is it possible to run 100mb Ethernet over Type1 cabling? If so what are > > some of the issues in doing so? Looking to cut some costs on a project. > > > > Timothy J. Hornbeck > > Technical Analyst III > > Infrastructure Implementation - LAN/WAN > > "6EQUJ5" - By Unknown (recorded at OSU "Big Ear") > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4911&t=4897 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Lab Report - unsuccesful
Chuck, Sorry to hear about the outcome of your practical exam. Take solice in the fact that so many people have to retake it. It is a testament to the certification's value, and to the ability of those that make it. Persistance separates life's winners from life's losers. At some point, you'll get there, and the sense of satifsafaction will be delicious. :) Speaking of persistance, I know a guy that bills himself as "The World's Worst CCIE." He took six attempts to pass the written exam, and then took six trips to Raleigh for the practical. He was not being sponsored by his employer either... That's $7200.00 in various exam fees alone, not including travel costs. I worked with him on a project for several months, and he was no dummy. By my estimation, Murphy's law comes into play. A lab candidate will invariably draw the lab scenario for which he is least prepared. That's just how it seems to work out. I read your report more than once, and with great interest. Thanks for taking the time to provide your insight and observations. One of the frustrating things about preparing for this, particularly gearing up for the first attempt, is the uncertainty. For instance, I'm pretty good at DLSw. I've been fortunate enough to use it in a very large production environment. In my implementation, we used TCP encapsulation exclusively, with static peering. Is it enough that I know about the other means of encapsulation, or dynamic peering? My environment was SNA. I haven't used it with NetBIOS... Is the behavior identical? Can I skip preparing for DLSw because of my experience with it, or do I need to reserve some of my precious time for DLSw experimentation? Another example: I'm a whiz with Frame-Relay. Until a week ago, I was in the midst of a huge frame deployment, some 1500 sites. That said, it was a fairly vanilla environment. Nothing special about it. Looking for confidence, I was looking at the Frame Configuration Guide on CCO last night, with the expectation that I was gonna know most of it. It was a big mistake. There were so many commands that I had never used, nor did I know they even existed. I knew I'd want to revisit frame the old fashioned way (I've been using subinterface/point-to-point for so long, I hardly remember building frame-relay maps by hand), and revist split horizons, but geeze... I could spend from today until July (my 1st lab exam) covering these two topics, topics that I feel good about, and still not get close to what I'd consider "Full Mastery." Understand that I'm not a paper anything. I don't have my CCNA ot CCNP. I passed the written exam with virtually no studying, because I have been working with Cisco routers since '94, and because I have never been satisfied knowing how to do something without having a pretty good understanding of the how/why what I was doing worked. I came into this process with the expectation that because of my background, I'd have a more difficult time with the esoteric detail of the written exam than I would with the lab. I am a hands-on guy. Accounts, such as yours, are an invaluable resource to me, not because they remove the uncertainty, but I feel like they help me manage the uncertainty. I hear what I need to hear: If you're good at what you do and you prepare effectively, you can and will be successful. Thanks. Alan~ - Original Message - From: "Chuck Larrieu" <[EMAIL PROTECTED]> To: "Cisco Mail List" <[EMAIL PROTECTED]> Sent: Saturday, April 07, 2001 9:34 PM Subject: CCIE Lab Report - unsuccesful _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 3DES for Cisco17xx ?
Gabiel, I believe it's due to export restrictions. Cisco cannot distribute strong encryption unilaterally. The easing of ITAR restrictions last year (or maybe in '99) stated that you could export stong encryption if you released the source, and notified the Dept. of Commerce of the location. Since Cisco has not released their source, and probably never will, they must verify that the end-user is eligible to recieve any version of IOS which utilizes strong encryption. That measn that these images may only be provided to users in the United States, and Canada. Alan - Original Message - From: "Gabriel Nickel" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, April 05, 2001 9:05 AM Subject: 3DES for Cisco17xx ? > Under Table 3: Platform - 1700 in this document: > http://www.cisco.com/warp/public/cc/pd/iosw/iore/iomjre121/prodlit/1064_pp.ht > m > there are several IPSec 3DES images listed, which are not available in the > download section: > http://www.cisco.com/cgi-bin/Software/Iosplanner/Planner-tool/iosplanner.cgi? > get_crypto=&data_from=&hardware_name=1720&software_name=&release_name=&majorR > el=12.1&state=:HW > > any idea why there is no IPSec 3DES 12.1 IOS in the download center? > Is the VPN module needed for 128k bandwidth or can the CPU handle the > software encryption on a 1720 ? > > thanks in advance, > Gabriel _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Anyone looked at this RFC yet?
You know, this was brought to my attention yesterday on Slashdot. Since yeterday was April 1st, I wasn't sure whether or not this was meant to be taken seriously. It seems funny to me... I imagine that rather than implement this, it'd be easier just to remove the firewall. :) A~ - Original Message - From: "Fowler, Robert J." <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, April 02, 2001 11:12 AM Subject: RE: Anyone looked at this RFC yet? > Ooops here is the link... > > http://www.isi.edu/in-notes/rfc3093.txt > > > -Original Message- > From: Fowler, Robert J. [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 02, 2001 10:50 AM > To: [EMAIL PROTECTED] > Subject: Anyone looked at this RFC yet? > > > RFC 3093, the Firewall Enhancement Protocol promises to reduce the hassle of > setting up a firewall by tunneling any TCP/IP application over HTTP. > > > > Thanks, > Robert Fowler > > We are told that talent creates its own opportunities. But it sometimes > seems that intense desire creates not only its own opportunities, but its > own talents. > - Eric Hoffer (1902-1983 American Author & Philosopher) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can we find the PC's IP address connect to particular switch port?
Richard, Generally speaking, you cannot determine the PC's IP address from the switch (Layer 3 Switching aside), but you can determine the MAC addresses of each device connected to each port. Displaying the MAC table of the switch (since you haven't provided the specific platform) is an excercise best left to the reader. Determine the MAC address of the PC, and then show the MAC table from the switch. That ought to give you the information you're looking for. That's one way... Since I'm a lazy cheater, and would spend countless hours researching a way to trim 30 seconds off a two-minute process, here's what I'd do... >From the switch, ping the PC in question, and then check the arp table. This will save you the trouble of trying to figure out how to display the MAC address of the card in the PC. Compare the resulting ARP entry to the switch's MAC table and you're done. Wouldn't it be great if PCs spoke CDP? ;) Alan - Original Message - From: "Richard spalding" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, March 27, 2001 9:21 PM Subject: Can we find the PC's IP address connect to particular switch port? > Can we find the PC's IP address connect to particular switch port? Or for a > PC , can we know which port of the switch it connect to, other than tracing > the cable??? > > Richard > > > _ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Visio Icons (where to find)
I realize that this will be of little value to most folks, but employees of Cisco partners can get all of the Cisco Vision templates at: http://www.cisco.com/partner/visio/index.html Much more up to date than the link below, but accessible to far fewer people. Alan~ - Original Message - From: "Ed" <[EMAIL PROTECTED]> Newsgroups: groupstudy.cisco To: <[EMAIL PROTECTED]> Sent: Monday, March 26, 2001 8:02 PM Subject: Re: Cisco Visio Icons (where to find) > Give this link a try. It is a little old and you need a CCO login: > http://www.cisco.com/warp/customer/503/2.html > > > ""Weil, Timothy R"" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]. > .. > > > Where can I find a collection of newer Cisco Visio icons including > > > current equipment like > > > > > > VPN 3000/5000 concetrators > > > 400x switches > > > GSR > > > > > > et cetra > > > > > > Tim Weil - CCNP > > > kpmg Consulting > > > Network Solutions (KCNS) > > > Cell 301.452.3641 > > > Office 703.747.8950 > > > Fax240.337.1305 > > > > > > > > > > * > > The information in this email is confidential and may be legally > privileged. > > It is intended solely for the addressee. Access to this email by anyone > else > > is unauthorized. > > > > If you are not the intended recipient, any disclosure, copying, > distribution > > or any action taken or omitted to be taken in reliance on it, is > prohibited > > and may be unlawful. When addressed to our clients any opinions or advice > > contained in this email are subject to the terms and conditions expressed > in > > the governing KPMG client engagement letter. > > > > * > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: flashing 3620 Please help!
No, in this case, the destination filesystem is the flash module, not the tftp server... You need to change your configuration register to 0x2101 (Rather than the normal 0x2102). This should allow you read/write access to the system's flash. A~ - Original Message - From: "Arun" <[EMAIL PROTECTED]> Newsgroups: groupstudy.cisco To: <[EMAIL PROTECTED]> Sent: Saturday, March 24, 2001 6:45 AM Subject: Re: flashing 3620 Please help! > Hi > it seems that there is some access right problem on the tftp server if ur > using the unix use chmod command to change its right to rwx and it should > workif ur in NT see the rights of the file > Hope it will work > Arun > > ""Justin Lofton"" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I'm trying to flash a 3620 but when I use the copy tftp flash command it > > tells me that destination filesystem is read-only. What the hell am I > doing > > wrong? > > > > Justin Lofton > > Account Executive/CCNA > > Tredent Data Systems > > [EMAIL PROTECTED] > > (818) 222-3770 > > http://www.tredent.com/ > > > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Anyone tried setting up a Linux TFTP Server for Cisco?
Rather than get into a Holy War about why Linux is better than Windows, I figured I'd just answer your question. in.tftpd doesn't constantly run like other processes, like a http server, as an example. in.tftpd is typically started as needed, and terminated when finished. The controlling process is inetd. The configuration file for inetd can be found at '/etc/inetd.conf'. Edit that file... Scroll down to a line that reads like this (the exact line varies by Linux distribution): #tftp dgram udp waitnobody /usr/sbin/tcpd /usr/sbin/in.tftpd /tftpboot The # means that this line is commented out. If you remove the hash mark, leaving: tftp dgram udp waitnobody /usr/sbin/tcpd /usr/sbin/in.tftpd /tftpboot you will have enabled the tftp service for the box. The "/tftpboot" reference refers to the tftp service home directory, so make certain that it exists. You can also move the location if you'd like. Just specify a different path, and ensure that it exists. Finally, you need to restart the inetd process, so that it will be aware of that fact that you want it to manage tftp services. Do a 'ps ax | grep inetd'. That will something like: yavin:/etc# ps ax | grep inet 252 ?S 0:00 /usr/sbin/inetd 369 ?SW 0:00 [rinetd] 7945 pts/1S 0:00 grep inet yavin:/etc# To restart it, type this: 'kill -HUP [pid]' In my example, 252 is the pid (Process ID). I almost forgot... One thing you also need to check is the directory pemissions of /tftpboot... Make sure that the directory is World Readable, and World Writable. Tftp does no user authentication, so you have to give global read/write access to it's directory. Also, before sending a file up to the tftp server, you will need to 'touch filename'. Generally, the service will allow you to overwrite a file that exists, but it will not allow you to create a wholly new file. Silly, isn't it? Best of luck... Alan - Original Message - From: "Brian Kimsey-Hickman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 22, 2001 8:17 AM Subject: Anyone tried setting up a Linux TFTP Server for Cisco? > I was wondering if anyone had tried to set up to Linux box as a TFTP server > for Cisco configurations and images. I have tried in.tftp but don't seem to > be having a lot of luck. > > Thanks, > > Brian > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Slightly OT - Setting up syslog on Solaris for Remote logging of Cisco Routers
I've seen a million people ask about syslog for windows, but nobody has mentioned syslogd on Unix. I'm trying to find information on getting syslog on a Solaris platform to accept logging messages from Cisco routers. By default, the syslog service does not accept messages from external devices. I've found about 6 million links on how to get this working on Linux, but the Solaris version and the Linux version are different enough that those links have not been helpful. Anyone have a quick and dirty howto? (And please, no recommendations to install a linux host, or a windows host... That's not an option.) Thanks in advance, Alan _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question on HSRP
Subject: Question on HSRP > Does HSRP work at the interface level or is the entire router on > acvtive/stand-by? HSRP operates at the interface level. The benefit HSRP provides is this: Let's say you have a number of Workstations or Servers on a LAN segment where more than one router exist. Each station/server needs a default gateway in order to communicate with non-local points in your network. Generally speaking, you can only specify a single default gateway... If you assign the RouterA ethernet address (192.168.1.1) as the default gateway for the servers, and something happens to RouterA, your servers will not know to send outbound traffic to RouterB's ethernet address (192.168.1.2) instead. The solution to this OS limitation is to set up HSRP for RouterA and RouterB, having them each monitor 192.168.1.3. One of the routers will be actively answering for the .3 HSRP address (You can adjust the settings if you have a perference), and the other will be standing by, periodically checking to see that RouterA is still able to accept traffic destined for .3. If RouterB determines that RouterA has gone missing, RouterB will go active, and start answering for any traffic destined for .3. (RouterB determines that RouterA has failed via a "Hello-type" mechanism.) If you configure RouterA with the 'preempt' option, it will resume answering the .3 address when it is able to, and RouterB will return to standby mode. This is all HSRP does... It has no part in path determination, and it completely seperate from your routing protocol. It simply ensures that devices on the LAN segment have someplace to send non-local traffic. Often, the Active HSRP router will simply re-direct the traffic it accepts to another router which may be running as a standby, depending on your topology, and your routing tables. On some operating systems, you can run a routing protocol if you want; Unix systems in particular. If you were to do that, there would be no need for HSRP, as each host would have complete routing information. They'd recover as the absence of a router was discovered, and the network reconverged. Hope this helps, Alan _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Star Wars
Understand this... I am a Star Wars freak. I haven't a clue how Lucas is going to pull this off... Here are the timetable problems that he faces: Anakin obviously has to grow up and undergo Jedi training. He also has to fight in the 'Clone Wars' along with Kenobi and the rest of the Jedi. He needs to mature to the point where he can develop the love interest with Queen Amadala (Luke and Leia's mother). Presumably, all of this must happen in the Second Movie, because by the time Episode III is completed, Amadala must be pregnant, Anakin must have his accident and be lost to the dark side, and Kenobi must secret Amadala away to have the twins. Luke has to be delivered to Owen and Beru on Tatooine, and Leia must be taken to Bail Organa on Alderaan. Vader must also become Senator Palpatine's servant, Palpatine must dissolve the Senate, annointing himself Emperor, and together, the Emperor and Vader must conduct the great Jedi purge. These are simply the storylines which reasonably must be satisfied based on what we know to be History from the Episode IV, V, and VI perspective. Of course, some people think I take this all too seriously. Alan (Alternate e-mail: [EMAIL PROTECTED]) - Original Message - From: "Dan West" <[EMAIL PROTECTED]> To: "Justin Emilio" <[EMAIL PROTECTED]>; "Z" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, March 06, 2001 10:14 AM Subject: Re: Star Wars > No No No I want him to turn at the end of II. Like > the dark twist in Empire with Luke/Vader. that's > better... :> > > --- Justin Emilio <[EMAIL PROTECTED]> wrote: > > I think he will turn to the dark side in Episode > > III. George Lucas is going > > to make us wait another 3 years to see what we are > > waiting for. > > > > > > Justin Emilio > > CCNA, CCDA, CSE > > MM Internet > > 888-654-4971 > > - Original Message - > > From: "Z" <[EMAIL PROTECTED]> > > To: "Justin Emilio" <[EMAIL PROTECTED]>; > > <[EMAIL PROTECTED]> > > Sent: Monday, March 05, 2001 7:34 PM > > Subject: Re: Star Wars > > > > > > > You've got to be kidding me...good topic, lol... > > > > > > > > > > > > This has been an Eyez Only streaming e-mail > > broadcast...We are watching. > > > > > > NetEyez ~ CCNP, CCDA > > > > > > - Original Message - > > > From: "Justin Emilio" <[EMAIL PROTECTED]> > > > To: "Cisco" <[EMAIL PROTECTED]> > > > Sent: Monday, March 05, 2001 10:21 PM > > > Subject: Star Wars > > > > > > > > > > > > > > Is Anakin Skywalker going to fall to the > > dark side by episode II? > > > > > > > > Justin Emilio > > > > CCNA, CCDA, CSE > > > > MM Internet > > > > 888-654-4971 > > > > > > > > _ > > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > > > Report misconduct and Nondisclosure violations > > to [EMAIL PROTECTED] > > > > > > > > > > > _ > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > = > from The Big Lebowski... > > The Dude: You sure he won't mind? > Bunny: Dieter doesn't care about anything. He's a nihilist. > The Dude: Ohhh, that must be exhausting... > > __ > Do You Yahoo!? > Get email at your own domain with Yahoo! Mail. > http://personal.mail.yahoo.com/ > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Dialer profile--password encryption
Howdy, Disabling the password encryption service is not enough... You do have to turn it off by issueing 'no service password-encryption,' but that will not unencrypt passwords that were saved to the configuration while the service was running. Password encryption utilizes the "hash" function, which is a one-way street. There is no "unhash" function. This has been desrcibed on this list before, and to really get into it, you need to be a math freak/encryption guy(gal). If they wish to elaborate, I welcome them to it. For you and I, hash is one-way. After disabling password-encryption, in order to get your passwords back into clear text in the configuration, you need to re-enter the password commands while in config mode. This will replace the garbled passwords with clear text. Hope this helps, Alan - Original Message - From: "Stuart Laubstein" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, March 06, 2001 7:51 AM Subject: AW: Dialer profile--password encryption > I am using no service password encryption. It is just for my boss so that he > can see what the ppp passwords are when I print the log of a show run for > him. I do not want the passwords sent in clear text I just want them in > clear text in the config. In my example below He would like to see > > ppp chap password 0 big_boss and not ppp chap password 7 dsadkf4958kjsdk > etc... > > sorry if I wasnt clear the first time around. > > stuart > > > > -Ursprüngliche Nachricht- > Von: Jason Swenson [mailto:[EMAIL PROTECTED]] > Gesendet am: Tuesday, March 06, 2001 1:42 PM > An: Stuart Laubstein > Betreff: Re: Dialer profile--password encryption > > Stuart if I understand your question correctly you a probably using service > password-encryption which will encryption some passwords. I use radius for > authenication. Give me some more detail. > > Jason > > At 12:42 PM 3/6/01 +0100, you wrote: > >I have a 3620 in which my boss wants to be able to see the passwords in > >clear text both after the usename and in the dialer profile. I know that > >with the username command it will show it but I cannot get it to be clear > >text in the dialer profile. Any help much appreciated--example below > > > >thanks > > > >stuart > > > > > > > >Example > > > > > >no service encryption password > > > >username boss password big_boss > >... > >... > > > >interface dialer 1 > >.. > >.. > >.. > >ppp chap password 7 05g7385496fdjdks > > > > > > > >_ > >FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Switch Problem
This sounds like a job for a syslog server. If you enable remote logging, you'll be able to see any error conditions which led up to the reboot. The alternative is to be watching and waiting when a reboot occurs, and who wants to do that? The other thing that you might want to check is to do a 'sh ver'. The reason for the last reset will be listed (It may be cryptic, but it might provide you with an idea of where to start looking). - Original Message - From: "Stuart J Pittwood" <[EMAIL PROTECTED]> To: "Cisco" <[EMAIL PROTECTED]> Sent: Friday, March 02, 2001 11:54 AM Subject: Switch Problem > Hi, > > Many of my users have been reporting network connectivity disapearing and > comming back about a min later. > > While looking through the logs of one switch (a 2924M-CL-EN) I noticed it > had been rebooted recently. > > What would make a switch reboot itself? The switch isn't anywhere near > capacity (according to the scale on the front). > > Any help greatly appreciated > __ > Stuart J Pittwood, CCNA > [EMAIL PROTECTED] > http://www.stuartpittwood.net > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLANS and DHCP
Chris, While that would certainly work, it's not the most elegant way of meeting your requirement. DHCP servers support different Scopes (think ranges of addresses, or different subnets). When you enable the 'ip helper address' on an interface supporting a network where no DHCP or BOOTP server resides, the broadcast DHCP request is repackaged as a unicast message with the destination address you provide in the helper address statement. The 'source ip address' field of that unicast packet is the IP address of the router inteface from which the request originated, and the DHCP uses it to determine which Scope (Pool of addresses, or Subnet range) to allocate the new address from. The DHCP forwards the DHCP response back to the router that handled the request, and the router dumps it back onto the segment from which it came. Presumably, the next step is the limit network access based on user class (Administrative, Regular, Etc.). Simply build your access-lists to suit your needs. Hope this helps, Alan - Original Message - From: "Chris Sees" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 01, 2001 11:15 AM Subject: VLANS and DHCP > HI, > Does anyone have suggestions for implementing DHCP in an enterprise > environment that wants to use VLAN's (for administratve, regular users, > etc. - for security purposes) and DHCP at the same time? It seems like you > would need multiple DHCP servers (carefully placed). ? > Thanks in advance. > > > Chris > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Traffic and Route Generator
Need more routes, so as to have a big honking routing table with with to filter and redistribute? Add static routes for networks and sub-nets, pointing them at null0. This will put them in your table, and give you a great way to experiment with filtering and redistrbution, not to mention perfecting your summarization skills. As for traffic generation, there are a number of commercial products, but I'd recommend you get cozy with Linux. I use Linux as a swiss-army knife. There are countless tools for it that do all manner of things. If you want to put a load on one of your links, it's hard to beat: 'ping -f -s 1400 ' The '-f' switch means flood, which tells ping to send the next ping packet immediately after sending the first, rather than waiting for the reply from the previous ping. The '-s 1400' switch sets the packet size to 1400, rather than the default packetsixe of 64. You can run this process to a bunch of destinations simultaneously. This ought to give you stressed WAN links, ethernet collisions, drops, retransmissions, etc. etc. Another great feature of Linux is the ability to use a regular computer as a real live OSPF, BGP, RIP v1 or v2 peer. It'll look like another vendor's box, perhaps, but the Configuration interface for "Zebra" (Which provides the OSPF and BGP stuff) mimics almost identically the syntax which you'd use on a Cisco box. Besides, aren't you tired of looking for the tftpd.exe file, and not having a real DNS box nearby? :) Alan~ - Original Message - From: "Daniel Cotts" <[EMAIL PROTECTED]> To: "'Andrew Shappell'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, February 28, 2001 1:07 PM Subject: RE: Traffic and Route Generator > http://www.antara.net/ > They position their product as an e-commerce site stressor. Might be worth > checking. > > > -Original Message- > > From: Andrew Shappell [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, February 28, 2001 10:43 AM > > To: [EMAIL PROTECTED] > > Subject: Traffic and Route Generator > > > > > > Greetings, > > > >Can anybody recommend a good traffic generator and/or a good route > > generator. I need to do some QoS testing in a Lab > > Environment and need > > to generate lots of traffic. Thanks... > > > > -- > > Andrew E. Shappell > > CCNP & CCDP > > > > _ > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct > > and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Fw: juniper and cisco
Hate to follow up on my own message, but here goes: After sending, I ran to google to see if I could find out what this problem was about. It seems that JUNOS had a dampening bug at one point where it would doubly penalize a flap, once at withdraw time, and again at re-advertise time. The link I turned up that describes the issues is at: http://www.cctec.com/maillists/nanog/current/msg00140.html This was from back in December, so I would imagine it's been corrected by now. - Original Message - From: "W. Alan Robertson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, February 27, 2001 2:25 PM Subject: Re: juniper and cisco > I have resisted the temptation to get involved in this, but since it's already > being discussed some, I've got a question: > > "Net Bum" <[EMAIL PROTECTED]> wrote: > > > I had a Cisco 2600 series on my side and I asked him what he had on > > his side. He said (as if I wouldn't know :-), "A big router, it's a Cisco > > 12000 series." Then I asked him, "Do you use any Juniper stuff?" He said, > > "Yes, we use them in our core. They are behind the 12000's." > > This is not the first time I've heard this; major ISPs utilizing Juniper in > parts of their core, but always using Cisco at the edge. > > About 6 months ago, I was down at one of Cisco's offices in Florida (Ft. > Lauderdale), for a 2 day BGP seminar. I caught the guy who was giving the > seminar out in the hall afterward, and we were talking about a multitude of > topics, and Juniper came up. He had mostly good things to say about them, > particularly about their speed (He was a relatively new employee at Cisco... He > might not have drank the Kool-Aid yet). > > One of the things he did criticize, however, was some kind of problem Juniper > had with their BGP4 implementation, and he specifically mentioned that Juniper > was making a dent at the core (understatement perhaps), but that they were > having a difficult time at the edge as a result of this BGP problem. > > I regret, now, not pressing him for more detail, and as I haven't been doing > anything BGP related, I haven't really taken the time to research this. > > Is anyone on the list familiar with a problem with Juniper's BGP implementation > when peering with other vendors? > > Alan > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: juniper and cisco
I have resisted the temptation to get involved in this, but since it's already being discussed some, I've got a question: "Net Bum" <[EMAIL PROTECTED]> wrote: > I had a Cisco 2600 series on my side and I asked him what he had on > his side. He said (as if I wouldn't know :-), "A big router, it's a Cisco > 12000 series." Then I asked him, "Do you use any Juniper stuff?" He said, > "Yes, we use them in our core. They are behind the 12000's." This is not the first time I've heard this; major ISPs utilizing Juniper in parts of their core, but always using Cisco at the edge. About 6 months ago, I was down at one of Cisco's offices in Florida (Ft. Lauderdale), for a 2 day BGP seminar. I caught the guy who was giving the seminar out in the hall afterward, and we were talking about a multitude of topics, and Juniper came up. He had mostly good things to say about them, particularly about their speed (He was a relatively new employee at Cisco... He might not have drank the Kool-Aid yet). One of the things he did criticize, however, was some kind of problem Juniper had with their BGP4 implementation, and he specifically mentioned that Juniper was making a dent at the core (understatement perhaps), but that they were having a difficult time at the edge as a result of this BGP problem. I regret, now, not pressing him for more detail, and as I haven't been doing anything BGP related, I haven't really taken the time to research this. Is anyone on the list familiar with a problem with Juniper's BGP implementation when peering with other vendors? Alan _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Managed or "smart" Hub
Typically, a smart "hub" is simply SNMP managable. It may also facilitate the activation or disabling of specific ports. What you are talking about is a switch. Any time your device has awareness of Layer 2 information (MAC addresses, for example), you are referring to a Bridge or Switch (Which is, for the most part, a multi-port bridge). Hubs are Layer 1 devices. Bridges and Switches are Layer 2. Also, understand that the term "Smart Hub" is for marketing purposes. It may not be an accurate description of the device's capabilities. - Original Message - From: "C.M. Weaver" <[EMAIL PROTECTED]> Newsgroups: groupstudy.cisco To: <[EMAIL PROTECTED]> Sent: Monday, February 26, 2001 12:17 AM Subject: Managed or "smart" Hub > Am I correct in stating that a managed or "smart" hub maintains MAC address > tables along with port number information to forward packets to the > appropriate destination? > > C.M. > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: A different Wildcard Mask [1:2082]
Ignore this... Troy's answer is correct. I slopped up my binary columns, and added an extra bit. :) - Original Message - From: "W. Alan Robertson" <[EMAIL PROTECTED]> To: "jeongwoo park" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, February 23, 2001 2:58 PM Subject: Re: A different Wildcard Mask [1:2082] > Allow 172.17.2.64 0.0.0.63 to telnet, or deny 172.17.2.96 0.0.0.63... > > You are simply shifting 1 more bit to the right in the netmask... Whenever we > are dealing with Half of a subnet range, we can simply shift 1 bit in the subnet > mask. Your access-list is not aware of what the real subnet is. It only cares > about matching cases in your rule-set. > > You have a subnet, 172.17.2.64, with a /26 mask. To half it, simply add a bit > to the mask, making it /27. From there, determine the inverse mask, computing > the value of the remaining 5 bits (The last octet os now 1110 ), and you > have your wildcard. > > Hope this helps... > > Alan~ > > - Original Message - > From: "jeongwoo park" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, February 23, 2001 1:25 PM > Subject: Fw: A different Wildcard Mask [1:2082] > > > > Hi all. > > Can anyone clear this? > > thanks > > J > > - Original Message - > > From: "V Cumbie" <[EMAIL PROTECTED]> > > Newsgroups: groupstudy.associate > > Sent: Wednesday, February 21, 2001 12:08 PM > > Subject: A different Wildcard Mask [1:2082] > > > > > > > Can you permit/deny only half of a subnet? Here is my problem: > > > > > > Network: 171.17.2.64 > > > Subnet mask: 255.255.255.192 > > > Host range: 171.17.2.65 thru 171.17.2.126 > > > Broadcast: 171.17.2.127 > > > > > > I have to deny telnet from hosts 171.17.2.96 thru 171.17.2.126 > > > and allow the remaining addresses (the lower half) 65 thru 95 complete > > > access. > > > > > > I can not figure out a wildcard mask for splitting the hosts in half; to > > > deny/permit one half of them. > > > > > > I would appreciate any help on this. > > > > > > V. Cumbie > > > > > > > > > > > > > > > > > > Message Posted at: > > > http://www.groupstudy.com/form/read.php?f=1&i=2082&t=2082 > > > -- > > > You are reading GroupStudy's Associate Mailing List. To unsubscribe > > follow > > > the directions on http://www.groupstudy.com/list/Associates.html > > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: A different Wildcard Mask [1:2082]
Allow 172.17.2.64 0.0.0.63 to telnet, or deny 172.17.2.96 0.0.0.63... You are simply shifting 1 more bit to the right in the netmask... Whenever we are dealing with Half of a subnet range, we can simply shift 1 bit in the subnet mask. Your access-list is not aware of what the real subnet is. It only cares about matching cases in your rule-set. You have a subnet, 172.17.2.64, with a /26 mask. To half it, simply add a bit to the mask, making it /27. From there, determine the inverse mask, computing the value of the remaining 5 bits (The last octet os now 1110 ), and you have your wildcard. Hope this helps... Alan~ - Original Message - From: "jeongwoo park" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, February 23, 2001 1:25 PM Subject: Fw: A different Wildcard Mask [1:2082] > Hi all. > Can anyone clear this? > thanks > J > - Original Message - > From: "V Cumbie" <[EMAIL PROTECTED]> > Newsgroups: groupstudy.associate > Sent: Wednesday, February 21, 2001 12:08 PM > Subject: A different Wildcard Mask [1:2082] > > > > Can you permit/deny only half of a subnet? Here is my problem: > > > > Network: 171.17.2.64 > > Subnet mask: 255.255.255.192 > > Host range: 171.17.2.65 thru 171.17.2.126 > > Broadcast: 171.17.2.127 > > > > I have to deny telnet from hosts 171.17.2.96 thru 171.17.2.126 > > and allow the remaining addresses (the lower half) 65 thru 95 complete > > access. > > > > I can not figure out a wildcard mask for splitting the hosts in half; to > > deny/permit one half of them. > > > > I would appreciate any help on this. > > > > V. Cumbie > > > > > > > > > > > > Message Posted at: > > http://www.groupstudy.com/form/read.php?f=1&i=2082&t=2082 > > -- > > You are reading GroupStudy's Associate Mailing List. To unsubscribe > follow > > the directions on http://www.groupstudy.com/list/Associates.html > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 128 WEP Vulnerabilities
Nabil, There was discussion of this on Slashdot a while back... The informative link is at http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html The Slashdot discussion links are at: http://slashdot.org/yro/01/02/06/159208.shtml and http://slashdot.org/article.pl?sid=01/02/15/1745204&mode=nested Here's the jist of the vulnerability: ---Excerpt--- Executive Summary We have discovered a number of flaws in the WEP algorithm, which seriously undermine the security claims of the system. In particular, we found the following types of attacks: - Passive attacks to decrypt traffic based on statistical analysis. - Active attack to inject new traffic from unauthorized mobile stations, based on known plaintext. - Active attacks to decrypt traffic, based on tricking the access point. - Dictionary-building attack that, after analysis of about a day's worth of traffic, allows real-time automated decryption of all traffic. Our analysis suggests that all of these attacks are practical to mount using only inexpensive off-the-shelf equipment. We recommend that anyone using an 802.11 wireless network not rely on WEP for security, and employ other security measures to protect their wireless network. Note that our attacks apply to both 40-bit and the so-called 128-bit versions of WEP equally well. They also apply to networks that use 802.11b standard (802.11b is an extension to 802.11 to support higher data rates; it leaves the WEP algorithm unchanged). ---End Excerpt--- Hope this helps... Alan~ - Original Message - From: "Nabil Fares" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, February 23, 2001 10:58 AM Subject: 128 WEP Vulnerabilities > Greeting all, > > Are you guys aware of any issues/vulnerabilities with the WEP protocol. Any > feedback greatly appreciated. > > Nabil > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Advertising networks in OSPF
Elmer, If I understand you correctly, under RouterB's 'router ospf ' section, you have the following statements: network 144.20.xxx.xxx network 192.xxx.xxx.xxx network 204.xxx.xxx.xxx Is that right? And elsewhere in RouterB's config, you have a static route for the 144.20.xxx.xxx network that points to RouterA. In OSPF, the network statements do not mean "these are the networks I will advertise." They represent the individual router interfaces on which the OSPF process will communicate/form adjacencies (and the router will 'listen' on all interfaces, unless you specify them as being passive). Since RouterB have no interface that occupies the 144.20.xxx.xxx address space, that statement has no real impact. It sounds like what you're looking to do is redistribute the static route into the OSPF process. Add: redistribute static, or redistribute static subnets to your OSPF section, and get rid of the network statement for 144.20.xxx.xxx. You can also manipulate the metric you advertise the static routes with. If you do not use the 'subnet' parameter, it will only redistribute non-subnetted networks in classful manner. Since classful routing is inherently evil ( :) ), I always use the 'subnets' modifier. (Be certain that 'ip classless' is in your config... I forget which IOS revision this became default in. Better safe than sorry.) Hope this helps... If I've misunderstood your request, pardon my pontification. ;) Alan~ > - Original Message - > From: "Deloso, Elmer G (WPNSTA Yorktown)" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, February 22, 2001 7:54 PM > Subject: Advertising networks in OSPF > > > > Hello, all. > > I would like to confirm if this is correct: do you need an to have an IP > > address assigned to the same router that you want to advertise the IP's > > network out via OSPF? I noticed this with my test routers where I need to > > advertise say 144.20.0.0 which belongs to RouterA but is not doing OSPF > with > > my RouterB and instead doing static routes between them. Now Router B is > > assigned the 164.x.x.x and is doing OSPF with the ISProuter asfollows: > > 144.20.0.0 > > 193.x.x.x ---RouterA--STATIC--RouterB OSPF > > -ISP--OSPF/BGP-Internet > > 204.x.x.x e1 e0e1 e0 > > e0 T1's > > > > RouterA's E1 = 144.20.1.1, 193.x.x.x and 204.x.x.x are both secondary, E0 > = > > 207.x.x.1 > > RouterB's E1 = 207.x.x.2 , E0 = 164.x.x.2 > > RouterISP's E0 = 164.x.x.1 > > > > It seems that even if I include a network 144.20.x.x , 193.x.x.x and > > 204.x.x.x in RouterB's OSPF config and even though it shows as these > > networks are being redistributed via OSPF when I do > > A show ip route NETWORK, the ISP is not receiving these networks via > OSPF's > > LSAs. > > So it seems that RouterB cannot advertise these networks since it does not > > have any interface that belongs to these networks. And I guess configuring > > loopbacks to "represent" these 3 networks is out of the question? > > The reason this is set up this way is just a temporary 'TEST' if we can > get > > this design to work. Eventually RouterA will be replaced by a firewall > which > > of course does not speak OSPF. > > I could not find any OSPF "rule" on what it can originate in its > > advertisements in my ACRC, BSCN or Hutnik's books, unless I got it all > wrong > > from the beginning. > > Thanks for all responses. > > > > Elmer Deloso _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sniffing on a LAN Switch
[Thomas has a Cat 2924] Thomas, Here's the 2900 Series command reference: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2900/cgcr29k/comref.h tm ---Excerpt--- set span - Use the set span command to set up the port analyzer. set span enable set span disable set span / / [ rx | tx | both ] set span / [ rx | tx | both ] Syntax Description enable Port monitoring is enabled. disable Port monitoring is disabled. src_modThe monitored module (source). src_portThe monitored port (source). dest_mod The monitoring module (destination). dest_port The monitoring port (destination). src_vlan The monitored VLAN (source). rx Information received at the destination is monitored. tx Information transmitted from the source is monitored. both Both information that is transmitted from the source and received at the destination is monitored. Default The default configuration has port monitoring disabled, port 1/1 as the monitoring port (destination), VLAN 1 as the monitored VLAN (source), and both transmit and receive packets monitored. If the parameter rx, tx, or both is not specified, the default is both. Command Mode Privileged. Usage Guidelines After the port analyzer is enabled and the defaults set up, subsequent commands replace source ports, VLANs, and destination ports. Use either a dedicated remote monitor probe or a Sniffer analyzer to monitor ports. Related Commands clear config all show span ---End Excerpt--- Hope this helps... Alan~ - Original Message - From: "Thomas Jreige" <[EMAIL PROTECTED]> To: "W. Alan Robertson" <[EMAIL PROTECTED]>; "Study - Cisco Groupstudy List" <[EMAIL PROTECTED]> Sent: Thursday, February 22, 2001 10:23 PM Subject: Sniffing on a LAN Switch > I want to sniff on a lan switch but I understand that you cant without a > span port?? > > If so how is this done. > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Token Ring Crossover Cable???
Alex, There is no such animal... Token Ring is much more sophisticated that Ethernet at the physical layer. There is simply no way for either station at each end of a crossover cable to replicate the electrical function of an MAU. I wish I had a link that pointed to a good explaination of the process. Anybody have one? Alan~ > - Original Message - > From: "Scott Pierson" <[EMAIL PROTECTED]> > Newsgroups: groupstudy.cisco > To: <[EMAIL PROTECTED]> > Sent: Thursday, February 22, 2001 8:45 PM > Subject: Re: Token Ring Crossover Cable??? > > > > Token ring crossover cable? > > > > > > > > > > > > Alex wrote: > > > > > Hi > > > > > > Can I use a token ring crossover cable between to routers? > > > > > > Thanks > > > > > > Alex > > > > > > _ > > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE salary
This sounds light to me... Are you talking about full-time employment where you go into work everyday, at your company, and work on your company's network? You must be. In that kind of environment, maybe this is the going rate. I have no exposure to that kind of environment. You'd easily make 20% more than this as a consultant with a respectable company. The Metro D.C. area is littered with consulting companies, many of which are simply staff augmentation/body shop oriented. There are, however, a growing number of quality "project oriented" firms. These companies are paying much better, because they know how to bid a job correctly, and they can bring the right people and skillsets to bear ensuring that they get the work done ahead of schedule. They get the CCIEs and experienced designers involved early, to do the requirements analysis, and set the design. Then they roll them out, and bring in the CCNPs to implement. At that point, the high level guys have moved on to the next project, and are only needed to address specific complex issues if they arise. If they've done their jobs correctly, they shouldn't need to be involved at all. I have never had any desire to work in a static environment, for years on end. I have been on the consulting end for my entire professional life. There are trade-offs. There is some degree of travel that is to be expected, and the hours are not necessarily fixed. If you are of the 9-to-5 mindset, then you certainly don't want to be a consultant. If you enjoy a constant state of change, then it's probably something you ought to consider. What are your goals? Alan - Original Message - From: "Mask Of Zorro" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, February 22, 2001 9:38 AM Subject: Re: CCIE salary > The thing is, nothing other than the CCIE cert matters... > > CCNA = difficult to find a job > CCNP = around $65k annually > SUN certs = around $65k annually > MCSE = around $55k annually > CNE5 = around $45k annually > Notes certs = around $60k annually > > Here's the catch: CCNP, plus SUN cert, plus MCSE, plus CNE5 = around $65k > annually. > > CCIE = around $125 annually > > The difference is that CCIE's will get higher end, network architect type > positions, while all the other certs will get you Systems Administrator jobs > that might also have responsibility for a router or switch or two... > > Outside the System Admin circle, there simply isn't the demand for these > lower end certs. If you want to design and build large, complex enterprise > networks, you wimply won't get that job until you are a CCIE. If you want to > administer those networks and the systems that reside on them, then these > lower certs are your ticket to an interview... > > This is the DC, Baltimore, Northern Virginia market mindset, but I expect > that things are similar elsewhere. > > Z > > > >From: "Gayathri" <[EMAIL PROTECTED]> > >Reply-To: "Gayathri" <[EMAIL PROTECTED]> > >To: [EMAIL PROTECTED] > >Subject: Re: CCIE salary > >Date: Thu, 22 Feb 2001 14:35:26 +0800 > > > >How much can a CCNP with SUN certification expect with 6 yrs experience in > >varying fields ? > > > > > >"Mask Of Zorro" <[EMAIL PROTECTED]> wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > > The DC market rate for CCIE's is around $125. This varies with how long > >you > > > have been a CCIE and what else you know... > > > > > > Z > > > > > > >From: Stephane Wantou Siantou <[EMAIL PROTECTED]> > > > >Reply-To: Stephane Wantou Siantou <[EMAIL PROTECTED]> > > > >To: [EMAIL PROTECTED] > > > >Subject: CCIE salary > > > >Date: Wed, 21 Feb 2001 00:40:02 -0500 (EST) > > > > > > > > Hi everybody, > > > > > > > > Does anybody know approximately what the average CCIE makes in the > > > >DC area? > > > > Thanks > > > > > > > > > > > >_ > > > >FAQ, list archives, and subscription info: > > > >http://www.groupstudy.com/list/cisco.html > > > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > _ > > > Get your FREE download of MSN Explorer at http://explorer.msn.com > > > > > > _ > > > FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > > >_ > >FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > __
