RE: Basic IP CEF question (again) [7:75161]
Broadcast means everybody receives it. Curious wrote: Hi Zsombor, what do you mean?? Why the router has the broadcast IP in receive mode? I would like to know more about this ;) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75253t=75161 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Basic IP CEF question (again) [7:75161]
Well, the accurate answer is that those are the packets that the router wants to receive (as opposed to switch), but I didn't think that this would be a lot of help. :) You do recognize the common theme across own IP address and broadcast of local net, don't you? Thanks, Zsombor My comments: Hello Zsombor, I can see IP addresses that doesn't belong to the router, for example: Router#sh ip cef | include 10.224.0.51 10.224.0.51/32 receive But the IP address of the router in the subnet is: 10.224.0.49 The subnet is: 10.224.0.48/30 So the IP address 10.224.0.51 is the broadcast address of the router in the network, but not the IP owned by the router. What do you think?? Thx a lot. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75190t=75161 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: ??? Dumb Consultant ??? - Please Help [7:75213]
Netmasks don't generate traffic, hosts do. :) Thanks, Zsombor Steven Aiello wrote: Hello all, I need some folks with hopefully a CCIE to answer this question. If there is an un subnetted class A, and there are 25 or users on the network. would the fact that the network is unsubnetted cause a large load of network traffic? here is the reason and layout. Our company uses Xerox printers and they came with address 10.6.1.45 - 255.0.0.0 10.6.1.44 - 255.0.0.0 our clients are all on the same network using a DHCP pool of 10.6.1.100 - 10.6.1.150 even if there is broadcast it is one message across the network (lets say for Netbios name resolution) there is one broadcast not a unicast to 16,7xx,xxx some host. Only 25 hosts will answer correct? So how will a class A subnet mask cause this? Thanks for all input, please feel free to ramble, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75217t=75213 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Basic CEF question. [7:74962]
It means that's the router's own IP address. Thanks, Zsombor Curious wrote: Hello dear friends, I would like to know the meaning of the keyword receive that I can see when I execute a show ip cef command: For example: show ip cef Prefix Next Hop Interface 10.64.15.224/32 receive What means that the next-hop is receive. More details: ROUTER#sh ip route 10.64.15.224 Routing entry for 10.64.15.224/28 Known via connected, distance 0, metric 0 (connected, via interface) Redistributing via ospf 10 Advertised by ospf 10 subnets Routing Descriptor Blocks: * directly connected, via FastEthernet4/1/0.30 Route metric is 0, traffic share count is 1 Any comments?? Bye and Thx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74969t=74962 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: How can we eliminate the creation of summary r [7:74963]
no discard-route internal|external Thanks, Zsombor srk wrote: Hi all, Can some one explain, How can we eliminate the creation of summary route pointing to null0 when we summarize IA/other routes in OSPF? Thanks Solomon Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74970t=74963 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: route redistribution [7:74856]
That description on page 698 sounds like as if there was a thing called router between EIGRP and OSPF. In reality, the redistribution is handled by the (code that belongs to the) receiving protocol. Thanks, Zsombor John Jones wrote: I am studying for CCIE Written and lately have been concentrating on redistribution. I have come across two statements in Doyle's V.1 that I am a bit confused about. On page 698 under the Metric section, he states that a cost must be assigned to each EIGRP route **BEFORE** passing it into OSPF and vice versa. What confuses me is that on page 712 under Configuring Redistribution it states under #1 that the redistribution configuration command and information is placed on the protocol that is to **RECEIVE** the distibuted routes, which I assume will be applied **AFTER** the route has been received. This seems to contradict to me. Could anyone shed some light on this? It would help my understanding... Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74863t=74856 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: ??? Layer 2 routing ??? [7:74788]
Steven, as Fred and Brian alluded to, some of the Cisco routers use hardware acceleration to speed up the packet switching. I suspect however that your question was a more generic one, so I would suggest that you check this out: http://www.cisco.com/en/US/tech/tk827/tk831/technologies_white_paper09186a00800a62d9.shtml I will also note that understanding the place of MLS might be a bit difficult without knowning the (rather horrifying :) details of the Catalyst architecture and its development history. It might help maintain your mental balance if you first gain a good understanding of how a router is supposed to work, and only then take a look at what the Catalyst is doing. :))) Thanks, Zsombor Steven Aiello wrote: Ok all I have a question on this subject. I know routing takes place at the network layer, and switching takes place at the data link layer because it works based on physical addresses. So how do we get route switching? I've just started my CCNP and we were learning about different cache methods to speed up performance, is this how route switching is done, is the routing calculation be performed on a per packet basis? I was reading that by default, Cisco routers only perform a routing calculation on the first packet for a destination network and then on less the no route-cache option is set all the rest of the packets are really only switched to the correct interface. Am I missing something? I would invision that a router would by default perform a lookup for each connection sequence. does layer 3 routing not do a look up for each sequence of packet? Does is look at an address and use an old pre say route that was cached in memory? If some one can give a good explanation I would greatly appreciate it. Thanks, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74819t=74788 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: ??? Cisco Express Forwarding ??? [7:74794]
Just for the sake of clarity: cache in this context doesn't refer to a faster-than-usual memory. The route cache is in the exact same RAM as the routing table. For more details, see the documents Marko mentioned. Thanks, Zsombor Steven Aiello wrote: Another question, in CEF is the whole routing table held in a cache? If so what is the diffrence between this and the routing table held in RAM? Is the cache faster than the regular RAM in the router? Thanks, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74821t=74794 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: OT: Cable Lengths [7:74776]
The diameter of a 10Mbps Ethernet collision domain is much bigger than 100m (you can calculate it from the smallest allowed frame size, the transmission speed, and the signal propagation speed), so that limit is most definitely not based on collisions. Thanks, Zsombor [EMAIL PROTECTED] wrote: I have a question regarding the max length for a 100BaseT cable. Granted I haven't done a wealth of research on this so feel free to point me to google if the answer is mind numbingly simple, which it probably is I have always understood the 100M limitation on 10BaseT ethernet cable to be attributable to the time it would take a collision signal - assuming you are running at half duplex - to be returned in time to prevent the next packet from being sent. In other words any longer than 100M and the sending station would not get the message in time that there had been a collision and thus continue sending packets instead of backing off. I have heard attenuation mentioned, but not as the real reason for the distance limit. My question is given that many stations are running 100 full duplex these days - thus removing the collision concerns - does this effectively change the maximum distance for cable runs? Or is attenuation truly a factor in anything over 100M? In general I am referring to standard Cat5 cabling Just curious... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74833t=74776 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: IS-IS [7:74508]
I think Dom is referring to the adoption process, not the protocol definition/development. IS-IS was defined before OSPF, IMHO. On the other hand, I would be interested to hear why IS-IS was (is?) more scalable. In particular, what are those 3 largish tables and why would OSPF need to scale to multiple AS's? Thanks, Zsombor Reimer, Fred wrote: You wrote: A few years ago we were all (well some of us) scared about the scalability of OSPF - how much memory, processing power and how many AS's could it scale to. This is why IS-IS was looked at by tier 1 and 2 carriers. In those days, a 7206 with a 150MHz proc was common place, and we were running out of space for the 3 tables (largish) required and looking for something new. I'm a little confused by that. I always thought that IS-IS was old as dirt, and that OSPF was based on IS-IS. You make it sound like OSPF was around first, and that IS-IS was the something new that was designed due to OSPF's scalability issues. What is the correct order? Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Dom [mailto:[EMAIL PROTECTED] Sent: Monday, September 01, 2003 6:46 PM To: [EMAIL PROTECTED] Subject: RE: IS-IS [7:74508] the answer is simple and practical. What with the one day lab and the speed with which cheats get circulated, lab scenarios are revised much more often than they used to. Adding IS-IS allows for more permutations to add to the mix. Especially now that IGRP is no longer there. The proctors still need lots of ways to screw you with redistribution. IS-IS redfistribution gives them that in spades. ;- A few years ago we were all (well some of us) scared about the scalability of OSPF - how much memory, processing power and how many AS's could it scale to. This is why IS-IS was looked at by tier 1 and 2 carriers. In those days, a 7206 with a 150MHz proc was common place, and we were running out of space for the 3 tables (largish) required and looking for something new. Best regards, Dom Stocqueler SysDom Technologies Visit our website - www.sysdom.org **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74835t=74508 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: ospf type 5 lsas [7:74699]
Looks like you have two OSPF processes on the 7500. Typical case of less would be more... :) Thanks, Zsombor Thomas Salmen wrote: someone requested the configs; i'm sorry, i'm not sure who. and the links are numbered, btw. 7500: interface atm 0/1/0.101 ip address 192.168.10.1 255.255.255.252 ! ! router ospf 120 network 192.168.10.0 0.0.0.3 area 0 network 10.64.0.0 0.0.0.255 area 14 ! 2500: interface ethernet 0 ip address 172.16.10.5 255.255.255.252 ! interface serial 0/0.101 point-to-point ip address 192.168.10.2 255.255.255.252 ! ! router ospf 120 network 192.168.10.0 0.0.0.3 area 0 network 172.16.10.4 0.0.0.3 area 15 area 15 nssa no-summary ! the only other router in area 15 is at 172.16.10.6, and is configured as an nssa asbr. the 7500 has all the type 5 lsas in its database, but none entered in its route table. eg: 7500#show ip ospf database external 200.88.200.220 OSPF Router with ID (200.55.10.244) (Process ID 20) Type-5 AS External Link States LS age: 2576 Options: (No TOS-capability, DC) LS Type: AS External Link Link State ID: 200.88.200.220 (External Network Number ) Advertising Router: 200.27.100.154 LS Seq Number: 8008 Checksum: 0x1A8B Length: 36 Network Mask: /32 Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 2 Forward Address: 0.0.0.0 External Route Tag: 3221225472 7500#show ip route | include 200.88.200.220 7500# thomas - Original Message - From: Thomas Salmen To: [EMAIL PROTECTED] Sent: Tuesday, September 02, 2003 3:43 PM Subject: ospf type 5 lsas i have a problem with ospf that someone may be able to help with. i have a 2500 connected to a 7500 via a frame (2500 end) to atm (7500 end) link. the 2500 is an abr for area 15 (serial area 0, ethernet area 15); the 7500 is an abr for area 14 (atm area 0, other interfaces area 14). area 15 is configured as an nssa, as it is attached to another router which is redistributing static routes. area 14 is a standard ospf area, not stub or nssa. the 2500 (abr) is recieving type 7 lsas and converting them to type 5 and flooding them into area 0, no problems. the 7500 has them in its lsa database. the problem is that none of the type 5 lsas are being entered in the 7500s route table. i have run through everything i can think of, and i'm a bit stuck. the forwarding address of each lsa is 0.0.0.0. the network type is correct (ptp). the 7500 can reach the abr and the asbr. subnet masks are all correct. i'm not sure what to look for next... anyone? thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74751t=74699 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Amazing Spanning Tree [7:74594]
There could be hosts inbetween (think hub). Thanks, Zsombor Curious wrote: Hello friends, I want to thank every answer to this post. I knew that a port with spanning tree in blockin state has not any relation with being down, I was surprised with some answers. What surprised me, is that one port were in forwarding state and the port in front be in blocking state. For me, there is no sense in having one port in forwarding state when the port in front is in blocking state, why not both in blocking state?? I know that RFC's stablish the rules but I want to understand the sense. Thanks again!! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74672t=74594 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: IBGP and syn [7:74542]
What do 'show ip route ' and 'show ip bgp ' show? Thanks, Zsombor kaiser anwar wrote: Hi, I am getting ready to take my lab on my own. I have a practice lab I wanted to know what is the alternate to using the no sync command for ibgp to propagate in igp. My routes are showing up but they are not the best routes. Thanks Sincerely, Kiaser A Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74561t=74542 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Ping Reply (Packet Filtered) [7:74365]
'no ip unreachables' Thanks, Zsombor Eric W wrote: All I am still fairly new with ACL's. However I m interested in blocking ICMP to my network behind router A (Interface e0/1 = my network). But when a icmp request is issued from the outside the router replys with packet filtered from (interface e0/0 = outside network) ACL is applied on in coming traffic though e0/0. How do I get the router stop replying to the outside world (packet filtered). Regards, Eric Washington Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74374t=74365 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: access list question [7:74370]
I think it's the ICMP type/code. Thanks, Zsombor dave petit wrote: I have an access list (101) on my router that is tied to a cable modem network. The access list contains the following icmp deny statment. It seems to workok. The question is; what the heck does (3/13) mean in the log line?? Thanks!! from access-list 101: access-list 101 deny icmp any any redirect log from the log: list 101 denied icmp 10.132.224.1 - 68.33.134.253 (3/13), 1 packet --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.505 / Virus Database: 302 - Release Date: 7/30/2003 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74381t=74370 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: FXS Problem - Always getting a busy signal on [7:74294]
John wrote: Everyone, I have found the solution. It was to do with my phones. If you connect a non US phone to port 0 it wont work :) I might be reading this wrong, but IMHO this document says that port 1 won't work if you connect a US-style phone (or one that looks like that) to port 0. Not that you have to connect a US-style phone to port 0. Thanks, Zsombor Here is a url that might help anyone else in the future. http://www.cisco.com/en/US/tech/tk652/tk653/technologies_tech_note09186a0080094fac.shtml The information under Pinout Information Port 0 on a VIC-2FXS is designed to accommodate a US style 2-line phone, instead of the usual European style 1-line phone. This means that in addition to pins 3 and 4 being used, pins 2 and 5 are also monitored. With some phone handsets it is possible that pins 2 and 5 are wired up to allow last number re-call or call-forwarding. If this is the case, Port 0 on the VIC will assume you have a 2-line phone, and shutdown port 1. Hope this helps John Maria wrote in message news:[EMAIL PROTECTED] GDay Everyone, Just hoping you all may be able to shed some light onto this for me. This is the fist time I have tired to configure FXS ports and its proving to be getting the better of me. I have 2 routers (2610XM) connected together via a serial back to back. in each of these routers I have a VIC-2FXS card in each NM-2V module. I have followed a basic configuration and I get a dial tone in the ear handset but for the life of me I am continually getting a busy tone from each phone. When the phone is taken off hook I do get a green light on the vic. Below is the configuration Router A hostname Router-A voice-port 1/0/0 voice-port 1/0/1 dial-peer voice 1 pots destination-pattern port 1/0/0 dial-peer voice 2 voip destination-pattern session target ipv4:10.1.1.2 interface Serial0/0 ip address 10.1.1.1 255.255.255.0 no fair-queue Router B hostname Router-B voice-port 1/1/0 voice-port 1/1/1 dial-peer voice 1 pots destination-pattern port 1/1/0 dial-peer voice 2 voip destination-pattern session target ipv4:10.1.1.1 interface Serial0/0 ip address 10.1.1.2 255.255.255.0 no fair-queue clockrate 400 I can ping from either router the other router OK. Any thoughts would be of great advantage. Thanks for you assistance John **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74295t=74294 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Route Maps [7:74258]
First interface up will be used. Thanks, Zsombor Lipscombe Tim wrote: Given the following configuration, will traffic be load balannced between Serial 0 and Serial 1, or will Serial 0 be preferred, then Serial 1 Router(conf)#route-map test permit 10 Router(conf-route-map)#set default interface serial 0 serial 1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74281t=74258 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: GRE Tunnel Recursive Routing Error [7:74035]
r1 (bb2) learns the route to the destination of the GRE tunnel, 150.50.22.2, via that same GRE tunnel. Add a static route like this to r1's configuration: ip route 150.50.22.2 255.255.255.255 Ethernet0 As a side note, is this (GRE tunnel through the PIX) a good design from the security point of view? Thanks, Zsombor Dain Deutschman wrote: Hi all, I'm getting a recursive routing error when trying to tunnel with gre. r1-pix-r2 The error follows along with my configs and route tables. Thanks! 00:52:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down bb2# 00:53:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up 00:53:30: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routin g 00:53:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down 00:54:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up 00:54:40: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routin g bb2#wr t Building configuration... Current configuration : 913 bytes ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname bb2 ! ! ! ! ! ! ip subnet-zero ip domain-name hellocomputers.com ip name-server 4.1.1.1 ! ! ! ! ! ! interface Loopback0 ip address 112.112.112.112 255.255.255.0 ! interface Tunnel0 ip address 172.16.22.112 255.255.255.0 tunnel source 10.10.112.112 tunnel destination 150.50.22.2 ! interface Ethernet0 ip address 10.10.112.112 255.255.255.0 ! interface Serial0 no ip address shutdown no fair-queue ! interface Serial1 no ip address shutdown ! interface BRI0 no ip address shutdown isdn x25 static-tei 0 ! router eigrp 100 network 172.16.0.0 no auto-summary no eigrp log-neighbor-changes ! ip classless ip route 0.0.0.0 0.0.0.0 10.10.112.12 ip route 172.16.22.2 255.255.255.255 Ethernet0 ip http server ! ! alias exec c config t ! line con 0 line aux 0 line vty 0 4 login ! end bb2# r2#wr t Building configuration... Current configuration : 2557 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname r2 ! logging buffered 4096 debugging ! username all memory-size iomem 10 ip subnet-zero ! ! ip domain name hellocomputers.com ip name-server 4.1.1.1 ! ip audit notify log ip audit po max-events 100 ! ! ! key chain keyr2 key 1 key-string 7 151A0E000825 ! voice call carrier capacity active ! ! ! ! ! ! ! ! ! mta receive maximum-recipients 0 ! ! ! ! interface Loopback0 ip address 22.22.22.22 255.255.255.0 ! interface Tunnel0 ip address 172.16.22.2 255.255.255.0 tunnel source 150.50.22.2 tunnel destination 150.50.22.112 ! interface FastEthernet0/0 ip address 150.50.22.2 255.255.255.0 ip rip authentication mode md5 ip rip authentication key-chain keyr2 duplex auto speed auto ! interface Serial0/0 no ip address encapsulation frame-relay frame-relay lmi-type ansi ! interface Serial0/0.21 point-to-point ip address 150.50.12.2 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 04530E0A032E ip ospf network point-to-point frame-relay interface-dlci 121 ! interface Serial0/0.23 point-to-point ip address 150.50.23.2 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 130D121E0703 frame-relay interface-dlci 123 ! interface Serial0/0.24 point-to-point ip address 150.50.24.2 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 011B03085704 frame-relay interface-dlci 124 ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1 no ip address shutdown ! router eigrp 100 network 150.50.0.0 network 172.16.0.0 no auto-summary no eigrp log-neighbor-changes ! router ospf 100 router-id 22.22.22.22 log-adjacency-changes area 1 virtual-link 11.11.11.11 network 22.22.22.0 0.0.0.255 area 1 network 150.50.12.0 0.0.0.255 area 1 network 150.50.23.0 0.0.0.255 area 2 network 150.50.24.0 0.0.0.255 area 1 ! router rip version 2 passive-interface Serial0/0.21 passive-interface Serial0/0.23 passive-interface Serial0/0.24 network 150.50.0.0 neighbor 150.50.22.12 no auto-summary ! ip classless ip route 172.16.22.112 255.255.255.255 FastEthernet0/0 ip http server ip pim bidir-enable ! ! access-list 2 permit 112.112.112.112 access-list 2 permit 150.50.22.2 ! call rsvp-sync ! voice-port 1/0/0 ! voice-port 1/0/1 ! ! mgcp profile default ! dial-peer cor custom ! ! ! ! alias exec c config t ! line con 0 line aux 0 line vty 0 4 login ! ! end r2#sh ip route Gateway of last resort is 150.50.22.12 to network 0.0.0.0
RE: Matching Exp bits AND DSCP [7:74041]
class-map match-all? Thanks, Zsombor Muhtari Adanan wrote: Does anyone know if there is mechanism/ way of being able to simultaneouly match on mpls exp bits and DSCP on the input of an interface i.e. AND function rather than OR? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74048t=74041 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Quality of service for prioritizing Voice by l [7:74036]
Policying simply drops (or marks) the excess traffic, so it is not suprising that it didn't trigger the queueing mechanism. Traffic shaping does trigger queueing mechanism if the traffic exceeds the specified amount, but the type of queueing you can use with traffic shaping is limited. I think generic traffic shaping supports only WFQ, so again it is not suprising that your priority queueing didn't take effect. You could use Frame Relay traffic shaping with priority queueing, but if you had a serial interface to run FR over, then you could also set the clock rate low enough to make the interface really congested, so I guess this won't help much. There is also a thing called class-based traffic shaping, which is in effect traffic shaping inside CBWFQ. There you use a policy map to specify the bandwidth a certain traffic class is allowed to use, not the 'traffic-shape' command under the interface, and then (still from withing the policy map) you point to another policy map using the 'service-policy' command. I am not sure however if that is a good emulation of a real, congested interface. Thanks, Zsombor Vijayanand ballapuram wrote: Dear Members, I am new member of this group. If my below problem is outside the scope of this group, please suggest me a suitable group where I can post the same below proble. I am trying to give priority to voice over other traffic by setting up a below test bed in my lab. Explanation of my test bed : (voicereceiver/background receiver)-E0-Router- E1-(Voicegenerator/background generator) Voice receiver, Background receiver and router 1s EO interface forms one Ethernet segment. (Actually I am using three routers. But for easy debugging presently I am working with one router) Router 1s E1 interface, Voice generator and background traffic generator form other Ethernet LAN. I am limiting bandwidth of router E0 interface to 48kbps by below commands: *** I am sniffing at the interface E0 using Ethereal sniffer-protocol analyzer. But I am unable to get better results for voice application over background traffic. For both Testing without QoS and with QoS I am getting the same results. FOR EVERY VOICE PACKET I GET ONE BACKGROUND PACKET- SAME RESULTS FOR BOTH WITH AND WITHOUT QOS DEPLOYED *** The voice application is generating at 32 kbps with packet size frame size of 876 bytes. It uses UDP port no 60600. It uses TCP port# 8896 for connection activeness. I am using these details in my QoS configurations. For initial testing, I am also generating background traffic also with 32kbps rate and frame size of 876 bytes. Since total net traffic voice + background = 32 + 32 = 64 Kbps, so I am reducing the bandwidth of the interface using traffic shape and rate-limit commands. Router 1: Option 1: Conf t int e 0 rate-limit output 48000 6000 6000 conform-action transmit exceed-action drop Option 2: Conf t int e 0 traffic-shape rate 48000 6000 6000 1000 I think with the above configuration, all traffic above 48000 bps are dropped. So there are good chances that 24000 bps of both voice and data are sent, and remaining s 8000bps for both voice and background are dropped. So, therefore QoS does not come into picture because now total traffic is 48 but NOW actual interface bandwidth is 10 Mbps after the rate-limit or traffic-shape phase. IS THERE OTHER WAY TO REDUCE THE BANDWIDTH OF THE ETHERnet InTERFACE.? My router configs for Priority queuing and class based weighted fair queuing My Full router configuration: Policy : Priority Queuing ONE#show run Building configuration... Current configuration : 1279 bytes ! hostname ONE ! enable password cisco ! ip subnet-zero no ip domain-lookup ! ! ! ! ! interface Ethernet0 ip address 10.0.0.2 255.255.255.0 rate-limit output 48000 6000 6000 conform-action transmit exceed-action drop priority-group 1 ! interface Ethernet1 ip address 10.10.0.1 255.255.255.0 ! ! ip classless ip route 10.20.0.0 255.255.255.0 10.10.0.2 ip route 10.30.0.0 255.255.255.0 10.10.0.2 no ip http server ip pim bidir-enable ! priority-list 1 protocol ip high tcp 8896 priority-list 1 protocol ip high udp 60600 no cdp run ! ! line con 0 escape-character BREAK line aux 0 line vty 0 4 no login ! end +++ CLASS BASED WEIGTED FAIR QUEUING ONE#show run Building configuration... Current configuration : 1279 bytes ! hostname ONE ! enable password cisco ! ip subnet-zero no ip domain-lookup ! ! class-map match-all voice match access-group 101 ! ! policy-map catalyst class voice priority 36 class class-default fair-queue 16 ! ! ! ! interface Ethernet0 ip address 10.0.0.2 255.255.255.0 rate-limit output 48000 6000 6000 conform-action transmit exceed-action drop service-policy output catalyst ! interface Ethernet1 ip address 10.10.0.1
RE: hsrp default route in ospf [7:74017]
Because the HSRP virtual IP address is used only by the directly connected hosts (as a gateway), not by the remote devices that learn the routes via OSPF. Thanks, Zsombor Robert Kimble wrote: Why would that not make sense? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74025t=74017 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: multiple ospf processes route insertion [7:73727]
The process with the lower administrative distance will install the prefix into the routing table. If the administrative distances are the same (and they are by default), then the process that comes first will install the route. In other words, it is not deterministic unless you change the default admin distance. What are you trying to achieve with these ~3 OSPF routing processes? Thanks, Zsombor p b wrote: I'm considering a routing architecture where devices in the network would run ~3 OSPF routing processes. I think each routing process will be handling the routing of non-overlapping address blocks and thus the routes they give to the forwarding table should be disjoint. However, I'd like to understand what happens if two processes each were to provide the same prefix to the forwarding table. Specifically, what are the rules to determine which prefix is put into the routing table? Also be interested in any learnings folks might have had when they've run multiple OSPF processes. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73741t=73727 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: OSPF DR and BDR elections [7:73504]
The DR is not chosen from the remaining list. The DR is chosen from the list of routers that declared themselves designated routers (this is why a high-priority router that comes up late won't take over the DR role from an existing DR), or if no router declared itself DR, then the BDR will become DR (this is why a high-priority router that came up late won't necessarily become DR even if the existing DR dies). See RFC2328, Page 75 for more details. Thanks, Zsombor DeVoe, Charles (PKI) wrote: I am reading the CCNP/CCIP BSCI Study Guide by Todd Lammle from Sybex. In the OSPF section under the discussion of DR and BDR (page 171) he says that the BDR is chosen first and that the DR is chosen from the reaming list. That seems illogical and backwards. Can someone please confirm or deny and explain it. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73524t=73504 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: multiple ospf processes route insertion [7:73727]
So you want to solve a traffic engineering problem with MPLS/TE, huh? How boring... :) Howard C. Berkowitz wrote: I freely admit that I've lost the sense of the problem that actually needs to be solved, with all the discussion of the various tables. Before my brain started to reboot, however, it sounded like it was a traffic engineering problem. Has anyone looked at the OSPF Traffic Engineering extensions here? Also, I got an impression that people didn't want to use MPLS for a TE problem. Why? That's essentially what it's for. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73938t=73727 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: multiple ospf processes route insertion [7:73727]
Jason J wrote: well, in my thoughts, there is no loading balance in ospf. There is, just not between processes. it will choose only one route and put it into its ospf routing table. also i got a case: when there is a route from EBGP peer which is 192.168.0.0/19 and also a route comes from static input which is 192.168.0.0/18, which one do you think the router will pick ?? the answer is : the route from EBGP! The answer is both routes will be in the routing table and it depends on the destination address of the packet which one will be used for forwarding. Obviously, you can't forward a packet to 192.168.32.x based on a route to 192.168.0.0/19. Thanks, Zsombor Jason G.F CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73781t=73727 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: multiple ospf processes route insertion [7:73727]
is that the end-points generating traffic to destinations in C will want to know when C is unavailable via I2. They'll want to know this so they can stop generating traffic or leverage some higher level (service specific) mechanism to address the failure. Running BGP as the IGP might work, but I'm not sure. I think it might need to operate in iBGP mode and I think it would require lots of policy filters on all outgoing advertisements and would probably require setting the next hop at each router. These are both typically not done when operating in iBGP mode. Further, I think one would lose the concept of IGP cost; the iBGP mechanism might allow one to construct a path between two end-points which satisfies the service policy, but if multiple paths exist, the concept of link cost would not be available.I guess running eBGP as the IGP could also work, but now we're talking configuring a unique AS for each router (which doesn't scale). One could see the path selected through the network via the AS_PATH attribute, but there still would be no concept of IGP cost. I've not come up with a way to solve this without moving to a model where theres an IGP and thus SPT for each service, which implies multiple OSPF processes. But I'm interested in other thoughts or options on this... Zsombor Papp wrote: Since you say you want to run one OSPF process for each traffic type, I assume the type of the traffic is defined by destination IP address. If this is not correct, then I would be curious to know what a traffic type is and how you will associate a traffic type with an OSPF process. If however my assumption is correct, then I can see several ways to solve the problem you cited as an example, with BGP or with a single OSPF process. Let me restate the problem for N=1: suppose there are 3 routers, R1, R2, R3, connected in a triangle. Both traffic A and B usually go directly from R1 to R2, but when that link fails, traffic A should go from R1 to R3 to R2, and traffic B should be dropped at R1. Solution with BGP: run BGP between R1-R2 and R1-R3, make the routes coming from R2 preferred, and filter out the routes corresponding to traffic B from the advertisements R3 sends to R1. Solution with single OSPF process: configure an access list on the link between R1-R3 that drops traffic B. :) Of course I might be missing something, so feel free to point out why these wouldn't work in your case. Thanks, Zsombor p b wrote: Using multiple processes might provide a way to implement policy at the link level. Typically, when one thinks of policy, one thinks of BGP. But what if your policy requires the ability to control what traffic can or can't go over a particular link? For example, consider two routers, that are interconnected by a direct link and a N-hop L3 path. Suppose traffic types A and B should typically go over the direct link but, if the direct link fails, traffic type A should be routed over the N-hop L3 path and traffic type B should not be forwarded. I don't believe there's a way to get this level of policy from a single OSPF process or a single OSPF process coupled with BGP. However, if you run multiple OSPF processes, say one for each interesting traffic type, and if you use BGP to set a network's next-hop to match the right OSPF RID, and for each link define a sub-interface (or not) for each OSPF process, then I think the above routing requirements might be supported. MPLS might work here, but I'm not sure. Suppose you have certain types of traffic that Zsombor Papp wrote: What are you trying to achieve with these ~3 OSPF routing processes? Thanks, Zsombor p b wrote: I'm considering a routing architecture where devices in the network would run ~3 OSPF routing processes. I think each routing process will be handling the routing of non-overlapping address blocks and thus the routes they give to the forwarding table should be disjoint. However, I'd like to understand what happens if two processes each were to provide the same prefix to the forwarding table. Specifically, what are the rules to determine which prefix is put into the routing table? Also be interested in any learnings folks might have had when they've run multiple OSPF processes. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73816t=73727 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Distribution Router and OSPF [7:73933]
One concern would be that area 50 will be separated from the rest of the network if any one of R1, R2, or the link between R1-R2 fails. This is not related to R2 being or not being connected to area 0 though. Thanks, Zsombor alaerte Vidali wrote: R1 is a ABR router; it connects to the backbone area and to area 50. R2 is a distribution router connected to router R1 through area 50. R2 connects to 4 other routers in area 50. I am wondering if there are concerns about R2 being a distribution router without connecting to area 0. area 0 (R1)--area 50 ---(R2)--area 50(R3,R4,R5,R6) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73939t=73933 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: multiple ospf processes route insertion [7:73727]
OSPF process is a per-router thing. You can have two processes on one router talking to a single process on another router (over two separate links), for example. Thanks, Zsombor Jason J wrote: Dear Zsombor: You can't put the same interface into multiple OSPF processes but that doesn't mean that the two processes can't learn about the same network. if you can't learn put one interface into multiple OSPF processes, then except you redistribute the direct donnected and static, how could they learn the same address ,learn from each other? i think the same condition exist on other routes ,how could a network link's status be share with other ospf process without put the sme interface into multiple OSPF processes? best regards Jason J CCNP P.R.C Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73817t=73727 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: 3500XL - duplicate IP and Windows NT/2000 ser [7:73868]
There are duplicate IP addresses, not duplicate MACs. And all the duplicate IP addresses come from the same MAC address, as if a single machine had suddenly all the IP addresses configured on the same interface. I don't see how this can be attributed to a L2 loop. Firesox, what is this phantom MAC address? Thanks, Zsombor Tom Martin wrote: As far as the duplicate MACs go, it sounds like you have a layer-2 loop. Especially considering that all of your servers are experiencing the problem. When they ARP to verify that no other station has their IP, they see their own ARP and assume that another station is doing the same thing. Layer-2 Loops will also cause MACs to appear to be sourced from different switches in the network. Is STP enabled everywhere? Mismatched channelling will also cause the same behavior. Firesox wrote: I have a bunch of 3500XL switches thruout my customer's lan. They are having a problem with unknown mac keep appearing and disappearing from the network. I can trace the mac-address of the unknown station by show mac from the swtich CLI. What's strange is that it appears at one switch, but a minute later it appears in the different switch. what's even more strange is that all NT/2000 servers log shows there is an IP conflict with this mac address. Of course, the servers IP function stops due to this duplicate IP, but comes back in a few minutes. All the servers report the duplicate IP comes from the same mac address. Has anyone seen this problem? Thanks **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73904t=73868 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: multiple ospf processes route insertion [7:73727]
What is advertising router and what are those same prefixes? And where does it learn them from? Otherwise it's clear... :) Thanks, Zsombor amer kulaif wrote: hi guys, how about if the advertising router has received an update to one of those same prefixes, how does it know which is which. thanx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73905t=73727 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Back to Back Routers [7:73897]
What kind of fiber connection is coming in on the e0 of the 1601? How are you measuring that 1.6Mbps throughput? Bandwidth command doesn't influence interface speed. Clockrate does, but you have that set to 400 in the config below. That should translate to roughly 4Mbps. It might happen though that the serial cable can't support that high speed. Do you see any errors on the serial interface? Or lot's of collisions on the Ethernet interfaces? Thanks, Zsombor Paul Carter wrote: I have a 1601 router and a 2509 to practice with. I've connected them with a DCE/DTE cable off the s0 ports on each router and set a clock rate on the DCE end, the 1601. On Sundays I can use a fiber connection with this setup. I have this coming in the e0 on the 1601. The E0 on the 2509 is crossover cabled to a PC. 10Mbps in at switch(10.140.240.1/30) --- (10.140.240.2/30) e0-1601 / s0-1601(172.16.96.1/30) --- (172.16.96.2/30)s0-2509 / e0-2509(10.140.240.161/27) (10.140.240.162/27)PC 10.140.240.160 is my inside network My problem seems to be a lack of bandwidth to the PC end. At speed test sites on the net I'm only getting about 1.6 Mbps. I think I may be bottlenecked somewhere in the router back to back setup. The configs are close to what they were originally set up as to keep my boss happy in case he needs one in a hurry. I've changed the addresses to similar types of networks but private numbers. The ethernet ports are ARPA and the serial ports HDLC. I've set bandwidth to 1Kbps at each port. I originally had the clock rate at 64000 but didn't know if that was a bottleneck. -- Router1601#sh run Current configuration: ! version 11.2(not enough memory to upgrade) service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption no service udp-small-servers no service tcp-small-servers ! hostname 1601 ! boot system flash enable secret 5 enable password 7 ! ip subnet-zero clock timezone PST -8 clock summer-time pdt recurring ! interface Ethernet0 description E0 10Mbps connection to Fiber ip address 10.140.240.2 255.255.255.252 media-type 10BaseT no cdp enable ! interface Serial0 description S0 to 2509 S0 ip address 172.16.96.1 255.255.255.252 bandwidth 1 clockrate 400 ! no ip classless ip route 0.0.0.0 0.0.0.0 64.240.140.1 ip route 10.140.240.160 255.255.255.224 172.16.96.2 logging buffered 4096 debugging snmp-server community RO ! snip Banner stuff ! end Router2509#sh run Current configuration : 2227 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service udp-small-servers service tcp-small-servers ! hostname Router2509 ! boot system flash enable password 7 ! ! clock timezone PST -8 clock summer-time pdt recurring ip subnet-zero ! interface Ethernet0 description to LAN ip address 10.140.240.161 255.255.255.224 ! interface Serial0 bandwidth 1 ip address 172.16.96.2 255.255.255.252 no fair-queue ! interface Serial1 no ip address shutdown ! no ip classless ip route 0.0.0.0 0.0.0.0 172.16.96.1 ip route 10.140.240.160 255.255.255.224 10.140.240.162 no ip http server ! end Any ideas? PC Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73902t=73897 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: multiple ospf processes route insertion [7:73727]
Since you say you want to run one OSPF process for each traffic type, I assume the type of the traffic is defined by destination IP address. If this is not correct, then I would be curious to know what a traffic type is and how you will associate a traffic type with an OSPF process. If however my assumption is correct, then I can see several ways to solve the problem you cited as an example, with BGP or with a single OSPF process. Let me restate the problem for N=1: suppose there are 3 routers, R1, R2, R3, connected in a triangle. Both traffic A and B usually go directly from R1 to R2, but when that link fails, traffic A should go from R1 to R3 to R2, and traffic B should be dropped at R1. Solution with BGP: run BGP between R1-R2 and R1-R3, make the routes coming from R2 preferred, and filter out the routes corresponding to traffic B from the advertisements R3 sends to R1. Solution with single OSPF process: configure an access list on the link between R1-R3 that drops traffic B. :) Of course I might be missing something, so feel free to point out why these wouldn't work in your case. Thanks, Zsombor p b wrote: Using multiple processes might provide a way to implement policy at the link level. Typically, when one thinks of policy, one thinks of BGP. But what if your policy requires the ability to control what traffic can or can't go over a particular link? For example, consider two routers, that are interconnected by a direct link and a N-hop L3 path. Suppose traffic types A and B should typically go over the direct link but, if the direct link fails, traffic type A should be routed over the N-hop L3 path and traffic type B should not be forwarded. I don't believe there's a way to get this level of policy from a single OSPF process or a single OSPF process coupled with BGP. However, if you run multiple OSPF processes, say one for each interesting traffic type, and if you use BGP to set a network's next-hop to match the right OSPF RID, and for each link define a sub-interface (or not) for each OSPF process, then I think the above routing requirements might be supported. MPLS might work here, but I'm not sure. Suppose you have certain types of traffic that Zsombor Papp wrote: What are you trying to achieve with these ~3 OSPF routing processes? Thanks, Zsombor p b wrote: I'm considering a routing architecture where devices in the network would run ~3 OSPF routing processes. I think each routing process will be handling the routing of non-overlapping address blocks and thus the routes they give to the forwarding table should be disjoint. However, I'd like to understand what happens if two processes each were to provide the same prefix to the forwarding table. Specifically, what are the rules to determine which prefix is put into the routing table? Also be interested in any learnings folks might have had when they've run multiple OSPF processes. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73794t=73727 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: multiple ospf processes route insertion [7:73727]
Jason J wrote: Fred is right all routes from different routing protocals will be put into route table ,but!! even if they are the same ! Would be surprising. IMHO one route (meaning a prefix+mask combo) can be installed only by one routing process. Can you post some 'show ip route' output that shows otherwise? and what i mean in the last article is the ospf routing table, not route table.even there can be more same network link in its ospf database. the router will choose which protocol's route/routes to use. but i do not think the same ospf process will load balanc inside it. So what do you suppose would happen if there are multiple equal cost routes to the same destination? Every reasonable routing protocol can do load-balancing, I am surprised that anyone would doubt that OSPF can do it, too. what if the EIGRP load balance,but the router decide to use the static or ospf route ?? If the router decided to use the static or OSPF route, then obviously the EIGRP route(s) won't play any role. and what if different ospf processes learn the same routes to the same destination i mean what the router will do then??(the concrete operations) See my first post in this thread. what will the IOS do ? maybe at the time when we start the OSPF processes it will not permit us to overlap the same network address at all !! i am not sure about that. You can't put the same interface into multiple OSPF processes but that doesn't mean that the two processes can't learn about the same network. Thanks, Zsombor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73787t=73727 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: OSPF summary address with Null 0 [7:73500]
OSPF installs that summary route pointing to Null0 automatically. Thanks, Zsombor Shab Hanon wrote: Hi everybody The case .. OSPF summary address with Null 0 In all the case studies for CCIE R S we told don't use static routes! . While we need to have a static route to Null 0 with address summarization. Page 548 Routing TCP/IP Vol. 1 The catch J What we do? What is the best? Any idea??? Cheers, Shab. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73519t=73500 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: OSPF DR and BDR elections [7:73504]
I wonder what the logic for that is. I wonder, too. :) Without answering your question, I would like to point out though that the moment for which there is BDR but no DR is *really* brief. The election process is not something that the routers need to discuss among themselves; every router elects the DR/BDR independently. This is a point that folks miss sometimes. So if there is no DR, then the router that eventually becomes the DR will know *immediately* that it needs to be the DR, because the DR selection is just a function call away from the BDR selection. It's not like the routers have a chit-chat to discuss who will be the BDR, and then they have a rest, and subsequently they discuss who will be the DR... :) In other words, there is no OSPF information exchange between the routers during the process described on Page 75 in RFC2328. Another slightly related thing is that, in the scenario you described below, ie. when all the routers on the same segment are booting up at the same time, then for a relatively long time (ie. the Dead interval) all of them will go into a Waiting state so there won't be any election process for long-long seconds to start with. Compared to this, I guess it is pretty insignificant whether the election process selects the DR a few microseconds sooner or later. Thanks, Zsombor DeVoe, Charles (PKI) wrote: That is the point I needed clarification on. Just seemed odd that the DR would not be established first, followed by the BDR. For a brief moment when the routers are first started, there is no DR, but there is a BDR. I wonder what the logic for that is. -Original Message- From: Zsombor Papp [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 8:20 PM To: [EMAIL PROTECTED] Subject: RE: OSPF DR and BDR elections [7:73504] Technically, the BDR is elected first. If no router is claiming to be a DR, then the BDR will be immediately promoted to DR. Nonetheless, the end result is pretty much what the web page referenced below describes. Thanks, Zsombor mccloud mike wrote: The DR is elected first by highest priority, the tie breaker is highest RID. Then the process is repeated for the BDR. http://www.cisco.com/warp/customer/104/2.html#10.1 My understanding is that if the DR goes down then the BDR is promoted to DR and an election is held for the new BDR. This means that when the original DR comes back up it can not become DR until both of the current DR and BDR go offline. Cheers, Mike DeVoe, Charles (PKI) wrote: If I am understanding this correctly. There are no routers up in the network. I turn on 3 routers simultaneously at the same time. The routers will first select the BDR. They will then look for the DR. Since none exist, the BDR will be promoted to DR. Then another election will be held to find a new BDR. Is this correct? -Original Message- From: Zsombor Papp [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 11:01 AM To: [EMAIL PROTECTED] Subject: RE: OSPF DR and BDR elections [7:73504] The DR is not chosen from the remaining list. The DR is chosen from the list of routers that declared themselves designated routers (this is why a high-priority router that comes up late won't take over the DR role from an existing DR), or if no router declared itself DR, then the BDR will become DR (this is why a high-priority router that came up late won't necessarily become DR even if the existing DR dies). See RFC2328, Page 75 for more details. Thanks, Zsombor DeVoe, Charles (PKI) wrote: I am reading the CCNP/CCIP BSCI Study Guide by Todd Lammle from Sybex. In the OSPF section under the discussion of DR and BDR (page 171) he says that the BDR is chosen first and that the DR is chosen from the reaming list. That seems illogical and backwards. Can someone please confirm or deny and explain it. Thanks **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73615t=73504 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: multiple ospf processes route insertion [7:73727]
I assume you meant R4 not R1 here: Assume that R1 is connected to another cloud of routers and that traffic to networks A, B, and C will originate from this other cloud. And you didn't say what should happen if both the R1-R2-R3-R4 and R1-R7-R6-R5-R4 path are unavailable, so I will assume only traffic B and C are supposed to go through via the R1-R4 link. (Though it wouldn't make a big difference if traffic A needed to go through there, too.) I am also a bit uncertain why the routing requirements are stated from R1's perspective, if they refer to the traffic that goes *to* R1. I'll assume this is just an oversight and you are not interested in how traffic *from* R1 will be routed. Having said that, my suggestion would be to run eBGP between - R4-R1 and filter out network A and increase the weight of network B, - R4-R3 and filter out network C, and - R4-R5 and filter out network C. R4 should run OSPF only on the interface towards the cloud, ie. R4 would talk only BGP towards R1, R3 and R5, and you would redistribute BGP into OSPF on R4. R3 and R5 could learn A, B and C via OSPF, I don't see why they would have to run BGP towards R1/R2/R6 (but they can if you want that). I think the above description pretty much nails down the configuration. If you really want specific configs, then tell me which part you are not clear about. Thanks, Zsombor p b wrote: Lets go down another layer in your proposed BGP solution. The core topology will be along the lines of 5-10 routers in a ring. Lets say 7 routers, R1, R2, R3, R4, R5, R6 and R7 are connected in a p2p ring topology. Assume that there's one or more direct connections between R1 and R4. R4 has 3 other interfaces for networks A, B, and C. Each is a different service. Assume that R1 is connected to another cloud of routers and that traffic to networks A, B, and C will originate from this other cloud. The service routing requirements are as follows (from R1's perspective): * traffic to A should go follow the R1-R2-R3-R4 and/or the R1-R7-R6-R5-R4 path. * traffic to B and C should follow the R1-R4 path * when the link between R1 and R4 fails, B should be routed over the R1-R2-R3-R4 and/or R1-R7-R6-R5-R4 path. Traffic to C should stop. Provide some sample configs snipets for R1, R4 and an intermediate router which demonstrates how the proposed BGP solution would support the policy requirements. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73849t=73727 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: c4224 problems [7:73517]
I have never seen a c4224, but this sounds like the config register is not set properly (see also password recovery). Thanks, Zsombor Robert Kimble wrote: I know these are discontinued and I would do well not to use them, but The company I work for has 3 of them laying around and they want me to build a test network using them. I've been playing around with one and I can't seem to save the running config?! I've read the software config documents on cisco.com and tried both copy run start and write mem. Both say they are building the config and then [ok]. c4224#copy run start Destination filename [startup-config]? Building configuration... [OK] c4224# (then just for the heck of it): c4224#write mem Building configuration... [OK] c4224# Now if I reload or power cycle the c4224 it doesn't save the config. It just askes me if I want the initial config dialog and the prompt goes back to gateway. Also, when I create vlans they don't show up in the show vlan command. But that's another issue I guess. Any way, has anyone else had problems saving their configs on a c4224? -Bobby Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73529t=73517 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: OSPF summary address with Null 0 [7:73500]
Shab Hanon wrote: Can any one tell us how to block a default route? it is easy to block other routes by using ACL with distribution-list But how to remove the default route which is being advertised by default-information originate always command. 'no default-information originate always' :) Once it is in the OSPF database, you can't take it out. This is the same for other routes as well, btw, so I am not quite sure I understand why you say it's easy to block other routes. Thanks, Zsombor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73556t=73500 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: ip helper address [7:73533]
The one closest to the host. Thanks, Zsombor Janik James wrote: Assume that you have a two routers between your host and dhcp server. This means that you have a 4 interfaces you cna put ip helper-address on. On which interface(s) you will put the above command. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73534t=73533 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: OSPF DR and BDR elections [7:73504]
Technically, the BDR is elected first. If no router is claiming to be a DR, then the BDR will be immediately promoted to DR. Nonetheless, the end result is pretty much what the web page referenced below describes. Thanks, Zsombor mccloud mike wrote: The DR is elected first by highest priority, the tie breaker is highest RID. Then the process is repeated for the BDR. http://www.cisco.com/warp/customer/104/2.html#10.1 My understanding is that if the DR goes down then the BDR is promoted to DR and an election is held for the new BDR. This means that when the original DR comes back up it can not become DR until both of the current DR and BDR go offline. Cheers, Mike DeVoe, Charles (PKI) wrote: If I am understanding this correctly. There are no routers up in the network. I turn on 3 routers simultaneously at the same time. The routers will first select the BDR. They will then look for the DR. Since none exist, the BDR will be promoted to DR. Then another election will be held to find a new BDR. Is this correct? -Original Message- From: Zsombor Papp [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 11:01 AM To: [EMAIL PROTECTED] Subject: RE: OSPF DR and BDR elections [7:73504] The DR is not chosen from the remaining list. The DR is chosen from the list of routers that declared themselves designated routers (this is why a high-priority router that comes up late won't take over the DR role from an existing DR), or if no router declared itself DR, then the BDR will become DR (this is why a high-priority router that came up late won't necessarily become DR even if the existing DR dies). See RFC2328, Page 75 for more details. Thanks, Zsombor DeVoe, Charles (PKI) wrote: I am reading the CCNP/CCIP BSCI Study Guide by Todd Lammle from Sybex. In the OSPF section under the discussion of DR and BDR (page 171) he says that the BDR is chosen first and that the DR is chosen from the reaming list. That seems illogical and backwards. Can someone please confirm or deny and explain it. Thanks **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73575t=73504 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Frame Relay Design Consideration (P2P or P2Mul [7:73431]
Howard C. Berkowitz wrote: When you consider interface buffers are allocated to each subinterface Which command displays information about the buffers allocated to the subinterfaces? XXX#sh ip int br | inc Serial Serial4/0 unassigned YES manual up up Serial4/0.3172.168.1.1 YES manual up up Serial4/0.4172.168.1.5 YES manual up up Serial4/1 unassigned YES manual administratively down down Serial4/2 unassigned YES manual administratively down down Serial4/3 unassigned YES manual administratively down down XXX#sh buffer | inc Serial Serial4/0 buffers, 512 bytes (total 96, permanent 96): Serial4/1 buffers, 512 bytes (total 96, permanent 96): Serial4/2 buffers, 512 bytes (total 96, permanent 96): Serial4/3 buffers, 512 bytes (total 96, permanent 96): XXX# Thanks, Zsombor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73432t=73431 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: H e l p .... [7:73412]
Or try Wordpad. Thanks, Zsombor Reimer, Fred wrote: Go to www.vim.org and download gvim. Probably the best text editor out there. You are likely running into the CR/LF LF issues, which gvim handles nicely. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Shab Hanon [mailto:[EMAIL PROTECTED] Sent: Sunday, August 03, 2003 6:12 AM To: [EMAIL PROTECTED] Subject: Re: H e l p [7:73412] Hi, It will open but I cannot read any thing out of it using Notepad... the out put looks something different from what I see in the router. I hear from a friend it must be opened via Unix editor for windows. And I am looking for that kind of editor. Cheers, Shab. Zsombor Papp wrote in message news:[EMAIL PROTECTED] I often use Notepad for this. What exactly happens when you say you can't open it? Or are you asking how to get the config out of the router? Check out the 'copy' commands on the router. Cut-n-paste also works great (in both directions), if your config is not too long. Thanks, Zsombor Shab Hanon wrote: Hello every body, I want to make some changes in the config file using Notepad... but unfortunately I can not open the config file as I see it in the router... Can any one help me and tell me about a software to open and make some changes in the config file so I can upload it back into the router. Best regards, Shab. **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73444t=73412 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: IP services, from case study ... [7:73435]
Groupstudy wrote: b) service hide-telnet-addresses Wow. This is really a command you can't live without... :) something like that ? There must be at least one other way to hide telnet address..but cant recall Apparently defining a 'busy-message' (probably the second most important command in IOS! :) causes the whole Trying... message to disappear so there won't be an IP address either. Does anyone have a practical reason why these commands are useful? Thanks, Zsombor rgds, Hannes Kumari - Original Message - From: Devrim Yener KUCUK To: Sent: Sunday, August 03, 2003 1:35 PM Subject: Re: IP services, from case study ... [7:73435] a) look at menu command options. b) could not get the question c) map your local IP to local DLCI d) is this back to back, then put the clock rate command where the DCE cable is connected Regards De - Original Message - From: Shab Hanon To: Sent: Sunday, August 03, 2003 12:04 PM Subject: IP services, from case study ... [7:73435] Hi, This is from a case study Can any one help on these ? a) Setup Rxx such that when a user telnets to it they will receive a menu system that consists of the following options. Ability to display the IP routing table Ability to clear the IP routing table Ability to print off a Cisco TAC troubleshooting screen Exit to command line interface b) When issuing a telnet session from Rxx ensure that the destination IP address is not shown in the display. c) R1, R2 R6 are not allowed subinterfaces on the frame-relay network that commonly connects them. R1, R2, R5 and R6 should be able to ping their own interfaces. how it can be possible to ping it their own interfaces on a serial ??? d) Make sure the frame-relay connection between R1 and R2 has a speed of 128k Cheers, Shab **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73445t=73435 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: H e l p .... [7:73412]
Dom wrote: From our website - Whilst not wishing to get involved in the 'holy war' of which text editor is the best, Dom happens to like UltraEdit- 32 available at http://www.ultraedit.com. This is a comprehensive Text Editor, HEX Editor, HTML Editor and Programmers Editor. Syntax highlighting is available for hundreds of languages ranging from Ada to XML. There is even a syntax file for Cisco IOS command. What can that syntax file do? Thanks, Zsombor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73456t=73412 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: H e l p .... [7:73412]
I often use Notepad for this. What exactly happens when you say you can't open it? Or are you asking how to get the config out of the router? Check out the 'copy' commands on the router. Cut-n-paste also works great (in both directions), if your config is not too long. Thanks, Zsombor Shab Hanon wrote: Hello every body, I want to make some changes in the config file using Notepad... but unfortunately I can not open the config file as I see it in the router... Can any one help me and tell me about a software to open and make some changes in the config file so I can upload it back into the router. Best regards, Shab. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73414t=73412 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Friday Follies #1 [7:73370]
Then how about this on the gateway (ie. router to which the misconfigured one is connected): ip route 255.255.255.255 interface loopback ip address 255.255.255.255 This still screws up the packets that go through the gateway router and were targeted to one of the two addresses in question, but that should be OK as that can't be user data (since they are going to routers). Thanks, Zsombor John Neiberger wrote: This would work but it might be temporarily disruptive to the network that is using that subnet address legitimately. Is there another way to do it that is not disruptive? Charles Cthulu Riley 8/1/03 2:56:41 PM Assign an address (as secondary) from the incorrect range to the router interface to which this device is connected, and from that router, connect (telnet or ssh) to that device, fix the ip, (get disconnected in process, of course), and remove the incorret secondary from the router...voila and other French words I don't understand. John Neiberger wrote in message news:[EMAIL PROTECTED] You have a device that is reachable only via telnet or console that you've preconfigured with an IP address, subnet mask, and default gateway and subsequently shipped out to a remote location to be installed. Once the device was in place you realized that you've configured it with the wrong addressing information. The subnet you used actually exists at another location so this device is currently unreachable via IP. If you could somehow reach the device you'd be able to correct your mistake without having someone ship the device back to you. What can you do to restore IP connectivity to this device in its current location and make it reachable from both the local router and remote routers? **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73392t=73370 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Friday Follies #1 [7:73370]
Zsombor Papp wrote: Then how about this on the gateway (ie. router to which the misconfigured one is connected): One more time for those who read it via email: ip route (address of misconfigured router) 255.255.255.255 (interface) interface loopback(n) ip address (gateway used on misc. router) 255.255.255.255 The parentheses were smaller-than/greater-than pairs previously... This still screws up the packets that go through the gateway router and were targeted to one of the two addresses in question, but that should be OK as that can't be user data (since they are going to routers). Thanks, Zsombor John Neiberger wrote: This would work but it might be temporarily disruptive to the network that is using that subnet address legitimately. Is there another way to do it that is not disruptive? Charles Cthulu Riley 8/1/03 2:56:41 PM Assign an address (as secondary) from the incorrect range to the router interface to which this device is connected, and from that router, connect (telnet or ssh) to that device, fix the ip, (get disconnected in process, of course), and remove the incorret secondary from the router...voila and other French words I don't understand. John Neiberger wrote in message news:[EMAIL PROTECTED] You have a device that is reachable only via telnet or console that you've preconfigured with an IP address, subnet mask, and default gateway and subsequently shipped out to a remote location to be installed. Once the device was in place you realized that you've configured it with the wrong addressing information. The subnet you used actually exists at another location so this device is currently unreachable via IP. If you could somehow reach the device you'd be able to correct your mistake without having someone ship the device back to you. What can you do to restore IP connectivity to this device in its current location and make it reachable from both the local router and remote routers? **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73396t=73370 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Friday Follies #1 [7:73370]
Why do you need the 'ip mobile arp' command? I would think the static route (with the default 'ip proxy-arp', if its a broadcast interface) would provide local connectivity and redistributing the static route into the IGP will provide global connectivity (well, except connectivity to devices that are on the subnet where the misconfigured router thinks it is). Also, in the solution I suggested above the looback interface is not needed if the gateway has a route to the IP address the misconfigured router thinks the gateway is, or if the link to the misconfigured router is a point-to-point one. Thanks, Zsombor John Neiberger wrote: Jason gave the answer I was looking for: Local Area Mobility. On the interface to which the device is connected add the following two lines: ip proxy-arp ip mobile arp Then add: ip route a.b.c.d 255.255.255.255 (interface) Where a.b.c.d is the IP address of the device. This creates a /32 host route in the routing table. Redistribute this into your routing protocol and you have local and remote connectivity to this single host even though it is not on the correct LAN subnet. John - Original Message - From: Jason Viera To: Sent: Friday, August 01, 2003 1:53 PM Subject: Re: Friday Follies #1 [7:73370] Depending upon the topology you may be able to use Local Area Mobility, and this is a stretch unless you have the right topology Mobile IP?? Just a guess! Need to take the edge off before my first lab attempt on Monday!! Thanks for keeping us thinking! Jason John Neiberger wrote in message news:[EMAIL PROTECTED] You have a device that is reachable only via telnet or console that you've preconfigured with an IP address, subnet mask, and default gateway and subsequently shipped out to a remote location to be installed. Once the device was in place you realized that you've configured it with the wrong addressing information. The subnet you used actually exists at another location so this device is currently unreachable via IP. If you could somehow reach the device you'd be able to correct your mistake without having someone ship the device back to you. What can you do to restore IP connectivity to this device in its current location and make it reachable from both the local router and remote routers? **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73402t=73370 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Friday Follies #1 [7:73370]
John Neiberger wrote: 'ip mobile arp' is what allows that device to communicate with the local router interface. Without that command you'll never end up with an entry for the errant device in the ARP table of the router. I will if I have a static route pointing to a broadcast interface. Since you need the static route anyway, I am not quite sure why the 'ip mobile arp' command is useful (at all, not just in this situation). In fact I now tried it out and without the static route, the router which has 'ip mobile arp' configured, still keeps ARPing out on the interface where the subnet is configured, even though it has an ARP entry for the misconfigured device pointing to the interface where that device is configured: XXX#sh arp Protocol Address Age (min) Hardware Addr Type Interface Internet 20.0.0.1- 000c.8640.1038 ARPA FastEthernet2/0 Internet 30.0.0.25 000c.8640.0c38 ARPA FastEthernet2/0 Internet 30.0.0.3 64 000c.8640.081e ARPA Ethernet1/2 Internet 30.0.0.1- 000c.8640.101e ARPA Ethernet1/2 XXX#ping 30.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 30.0.0.2, timeout is 2 seconds: 01:07:56: IP ARP: sent req src 30.0.0.1 000c.8640.101e, dst 30.0.0.2 .. Ethernet1/2. 01:07:58: IP ARP: sent req src 30.0.0.1 000c.8640.101e, dst 30.0.0.2 .. Ethernet1/2. 01:08:00: IP ARP: sent req src 30.0.0.1 000c.8640.101e, dst 30.0.0.2 .. Ethernet1/2. 01:08:02: IP ARP: sent req src 30.0.0.1 000c.8640.101e, dst 30.0.0.2 .. Ethernet1/2. 01:08:04: IP ARP: sent req src 30.0.0.1 000c.8640.101e, dst 30.0.0.2 .. Ethernet1/2. Success rate is 0 percent (0/5) This might be a bug, of course... Thanks, Zsombor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73404t=73370 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: CCIE Lab experience! [7:73263]
Salvatore De Luca wrote: Well.. I dont know about the rest of you, but when I look at resumes, and I see someone has actually put CCIE written on it. I cant help but chukkle.. If you start something.. might as well finish what you started I say. I dont see the value in someone who is satisfied in achieving something half-assed.. Well, I guess it's not like they also add and I don't even want to try the lab, is it? Once I saw a resume though that said something like Passed CCIE written test, which is half way of achieving CCIE certification. The passage half way made me chuckle, too. Thanks, Zsombor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73329t=73263 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How to interpret Show Version [7:73078]
You are right. Thanks, Zsombor Ismail Al-Shelh wrote: Greeting, I want to know if I am right or wrong, Based on the following show version output command I understood that I have 64 MB DRAM and 24 MB FLASH Memory. Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3660-JS-M), Version 12.1(5), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2000 by cisco Systems, Inc. Compiled Wed 25-Oct-00 06:57 by cmong Image text-base: 0x60008950, data-base: 0x611BE000 ROM: System Bootstrap, Version 12.0(6r)T, RELEASE SOFTWARE (fc1) HeadQuarter uptime is 4 hours, 22 minutes System returned to ROM by power-on System image file is flash:aaa1275.bin cisco c3660 (R527x) processor (revision C0) with 56320K/9216K bytes of memory. Processor board ID JAC0546A2Y1 R527x CPU at 225Mhz, Implementation 40, Rev 10.0, 2048KB L2 Cache Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 3660 Chassis type: ENTERPRISE 2 FastEthernet/IEEE 802.3 interface(s) 28 Low-speed serial(sync/async) network interface(s) DRAM configuration is 64 bits wide with parity disabled. 125K bytes of non-volatile configuration memory. 24576K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 If I am wrong then please let me know how to interpret how much memory I have. thanks, Ismail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73082t=73078 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: EIGRP Question [7:73068]
c. is incorrect because 1.) it doesn't overwirte the bandwidth setting, and 2.) the percentage may be lower or higher than 50. b. is the correct answer. Thanks, Zsombor Ramesh Ram wrote: You are configuring EIGRP for NBMA operation. What is the purpose of the IP bandwidth-percent EIGRP command? a. It adjusts the percentage of bandwidth that EIGRP packets can use on all of the routers interfaces. b. It adjusts the percentage of bandwidth that EIGRP packets can use on an individual router interface. c. It overwrites the bandwidth setting on an interface to ensure that EIGRP packets receive 50% of the available bandwidth on the routers interface. d. It limits the % of bandwidth that EIGRP packets can use. The percentage cannot exceed 50% of the configured bandwidth on all of the routers interfaces. I am confused between answers b c. Could someone clarify ? Ramesh Ram, CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73071t=73068 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ios upgrade... [7:72779]
Hi, are you sure that the image that crashes and the one that then boots up properly is the same one? Isn't it possible that you have two images, and the second one is booted up after the booting of the first failed? A full boot-log would help to answer these questions. If you indeed have two images, then simply make sure that the boot variable points to it (see 'boot system flash' command). Thanks, Zsombor Wilmes, Rusty wrote: Hi, I tried upgrading IOS on a 3620 via the console (about 1.75 hours!) Now there's some ugliness in the boot. I verified the flash and it seems ok. Boot and sho ver follows. Just seeing if anyone had any input... Thanks Rusty System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY DEPLOYMENT RELEASE SOFT WARE (fc2) Copyright (c) 1994-1996 by cisco Systems, Inc. C3600 processor with 65536 Kbytes of main memory Main memory is configured to 32 bit mode with parity disabled program load complete, entry point: 0x80008000, size: 0x843438 Self decompressing the image : #.##[OK] %ERR-1-GT64010: Fatal error, PCI Master abort cause=0x0300E483, mask=0x0CD01F00, real_cause=0x0400 bus_err_high=0x, bus_err_low=0x3100, addr_decode_err=0x1FEE Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3620-IS-M), Version 12.1(20), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Thu 29-May-03 17:29 by kellythw Image text-base: 0x60008940, data-base: 0x60EB4000 cisco 3620 (R4700) processor (revision 0x81) with 61440K/4096K bytes of memory. Processor board ID 06072235 R4700 CPU at 80Mhz, Implementation 33, Rev 1.0 Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). DRAM configuration is 32 bits wide with parity disabled. 29K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read/Write) Press RETURN to get started! 00:00:06: %LINK-4-NOMAC: A random default MAC address of .0c86.2235 has been chosen. Ensure that this address is unique, or specify MAC addresses for commands (such as 'novell routing') that allow the use of this address as a default. 00:00:07: %SYS-5-CONFIG_I: Configured from memory by console 00:00:10: %SYS-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3620-IS-M), Version 12.1(20), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Thu 29-May-03 17:29 by kellythw Router Router Routersho ver Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3620-IS-M), Version 12.1(20), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Thu 29-May-03 17:29 by kellythw Image text-base: 0x60008940, data-base: 0x60EB4000 ROM: System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY DEPLOYMENT RELEASE SOFTWARE (fc2) Router uptime is 0 minutes System returned to ROM by power-on System image file is flash:c3620-is-mz.121-20.bin cisco 3620 (R4700) processor (revision 0x81) with 61440K/4096K bytes of memory. Processor board ID 06072235 R4700 CPU at 80Mhz, Implementation 33, Rev 1.0 Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). DRAM configuration is 32 bits wide with parity disabled. 29K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 Router Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72904t=72779 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Equation to calculate the Bandwidth [7:72888]
For the record, a more accurate formula to calculate utilization of an Ethernet link is this: (160*(number of frames per sec)+8*(number of octets per sec))/10,000,000 The result is a number between 0 and 1; multiply by 100 if you need percentage. The 160*(number of frames per sec) part is necessary to account for the 64 bit preamble and the 9.6 usec inter-frame gap. Even this formula is an idealized one, as it doesn't account for collisions. Thanks, Zsombor gab S.E jones wrote: Hi, Il use the example you gave above using a 10MB = 1000 (bits) lets assume at t(time) InOctet was 4000 OutOctet was 3000 Total=7000 You have to convert the total In and Out octects(bytes) to bits(the link speed is in bits) hence to multiply by 8 7000*8=56000 56000/1000 (all in bits) = 0.0056 * 100 (to get a percentage) =0.56 (less than 1 percent of the bandwidth is being used at that time) this just to show you the calculation. But as Priscilla said utilization only makes sense in respect to the total bandwidth, available capacity and also as a function of time. Fred went a bit more deeper and detailed which actaully explains how best to inteprete utilization e.g on wan links etc Fred - dont see any more posts from you in the Ovforum anymore. regards, seun Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72992t=72888 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ios upgrade... [7:72779]
Hi, are you sure that the image that crashes and the one that then boots up properly is the same one? Isn't it possible that you have two images, and the second one is booted up after the booting of the first failed? A full boot-log would help to answer these questions. If you indeed have two images, then simply make sure that the boot variable points to it (see 'boot system flash' command). Thanks, Zsombor Wilmes, Rusty wrote: Hi, I tried upgrading IOS on a 3620 via the console (about 1.75 hours!) Now there's some ugliness in the boot. I verified the flash and it seems ok. Boot and sho ver follows. Just seeing if anyone had any input... Thanks Rusty System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY DEPLOYMENT RELEASE SOFT WARE (fc2) Copyright (c) 1994-1996 by cisco Systems, Inc. C3600 processor with 65536 Kbytes of main memory Main memory is configured to 32 bit mode with parity disabled program load complete, entry point: 0x80008000, size: 0x843438 Self decompressing the image : #.##[OK] %ERR-1-GT64010: Fatal error, PCI Master abort cause=0x0300E483, mask=0x0CD01F00, real_cause=0x0400 bus_err_high=0x, bus_err_low=0x3100, addr_decode_err=0x1FEE Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3620-IS-M), Version 12.1(20), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Thu 29-May-03 17:29 by kellythw Image text-base: 0x60008940, data-base: 0x60EB4000 cisco 3620 (R4700) processor (revision 0x81) with 61440K/4096K bytes of memory. Processor board ID 06072235 R4700 CPU at 80Mhz, Implementation 33, Rev 1.0 Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). DRAM configuration is 32 bits wide with parity disabled. 29K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read/Write) Press RETURN to get started! 00:00:06: %LINK-4-NOMAC: A random default MAC address of .0c86.2235 has been chosen. Ensure that this address is unique, or specify MAC addresses for commands (such as 'novell routing') that allow the use of this address as a default. 00:00:07: %SYS-5-CONFIG_I: Configured from memory by console 00:00:10: %SYS-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3620-IS-M), Version 12.1(20), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Thu 29-May-03 17:29 by kellythw Router Router Routersho ver Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3620-IS-M), Version 12.1(20), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Thu 29-May-03 17:29 by kellythw Image text-base: 0x60008940, data-base: 0x60EB4000 ROM: System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY DEPLOYMENT RELEASE SOFTWARE (fc2) Router uptime is 0 minutes System returned to ROM by power-on System image file is flash:c3620-is-mz.121-20.bin cisco 3620 (R4700) processor (revision 0x81) with 61440K/4096K bytes of memory. Processor board ID 06072235 R4700 CPU at 80Mhz, Implementation 33, Rev 1.0 Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). DRAM configuration is 32 bits wide with parity disabled. 29K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 Router Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72808t=72779 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Microsoft VPN through a router [7:72824]
Steven Aiello wrote: I was wondering what ports I would need to have open for a Microsoft VPN connection on my router. If I have done my home work correctly I think IPSec port: 50 This is protocol number (as in protocol above IP). You will also need 51 I think. L2TP port : 1701 UDP PPTP port : 1723 TCP Are these all TCP, UDP??? I don't really have a full understanding of how the protocal and port process of a VPN works. I understand the theroy; how IPSec incryptes the info in a tunnel data portion of another IP packet blaa blaa blaa. But any more aditional detailed info would be great. The RFCs are pretty detailed. Thanks, Zsombor Thanks, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72830t=72824 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Command rejected: FastEthernet5/14 not an acce [7:72674]
Try 'switchport mode access' first. Thanks, Zsombor John Brandis wrote: Hi all, I am wishing to implement port security on my 4006 + supIII using Version 12.1(13)EW1 I tried to enter the command SYD_CORE1(config)#int fastEthernet 5/14 SYD_CORE1(config-if)#switchport port SYD_CORE1(config-if)#switchport port-security max SYD_CORE1(config-if)#switchport port-security maximum 2 ? SYD_CORE1(config-if)#switchport port-security maximum 2 Command rejected: FastEthernet5/14 not an access port. I then confirmed my config for the port interface FastEthernet5/14 description a computer internal switchport access vlan 11 no snmp trap link-status Can any one tell me why I would get the error? I have tried this on a few ports now and got the same error every time. I looked on the cisco site and around deja, and found nothing about the error. Can any one provide some help John ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.solution6.com ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72676t=72674 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Bandwidth, QoS, and Contention networks [7:72645]
I think comparing shared wireless to dedicated wired connections is a bit of an apple vs orange contest. You can get shared wireless where you can't get anything else (e.g. walking from one meeting room to the other, or attending a meeting with 10 other people in a room where there are only 4 wired ports), so obviously it is better than all the other choices. If you can choose between a 100Mbps switch port and a 11Mbps shared wireless link without sacrificing anything (e.g. in case of servers or desktop machines), then the 100Mbps switch port is obviously better. Thanks, Zsombor Chuck Whose Road is Ever Shorte wrote: Howard C. Berkowitz wrote in message news:[EMAIL PROTECTED] What's the medium cost between the two cities? Can you use demand circuits as a backup? Can you live with one more PVC and trust the physical connection? Is QoS-unpredictable cable or DSL available? Funny you should ask this, Howard. I've been struggling for several weeks how to pose the question. Have we, the engineering / technical sales community oversold the idea of dedicated bandwidth and QoS? Take, for example, wireless. Wireless is essentially a step backwards. For years we have been convincing customers to get rid of their hubs and move into a switched domain, with dedicated bandwidth for every user. This is often done in the name of productivity. Fewer interruptions of data streams, meaning work completed faster.Now all the wireless vendors ( Cisco included ) are producing studies showing how wireless is increasing productivity to the tune of an hour a day. On a shared contention medium. Cisco will shortly release their wireless telephone as part of their AVVID suite of products, competing with the SpectraLink product that has been available for a couple of years. All this gives one reason to re-evaluate what we have been told for the last couple of years. a contention medium provides the means for greater productivity? You mention QoS in your response above. QoS is something being pushed as necessary for voice, video, and other delay sensitive traffic. Cisco wireless AP's offer one way quasi QoS. Wireless, however, remains a contention medium, and will remain so until the FCC changes the rules. I'm not sure they will be able to release sufficient radio spectrum to permit all the bandwidth and services that wired can. But wireless is so damn convenient! I'm not suggesting that dedicated bandwidth to the desktop is a bad thing or that there is not need for QoS. However, I'm wondering how all of us might reconcile two seemingly opposed points of view regarding bandwidth and QoS - recognizing that wireless, whatever it's limitations, is here to stay, and will become and remain essential to any and all networks, enterprise or small business, going forward. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72665t=72645 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Bandwidth, QoS, and Contention networks [7:72645]
Chuck Whose Road is Ever Shorte wrote: after viewing the presentation, you tell me - is this not saying that 5 megabits is more than adequate for voice, video, etc? I don't think that was the point of the presention. Regardless, I can tell you that 5Mbps is enough for voice. :) For video, it depends on the quality. I'm just asking - if people are more productive, despite the obvious lack of bandwidth, and despite the step back to a contention medium, is there something to be said about the perceived need for 100 megabits to the desktop? I agree with Fred, such a perception is probably misguided in most cases. Most people are very happy even with their 1.5Mbps DSL line. But all this depends on what you want to do. Full-screen DVD quality video won't work over DSL. Even online gaming could use more than 1.5Mbps. FWIW, I've heard that in Korea, there is a serious market for dedicated 100Mbps connections to the *home* due to wide-spread online gaming (I don't know if this is true, I find it a bit hard to believe). Also consider that pure 10Mbps Ethernet interfaces are getting pretty rare; most of the Ethernet interfaces are 10/100. So in a campus network, in most cases, there is no real reason to not have 100Mbps to the desktop. Thanks, Zsombor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72673t=72645 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CISCO2950 switch boot issue.. Urgent [7:72612]
Sounds like the image is corrupted. You might find this page useful: http://www.cisco.com/warp/public/473/corrupt_or_missing_image.html Thanks, Zsombor I upgraded the IOS on the 2950. now when it boots, I get a bad mzip file, unknown zip method. Any ideas? __ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72620t=72612 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help PLEASE FAST [7:72603]
Hi, what are clients? I'll assume computers in general but if you mean specific software then please specify. What layer are they losing the connectivity at? Can they ping anything? If so, what can and can't they ping? If an affected client can't ping something in the same subnet, then try to ping that affected client's IP address from that something. If it succeeds, then check the MAC address associated with the affected client's IP address in the ARP table of that something and compare it to the MAC address of the affected client. If it turns out to be different than that means that you have duplicate IP addresses and you should double-check the DHCP configuration. You mentioned that rebooting the client helps. Did you try 'ipconfig /release' and/or 'ipconfig /renew' to see if that helps, too? It might also be interesting to see if there are any machines that are never affected. It can be tricky though as it is not easy to distinguish between not affected and hasn't happened yet. Is AD Active Directory? If so, do you perhaps mean that people can't log in after a while? If you mean something else, then why is it relevant that they have AD (or what is AD)? How is the problem related to the remote site? Thanks, Zsombor Hi all HELP! The clients on my network seem to be loosing their connection to the network for no apparent reason. we have a main office and a spoke location running over vpn. The problem seems to be at main office because it happens here and was happening before the other location came on-line. There are some internal DNS issues also. I haven't determined if they are related but is happening at both locations now. it is a AD domain and the other site is part of the domain. I need help in getting this resolved soon. I will try to answer any questions as best I can. I know this may not be Cisco issue but I do have Cisco products and this is the best list of people with experience will all types of problems that I know. I know of none better. I know someone here has had this issue before, and can help me. I just hope they read this email soon. A reboot of the machine seems to fix the problem. Lease time is 24 hours. DHCP is being used. I need to resolve this soon as it is a critical situation. __ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72622t=72603 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question in ABR [7:72624]
This is from RFC2328: Backbone routers A router that has an interface to the backbone area. This includes all routers that interface to more than one area (i.e., area border routers). However, backbone routers do not have to be area border routers. It is not very explicit, I'll give you that. Apparently it confused the authores of RFC3509 as well. :) I wasn't aware of RFC3509. I doubt that R3 on Page 2 of this RFC would ineed identify itself as an ABR if it was running IOS. It is an interesting read nonetheless. Thanks, Zsombor bergenpeak wrote: RFC2328 defines this router to be an ABR. However, there are some issues with this approach. RFC 3509 defines an alternative behavior for ABRs. In summary, when the router connects to multiple areas but not to area 0, the router should not operate as an ABR but instead should operate as if it was internal to all connected areas. Rajesh Kumar wrote: Hello all, If a router has its interfaces in Area 1 and Area 2 and no Area 0, is it still considered to be an ABR OR strictly, one of the interfaces has to be in Area 0 to be an ABR? Thanks, Rajesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72630t=72624 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fiber Question [7:72544]
At 03:55 AM 7/18/2003 +, Chuck Whose Road is Ever Shorter wrote: Zsombor Papp wrote in message news:[EMAIL PROTECTED] At 01:20 AM 7/18/2003 +, Bill wrote: Just learning basics of fiber communication. Btw, optical communication is indeed an interesting topic. Does anyone have a recommendation for a good book on this? I would be very interested in a book (let alone web site) that explains the fundamental principles (modulation, dispersion, spectral width, etc) in a great detail, but without making my brain explode with thousands of formulas. (Yeah, I know, it's not an easy request.) For example, why exactly do we need that conditioning cable when connecting a MM cable to a SM interface? not that CCO necessarily provides intimate technical details, but if you read the footnotes you can infer that it has to do with laser strength and signal saturation. That's probably just one part of the problem. That same footnote goes on to say that mode-conditioning patch cord is required for link distances *greater* than 984 feet. Surely the signal doesn't get stronger as the distance increases? See also this page: http://www.l-com.com/content/ResourceCenter/Tips/pages/fiber_06.htm which talks about Differential Mode Delay (DMD) and hints about the importance of positioning the SM core against the MM core. This DMD sounds like modal dispersion, but if it really is modal dispersion, then why is the SM interface affected more by this than the MM interface? Btw, as for the laser strength and saturation, I am also wondering why that doesn't present a problem with SM cables. Because the small core doesn't carry as much energy as the large core of the MM cable? Or maybe it is a problem even for SM, they just assume that you wouldn't use SM cable for a distance measured in 10s of meters? Thanks, Zsombor http://www.cisco.com/en/US/products/hw/modules/ps872/products_data_sheet09186a008014cb5e.html watch the wrap. probably the same reason why the minimum length of a fiber patch ( multimode ) is 3 meters / 10 foot Thanks, Zsombor I am not sure about which fiber cable I saw but it was orange and basically connected two 3550's together. The fiber had two connectors on each side. One was blue and the other was red. How is it normally connected? I guess the switch ports are receive and transmit. So, does that mean if you connect red on the left port on one switch, you would connect the red on the other side of the cable to the right port of the switch? Thx bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72559t=72544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fiber Question [7:72544]
At 03:56 AM 7/18/2003 +, annlee wrote: Here is some help http://www.americanfibertek.com/FAQ.htm#fiber singlemode fiber is half the cost of multimode fiber ??? and http://www.americanfibertek.com/products/PDFCatalog/History.pdf All the fiber I saw followed the convention orange=MM, yellow=SM. MM fiber is not capable of handling SM input, With conditioning cable patches it can. but SM fiber can handle MM input. Is this a fact? No restrictions, no gotcha's, it just works? IIRC, the reason was power on the laser emission as well as frequencies used, etc. There is also some info in SONET, 3e, by Goralski --it's on amazon.com. I have the 2e, and I learned a ton from it, including the introductory material about how networking developed as it did. It's good for an introduction, I just wish it would continue to elaborate on the optical aspect, instead of getting into the boring details of SONET. He chose the title well though, I have to give him that... :) In our lab, we weren't often blessed with red and blue connectors; more often it was dual black connectors, in which case we ran fingers down the fiber to get the 180-degree twist (rx--tx and tx--rx): it really is a manual crossover. I usually check the inscription on the cable. On the cables we use, only one half has an inscription (on both ends). The finger roll only works in a lab, though. Dolphins lose their grip on the transoceanic fibers... They must be using color codes... :) Thanks, Zsombor Annlee Zsombor Papp wrote in message news:[EMAIL PROTECTED] At 01:20 AM 7/18/2003 +, Bill wrote: Just learning basics of fiber communication. Btw, optical communication is indeed an interesting topic. Does anyone have a recommendation for a good book on this? I would be very interested in a book (let alone web site) that explains the fundamental principles (modulation, dispersion, spectral width, etc) in a great detail, but without making my brain explode with thousands of formulas. (Yeah, I know, it's not an easy request.) For example, why exactly do we need that conditioning cable when connecting a MM cable to a SM interface? Thanks, Zsombor I am not sure about which fiber cable I saw but it was orange and basically connected two 3550's together. The fiber had two connectors on each side. One was blue and the other was red. How is it normally connected? I guess the switch ports are receive and transmit. So, does that mean if you connect red on the left port on one switch, you would connect the red on the other side of the cable to the right port of the switch? Thx bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72558t=72544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: a really big bug [7:72463]
Perhaps you slightly misunderstood my attitude and are jumping to conclusions so that you can put a convenient label on me. I am not saying that Cisco should keep security problems a secret, rather that dissemination of information about sensitive issues posing a security threat to many should be carefully considered and coordinated. If you have access to the applicable bug reports, you will see that it was exactly the PSIRT team who carefully edited/removed all enclosures to make sure that the information necessary to reproduce the attack is not easily extracted. All the protocol names were replaced by XXX, for example. Personally, I was impressed by the thorough job they did. The only hints I could find were the code diffs. Now, does this mean that Cisco wants to hide the problems? Not at all. As you say, Cisco has always been good at publishing security flaws. The Security Advisory in question is still being updated, too. So I think Cisco has deserved some patience and the right to decide when to publish what information. Having said that, I am not writing to this mailing list as a representative of Cisco. What I say is my personal opinion (and believe it or not, it is not influenced by the fact that I work for Cisco -- only what I do *not* say is influenced by that fact). I am using my Cisco email because it is convenient. I have hoped that people on this list are mature enough to realize this, but perhaps I was wrong. I will switch to Yahoo now. Perhaps we should send your response to this to John Chambers and see what he will say. Will you also tell your daddy/bigger brother about me? :) Thanks, Zsombor At 11:43 AM 7/18/2003 +, Peter Benac wrote: I am glad you are not representative of the current Cisco Culture. Your attitude in this matter really is not acceptable and I would hope that Cisco's attitude would be better. Any exploit hypothetical or not quickly spreads acrossed the internet faster then Bill Gates can find another security flaw in Windows. My Solaris Servers that face the internet are under constant bombardment from would be windows script kiddies. It doesm't matter to them whether I have a Solaris System or a Windows System. They want to be real hackers and will try anything that is posted. This applies to other systems as well. Cisco has the major market share and therefore is the primary target. Cisco is not Microsoft, and never has been. They have always put their flaws right in peoples faces. The infamous SNMP bug was published and fixed long before CERT published it. Cisco has a PSIRT team whose soul function in life is security risk accessment. I have never known Cisco to call a potential Security threat Entertainment. Perhaps we should send your response to this to John Chambers and see what he will say. I still remember his e-mail address since I too am an ex-cisco employee. Regards, Pete Peter P. Benac, CCNA Emacolet Networking Services, Inc Providing Systems and Network Consulting, Training, Web Hosting Services Phone: 919-847-1740 or 866-701-2345 Web: http://www.emacolet.com Need quick reliable Systems or Network Management advice visit http://www.nmsusers.org To have principles... First have courage.. With principles comes integrity!!! I sincerly hope that Cisco is not becoming Microsoft. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72570t=72463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Free Cisco IPv4 vulnerability seminar today 7/18 [7:72569]
Is it possible to get the material presented at this seminar? Thanks, Zsombor At 02:03 PM 7/18/2003 +, Paul Borghese wrote: Hi Everyone, Global Knowledge is offering a free seminar on the new IPv4 DoS vulnerability. I have been allowed to invite the GroupStudy members to the seminar as I think some of you will find it interesting. Here is the complete invite. Sorry for the late invite . I just found out about it myself: __ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72578t=72569 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: route commands [7:72406]
At 11:25 AM 7/17/2003 +, Sasa Milic wrote: This was discussed a milion times; static route that points to an interface has AD=1. Just out of curiosity, does anyone know when this was changed? It used to be 0 for interface static routes, right? However, this is pretty irrelevant as far the original question is concerned. To answer the original question, the difference between static routes pointing to IP addresses and interfaces is that you get screwed if you point to a broadcast interface without an IP address. It's due to ARP; think about it, try it out, or search in the Groupstudy archives to find out what exactly happens. So the recommended solution (at least for broadcast interfaces) is to configure both IP address and interface name. For static routes pointing to p2p interfaces, I don't think you need to configure IP address (as someone else suggested, you will spare some work if a renumbering ever happens). Thanks, Zsombor Sasa CCIE #8635 Nakul Malik wrote: by default, a static route has an AD of 1. If the static route points to an exit interface, the AD=0. That is the only difference HTH. -Nakul Karyn Williams wrote in message news:[EMAIL PROTECTED] We recently added another interface, S1/1, that connects a private line to another school. We are routing 156.3.37.0 to them. Should I have route statements that say ip route 156.3.37.0 255.255.255.0 192.168.0.2 or ip route 156.3.37.0 255.255.255.0 Serial1/1 Current config: ip route 0.0.0.0 0.0.0.0 Serial0/0 ip route 0.0.0.0 0.0.0.0 Serial0/1 ip route 0.0.0.0 0.0.0.0 Serial1/0 ip route 65.165.174.0 255.255.254.0 FastEthernet0/0 ip route 156.3.37.0 255.255.255.0 192.168.0.2 ip route 198.182.157.0 255.255.255.0 65.165.175.253 ip route 207.233.56.0 255.255.255.0 192.168.0.2 I am interested if there is a performance difference between these two route statements or any other reason why one would be preferred over the other. TIA. -- Karyn Williams, CNE Network Services Manager California Institute of the Arts [EMAIL PROTECTED] http://www.calarts.edu/network -- Regards, Sasa CCIE #8635 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72472t=72406 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can Not Router on 3550 [7:72462]
How do you know it's not working? What does 'show ip route' show on the 3550? Do you have a router (running RIP) attached to this 3550? Can it ping the VLAN interfaces? Do you have any PCs connected to the 3550? Can they ping the VLAN interfaces? Maybe try 'debug ip rip' as well... Thanks, Zsombor At 09:16 AM 7/17/2003 +, Steiven Poh-\(Jaring MailBox\) wrote: Dear All, I congifured a simple L3 routing on my 3550-EMI, but seem like not working. Any help? Thanks == Current configuration : 6579 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname LOL-3550 ! enable password cisco ! ip subnet-zero ip routing ! ! spanning-tree extend system-id ! ! ! interface FastEthernet0/1 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/2 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/3 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/4 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/5 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/6 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/7 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/8 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/9 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/10 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/11 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/12 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/13 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/14 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/15 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/16 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/17 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/18 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/19 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/20 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/21 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/22 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/23 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/24 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/25 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/26 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/27 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/28 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/29 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/30 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/31 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/32 switchport access vlan 3 switchport mode access no ip address spanning-tree portfast trunk ! interface FastEthernet0/33 switchport access vlan 2 switchport mode access no ip address spanning-tree portfast trunk
Re: Multicasting [7:72403]
Not that this will solve your problem, but why do you need IGMP between two routers? Thanks, Zsombor At 08:22 AM 7/17/2003 +, MR wrote: At the source end , if i observed traffic on tunnel, it was 1.5mb . But at the other end , it was zero.There was no incoming traffic. As i said earlier , its not a point to point connection ans involves multiple transit routers on the way. R1 --- SP1 ---SP2---R2 TSTD SP-Service Provider TS- Tunnel Source TD-Tunnel Dest. At SP1 , we observed there was traffic on their serial interface with R1. Now multicast is not enabled in any SP router. Its enabled only in R1 R2. Should we be enabling it. As it was a public n/w we couldnt. Also there was no RP configured in R1 R2. Just enabled multicast with IGMP group specified. We enabled PIM /IGMP in both tunnel as well as serial interfaces of R1R2. R1 Config- ip multicast-routing interface Tunnel0 ip address 172.16.1.2 255.255.255.252 ip pim dense-mode ip igmp join-group 224.1.1.1 tunnel source a.b.c.d tunnel destination w.x.y.z interface Serial0 ip address a.b.c.d 255.255.255.252 ip pim dense-mode ip igmp join-group 224.1.1.1. R2 Config- ip multicast-routing interface Tunnel0 ip address 172.16.1.1 255.255.255.252 ip pim dense-mode ip igmp join-group 224.1.1.1 tunnel source w.x.y.z tunnel destination a.b.c.d interface Serial0 ip address w.x.y.z 255.255.255.252 ip pim dense-mode ip igmp join-group 224.1.1.1. Please do revert back to me for more info. Rgds - Original Message - From: Reimer, Fred To: [EMAIL PROTECTED] Sent: Thursday, July 17, 2003 3:59 AM Subject: RE: Multicasting [7:72403] I think you said that you see traffic going out one tunnel, but not coming in on the other end of the tunnel. How are you checking that? What does your mroute cache look like for the group in question? Does it list the tunnel interface as an outgoing interface? On the end that isn't receiving anything, is it configured for the RP? Does it find the RP successfully? Does it know about the group in it's mroute cache? Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: alaerte Vidali [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 16, 2003 3:55 PM To: [EMAIL PROTECTED] Subject: RE: Multicasting [7:72403] I have configured it same time ago; the serial link was frame relay. But I used point-to-point subinterface Something like that: R1 interface tunnel 0 ip address 172.16.1.1 255.255.255.252 ip pim sparse-dense-mode tunnel source 192.168.1.1 tunnel destination 192.168.1.2 ! inter ser 0 encap frame-relay ! inter ser 0.1 point ip ad 192.168.1.1 255.255.255.252 frame-relay map interface-dlci 100 Same for R2. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72476t=72403 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: route commands [7:72406]
At 03:07 PM 7/17/2003 +, Daniel Cotts wrote: Answer is Cisco's own training materials. In the BSCN ver 1 materials there is a AD Comparison Chart Connected interface AD=0 Static Route out an interface AD=0 Static Route to a next hop AD=1 etc. The instructor told us that a Static route out an interface had an AD of 1 for 11.3 and newer. FWIW I just tried a 11.2 image and it had AD of 1, too. Thanks, Zsombor -Original Message- From: Black Jack [mailto:[EMAIL PROTECTED] I just wonder how the AD=0 rumor ever got started. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72484t=72406 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: a really big bug [7:72463]
At 04:33 PM 7/17/2003 +, Priscilla Oppenheimer wrote: I think Cisco was right not to publish the details about these rare, specially crafted packets, I think so. Along the same lines, you also shouldn't publish it even if you know it. :) but does anyone have the details? Maybe if you can get to the bugtracker, the details are in there. Usually these details are carefully removed from every publicly available document after they turn out to be a security risk. Thanks, Zsombor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72492t=72463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Need help: debug question [7:72505]
I would think every decent telnet server is capable of logging the incoming requests. Anyway, comments inline. At 07:38 PM 7/17/2003 +, [EMAIL PROTECTED] wrote: I have a strange request: I need to find out who's telnetting to a remote host. I don't have sniffer on the remote site so I'm thinking using debug to get this information. I created an access-list 100 permit tcp any host 1.1.1.1 eq 23 log, then debug ip packet detail 100. You don't need the 'log' keyword if you use the access list for debugging. However, such debugging is fairly challenging if you are running CEF or maybe even with fast-switching, as then the packets won't touch the code where debugging is happening. If you are not afraid of killing the router, then force it to do process switching and I am sure you will see the packets. A better solution would be however to apply the access list (with the log keyword!) .. and with a 'permit ip any any' at the end... :) to the interface using the 'access-group' command. Then you will see things like list 100 permitted tcp - , 1 packet in the log. I expect to see source IP addresses. But I don't see nothing. If I add access-list 100 permit ip any any as 2nd line, I start seeing all the output but it's so much that killed the router. :))) Thanks, Zsombor What's wrong with my access-list? Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72524t=72505 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Need help: debug question [7:72505]
I would think every decent telnet server is capable of logging the incoming requests. Anyway, comments inline. At 07:38 PM 7/17/2003 +, [EMAIL PROTECTED] wrote: I have a strange request: I need to find out who's telnetting to a remote host. I don't have sniffer on the remote site so I'm thinking using debug to get this information. I created an access-list 100 permit tcp any host 1.1.1.1 eq 23 log, then debug ip packet detail 100. You don't need the 'log' keyword if you use the access list for debugging. However, such debugging is fairly challenging if you are running CEF or maybe even with fast-switching, as then the packets won't touch the code where debugging is happening. If you are not afraid of killing the router, then force it to do process switching and I am sure you will see the packets. A better solution would be however to apply the access list (with the log keyword!) to the interface using the 'access-group' command. Then you will see things like list 100 permitted tcp - , 1 packet in the log. I expect to see source IP addresses. But I don't see nothing. If I add access-list 100 permit ip any any as 2nd line, I start seeing all the output but it's so much that killed the router. :))) Thanks, Zsombor What's wrong with my access-list? Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72523t=72505 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: a really big bug [7:72463]
At 09:54 PM 7/17/2003 +, Priscilla Oppenheimer wrote: It sounds like this is a hypothetical packet and situation that Cisco quality assurance discovered. I thought it was something already being exploited, but it doesn't sound like it. In that case, I guess I support Cisco not telling us more about it. And in which case wouldn't you? If you are running any of the affected versions, then upgrade the routers or apply the workaround (and if you can't do any of these, then you should be right away grateful for Cisco not being very specific...). If you are not using any of the affected versions (if I understood correctly, you are not even using IOS to start with), then why do you worry about this? I can understand that people's curiosity is always aroused by mysterious things that can kill a router, but keeping other people's production network operational is slightly more important than providing entertainment to the public. :) Thanks, Zsombor It's sort of an age-old security question of how much info to publish. The info would help the white hats, but also the black hats. Unfortunately, I can't look at bug reports (even with my guest access!?) Maybe there's more in the bug reports. I still want to know more about these packets. :-) But I guess I'll have to do more research Priscilla M.C. van den Bovenkamp wrote: Duncan Maccubbin wrote: I was on a conference call with Cisco and the Cisco rep felt we were overreacting by rushing to change our code right away, He said that the packet was extremely difficult to create and the person would have to be a genius to make it. As we don't know exactly *what* you need to do, it's difficult to say whether he's right or not. But my gut says he's wrong; as soon as you *do* know, there are 'packetfactory'-tools enough about... Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72537t=72463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: a really big bug [7:72463]
At 10:02 PM 7/17/2003 +, Lance Warner wrote: I've read the ACL section of the advisory again and again thinking I missed something and I for the life of me can't find any reference to a particular type of traffic that should be blocked. It looks likes the regular block traffic from sources you know shouldn't be hitting your network (10. -172.16 - 192.168 ) and also block any ports you know your users don't need. Please let me know what I'm missing here. Probably the fact that an exact ACL would also reveal how you can disable the routers of others... :) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72533t=72463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: a default route question.. [7:72211]
Command depends on routing protocol. You are probably in EIGRP. 'default-information originate' is used with OSPF and ISIS. As we found out recently, newer versions of IOS allow this command under RIP as well, although I have to wonder what that does as RIP advertises the default route without it anyway (after redistribution, of course). Thanks, Zsombor At 09:16 PM 7/17/2003 +, Luan Nguyen wrote: Hello, (config-router)#default-information ? allowed Allow default information in Accept default routing information out Output default routing information There is no such thing is default-info originate. All the above are default with cisco I believe, I still don't understand what Daniel said about ip default-network How do create an ip default-network to equal to ip route 0.0.0.0 0.0.0.0 1.1.1.1 ? The way I am doing now is just redistribute static and maybe filter to only 0.0.0.0 with route-map Thanks. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, July 17, 2003 12:58 PM To: [EMAIL PROTECTED] Subject: RE: a default route question.. [7:72211] Daniel Cotts wrote: Not an issue of errata but of reading a little further. If there is a default static 0.0.0.0 0.0.0.0 192.168.1.2 and RIP on the router then: that router will use the static as its gateway of last resort and RIP will advertise that route to its neighbors. For IGRP and EIGRP see Doyle p 756 Default routing is somewhat different for IGRP and EIGRP. These protocols do not understand the address 0.0.0.0. Rather, they advertise an actual address as an external route Use the ip default-network command to create that route. ip default-network 10.0.1.0 (or whatever - plus in EIGRP one can add a mask) The router on which that is configured will advertise that route to its neighbors. Will IGRP and EIGRP do this automatically or do they need default-information originate, I wonder? It's probably not worth testing on my routers because they are so old they won't take a recent IOS version. When I get back to my work lab I could test it, but that won't be until September. (The academic life has some advantages. :-) Priscilla See also EIGRP Network Design Solutions page 219-223 (It appears the book is out of print. There are a few available on Amazon.) So - the sentence in Doyle p 753 After a default route is identified in the routing table, RIP, IGRP, and EIGRP will automatically advertise it. - is true as long as we understand that default route means different things for RIP vs EIGRP. No redistribution commands are used. Now - the original point of this thread was 'has the treatment of default routes - particularly by RIP - changed in newer versions of IOS?' Some weeks ago I did some testing and did not find any change (used 11.1 through 12.2). However, I seem to remember some discussion by Chuck and others in the past on this subject. I haven't searched the archives - so am open to anyone proving otherwise. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] But, alas, this didn't work on IGRP or EIGRP. So if anyone has a good errata for Doyle, Volume I, is this in it? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72526t=72211 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fiber Question [7:72544]
At 01:20 AM 7/18/2003 +, Bill wrote: Just learning basics of fiber communication. I am not sure about which fiber cable I saw but it was orange FWIW, the MM cables we use are usually orange and the SM cables yellow. Not sure if this is a general rule though... :))) and basically connected two 3550's together. Unfortunatly the type of the cable depends on the GBIC, not the box itself. In fact as we saw here recently, the GBIC type and the cable type doesn't even need to match. The fiber had two connectors on each side. I guess that's a pretty standard solution... although it is possible to transmit and receive on the same fiber, isn't it? Never seen one of those though. One was blue and the other was red. This is unfortunately not the case with every fiber cable, although it could come handy sometimes. How is it normally connected? I guess the switch ports are receive and transmit. Yes. So, does that mean if you connect red on the left port on one switch, you would connect the red on the other side of the cable to the right port of the switch? Probably. Unless the cable manufacturer wants to intentionally screw you and assigns the colors randomly... :) Thanks, Zsombor Thx bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72548t=72544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: a really big bug [7:72463]
At 12:16 AM 7/18/2003 +, Priscilla Oppenheimer wrote: By the way, you work at Cisco, right? Are you a good representation of the current employees? No. Only a few of us post on groupstudy. :) Thanks, Zsombor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72545t=72463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fiber Question [7:72544]
At 01:20 AM 7/18/2003 +, Bill wrote: Just learning basics of fiber communication. Btw, optical communication is indeed an interesting topic. Does anyone have a recommendation for a good book on this? I would be very interested in a book (let alone web site) that explains the fundamental principles (modulation, dispersion, spectral width, etc) in a great detail, but without making my brain explode with thousands of formulas. (Yeah, I know, it's not an easy request.) For example, why exactly do we need that conditioning cable when connecting a MM cable to a SM interface? Thanks, Zsombor I am not sure about which fiber cable I saw but it was orange and basically connected two 3550's together. The fiber had two connectors on each side. One was blue and the other was red. How is it normally connected? I guess the switch ports are receive and transmit. So, does that mean if you connect red on the left port on one switch, you would connect the red on the other side of the cable to the right port of the switch? Thx bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72551t=72544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Re[3]: OSPF max Router-LSA links [7:72024]
At 02:23 PM 7/16/2003 +, Reimer, Fred wrote: This sounds like a simplistic question, but on a link between two routers why would you have a mis-matched MTU? I can see having a MTU in a multi-hop conversation (path MTU) being less than the MTU on the outgoing, or incoming, interface, but on a direct link between two routers shouldn't the MTU be the same? Different vendors might default to different values on the same interface type. In a mixed-media bridging environment the two interfaces that are supposed to exchange OSPF information might be of different types. I can think of many more issues that OSPF having problems if the MTU were mis-matched, like just general connectivity. Pretty much every single file transfer would end up failing; you'd have intermittent connectivity for everyone. Exactly. Or, does an OSPF talk to routers that are beyond its directly connected peers? Only over virtual links. Thanks, Zsombor I always though that when it was said that OSPF routers flood LSAs throughout the network that they just transmit those LSAs to their neighbors, who transmit to their neighbors, etc, until all routers in the area are updated. This as opposed to one OSPF router sending updates to each and every OSPF router in the area, which necessarily may involve going over links in which neither source or destination router was connected, and may have an MTU less than either source or destination. Which one is it? Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Karen E Young [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 16, 2003 7:34 AM To: [EMAIL PROTECTED] Subject: Re[3]: OSPF max Router-LSA links [7:72024] Sorry, accidentally sent the message before I finished my response and DNS problems to boot... If the Interface MTU field is larger than can be accepted without fragmentation, then the packet is rejected. No acknowledgement is sent and the behavior after that is dependent on the vendor. Usually it results in neighbors getting stuck in Exchange or ExStart. In any case, the adjacency will never form. Even if the MTU is smaller than the receiving interface the exchange will fail. There's always one side that's larger and one that's smaller, so one or the other of them will hang. This particular little hole is (unfortunately) due to a fault in OSPF itself since no acknowledgement and situational handling was specified. As a CCIE friend of mine said, However, a vendor could choose to implement something that, after getting no response to DD packets, would decrease the packet size, even sending a really tiny DD packet to continue negotiations and receive DD from the other router, learning its MTU, then adjusting to that. I *think* that would work. - I personally am not aware of any vendors that implement anything like this but I could be wrong... Here's a good discussion of it: http://www.riverstonenet.com/support/ospf/stuckexstart.htm#_Toc515894155 There's also a doc on Cisco about it: http://www.cisco.com/en/US/tech/tk365/tk480/technologies_tech_note09186a0080 093f0d.shtml Here's an interesting thought... what if the router with the larger MTU checked the MTU size of its neighbor, and dynamically adjusted? No guessing involved, just match the smaller MTU and deal with the mismatch? The MTUs could remain mismatched, which might cause frame fragmentation, but the OSPF multicast traffic would be sent with matching MTU sizes. Basically after being hung in ExStart for x seconds, it would send its first DD packet using the same size received by the adjacent router. Just a thought... HTH, Karen A rose by any other name is Cisco specific terminology... *** REPLY SEPARATOR *** On 7/15/2003 at 7:29 AM Zsombor Papp wrote: At 09:48 AM 7/15/2003 +, Karen E Young wrote: KY: According to the RFC (page 99) If the Interface MTU field in the Database Description packet indicates an IP datagram size that is larger than the router can accept on the receiving interface without fragmentation, the Database Description packet is rejected. With this in mind the only time fragmentation should occur is when a virtual link is used since the MTU of a virtual link is set to 0. The Interface MTU field describes the MTU of the sending interface, not the size of the DD packet. Just because the MTU of the sending router is smaller than or equal to that of the receiving router, it doesn't
Re[3]: OSPF max Router-LSA links [7:72024]
MTU is not an OSPF specific value. It would be rather strange if OSPF could adjust it dynamically to its liking. However, a vendor could choose to implement something that, after getting no response to DD packets, would decrease the packet size, How do you know you don't receive response due to packet size? even sending a really tiny DD packet to continue negotiations and receive DD from the other router, learning its MTU, then adjusting to that. I *think* that would work. Sorry, which problem are you trying to solve here? If the MTUs are different on the two routers, then OSPF won't work as per the RFC. So the solution to the MTU mismatch problem IMHO is to make sure that the MTUs match. :) That (ie. that a router doesn't send a packet larger than what its neighbor can digest) sounds like a pretty basic requirement to me. Thanks, Zsombor At 11:34 AM 7/16/2003 +, Karen E Young wrote: Sorry, accidentally sent the message before I finished my response and DNS problems to boot... If the Interface MTU field is larger than can be accepted without fragmentation, then the packet is rejected. No acknowledgement is sent and the behavior after that is dependent on the vendor. Usually it results in neighbors getting stuck in Exchange or ExStart. In any case, the adjacency will never form. Even if the MTU is smaller than the receiving interface the exchange will fail. There's always one side that's larger and one that's smaller, so one or the other of them will hang. This particular little hole is (unfortunately) due to a fault in OSPF itself since no acknowledgement and situational handling was specified. As a CCIE friend of mine said, However, a vendor could choose to implement something that, after getting no response to DD packets, would decrease the packet size, even sending a really tiny DD packet to continue negotiations and receive DD from the other router, learning its MTU, then adjusting to that. I *think* that would work. - I personally am not aware of any vendors that implement anything like this but I could be wrong... Here's a good discussion of it: http://www.riverstonenet.com/support/ospf/stuckexstart.htm#_Toc515894155 There's also a doc on Cisco about it: http://www.cisco.com/en/US/tech/tk365/tk480/technologies_tech_note09186a0080093f0d.shtml Here's an interesting thought... what if the router with the larger MTU checked the MTU size of its neighbor, and dynamically adjusted? No guessing involved, just match the smaller MTU and deal with the mismatch? The MTUs could remain mismatched, which might cause frame fragmentation, but the OSPF multicast traffic would be sent with matching MTU sizes. Basically after being hung in ExStart for x seconds, it would send its first DD packet using the same size received by the adjacent router. Just a thought... HTH, Karen A rose by any other name is Cisco specific terminology... *** REPLY SEPARATOR *** On 7/15/2003 at 7:29 AM Zsombor Papp wrote: At 09:48 AM 7/15/2003 +, Karen E Young wrote: KY: According to the RFC (page 99) If the Interface MTU field in the Database Description packet indicates an IP datagram size that is larger than the router can accept on the receiving interface without fragmentation, the Database Description packet is rejected. With this in mind the only time fragmentation should occur is when a virtual link is used since the MTU of a virtual link is set to 0. The Interface MTU field describes the MTU of the sending interface, not the size of the DD packet. Just because the MTU of the sending router is smaller than or equal to that of the receiving router, it doesn't follow that fragmentation can't occur. Fragmentation occurs because the data (ie. the DD packet) to be sent is larger than the MTU of the *sending* router. Thanks, Zsombor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72395t=72024 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: a default route question.. [7:72211]
I looked at that page in Doyle's book and I thought it's just a simple mistake, or maybe IOS changed since he wrote that, but after reading this: Handling of default routes varies from protocol to protocol. RIP, IGRP, EIGRP and BGP automatically redistribute default routes while OSPF and IS-IS require you to explicitly advertise them with the default-information originate statement in your router configuration. I start to think that these folks (Doyle included) have some basic problem with simple terminology. There is no way BGP automatically redistributes default routes. However it's true that OSPF and ISIS don't advertise the default route even if it's redistributed into them, unless 'default-information originate' is specified. So the statement should be something like RIP, IGRP, EIGRP and BGP automatically advertise default routes that are redistributed into them, while OSPF and ISIS require the 'default-information originate' statement. At least I hope that this is a true statement... :) Btw, where is the Cisco Press errata page? Thanks, Zsombor At 06:57 PM 7/16/2003 +, Priscilla Oppenheimer wrote: wj chou wrote: do you guys know of any newer and good book talking about redistribution and default routes? thanks! There's nothing wrong with the age of Doyle's Routing TCP/IP Volume I. The poster who claimed that didn't know the difference between a second edition and a second volume. Doyle published a second volume because he had more to say (on BGP, IPv6, multicast). He didn't publish it because his first volume was out-dated or wrong. A second edition updates a book. A second volume supplements it. Doyle hasn't published a second edition because there's no need for one yet. How much have routing protocols changed in the last few years? Not much. Plus if you can believe the errata at Cisco Press's site for Doyle Volume 1, there were only 2 mistakes in the book!? (I think that's a mistake, as in they forgot to publish the rest of the pages. Although Doyle's book is terrific, I doubt that it really only has 2 mistakes? But maybe. Check with Cisco Press. See if you can get them to publish a better errata) Anyway, I believe what you are questioning is this statement from Doyle, volume 1: After a default route is identified in the routing table, RIP, EIGRP, IGRP will automatically advertise it. There's a good paper on redistribution at CertificationZone, written by a frequent contributor to this list, John Neiberger, and Ron Trunk. The paper agrees with Doyle: Handling of default routes varies from protocol to protocol. RIP, IGRP, EIGRP and BGP automatically redistribute default routes while OSPF and IS-IS require you to explicitly advertise them with the default-information originate statement in your router configuration. I suggest you send us your config. There's probably some weird wrinkle related to network classes or something. You may want to start a new thread. People that use the Web site don't look at messages that are this old sometimes Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72428t=72211 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: a default route question.. [7:72211]
I looked at that page in Doyle's book and I thought it's just a simple mistake, or maybe IOS changed since he wrote that, but after reading this: Handling of default routes varies from protocol to protocol. RIP, IGRP, EIGRP and BGP automatically redistribute default routes while OSPF and IS-IS require you to explicitly advertise them with the default-information originate statement in your router configuration. I start to think that these folks (Doyle included) have some basic problem with simple terminology. Actually this terminology might not be that simple after all, as it is not clear whether something was redistributed unless it is advertised to peers. So revised statement below. Also, I just realized that my above sentence sounds less respectful than I intended, so I thought I would mention that I learnt a lot from Routing TCP/IP and it's probably the most useful networking book I've ever read. There is no way BGP automatically redistributes default routes. However it's true that OSPF and ISIS don't advertise the default route even if it's redistributed into them, unless 'default-information originate' is specified. So the statement should be something like RIP, IGRP, EIGRP and BGP automatically advertise default routes that are redistributed into them, while OSPF and ISIS require the 'default-information originate' statement. At least I hope that this is a true statement... :) Probably this one is better: RIP, IGRP, EIGRP and BGP automatically accept default routes that are redistributed into them, while OSPF and ISIS silently reject the redistributed default route unless 'default-information originate' is configured. Thanks, Zsombor Btw, where is the Cisco Press errata page? Thanks, Zsombor At 06:57 PM 7/16/2003 +, Priscilla Oppenheimer wrote: wj chou wrote: do you guys know of any newer and good book talking about redistribution and default routes? thanks! There's nothing wrong with the age of Doyle's Routing TCP/IP Volume I. The poster who claimed that didn't know the difference between a second edition and a second volume. Doyle published a second volume because he had more to say (on BGP, IPv6, multicast). He didn't publish it because his first volume was out-dated or wrong. A second edition updates a book. A second volume supplements it. Doyle hasn't published a second edition because there's no need for one yet. How much have routing protocols changed in the last few years? Not much. Plus if you can believe the errata at Cisco Press's site for Doyle Volume 1, there were only 2 mistakes in the book!? (I think that's a mistake, as in they forgot to publish the rest of the pages. Although Doyle's book is terrific, I doubt that it really only has 2 mistakes? But maybe. Check with Cisco Press. See if you can get them to publish a better errata) Anyway, I believe what you are questioning is this statement from Doyle, volume 1: After a default route is identified in the routing table, RIP, EIGRP, IGRP will automatically advertise it. There's a good paper on redistribution at CertificationZone, written by a frequent contributor to this list, John Neiberger, and Ron Trunk. The paper agrees with Doyle: Handling of default routes varies from protocol to protocol. RIP, IGRP, EIGRP and BGP automatically redistribute default routes while OSPF and IS-IS require you to explicitly advertise them with the default-information originate statement in your router configuration. I suggest you send us your config. There's probably some weird wrinkle related to network classes or something. You may want to start a new thread. People that use the Web site don't look at messages that are this old sometimes Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72430t=72211 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: a default route question.. [7:72211]
At 10:19 PM 7/16/2003 +, Priscilla Oppenheimer wrote: To be fair, I just checked, and Doyle didn't say anthing about redistribution. The example simply shows configuring ip route 0.0.0.0 0.0.0.0 192.168.1.82 The text says that the router that has that config (which is running RIP by the way) advertises the default to other RIP routers. It goes on to say: After a default route is identified in the routing table, RIP, EIGRP, IGRP will automatically advertise it. That's right, isn't it? I don't think so. That's what the original poster questioned and I agree with him. If it is right, then I take back everything. Well, except that about BGP, there I am 100% sure nothing happens automatically. :) If it were OSPF you would need redistribution And a 'default-info orig' as well. Thanks, Zsombor , but not for those others? That was the original question. Sorry I confused it with the statement from CertZone, which really meant to cover a different situation. :-) Thanks, Priscilla John Neiberger wrote: Zsombor Papp 7/16/03 3:42:18 PM I looked at that page in Doyle's book and I thought it's just a simple mistake, or maybe IOS changed since he wrote that, but after reading this: Handling of default routes varies from protocol to protocol. RIP, IGRP, EIGRP and BGP automatically redistribute default routes while OSPF and IS-IS require you to explicitly advertise them with the default-information originate statement in your router configuration. I start to think that these folks (Doyle included) have some basic problem with simple terminology. Actually this terminology might not be that simple after all, as it is not clear whether something was redistributed unless it is advertised to peers. So revised statement below. Also, I just realized that my above sentence sounds less respectful than I intended, so I thought I would mention that I learnt a lot from Routing TCP/IP and it's probably the most useful networking book I've ever read. There is no way BGP automatically redistributes default routes. However it's true that OSPF and ISIS don't advertise the default route even if it's redistributed into them, unless 'default-information originate' is specified. So the statement should be something like RIP, IGRP, EIGRP and BGP automatically advertise default routes that are redistributed into them, while OSPF and ISIS require the 'default-information originate' statement. At least I hope that this is a true statement... :) Probably this one is better: RIP, IGRP, EIGRP and BGP automatically accept default routes that are redistributed into them, while OSPF and ISIS silently reject the redistributed default route unless 'default-information originate' is configured. Thanks, Zsombor Actually, I think I wrote that line and it is a little confusing, perhaps. I took great care to be specific with my terminology but it's easy to slip back into bad habits from time to time. Many people use terms in a haphazard way (like redistribute, advertise, originate, export, import, accept) without fully considering the implications of using one term over another. With Howard's approval perhaps we should have CZ update that line with your edited version! I like your version better, anyway. :-) Thanks, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72442t=72211 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: a default route question.. [7:72211]
Which IOS version are you using? Would you mind to send us the configs? Here is mine with 12.2S: === R1 === ! version 12.2 ! ip subnet-zero ! ! ip cef ! interface Ethernet1/0 ip address 10.4.5.213 255.255.255.0 duplex half ! interface FastEthernet2/0 ip address 10.0.0.3 255.255.255.0 duplex half ! router rip network 10.0.0.0 ! ip classless ip route 0.0.0.0 0.0.0.0 10.4.5.1 ! end --- sh ip route --- Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 10.4.5.1 to network 0.0.0.0 10.0.0.0/24 is subnetted, 2 subnets C 10.0.0.0 is directly connected, FastEthernet2/0 C 10.4.5.0 is directly connected, Ethernet1/0 S* 0.0.0.0/0 [1/0] via 10.4.5.1 === End of R1 === === R2 === ! version 12.2 ! ip subnet-zero ! ip cef ! interface FastEthernet2/0 ip address 10.0.0.2 255.255.255.0 duplex half ! router rip network 10.0.0.0 ! ip classless ! end --- sh ip route --- Gateway of last resort is not set 10.0.0.0/24 is subnetted, 2 subnets C 10.0.0.0 is directly connected, FastEthernet2/0 R 10.4.5.0 [120/1] via 10.0.0.3, 00:00:22, FastEthernet2/0 === End of R2 === Thanks, Zsombor At 12:27 AM 7/17/2003 +, Priscilla Oppenheimer wrote: Zsombor Papp wrote: At 10:19 PM 7/16/2003 +, Priscilla Oppenheimer wrote: To be fair, I just checked, and Doyle didn't say anthing about redistribution. The example simply shows configuring ip route 0.0.0.0 0.0.0.0 192.168.1.82 The text says that the router that has that config (which is running RIP by the way) advertises the default to other RIP routers. It goes on to say: After a default route is identified in the routing table, RIP, EIGRP, IGRP will automatically advertise it. That's right, isn't it? I don't think so. That's what the original poster questioned and I agree with him. If it is right, then I take back everything. RIP does automatically advertise a default route on my routers. Check this out: Albany#show ip route Gateway of last resort is 10.10.0.2 to network 0.0.0.0 10.0.0.0 255.255.255.0 is subnetted, 1 subnets C 10.10.0.0 is directly connected, Ethernet0 172.16.0.0 255.255.255.0 is subnetted, 2 subnets C 172.16.50.0 is directly connected, Ethernet1 C 172.16.20.0 is directly connected, TokenRing0 R* 0.0.0.0 0.0.0.0 [120/1] via 10.10.0.2, 00:00:06, Ethernet0 Albany learned that last route from another router that is configured for RIP on their shared network and has a static route that points to another router. I didn't configure redistribution. But, alas, this didn't work on IGRP or EIGRP. So if anyone has a good errata for Doyle, Volume I, is this in it? Priscilla Well, except that about BGP, there I am 100% sure nothing happens automatically. :) If it were OSPF you would need redistribution And a 'default-info orig' as well. Thanks, Zsombor , but not for those others? That was the original question. Sorry I confused it with the statement from CertZone, which really meant to cover a different situation. :-) Thanks, Priscilla John Neiberger wrote: Zsombor Papp 7/16/03 3:42:18 PM I looked at that page in Doyle's book and I thought it's just a simple mistake, or maybe IOS changed since he wrote that, but after reading this: Handling of default routes varies from protocol to protocol. RIP, IGRP, EIGRP and BGP automatically redistribute default routes while OSPF and IS-IS require you to explicitly advertise them with the default-information originate statement in your router configuration. I start to think that these folks (Doyle included) have some basic problem with simple terminology. Actually this terminology might not be that simple after all, as it is not clear whether something was redistributed unless it is advertised to peers. So revised statement below. Also, I just realized that my above sentence sounds less respectful than I intended, so I thought I would mention that I learnt a lot from Routing TCP/IP and it's probably the most useful networking book I've ever read. There is no way BGP automatically redistributes default routes. However it's true that OSPF and ISIS don't advertise the default route even if it's redistributed into them, unless 'default-information originate' is specified. So the statement should
Re[2]: OSPF max Router-LSA links [7:72024]
At 09:48 AM 7/15/2003 +, Karen E Young wrote: KY: According to the RFC (page 99) If the Interface MTU field in the Database Description packet indicates an IP datagram size that is larger than the router can accept on the receiving interface without fragmentation, the Database Description packet is rejected. With this in mind the only time fragmentation should occur is when a virtual link is used since the MTU of a virtual link is set to 0. The Interface MTU field describes the MTU of the sending interface, not the size of the DD packet. Just because the MTU of the sending router is smaller than or equal to that of the receiving router, it doesn't follow that fragmentation can't occur. Fragmentation occurs because the data (ie. the DD packet) to be sent is larger than the MTU of the *sending* router. Thanks, Zsombor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72302t=72024 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Fiber ? [7:72260]
At 09:46 AM 7/15/2003 -0400, Reimer, Fred wrote: Probably because LX GBICs transfer longer than SX GBICs, even over multi-mode fiber. Is this a fact? The Cisco datasheet shows 550m max over MMF, both for LX and SX GBICs. I don't know why 50 micron multi-mode is being used. I'd use the industry standard 62.5/125 multi-mode fiber instead. I guess it's too late for that. And actually, 50/125 is pretty common, too (at least in literature... :). More to the original question, here is the result of a minimal-effort search on Google (for 50 conditioning cable): http://www.stonewallcable.com/dept.asp?dept_id=50 Thanks, Zsombor Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Zsombor Papp [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 5:52 PM To: [EMAIL PROTECTED] Subject: Re: Fiber ? [7:72260] Why don't you just get multimode GBICs? Thanks, Zsombor At 07:43 PM 7/14/2003 +, Schlotterer, Matthew wrote: Hello, I'm currently looking to run multimode 50 micron 1300 nm fiber from building to building. Then once at each building the fiber will be terminated. From the termination point the fiber is going into a Cisco 2950-G 48 w/ 1000BASE-LX GBIC on both sides. From what I've read I need a fiber optic mode conditioning patch cables to go from the termination point to the Cisco switches. This is because it is running multimode between the buildings and the Cisco switch runs at single mode. Problem lies in that the optic mode conditioning patch cables come only in 62.5 micron cables. Has anyone had experience with this? Is the 62.5 micron going to cause a problem with the 50 micron between buildings? Any input/feedback would be appreciated. Mode Conditioning Example: http://www.l-com.com/content/ResourceCenter/Tips/pages/fiber_06.htm Thanks!!! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72311t=72260 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: switch default gateway question [7:72288]
If you mean a L2 device when you say switch, then those don't forward packets from the PCs based on default gateway. If this is news to you, then I am a bit worried about the outcome of this renumbering exercise... :) Anyway, I think you need to configure the secondary IP addresses only on the interfaces which face PCs (I would configure the *old* address as secondary). Every other interface can be readdressed in one step, one network segment at a time, along with the corresponding static routes (will be fun... have you thought about dynamic routing? :). I also don't think you need *floating* static routes, just an ordinary static route pointing to the new subnets (you need floating static routes when you have multiple ways to the same destination, not when you have two destinations at the end of the same way). When you set up all this, you can start moving the hosts (ie. PCs *and* the switches) to the new subnets, and that's about it. Thanks, Zsombor At 09:47 AM 7/15/2003 +, gab S.E jones wrote: Basically I want to know how best to approach the situation. Our network is all statically mapped no dynamic routing our switches(4506,3550,6509) are going to be changed to a different address range. the switches can accept more than one default gateway. The core routers addresses has to be changed to the same subnet as the switches soon 1)the switch old ip address is on a 11/8 address pointing to the core router(interface) with a 11/8 address 2)now the switch addresses are being changed to a 10/16(subnetted) address and the default gateway has to point to the core with a 10/16 address as well Myu approach was to 1)configure the swith with another default pointing to a 10/16 2)configure a secondary interface on the core with a 10/16 address 3)the other core routers connected to this core will be also given a secondary of 10/16 address 4)then on the core routers put floating statics for all our original routes to point to the default GW 10/16 addresses I presume that because the swithes now have to defalt GW statements that the swith will automatically send packest for pc's of 10 and 11 addresses. While we slowly migrate all our lan devices to the new 10/16 GW 5)will start gradually changing the lan devices to start pointing to the 10/16 GW Please correct me if im thinking of this the wrong way. Any advice will be greatly appreciated My apologies if I didnt explain myself properly regards, seun Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72317t=72288 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: switch default gateway question [7:72288]
At 05:26 PM 7/15/2003 +0100, gab.seun jones.ewulomi wrote: As suggested before creating another vlan would be more ideal. Why would it be more ideal? Yes agreed we know that floating statics are used when you have multiple ways to the same destination in which you can load balnace or use as a backup. Floating statics can be used only for backup, not for load balancing. In which if im correct in the case of load balancing you can load balance traffic to the same destinating but using differnt paths or links If you want to have load balancing, then you better start looking into dynamic routing. Thanks, Zsombor Thanks Zsombor regards, seun From: Zsombor Papp To: gab S.E jones CC: [EMAIL PROTECTED] Subject: Re: switch default gateway question [7:72288] Date: Tue, 15 Jul 2003 09:01:06 -0700 If you mean a L2 device when you say switch, then those don't forward packets from the PCs based on default gateway. If this is news to you, then I am a bit worried about the outcome of this renumbering exercise... :) Anyway, I think you need to configure the secondary IP addresses only on the interfaces which face PCs (I would configure the *old* address as secondary). Every other interface can be readdressed in one step, one network segment at a time, along with the corresponding static routes (will be fun... have you thought about dynamic routing? :). I also don't think you need *floating* static routes, just an ordinary static route pointing to the new subnets (you need floating static routes when you have multiple ways to the same destination, not when you have two destinations at the end of the same way). When you set up all this, you can start moving the hosts (ie. PCs *and* the switches) to the new subnets, and that's about it. Thanks, Zsombor At 09:47 AM 7/15/2003 +, gab S.E jones wrote: Basically I want to know how best to approach the situation. Our network is all statically mapped no dynamic routing our switches(4506,3550,6509) are going to be changed to a different address range. the switches can accept more than one default gateway. The core routers addresses has to be changed to the same subnet as the switches soon 1)the switch old ip address is on a 11/8 address pointing to the core router(interface) with a 11/8 address 2)now the switch addresses are being changed to a 10/16(subnetted) address and the default gateway has to point to the core with a 10/16 address as well Myu approach was to 1)configure the swith with another default pointing to a 10/16 2)configure a secondary interface on the core with a 10/16 address 3)the other core routers connected to this core will be also given a secondary of 10/16 address 4)then on the core routers put floating statics for all our original routes to point to the default GW 10/16 addresses I presume that because the swithes now have to defalt GW statements that the swith will automatically send packest for pc's of 10 and 11 addresses. While we slowly migrate all our lan devices to the new 10/16 GW 5)will start gradually changing the lan devices to start pointing to the 10/16 GW Please correct me if im thinking of this the wrong way. Any advice will be greatly appreciated My apologies if I didnt explain myself properly regards, seun _ Use MSN Messenger to send music and pics to your friends http://www.msn.co.uk/messenger Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72325t=72288 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Standard ACLs and distribute-list [7:72253]
I think what Tom said is correct. The wildcard bits are just wildcard bits, not a pattern for the prefix to match. I seem to remember that the second (destination) IP address/wildcard in an extended ACL can be used to match the prefix of an advertised route. Thanks, Zsombor At 02:46 PM 7/15/2003 +, Reimer, Fred wrote: So would it match a network of 131.108.0.0/24? From what Cisco says, that it matches the classful mask if none is specified, it should not match. From what you say it sounds like you think it would match. I don't think wildcard bits are real wildcard bits when used in a distribute list. I think they are used to match the prefix of the route in the routing table. Your theory about 131.108.0.0 0.0.255.255 possibly matching other networks, such as 131.108.1.0/24 (presumably /24) and 131.108.2.0/24 is an interesting theory, but I'd like to know the facts. I don't have time to test this at the moment myself, but I certainly will once we get our CCIE lab up and running. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Tom Martin [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 9:27 AM To: [EMAIL PROTECTED] Subject: Re: Standard ACLs and distribute-list [7:72253] Fred, If the access-list were applied as an inbound or outbound interface filter, it would match a single host. Since the access-list is being applied using a distribution list it doesn't match just a single host -- it matches the network 131.108.0.0 and must match every bit exactly. It wouldn't hurt to have access-list 1 permit 131.108.0.0 0.0.255.255, which also matches 131.108.0.0. But in theory it could also allow other networks to be advertised (such as 131.108.1.0, 131.108.2.0, etc). Since you're running RIP I this wouldn't be an issue, but personally I think having the specific host match is cleaner. Remember that the wildcard only specifies which bits must be an exact match and which bits are wild. Using the host keyword (or wildcard 0.0.0.0) does not necessarily imply that you are matching a host, it just means that every bit must match! Cisco's documentation was not wrong. - Tom Reimer, Fred wrote: Here's what should be a simple question. If standard access lists are used with a distribute list, how is the mask treated if none is specified in an ACE? The Cisco documentation says: The following router configuration mode example causes only one network (network 131.108.0.0) to be advertised by a RIP routing process: access-list 1 permit 131.108.0.0 access-list 1 deny 0.0.0.0 255.255.255.255 router rip network 131.108.0.0 distribute-list 1 out I asked one of the mentors at KnowledgeNet, and they said: That is not a network, 131.108.0.0. It is a host. You must add the wildcard mask to make it a network address. Sorry, but the Cisco doc is incorrect. So, the entry in the routing table is 131.108.0.0/16, yet Cisco documentation says that a ACE entry of 131.108.0.0 with no wildcard specified, would match. How, exactly, does IOS match routing entries when using a standard ACL in a distribute list? Does it consider any ACEs without a mask to have a normal classful mask? Like 131.108.0.0 would have a mask of /16, and 192.168.1.0 would have a mask of /24? Another example in the IOS 12.2 docs is: In the following example, access list 1 is applied to outgoing routing updates, and Intermediate Sytem-to-Intermediate System (IS-IS) is enabled on Ethernet interface 0. Only network 131.131.101.0 will be advertised in outgoing IS-IS routing updates. router isis redistribute ospf 109 distribute-list 1 out interface Ethernet 0 ip router isis access-list 1 permit 131.131.101.0 0.0.0.255 So, it would appear that if you don't want the classful mask to be used (when none is specified in the ACE) then you need to include wildcard bits. Thanks, Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not
RE: switch default gateway question [7:72288]
I guess missed a few details in the original email. :) If the question is how to move from a flat switched network to a subnetted routed network, then adding new VLAN might be a good idea (even though it's not always necessary; for example, if every switch is directly connected to a router then every switch can handle one subnet with just one VLAN). Just for renumbering, however, I think using secondary addresses is a much better solution than moving hosts to another vlan (and then removing the old vlan). Vlans are not any easier to deal with than secondary addresses, and both 10/16 and 11/8 floating around on the same VLAN is completely irrelevant, IMHO. Thanks, Zsombor At 02:36 PM 7/15/2003 -0400, Reimer, Fred wrote: As suggested before creating another vlan would be more ideal. Why would it be more ideal? Because it is cleaner. With the proposed solution you would be dealing with secondary addresses, traffic for both 10/16 and 11/8 floating around on the same VLAN, etc. Besides, it sounds like the network is flat now, with an 11/8 subnet (if you can call that a subnet). They are moving to a 10/16 address space, that is subnetted. I'd assume a logical breakout like 10.0.2.0/23 10.0.4.0/23 10.0.6.0/23 etc, based on geographic location (separate subnet per IDF or floor). It would be pretty hard to do that all on one VLAN... So you are going to be moving 2000 PC's that are all in one VLAN to a bunch of separate VLANs. This is assuming a lot, but it's not like we were sent a Visio diagram of the existing and planned network... Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Zsombor Papp [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 12:55 PM To: [EMAIL PROTECTED] Subject: Re: switch default gateway question [7:72288] At 05:26 PM 7/15/2003 +0100, gab.seun jones.ewulomi wrote: As suggested before creating another vlan would be more ideal. Why would it be more ideal? Yes agreed we know that floating statics are used when you have multiple ways to the same destination in which you can load balnace or use as a backup. Floating statics can be used only for backup, not for load balancing. In which if im correct in the case of load balancing you can load balance traffic to the same destinating but using differnt paths or links If you want to have load balancing, then you better start looking into dynamic routing. Thanks, Zsombor Thanks Zsombor regards, seun From: Zsombor Papp To: gab S.E jones CC: [EMAIL PROTECTED] Subject: Re: switch default gateway question [7:72288] Date: Tue, 15 Jul 2003 09:01:06 -0700 If you mean a L2 device when you say switch, then those don't forward packets from the PCs based on default gateway. If this is news to you, then I am a bit worried about the outcome of this renumbering exercise... :) Anyway, I think you need to configure the secondary IP addresses only on the interfaces which face PCs (I would configure the *old* address as secondary). Every other interface can be readdressed in one step, one network segment at a time, along with the corresponding static routes (will be fun... have you thought about dynamic routing? :). I also don't think you need *floating* static routes, just an ordinary static route pointing to the new subnets (you need floating static routes when you have multiple ways to the same destination, not when you have two destinations at the end of the same way). When you set up all this, you can start moving the hosts (ie. PCs *and* the switches) to the new subnets, and that's about it. Thanks, Zsombor At 09:47 AM 7/15/2003 +, gab S.E jones wrote: Basically I want to know how best to approach the situation. Our network is all statically mapped no dynamic routing our switches(4506,3550,6509) are going to be changed to a different address range. the switches can accept more than one default gateway. The core routers addresses has to be changed to the same subnet as the switches soon 1)the switch old ip address is on a 11/8 address pointing to the core router(interface) with a 11/8 address 2)now the switch addresses are being changed to a 10/16(subnetted) address and the default gateway has to point to the core with a 10/16 address as well Myu approach was to 1)configure the swith with another default pointing to a 10/16 2)configure a secondary interface on the core
Re: CEF Per-packet load sharing [7:72232]
Hi, you can turn on per-packet load sharing on a per-interface basis. You can also disable CEF on a per-interface basis once it is enabled globally, but you probably don't want to do this. I don't think there is any performance difference between per-flow and per-packet load sharing when using CEF. Thanks, Zsombor At 09:10 AM 7/14/2003 +, Tim Champion wrote: Does anyone know of any performance limitations relating to the use of per-packet load sharing in conjunction with CEF EIGRP? I only want to use it on 2 VLAN interfaces so is it possible to configure on a per-interface basis or just globally? Many thanks Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72245t=72232 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fiber ? [7:72260]
Why don't you just get multimode GBICs? Thanks, Zsombor At 07:43 PM 7/14/2003 +, Schlotterer, Matthew wrote: Hello, I'm currently looking to run multimode 50 micron 1300 nm fiber from building to building. Then once at each building the fiber will be terminated. From the termination point the fiber is going into a Cisco 2950-G 48 w/ 1000BASE-LX GBIC on both sides. From what I've read I need a fiber optic mode conditioning patch cables to go from the termination point to the Cisco switches. This is because it is running multimode between the buildings and the Cisco switch runs at single mode. Problem lies in that the optic mode conditioning patch cables come only in 62.5 micron cables. Has anyone had experience with this? Is the 62.5 micron going to cause a problem with the 50 micron between buildings? Any input/feedback would be appreciated. Mode Conditioning Example: http://www.l-com.com/content/ResourceCenter/Tips/pages/fiber_06.htm Thanks!!! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72269t=72260 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: was CEF and per packet load sharing [7:72258]
At 06:18 PM 7/14/2003 +, p b wrote: Consider two routers which have 3 GEs between them (no L2 device between them). Is it better to configure each of these GEs as a standalone L3 connection or to combine them GEs into an etherchannel (802.1ae?) bundle? My $0.02 would be to keep them at L3 and not run another protocol underneath to enable bundling. Bundling is useful to decrease L3 complexity (less IP addresses, less links, less instability in routing). The question I've heard with this approach is how granular the load splitting works when splitting load across three interfaces. I think the Cisco implementation splits based on flow (not quite sure what flow exactly means in this context but it is not that important), so the load might be split unevenly. If CEF does per packet load splitting, would the load be (nearly) equal across the three interfaces (eg within 1-2% at all times)? Should be. Unless you construct traffic specifically to screw it up, like send 2 64 byte packets, then a 1500 byte packet, and then repeat... :) When using per packet CEF, is there an issue with packets being received out of order? Yes. (Consider some flow where a large packet is sent over one interface and the following flow packet is small and sent over another interface. The small packet might be received completely before the large packet. Does per packet CEF address this issue?) No. How could it? CEF is a decision making mechanism local to the router, not an encapsulation. Thanks, Zsombor I had heard that etherchannel (or the IEEE derivative) would support nearly equal load splitting across N interfaces. And it also defines a mechanism so that the receiving router would be able to detect and re-order packets which arrive out of order). Comments? Pointers to relevant docs? THanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72273t=72258 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Automatic cutover between wireless and satellite internet [7:72276]
Hi, what does cutover mean? In other words, how does the satellite provider determine that you are using the link (I guess it's not traffic as you said it's per minute)? Is it like a dialup connection? What is on the other side of the 802.11b access point? Is there a router there to which your router is talking to? If not, how do you expect the router to realize that the wireless link went down? Or did I misunderstand and the wireless interface is in the router? If so, what kind of router are we talking about? Thanks, Zsombor At 10:22 PM 7/14/2003 +, Duncan Wallace wrote: Has anyone run into an scenario like this before. I have a router that is mobile. It is connected to a workgroup switch of a few laptops. I have two other interfaces (internet connections) that are connected to a satellite (128k) and an 802.11b access point. What I want to do is utilize the satellite link when I am out in the field. When I return to my base area, I would like it to automatically cutover to the wireless link, as well as back to the satellite when I roam away from the base area. (I get charged by the minute for my satellite, plus the wireless is faster) I feel like this should be pretty easy, but for the life of me can't figure out how to proceed... Thanks in advance, Duncan Wallace [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72276t=72276 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF max Router-LSA links [7:72024]
At 07:54 AM 7/12/2003 +, Hemingway wrote: hebn wrote in message news:[EMAIL PROTECTED] layer 2 frame has a MTU of 1500 bytes. how does cisco router propagate router-lsa whose size exceed 1500 bytes(more than 122 links in one area)? I've browsed through the other responses, and I did not see this particular piece of information, but it being late perhaps I missed it. I understand this question to mean what if there are lots of routes, so many that the LSA would end up larger than the MTU For the sake of clarity: OSPF, being a link-state protocol, doesn't advertise routes, and the size of the LSAs doesn't depend on the number of routes. Apologies if this is obvious; from the above statement and based on the previous discussion I thought it might not be. I would also like to mention that LSAs are not exchanged only between neighbors, they are flooded throughout the OSPF domain (depending on type and area configuration, as I am sure everybody knows :). I think this simple fact has far-reaching consequences as far as the nature and handling of LSAs are concerned. As I read the RFC ftp://ftp.rfc-editor.org/in-notes/rfc2328.txt, beginning on page 194 of said document, OSPF knows the link MTU, and would contruct it's LSA's based on that information. My understanding is that the only thing that influences how the LSAs are constructed is the topology. I would be curious to see where the RFC says otherwise. LSAs are not equivalent to DD packets. (And FWIW, page numbers in the RFCs are on the bottom of the pages... :) As for the OSPF *packets* being constructed based on MTU, that is surely a possibility. The IOS *implementation* however doesn't care about the MTU, as far as I can tell. Within the database description packet, there is the M bit, which indicates whether or not there are additional database description packets following. The receiving router would see that a particular DDP M bit is marked on and would expect more. When the last DDP is received ( M bit marked off ) then the current DD sequence number becomes the reference number for the link state database. Future LSA's would have to have a higher sequence number in order to be considered updates. Which part of the RFC says that the DD sequence numbers have something to do with the identification of LSAs? How will this identification method work if the same (instance of an) LSA reaches the router from two directions (see flooding)? IMHO, DDPs constitute the transport mechanism, while LSAs are the data to be transported, so what you are saying above is alike to claiming that, for example, web pages are identified by TCP sequence numbers. Thanks, Zsombor Howard? I think this answers the original question, although one never can tell. -Hem- __ === [EMAIL PROTECTED] (http://bizsite.sina.com.cn) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72184t=72024 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: problem with 7206 router. [7:72177]
Default solution is to boot up the image on the flash card, format bootflash, and copy a new bootloader image onto it, but you might need just remove a few files from bootflash: so that the bootloader is the first file. What does 'show bootflash:' show? Thanks, Zsombor At 08:23 AM 7/12/2003 +, Xy Hien Le wrote: Hi everyone, I bought a 7206 router and it booted up as follow before booting by the Flash Card contains IOS. I think the internal flash device is missing or corrupted. Anyone have any sugestion how I can fix this? Here is the boot up output: System Bootstrap, Version 11.1(5) [mkamson 5], RELEASE SOFTWARE (fc1) Copyright (c) 1994 by cisco Systems, Inc. C7200 processor with 65536 Kbytes of main memory monlib does not contain a valid magic number boot: cannot open bootflash: an alternate boot helper program is not specified (monitor variable BOOTLDR is not set) and unable to determine first file in bootflash loadprog: error - on file open boot: cannot load cisco2-C7200 And it will booted with the image installed in the Flash Card... Any sugestion is much apreciated. Xy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72186t=72177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: spanning trees over the same trunk port [7:72174]
By depleting shared resources (trunks and CPU cycles). Thanks, Zsombor At 08:02 AM 7/12/2003 +, fdfdfdfd fdfdfdf wrote: how loops in one spanning tree affect other spanning trees? thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72187t=72174 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RADIUS [7:72170]
At 04:50 AM 7/12/2003 +, Chirag Arora wrote: Hello I have two radius servers configured on my AS5400. CAn anyone tell how will the requests go??What i can see the AS5400 sends the requests to first server listed, and if the server does not responds for 3 queries , it sends to the 2nd server. Yes, 3 is the default. See 'radius-server retransmit' and 'radius-server host retransmit' commands. But will it not happen that every request will be sent to the 1st server and then to the 2nd server. Of course. I also want that when the 1st server is recovered the queries start going to it rather than to the 2nd server without any service disruption. Plz help thanks in advance See 'radius-server deadtime'. Thanks, Zsombor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72188t=72170 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF max Router-LSA links [7:72024]
At 10:15 PM 7/12/2003 +, Hemingway wrote: Zsombor Papp wrote in message news:[EMAIL PROTECTED] At 07:54 AM 7/12/2003 +, Hemingway wrote: hebn wrote in message news:[EMAIL PROTECTED] layer 2 frame has a MTU of 1500 bytes. how does cisco router propagate router-lsa whose size exceed 1500 bytes(more than 122 links in one area)? I've browsed through the other responses, and I did not see this particular piece of information, but it being late perhaps I missed it. I understand this question to mean what if there are lots of routes, so many that the LSA would end up larger than the MTU For the sake of clarity: OSPF, being a link-state protocol, doesn't advertise routes, and the size of the LSAs doesn't depend on the number of routes. Apologies if this is obvious; from the above statement and based on the previous discussion I thought it might not be. well, sure, but it advetises something, and those somethings end up in routing tables, correct? :- Sure. The point I was trying to make is that this information flow is not bi-directional: the information in the LSAs will be transformed into routes and those routes will be installed into the routing table, however the LSAs sent out by a router are not based on the routes installed into the routing table. Consequently there is no close relationship between the number of routes and the size of the individual LSAs. As I read the RFC ftp://ftp.rfc-editor.org/in-notes/rfc2328.txt, beginning on page 194 of said document, OSPF knows the link MTU, and would contruct it's LSA's based on that information. My understanding is that the only thing that influences how the LSAs are constructed is the topology. I would be curious to see where the RFC says otherwise. LSAs are not equivalent to DD packets. IIRC, the RFC's state the result, but do not necessarily describe how the result is to be obtained. Not having access to the code or to the programmers, I can't say what is or is not done. I'm speculating that the MTU information is available, and it would, to me at least, not be that difficult to construct LSA's or DDP's such that packet fragmentation does not have to occur. I think we are discussing a theoretical question, not the implementation, so all you need to have access to is the RFC. I claim that it is sometimes impossible to avoid IP-level fragmentation, regardless of how big your MTU or how good your OSPF implementation is. Specifically, if a router has a large enough number of interfaces in the same OSPF area, then that router will have to generate a huge (type 1) LSA, and that LSA (more exactly *any* LSA, but let's focus on a specific example) can be fragmented only at the IP layer. If you disagree, then please describe how your OSPF implementation will generate two LSAs that are individually smaller than the MTU, and that my (RFC2328 compliant) OSPF implementation must understand (and recognize the second one as an extension to the first). I would start at the top of Page 116, where it says: The LSA header contains the LS type, Link State ID and Advertising Router fields. The combination of these three fields uniquely identifies the LSA. Based on this, if my OSPF implementation receives two LSAs, both having the same LS type (1), Link State ID (your router's OSPF ID), and Advertising Router (again, your router's OSPF ID), one describing the first half of your interfaces, the other describing the second half of your interfaces, then it would consider the second LSA a newer instance of the first one and conclude that the first half of your interfaces suddenly disappeared and at the same time the second half came to life. Now tell me where I violated the RFC. :) As for the OSPF *packets* being constructed based on MTU, that is surely a possibility. The IOS *implementation* however doesn't care about the MTU, as far as I can tell. I've never worked in a network with enough routes to know. I certainly can't duplicate that in my home lab. Again, it's not the number of routes... also, you can change the MTU easily to a lower number if you just want to verify this particular statement. or rather, I really have better things to do :- Then you will have to believe me, hehe. :) Which part of the RFC says that the DD sequence numbers have something to do with the identification of LSAs? How will this identification method work if the same (instance of an) LSA reaches the router from two directions (see flooding)? well, I guess I'm being less than rigorous about my terminology. but the sequence number is part of the authentication process, isn't it. if a router receives a DDP with a lower sequence number than that which is current in it's OSPF database, the DDR is rejected, is it not? I think we are one layer above DD sequence numbers. Can we just assume that the database exchange works properly and focus on what the receiver router learns in terms