RE: T1 and Frame Relay Sniffers [7:61531]
I have some experience with the Fireberd 6000s with various interfaces - and I use the Agilent Advisor software version on a near daily basis - I really like it's h.323 capabilities. I did not know that TCC was now Acterna - one of my co-workers has been crowing about his old Domino Wan boxes that he got through ebay. Thanks for the info - I have an email into Acterna for a quote. Bill -Original Message- From: s vermill [mailto:[EMAIL PROTECTED]] Sent: Tue 1/21/2003 6:59 PM To: [EMAIL PROTECTED] Cc: Subject: RE: T1 and Frame Relay Sniffers [7:61531] Clarification below... s vermill wrote: > > William Pearch wrote: > > > > Does anyone have a recomendation for a sniffer solution to > look > > at T1's, V.35, Frame Relay? Any experience with the Logix > > product? > > > > Bill in Anchorage > > > > > > Sorry, no Logix experience that I can remember. There really > are two distinct types of WAN test equipment. For intrusively > troubleshooting circuits any one of many Bit Error Rate test > sets are usually employed. What used to be TTC (now Acterna) > is responsible for the famous Fireberd series and also the > T-Berd series. These are great products (I prefer the Fireberd > in most cases for digital stuff but the T-Berd 310 has several > optical options for SONET, PoS, etc). These also can monitor > non-intrusively in many cases. As for v.35, there probably > isn't much you could do for in-service monitoring. ThatC"b,b"s true in the case of the Fireberd and the T-Berd, which are primarily used for intrusive testing (in my experience). They donC"b,b"t drill down (up?) any further than the L2 frame and don't look at all into the payload. In the case of the below-mentioned Agilent Advisor, which is primarily used for in-service monitoring (in my experience), you can look much further up the protocol stack. I use it for HDLC decodes, for example, where HDLC might be carrying any number of upper-layer data (and sometimes man-readable ASCII text), which can be furhter decoded. It doesnC"b,b"t much matter whether or not itC"b,b"s v.35, TIA/EIA-232 or 422, whatever (as long as you have the appropriate interface module). >In the > T-Carrier and Frame Relay world, the test set can lock to the > frame, verify the FCS, etc. I've also used the Agilent Advisor > (formerly the HP Internet Advisor) quite a bit, which is a > Windows-based test set for both LANs and WANs. It seems > primarily geared towards "sniffing" or in-service stuff but can > serve as an intrusive test set as well. None of these that > I've mentioned are cheap, to say the least. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61541&t=61531 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Loading IOS / OT Now [7:61413]
The BayRS does have some very cool features. My favorite was the modularity of the software - if you didn't want a feature you built your software package without it. The only way you wound up with a bloated OS was if you either needed all the bling blings or if it was loaded by someone that didn't know what they wanted. With Cisco IOS, if I want Frame Relay SVC's on a 3640 I have to get a bloated 'Enterprise' IOS load that has more knobs then I'll ever use! The biggest problem(s) with the Bay/Wellfleet routers? There was that baby poop brown color... Lack of marketing skills... Not enough blinkie lights... a terrible web page... fairly shallow product lineup... and they weren't percieved as a leader in the market, but a follower. When Bay bought the Accellar I thought they were on to something and then Nortel happened. That's not a bad or a good thing - just change. Never underestimate the importance of blinking lights. Bill -Original Message- From: Erick B. [mailto:[EMAIL PROTECTED]] Sent: Tue 1/21/2003 8:51 PM To: [EMAIL PROTECTED] Cc: Subject: RE: Loading IOS / OT Now [7:61413] I use bnfs95 still but it was always an unsupported tool. Not aware of anything for 3com NetBuilders though. Old NB's had a floppy drive. Another cool BayRS tool is the PCAP tool to do captures right on the router. I like BayRS. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61542&t=61413 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
T1 and Frame Relay Sniffers [7:61531]
Does anyone have a recomendation for a sniffer solution to look at T1's, V.35, Frame Relay? Any experience with the Logix product? Bill in Anchorage Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61531&t=61531 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Traceroute troubles [7:61247]
Solved my own problem - see CSCdu43762 on the CCO. Shows up with the 7200 and an NSE-1 and (evidently though they are not listed) the 1760, 2621, 2621XM, 2611 and 1720. Solution is to turn off PXF (rate limiting of ICMP unreachables) using: no ip icmp rate unreach Lesson learned? Read everything... :) Bill -Original Message- From: William Pearch Sent: Thu 1/16/2003 8:12 PM To: William Pearch; [EMAIL PROTECTED] Cc: Subject: Traceroute troubles Why does traceroute seem to have problems with the second check of a final hop? RouterA-RouterB When trace from routerA loopback to routerB loopback, first one comes back fine, second is a * and third is fine. Seems wierd - 500 pings all go swell. Then to top it off... RouterA trace to RouterA loopback0, first one comes back fine, second is a * and third is fine. 500 pings all go swell. I've tried over ethernet, fast ethernet, serial (HDSL and frame relay). Same behavior on my 2600's and 1700's. All running 12.2.13T. I wasn't able to find anything on the CCO this evening. Thoughts? Bill Pearch, Anchorage Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61247&t=61247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
17X0 HSRP bug [7:60197]
Those of you that have 1700 series routers in your labs, take a look at bug CSCdz64230. It had me chasing my tail a while this evening. The net net is you get a flapping link, and nearly constant hsrp state changes and spanning tree action. TTFN, Bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60197&t=60197 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 7200 Router Questions... [7:59645]
In order to hit performance marks that are excellent with IPSec you will need not only a spiffy NPE but the PA-VAM or PA-ISA. Be aware that the PA-VAM may not work with the latest and greatest IPSec image. I picked up a 7206VXR VPN bundle from Cisco last month and the only IOS supported was 12.1(9)E. This may have changed with 12.2(13)T - do your homework and test it. With the VAM and the NPE-400 Cisco claims ~150Mbps throughput. Be sure to top it off with memory - if you are running lots of tunnels you will need the space. I haven't tested the performance myself and do not know how the split bus of the 7200's will affect performance of one PA or another depending on where it's plugged in. Not all my questions have been answered... The VPN bundle lists for $23,500 - apply your discount. That gives you fastethernet interfaces(2), the PA-VAM, and the NPE-400. You'll have to pay for more If you can use a newer IOS version (come ON Cisco...) you can run the easy VPN server on the box and make life so much easier. The 12.1 code does a good job of working with x.509 certs, but there is a lot of command change between 12.1(9) and 12.2(13)T, so watch your configurations carefully and be prepared to rewrite things between versions. The PA-ISA does run with a piece of 12.2 code (I have a client using it) and does just fine. In the case of both accellerators there is no AES support that I am aware of. If you are looking for AES, the software crypto engine is supposed to support it in 12.2(13)T on some(all?) platforms and I've heard that there's a new crypto hardware piece in the works to support it also. Just a thought: Depending on your application, you may consider buying two smaller VPN enabled routers (3600 or 2600) and using multiple tunnels frome each site to the hub for layer 3 based load balancing and fault tolerance. They are routers, make 'em route! (Or heck, just buy 2 7206 bundles... :) You may get performance every bit as good, with availability numbers that make you look like an uber-star to the boss. TTFN, Bill Pearch, Anchorage -Original Message- From: Edward Sohn [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 21, 2002 10:11 AM To: [EMAIL PROTECTED] Subject: RE: 7200 Router Questions... [7:59645] thanks for the info. have you or anyone else any idea what configuration it takes for a 7200 router to be comparable in performance to a PIX 515 when it comes to a site-to-site VPN? for example, would a 7204VXR by itself be enough (over more than enough, for that matter) to meet the packet throughput performance of a PIX 515 on a 3DES ipsec tunnel set up site-to-site? i can't seem to find pps performance specs for the 7200 series... thanks, ed -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Friday, December 20, 2002 1:46 PM To: Edward Sohn Cc: [EMAIL PROTECTED] Subject: Re: 7200 Router Questions... [7:59645] Edward Sohn wrote: > Can anyone help me answer a few questions regarding this series > router? > > 1. The spec sheet says it performs multiprotocol routing over ipsec. > My question is: how? Is there some inherent technology that performs > this feature, or is it the IOS's ability to create a GRE over an IPSEC > tunnel? 2. What are the main differences between the NPE's and NSE's? > I can't decide which processor I need. The primary differance is the NSE is it is only supported in the 7200VXR and incorporates the PXF processor for accelerated packet switching. > 3. What's the difference between the VXR models and the "normal" > models? To get VXR performance you must use at least a NPE300 and you get a MIX backplane, good for voice stuff. Also the VXR gives you increased backplane bandwidth capabilities. With the new NPE-1G you no longer have any bandwidth point limitations! Dave > > That's it, for starters...any help would be greatly appreciated. > > Ed -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59780&t=59645 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: is there anyone migrating isdn backup to dsl b [7:58568]
You'll hit your three letter acroronym service level agreement real soon now (TLA SLA RSN.) -Original Message- From: "Priscilla Oppenheimer" Sent: 12/4/02 12:56:52 PM To: "[EMAIL PROTECTED]" Subject: Re: is there anyone migrating isdn backup to dsl b [7:58568] It sounds like DSL has a low mean time between failure (MTBF) but a high mean time to repair (MTTR), which can be just as bad, especially if it's your only backup. Of course, your mileage may vary (YMMV), depending on the service provider. Also, a service level agreement (SLA) would help, as Chuck mentions. Does that message set a record for the number of acronyms used? :-) Priscilla The Long and Winding Road wrote: > > ""Mirza, Timur"" wrote in > message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > we are looking to migrate isdn backup at our retail stores to > dsl...is > there > > anyone that has performed this already? > > > CL: having done a number of data networks that were DSL based ( > but none > migrating ISDN to DSL ) I can offer this consideration: if a > DSL link goes > down for whatever reason, it may take more than a couple of > days for your > telco to get it back up and working. You will want to have some > solid > service level agreements in place. DSL on the whole is > extremely reliable. > The problem tends to be during those rare instances when it is > down for > whatever reason, some telcos seem to have DSL repair low on > their priority > list. > > CL: other than that caviat, why not? > > > > > > Timur Mirza > > Principal Network Engineer > > Network Planning & Engineering, West Region > > 15505-B Sand Canyon Avenue > > Irvine, California 92618 > > Verizon Wireless > > 949.286.6623 (o) > > 949.697.7964 (c) > > Message Posted at: http://www?.groupstudy.com/form/read.php?f=7&i=58574&t=58568 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] [GroupStudy.com removed an attachment of type application/ms-tnef which had a name of winmail.dat] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58766&t=58568 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ONS 15454 Questions [7:55896]
Couple of notes from another 15454 user at the bottom of the email... Dre wrote: > Can it participate in an MPLS network? It probably will be able to someday. Give it about 10-20 years or so. > Does it support IP GRE, 802.1p, .q, DiffServ ? It will pass IEEE 802.1Q tagged frames. It cannot terminate or participate in negotiation of an IEEE 802.1Q or Cisco ISL trunk. So, no, not really. That stuff can pass through it, but it won't terminate or negotiate them. Make sense? Not a SONET transport engineer, and I don't play one on TV: The best way that I've found to describe the ONS platform is to call it a fairly smart but dumb L2 device. It's not a switch really. It can't really do trunking 'n such, but it does allow you to pass the tags through. It's not a router, so it isn't going to do GRE, DiffServe, routing, or act as an MPLS PE or P device. It's just a big freekin go fast box for moving voice and data. That's it. No L3, basic L2. If you want it to participate in an MPLS network, it will most likely be just the 'last mile' between your PE and the CPE. At 10Gig that's a fast mile. If you want something SONET and slightly smarter, look at the Coriolis boxes. Not a lot smarter, mind you... This stuff is generally designed to be big and dumb, reliable as all, and faster 'n snot. If you have access to PEC as a Cisco Partner, there is an excellent web based training session on the ONS15454 that will walk you through some of the basics, and point you in the direction of the rest. Bill [GroupStudy.com removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56059&t=55896 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FS IBM SX GBIC's work fine with Cisco 3500 series switches [7:54933]
I can vouch for the IBM GBICs working in the 3550 switches as well. TTFN, Bill -Original Message- From: Tim Medley [mailto:[EMAIL PROTECTED]] Sent: Saturday, October 05, 2002 7:26 AM To: [EMAIL PROTECTED] Subject: OT: FS IBM SX GBIC's work fine with Cisco 3500 series switches [7:54929] I have a bunch of IBM SX GBIC's for sale i anyone is interested for use in your labs. I have tested these in several 3500 XL series switches as well as in a 6500 and they work fine. Selling them for $25 each plus shipping. Simple inexpensive way to use Gig E in your home lab. I do not believe that these are on the approved Cisco third party GBIC list, so I wouldn't use them on a production network. Tim Tim Medley, CCNP+Voice, CCDP, CWNA Sr. Network Architect VoIP Group iReadyWorld [GroupStudy.com removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54933&t=54933 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VWIC 2MFT-T1 [7:54796]
I have been using VWIC-1MFT's and VWIC-2MFT's to connect in a data mode to WIC-1DSUs using a cross over T1 cable. When you do this, it is imperative to add the 'speed 64' portion of the channel-group if that is the base speed of the DS0. I am finding that in general, if I want something to work I shouldn't trust default settings :) TTFN, Bill Pearch, Anchorage -Original Message- From: Larry Perdue [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 03, 2002 7:14 AM To: [EMAIL PROTECTED] Subject: RE: VWIC 2MFT-T1 [7:54796] You need to use the "channel-group" command to create the serial interface, it doesn't do this automatically. Here is an example from one that I have done: controller T1 2/1 framing esf clock source internal linecode b8zs cablelength short 133 channel-group 0 timeslots 1-24 speed 64 In this case, the "channel-group" command creates a serial 2/1:0 interface that can then be given an IP address and used accordingly. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 03, 2002 9:42 AM To: [EMAIL PROTECTED] Subject:VWIC 2MFT-T1 [7:54796] Has any one configured a Data T1 on the following card (VWIC 2MFT-T1)? This is very different from what I've seen in the past... I've been looking on CCO for data configuration, but haven't found anything. They say it's possible. Cheers, mkj ~~~ Michael Jablonski ABN AMRO Asset Management Holdings, Inc. 161 North Clark St. 9th Flr Chicago, IL 60601-2468 PH: 312.884.2996 FAX: 312.278.5550 ~~~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54811&t=54796 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Which PIX to buy [7:52572]
Although I can't help with the leasing issue... If you really need speed and you are using the 6500's take a look at the new firewall blade. List is $43K a pop, but wow, talk about throughput (5 Gigs is the spec sheet.) Runs PIX OS, supports everything, yada, yada, yada, ymmv, vwpbl... Ok, so it's overkill for the proffered OC3 issue, but very, very cool and may fit in to what you want to do. I'll take two... TTFN, Bill -Original Message- From: John Chang [mailto:[EMAIL PROTECTED]] Sent: Monday, September 02, 2002 3:50 PM To: [EMAIL PROTECTED] Subject: Which PIX to buy [7:52572] I'm wondering which PIX I need. I need something that will work with OC12 155Mbps when saturated. Right now we have a T3 line and will eventually get an OC3. I would need redundant PIXs. Can anyone recommend a company that leases them? Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52588&t=52572 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: What I mean to Cisco [7:51492]
My post was meant to be light hearted, not a plea for help. I think it's obvious that the bot that responded to my email query is messed up. Once again- humor alert! :) I'm familiar with SMARTnet and the warranty process but thanks for asking- there might be some on the list that aren't. I'm still batting back and forth if I will Snet access devices that are under $1000 - right now I'm thinking that is a waste of money/time/effort. TTFN, Bill -Original Message- From: Turpin, Mark [mailto:[EMAIL PROTECTED]] Sent: Friday, August 16, 2002 5:48 AM To: [EMAIL PROTECTED] Subject: RE: What I mean to Cisco [7:51492] Bill, Do you have a SMARTnet contract for that 1710? Are you within the warranty period for support? If you're not familiar with SMARTnet take a moment to check it out: http://www.ciscomug.org/resources/files/cmugpresentation-20020206-smartn et.p pt After flipping through that presentation, are you still within the valid warranty period? If so, contact the TAC over the phone and tell them about the feelings you are having regarding their service. [EMAIL PROTECTED] != Cisco Customer Advocacy Representatives. If after going through those slides you realize you are outside your warranty, you should understand what's happening to you. It costs money to run a business. The pricing of their support is typically something I would not argue with. -Mark -Original Message- From: William Pearch [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 15, 2002 11:40 PM To: [EMAIL PROTECTED] Subject: OT:What I mean to Cisco [7:51492] I've got a poorly behaving 1710 router (reboots when you log out/TACACS issue) that I'm trying to get straight with the TAC and I received this; Dear $Customer$, Thank you for contacting Cisco's Technical Assistance Center(TAC). We have recieved your request I love it when I'm a double dollar sign to a company :) Bill Anchorage, AK [GroupStudy.com removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." [GroupStudy.com removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51510&t=51492 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT:What I mean to Cisco [7:51492]
I've got a poorly behaving 1710 router (reboots when you log out/TACACS issue) that I'm trying to get straight with the TAC and I received this; Dear $Customer$, Thank you for contacting Cisco's Technical Assistance Center(TAC). We have recieved your request I love it when I'm a double dollar sign to a company :) Bill Anchorage, AK [GroupStudy.com removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51492&t=51492 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: GBIC's - Cisco and otherwise [7:51148]
When I was learning a bit about SAN's and Fibre Channel, one of my instructors mentioned that there were only 3 manufacturers of GBICs (couple years ago, may have changed by now). I have put GBICs (no long haul stuff) obtained from Nortel, IBM, Compaq, Brocade, Cisco, and "unknown" into a 3500, a 2950, a Nortel 420, Dell and a couple others just to see if they would work. They did. Fibre Channel GBICs, GigE GBICs, all seemed to work just fine. I'll try it in a 3550 later this month, and it will probably seem to work just fine also. SEEMED to work just fine. I wouldn't do that on a production network, but on a 'oh s$!%' or a giggles and grin basis, yea - no worries. YMMV, VWPBL, OSTCAAT... TTFN, Bill Pearch, Anchorage -Original Message- From: Chuck's Long Road [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 10, 2002 9:27 AM To: [EMAIL PROTECTED] Subject: OT: GBIC's - Cisco and otherwise [7:51148] I took a bit of a risk, and purchased some GBIC;s off That Auction Site. Of the four, three are Cisco branded, and the fourth is labeled "Agilent" ( used to be HP ) I had done a bit of investigation prior to purchase. I see that the Auction Site has listings for Agilent, IBM, and Extreme GBIC's, as well as Cisco. However, I was unable to find any direct and clearly stated indication that all GBIC's are interchangeable. IBM and Agilent GBIC's cost few pretty pennies less than Cisco BTW, although I suspect now that the same source OEM's for all these manufacturers. So I paid my money, took my chance, and have an Agilent GBIC on one switch connected to a Cisco GBIC on another. No connectivity problems. Came right up. Is passing traffic even as I write. Thinking logically, why should GBIC's be any different that NIC's or patch cables, transceivers of various sorts and brands, or CSU/DSU's? They are all build to industry specifications and industry standards. They all do the same thing. Just thought I'd pass that along to those trying to stretch their practice lab or network upgrade dollars. [GroupStudy.com removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51285&t=51148 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: polycom Video Unit [7:49882]
The Polycom Viewstations and Via-Video units use unicast UDP (RTP) traffic for data streams and unicast TCP(RTCP) traffic for signaling and control. Part of the initialization process is an agreement on what codec's are going to be used. This negotiation process is different depending on if there is a gatekeeper involved in the conversation. The important thing to remember about a 323 MCU is that it is essentially a h.323 terminal. Any I-frames or K-frames that happen between a terminal and the MCU are between the terminal and the MCU - not between participants in the conference. There is an initialization process between each endpoint and the MCU that would handle things like data rate and terminal capabilities. I would refer you to a handful of whitepapers available on polycom's web site, especially the ones from PictureTel. http://www.polycom.com/resource_center/0,1408,997,00.html The old pictureTel whitepapers are much better written and easier to use than anything else I've found on h.323 so far. There is another excellent resource on the web/mail-list; the h323 forum. I don't recall the web site right now, do a google search I'm sure you will hit. TTFN, Bill 'VTC over IPSec' Pearch, Anchorage AK -Original Message- From: Michael L. Williams [mailto:[EMAIL PROTECTED]] Sent: Saturday, July 27, 2002 11:39 AM To: [EMAIL PROTECTED] Subject: Re: polycom Video Unit [7:49882] "John Neiberger" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I suppose it depends on the unit but ours mainly use unicast to the > Cisco MCU. As far as I know they use standard H.323. The downside if > you're using an MCU is that the PolyComm units have a lot of different > codecs available that might not be known by the MCU. For example, the > Cisco MCU can only do G.711 audio, but if you let two video units > speak directly to each other they use G.726 ( I think. Maybe it's > G.722?) and it sounds much > better. That brings up an interesting question tho unless the MCU is converting between codecs for end stations that might want to use different codecs, must the MCU "understand" the codec or would it simply act as a relay startion for that data. (i.e. if two end-stations are using a codec that they understand but the MCU doesn't, would it be a problem since the MCU would merely forward the "unknown" (to it) audio data to the other end station). The Cisco MCU supports many more codecs than G.711 including the popular G.729 codec (which gives roughly G.711 quality with an 8:1 compression). The G.722 (you were right.. it's G.722, not G.726) that covers from 50-6900Hz instead of 50-3900Hz as most narrowband codecs do. So if you're trying to play more high fidelity sound, you may want to use that. I haven't seen many units that support this codec though (but I have by no means seen tons of units, just a few). However, if the audio you're trasmitting is human speech, the G.722 isn't going to gain you much in terms of sound quality since it would be preserving an additional frequency range that's not used alot by human speech. Does anyone have any input or experience with how and/or when the MCU codec support comes into play? I would think that if the endpoints are at the same datarate and using the same audio/video codecs, the MCU would just be a bounce point and the actual codecs in the MCU wouldn't be utilized Just a theory tho.. Mike W. [GroupStudy.com removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49917&t=49882 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Opinions on 4000 -vs- 6500 [7:48467]
Be wary of Gig to the desktop in Windows boxes. In most cases, PC class (non-64/66 PCI) simply can't handle it. On top of that, as Howard mentioned, the server has to be a screamer or it won't be able to keep up with the GigE either. You can get better performance with a *nix box, but if it's Intel based, it will still (sweeping generality here) suffer throughput issues. A few notes from some GigE Windows work I've done in the past. Try to move big files rather than lots of little ones. Go for Jumbo Frames. TCP Window size is tuneable in W2K. Tune it. More Memory. On a Compaq DL380 I saw best performance/$ at about the 2GB RAM mark. 3GB of RAM was better, but only a skosh. Lots of cache, and LOTS of hard drives. It is better to have 20 18Gig drives than 10 36 Gig drives for SPEED. Spindles mean things. It may be a good time to think fibre channel. 64/66 minimum for your RAID controllers. PCI-X is even better. Don't bother with the built in RAID controllers in most servers - they are fairly lame. Pay attention to your cables. Bad fiber installs or so so copper will kill your performance. Sit back and enjoy the blinkie lights. TTFN, Bill Pearch, Anchorage AK -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 10, 2002 11:32 AM To: [EMAIL PROTECTED] Subject: RE: Opinions on 4000 -vs- 6500 [7:48467] At 12:02 PM + 7/10/02, [EMAIL PROTECTED] wrote: >Gig to the desktop would be overkill. You have to make a decision on >were to place your bottleneck, and adjust interface speed accordingly. > >We have a very similar setup with Cat 6000, Cat 4000, and Cat 3000's. >We determined that 100MP to the desktop would suffice any current >requirement. > From the application standpoint, this is a sort-of "it depends." Let me throw out some off-the-top-of-my-head examples. A digitized mammogram series is about 250 MBytes, or 2 Gbits. It contains several views, so the physician doesn't need it all at once. If the workstation has a fast local disk, you should be able to retrieve the set in about 20 seconds on FE. The image server may very well be the bottleneck. Once you have the set, flipping from image to image is a workstation limitation. But if you were going to do high-resolution imagery with motion (movie special effects, real-time cardiac MRI, etc.), you have to deliver frames fast enough to have smooth motion. Now, the physician is not apt to decide he or she is going to study the imagery with no warning, so scheduling an upload isn't all that unreasonable. If you did want RIGHT NOW full motion imagery, you very well might want GB or even faster to the workstation. That's going to mean a pretty powerful workstation! > >-Original Message- >From: Kim Graham [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, July 10, 2002 7:28 AM >To: [EMAIL PROTECTED] >Subject: Re: Opinions on 4000 -vs- 6500 [7:48467] > > >We currently have 4006's SupII in our closets and they have no trouble >handling the traffic (240 ports). If you want to go IOS you can move up to >the SupIII engine on this unit. They interface with our 6513's via gig >uplinks and to date we have not had any issues with the 4006's or the >gig uplinks. > >Personally I like them, but others may have varying opinions. > >Kim > > >> >> From: "Michael Williams" >> Date: 2002/07/10 Wed AM 12:41:15 EDT >> To: [EMAIL PROTECTED] >> Subject: Opinions on 4000 -vs- 6500 [7:48467] >> >> We are going to setup some closets in hospitals for radiology to >> transfer large images across. They want gig to the desktop If >> we have 20-30 computers/printers connected with Cat5E gig to a 4000 >> will that be too much? I'm thinking it won't overwhelm the >> backplane unless all devices >are >> cranking gig at once (which I've yet to hear of a PC or printer that >> can actually handle Gig .) >> >> What would be the best recommendation for Sups? Sup1, 2 or 3? We >> don't need L3 at that level as each 4000 would uplink (via Gig) to a >> 6500 for L3. >> >> We could do 6506 in the closet for the Cat5 gig modules are >> expensive and only have 16 ports per blade where the 4000 modules >> have 48 ports of 10/100/1000 for the Cat5 and are cheaper >> >> Thanks for any input >> >> Mike W. [GroupStudy.com removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48714&t=48467 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco Video Conferencing [7:48646]
If you are referring to the Cisco branded MCUs and h.323 Gatekeepers, yes - I use them. You can save a bit of cash in some cases by turning to the vendor of the hardware (Radvision) but the support for these products from Cisco has been first rate. The written documentation is a little slight on CCO, but generally useable. There are better and cheaper h.323 Gatekeepers than the Cisco IOS MCM - free323 comes to mind - and there is a h.323 proxy in beta that is also freeware. Scheduling software and billing software for the VTC 'stuff' is spendy. I believe one of our business units is looking seriously at Todd software for billing and scheduling so I should have a better grasp on how that is done in a month or two. To the individual products; The Cisco 3510 is fairly lame - so of course I have two of them in my network... :) A fixed config box that can handle up to about 4Mb of VTC traffic. It is "stackable" for aggregate horsepower, but there are cheaper ways to get the 'umph' you need than buying a bunch of 1U MCUs. The Cisco 3540 is a killer box that is scaleable and priced accordingly. It supports T.120 and can bridge (gateway, actually) to h.320 networks as well. If I were going to spend my money again, I'd get this box (or the RadVision original). One of the interesting thing about these boxes is that there really isn't a command line, exactly. You use the console port once - to set an IP address. After that, it's a Windows application to configure the rest. Warning about the 3510 - After just about any configuration change it reboots. The thing get's rebooted more than a Windows 95 box... If you have an interest in VTC, but don't want to bite off the 20-40K to get started with MultiPoint VTC, I can recommend Glowpoint/WireOne for a decent service provider in the lower 48. They even provide the VTC terminal equipment. Do the numbers based on your expected use - you may be supprised. One item about VTC/h.323 regardless of whose equipment you use: Get your QOS butt in order and give yourself about 20% overhead on the VTC. TTFN, Bill 'VTC over IPSEC' Pearch, Anchorage -Original Message- From: Johnson, Richard (NY Int) [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 11, 2002 6:48 PM To: [EMAIL PROTECTED] Subject: Cisco Video Conferencing [7:48646] Hi All, Is anyone out there currently using it? If so what are your opinions of it? Thanks Rich [GroupStudy.com removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48655&t=48646 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cryptography and frame-relay [7:46621]
For the medical traffic that we are throwing over frame, hospitals are choosing to IPSec encrypt more and more. Is it necessary? I think it will be due to HIPPA, but that may or may not play out long run. Will it protect your data? Only from people that have the ability to intercept C-band satalite or tap fiber and don't want to walk into the doctors office and just photocopy your records... :) Remember, End to End security doesn't stop at the routers. If your physical security measures are lax, and your security processes are non-existant, you are wasting your time in securing the transport between locations. Pick off the low hanging fruit first. TTFN, Bill -Original Message- From: Paulo Roque [mailto:[EMAIL PROTECTED]] Sent: Friday, June 14, 2002 11:23 AM To: [EMAIL PROTECTED] Subject: Cryptography and frame-relay [7:46621] Hi All, Is necessary to encrypt the comunication that goes over frame-relay links or the frame-relay virtual circuits (PVC/SVC) mechanisms are secure enough to protect my data? Thanks -- Eng. Paulo Roque Network Engineer Cisco Certified Network Associate [EMAIL PROTECTED] [GroupStudy.com removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46669&t=46621 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Cisco 3510 Configuration [7:46668]
I'm having some difficulty with one of my 3510 MCUs. It will allow a confrence to start with a service prefix but will not allow you to provide a confrence ID. I know this is a long shot, but anyone know much about the Cisco MCUs? Otherwise, it's off to the TAC on Monday... TTFN, Bill "h.323 is my life" Pearch, Anchorage AK Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46668&t=46668 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX VPN 'Understanding' [7:44158]
So I finnally have time to just try things. And what do I do? Try something that doesn't seem to work. I mirrored the configs from the CCO for a PIX to PIX to PIX IPSec fully meshed VPN. All seemed well, until I tried a h323 conversation between PC's behind different PIX's. This did not work. I don't understand why. Perhaps it is that I don't understand the PIX well enough to troubleshooot. ISAKMP SA's were created. Just the h.323 doesn't work. Idea's? The Cisco page in question is http://www.cisco.com/warp/public/110/pixmeshed.html Hardware used was Pix 501's with PIX OS 6.1. Polycom VTC gear and software on the Windows 2K PC's. Thanks for any enlightenment any of you may have on this one. Bill in Anchorage [GroupStudy.com removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44158&t=44158 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
SCEP - x.509 Certificates and IOS [7:43277]
Ok, so with all the 'gurus' out here, there must be someone that has done this before. I've gone through all the documentation I can find on Microsoft's web site and Cisco's web site looking for information on setting up a CA on Windows 2000 and having a Cisco router use SCEP to register for a certificate. I've loaded the SCEP plug in, upgraded the version to the most recent on the Windows box, but I'm still haveing troubles with registration. Using IOS 12.1(9)e on a 7206VXR and/or 12.2(4)YB on a 1760. After setting the hostname, domain name and creating the RSA keys on the router I do the following (config)#crypto ca identity YourCA (ca-identity)#enrollment url http://IP.ADD.RES.S:80/certsrv/mscep/mscep.dll (ca-identity)#enrollment mode ra (ca-identity)#query url ldap://IP.ADD.RES.S Then authenticate... all is well (config)#crypto ca authenticate YourCA I get the fingerprint, accept the cert. Then enrolling: (config)#crypto ca enroll YourCA Starts the enrollment, provide the challenge password for revocation purposesaccept the defaults for the certificate name, ect Fingerprint comes up like it should... then BAM! %CRYPTO-6-CERTREJECT message The microsoft cert server is set up as a stand alone root CA, and the web enrollment for certificates is working just fine(user type certs). Ideas? Thoughts? Thanks! Bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43277&t=43277 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FR SVCs [7:40893]
Has anyone worked with FR SVC's on 7200s and 1700's? Any known issues? Love it? Hate it? Wish it came is yellow? A coworker has opened a case with the TAC regarding configuring multiple FR SVCs on a single physical interface. I was wondering if anyone else has run into the same or similar issues. Thanks, Bill in AK [GroupStudy.com removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40893&t=40893 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: My interview story [7:40553]
When I moved back to Alaska from Omaha, I interviewed at a place that sent all of their candidates to a 'speciallist' who did personality tests. I responded well to the interview, but not the job offer. :) TTFN, Bill Pearch, GCI Telehealth Systems Manager Anchorge AK -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Friday, April 05, 2002 4:04 AM To: [EMAIL PROTECTED] Subject: Re: RE: My interview story [7:40553] That may be true, but it just sounds like something straight off the pages of Dilbert. :-) I know personally I wouldn't respond to such an interview well. If someone wants to test my creativity and troubleshooting, then they should mock up a lab and throw it at me. Perhaps that's because I'm not used to the idea of being psychologically tested during an interview. What's next, ink blot tests? Values clarification drills? Written personality tests? I can see it now: "We're sorry, you're an INTJ but we really want an ESTJ for this position." Okay, I've got to stop answering email this early. :-) John [GroupStudy.com removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40615&t=40553 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
1760s [7:39338]
Has anyone used the 1760 routers? Thoughts, comments, suggestions? TTFN, Bill in Anchorage [GroupStudy.com removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39338&t=39338 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Best CVoice on the west coast [7:37212]
I'm looking for information on training providers that do an excellent job of delivering the CVOICE class. I finally work for a company that wants to invest in my skill set! TIA, Bill Pearch, Anchorage AK Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37212&t=37212 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access List Builder [7:36015]
Funny you should ask - I was at a Cisco 'thang' today and Solsoft was demonstrating their Visual Security Policy Management product. As close as I can come to describing it is to call it Visual Basic for routers and VPNs. Kind of pricy - $15K for the small enterprise edition, but it will modify ALL the access lists to allow data flows. And other cool stuff. :) http://www.solsoft.com is the url. No financial relationship, never used the product, it just looks 'kewl'. TTFN, Bill -Original Message- From: Justin M. Clark [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 20, 2002 3:14 PM To: [EMAIL PROTECTED] Subject: Access List Builder [7:36015] Does anyone know of an application that will build an access list for you? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36019&t=36015 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
New config maker [7:35386]
Has anyone had difficulty with the new Config Maker (v2.6)? I tried downloading it tonight and the executable reports as being corrupted. Is it me? Do they hate me? :) TTFN, Bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35386&t=35386 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: hiding an computer ( ip address ) using access list [7:35008]
Chiming in on the machine based filtering - Windows 2K and XP have an IPSec filter that you can configure to drop, permit or negotiate security based on IP, DNS, ect. With a little creativity, you can configure the box so it can talk to the rest of the world, but the rest of the world can't initiate conversation with it. And - for your blessed few that are permitted to initiate traffic to the 'secret box' you can use certificates or preshared keys to negotiate security and allow communication. There are a few things that can't be secured with IPSec - IKE for example - but unless your goal is to completely hide the machine IPSec filters should do the trick. Frankly, I think IPSec in W2K rocks, but that's just me. And a nice host based IDS from Cisco, of course. ;) Yes, you could 'hide' the machine based on IP address and access lists, but this is (in my opinion) a very poor and not very secure design. TTFN, Bill Pearch, Anchorage AK -Original Message- From: Ken Diliberto [mailto:[EMAIL PROTECTED]] Sent: Saturday, February 09, 2002 2:31 PM To: [EMAIL PROTECTED] Subject: Re: hiding an computer ( ip address ) using access list [7:34991] Beth, My choice would be filtering on the machine. If you're using UNIX, there are several IP filtering (and free) products. You could also tailor the routing table in the machine to only allow it to find your other machine. Why tax the router? Ken >>> "beth" 02/09/02 04:01PM >>> I am adding a computer to my network that i do not want accessible via network to anyone but myself. Can someone suggest best ways to do this, is this possible on the router level via access list? [GroupStudy.com removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35008&t=35008 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]