Re: Serial Line problems [7:31426]
Usually if it completely fails, it's faulty telco equip. Their stuff can freak out (if it's faulty) if it see's all ones (has to do with the 12.5% rule in B8ZS), all zero's (same principal) 4040 is a test pattern the telco sends out. ABCD is another test pattern. The fact that it works better messes me up! I still say it's a clocking issue, very dirty, old lines to CO (In Boston's downtown financial district, there's a CO only 1/2 mile from most of the tall buildings, but the wiring underground is horrible. I hate getting calls out to there, especially on rainy days.) or faulty equip on your side. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Serial Line problems [7:31426]
I didn't see the output of the int and service mod. You got major timing issues with the clock on the line. That's your problem. Have them check it and make sure you have the correct number of channels. Is it a Full T? Also try swapping out the Wic t1, could be a bad piece of hardware. But you have timing issues. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Serial Line problems [7:31426]
are you sending the packets with the DF bit set? Check that. try all ones or 4040 or all zero's pings. If those don't go trough, it's probably the lec. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CIR and Routing Protocols?? [7:31424]
No only bandwidth command. Can the capacity of a link, yes. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
QOS test [7:31422]
Has anyone ever passed it yet? -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load on Serial interface. [7:31400]
about 1.75Mbps. If you take 10/255=3.9% take 45Mbps (total speed of T3)* 3.9% and you get the approx answer of 1.75 Mbps. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame-Relay Question [7:31395]
You need to config the CSU/DSU or service-mod to utilize the correct number of channels on the port, regardless of CIR. ELMI or traffic-shaping is used to shape CIR speed. SO if you orderd a full T1, but only had a 64K circuit (I hope you are using the other channels for voice or something) you would need to configure the CSU/DSU or service-mod to use all 24 channels. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Packet options [7:31364]
As far as cisco, I can't imagine being able to filet on options type. I can only think of the following examples to classfiy/filer on: dscp ip prec/tos cos input int SA DA access-group mpls or or protocol as defined in NBAR -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Call Manager 3.1 [7:31335]
IBM and Dell models are are supported also. I was talking to someone one time about why they have such a restrictive policy, and they said they were getting more PC support calls then CallMannager issues, so they just locked down a few servers that they know could handle the software. ""Engelhard M. Labiro"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi Jim, > Just received "Cisco AVVID IP Telephony Networks" book, > and according to that book, Cisco has certified Compaq DL320 > and Compaq DL380 to run CallManager. Refer to this URL > regarding the approved hardware for Compaq ProLiant > http://www.cisco.com/warp/public/779/largeent/avvid/products/cmpq_srvrs.html > > HTH > > > Hello, > > > > I'm wondering if I can load CallManager 3.1 on any > > Compaq server or I have to buy from Cisco? I got error > > message "This application may only be installed on > > servers that were deployed using the standard > > Cisco-approved process" when I tried to install it. > > > > Thanks in advance. > > > > Jim > > > > __ > > Do You Yahoo!? > > Send FREE video emails in Yahoo! Mail! > > http://promo.yahoo.com/videomail/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31369&t=31335 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What equip is really necessary for lab studies [7:31295]
You can always go to Cisco and use thier racks for free. If I need a few days on a big router or ATM, I use their stuff. (I could never justify purchasing all the equipment some people have -72xx routers, Cat 6500 switches, Wireless AP's, etc..) You just need to have your CCIE written passed. Call your account manager - he'll help you out. Plus, they have more inside info on all differnt things related to Cisco in case you need their help, or just want to know what on the road-map. Another cool thing we have at my company is an actual telephone switch (it's small though because it was designed for classroom training). It simulates T1 lines, ISDN, etc. Look for one of those. It beats crossover cables. ""Nick S."" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Further to what EA Louie.. > > If you are strong on ISDN, you could connect aux-modem-modem-aux, specify > dialer profiles and work with it, u will need 2 pstn lines and most of the > "trigger" stuff which works with ISDN will work. > > Also, you need enough equipment to practise most of IP routing protocols > scenario's. rest of the things can be practised on racks (ATM/VOIP etc.) > > Nick Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31344&t=31295 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Update: BECN vs TCP congesttion control [7:31219]
So I guess frame-relay assumes a smart network/dumb host type situation? The only other thing I saw was Fred's statement "...None of these companies had much IP experience at the time, and it was mostly X.25-experienced people working on it. So the congestion issues needed to be brought out. I was working for a company that sold connectionless networks, and we KNEW about congestion and the possibilities of congestion collapse. (Firsthand experience with congestion collapse in the eary '80s was a very good learning experience.)..." What does he mean when he speaks about "congestion collapse"? Was this the case in a "dumb" network where too many calls would just bring it down? Did this bring up the need to create fecn/becn as a sort of next-generation type thing to correct the problems they may have experienced in previous type networks? Was there a parallel, but opposite school of thought in the TCP/IP networks (I guess the Internet and ARPANET) of a smart host/dumb network where the hosts and rotuters would handle congestion with TCP and ICMP source quench messages and the such? If I can assume that there were two schools of thought, can I also assume that frame-relay with it's smart network/dumb host model and tcp/ip's smart host, peer-to-peer network were never meant to merge? Also, what effect does becn/fecn (if implemented) have on TCP/IP's windowing? Any? Should the two never be used together, or can they co-exist peacefully if implemented right? Sorry to ask all these questions, but this is like a history lesson to me (IP was RFC'd in 1981, so I was 3 years old) and I learn best if I can get a grasp on not only how things are done, but why. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Call Manager 3.1 [7:31335]
Technically you must buy from cisco, but I've seen other ways of getting it lo load ""Jim Bond"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello, > > I'm wondering if I can load CallManager 3.1 on any > Compaq server or I have to buy from Cisco? I got error > message "This application may only be installed on > servers that were deployed using the standard > Cisco-approved process" when I tried to install it. > > Thanks in advance. > > Jim > > __ > Do You Yahoo!? > Send FREE video emails in Yahoo! Mail! > http://promo.yahoo.com/videomail/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31337&t=31335 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Update: BECN vs TCP congesttion control [7:31219]
I have been searching as to the purpose of these FECN and BECN bits, and I found this in an old newsgroup from 1994 from a guy who wrote part of Frame Relay standards. Looks like Howard and Pricilla were right in that IP wasn't a concern, as IBM had SDLC and ATT & BellCore had x.25 and other netowrks. Looks like x.25 had congestion issues cause of no layer 4? Am I right? From: [EMAIL PROTECTED] (Fred R. Goldstein) Newsgroups: comp.dcom.frame-relay Subject: Re: Use of FECN/BECN for congestion management. Date: 16 Nov 1994 16:15:56 GMT Organization: Bolt Beranek and Newman Inc. Lines: 86 Message-ID: References: NNTP-Posting-Host: bbn.com I was part of the Frame Relay Congestion Control battle/brou-ha-ha, or whatever you prefer to call it, from around 1985 to the time the ANSI standards were published in 1991. So I _can_ give some historical background to the motivations behind BECN and FECN. I also wrote much of the text for FECN. When Frame Relay was "conceived", there was little attention paid to congestion issues. Frame Relay became "the standard" because AT&T was pushing HARD for a "New Packet Mode Bearer Service" (NPMBS) which would use Layer 2 multiplexing. This was invented by AT&T as "DMI Mode 3" which used full LAPD plus X.25 PLP with a single layer 3 channel in each L2 VC. In spring, 1986, AT&T, IBM and Bellcore agreed to work on Frame Relay and advance it towards ANS status via ANSI T1D1 (later became T1S1). None of these companies had much IP experience at the time, and it was mostly X.25-experienced people working on it. So the congestion issues needed to be brought out. I was working for a company that sold connectionless networks, and we KNEW about congestion and the possibilities of congestion collapse. (Firsthand experience with congestion collapse in the eary '80s was a very good learning experience.) BTW, my main authority on this topic was Raj Jain, who invented slow-start (named "CUTE", "congestion control using timouts in the end-to-end layer") before Van did, and is credited in a footnote in Van's aticle. Since modern connectionless-network-layer-based networks use the transport layer for flow control, and have RECEIVER-based windows, we figured it was best to the the RECEIVER that the network was congested, because it could reduce its window size. We were still in the era when we expected OSI to catch on, and the North American OSI Implementors' Agreement for CLNP defined exactly how to use the Congestion Encountered bit in the CLNP header to dynamically adjust the windows size in TP4. Semantically, TP4 is a lot like TCP, and CLNP is a lot like IP, but IP lacks the CE bit. :-( Therefore I proposed the FECN bit. This made the FR header "address" field look different from LAPD, because we had to steal a bit (LAPD has 13 bits of address.) The technical name for this is Explicit Binary Feedback. IBM, on the other hand, had implemented a congestion control strategy for SNA using SDLC. In SDLC, the only window is in the SENDER. So they had no use for FECN, an asked for a BECN bit. We argued about it; having both bits was not widely supported at first because it would have shrunk the DLCI by another bit! Making it a per-connection option (the bit is FECN _or_ BECN) was also not popular. Eventually (by 1989) consensus moved towards having both bits. The DE bit was added because the networks needed a way to police the whole shebang. Since this was a telco service and telco like to sell rate-based services, they wanted a way to carry "excessive" (exceeds the CIR leaky bucket but not the EIR leaky bucket) traffic, but at lowered priority. DE does this quite nicely. Thus we have three bits stolen from the DLCI. The whole rate-based thing was written by T1S1.1 (Services) into T1.610-Addendum, while the FECN and BECH were written by T1S1.2 (Protocols) into T1.618 (Core Aspects of LAPF). The two mechanisms are unrelated! AT&T, btw, was concerned about asymmetrical packet voice traffic, and they put in the Consolidated Link Layer Management message (CLLM), which is in effect a complex Frame Relay Source Quench. This isn't widely used. So in summary, the FECN bit was aimed at feeding the Layer 3 "Congestion Encountered" bit, which in turn was to shrink the L4 window (preferably before losing frames, and thus providing a smoother flow). The BECH bit was aimed at reducing the HDLC/SDLC window. CIR/EIR was aimed at protecting the network against users who didn't pace their traffic; in practice, it causes strategic discards which trigger VJ slow-start, and that forms an "implicit" feedback mechanism. The semantics of FECN and BECN (how you should react; how it is set) are also INDEPENDENT of one another; they were invented separately and have different notions of congestion. And because they're all option
CCIE counters, r they going up? [7:31318]
Someone on the list (I think it was Chuck) used to try and keep track of how many new IE numbers they saw each week. I was wondering, with the new lab, how many on avg are passing ea. week or month. Just curious. Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31318&t=31318 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router down for a few seconds, many times [7:31308]
Check the load on the link. Check cpu load. Check sh int to make sure no int's were reset. Check with your service provider to make sure they're not having any problems, check with the LEC to check your circut to see if it's dirty. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sniffers [7:31296]
Ethereal. It's been ported from Linux to Win32. It's lightweight. But it's not perfect and can crash. www.ethereal.com If you use Windows 2000 or XP, just be sure to install the winpcap diver 2.3 beta. Otherwise 2.2 should work. http://netgroup-serv.polito.it/winpcap/ -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sniffers [7:31296]
I have experience with all sorts of ones, from Distributed Sniffer Pro 4.5 down to the free ones like ethereal and eEye's one. I like ethereal the best because it's so lightwweight (Sniffer is so taxing on PC's) and can read any prodect's cap files. It does everything you need. The only problem I have is that it dosen't recognize some packets like the LOOP packet on Cisco's ethernet ports. Sniffers DSS can be useful to grab stuff off of remote networks and they sell sniffer PC's with gig fiber cards in them to sniff backbone traffic if needed. Sniffer also has an expert mode that can be helpful with problems. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Enterprise Voice and Video over Data (EVVOD) [7:31234]
I had some lunk with the Intergrating Voice and Data Networks book. Also the internet helped me out. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CDP Duplex Message [7:31284]
could you have duplex mismatches? Try locking them down to same speeds. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IPv6 [7:31228]
Another question, When's IPv6 gonna hit the mainstream? Or the backbone? Of all the stuff I ever read on it, the main reason it came into play was because of the impending depletion of public addresses. Well with NAT, firewall and other proxy services handiling a lot of requests onto the public internet, the depletion has been put out a few years (actually, does anyone have any good like, studies pointing out when this is supposed to happen now?). So what else is going to drive the adoption of IPv6? -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BECN vs TCP congesttion control [7:31219]
I understand that FR is multi-protocol, but I feel confident in saying that most traffic is IP based. With that out of the way, historically, why did the writers of frame-relay include BECN as a method of congestion control when 1, it isn't end-to-end as TCP is, and therefore not as "good" as TCP, and 2, not nearly as robust and complex as TCP's tried and true methods of congestion control. Is there another reason that I don't understand. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to block MSN, and others. [7:31107]
I hear what your saying. Layer 8 of the OSI model sucks. :) -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: popularity of the CID test [7:31081]
I thought it was badly written in that you had to know what Cisco said was the right way to do things, regardless if it really was. You constantly had to figure out what it was they wanted. I saw questions like "What feature is *least* significant, and other vague ones. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to block MSN, and others. [7:31107]
I hear what your saying. Layer 8 of the OSI model sucks. :) -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: line monitor [7:31173]
Who pays for any feature in IOS? If you do David, I have a bridge I'd like to sell you. I like to keep my network designs simple, not fancy. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Un petit coucou d'Alexia [7:31181]
here's what babelfish says he/she said: Good plans of Alexia Hello = C3=A0 all, You want conna=C3=AEtre all the good plans, of the promos, = produced them more innovating in mati=C3=A8re of Internet and applicatifs = p=C=A9riph=C=A9ric? Believe me, you go = C3=AAtre been useful! EuropeTech has me donn=C3=A9 white card for you d=C3=A9goter = offers and not does not import lesquelles=E2=80=A6 the whole in the maid = mood! = 20 I esp=C3=A8re that you took as me the maid = r=C3=A9solutions for this news ann=C3=A9e. My premi=C3=A8re is = to convert all my documents Word and Excel = C3=A0 Euro. For me to help there = I have trouv=C3=A9 this excellent tool that I propose to you today: - = - = 20 = 20 = 20 = 20 = 20 = 20 EuroPrice Tool for conversion of documents Word and Excel = C3=A0 Euro. Caract=C3=A9ristiques g=C3=A9n=C3=A9rales of the product: EuroPrice allows a conversion automatis=C3=A9e = documents Word and Tableaux Excel = C3=A0 Euro. Its int=C=A9gration = perfect = C3=A0 Word (95, 97, 2000 and XP) and Excel (95, 97, 2000 and XP) = make it tr=C3=A8s intuitive, and tr=C3=A8s powerful. A module = r=C3=A9sident in m=C3=A9moire allows an automatic conversion in progress = of striking in all the Windows applications. A version r=C3=A9seau makes it possible to manage the profiles of = conversion and the courses of the currencies except euro of fa=C3=A7on = centralis=C3=A9e to a server. Moreover the co=C3=BBt of the licences = becomes d=C3=A9gressif according to the number of stations. = 20 You can t=C3=A9l=C3=A9charger and to buy your licence in = line: http://www.europesoftware.net/products/europrice/index.htm the key of d=C3=A9bridage will be to you envoy=C3=A9e under 48 hours = maximum. Price HT: 40 = E2=82=ac Price Including all taxes: 47,84 = E2=82=AC=20 = 20 - = Do not h=C3=A9sitez = C3=A0 to consult me for any information and still = good ann=C3=A9e 2002... With bient=C3=B4t = 20 Alexia P.CS. You can s=C3=BBr leave you well this list of distribution = by sending an email empties = C3=A0 [EMAIL PROTECTED] but in = making = C3=A7a, it is s=C3=BBr, one day or the other you risk = to pass = C3=A0 c=C3=B4t=C3=A9 of the good bargain! -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: line monitor [7:31173]
nothing yet. Cisco will be releasing DHRP soon though. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access-list & NAT [7:31152]
NAT happens first out. Access-list happens first in I believe. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to block MSN, and others. [7:31107]
A properly designed anti-virus scheme will have e-mail virus protection software on the e-mail servers AND on the client. Plus, there ae way more worms and virii in a corporate based, Outlook/Exchange mail system than any web-based e-mail service. The worms are getting so bad, when they attack, they are causing instability in the core routers of the internet and BGP. ""Chuck Church"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > There's really two reasons to block access to these services. Managers > don't want their employees wasting time, but the more important reason is > network security. If you're providing email accounts for employees, what's > the need to access Hotmail, etc? By doing so, they're bypassing your email > virus scanning capabilities. That's how my company got stung with Nimda. > Most companies already have a policy for computer use. Usually it's > something along the lines of 'business use only'. Accessing your > home/personal email account at work usually isn't business related. Now if > I can just figure out how to block Media Player using NBAR... > > Chuck > > > What is the purpose of giving users access to the Internet when you will > > be blocking even the hotmail for them? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31130&t=31107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: cisco voip [7:31100]
Integrating Voice and Data Networks. CVOICE Look up these topics on CCO: LLQ, FRTS, MLPPP, FRF.12, dial-peers, CallManager and H.323 -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to block MSN, and others. [7:31057]
IM isn't anywhere near as bandwidth intensive as video, audio, etc. And I can understand blocking video and streaming audio. But if you communicate via e-mail or IM, they can both be for business purposes. I have seen plany of non-business related e-mails in my time, just as I'm sure you all have. That dosen't mean we should all block e-mail. IM has a stigma as a toy for teens on AOL, and it just isn't that way anymore. It does have it's place. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: popularity of the CID test [7:31081]
It was the only test I ever failed. If you ask me, there's not much market demand for CCDP's (which makes the test a low priority), and for the amount you have to study to pass the test, it's not worth it. It's good to learn though, because it covers a lot of broad topics, from SNA to ATM LANE, AppleTalk, etc. Have fun at it. Study the BPX and IGX. ""Juan Blanco"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > TEAM, > > Why the popularity of the CID test is very low...Tips on this test..I > will take it next Saturday > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31083&t=31081 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to block MSN, and others. [7:31057]
My Bad. The RSA Certificate was for the Passport account. MSN Messenger uses an MD5 hash. Still more secure than most e-mail accounts. ""Steven A. Ridder"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I hate to break it to you, but almost all e-mail isn't encrypted either. > The log on info to MSN Messenger is not clear text. The messages are. I > sniffed MSN Messenger and it's an RSA certificate. I think you mean I can > sniff most pop accounts and see the username and password, not MSN > Messenger. > > > > ""David Tran"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > >The messages are usually smaller than e-mail. And > > > no they aren't insecure (well besides the gaping hole AIM just patched). > > A > > > stateful firewall or CBAC can stop session hijacking. > > > > It is the statement like this that makes me almost fall off my chair. > What > > planet > > are you coming from? What make you think that these IM is secured > > (excluding > > the gapping hole in AIM). Remember, you have to connect the client to an > > external IM server, the information is traveling in "clear text" including > > your > > username and password. What makes you think that these IM servers are > > secure? Furthermore, your communication can be monitored by a third > party. > > CBAC or stateful Firewall can not prevent this because your session is > being > > monitored on the IM servers. There is nothing that your firewall can do. > > If > > hackers successfully hack the IM servers, consider your conversation > > available > > to everybody else. > > > > The best way to secure communication is running IM over Secure Socket > Layer > > (SSL). I've been using jabber over SSL for a few months now and it is > > working great. You want something secure, build your own jabber server, > run > > the > > service over SSL and have your buddies to connect to your jabber IM server > > for > > secure communication. Jabber server is a freeware available on Linux > > platform. > > > > - Original Message - > > From: "Steven A. Ridder" > > To: > > Sent: Sunday, January 06, 2002 11:38 AM > > Subject: Re: How to block MSN, and others. [7:31057] > > > > > > > I can't imagine the problem with Messenger apps. I feel that instant > > > communication can be handy at times. Sometimes I hate waiting for an > > e-mail > > > response, and a messenger service fits that niche nicely. And no, they > > > don't waste bandwidth. The messages are usually smaller than e-mail. > And > > > no they aren't insecure (well besides the gaping hole AIM just patched). > > A > > > stateful firewall or CBAC can stop session hijacking. > > > > > > I don't use instant messaging at all (except for e-bay alerts and > traffic > > > updates) but I see huge potential for IM and I bet that messaging will > > only > > > get more ubiquitous as the years go by. So try and live with it instaed > > of > > > fighting it all the time. > > > -- > > > > > > RFC 1149 Compliant. > > > > > > > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31073&t=31057 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to block MSN, and others. [7:31057]
I hate to break it to you, but almost all e-mail isn't encrypted either. The log on info to MSN Messenger is not clear text. The messages are. I sniffed MSN Messenger and it's an RSA certificate. I think you mean I can sniff most pop accounts and see the username and password, not MSN Messenger. ""David Tran"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > >The messages are usually smaller than e-mail. And > > no they aren't insecure (well besides the gaping hole AIM just patched). > A > > stateful firewall or CBAC can stop session hijacking. > > It is the statement like this that makes me almost fall off my chair. What > planet > are you coming from? What make you think that these IM is secured > (excluding > the gapping hole in AIM). Remember, you have to connect the client to an > external IM server, the information is traveling in "clear text" including > your > username and password. What makes you think that these IM servers are > secure? Furthermore, your communication can be monitored by a third party. > CBAC or stateful Firewall can not prevent this because your session is being > monitored on the IM servers. There is nothing that your firewall can do. > If > hackers successfully hack the IM servers, consider your conversation > available > to everybody else. > > The best way to secure communication is running IM over Secure Socket Layer > (SSL). I've been using jabber over SSL for a few months now and it is > working great. You want something secure, build your own jabber server, run > the > service over SSL and have your buddies to connect to your jabber IM server > for > secure communication. Jabber server is a freeware available on Linux > platform. > > - Original Message - > From: "Steven A. Ridder" > To: > Sent: Sunday, January 06, 2002 11:38 AM > Subject: Re: How to block MSN, and others. [7:31057] > > > > I can't imagine the problem with Messenger apps. I feel that instant > > communication can be handy at times. Sometimes I hate waiting for an > e-mail > > response, and a messenger service fits that niche nicely. And no, they > > don't waste bandwidth. The messages are usually smaller than e-mail. And > > no they aren't insecure (well besides the gaping hole AIM just patched). > A > > stateful firewall or CBAC can stop session hijacking. > > > > I don't use instant messaging at all (except for e-bay alerts and traffic > > updates) but I see huge potential for IM and I bet that messaging will > only > > get more ubiquitous as the years go by. So try and live with it instaed > of > > fighting it all the time. > > -- > > > > RFC 1149 Compliant. > > > > > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31070&t=31057 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to block MSN, and others. [7:31057]
I can't imagine the problem with Messenger apps. I feel that instant communication can be handy at times. Sometimes I hate waiting for an e-mail response, and a messenger service fits that niche nicely. And no, they don't waste bandwidth. The messages are usually smaller than e-mail. And no they aren't insecure (well besides the gaping hole AIM just patched). A stateful firewall or CBAC can stop session hijacking. I don't use instant messaging at all (except for e-bay alerts and traffic updates) but I see huge potential for IM and I bet that messaging will only get more ubiquitous as the years go by. So try and live with it instaed of fighting it all the time. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
memorize packet structure [7:31023]
Is it necessary to memorize tcp/ip/udp/ppp etc,. packet structures for the CCIE test? Does anyone out therre know that stuff cold without using a sniffer? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31023&t=31023 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
SNMP, Dynamic Wan IP's, DSL, Cable [7:30999]
Hello all, I have read this list for awhile now and realize how similar most of our dilemmas are. My strengths are many but there are many brighter than I and therefore I have not had the opportunity to answer any questions ahead of the correct answer being posted. Therefore I pose this question to the entire group in hopes that some are strong in my weakness. SNMP and management as a whole are not things I have ever dealt with beyond academia. So first is there a MIB that defines the IP address of an interface? Can I send a Trap if the IP address of an interface changes? Is there a service living on the "big I" that will accept such a trap and record the change? Recall that this *IS* primarily concerned with CISCO equipment in my world. I know there are many utilities that will do these sorts of things with PC's and/or Servers behind the dynamic IP but what if I am interested in only having the router online all the time? And behind the router lives intelligent power control devices (read X10 enabled Web server.etc etc.) that can power up my server/rack/anything else. I want to know at all times through a URL that I can reach my router but NOT have to pay the cost of static IP. Thanks for your help. What about IP or SNMP to X10 translation on a Cisco device? I see they (Cisco) recently (?) released analog relay control for alarm and monitoring. Any body at the big C reading this that might want to go down the protocol translation road to profit? This might be a great topic for us to venture down together. G. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30999&t=30999 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: cisco aironet question [7:30926]
Not real sure how to calcualte loss budget. I'm going to just have to increase power and hope for best. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: cisco aironet question [7:30926]
How does one bounce the signal? With a third access point, like a triangle? -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
cisco aironet question [7:30926]
Will two Cisco Aironet Wireless Access points work through trees? The two buildings are only 305m apart, but there are trees in between the two buildings. In winter there are no leaves on the trees, so they have line of sight, but with leaves in the spring and summer, will it still work? Can the signal go through the trees? -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: wireless max distance question [7:30822]
The one where the guy bought 3M super computer coolant and doused his whole computer in it? I've read any oil can work, but this won't corrode the plastic on circuit boards. ""Allen May"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > That is one of the funniest hacks I've ever seen ;) > > Have you ever seen the one where that guy tried the ultimate coolant on his > motherboard? It was some kind of non-conductive oil cooled by a > refrigerator compressor to below freezing. The entire motherboard was > submerged & benchmarks went way up...rofl. > > Allen > - Original Message - > From: "Jarmoc, Jeff" > To: > Sent: Thursday, January 03, 2002 3:43 PM > Subject: RE: wireless max distance question [7:30822] > > > > There's also the good ol' 802.11b pringles can hack. I haven't tried it, > > and it's obviously not something you'd want to implement in a business > > environment, but I've thought about playing with it as a home toy. > > > > http://verma.sfsu.edu/users/wireless/pringles.php > > > > Jeff Jarmoc - CCSA, CCNA, MCSE > > Network Analyst - Grubb & Ellis > > [EMAIL PROTECTED] > > > > > > > > -Original Message----- > > From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, January 03, 2002 2:17 PM > > To: [EMAIL PROTECTED] > > Subject: Re: wireless max distance question [7:30822] > > > > > > I've heard of a Cisco antenna boosters. Check the qprg. or > > http://www.cisco.com/warp/public/cc/pd/witc/ao340ap/prodlit/airoa_ds.htm > > > > Some directional antennas can get up to 25 miles. You may need a line of > > sight though. Check with Cisco > > > > FYI, Linksys wireless access points can be hacked via firmware and stuff > to > > get a +3 to +4 dB gain in power. > > > > > http://www.wi2600.org/mediawhore/nf0/wireless/docs/802.11/WAP11/fun_with_the > > _wap11.txt > > > > > > > > -- > > RFC 1149 Compliant. > > > > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30855&t=30822 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Lowest end router to support Gigabit Ethernet [7:30857]
My other link never cam through. http://www.cisco.com/univercd/cc/td/doc/pcat/gget__i1.htm ""Rohm Marti"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Is the 7200 the lowest-end (in terms of pricing) router that supports > Gigabit ethernet interfaces? > > > Thanks, > > Rohm > PS: Is there a tool on CCO that would have helped me arrive at the answer? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30866&t=30857 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Lowest end router to support Gigabit Ethernet [7:30857]
CCO login required. Click on configure a product, the find a product tab. ""Gaz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I think it is the lowest price router, but I suppose it depends what you > intend to do with it and what other equipment it will integrate with. > > Could you make use of a layer 3 switch and save in the long run? > Is something like the 2948G-L3, or even the 4908G-L3 going to come close on > price once you add up the bits? > > Regards, > > Gaz > > ""Rohm Marti"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Is the 7200 the lowest-end (in terms of pricing) router that supports > > Gigabit ethernet interfaces? > > > > > > Thanks, > > > > Rohm > > PS: Is there a tool on CCO that would have helped me arrive at the answer? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30864&t=30857 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Carrier Transitions : Any Comments [7:30829]
Ole, It is not unheard of for a cable between the CSU and the demarc (SJ) to start flaking out. You said that "you did that", meaning what? Did you replace the cable and reset the WIC or did you do one and not the other? I've had a simple reseat of the cable into the back of the SJ fix problems for me before. I would have done one first and then tried the other rather than taking a shotgun approach because the shotgun method doesn't allow you to discover exactly what the problem was. What about your service-module? (show service-module XX) Was it reporting any problems? Most specifically did it register any bipolar violations? It's been my experience that bipolar violations indicate a local copper problem which would have pointed more to the cable than to the WIC. You could still have a SJ problem. When looping the SJ, they cannot test through the port to which you are connecting. (Unless you provide a loopback plug for them to test to). Further, sometimes SJs (depending on vendor) have a switch or software option for AMI or B8ZS. If there is a switch and if your service is suppose to be using B8ZS, then the SJ should be set for B8ZS. Some vendors' SJs can get flakey and alternate between AMI and B8ZS, causing you problems. Anytime I dispatch a LEC technician I request that they check that option and set it accordingly, rather than leaving it set to AUTO detect. (there's that "auto detect" stuff again... :) I'm not a big fan of integrated CSUs. I miss the days of having a standalone CSU and then my router behind it. We would have 2 POTS lines, 1 for the CSU and 1 for the router. We were able to pinpoint our problems and get resolution much faster. Always check what your CSU has to say about a line condition. You apt to get more detail from it rather than from a simple interface command output. Most CSUs record performance information in increments of 15 minute periods (96 blocks) for a 24 hour period. You can then see nearly exactly what was occurring over the past day and when it occurred. HTH, Chris -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 03, 2002 4:08 PM To: [EMAIL PROTECTED] Subject: Carrier Transitions : Any Comments [7:30829] My networking skills are apparently being tested these days, because the frame relay circuit went down to one of my branch offices. I got someone at the local office to telnet into the router, which was down/down, and the LMI was down/down, and there were just under 10 carrier transitions in the last 24 hours. I had them powercycle the router without any luck. I concluded that my provider was most likely the cause of the problem, and that it was at the branch office circuit, since my router here was talking fine with the other two remote offices, and my LMI was up/up. My provider told me that the circuit was bouncing, or in other words, it had been going down and back up several times since yesterday evening. After several hours, they did an out of service test, where they told me that it had tested dirty to the CSU but clean to the SmartJack, so they were going to put it on hold until I had replaced the WAN cable and reseated the WIC-1DSU-T1 card in the 1720 router. I went out to the branch office and did that, and the PVC has after I powered it on been up for about an hour now. My question now is: Is this (A) a normal thing that you suddenly have to reseat the WIC and/or replace the WAN cable, and that it can cause carrier transitions, or is this more likely (B) my provider that has found and corrected the error on their site, but now is trying to make it look like it was my equipment that was faulty, or (C) Thanks for any comments to this, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30847&t=30829 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Carrier Transitions : Any Comments [7:30829]
It's not uncommon. It was probably a bad cable more than a loose WIC. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: wireless max distance question [7:30822]
I've heard of a Cisco antenna boosters. Check the qprg. or http://www.cisco.com/warp/public/cc/pd/witc/ao340ap/prodlit/airoa_ds.htm Some directional antennas can get up to 25 miles. You may need a line of sight though. Check with Cisco FYI, Linksys wireless access points can be hacked via firmware and stuff to get a +3 to +4 dB gain in power. http://www.wi2600.org/mediawhore/nf0/wireless/docs/802.11/WAP11/fun_with_the _wap11.txt -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IDS Test [7:30806]
I may going out on a limb here, but I doubt it. -- RFC 1149 Compliant. ""Jay Creasy"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Does anyone have any info on the IDS test. Specifically, Do you have to > memories the couple hundered pages of Signatures in the IDS book ? > > Thanks > > Jay Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30809&t=30806 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Excess collisions on Ethernet interface [7:30769]
Input errors is the sum of the errors, not an individual error in of itself. If you have 93 runts, the input error is reported as 93. If you had 93 runts and 1 giant, the nput errors would be 94. How long is the cable between the router and switch. I've seen tiny cords cause this error. I think the minimum length for ethernet is 3 meters. ""Andrew Larkins"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I understand that there are collisions in half duplex due to the nature of > Ethernet here - having to see if it is clear to transmit first. What I don't > understand is why there are runt frames that are exactly the same number as > the input errors. I have tried moving the cable to another switchport and > the same issue - at least the switch is not a problem now. > > A runt frame is a packet that is less than 64 bytes with a bad CRC - > collisions would cause this, but so many?? > > -Original Message- > From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] > Sent: 03 January 2002 13:30 PM > To: [EMAIL PROTECTED] > Subject: Re: Excess collisions on Ethernet interface [7:30769] > > > errors in half duplex mode is nomal. > > > ""Andrew Larkins"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > both are hardcoded to 10MB half duplex. I am getting input errors on the > > switch. Strangley enough the numbers of these errors are the same as the > > runt frames. > > > > -Original Message- > > From: McCallum, Robert [mailto:[EMAIL PROTECTED]] > > Sent: 03 January 2002 13:00 PM > > To: 'Andrew Larkins' > > Subject: RE: Excess collisions on Ethernet interface [7:30769] > > > > > > sorry, check that your router (3640) is set to half duplex 10 meg. > > > > -Original Message- > > From: Andrew Larkins [mailto:[EMAIL PROTECTED]] > > Sent: 03 January 2002 11:08 > > To: McCallum, Robert; Cisco Mail List > > Subject: RE: Excess collisions on Ethernet interface [7:30769] > > > > > > Output from the Ethernet interface on the switch > > > > FastEthernet0/1 is up, line protocol is up > > Hardware is Fast Ethernet, address is 0003.e335.6f01 (bia > 0003.e335.6f01) > > Description: Ethernet Connection to Cisco 3640 router > > MTU 1500 bytes, BW 1 Kbit, DLY 1000 usec, > > reliability 254/255, txload 2/255, rxload 5/255 > > Encapsulation ARPA, loopback not set > > Keepalive not set > > Half-duplex, 10Mb/s, 100BaseTX/FX > > ARP type: ARPA, ARP Timeout 04:00:00 > > Last input 00:00:52, output 00:00:00, output hang never > > Last clearing of "show interface" counters 00:04:23 > > Queueing strategy: fifo > > Output queue 0/40, 0 drops; input queue 0/75, 0 drops > > 5 minute input rate 219000 bits/sec, 41 packets/sec > > 5 minute output rate 92000 bits/sec, 73 packets/sec > > 12575 packets input, 8630619 bytes > > Received 399 broadcasts, 93 runts, 0 giants, 0 throttles > > 93 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored > > 0 watchdog, 63 multicast > > 0 input packets with dribble condition detected > > 22161 packets output, 3425558 bytes, 0 underruns > > 0 output errors, 88 collisions, 0 interface resets > > 0 babbles, 0 late collision, 356 deferred > > 0 lost carrier, 0 no carrier > > 0 output buffer failures, 0 output buffers swapped ou > > > > -Original Message- > > From: McCallum, Robert [mailto:[EMAIL PROTECTED]] > > Sent: 03 January 2002 12:36 PM > > To: 'Andrew Larkins' > > Subject: RE: Excess collisions on Ethernet interface [7:30769] > > > > > > Andrew, > > > > Check that your 3548 is configured as 10meg half duplex as well (NOT > > AUTOSENSE) > > > > -Original Message- > > From: Andrew Larkins [mailto:[EMAIL PROTECTED]] > > Sent: 03 January 2002 10:10 > > To: [EMAIL PROTECTED] > > Subject: Excess collisions on Ethernet interface [7:30769] > > > > > > Hi all, > > > > I have a 10MB Ethernet interface (1E2W) that is showing the following > > message: > > > > Jan 3 11:47:32: %AMDP2_FE-6-EXCESSCOLL: Ethernet0/0 TDR=3, TRC=0 > > > > I am assuming that this is the cause of the deferred packets. This port is > > configured as half duplex and connects to a Cisco 3548 switch. What also > > bothers me is the number of broadcasts here.. - is this not too high?? > > > > The point here is that users are complaining about slow response times
Re: Sniffing my broadband connection to my ISP ??? [7:30689]
i guess I got them mixed up. Now I can't remember the tool that uses ICMP redirects to do the same thing. I thought the other one did the arp spoofing. I'll try and find it as it's more clever. ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I read up on it. It appears to have been developed for beneficial purposes > but is also a hacker tool. The written material says its a set of tools > actually The relevant one uses ARP, not ICMP. (There was no mention of ICMP > being used.) It sends an ARP reply for the IP address of the default > gateway. Actually it can send an ARP reply for anything. There's no need to > be multihomed, but IP forwarding must be enabled or you'll get caught, as > you say, (plus you wouldn't see anything because the target would loose its > connections). > > Priscilla > > At 07:43 PM 1/2/02, Steven A. Ridder wrote: > >Dsniff uses icmp default gateway redirects (the ICMP message that tells > >hosts that a differnt router has a better path to the destination network). > >This will automatically make the user's PC redirect all traffic to your PC > >dynamically (the client never knows about it), because he thinks you are a > >router and that you'd be a better default gateway. You just have to have a > >multihomed PC because you still need to forward the traffic to the > >destination, otherwise you'll get caught. > > > >It's a pretty good hacking tool and has been ported from *nix to Windows for > >years. Makes switches just like hubs again. Use this with L0phtCrack and > >you can get NT PW's, etc.. > > > > > >""Priscilla Oppenheimer"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > At 06:42 PM 1/2/02, Steven A. Ridder wrote: > > > >As everyone else has said, this is normal for a shared access netowrk. > >Look > > > >for routing protocol updates and other things as well . On ATT's > > > >cable-modem network you can see the ospf hello updates, who the DR and > >BDR > > > >is and other things. > > > > > > Yep, that's true. > > > > > > So now we have synergy between this thread and the Passive Interface > > > thread! I like that! ;-) > > > > > > Making the cable interface a passive interface seems like a good idea for > > > many reasons, including security and not just bandwidth usage. (The > > > bandwidth used by Hellos has gotta be pretty minimal!) > > > > > > >It can be fun. > > > > > > A lot of people report seeing other broadcasts too, including NetBIOS, > > > AppleTalk, etc. It's kind of scary. > > > > > > >Try dsniff or some other program and > > > >you can see all the traffic on that network :) Be careful though > >because > > > >you will probably get slammed and don't forget to reroute the traffic > >back > > > >out or else someone will know something is wrong. > > > > > > What's dsniff? What does that let you see? And what's this about having > to > > > reroute? Can you tell us more? THANKS > > > > > > Priscilla > > > > > > > > > > > > > > > >""Phil Barker"" wrote in message > > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > Hi Group, > > > > > I have been sniffing my broadband connection to > > > > > my ISP today and have a few questions. > > > > > > > > > > My main gripe is that I'm being sent around 100 > > > > > Arp requests per minute, which obviously I cannot > > > > > resolve. These ARP requests are all originating from > > > > > my default G/W at the ISP trying to resolve MAC > > > > > addresses of various users. Can anyone confirm if this > > > > > is usual or unusual. I cannot see this being correct > > > > > since if I set my router up to be one of these IP > > > > > addresses I can resolve it to my MAC address Eth 0 > > > > > int' or any other mac-address for that matter. > > > > > > > > > > They also send me DHCP requests, IGMP requests > > > > > for group 224.0.0.1 (Which I wish I could join) but > > > > > cannot and lots of their private address information > > > > > via the above mentioned ARP's. > > > > &g
Re: Excess collisions on Ethernet interface [7:30769]
errors in half duplex mode is nomal. ""Andrew Larkins"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > both are hardcoded to 10MB half duplex. I am getting input errors on the > switch. Strangley enough the numbers of these errors are the same as the > runt frames. > > -Original Message- > From: McCallum, Robert [mailto:[EMAIL PROTECTED]] > Sent: 03 January 2002 13:00 PM > To: 'Andrew Larkins' > Subject: RE: Excess collisions on Ethernet interface [7:30769] > > > sorry, check that your router (3640) is set to half duplex 10 meg. > > -Original Message- > From: Andrew Larkins [mailto:[EMAIL PROTECTED]] > Sent: 03 January 2002 11:08 > To: McCallum, Robert; Cisco Mail List > Subject: RE: Excess collisions on Ethernet interface [7:30769] > > > Output from the Ethernet interface on the switch > > FastEthernet0/1 is up, line protocol is up > Hardware is Fast Ethernet, address is 0003.e335.6f01 (bia 0003.e335.6f01) > Description: Ethernet Connection to Cisco 3640 router > MTU 1500 bytes, BW 1 Kbit, DLY 1000 usec, > reliability 254/255, txload 2/255, rxload 5/255 > Encapsulation ARPA, loopback not set > Keepalive not set > Half-duplex, 10Mb/s, 100BaseTX/FX > ARP type: ARPA, ARP Timeout 04:00:00 > Last input 00:00:52, output 00:00:00, output hang never > Last clearing of "show interface" counters 00:04:23 > Queueing strategy: fifo > Output queue 0/40, 0 drops; input queue 0/75, 0 drops > 5 minute input rate 219000 bits/sec, 41 packets/sec > 5 minute output rate 92000 bits/sec, 73 packets/sec > 12575 packets input, 8630619 bytes > Received 399 broadcasts, 93 runts, 0 giants, 0 throttles > 93 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored > 0 watchdog, 63 multicast > 0 input packets with dribble condition detected > 22161 packets output, 3425558 bytes, 0 underruns > 0 output errors, 88 collisions, 0 interface resets > 0 babbles, 0 late collision, 356 deferred > 0 lost carrier, 0 no carrier > 0 output buffer failures, 0 output buffers swapped ou > > -Original Message- > From: McCallum, Robert [mailto:[EMAIL PROTECTED]] > Sent: 03 January 2002 12:36 PM > To: 'Andrew Larkins' > Subject: RE: Excess collisions on Ethernet interface [7:30769] > > > Andrew, > > Check that your 3548 is configured as 10meg half duplex as well (NOT > AUTOSENSE) > > -Original Message- > From: Andrew Larkins [mailto:[EMAIL PROTECTED]] > Sent: 03 January 2002 10:10 > To: [EMAIL PROTECTED] > Subject: Excess collisions on Ethernet interface [7:30769] > > > Hi all, > > I have a 10MB Ethernet interface (1E2W) that is showing the following > message: > > Jan 3 11:47:32: %AMDP2_FE-6-EXCESSCOLL: Ethernet0/0 TDR=3, TRC=0 > > I am assuming that this is the cause of the deferred packets. This port is > configured as half duplex and connects to a Cisco 3548 switch. What also > bothers me is the number of broadcasts here.. - is this not too high?? > > The point here is that users are complaining about slow response times - > From my pings etc, things seem to be fine. Any idea's? > > xxx>sho int e0/0 > Ethernet0/0 is up, line protocol is up > Hardware is AmdP2, address is 00e0.1e94.d8c1 (bia 00e0.1e94.d8c1) > Description: Local LAN > Internet address is 10.x.x.x/21 > MTU 1500 bytes, BW 1 Kbit, DLY 1000 usec, > reliability 255/255, txload 1/255, rxload 4/255 > Encapsulation ARPA, loopback not set > Keepalive set (10 sec) > ARP type: ARPA, ARP Timeout 04:00:00 > Last input 00:00:00, output 00:00:00, output hang never > Last clearing of "show interface" counters 00:28:57 > Input queue: 4/75/31/0 (size/max/drops/flushes); Total output drops: 0 > Queueing strategy: fifo > Output queue :0/40 (size/max) > 5 minute input rate 165000 bits/sec, 48 packets/sec > 5 minute output rate 77000 bits/sec, 30 packets/sec > 117274 packets input, 53901769 bytes, 0 no buffer > Received 21256 broadcasts, 0 runts, 0 giants, 0 throttles > 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored > 0 input packets with dribble condition detected > 51866 packets output, 20407116 bytes, 0 underruns > 25 output errors, 1858 collisions, 0 interface resets > 0 babbles, 0 late collision, 695 deferred > 0 lost carrier, 0 no carrier > 0 output buffer failures, 0 output buffers swapped out Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30773&t=30769 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sniffing my broadband connection to my ISP ??? [7:30689]
Dsniff uses icmp default gateway redirects (the ICMP message that tells hosts that a differnt router has a better path to the destination network). This will automatically make the user's PC redirect all traffic to your PC dynamically (the client never knows about it), because he thinks you are a router and that you'd be a better default gateway. You just have to have a multihomed PC because you still need to forward the traffic to the destination, otherwise you'll get caught. It's a pretty good hacking tool and has been ported from *nix to Windows for years. Makes switches just like hubs again. Use this with L0phtCrack and you can get NT PW's, etc.. ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > At 06:42 PM 1/2/02, Steven A. Ridder wrote: > >As everyone else has said, this is normal for a shared access netowrk. Look > >for routing protocol updates and other things as well . On ATT's > >cable-modem network you can see the ospf hello updates, who the DR and BDR > >is and other things. > > Yep, that's true. > > So now we have synergy between this thread and the Passive Interface > thread! I like that! ;-) > > Making the cable interface a passive interface seems like a good idea for > many reasons, including security and not just bandwidth usage. (The > bandwidth used by Hellos has gotta be pretty minimal!) > > >It can be fun. > > A lot of people report seeing other broadcasts too, including NetBIOS, > AppleTalk, etc. It's kind of scary. > > >Try dsniff or some other program and > >you can see all the traffic on that network :) Be careful though because > >you will probably get slammed and don't forget to reroute the traffic back > >out or else someone will know something is wrong. > > What's dsniff? What does that let you see? And what's this about having to > reroute? Can you tell us more? THANKS > > Priscilla > > > > > >""Phil Barker"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Hi Group, > > > I have been sniffing my broadband connection to > > > my ISP today and have a few questions. > > > > > > My main gripe is that I'm being sent around 100 > > > Arp requests per minute, which obviously I cannot > > > resolve. These ARP requests are all originating from > > > my default G/W at the ISP trying to resolve MAC > > > addresses of various users. Can anyone confirm if this > > > is usual or unusual. I cannot see this being correct > > > since if I set my router up to be one of these IP > > > addresses I can resolve it to my MAC address Eth 0 > > > int' or any other mac-address for that matter. > > > > > > They also send me DHCP requests, IGMP requests > > > for group 224.0.0.1 (Which I wish I could join) but > > > cannot and lots of their private address information > > > via the above mentioned ARP's. > > > > > > I also captured an attemt at an inbound TCP > > > connection on a dynamic port which my router RST, > > > thankfully. > > > > > > Are they wasting my B/W ? > > > > > > Thanx, > > > > > > Phil > > > > > > > > > > > > > > > > > > __ > > > Do You Yahoo!? > > > Everything you'll ever need on one web page > > > from News and Sport to Email and Music Charts > > > http://uk.my.yahoo.com > > > Priscilla Oppenheimer > http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30736&t=30689 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Configuration Register Question [7:30713]
I need to do more studying on this topic, so forgive me for asking, but why does the conf. reg change according to line console speed?? I thought the confreg was just a setting telling the router whare to boot from? Does it do more? ""Kaminski, Shawn G"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Thanks for all the replies. Berry, thanks for the link to the Config > Register Calculator! You were correct regarding the console linespeed. It > was set at 115200. I changed it before the holidays but forgot that I had > done this when I got back to the office today! Changed it back to 9600 and > all is well! > > Shawn K. > > -Original Message- > From: Berry Mobley [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 02, 2002 6:37 PM > To: Kaminski Shawn G; [EMAIL PROTECTED] > Subject: Re: Configuration Register Question [7:30713] > > > Boson's Config Register Calculater (free at www.boson.com) says that your > console linespeed is 115200 instead of 9600. Console port speed is set > with the higher bits. > > Berry > > At 05:38 PM 1/2/2002 -0500, you wrote: > >I was working on a 2611 router and noticed that the configuration > >register was set to 0x3962 !!! I tried to change it to 0x2102 but says > >it will change to 0x3922 at the next reload. Just curious if anyone has > >seen this before and what it means. When I looked at CCO I noticed that > >they didn't have any information on 0x3000, only 0x1000, 0x2000, > >0x4000, and 0x8000. > > > >Shawn K. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30727&t=30713 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sniffing my broadband connection to my ISP ??? [7:30689]
As everyone else has said, this is normal for a shared access netowrk. Look for routing protocol updates and other things as well . On ATT's cable-modem network you can see the ospf hello updates, who the DR and BDR is and other things. It can be fun. Try dsniff or some other program and you can see all the traffic on that network :) Be careful though because you will probably get slammed and don't forget to reroute the traffic back out or else someone will know something is wrong. ""Phil Barker"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi Group, > I have been sniffing my broadband connection to > my ISP today and have a few questions. > > My main gripe is that I'm being sent around 100 > Arp requests per minute, which obviously I cannot > resolve. These ARP requests are all originating from > my default G/W at the ISP trying to resolve MAC > addresses of various users. Can anyone confirm if this > is usual or unusual. I cannot see this being correct > since if I set my router up to be one of these IP > addresses I can resolve it to my MAC address Eth 0 > int' or any other mac-address for that matter. > > They also send me DHCP requests, IGMP requests > for group 224.0.0.1 (Which I wish I could join) but > cannot and lots of their private address information > via the above mentioned ARP's. > > I also captured an attemt at an inbound TCP > connection on a dynamic port which my router RST, > thankfully. > > Are they wasting my B/W ? > > Thanx, > > Phil > > > > > > __ > Do You Yahoo!? > Everything you'll ever need on one web page > from News and Sport to Email and Music Charts > http://uk.my.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30725&t=30689 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT problems. [7:30679]
I agree. I can say with 100% certainty that it's not NAT/PAT if you have those exact configs in the router. It's IE. ""Lange, Eric"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Could be DNS problem. Try going to http://198.133.219.25/ > > This is Cisco.com. > > Probably not a NAT/PAT issue. > > Regards, > Eric > > -Original Message- > From: Larry Brown [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 02, 2002 9:44 AM > To: [EMAIL PROTECTED] > Subject: NAT problems. [7:30679] > > > I set up nat with basic statements > > ip nat inside (fast 0) > ip nat outside (serial 0.1) > ip nat inside soure list 1 interface serial0.1 overload > access-list 1 permit 10.0.0.0 0.0.0.255 (This is the only access-list on the > box) > > If I do a show ip nat translations I can see internal & external local and > global > mappings but only for icmp (when the user pings something) and udp - no tcp > connections. So, NAT&PAT is working. The problem is Internet Explorer > times out. > Can I totally rule out NAT? Anyone had this type of problem? > > > > > > __ > Do You Yahoo!? > Send your FREE holiday greetings online! > http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30703&t=30679 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ccna exam info [7:30657]
Try Wendel Odom's CCNA Exam Certification Guide. Please try to config a router a few times if you haven't yet before you take the CCNA. It will make your knowledge more concrete. For practice tests, try Boson.com, examcram.com, etc. Cisco even has some tests that have the real questions on them (they look real to me). I'm not afraid to show someone how to cheat on a test, as I belive the net is open and exists to share information, for good or bad, and even if you saw all the tasks on a CCIE lab, you're not going to pass without knowing all your stuff. There used to be braindumps on http://leuthard.ch/mcse/640-407.shtml but they were 3 years old by now. I beleive you can try the discussion boards on cramsession.com for more braindumps on all the test up to the CCIE lab. I have even seen CCIE lab braindumps from as recently as Dec. 28, 2001. ""eli"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hey group- > > I am interesting in taking the CCNA exam . I need web site information or > links witch give example tests , Brain dumps , > study guides , lab practices & more ... > > thank you all > > HAPPY NEW YEAR > > Eli Aviv Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30661&t=30657 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Autosense this ... (add to your knowledgebase) [7:30446]
Someone at Cisco was just telling me about a guy who came in from Korea to take the CCIE lab and during lunch, he called TAC on one of the problems. The TAC tech recognized the problem as a lab problem from his CCIE test, called down to the lab instructors to see if that person was taking the lab, and sure enough he was. He was busted and sent back home. I don't agree with what he did, but I find it amusing none the less. ""Steven A. Ridder"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Thanks. > > > ""Priscilla Oppenheimer"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Yes, it's in IEEE 802.3. It's in Clause 28 of the IEEE 802.3 2000 Edition. > > It might have been in earlier versions too. > > > > Priscilla > > > > At 02:31 PM 12/31/01, Steven A. Ridder wrote: > > >Is there any standardization for autonegotiation like 802.x or something. > I > > >have never heard of anything like it, and maybe that's half the problem? > > > > > > > > >""Priscilla Oppenheimer"" wrote in message > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Auto-negotiation is infamous for not working as advertised! ;-) It's > not > > > > just Cisco equipment. > > > > > > > > There is definitely a problem when introducing older 10BaseT equipment > > >into > > > > the equation, which it sounds like Ole did. Perhaps one of the more > > > > hardware, physical-layer type engineers remembers more of the details > > than > > > > I do, but from what I understand the 100-Mbps fast link pulses used > for > > > > auto-negotiation produce enough signal in the frequency band of the > > >10-Mbps > > > > link pulses such that the 10-Mbps chip thinks it sees a signal and > > doesn't > > > > re-negotiate or drop or establish link integrity as it should. > > > > > > > > It's definitely strange that STP noticed a problem when other > > applications > > > > didn't. I'll have to ponder that one.. > > > > > > > > Priscilla > > > > > > > > > > > > At 10:26 AM 12/31/01, [EMAIL PROTECTED] wrote: > > > > >It's been more than once when I've encountered > autonegotiation/autosense > > > > >issues between a Cisco router and Cisco switch. I've even seen > problems > > > > >when both interfaces were 10/100 and both hard-coded to 100/full and > the > > > > >link wouldn't come up. This may a chink in the Cisco armor as I > rarely > > > > >encounter issues with autonegotiation/autosense with other equipment > but > > > > >when I install a new Cisco network, one thing I ALWAYS have to do is > go > > > > >through the 10/100 ports of every switch and look for duplex (and > > >sometimes > > > > >speed) mismatches. Crazy... > > > > > > > > > >Rik > > > > > > > > > >-Original Message- > > > > >From: Kane, Christopher A. [mailto:[EMAIL PROTECTED]] > > > > >Sent: Saturday, December 29, 2001 11:02 PM > > > > >To: [EMAIL PROTECTED] > > > > >Subject: RE: Autosense this ... (add to your knowledgebase) [7:30446] > > > > > > > > > > > > > > >It's unfortunate that sometimes when things break, they don't perform > in > > > > >expected ways. Rather it truly was an Autosense problem or not, who > > >knows. > > > > >But it brings up a chance to talk about Autosense. I've had it bite > me > > >more > > > > >than once. I've had problems with Autosense that didn't show up until > > >months > > > > >after installation. It doesn't matter if its Cisco to Cisco or Cisco > to > > > > >another vendor, I've had to lock down ports at certain speeds and > modes > > >to > > > > >solve problems on several occasions. Just to pass along some > experience, > > >you > > > > >may always be better off hard setting your options. Nice persistence > Mr. > > > > >Jensen, it's cool to stick with something until you can make it work. > > > > > > > > > >Chris > > > > > > > > > >-Original Message- > > > > >From: Chuc
Re: Autosense this ... (add to your knowledgebase) [7:30446]
Thanks. ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Yes, it's in IEEE 802.3. It's in Clause 28 of the IEEE 802.3 2000 Edition. > It might have been in earlier versions too. > > Priscilla > > At 02:31 PM 12/31/01, Steven A. Ridder wrote: > >Is there any standardization for autonegotiation like 802.x or something. I > >have never heard of anything like it, and maybe that's half the problem? > > > > > >""Priscilla Oppenheimer"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Auto-negotiation is infamous for not working as advertised! ;-) It's not > > > just Cisco equipment. > > > > > > There is definitely a problem when introducing older 10BaseT equipment > >into > > > the equation, which it sounds like Ole did. Perhaps one of the more > > > hardware, physical-layer type engineers remembers more of the details > than > > > I do, but from what I understand the 100-Mbps fast link pulses used for > > > auto-negotiation produce enough signal in the frequency band of the > >10-Mbps > > > link pulses such that the 10-Mbps chip thinks it sees a signal and > doesn't > > > re-negotiate or drop or establish link integrity as it should. > > > > > > It's definitely strange that STP noticed a problem when other > applications > > > didn't. I'll have to ponder that one.. > > > > > > Priscilla > > > > > > > > > At 10:26 AM 12/31/01, [EMAIL PROTECTED] wrote: > > > >It's been more than once when I've encountered autonegotiation/autosense > > > >issues between a Cisco router and Cisco switch. I've even seen problems > > > >when both interfaces were 10/100 and both hard-coded to 100/full and the > > > >link wouldn't come up. This may a chink in the Cisco armor as I rarely > > > >encounter issues with autonegotiation/autosense with other equipment but > > > >when I install a new Cisco network, one thing I ALWAYS have to do is go > > > >through the 10/100 ports of every switch and look for duplex (and > >sometimes > > > >speed) mismatches. Crazy... > > > > > > > >Rik > > > > > > > >-Original Message- > > > >From: Kane, Christopher A. [mailto:[EMAIL PROTECTED]] > > > >Sent: Saturday, December 29, 2001 11:02 PM > > > >To: [EMAIL PROTECTED] > > > >Subject: RE: Autosense this ... (add to your knowledgebase) [7:30446] > > > > > > > > > > > >It's unfortunate that sometimes when things break, they don't perform in > > > >expected ways. Rather it truly was an Autosense problem or not, who > >knows. > > > >But it brings up a chance to talk about Autosense. I've had it bite me > >more > > > >than once. I've had problems with Autosense that didn't show up until > >months > > > >after installation. It doesn't matter if its Cisco to Cisco or Cisco to > > > >another vendor, I've had to lock down ports at certain speeds and modes > >to > > > >solve problems on several occasions. Just to pass along some experience, > >you > > > >may always be better off hard setting your options. Nice persistence Mr. > > > >Jensen, it's cool to stick with something until you can make it work. > > > > > > > >Chris > > > > > > > >-Original Message- > > > >From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] > > > >Sent: Saturday, December 29, 2001 6:14 PM > > > >To: [EMAIL PROTECTED] > > > >Subject: Re: Autosense this ... (add to your knowledgebase) [7:30446] > > > > > > > > > > > >An interesting read, particularly since I am reviewing Kennedy clark's > >cisco > > > >Lan Switching book prior to reviewing Cat5K and Cat 3920 configuration. > > > > > > > >I am somewhat surprised at both the phenomenon and the concludion. > >Spanning > > > >tree blocks for particular reasons. > > > > > > > >when you concluded that your configurations were identical at all > >offices, > > > >does that mean that your port negotiations were set to auto everywhere > >else? > > > >both on the routers and on the local switches? if so, I would expect to > >see > > > >similar problems elsewh
Re: Autosense this ... (add to your knowledgebase) [7:30446]
Is there any standardization for autonegotiation like 802.x or something. I have never heard of anything like it, and maybe that's half the problem? ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Auto-negotiation is infamous for not working as advertised! ;-) It's not > just Cisco equipment. > > There is definitely a problem when introducing older 10BaseT equipment into > the equation, which it sounds like Ole did. Perhaps one of the more > hardware, physical-layer type engineers remembers more of the details than > I do, but from what I understand the 100-Mbps fast link pulses used for > auto-negotiation produce enough signal in the frequency band of the 10-Mbps > link pulses such that the 10-Mbps chip thinks it sees a signal and doesn't > re-negotiate or drop or establish link integrity as it should. > > It's definitely strange that STP noticed a problem when other applications > didn't. I'll have to ponder that one.. > > Priscilla > > > At 10:26 AM 12/31/01, [EMAIL PROTECTED] wrote: > >It's been more than once when I've encountered autonegotiation/autosense > >issues between a Cisco router and Cisco switch. I've even seen problems > >when both interfaces were 10/100 and both hard-coded to 100/full and the > >link wouldn't come up. This may a chink in the Cisco armor as I rarely > >encounter issues with autonegotiation/autosense with other equipment but > >when I install a new Cisco network, one thing I ALWAYS have to do is go > >through the 10/100 ports of every switch and look for duplex (and sometimes > >speed) mismatches. Crazy... > > > >Rik > > > >-Original Message- > >From: Kane, Christopher A. [mailto:[EMAIL PROTECTED]] > >Sent: Saturday, December 29, 2001 11:02 PM > >To: [EMAIL PROTECTED] > >Subject: RE: Autosense this ... (add to your knowledgebase) [7:30446] > > > > > >It's unfortunate that sometimes when things break, they don't perform in > >expected ways. Rather it truly was an Autosense problem or not, who knows. > >But it brings up a chance to talk about Autosense. I've had it bite me more > >than once. I've had problems with Autosense that didn't show up until months > >after installation. It doesn't matter if its Cisco to Cisco or Cisco to > >another vendor, I've had to lock down ports at certain speeds and modes to > >solve problems on several occasions. Just to pass along some experience, you > >may always be better off hard setting your options. Nice persistence Mr. > >Jensen, it's cool to stick with something until you can make it work. > > > >Chris > > > >-Original Message- > >From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] > >Sent: Saturday, December 29, 2001 6:14 PM > >To: [EMAIL PROTECTED] > >Subject: Re: Autosense this ... (add to your knowledgebase) [7:30446] > > > > > >An interesting read, particularly since I am reviewing Kennedy clark's cisco > >Lan Switching book prior to reviewing Cat5K and Cat 3920 configuration. > > > >I am somewhat surprised at both the phenomenon and the concludion. Spanning > >tree blocks for particular reasons. > > > >when you concluded that your configurations were identical at all offices, > >does that mean that your port negotiations were set to auto everywhere else? > >both on the routers and on the local switches? if so, I would expect to see > >similar problems elsewhere. > > > >is it possible that there was a duplicate mac someplace in another part of > >the bridged network, one that was being picked up by STP and interpreted as > >a loop? You mention changing macs of interfaces as part of your > >experimentation. Are you certain that this process was not part of the > >solution? > > > >To be frank, I'm hard pressed to come up with a reason why the FE port on > >the router would go into blocking. I can see that hapening on the serial > >port for reasons that have been discussed on this group in the past. I can't > >come up with a rationale as to why hard setting of speed and duplex would > >make a difference. I suppose one MIGHT conclude that if the port is in full > >duplex, the STP process MIGHT see a loop occuring over the two different > >wire pairs. that's about the only wild rationale I can come up with. And > >that one is really stretching the point / bug / whatever. > > > >In any case, thanks for the good read. > > > >Chuck > > > > > >""Ole Drews Jensen"&qu
Re: Cisco LRE ( Long Reach Ethernet ) [7:30553]
I'm dying here at work as well. Too boring even to study today. ""Chuck Larrieu"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Is it slow at work today or what? > > I was browsing CCO and ran across something called "long reach ethernet" > > http://newsroom.cisco.com/dlls/ts_122701.html > > http://www.cisco.com/warp/public/779/servpro/solutions/long_ethernet/ > > lots more. > > Interesting product and market. Interesting, because on the surface, it > doesn't seem like it would be less expensive than re-wiring, but if one > looks at someplace like a hotel, where ripping walls out to string a new > wiring infrastructure would be exceedingly disruptive, it makes sense. > > Anyone looked into this? done it? this appears to be a very new product to > Cisco. the web docs are dated within the last few weeks. > > Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30555&t=30553 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Study aids [7:30517]
I just did a serach and people on amazon hate it. I wouldn't waste your money. ""Rob"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi folks, > > Anyone have any experience with the Cisco CCNP Training Kit? Any info > or comments will be very welcome and appreciated. > > Thanks, > Rob Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30554&t=30517 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: arp [7:30548]
Who is it trying to talk to? What is supposed to be happening? And what is it that is happening exactly? ""Tom Richs"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Anyone know why machines on a switch are arping itself such that it can't > communicate with anything else except itself. > > > _ > Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30549&t=30548 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Why use wildcard mask [7:30473]
How is wildcard the natural method for hardware to match on? I can't conceptualize it. I write it out in binary, and I can't figure out what operation a processor would use to match on. ""Howard C. Berkowitz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I asked one of the IOS developers about it, and he pointed out that > access lists were developed before subnetting. The wildcard mask is > the natural way hardware does matching. > > When subnets were defined, their documentation specified subnet > masks. With 20/20 hindsight, it might have been a good idea to go > back and change wildcard masks, but, of course, that would have > introduced compatibility problems. > > > > >I think is all originated from the principles of: > >1 = Do not Cares (Matches everything and anything) > >0 = Cares ( Matches only identical corresponding digit) > > > >Maybe it is a hang-on from the old binary digit stuff. Man you have no > >choice than to do the inverse, else your access-list would not work, except > >you are ready to develope a router IOS that will use the direct mask. > > > >Goodluck > > > >Regards. > >Oletu > > > >- Original Message - > >From: > >To: > >Sent: Saturday, December 29, 2001 10:50 PM > >Subject: Why use wildcard mask [7:30473] > > > > > >> Hi All, > >> > >> I am trying to find out why we do an inverse/wildcard > >> masks while using access lists? > >> > >> For example, if I want to deny 192.168.1.0 255.255.255.0 > >> network, on the access list, we configure this > >> as 192.168.1.0 0.0.0.255, but why do we do it this > >> way instead of 255.255.255.0. > >> > >> All this seems to be is just an inverse relationship pointing back at the > >> same thing? Even if I want to get specific and deny 192.168.1.0 > >> 255.255.255.192, this translates to 192.168.1.0 0.0.0.63, which seems to > >be > >> just the standard mask and subtract 255.255.255.255. > >> > >> Is there a specific reason why we do inverse mask? It seems to be easier > >> just to configure it with normal masks. This way, we skip on an extra > >> procedure. > >> > >> thanks > >> Mike > >_ > >Do You Yahoo!? > >Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30487&t=30473 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Autosense this ... (add to your knowledgebase) [7:30446]
The Autosense feature should be taken with a grain of salt. If you need a specific connection to work, you should set the speed and duplex manually. One of the first thing I became aware of many years ago is that most "auto" features are spastic at best ON ANY EQUIPMENT. Not just Cisco!I have had strange problems when the equipment rebooted later on. If you set it when you configure the interface you will save a lot of grief. I also recommend this action for client stations. To eliminate problems specify in your Policy and Procedures manual that "Autosense" is not to be used. Dom Marino ""Ole Drews Jensen"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > After a fun evening last night, I have decided not to trust the autosensing > on ethernet interfaces anymore. > > I was at a branch office where the users could not access the corporate > network. The router, a 1720 setup as a bridge with the same IP address for > the FastEthernet as the Serial subinterface, both configured for > bridge-group 1. It was connected to a 2620 at the corporate office via a > Fractional Frame Relay connection. > > I changed the switch out with an old spare hub I had lying around, and > connected only one workstation from the local network. After starting the > router up, I could ping the local workstation, and I could ping devices on > the corporate network, so both my FastEthernet and Serial interfaces were > working fine. However, I could not ping anything on the corporate network > from my workstation, nor could I from a telnet connection to my corporate > router ping the workstation, so traffic was not being passed through between > the interfaces. > > That looked like a typical routing problem, but the only problem was that I > was not routing, I was bridging, so ? > > I did a "show bridge 1 group" and saw that the FastEthernet was in a > blocking state by the spanning tree, so something was wrong here. I cleared > the arp table on the router and on all other routers and switches. I tried > to assign a different mac address to the FE interface. I tried a different > workstation. No matter what I did, it kept being in a blocking state. > > I went in and did a "bridge-group 1 spanning-disabled" on the interface, and > it changed to forwarding state, but I could still not pass traffic through. > > This is when I called TAC, but after I guided them through to a telnet > connection to my routers, they decided after three hours that something > weird was going on with the router, and they did an RMA for a replacement > unit. > > However, I decided to continue my troubleshooting, because I hate to give > up. I reconfigured everything, I tried to create a bridge-group 2 instead, I > forced it into IP routing, and back off it again, but no matter what, it > kept going into blocking mode (I had removed the spanning-disabled command > again at that time). > > That's when it hit me to try and force the speed on the interface. It was in > AUTO, and my switch had been auto 10/100, but my hub was only 10. I changed > it from auto to 10 and power cycled the router. PLING!!! Now it started up > and after the listening and learning, it went in forwarding state, and I > could now ping through my router, and I could connect my workstation to the > corporate network. > > What makes this strange is that I can apparently use my FastEthernet > interface from the router even though the speed is wrong, but the STP see's > this and blocks the interface for switched traffic. WEIRD! > > Read the entire case study here: > > http://www.RouterChief.com/CaseStudies/1.htm > > Ole > > > Ole Drews Jensen > Systems Network Manager > CCNP, MCSE, MCP+I > RWR Enterprises, Inc. > [EMAIL PROTECTED] > http://www.RouterChief.com > > NEED A JOB ??? > http://www.oledrews.com/job > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30476&t=30446 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Autosense this ... (add to your knowledgebase) [7:30446]
It's unfortunate that sometimes when things break, they don't perform in expected ways. Rather it truly was an Autosense problem or not, who knows. But it brings up a chance to talk about Autosense. I've had it bite me more than once. I've had problems with Autosense that didn't show up until months after installation. It doesn't matter if its Cisco to Cisco or Cisco to another vendor, I've had to lock down ports at certain speeds and modes to solve problems on several occasions. Just to pass along some experience, you may always be better off hard setting your options. Nice persistence Mr. Jensen, it's cool to stick with something until you can make it work. Chris -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 6:14 PM To: [EMAIL PROTECTED] Subject: Re: Autosense this ... (add to your knowledgebase) [7:30446] An interesting read, particularly since I am reviewing Kennedy clark's cisco Lan Switching book prior to reviewing Cat5K and Cat 3920 configuration. I am somewhat surprised at both the phenomenon and the concludion. Spanning tree blocks for particular reasons. when you concluded that your configurations were identical at all offices, does that mean that your port negotiations were set to auto everywhere else? both on the routers and on the local switches? if so, I would expect to see similar problems elsewhere. is it possible that there was a duplicate mac someplace in another part of the bridged network, one that was being picked up by STP and interpreted as a loop? You mention changing macs of interfaces as part of your experimentation. Are you certain that this process was not part of the solution? To be frank, I'm hard pressed to come up with a reason why the FE port on the router would go into blocking. I can see that hapening on the serial port for reasons that have been discussed on this group in the past. I can't come up with a rationale as to why hard setting of speed and duplex would make a difference. I suppose one MIGHT conclude that if the port is in full duplex, the STP process MIGHT see a loop occuring over the two different wire pairs. that's about the only wild rationale I can come up with. And that one is really stretching the point / bug / whatever. In any case, thanks for the good read. Chuck ""Ole Drews Jensen"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > After a fun evening last night, I have decided not to trust the autosensing > on ethernet interfaces anymore. > > I was at a branch office where the users could not access the corporate > network. The router, a 1720 setup as a bridge with the same IP address for > the FastEthernet as the Serial subinterface, both configured for > bridge-group 1. It was connected to a 2620 at the corporate office via a > Fractional Frame Relay connection. > > I changed the switch out with an old spare hub I had lying around, and > connected only one workstation from the local network. After starting the > router up, I could ping the local workstation, and I could ping devices on > the corporate network, so both my FastEthernet and Serial interfaces were > working fine. However, I could not ping anything on the corporate network > from my workstation, nor could I from a telnet connection to my corporate > router ping the workstation, so traffic was not being passed through between > the interfaces. > > That looked like a typical routing problem, but the only problem was that I > was not routing, I was bridging, so ? > > I did a "show bridge 1 group" and saw that the FastEthernet was in a > blocking state by the spanning tree, so something was wrong here. I cleared > the arp table on the router and on all other routers and switches. I tried > to assign a different mac address to the FE interface. I tried a different > workstation. No matter what I did, it kept being in a blocking state. > > I went in and did a "bridge-group 1 spanning-disabled" on the interface, and > it changed to forwarding state, but I could still not pass traffic through. > > This is when I called TAC, but after I guided them through to a telnet > connection to my routers, they decided after three hours that something > weird was going on with the router, and they did an RMA for a replacement > unit. > > However, I decided to continue my troubleshooting, because I hate to give > up. I reconfigured everything, I tried to create a bridge-group 2 instead, I > forced it into IP routing, and back off it again, but no matter what, it > kept going into blocking mode (I had removed the spanning-disabled command > again at that time). > > That's when it hit me to try and force the speed on the interface. It was in > AUTO, and my switch had been auto
Re: simple ip monitor [7:30433]
Cisco will be comming out with DHRP which will do just that. ""2387"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello, I am looking for a simple program to monitor an ip and email me when > it > goes up or down. Can anyone recommend a very basic program like this? > thank you Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30437&t=30433 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Active CCIE? [7:30341]
Somebody spending too much quality time with BGP lately? -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Friday, December 28, 2001 3:02 PM To: [EMAIL PROTECTED] Subject: Re: Active CCIE? [7:30341] when you are trying to study for the recertification test, but you have too much work to do in your real job, are you "stuck in active"? when you are taking the test, are you "open confirm"? after you have completed the test, and have clicked the "complete" button, but have not yet received your grade, is this "open sent"? Chuck ""Leigh Anne Chisholm"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > There are three possible states of a CCIE: Active, Suspended, and Inactive. > Active indicates you are a CCIE in good standing - you've met all of the > certification requirements. When you first pass your lab, you are an active > CCIE for a period of two years. In order to remain active, you must pass a > recertification exam within the Active period. If the recertification exam > is > not passed, your status changes to "Suspended". To reinstate Active status, > only the recertification exam must be passed (and not the lab). When you > pass > the recertification exam, your certification will be Active for a period of > two years COMMENCING THE DATE THE CERTIFICATION WAS SUSPENDED not not two > years from the date of having passed the recertification exam. If you do not > recertify within the one year Suspended period, your certification is > classified as Inactive. > > If you are Suspended or Inactive, you're still able to refer to yourself as a > CCIE but you must indicate your current certification status so as not to > mislead anyone into thinking your certification is up-to-date. > > Cisco's site provides a bit of information on this... > (http://www.cisco.com/warp/public/625/ccie/recertifications/recertification. ht > ml#8): > > 8. What happens if I don't recertify? > > If you do not recertify by the deadline, you will be placed on "suspended" > CCIE status. Suspended status means that you are not eligible for any CCIE > benefits. Loss of CCIE active status means that as an individual you lose > your > privileges with Open Forum and cannot order CCIE merchandise through Cisco > MarketPlace. Until you recertify, you can no longer be counted by your > employer as being a CCIE which can effect benefits and discounts. > > If you recertify while you have suspended status, the next recertification > period will be less than 24 months. For example, if someone is 6 months late > in recertifying, they will be required to recertify within 18 months rather > than the normal 2 years. > > After one year of suspended status, you will then have inactive status. You > will be required to take the CCIE Qualification exam and the CCIE Lab exam to > restore your CCIE active status. > > > -- Leigh Anne > > > > > -Original Message- > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Steven A. Ridder > Sent: Friday, December 28, 2001 11:24 AM > To: [EMAIL PROTECTED] > Subject: Active CCIE? [7:30341] > > > What defines an active CCIE? The thing I don't get is you have to recertify > every two years, but the cert can expire after one if you are not "active". > What is active? Do you have to answer e-mail surveys every month or > something? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30389&t=30341 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: certification salary posting-a new direction [7:30237]
I don't think the survey's are inflated. There's one on tcp mag also that seems OK too. They seem right on topic. ""Puckette, Larry (TIFPC)"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > A new direction for the topic It seems that the consensus is that the > surveys are inflated. I cannot think of a better forum that would give an > accurate result than this one. And with the topic having strung on this > long, I must not be the only one on the list that has this on their mind > right now. Has the list ever did it's own survey to get a more realistic > view? Knowing that they aren't underpaid or as underpaid may remove some > strife from some, and let them focus more on studying > > Larry Puckette > Network Analyst CCNA,MCP,LANCP > Temple Inland > [EMAIL PROTECTED] > 512/434-1838 > > -Original Message- > From: Kaminski, Shawn G [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 28, 2001 10:43 AM > To: [EMAIL PROTECTED] > Subject: RE: certification salary posting [7:30237] > > I don't know about the rest of you, but I feel that these salary surveys are > a load of crap. As Sam mentioned, he doesn't support the claims of the > salary survey and I agree with him. I think the name of these survey's > should be changed to "Salary's that we wish we made". People are probably > ashamed of the salary's they actually make and inflate the crap out of them > for the survey. Just my opinion. > > Shawn > > -Original Message- > From: sam sneed [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 27, 2001 6:21 PM > To: [EMAIL PROTECTED] > Subject: certification salary posting [7:30237] > > > group, > > I found this link on a microsoft site. It mainly analyzes the the salaries > of people holding Microsoft certifications. The applicable part is on the > 3rd page of the report which lists the estimated salaries of all different > cert's including CCNA,CCNP, CCIE. > > http://mcpmag.com/salarysurveys/ > > I'm not supporting the claims on this site. I'm posting it here because > people always ask the list for this info so i hope noone comes after me for > posting this. I currently hold MCSE and CCNA with 2.5 years experience and > don't make what the list says my average would be, and this is working in > NYC where they pay very well. > > food for thought > > sam sneed Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30374&t=30237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Active CCIE? [7:30341]
I think you've been studying too much. :) ""Chuck Larrieu"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > when you are trying to study for the recertification test, but you have too > much work to do in your real job, are you "stuck in active"? > > when you are taking the test, are you "open confirm"? > > after you have completed the test, and have clicked the "complete" button, > but have not yet received your grade, is this "open sent"? > > Chuck > > > > ""Leigh Anne Chisholm"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > There are three possible states of a CCIE: Active, Suspended, and > Inactive. > > Active indicates you are a CCIE in good standing - you've met all of the > > certification requirements. When you first pass your lab, you are an > active > > CCIE for a period of two years. In order to remain active, you must pass > a > > recertification exam within the Active period. If the recertification > exam > > is > > not passed, your status changes to "Suspended". To reinstate Active > status, > > only the recertification exam must be passed (and not the lab). When you > > pass > > the recertification exam, your certification will be Active for a period > of > > two years COMMENCING THE DATE THE CERTIFICATION WAS SUSPENDED not not two > > years from the date of having passed the recertification exam. If you do > not > > recertify within the one year Suspended period, your certification is > > classified as Inactive. > > > > If you are Suspended or Inactive, you're still able to refer to yourself > as a > > CCIE but you must indicate your current certification status so as not to > > mislead anyone into thinking your certification is up-to-date. > > > > Cisco's site provides a bit of information on this... > > > (http://www.cisco.com/warp/public/625/ccie/recertifications/recertification. > ht > > ml#8): > > > > 8. What happens if I don't recertify? > > > > If you do not recertify by the deadline, you will be placed on "suspended" > > CCIE status. Suspended status means that you are not eligible for any CCIE > > benefits. Loss of CCIE active status means that as an individual you lose > > your > > privileges with Open Forum and cannot order CCIE merchandise through Cisco > > MarketPlace. Until you recertify, you can no longer be counted by your > > employer as being a CCIE which can effect benefits and discounts. > > > > If you recertify while you have suspended status, the next recertification > > period will be less than 24 months. For example, if someone is 6 months > late > > in recertifying, they will be required to recertify within 18 months > rather > > than the normal 2 years. > > > > After one year of suspended status, you will then have inactive status. > You > > will be required to take the CCIE Qualification exam and the CCIE Lab exam > to > > restore your CCIE active status. > > > > > > -- Leigh Anne > > > > > > > > > -Original Message- > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > Steven A. Ridder > > Sent: Friday, December 28, 2001 11:24 AM > > To: [EMAIL PROTECTED] > > Subject: Active CCIE? [7:30341] > > > > > > What defines an active CCIE? The thing I don't get is you have to > recertify > > every two years, but the cert can expire after one if you are not > "active". > > What is active? Do you have to answer e-mail surveys every month or > > something? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30361&t=30341 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: new ccie written exam [7:30346]
Not for a while. There hasn't even been a beta yet. They'll announce the change months in advance. ""gavin"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Does anyone know if the ccie written will change on Jan 1 > > Or sometime therafter? > > Gavin A Welch > WCSP, CCNA, CCNP > Pocket Networks > > " The best way to predict the future is to invent it." > - Alan Kay > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.310 / Virus Database: 171 - Release Date: 12/19/2001 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30349&t=30346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Interactive Mentor [7:30344]
I tried the online ones that are free from Cisco and they're pretty good for the basic and intermediate stuff. There are only a few that are free though and you need to have avalid login. No guest accounts. ""juno vtv"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Has anyone ever used CIM? Any feedback on this product? > > -junovtv Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30348&t=30344 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Active CCIE? [7:30341]
What defines an active CCIE? The thing I don't get is you have to recertify every two years, but the cert can expire after one if you are not "active". What is active? Do you have to answer e-mail surveys every month or something? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30341&t=30341 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Parkhurst Ch. 8, first lab, RESOLVED [7:30317]
I thought the .# (EX: 12.2(1.2) the .2 means it was internal build) after in a IOS release meant it was internal build only? How could one DL an internal IOS build? ""Kane, Christopher A."" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > As a final fwp to this post, I opened a case with Cisco and found that > indeed I had run into an IOS Bug. IOS 12.1E, 12.1T and 12.2 are not > recommended as they all suffer from this bug. Apparently this was broken > somewhere in 12.1. Here is a list of versions that have the fix: > > 12.2(2.2)T 12.2(1.2) 12.2(1.2)PI 12.2(1.4)S 12.1(08a)E 12.2(3.4)PB > 12.1(8.5)E02 12.2(3.4)B 12.1(7.5)EC01 12.1(9.5)EC > > > Thanks again for those that banged on this with me. > > Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30336&t=30317 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Parkhurst Ch. 8, first lab, RESOLVED [7:30317]
As a final fwp to this post, I opened a case with Cisco and found that indeed I had run into an IOS Bug. IOS 12.1E, 12.1T and 12.2 are not recommended as they all suffer from this bug. Apparently this was broken somewhere in 12.1. Here is a list of versions that have the fix: 12.2(2.2)T 12.2(1.2) 12.2(1.2)PI 12.2(1.4)S 12.1(08a)E 12.2(3.4)PB 12.1(8.5)E02 12.2(3.4)B 12.1(7.5)EC01 12.1(9.5)EC Thanks again for those that banged on this with me. Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30317&t=30317 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Practical Studies by Cisco Press [7:30243]
Looking at the table of contents, there's no BGP. Table of Contents I: Modeling the Internetwork 1: The key components for modeling an internetwork II: Modeling Local Area Networks, LANS 2: Identifying and configuring the key components for modeling LANs III: Connecting LANS with Wide Area Networks, WANS 3: WAN protocols and Technologies: HDLC 4: WAN protocols and Technologies: PPP 5: WAN protocols and Technologies: Frame Relay 6: WAN protocols and Technologies: Voice Over X 7: WAN protocols and Technologies: ISDN 8: WAN protocols and Technologies: ATM IV: Routing Protocols; Providing Transport for Data from One Network to the Next 9: Distance Vector Protocols: RIP and RIP II 10: Distance Vector: IGRP 11: Hybrid: EIGRP 12: Link State Protocols: OSPF V: Configuring and Transporting Other Network Protocols 13: Bridging non-routable protocols and Data Link Switching Plus VI: Controlling Networks and Network Access 14: Mastering Access Lists VII: Enhanced Network Protocols; The Quick and Dirty Feature Sets 15: Configuring NAT 16: Using HSRP 17: Configuring NTP 18: Final Practice Labs Appendix A: Route Maps Appendix B: ISDN Cause codes Appendix C: RFC List Appendix D: ISO Model Appendix E: Common Cable types and pinouts ""John Neiberger"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I know this just came out recently but I'm wondering if any of you have > it yet? I don't know why I'm asking now since my copy will be here > tomorrow. :-) I'm just curious to see if anyone else has had a chance > to crack its pages yet. > > John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30302&t=30243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Practical Studies by Cisco Press [7:30243]
The guy's description said it was brand new, even though the category said used. I can't imagine it being used. ""juno vtv"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I only see one in stock at half.com and it's used. Am I in the wrong place? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30260&t=30243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Practical Studies by Cisco Press [7:30243]
half.com has it brand new for $50.00. I just ordered one. ""Jim Brown"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I think it ROCKS! > > John, you could have purchased it at SoftPro Books since the middle of last > week. > > -Original Message- > From: John Neiberger [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 27, 2001 5:18 PM > To: [EMAIL PROTECTED] > Subject: CCIE Practical Studies by Cisco Press [7:30243] > > > I know this just came out recently but I'm wondering if any of you have it > yet? I don't know why I'm asking now since my copy will be here tomorrow. > :-) I'm just curious to see if anyone else has had a chance to crack its > pages yet. > > John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30256&t=30243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Practical Studies by Cisco Press [7:30243]
Why does Cisco want so many people to get their CCIE? ""Rich Russell"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > www.bestwebbuys.com/books > > ranks the books from cheapest to most expensive with shipping > > Rich > www.thetestpage.net > > ""juno vtv"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Thanks, > > > > I found it on different sites but was hoping I can find the best price. I > > usually buy from bookpool but they do not have any. So if anybody can > tell > > me where I can get the best price, I would appreciate it. Thanks! > > > > -junovtv Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30254&t=30243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MPLS and Patents [7:30244]
I was reading on the IETF pages that IBM claims to have patented some or all portions of the MPLS IETF standards. How valid is their claim and could it hold up? I remember a few years ago that Lucent was trying to cash in on ATM which BellLabs invented in the 80's. That didn't seem to go nowhere? I can porbably guess that no one is a lawyer in this group, but I thought I'd ask anyways. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30244&t=30244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: LAN sub-interface routing [7:30225]
In a secondary interface, you can have 1 interface with 2 addresses/subnets. A subinterface is different in that you create multiple interfaces, as opposed to the 1 in the secondary interface. You do all the addressing by creating sepreate logical interfaces. These subinterfaces look like seperate physical interfaces to the routing protocol. ""John Mairs"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Thank you sir! I appreciate your time on this. one > side though if it's ok, what is the difference between > secondary interfaces and sub-interfaces? > > John > > > --- Darren Crawford wrote: > > You will have to use secondary addressing. > > > > interface ethernet 0 > > ip address 10.1.1.1 255.255.255.0 > > ip address 10.1.2.1 255.255.255.0 secondary > > > > HTH > > > > Darren > > > > At 03:10 PM 12/27/2001 -0500, John Mairs wrote: > > >Hi, > > > > > >I have a 2501 (one ethernet interface) and I wanted > > to > > >route over that interface by setting up two > > >sub-interfaces. I can't assign an address because > > it > > >replies with > > > > > >"configuring IP routing on a LLAN subinterface is > > only > > >allowed if that subinterface is already configured > > as > > >part of an IEEE 802.10 or ISL vLAN." > > > > > >what will I need to do (specifically if you can) to > > >route over a single E0 interface? > > > > > >thanks > > > > > >__ > > >Do You Yahoo!? > > >Send your FREE holiday greetings online! > > >http://greetings.yahoo.com > > [EMAIL PROTECTED] > > > > > > x$:0`0:$xx$:0`0:$xx$:0`0:$xx$: > > > > Lucent Technologies > > NetworkCare Professional Services > > http//www.lucent.com/netcare/ > > Darren S. Crawford - CCNP, CCDP, CCIE TBA > > > > Northwest Region - Sacramento Office > > Voicemail (916) 859-5200 x310 > > Pager (800) 467-1467 > > mailto:[EMAIL PROTECTED] > > > > x$:0`0:$xx$:0`0:$xx$:0`0:$xx$: > > > > "You always have time for things you put first" - > > Tucker Resources > > > > > > > = > John L. Mairs > > __ > Do You Yahoo!? > Send your FREE holiday greetings online! > http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30235&t=30225 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CIPT & EVVOD [7:30200]
I took them both. CIPT is easy, not very detailed and a Sylvain test. I had about 60 questions, not 125. EVODD and PBX Fundamentals are hard and are online and not fun. QOS is just as bad. ""Dave Luancing"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Has anyone taken the CIPT or EVVOD exams. I am having > a hard time finding information to study for the exam. > > I was wondering if the CIPT is very detailed or if it > is a more general test since it is 115 to 125 > questions. Did you feel you had enough time to take > the exam? > > - D.L. > > __ > Do You Yahoo!? > Send your FREE holiday greetings online! > http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30204&t=30200 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Howard Berkowitz to speak at EveCon 19 [7:30121]
Priscilla, To answer your question about the movie, I have seen it and it is excellent. Chris -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 12:47 AM To: [EMAIL PROTECTED] Subject: Re: Howard Berkowitz to speak at EveCon 19 [7:30121] >Chuck, > You'll get my vote on being the Saruman! Howard, is it possible >that there might be a few copies of your new book on hand for sale. I got >to thinking a signed copy would do nicely for all of us who haven't seen the >movie yet...Imagine that, a book signed by the "Gandalf of Networking" > >Priscilla thanks for the thought. Sounds like "ebay" material to me... :-> > >Nigel Well, the new one isn't out yet...I don't have the date yet, other than early 2002. I will have some additional Web presence Real Soon Now, but that's hard to sign. > >- Original Message - >From: "Chuck Larrieu" >To: >Sent: Wednesday, December 26, 2001 8:33 PM >Subject: Re: Howard Berkowitz to speak at EveCon 19 [7:30121] > > >> who's the Balrog of networking? who's the Saruman? >> >> >> ""Priscilla Oppenheimer"" wrote in message >> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> > So, completely OT, but has anyone seen the first LOTR movie yet? Is it >any >> > good? I think Howard could be considered the Gandalf of networking. ;-) >> > >> > Priscilla >> > >> > >> > At 04:53 PM 12/26/01, Bruce Evry wrote: >> > >Dear Friends, >> > > >> > > Howard Berkowitz will be doing a presentation this coming >> weekend, >> > >where he will combine his knowledge of Network Design with his >expertise >> > >at all things Monty Python. Should be fascinating! >> > > >> > > EveCon 19 is a Science Fiction and Fact convention, that in >> > >addition to several other talks on computer topics (and routing...) has >> > >such things as Costume workshops, Chainmail lessons, 24 hour movies on >a >> > >180 inch projection tv, and the traditional drummers and belly dancers. >> > > >> > > Place is the Sheraton Reston Hotel in sunny Reston, Virginia. >> > > The convention runs from Friday until Sunday, non-stop. Cost >> $30. >> > > Howard's presentation will be at 3 pm in the Video Room. >> > > Bring your own Parrot! >> > > >> > > Yours Truly - Bruce Evry >> > >> > >> > Priscilla Oppenheimer >> > http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30183&t=30121 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Parkhurst Ch. 8 first lab not working [7:30115]
SUCCESS!! I wanted to pass along a thanks to those of you that took the time to work on this yesterday. Further, wanted you to know that I have successfully configured it today. I was trying this yesterday on 2 2600s that were running Version 12.2(2)XA. Today, I switched over to 2 2500s that are running 12.0(16) and the lab works just fine. Seems as though I have stumbled across an IOS bug. If I had to guess, it must be in relation to the "non-exist-map" statement. Maybe I'll open a case with TAC. I went on to complete several other Chapter 8 labs yesterday on those 2600s, so the code isn't all bad when utilized for BGP. Someone mentioned that you can check and see which code is currently being used for the lab. I'll have to search CCO. With any luck I'll finish my BGP studies by this weekend. I subject down, and about a million to go. :) Chris -Original Message- From: Kane, Christopher A. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 26, 2001 3:54 PM To: [EMAIL PROTECTED] Subject: Parkhurst Ch. 8 first lab not working [7:30115] All/Chuck Wrapping up my BGP studies and using Parkhurst's BGP book to lab some stuff. The first lab in Chapter 8 (advertise-map) is not working for me. The routes advertise fine until I get to the step of shutting int loopback 0. rtrA retains the secondary route but rtrB is not receiving that route. All of my results follow the examples until this point. I've tried the lab several times and my configs are correct. If anyone has had any luck with this lab or if you could throw it together real quick, I'd appreciate it. It only requires 2 routers and a fairly simple config. My sanity may be at stake. t?t Thanks Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30186&t=30115 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Parkhurst Ch. 8 first lab not working [7:30115]
All/Chuck Wrapping up my BGP studies and using Parkhurst's BGP book to lab some stuff. The first lab in Chapter 8 (advertise-map) is not working for me. The routes advertise fine until I get to the step of shutting int loopback 0. rtrA retains the secondary route but rtrB is not receiving that route. All of my results follow the examples until this point. I've tried the lab several times and my configs are correct. If anyone has had any luck with this lab or if you could throw it together real quick, I'd appreciate it. It only requires 2 routers and a fairly simple config. My sanity may be at stake. t?t Thanks Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30115&t=30115 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Data [7:30074]
Please is need i help in relation to above subject. Is there any other way that i can transfer data from one pc to another,without using Dial up modem? My company is in the business of data transering & am looking into this issue. Kind regards, Mike. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30074&t=30074 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Multihoming load balancing BGP [7:30011]
If I may suggestPlease pay particularly close attention to how you address the devices that you intend to advertise. I often have customers who purchase 2 T1s and want to acquire equal loads on both. The mistake is when they advertise a www server that takes all of the traffic. Based on source/destination cache, all traffic for that server comes across one link. As Howard suggested, please take the time to draw this out. If you truly want load sharing, redundancy, telco diversity, ISP/NSP diversity and ISP/NSP POP diversity. It really is not as simple as buying multiple WAN circuits. You can get as granular as making a request to get the telco DLRs in an attempt to reduce possible single points of failure. Chris -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] Sent: Monday, December 24, 2001 10:30 AM To: [EMAIL PROTECTED] Subject: Re: Multihoming load balancing BGP [7:30011] >Any ideas to load balance when multihoming ? > >Best Regards, >Mohamed Saro > > The first thing is defining exactly what you mean by load balancing and multihoming, the expected return, and the investment you are willing to make. These are complex topics: see http://www.ietf.org/draft-ietf-berkowitz-multireq-02.txt Some things you will need to know, assuming you are talking about Internet connectivity, is how many external destinations will you have? How many routable prefixes will you advertise? Do you need to load share based on address or on traffic type? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30026&t=30011 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RRs and Confeds as they relate to IE studies [7:29968]
I've read Doyle Vol II. Now I'm reading Caslow. I've flipped through Halabi's book. He actually has a statement regarding RR vs. Confed. According to Halabi, "Cisco recommends RRs to solve the full-mesh IBGP issue." It would seem that RRs are easier to implement if you take into account that only the RRs need to have their configuration altered. The Clients of the RRs take the neighbor statement as nothing more than an IBGP peer. One of the responders recommended Parkhurst's book. Yes I have it. But haven't gotten to it yet. Since it's all config examples I am saving it for a wrap up of my BGP studies. Could we make a list of pros/cons to each? Or what solution each implementation offers? RR = possibly less config, only RR is altered (in the neighbor statement) RR = continues to offer loop prevention with use of Cluster_List and Cluster_ID RR = solves the need to have full-mesh IBGP RR = Question, are RR solutions easy to troubleshoot/maintain? Confeds = offers chance to create a backbone of backbones Confeds = use of Private ASs Confeds = allows implementation of an IGP between confeds for further policy implementation Confeds = adds complexity when considering route announcements and behavior of EBGP as an IBGP Confeds = Question, are Confed solutions easy to troubleshoot/maintain? Any other thoughts? Chris -Original Message- From: Gregg Malcolm [mailto:[EMAIL PROTECTED]] Sent: Sunday, December 23, 2001 2:19 PM To: [EMAIL PROTECTED] Subject: Re: RRs and Confeds as they relate to IE studies [7:29968] Good question. I don't claim to be an expert on BGP and will not comment on the advantages and disadvantages of RR/Confeds in large/small environments. I've only config'ed BGP once in a prod net. Seems to me tho that there is an important distinction between the two as they might pertain to the lab test. Both allow the use of weight and local preference (IBGP). Confeds allow the use of MED since the connections between the confeds is EBGP. You could also config multiple RR's (clusters) to allow the use of the MED between the clusters but to me, confeds are easier. I'm sure that there are other reasons to use one or the other as they relate to the lab, but I haven't run into it yet. Maybe I'm wrong, but this is my take on RR's/confeds. Would love to hear comments to enlighten me. ""Kane, Christopher A."" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I'm currently tearing apart BGP as part of my IE studies. It's not too bad > since I come from a Network Service Provider background. But, I have run > into a conflict in regards to RRs vs. Confeds. I probably don't need to > straighten this out for the Written but when it comes to the lab I'd like to > know which route to go down. I have no idea how the lab poses it's topology > but if given the requirement to configure a simulated "large" network and > then having to choose whether to implement RRs or Confeds I wonder which one > Cisco prefers. I'm assuming that as part of the lab, the idea is to create > solutions that work and in doing so, solutions that are as simple as > possible and as short as possible. > > I'd like to hear comments about the pros and cons of each option in regards > to how Cisco might prefer to see implementation. Meanwhile, I'm going to > review all available case studies on CCO. > > Thanks, > Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30022&t=29968 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RRs and Confeds as they relate to IE studies [7:29968]
I'm currently tearing apart BGP as part of my IE studies. It's not too bad since I come from a Network Service Provider background. But, I have run into a conflict in regards to RRs vs. Confeds. I probably don't need to straighten this out for the Written but when it comes to the lab I'd like to know which route to go down. I have no idea how the lab poses it's topology but if given the requirement to configure a simulated "large" network and then having to choose whether to implement RRs or Confeds I wonder which one Cisco prefers. I'm assuming that as part of the lab, the idea is to create solutions that work and in doing so, solutions that are as simple as possible and as short as possible. I'd like to hear comments about the pros and cons of each option in regards to how Cisco might prefer to see implementation. Meanwhile, I'm going to review all available case studies on CCO. Thanks, Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29968&t=29968 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IOS firewall, NAT and smtp [7:29794]
I mean the gateway on your PC if you are on the 12.x.x.x network when trying. it. ""Steven A. Ridder"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > FYI, > > I plugged that exact config you sent into a 2621 with 12.2.6 IOS and it > worked fine. I could telnet into an Exchange 2000 server via 25 and 110 on > the same LAN , and on the external lan usine the natted external IP addres. > It worked in both instances with 25 and 110 with CBAC on and with the access > list on. So I don't think it's the config or the router. I still can't > imagine you getting into 110 and not 25 anyways. I can imaging not sending > mail with cbac on cause of the ESMTP commands on. > > I'd look at the gateway in the server or something. It was .2 on the > router. > > > ""Kent Hundley"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Ray, > > > > A few more ideas: > > > > 1) Can the SMTP server resolve the name of the external machine? Some > apps > > like to do a reverse lookup on the IP addresses that connect to them and > may > > fail if they cannot. If your not sure if it can resolve the name, try > > adding the connecting machines IP address to the /etc/hosts file of your > > mail server. (It's under winnt/system32/drivers on Windows) > > > > 2) Try completely removing all CBAC (if you haven't already) and create a > > permit access-list like this: > > > > access-list 103 permit tcp any eq 25 log > > access-list 103 permit tcp any eq 110 > > access-list 103 permit udp any log > > access-list 103 permit tcp any log > > access-list 103 permit icmp any log > > access-list 103 permit ip any any > > > > And see what your log files look like. (you probably want to do this > > sometime when your router isn't moving a lot of traffic as there could be > a > > lot of logging info) You may also want to put an acl on your fe 0/0 > > interface like this: > > > > access-list 104 permit tcp any log > > access-list 104 permit udp any log > > access-list 104 permit icmp any log > > access-list 104 permit ip any any > > > > This will give you a good idea of what's happening at the packet level. > > > > If it _still_ doesn't work, I would definitely consider replacing the > > router. > > > > HTH, > > Kent > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > Sent: Friday, December 21, 2001 8:20 AM > > To: [EMAIL PROTECTED] > > Subject: Re: IOS firewall, NAT and smtp [7:29794] > > > > > > Steven A. Ridder wrote: > > > > >Try removing the access lists next. I can't see how POP get's in and > smtp > > >dosen't, especially with CBAC off now. > > > > > I removed all access control from the interface and I still get the same > > problem. > > I'm going to test it on another router then I'm going after cisco with > > this one. > > Thanks for your help > > > > > > > > > > >""MADMAN"" wrote in message > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > >>Ray Brehm wrote: > > >> > > >>>MADMAN wrote: > > >>> > > >>>>Yes I have run into problems defining http also. The bottom line is I > > >>>>now only "inspect" TCP, UDP and FTP. These cover all the others > > >>>> > > >without > > > > > >>>>breaking them!!! > > >>>> > > >>>thanks for the heads up > > >>>I just updated IOS to v12.2.6a (I know I'm crazy but I might want > > >>>cisco's support) > > >>>what version of IOS have these problems? > > >>> > > >> I know it wasn't in 12.2!! As i said before, I don't think it's doing > > >>anything cept eating up NVRAM when you add, for example, inspect http > > >>when tcp covers http. > > >> > > >> Dave > > >> > > >>>> Dave > > >>>> > > >>>>"Steven A. Ridder" wrote: > > >>>> > > >>>>>The CBAC dosen't understand ESMTP commands I think. Don't watch smtp > > >>>>> > > >on > > > > > >>>>>CBAC. I ran into that problem before. > > >>>>> &
Re: IOS firewall, NAT and smtp [7:29794]
FYI, I plugged that exact config you sent into a 2621 with 12.2.6 IOS and it worked fine. I could telnet into an Exchange 2000 server via 25 and 110 on the same LAN , and on the external lan usine the natted external IP addres. It worked in both instances with 25 and 110 with CBAC on and with the access list on. So I don't think it's the config or the router. I still can't imagine you getting into 110 and not 25 anyways. I can imaging not sending mail with cbac on cause of the ESMTP commands on. I'd look at the gateway in the server or something. It was .2 on the router. ""Kent Hundley"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Ray, > > A few more ideas: > > 1) Can the SMTP server resolve the name of the external machine? Some apps > like to do a reverse lookup on the IP addresses that connect to them and may > fail if they cannot. If your not sure if it can resolve the name, try > adding the connecting machines IP address to the /etc/hosts file of your > mail server. (It's under winnt/system32/drivers on Windows) > > 2) Try completely removing all CBAC (if you haven't already) and create a > permit access-list like this: > > access-list 103 permit tcp any eq 25 log > access-list 103 permit tcp any eq 110 > access-list 103 permit udp any log > access-list 103 permit tcp any log > access-list 103 permit icmp any log > access-list 103 permit ip any any > > And see what your log files look like. (you probably want to do this > sometime when your router isn't moving a lot of traffic as there could be a > lot of logging info) You may also want to put an acl on your fe 0/0 > interface like this: > > access-list 104 permit tcp any log > access-list 104 permit udp any log > access-list 104 permit icmp any log > access-list 104 permit ip any any > > This will give you a good idea of what's happening at the packet level. > > If it _still_ doesn't work, I would definitely consider replacing the > router. > > HTH, > Kent > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 21, 2001 8:20 AM > To: [EMAIL PROTECTED] > Subject: Re: IOS firewall, NAT and smtp [7:29794] > > > Steven A. Ridder wrote: > > >Try removing the access lists next. I can't see how POP get's in and smtp > >dosen't, especially with CBAC off now. > > > I removed all access control from the interface and I still get the same > problem. > I'm going to test it on another router then I'm going after cisco with > this one. > Thanks for your help > > > > > > >""MADMAN"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > >>Ray Brehm wrote: > >> > >>>MADMAN wrote: > >>> > >>>>Yes I have run into problems defining http also. The bottom line is I > >>>>now only "inspect" TCP, UDP and FTP. These cover all the others > >>>> > >without > > > >>>>breaking them!!! > >>>> > >>>thanks for the heads up > >>>I just updated IOS to v12.2.6a (I know I'm crazy but I might want > >>>cisco's support) > >>>what version of IOS have these problems? > >>> > >> I know it wasn't in 12.2!! As i said before, I don't think it's doing > >>anything cept eating up NVRAM when you add, for example, inspect http > >>when tcp covers http. > >> > >> Dave > >> > >>>> Dave > >>>> > >>>>"Steven A. Ridder" wrote: > >>>> > >>>>>The CBAC dosen't understand ESMTP commands I think. Don't watch smtp > >>>>> > >on > > > >>>>>CBAC. I ran into that problem before. > >>>>> > >>>>>""Ray Brehm"" wrote in message > >>>>>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > >>>>> > >>>>>>I have a 2621 with IOS IP/FW that I'm unable to connect through to > >>>>>> > >the > > > >>>>>>inside SMTP server. I can connect to that same server using POP3 with > >>>>>> > >no > > > >>>>>>errors. The inside device is a static NAT. The port appears open when > >>>>>> > >I > > > >>>>>>port scan the IP address but I get TCP errors when trying to send > >>>>>&g
Re: IOS firewall, NAT and smtp [7:29794]
Try removing the access lists next. I can't see how POP get's in and smtp dosen't, especially with CBAC off now. ""MADMAN"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Ray Brehm wrote: > > > > MADMAN wrote: > > > > >Yes I have run into problems defining http also. The bottom line is I > > >now only "inspect" TCP, UDP and FTP. These cover all the others without > > >breaking them!!! > > > > > thanks for the heads up > > I just updated IOS to v12.2.6a (I know I'm crazy but I might want > > cisco's support) > > what version of IOS have these problems? > > I know it wasn't in 12.2!! As i said before, I don't think it's doing > anything cept eating up NVRAM when you add, for example, inspect http > when tcp covers http. > > Dave > > > > > > > > Dave > > > > > >"Steven A. Ridder" wrote: > > > > > >>The CBAC dosen't understand ESMTP commands I think. Don't watch smtp on > > >>CBAC. I ran into that problem before. > > >> > > >>""Ray Brehm"" wrote in message > > >>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > >> > > >>>I have a 2621 with IOS IP/FW that I'm unable to connect through to the > > >>>inside SMTP server. I can connect to that same server using POP3 with no > > >>>errors. The inside device is a static NAT. The port appears open when I > > >>>port scan the IP address but I get TCP errors when trying to send mail. > > >>> > > >>>Any ideas? Did I miss something stupid? > > >>>Is the fact that I have multiple "nat inside" interfaces relevant is > > >>>this situation? (I've never known it to make a difference) > > >>> > > >>>Relevant config: > > >>> > > >>>ip inspect name firewall http > > >>>ip inspect name firewall ftp > > >>>ip inspect name firewall netshow > > >>>ip inspect name firewall realaudio > > >>>ip inspect name firewall rtsp > > >>>ip inspect name firewall smtp > > >>>ip inspect name firewall tcp > > >>>ip inspect name firewall udp > > >>> > > >>>interface FastEthernet0/0 > > >>> ip address 10.1.0.1 255.255.255.0 > > >>> ip nat inside > > >>> speed 10 > > >>> full-duplex > > >>> ntp broadcast > > >>> bridge-group 1 > > >>>! > > >>>interface Serial0/0 > > >>> ip address 10.1.12.1 255.255.255.0 > > >>> ip nat inside > > >>> bridge-group 1 > > >>>! > > >>>interface FastEthernet0/1 > > >>> ip address 12.42.189.2 255.255.255.240 > > >>> ip access-group 103 in > > >>> ip nat outside > > >>> ip inspect firewall out > > >>> duplex auto > > >>> speed auto > > >>>! > > >>>interface Serial0/1 > > >>> ip address 10.1.13.1 255.255.255.0 > > >>> ip nat inside > > >>> bridge-group 1 > > >>>! > > >>>router eigrp 100 > > >>> redistribute static metric 384 255 255 1 1500 > > >>> network 10.0.0.0 > > >>> auto-summary > > >>> no eigrp log-neighbor-changes > > >>>! > > >>>ip nat inside source list 18 interface FastEthernet0/1 overload > > >>>ip nat inside source static 10.1.0.4 12.42.189.4 > > >>>ip classless > > >>>ip route 0.0.0.0 0.0.0.0 12.42.189.1 > > >>>! > > >>>logging history debugging > > >>>logging 10.1.0.3 > > >>>access-list 18 permit 10.1.0.0 0.0.255.255 > > >>>access-list 101 permit tcp any any ack > > >>>access-list 101 permit udp any any > > >>>access-list 101 permit icmp any any > > >>>access-list 103 permit tcp any host 12.42.189.4 eq smtp > > >>>access-list 103 permit tcp any host 12.42.189.4 eq pop3 > > >>>bridge 1 protocol ieee > -- > David Madland > Sr. Network Engineer > CCIE# 2016 > Qwest Communications Int. Inc. > [EMAIL PROTECTED] > 612-664-3367 > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29847&t=29794 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IOS firewall, NAT and smtp [7:29794]
For furture reference, once you enable CBAC on an interface, it MONITORS traffic in both directions. As for the SMTP thing, you remove ip inspect from the interface, and you can telnet into the server at port 25? Do I have that right? You SURE you removed it? Cause if you can get in via 25 via telnet, you're in. Only CBAC would block it if you tried to login into the server, or some other ESMTP command, and that's only if it was on. You sure the server isn't bad? ""Ray Brehm"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Steven A. Ridder wrote: > > >The CBAC dosen't understand ESMTP commands I think. Don't watch smtp on > >CBAC. I ran into that problem before. > > > I'm not actually doing CBAC on the inbound traffic, I'm just letting it > through with the access list. At any rate, I removed the IP inspect > command from the interface and I still have the same problem. TCP to the > POP port works fine, TCP to the SMTP port doesn't respond. I can telnet > to port 25 locally, get the server response and type a command, I get no > response telnetting to port 25 through the firewall. > > > > > > >""Ray Brehm"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > >>I have a 2621 with IOS IP/FW that I'm unable to connect through to the > >>inside SMTP server. I can connect to that same server using POP3 with no > >>errors. The inside device is a static NAT. The port appears open when I > >>port scan the IP address but I get TCP errors when trying to send mail. > >> > >>Any ideas? Did I miss something stupid? > >>Is the fact that I have multiple "nat inside" interfaces relevant is > >>this situation? (I've never known it to make a difference) > >> > >>Relevant config: > >> > >>ip inspect name firewall http > >>ip inspect name firewall ftp > >>ip inspect name firewall netshow > >>ip inspect name firewall realaudio > >>ip inspect name firewall rtsp > >>ip inspect name firewall smtp > >>ip inspect name firewall tcp > >>ip inspect name firewall udp > >> > >>interface FastEthernet0/0 > >> ip address 10.1.0.1 255.255.255.0 > >> ip nat inside > >> speed 10 > >> full-duplex > >> ntp broadcast > >> bridge-group 1 > >>! > >>interface Serial0/0 > >> ip address 10.1.12.1 255.255.255.0 > >> ip nat inside > >> bridge-group 1 > >>! > >>interface FastEthernet0/1 > >> ip address 12.42.189.2 255.255.255.240 > >> ip access-group 103 in > >> ip nat outside > >> ip inspect firewall out > >> duplex auto > >> speed auto > >>! > >>interface Serial0/1 > >> ip address 10.1.13.1 255.255.255.0 > >> ip nat inside > >> bridge-group 1 > >>! > >>router eigrp 100 > >> redistribute static metric 384 255 255 1 1500 > >> network 10.0.0.0 > >> auto-summary > >> no eigrp log-neighbor-changes > >>! > >>ip nat inside source list 18 interface FastEthernet0/1 overload > >>ip nat inside source static 10.1.0.4 12.42.189.4 > >>ip classless > >>ip route 0.0.0.0 0.0.0.0 12.42.189.1 > >>! > >>logging history debugging > >>logging 10.1.0.3 > >>access-list 18 permit 10.1.0.0 0.0.255.255 > >>access-list 101 permit tcp any any ack > >>access-list 101 permit udp any any > >>access-list 101 permit icmp any any > >>access-list 103 permit tcp any host 12.42.189.4 eq smtp > >>access-list 103 permit tcp any host 12.42.189.4 eq pop3 > >>bridge 1 protocol ieee Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29820&t=29794 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Latest Hackers Target: Routers [7:29810]
The routing protocol info should be passed over a separate network like ss7 is. It would aslo prevent bgp flapping also when links are so flooded even hello's can't get through. ""Eric Rogers"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Paste into your browser: > > dailynews.yahoo.com/h/cmp/20011217/tc/inw20011217s0004_1.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29813&t=29810 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Voice question Prefix [7:29681]
The prefix command is just a command that adds that number to the digits the router will pass. When you dial 9 right now, the router has no match for that number and imediatley gives you that busy signal. When you dial 8, it shouldn't give you a busy signal until the interdigit timeout comes into play, i believe 2 seconds. I can't understand why you want the router to pause before you dial the rest of the number. What are you trying to do exactly? ""David Broughton"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > All, I need a little assistance. Can anyone provide some input on what > I am doing wrong. > > I am trying to do a simple lab where you have to dial "9" or "8" > then you hear a pause and you then are able to dial the other > phone hanging off my VIC FXS card. > > The problem I am having is that everytime I dial 9 or 8 via my > analog phone I get a fast busy. When I dial the # programmed on > the port, the call goes thru fine. I put in my config the prefix 9, > statement and the call still does not work.Can anyone > advise what I might be doing wrong. Below is the statement > > All I am trying to do is call between phones hanging off the > same router except dial a prefix before dialing the > correct #. It is sort of like being a work and you have to > dial a 9 or 8 to reach a outside line. > > > > dial-peer voice 1 pots > destination-pattern 8516426 > port 1/0/0 > prefix 9, > ! > dial-peer voice 2 pots > destination-pattern +6775329 > port 1/0/1 > prefix 8, > > > I have a Cisco 2610 router. IOS is 12.2. Ram 48 flash 16. > > 2610 with 48 ram 16 meg flash > NM 1V 1 FXS > > Any suggestions ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29800&t=29681 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IOS firewall, NAT and smtp [7:29794]
The CBAC dosen't understand ESMTP commands I think. Don't watch smtp on CBAC. I ran into that problem before. ""Ray Brehm"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have a 2621 with IOS IP/FW that I'm unable to connect through to the > inside SMTP server. I can connect to that same server using POP3 with no > errors. The inside device is a static NAT. The port appears open when I > port scan the IP address but I get TCP errors when trying to send mail. > > Any ideas? Did I miss something stupid? > Is the fact that I have multiple "nat inside" interfaces relevant is > this situation? (I've never known it to make a difference) > > Relevant config: > > ip inspect name firewall http > ip inspect name firewall ftp > ip inspect name firewall netshow > ip inspect name firewall realaudio > ip inspect name firewall rtsp > ip inspect name firewall smtp > ip inspect name firewall tcp > ip inspect name firewall udp > > interface FastEthernet0/0 > ip address 10.1.0.1 255.255.255.0 > ip nat inside > speed 10 > full-duplex > ntp broadcast > bridge-group 1 > ! > interface Serial0/0 > ip address 10.1.12.1 255.255.255.0 > ip nat inside > bridge-group 1 > ! > interface FastEthernet0/1 > ip address 12.42.189.2 255.255.255.240 > ip access-group 103 in > ip nat outside > ip inspect firewall out > duplex auto > speed auto > ! > interface Serial0/1 > ip address 10.1.13.1 255.255.255.0 > ip nat inside > bridge-group 1 > ! > router eigrp 100 > redistribute static metric 384 255 255 1 1500 > network 10.0.0.0 > auto-summary > no eigrp log-neighbor-changes > ! > ip nat inside source list 18 interface FastEthernet0/1 overload > ip nat inside source static 10.1.0.4 12.42.189.4 > ip classless > ip route 0.0.0.0 0.0.0.0 12.42.189.1 > ! > logging history debugging > logging 10.1.0.3 > access-list 18 permit 10.1.0.0 0.0.255.255 > access-list 101 permit tcp any any ack > access-list 101 permit udp any any > access-list 101 permit icmp any any > access-list 103 permit tcp any host 12.42.189.4 eq smtp > access-list 103 permit tcp any host 12.42.189.4 eq pop3 > bridge 1 protocol ieee Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29797&t=29794 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NTP Question [7:29770]
According to RFC 1305, NTP uses UDP. Chris -Original Message- From: Mcfadden, Chuck [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 20, 2001 10:44 AM To: [EMAIL PROTECTED] Subject: NTP Question [7:29770] A friend of mine was doing a PIX installation on the edge of a W2K environment. He was trying to allow NTP through the PIX but it would not go. He found that, since he was using an inbound ACL, the packet would eventually reach the explicit deny. According to his research, he had to allow port 123 (NTP) in his ACL in able to allow it through the firewall, even though it was established. The question that has since been unanswered: Does NTP use UDP or TCP or both? Any ideas? ccie1ab (chuck) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29774&t=29770 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame-relay [7:29747]
connection-less at the layer 2 level (frame relay). Higher levels will take care of retrans. ""Chuck Larrieu"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > a PVC is connection oriented - by definition - otherwise the virtual circuit > won't stay up. > > data flow, OTOH, is connectionless - packet delivery is "best effort" > > Clear as mud? > > Chuck > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Caio Misticone > Sent: Wednesday, December 19, 2001 9:51 PM > To: [EMAIL PROTECTED] > Subject: Frame-relay [7:29747] > > > Hello Group! > I'm still studying to get my CCNA certification, and i have some doubts > related to frame-relay protocol. > Is it connection-oriented or connectionless? > I know it's is a stupid question, however, i found two answers on the net. > > "CONNECTIONLESS, Packet-Based Protocol" > http://www.gdc.com/corporate_news/connects04/techfocus/framebasics.html > > and > > "Frame Relay provides CONNECTION-ORIENTED data link layer communication" > http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/frame.htm > > So... what is the right one? > > Thanks, > > Caio Misticone Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29760&t=29747 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISP and OSPF [7:29686]
No reason in particular. Just thought it was more taxing than OSPF. ""Howard C. Berkowitz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > >I need an internet gateway router (via DSL connected to a Flowpoint) which > >currently has a static route to the ISP to know when the netowrk goes down > >and not just that flowpoint's local ethernet interface. I need the gateway > >router to dial up via isdn using dialer-watch. I'd rathernot use BGP on > >this router, and was wondering if it's even common practice to use OSPF to > >the ISP. They might say no. > > What is your objection to running BGP? If BGP is only receiving the > default and advertising your prefixes, the resource requirements are > trivial. > > > > >Would creating a NSSA work? Even a totally stub area might work? > > > >Once Cisco releases DHRP, I'll be all set. > > > > > > > > > >""John Neiberger"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > >> Could you solve the same problem by creating a static default route on > >> the ASBR and then redistributing that as an N1 or N2 route? That seems > >> to do what you want without requiring that OSPF be running between the > >> ASBR and the ISP. > >> > >> This wouldn't be dynamic, which may be what you're trying to > >> accomplish. If so, it seems that it would be more likely that they > >> could set up a BGP session with you using a private ASN and then they > >> could dynamically inject a default into your ASBR. > >> > >> Would that work in your situation? > >> > >> Regards, > >> John > >> > >> >>> "Steven A. Ridder" 12/19/01 1:31:28 PM >>> > >> Is it feasable to have an ISP set up an OSPF routing area with it's > >> customer, and have them inject a single external route into the area, > >> where > >> one can distribute it as a default route? If I create a NSSA, and they > >> give > >> us a route to them, is that OK? Any downfalls? > >> > >> Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29702&t=29686 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISP and OSPF [7:29686]
I need an internet gateway router (via DSL connected to a Flowpoint) which currently has a static route to the ISP to know when the netowrk goes down and not just that flowpoint's local ethernet interface. I need the gateway router to dial up via isdn using dialer-watch. I'd rathernot use BGP on this router, and was wondering if it's even common practice to use OSPF to the ISP. They might say no. Would creating a NSSA work? Even a totally stub area might work? Once Cisco releases DHRP, I'll be all set. ""John Neiberger"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Could you solve the same problem by creating a static default route on > the ASBR and then redistributing that as an N1 or N2 route? That seems > to do what you want without requiring that OSPF be running between the > ASBR and the ISP. > > This wouldn't be dynamic, which may be what you're trying to > accomplish. If so, it seems that it would be more likely that they > could set up a BGP session with you using a private ASN and then they > could dynamically inject a default into your ASBR. > > Would that work in your situation? > > Regards, > John > > >>> "Steven A. Ridder" 12/19/01 1:31:28 PM >>> > Is it feasable to have an ISP set up an OSPF routing area with it's > customer, and have them inject a single external route into the area, > where > one can distribute it as a default route? If I create a NSSA, and they > give > us a route to them, is that OK? Any downfalls? > > Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29691&t=29686 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISP and OSPF [7:29686]
Is it feasable to have an ISP set up an OSPF routing area with it's customer, and have them inject a single external route into the area, where one can distribute it as a default route? If I create a NSSA, and they give us a route to them, is that OK? Any downfalls? Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29686&t=29686 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fame Relay FECN BECN [7:29675]
When you burst, you get DE's. It's not a problem. FECN and BECN are status messages from frame switch telling router to slow down (you can ignore them if you want). DE's are just tags on the packet that tell the frame switches that if it has to drop any packets due to congestion, drop you DE packets first. They may or may not have been dropped, but they are the first to be eligible. They will *try* and not drop your regular packets under your CIR cause that's what they promised you under good conditions. They also promised other customers on that network a certain speed too. So if there is only 356k of total speed (this is theory of cource) in your providers network, and you both have CIR's of 128k and Be of 256k and other customers have cir's of 128k and Be of 256k, obviously you all can't all burst at 256k if there is only 384k to go around. So the frame proveder would let all of your 128k traffic through and the bursted 128k would have been tagged with DE's, and if there was no bandwidth left, your DE's get dropped. Steve ""DAGENHARDT Frank"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Group, > > I thought I had FECN and BECN down in regards to frame relay setup. Recently > I have come across some router output that doesn't make sence to me. > I don't understand why I have DE pkts when I don't have and FECN or BECN > errors. Or for that matter how I can have so many DE pks and no of them were > dropped. I was thinking of implementing traffic shaping, but I don't know if > that will help if I am not receiving any BECN errors. On top of that I > understand that when your CIR is reached packets get marked DE but at what > point do they actually get dropped. Can someone try to make a little sence > out of this for me? > > DLCI = 131, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = > Serial0/1.131 > > input pkts 29103083 output pkts 23370364 in bytes 3538537810 > out bytes 941866396 dropped pkts 13 in FECN pkts 0 > in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 > in DE pkts 1154469 out DE pkts 0 > out bcast pkts 1379364out bcast bytes 110300947 > pvc create time 10w2d, last time pvc status changed 3w2d > > Thank you, > Frank Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29683&t=29675 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
