Re: Question in ABR [7:72624]
RFC2328 defines this router to be an ABR. However, there are some issues with this approach. RFC 3509 defines an alternative behavior for ABRs. In summary, when the router connects to multiple areas but not to area 0, the router should not operate as an ABR but instead should operate as if it was internal to all connected areas. Rajesh Kumar wrote: Hello all, If a router has its interfaces in Area 1 and Area 2 and no Area 0, is it still considered to be an ABR OR strictly, one of the interfaces has to be in Area 0 to be an ABR? Thanks, Rajesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72629t=72624 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP route to Null0? [7:66755]
Not sure what engine line cards you're running on your GSRs, but I've run into several a problems with ACLs on the GSR platform. It's not until you get to the E3 ISE or better LC where ACLs are handled reasonably. Three problems from memory: * E0 line cards run the ACLs off the LC CPU and not ASICs. Thus you need to monitor the LC CPU to make sure you're ACL processing isn't impacting forwarding performance. * E2 3xGE trident LC. At the IOS rev we had, the LC could only do ACLs in one direction on the LC (I think inbound). If you wanted to do an outbound ACL, the ACL was actually copied and executed on all other LCs.This of course caused problems (bug) on another LC. * Pre E3 LC, pick one: ACLs or netflow. I'd avoid ACLs if you can null route it. Karsten wrote: I'll clarify. On lower end cisco routers not running bgp, yes, it will save you some cpu cycles. But most of the routers I'm working on a day to day basis(12Ks, 10Ks, 7200s) are running full table and hardly get slowed by by acls. Not to mention the problems a null route (for the purpose of bit-bucketing) can do when your're using null routes for bgp. -Karsten On Thursday 03 April 2003 10:53 am, MADMAN wrote: Sloppy!? why?? Dave Karsten wrote: Either a sloppy way to drop traffic for a /24, or bgp summarization using null routing. -Karsten On Thursday 03 April 2003 07:40 am, Anil Gupte wrote: I am trying to understand some IP route commands on our router. Several of them go to Null0 - what does that mean? For example, I have ip route xxx.xxx.xxx.0 255.255.255.0 Null0 200 What is this doing? I need to add another block of class Cs from the same provider. Do I need a similar statement to the above? Thanx for your help. Anil Gupte Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66832t=66755 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP route to Null0? [7:66755]
Not sure what engine line cards you're running on your GSRs, but I've run into several a problems with ACLs on the GSR platform. It's not until you get to the E3 ISE or better LC where ACLs are handled reasonably. Three problems from memory: * E0 line cards run the ACLs off the LC CPU and not ASICs. Thus you need to monitor the LC CPU to make sure you're ACL processing isn't impacting forwarding performance. * E2 3xGE trident LC. At the IOS rev we had, the LC could only do ACLs in one direction on the LC (I think inbound). If you wanted to do an outbound ACL, the ACL was actually copied and executed on all other LCs.This of course caused problems (bug) on another LC. * Pre E3 LC, pick one: ACLs or netflow. I'd avoid ACLs if you can null route it. Karsten wrote: I'll clarify. On lower end cisco routers not running bgp, yes, it will save you some cpu cycles. But most of the routers I'm working on a day to day basis(12Ks, 10Ks, 7200s) are running full table and hardly get slowed by by acls. Not to mention the problems a null route (for the purpose of bit-bucketing) can do when your're using null routes for bgp. -Karsten On Thursday 03 April 2003 10:53 am, MADMAN wrote: Sloppy!? why?? Dave Karsten wrote: Either a sloppy way to drop traffic for a /24, or bgp summarization using null routing. -Karsten On Thursday 03 April 2003 07:40 am, Anil Gupte wrote: I am trying to understand some IP route commands on our router. Several of them go to Null0 - what does that mean? For example, I have ip route xxx.xxx.xxx.0 255.255.255.0 Null0 200 What is this doing? I need to add another block of class Cs from the same provider. Do I need a similar statement to the above? Thanx for your help. Anil Gupte Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66846t=66755 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP update-source Loopback0 [7:65902]
Not necessarily. Recall that with eBGP sessions it is typical to peer with the physical address. There are times when you want to use the lo0 for eBGP (two parallel links, etc.) but you'll need to specify both ebgp_multihop and define a route to the peer's loopback. Priscilla Oppenheimer wrote: What's with the update-source Loopback0 that you see popping up in BGP examples in books and white papers with no explanation? :-) What does it mean? For example router bgp 75 neighbor 10.100.65.1 remote-as 50 neighbor 10.100.65.1 update-source Loopback0 The example I'm looking at is much more complicated and I can tell you more if you need me to, but I don't know if the rest of the stuff is relevant to my question about this update-source parameter. Wouldn't the router use the Loopback anyway for sending BGP messages? Thanks Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65984t=65902 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: eBGP Multi-hop [7:65823]
I'll guess and say this is an accident prevention mechanism. Suppose you have two egress points and each advertises a default. If the link from one of these egress devices to its peer fails, might the eBGP session remain up, but follow the default through the other egress location? You wouldn't want this eBGP session to stay up, but it might if you allow eBGP to follow a default. Jim Devane wrote: hello all, (Re-post...not sure if original msg made it our not) playing around again and have a question. eBGP multi-hop cannot come up if the peer is known through a default route. Is there a reason why? I mean, what is the point of a static route that causes a recursive lookup or a static route that simply points to the same next hop as a default route? For that matter, I can't see it being a matter of proximity either. If convergence time were not an issue, what is really wrong with having a 10 hop or even 50 hop BGP session? (I know it is unlikely and there are cetainly better ways to handle it (GRE or IPSec tunnel)) but for the sake of argument... Just curious, not able to find much on WHY it is like this... thanks, Jim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65849t=65823 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE written exercise question [7:63247]
weight is not an attribute carried in BGP. It's a cisco specific mechanism that is local to a router, and when configured, may impact the BGP path selection on that router. lee wooi keat wrote: All, I'm preparing CCIE written exam and encounter some tricky questions in exercise. Would like to ask for help for those who can solve it: 1) Which one is NOT Well-known attribute for BGP ? - local preference - origin - weight - community - cluster-id You can only choose one out of 5. _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63256t=63247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE and Packet (the cut'n'paste from hell!) [7:62998]
Scanning the exam topics, specifically the second to last bullet item: Optical Networking Designs Describe the scalability issues of using OSPF and IS-IS as interior gateway protocols in a service provider network and list solutions for each What do IGPs have to do with optical network designs? John Neiberger wrote: Scott Morris wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Ok, so we'll try avoiding the first line of the message. Bottom line, check out Packet. Good magazine, useful articles, but thought this may be of interest... Just the e-mail engine doesn't like the link! http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_ exams/641-661.html Excellent! That is very interesting, and I'm glad they're taking this approach. BGP is a topic that deserves a test of its own. John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63028t=62998 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
address utilization for SWIP'd space (was BGP question) [7:62958]
Sort of related question. When you SWIP the /24 to your customer, who is responsible for the address utilization? Said differently, can you get more addresses if you show that your /19 minus the customer /24 has the right level of utilization? Or, must the overall /19, including the customer's /24, meet the utilization requirements before you can get more addresses? Didn't know how this worked. Thanks Jim Devane wrote: Hi all, I am looking for some guidelines and I cannot find any relevant examples. I have a situation where I have SWIP'd a /24 of my address block to a customer downstream. They have their own AS and are multi-homed. My concern/question is: the /24 will originate from their AS and not mine. Is there any special concerns I will need to take into accoutn for BGP advertisements to my upstream providers? That is, I will peer with him and allow his AS to originate the router and allow ^$ from him, but I am concerned that this will mess up my advertisements of a /19. (the /24 I gave him is out of my larger. Can I no longer advertise that? Are my concerns founded at all? Any advice? thanks, Jim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62958t=62958 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: route reflector question [7:61900]
Got a chance to test this. The RR will reflect the best path based on it's own local view of the world. Thus, if everything is equal for a collection of advertisements to X, the RR will compute it's IGP cost to each next-hop, and select the next-hop that it is closest to. This path is then reflected to all clients. While I didn't confirm this with two RRs, it seems that it might make sense for the RRs to be at different parts of the network so that each might generate different best paths which are then reflected to the clients. Clients then can select between those two paths as to which is closest. bergenpeak wrote: Question about route reflector operation. It appears that a RR, when provided with multiple routes to the same destination, will pick the best path and then reflect this best path to the appropriate set of clients and non-clients. I had expected that the RR would simply just reflect routes and not perform route selection on behalf of clients. While this does have benefits to lower-end RR clients, I'm curious as to how step 8 of the BGP decision process is made. Step 8 is where an iBGP router, for a set of equal routes, will compute the IGP cost to the route's next-hop, and select the path whose next-hop is IGP closest. How is this step performed by the RR? Does the RR compute the IGP cost from itself to the next-hop, or does it attempt to compute the IGP cost from each client to the next-hop? I get the impression that it is the former (RR to nexthop). If this is correct, then might one expect sub-optimal BGP routes selection at times as the cost is from the RR to the next-hop and not the real cost from an iBGP client to the next-hop? Much like aggregation, some sub-optimalities might be the price paid to scale. Just trying to verify how path selection is handled when RR's are present. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62312t=61900 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Why is distribute-list in not supported in OSPF? [7:62247]
I think the general ideas are as follows: - OSPF provides a mechanism to filter LSA (routing information). This is done within the OSPF spec via area boundaries (ABRs and ASBRs). - the OSPF area construct works best when all devices in the area have the same view of toplogy and cost within the area. When this is not the case, issues may arise (see below) - With the right topological and OSPF area design, one can support most requirements for the controlling of routing information. Filtering of LSAs within an area has the following issues: - first, since LSAs are flooded, filtering LSAs at one location might have no impact as these filtered LSAs might reach all corners of the area any way (based on other paths which aren't filtering). - if filtering is successful and devices within an area have different views of the toplogy and costs, sub-optimal routing and/or routing loops will likely be present. So, in general, controlling routing information really should be done at the designated locations, namely where area's interconnect. That's not to say that there might not be times when one does want to filter LSAs within an area. Looks like the command neighbor database-filter exists to do this. ericbrouwers wrote: Hello, The distribute-list access-list in [interface] command is not supported in IS-IS and OSPF. Why??? I tried to find an explanation in Cisco's OSPF design guide: Filtering information with link-state protocols such as OSPF is a tricky business. Distribute-list out works on the ASBR to filter redistributed routes into other protocols. Distribute-list in works on any router to prevent routes from being put in the routing table, but it does not prevent link-state packets from being propagated, downstream routers would still have the routes. It is better to avoid OSPF filtering as much as possible if filters can be applied on the other protocols to prevent loops Why can router not prevent link-state packets from being propagated??? Hope someone can explain this to me. Thanks, Eric Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62253t=62247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
route reflector question [7:61900]
Question about route reflector operation. It appears that a RR, when provided with multiple routes to the same destination, will pick the best path and then reflect this best path to the appropriate set of clients and non-clients. I had expected that the RR would simply just reflect routes and not perform route selection on behalf of clients. While this does have benefits to lower-end RR clients, I'm curious as to how step 8 of the BGP decision process is made. Step 8 is where an iBGP router, for a set of equal routes, will compute the IGP cost to the route's next-hop, and select the path whose next-hop is IGP closest. How is this step performed by the RR? Does the RR compute the IGP cost from itself to the next-hop, or does it attempt to compute the IGP cost from each client to the next-hop? I get the impression that it is the former (RR to nexthop). If this is correct, then might one expect sub-optimal BGP routes selection at times as the cost is from the RR to the next-hop and not the real cost from an iBGP client to the next-hop? Much like aggregation, some sub-optimalities might be the price paid to scale. Just trying to verify how path selection is handled when RR's are present. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61900t=61900 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF default-information originate criteria [7:61683]
I might be misunderstanding the question, but it's pretty common for an OSPF router in area 0 to originate a default. If you have a stub area defined, you could configure the ABR with default-information originate and it will gen the type 3 LSA into the stub only if it sees a default. Testing confirms this. Now, if two routers are in area 0, and one is configured with default-information originate always and the other is configured with default-information originate, the second will have an E2 0/0 route in it's lsdb and table, but will not generate a 0/0 default itself. Hart, Todd A [LTD] wrote: I would like to know if anyone knows where I can find documentation regarding criteria for OSPF to originate default using the default-information originate command? Our Cisco SE provided me with the following information, and he is trying to locate information to support the second condition of, - That default route *cannot* have been learned via OSPF. In order for 'default-information originate' to redistribute a default route, 2 conditions must be met: - The router must have a default in it's routing table - That default route *cannot* have been learned via OSPF I have found Cisco supporting documentation regarding the first condition, but not the second. I would appreciate any documentation regarding this issue. Thanks, Todd Hart Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61737t=61683 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FW: IP Helper, Expected behavior? [7:61607]
WHen the DHCP packet is forwarded, the DHCP relay agent will insert the primary IP address of the interface the packet was received on into the DHCP packet's giaddr field. When adding secondaries to an interface where you're doing DHCP, make sure: - routing to the primaries and secondaries is in place and the DHCP server(s) can reach these IPs - the provisioning system is configured to relate all secondary scopes back to the primary scope. Waters, Kristina wrote: Everyone, I'm in the process of changing my internal IP addresses and ran into a problem on the first site I went to swap. Clients obtain their ip from a dhcp server at my location, so I added a secondary ip address to the remote router as shown below: interface Ethernet0 ip address 172.16.x.x 255.255.255.128 ip address 10.x.x.x 255.255.255.0 secondary ip helper-address 172.16.x.x Got everything else set up, yet no one was obtaining IP addresses. I flip-flopped the addresses and made the old 172.x.x.x address the secondary, the 10.x.x.x address the primary and everything started working fine. Does ip helper only work with primary address on the interface? This particular router had an older version of code, 11.1. Just curious, Kristina L. Waters LAN/WAN Engineer www.absfirst.com Many of life's failures are people who did not realize how close they were to success when they gave up. Thomas A. Edison ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by email, delete and destroy this message and its attachments. ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61621t=61607 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Why is OSPF E1 route preferred over E2 route? [7:61619]
In the docs I've read (and I think this was posted on this list as well), one might use E2s when you've got one exit point that is always prefered over the other(s). This might happen if you've got 2 ISPs and one configured as a backup only. The primary exit point is always prefered, regardless of the internal cost to get to it. E1s are useful when one might want to load share traffic to the exit points. Each router computes the internal cost to each exit, and takes the path to the closest based on internal cost. ericbrouwers wrote: Hi, Why is an E1 route preferred over an E2 route for the same destination? The cost of an E1 route is the sum of the external reported cost and the internal cost used to reach that destination. The cost of an E2 route is always the external cost, irrespective of the internal cost to reach that route. This implies that the path with the higher cost is preferred Is it maybe because E1 routes are reflecting the real cost? They are not hiding the internal costs.But if this is the reasoning behind it, why has Cisco made E2 the default instead of E1 Anyone an idea? Eric Brouwers By the way, CCNP Routing Exam Certification Guide seems to be wrong on page 294, chapter 6. The E2 definition is not right: ... The routes discovered by OSPF in this way can have the cost of the path calculated in one of two ways: . E1-The cost of the path to the ASBR is added to the external cost to the next-hop router outside the AS. . E2-The cost of the path to the ASBR is all that is considered in the calculation. This is the default configuration. This is used when there is only one router advertising the route and no selection is required. If both an E1 and an E2 path are offered to the remote network, the E1 path will be used. ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61629t=61619 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSS/NM (was CCIE Vs. BS or MS degree [7:59481]) [7:60215]
NRF makes a very good point below about OSS systems. Pulling this off from the original thread to take the discussion in a differnent direction. As we probably all would agree, the largest cost in running a network is not the engineering cost or the capital costs, but rather the cost of operating the network (NOC, call center, tier 1-(N-1) support, etc.) In the world I live in, the engineering group, when introducing new gear, design, service, or architecture, is reponsible to also provide the OIDs to monitor, how often to poll, what each OID means, what are key thresholds, and what it means (or one should do) when an OID value passes one of these thresholds. The NM folks than update their tools (OSSs) and processes based on this information. The engineering involved in this portion of the design can either make or break the cost effectiveness of a design. So two points: 1) It would seem that any CCIE-type training/testing should include NM information into the material to be learned. From what I can tell, it does not. I'm not suggesting that one would need to memorize every OID in every MIB, but it would seem important to know key OIDs in each functional area and what useful information they provide. 2) For the folks on this list that write books in this space, it would seem very appropriate if NM topics where covered as well. Take a book which talks about the many different routing protocols. All of them explain how the protocol operates, the format of messages, and and how to configure and debug a router running the protocol. There's only so many ways one can explain OSPF type 1-4,5 and 7 LSAs and stub/TSA/NSSAs. One way to differentiate the contents of a book would be to include key OIDs one should consider putting in their NM systems to make sure OSPF/IS-IS/BGP/etc. is operating as expected (or not). My $0.02. nrf wrote: Yet at the same time we have the opposite phenomena - guys who can configure routers in a Sunday minute, but can't even spell RFC. What I'm talking about is guys who might know what all the commands are, but have no grounding in routing protocol theory or any such higher concepts. All they know is - they see this problem, they type in this command. Such guys are useful if you need to troubleshoot your network at 3 in the morning, not so useful if you want to do something that isn't in a textbook. And besides, I hate to say it, but these guys are destined to be replaced by a good OSS. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60215t=60215 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
basic IS-IS questions [7:60217]
Been reading Doyvle V1 IS-IS chapter. Also been reading the PDF on cisco's web site regarding IS-IS. Some questions based on this reading. 1) Why is it that the IS-IS model of having the router be in only a single area, as opposed to where an OSPF router can be in multiple areas results in significantly fewer LSPs? This reason is than used to suggest that IS-IS has better scaling properties than OSPF. It might, I'm just trying to understand why the different area demarc location would result in fewer LSA-type advertisements. If, in OSPF, any ABR router was limited to be in just two areas, would this equate to the same number of LSPs in IS-IS, and hence scale accordingly with IS-IS? 2) Is it possible for IS-IS to support the equivalent of an OSPF NSSA? In an OSPF NSSA, the area sees no external area routes, but ASBRs can be present in the area. In IS-IS, the ASBR equivalent would be a L1/L2 router. And it appears that all routers which perform L2 function must be interconnected, which means: * the ASBR (L1/L2 router) would see all of the AS routes. This breaks one aspect of an NSSA in that only routes within the areas are present (LSA type 1, 2 and 7) * in order to satisfy the L2 connectivity requirement, there would need to be a string of routers in the area which are L2 that connect the ASBR (L1/L2) back to the L2 backbone. This sort of defeats the concept of an area, which is isolated from the backbone as the backbone needs to be pulled into the area to the ASBR (L1/L2) 3) Why is it that by limiting the possible metric values to be between [0, 1023] allows SPF to be more efficient? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60217t=60217 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSS/NM (was CCIE Vs. BS or MS degree [7:60220]
Hi Howard, I'm not suggesting that one should write a book on network management. Instead, it seems that most network routing books don't spend anytime reviewing some of the key MIB objects relevant to the routing protocol that should be considered when configuring the relevant NM tools. It does seem naive thinking that one could design it right in the first place and then not have to worry about network operations as if it's not needed. Maybe this is possible, if the gear being deployed never has a hardware failure, the OS never fails, your fiber never gets dug up, and device misconfigurations never happen. If you are seeing gear which never fails, a carrier which never loses fiber, and operations folks who never make mistakes, let me know what vendors I should be switching too or entity I should be hiring from... :-) In a post yesterday, you mentioned CALEA and E911. Good, lets think about primary line VOIP and OSPF as your IGP.Lets assume that customer downtime for VOIP is a bad thing and something the operator is tryng to avoid. Thus, it's crucial for the NM folks to be able to detect problems before pagers start buzzing and before the call center gets whacked Given this, how can NM tools determine that all links which should have OSPF adjacencies active in fact do? I've seen situations where this sort of problem doesn't get realized until there's a failure in one part of the network. The backup path with the adjcancey problem, but which wasn't needed used during normal operation, then causes an outage. There are OIDs in the OSPF MIB or syslog messages which one can use to help determine when an adjacency is improperly down, but this information is not covered in the standard network book. Sure, knowing debug ip ospf XYZ commands is a start, and useful for newbies, but there's more to support than running debug commands, and there's always the risk that you've just blown up the router you turned debug on And as you mention, there are things that would be useful to know through the MIB, but which aren't currently supported. Doesn't mean they're not worth talkng about. One item that I ran into was related to the use of auto-cost reference bandwidth to change the metric used to cost out links. It's important that all devices use the same reference bandwidth in order for costs to be properly computed. How does one verify all devices, across vendors, are using the same reference bandwidth? Turns out that this one is not possible via the OSPF MIB as it stands today as the reference bandwidth is not an object in the MIB, but is just a *comment* in the MIB definition. Much like NRF mentioned which lead me to spin this new thread-- as NM tools get more sophisticated, there will be less need for the CCNX support engineer who carries a pager to figure out problems in the middle of the night. Instead more and more of the opertional support work will be done up front as part of the design engineering and this will include the OIDs and thresholds the NM folks and tools should be monitoring. Howard C. Berkowitz wrote: At 4:31 PM ?? 1/3/03, bergenpeak wrote: NRF makes a very good point below about OSS systems. Pulling this off from the original thread to take the discussion in a differnent direction. As we probably all would agree, the largest cost in running a network is not the engineering cost or the capital costs, but rather the cost of operating the network (NOC, call center, tier 1-(N-1) support, etc.) In the world I live in, the engineering group, when introducing new gear, design, service, or architecture, is reponsible to also provide the OIDs to monitor, how often to poll, what each OID means, what are key thresholds, and what it means (or one should do) when an OID value passes one of these thresholds. The NM folks than update their tools (OSSs) and processes based on this information. This brings up interesting issues of basic software architecture. From all I know, IOS is not built on an OID structure. Nortel, in many of its products -- certainly the derivatives of Bay RS -- used the OID structure as its fundamental internal data structuring. Not all products -- Passport isn't just spaghettti code--it needs angel hair pasta to get even more twisty. The engineering involved in this portion of the design can either make or break the cost effectiveness of a design. Another aspect is that there is constant confusion among station, layer, and system management. People with a proper understanding of layer management rarely struggle with where ARP fits. Frankly, this is extremely valuable to understanding the context even for basic certifications. So two points: 1) It would seem that any CCIE-type training/testing should include NM information into the material to be learned. From what I can tell, it does not. I'm not suggesting that one would need to memorize every OID in every MIB, but it would seem
Re: O/T more campus design issues [7:60136]
If you only have hosts connected to the switch (not L2 devices), enable port-fast on the host ports. This eliminates the spanning tree states on the port and thus the port begins forwarding packets with a few seconds of the link coming online. This might be the problem if static IPs are assigned to the hosts. If DHCP is being used and DHCP is working, I'd expect it is not a problem with the port and spanning tree. One other possible gotcha is regarding routing and the VLAN interface. If no devices are active on the VLAN, the router might consider the VLAN subnet down and withdraw the route from its advertisements. Priscilla Oppenheimer wrote: You all remember my very simple campus network re-design that I've been helping out with? It sure has been keeping me humble. ;-) So we upgraded the single subnet to two subnets and two VLANs. Everything is working OK except for Windows networking. The PCs on the new subnet can't find a domain controller for authentication. So, you can feel free to yell at me for not gathering more information on the symptoms, but the client hasn't told me much. ;-) But does this ring a bell with anyone? Are there standard recommendations on how to handle this in a subnetted VLANed internetwork. I'm not too well informed on Windows networking. My co-author wrote that chapter in my troubleshooting book. Thank-you so much! Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60149t=60136 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS dergree [7:59481]
Interesting question. Some thoughts from someone that does have a PhD in CS (dissertation in networking, a dozen or so publications, a handful in IEEE journals). I initially went into gradual school to teach and do research, but after spending two summers during grad school as an intern in industry, realized that I was much more interested in working in industry than staying in academia. When I completed my PhD, I took a job in industry. Much like John mentions, comparing the two is like comparing apples and oranges. The material covered in each area is very different. A PhD is much more theory oriented and there's a lot more of the why types of thinking. Obviously, this sort of questioning is needed and helps lead one to dissertation topics and an actual research question. Besides the initial reading list you get from your advisor, you're on your own to find related research, develop your ideas, verify that your work is unique, and then get it published before someone else stumbles across the same idea. And note, there are several hoops one needs to go through to get a PhD, and failing any one of these can cause you to get booted from your program. In order, these steps are: 1) pass your prelims which are a test of breadth of knowledge in all the main areas in your subject area. The way prelims where structured where I went to school, we had test and pass in 4 of 5 core areas (systems, languages, theory, algorithms, and architecture) and 4 non-core areas (networking fell into this space) 2) pass your comprehensives (comps, test that you have detailed knowledge in the area you intend to do research). The format for comps is often a series of probing verbal questions asked by each member of your comittee that you answer in real-time. 3) pass your proposal (this is where you propose the topic/question you intend to research/solve. Besides a verbal defense, this requires a failry extensive document be written which details the existing research space, and how your work will fit in, etc.) 4) do the research and write up your dissertation 5) defend your dissertation. It's often easiest to prove your dissertation is worthy of a degree if you have many peer reviewed publications, so add lots of publications to step 4 above. I don't have a CCIE, so can't say for sure, but here's my take on doing the exams up to and including the CCIE written. Everyone gets the list of books to read, and if you know the information in these references, you'll pass the tests. Note that with commercial study guides, practice labs, practice tests, and courses geared specifically to pass these tests, there's plenty of external help available to help make it through the CCIE written. As far as I know, as long as your willing to pay, you can take the tests over and over again until you pass. This aspect is not true when working on a PhD. The CCIE lab does seem to be a much more robust evaluation mechanism as it appears to require much more on your own sort of preparation. Using the framework above, the tests up through a CCIE written might fall into something like the prelims. But prelims cover a much wider range of material. One might be able to classify the CCIE lab sort of like the comps one takes in working towards a PhD. I don't think I'd classify the CCIE lab as equivalent to a PhD as there's a lot more required in doing a PhD than knowing a lot about some specific area. So which path should one take? I think it depends. Having a HS diploma and a CCIE most likely will not open doors for one to teach at a univerisity. On the other hand, having a PhD doesn't necessarily mean one can design an enterprise let alone an ISP network. I'd suggest balance. Get a four year degree and supplement with a CCNP. Work for a while. Determine if it makes sense from a job/career perspective to move on to a MS/PhD or onto a CCIE, or neither, or both John Neiberger wrote: MS- or PhD-level coursework is more difficult than what you'll run into studying for the CCIE, but they don't really cover the same subject matter so it's really apples and oranges. I personally don't even have a BS--which I regret--but it wouldn't help much in my current position anyway, except possibly for promotions or raises, which is important, but it wouldn't help me do my job any better. IMO, someone who pursues an MS or PhD is not planning on remaining a network technician for long; they probably have loftier goals. A CCIE with no degree, on the other hand, likely enjoys the technical side of things. I often heard it lamented that many CCIEs who are loving life as senior engineers end up being placed into management positions that they hate. Just because someone is advanced in a technical area does not necessarily make them management material. OTOH, someone with an MS or PhD is quite often management material, but not necessarily the first person you'd call with a general networking question. That
RIP holddown timer [7:59989]
Reading Doyle's V1 book. Page 195 mentions that when an update with a hop count higher than that in the routing table is received for a route, the route will go into holddown for 180 [sic] seconds (three update periods). In the cisco page (below) for the timers basic command, the page states that ...A route enters into a holddown state when an update packet is received that indicates the route is unreachable. The route is marked inaccessible and advertised as unreachable... It would seem that the explaination on the cisco site is correct and the Doyle text is incorrect. Could someone confirm or explain what Doyle might be refering too? Thanks http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_command_summary_chapter09186a00800eeae6.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59989t=59989 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
questions about how public peering is done [7:58620]
Anyone have a document which details to how public peering is typically done at an ethernet-based peering location? I had envisioned that one dropped a router, had a GE pulled into the peering location, got an IP address from a large block (ie /24) from the peering center, and started peering with anyone that you wanted to. The peering L2 switch(es) have everyone in a single VLAN. Thus, once the GE link was in place, the peering center wasn't involved to do configurations, etc. However, I've recently heard that one is required to pull an FE/GE for each peering partner, and that the L2 switch gear will be configured with a dedicated VLAN between your FE/GE and that of your peers, and that addressing of the end points is done with one of the peer's (usually via /30s) and not the peering centers. This second approach seems to make a lot of sense as it better limits possible issues which might arise, etc. Anyone know how this is usually done?Papers on the web one can refer me too? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58620t=58620 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: iBGP and convergence when failure happens [7:57255]
Thanks. So the removal of a BGP route from the routing table will not cause the BGP process to be tickled to run and possibly re-insert a new route for N1, N2, .. Nk through R2? Does the no sync apply here? The book examples always mention no sync in conjunction with eBGP and sending advertisements. Here it's iBGP and when to re-evaluate putting routes into the routing table. It would seem that load balancing, if possible, might help. That is, if routes to N1 via R1 and R2 are both in the routing table, the loss of routes to R1 would cause those routes to be removed, but not prevent traffic from being forwarded to N1. So, besides the questions above, a few more: * Is it possible, in an iBGP configuration, to have BGP install multiple routes to the same destination? If so, how is this done so that loops do not ocurr in the hops towards R1 and R2? (That is, if each intermediate router randomly picks R1 or R2 as the target for N1, loops might develop) * I've never tried, but can I use local pref in iBGP to indicate a course level of load balancing by network prefix destination? I want to make sure that packet re-ordering is very unlikely and this seems like this would prevent the loop problem. It would seem this might provide prefix load balancing, but does not install two routes in the routing table for N1? The Long and Winding Road wrote: a couple of things - in line below bergenpeak wrote in message news:200211120028.AAA03239;groupstudy.com... Suppose I have several routers making up an iBGP mesh. Lets suppose I have two routers (R1 and R2) which are advertising the same set of networks: N1, N2, ... Nk. OSPF is running underneath BGP (assume area 0). All of the N networks are being advertised with a next-hop set to the respective loopback's from R1 and R2. Now consider some other BGP router in the network. It will have received a BGP announcement for each of N1, N2, .. Nk from R1 and R2. This third router will select one of the paths to N1, N2, etc. and insert it into the routing table. I'd expect to see something like: subnet next-hop --- --- N1 R1-lo0 N2 R1-lo0 ... ... Nk R1-lo0 R1-lo0 R2-lo0 Now, suppose R1 goes belly up. OSPF will quickly inform all other routers that R1 and its loopback no longer exist. I'm assuming that this will invalidate all the routes in the routing table which have R1-lo0 as next hop. This will therefore cause the removal of all occurences of routes to N1, N2, ... Nk from the routing table. The question is this: what event will trigger BGP to re-evaluate the routes it knows about and add in routes for N1, N2, ... Nk via R2-lo0? Will the removal of the N1 route from the routing table inform BGP to re-evaluate? Or will the BGP timers need to timeout and detect that R1 is dead before re-evaluating? detecting a link down, or dead timer expired. One other question-- does no sync in BGP have a role here or is that related only to determining when to advertise a route via eBGP? iBGP will not install a route into the BGP table unless it can verify reachability. I.e. unless there is a valid path to the advertiser in the routing table. This is synchronization. the no synch command allows BGP to bypass this validation step. in the case you mention, with full mesh, and full IGP connectivity, no sync is not not necessary. HTH Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57286t=57255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
iBGP and convergence when failure happens [7:57255]
Suppose I have several routers making up an iBGP mesh. Lets suppose I have two routers (R1 and R2) which are advertising the same set of networks: N1, N2, ... Nk. OSPF is running underneath BGP (assume area 0). All of the N networks are being advertised with a next-hop set to the respective loopback's from R1 and R2. Now consider some other BGP router in the network. It will have received a BGP announcement for each of N1, N2, .. Nk from R1 and R2. This third router will select one of the paths to N1, N2, etc. and insert it into the routing table. I'd expect to see something like: subnet next-hop --- --- N1 R1-lo0 N2 R1-lo0 ... ... Nk R1-lo0 R1-lo0 R2-lo0 Now, suppose R1 goes belly up. OSPF will quickly inform all other routers that R1 and its loopback no longer exist. I'm assuming that this will invalidate all the routes in the routing table which have R1-lo0 as next hop. This will therefore cause the removal of all occurences of routes to N1, N2, ... Nk from the routing table. The question is this: what event will trigger BGP to re-evaluate the routes it knows about and add in routes for N1, N2, ... Nk via R2-lo0? Will the removal of the N1 route from the routing table inform BGP to re-evaluate? Or will the BGP timers need to timeout and detect that R1 is dead before re-evaluating? One other question-- does no sync in BGP have a role here or is that related only to determining when to advertise a route via eBGP? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57255t=57255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
GSR line card utilization guidelines [7:56521]
I'm considering enabling some features on a E0 GSR line card. I'm going to monitor the line card CPU utilization in order to track the impact the features have on the LC. Does anyone have any general rules of thumb (or reference document) that provides guidelines on how far, utilization wise, a line card might be pushed before packet forwarding performance is affected? Said differently, what's the threshold for line card utilization, that if exceeded, probably means I should disable these features? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56521t=56521 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
mapping OSPF tag value into BGP community [7:56450]
Is it possible to take tag values carried in OSPF external route advertisements and automatically map them into the community attribute of the respective BGP advertisement? Consider a router running both OSPF and BGP. In the BGP config, there's a redistribute from OSPF into BGP. Assume that only OSPF external routes, and hence those with tag values, are being redistributed into BGP. Assume that these external routes have different tag values. Is there a way to automatically get each respective OSPF tag value into the community value of the respective BGP route advertisement? So, if an OSPF external route advertisment has a tag value of 42, when the route is redistributed into BGP, the respective BGP community value would be 0:42. If the OSPF tag value was 81, the BGP community value would be 0:81. It looks like it might be IOS possible to statically encode all the possible OSPF tag values, via a route-map, and then set the BGP community value. I've not actually done this yet, so not sure if its possible. However, I'd rather use an automated mechanism for this. That way, as new OSPF external tag types are used in the network, I don't need to update route-maps. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56450t=56450 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
summary-address and OSPF NSSA [7:56407]
I'm using an NSSA in some sites and want to prevent type 7 LSAs in these sites from being converted into type 5 LSAs and being injected into area 0. It appears this is possible using the summary-address command. Specifically, I'm considering doing the following in the ABR: summary-address 0.0.0.0 0.0.0.0 not-advertise It's my understanding the ABR, configured with the above, will block any type7-5 routes from being advertised into area 0. Is this correct? Besides the filtering behavior, any side-effect/ramifications to consider when doing the above? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56407t=56407 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF: setting tags on external routes [7:56408]
I've got a number of different subnets on an OSPF ASBR that I would like to OSPF tag and advertise according to function. Assume these networks are directly connected to the ASBR and that a redistribute connected subnets is being used to make these subnets type 5 (type 7s in an NSSA). Besides route-maps and ACLs, is there another way to associate different OSPF tag values to each subnet? For instance, is there a way to say that all subnets on an interface (sub-interface) should be assigned OSPF tag value 42 and subnets on another interface are assigned OSPF tag value of 11? I'm looking for this to be an OSPF command at the interface level (again, so I can avoid route-maps and ACLs). Or, is it possible in the router OSPF section to do something like: redist connected network XYZ subnet metric-type 1 tag 42 redist connected network ABC subnet metric-type 1 tag 11 Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56408t=56408 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: 50 ms and SONET [7:55700]
Hi Paul, Thanks. I scored a copy of GR-253 and think I found the relevant sections. Not surprisingly, there two requirements: * switch initiation time (ie time to detect that a switch is to be performed) * switch completion time. The detection time is required to be capped at 10 ms and the switch completion time is the infamous 50ms time. So it appears that data being transported over SONET might observe upwards of 60 ms of interruption... Of course, this is supposed to be worst case. Interestingly, there's reference to another document which looks like it might provide some rationale for some of the design aspects to SONET: TR-NWT-000418 Generic Reliability Assurance Requiremetns for Fiber Optic Transport Systems. Yawn. Guess this one is the next step... Paul Burke wrote: You may want to get a hold of the Bellcore GR 253 SONET generic standards doc or other SONET Bellcore GR docs relating to switching times and the equivalent SDH ITU-T standards (which I am not sure what it is). On the SDH side you may want to start with ITU-T G.783. Hope this helps pb --- bergenpeak wrote: Sorry for the OT post. Figured I'd float this here and see if any one might be able to help. Does anyone really know where the 50 ms SONET detect/fail-over time comes from? I've heard many answers, but none seem to be verifiable. I'm looking for pointers to docs which explain where or what drove the 50 ms number. I've heard that: * 50 ms was a requirement to support voice. The way this one is told is that more than 50 ms of noise/nothingness seriously impacts MOS. Not sure I buy that. * Old telco switches would go bonkers if many T1's started to flap a the same time. 50ms at the SONET level prevented the T1s from flapping. * others, etc. Again, looking for docs / pointers which details the answer. Thanks [EMAIL PROTECTED] __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55948t=55700 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: can I use a /31 subnet to the link between 2 routers eth [7:55699]
Below is a link from CCO with some details. Unfortunately, the example is not FE/GE. However, I've been using /31s on FE and GE p2p links between GSRs, 7609s, and 72xxs in the lab. IOS has been a mix of 12.0 and 12.1. As I mentioned in an earlier post, cisco did remove support for /31s on FE interfaces in some versions of the 12.1 code train. http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087aeb.html#76875 [EMAIL PROTECTED] (John Nemeth) wrote: .net Re: can I use a /31 subnet to the link between 2 routers eth [7:55457] (Mar 4, 9:46am) X-Mailer: Mail User's Shell (7.2.5 10/14/92) To: bergenpeak , [EMAIL PROTECTED] Subject: Re: can I use a /31 subnet to the link between 2 routers eth [7:55457] Cc: On Mar 4, 9:46am, bergenpeak wrote: } } /31s are supported on FE and GE link types (as well as POS, etc.) I thought it only worked on point to point interfaces? Last I heard, it didn't work on Ethernet. Do you have any documentation of where it does? }-- End of excerpt from bergenpeak Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55699t=55699 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: 50 ms and SONET [7:55700]
Sorry for the OT post. Figured I'd float this here and see if any one might be able to help. Does anyone really know where the 50 ms SONET detect/fail-over time comes from? I've heard many answers, but none seem to be verifiable. I'm looking for pointers to docs which explain where or what drove the 50 ms number. I've heard that: * 50 ms was a requirement to support voice. The way this one is told is that more than 50 ms of noise/nothingness seriously impacts MOS. Not sure I buy that. * Old telco switches would go bonkers if many T1's started to flap a the same time. 50ms at the SONET level prevented the T1s from flapping. * others, etc. Again, looking for docs / pointers which details the answer. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55700t=55700 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: can I use a /31 subnet to the link between 2 routers eth [7:55625]
Lets make this discussion real. What major ISPs actually use 1918 addresses on their physical interfaces? I know ATT (7018) does not. nrf wrote: Symon Thurlow wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Well, I would view an ISP who uses 1918 addresses in their public network a little warily. Traceroute etc are pretty fundamental problem solving tools IMHO Well then I suppose that means you would be suspicious of virtually all major providers out there. Rare indeed is it to find a provider that never uses this trick anywhere in their public network. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55625t=55625 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: can I use a /31 subnet to the link between 2 routers eth [7:55513]
One drawback with 1918 addresses on intermediate physical interfaces is that this too makes troubleshooting more difficult. Entities outside of your domain may troublsehoot problems in or through your network using traceroute. Traceroute timeouts will originate from the physical interface the TTL expired on. If this physical interface is numbered using 1918, then it's possible these return traceroute packets will get filtered somewhere on the return path. nrf wrote: Depending on your network, that may be a perfectly acceptable trade-off. Or you can continue to use RFC1918 addresses on your WAN links, even if they are on the public Internet (as long as you don't advertise these addresses to a peer ISP). Hey, why not - nobody on the Internet is actually interested in accessing your WAN links, they are interested in accessing your end-hosts. So as long as your end-point addressing is publicly routable, it doesn't really matter if your intermediary networks are not. Symon Thurlow wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Yes but then you lose troubleshooting capabilities etc. -Original Message- From: nrf [mailto:[EMAIL PROTECTED]] Sent: 13 October 2002 01:45 To: [EMAIL PROTECTED] Subject: Re: can I use a /31 subnet to the link between 2 routers eth [7:55480] Or even better, just use unnumbered interfaces. Bolton, Travis D [LTD] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I would still use a /30 mask if I was using unregistered IP's. If I was using standard IP's then maybe I would think about using the /31. -Original Message- From: Symon Thurlow [mailto:[EMAIL PROTECTED]] Sent: Saturday, October 12, 2002 4:45 PM To: [EMAIL PROTECTED] Subject: RE: can I use a /31 subnet to the link between 2 routers eth [7:55469] Thanks! I stand corrected. Cheers, Symon -Original Message- From: Bob McWhorter [mailto:[EMAIL PROTECTED]] Sent: 12 October 2002 17:06 To: [EMAIL PROTECTED] Subject: RE: can I use a /31 subnet to the link between 2 routers eth [7:55460] Symon, Reference RFC 3021 Using 31-Bit Prefixes on IPv4 Point-to-Point Links HTH -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Symon Thurlow Sent: Saturday, October 12, 2002 7:59 AM To: [EMAIL PROTECTED] Subject: RE: can I use a /31 subnet to the link between 2 routers eth [7:55454] Well, if you work it out: Obviously the first three octets wil be all 1's, so if you look at the last octet: 1110 Which = 254. This only leaves you with 2 addresses per subnet, and since you need one address for the Network address and one for the Broadcast address, you no longer have any addresses you can actually use. A 30 bit subnet, where the last octet= 1100 Equals 252. This means you have 4 addresses per subnet. Taking away one address for the Network and one for the Broadcast address, this leaves you one address for each end of the link. So I am not sure how you could use a /31. Symon -Original Message- From: bbfaye [mailto:[EMAIL PROTECTED]] Sent: 12 October 2002 14:54 To: [EMAIL PROTECTED] Subject: can I use a /31 subnet to the link between 2 routers eth ports. [7:55450] I used thought it shoul be /30 mask subnet... but recently I saw some guy said: use /31 subnet to save the address I really confusing me... ## ## # Scanned for Viruses and Content and cleared by the Webvein Mail Gateway # # Scanned for Viruses and Content and cleared by the Webvein Mail Gateway # # Scanned for Viruses and Content and cleared by the Webvein Mail Gateway # Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55513t=55513 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RIPv2 into OSPF redist metric q [7:55364]
Hi JFD, Thanks for the response, but it doesn't answer the question. Is there something about redistributing from RIP into OSPF where it is *necessary* for one to provide a metric on the redistribute command? I agree from a BCP perspective it is wise to explicitly list the metric, but want to understand if there is some low-level protocol issue where it's not possible for the IOS to provide and use a default metric when one is not provided via the redist command. This is both a theory of protocols / routing and a practical question. In a real live network, we had an issue where a router was configured with a redist of RIP routes into OSPF. The RIP routes where not being redistributed by OSPF. (I don't know if the routes never got advertised or if they where being advertised and then the advertisements stopped at some point in time.) Cisco was called in to look at the problem and reported the problem was because the redist was missing the metric XYZ command. I don't buy that the metric XYZ is in fact necessary. In the testing I've done, the redist works without the metric and in fact supplies a default metric when a metric is not provided. This would seem to indicate the metric value is in fact not needed in order for the redist to work correctly. I expect this was a bug in the IOS we were running and the response that the metric XYZ was required was provided as a work around to the bug, but cast as necessary for the protocols to work properly. But trying to unwrap this onion a bit more... Thanks Jean-Francois Delrieu wrote: Bergenpeak, You should always use default metrics before redistributing or specify a metric when reditributing specific routes. This is valid for any protocol redistribution in a lab or in prod. You will avoid a lot of problems. JFD Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55455t=55364 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: can I use a /31 subnet to the link between 2 routers eth [7:55457]
/31s are supported on FE and GE link types (as well as POS, etc.) However, cisco backed out support in some early versions of the 12.1 code train (ie it worked in some versions of 12.0, didn't work in some 12.1, and now appears to work again). RFC 3021 provides details. bbfaye wrote: I used thought it shoul be /30 mask subnet... but recently I saw some guy said: use /31 subnet to save the address I really confusing me... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55457t=55457 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RIPv2 into OSPF redist metric q [7:55364]
Is it necessary, when doing a redist RIP in an OSPF router process, to specify a metric? I've heard that a metric is required and if not specified, OSPF will not advertise the RIP routes. In my testing, RIP routes being redist into OSPF even without an explicit metric do show up in the routing table and show a metric of 20 (type 2 external). I don't have an issue with configuring a specific metric in the redist, but trying to understand if there's really a requirement for it and what would be driving this requirement. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55364t=55364 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Wireless and DHCP and router IOS version ?????. [7:53440]
Your DHCP servers should be looking at the giaddr field in the DHCP packet being relayed by your router. It's this field that the DHCP server uses to determine which scopes are applicable. I looked into this before and I believe cisco has changed the default value it uses for the intserted giaddr value. A long time ago, it used to be that the giaddr value inserted was the interface's primary IP address. They then changed to a mode where the router would monitor the DHCP packets and if an OFFER was not observed after 2-3 client attempts would then use the secondary IP address as the giaddr. If you had N secondaries, it would eventually cycle through all N secondaries. (Note, this was done on a per client basis). Cisco now has introduced a way to specify the giaddr behavior desired via the dhcp-giaddr command. There's a cable version of this (for CMTSs) and looks like one for radio interfaces as well: cable dhcp-giaddr radio dhcp-giaddr The primary value tells the router to always insert the interface's primary IP address as the giaddr value. The policy value tells the router to do the DHCP OFFER monitoring and to cycle through all the interface IP's (again on a per client basis). I don't know if this is in the general interface code train. I guess there are some DHCP servers which don't allow one to define relationships between scopes, but the DHCP servers I use do and so I tend to set the giaddr to primary and then define primary-secondary scope relationships on the DHCP server. This will allow clients to obtain IP addresses much quicker and allows one to drop multiple DHCP secondaries on an interface. This configuration is common on CMTSs. D'souza, Henry (MED, TCS) wrote: Hi , We have a single VLAN, VLAN92, that we use for wireless on the mfg shop floor. 3.57.92.0/24 was the primary address, used for bar-coding with STATIC IP's only, and 3.57.93.0/24 was the secondary address, for DHCP for wireless PC usage. On the previous version of IOS 12.1(2)E, the DHCP packets were able to be sourced off the secondary address (3.57.93.x), and as such, the clients would get a DHCP address. (I don't know for sure, but I am speculating that it sent out DHCP packets with Source addresses from both the primary IP and the secondary IP). Anyway, with the new version of code,IOS 12.1(12c)E1 it evidentially ONLY sources the DHCP requests from the primary address. DHCP server looks at the incoming packet, checks the SA, sees that it now does NOT match any of it's scopes, and then drops the packet. swapped the primary and the secondary addresses, and everything is now working fine. Henry D'souza Network Engineer General Electrical Medical Systems Email # [EMAIL PROTECTED] 8200 West Tower Avenue Milwaukee, WI USA 53223 Work (414) 362-2431 Fax: (414) 362-2352. Home (262) 547-8163. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53855t=53440 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
question re RED [7:51650]
When RED is running on an interface, do packets get dropped before being put into the queue (at the tail, based on ave queue size, etc) or do they get dropped when they reach the head of the queue? Is there any difference in when packets are dropped when WRED is being used (instead of RED)? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51650t=51650 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: question re RED [7:51650]
Hi Priscilla, Thanks much for the response and the RFC reference. Would one still consider a vendor's implementation to be RED (compliant with RFC 2309) if packets at the head of the queue are dropped instead of at the tail? Thanks again. Priscilla Oppenheimer wrote: bergenpeak wrote: When RED is running on an interface, do packets get dropped before being put into the queue (at the tail, based on ave queue size, etc) or do they get dropped when they reach the head of the queue? Incoming packets get dropped before being queued, based on the average queue size. As you probably know, this is different from the classic tail drop, however, which happens when the queue is full. (Packets at the end or tail of a stream of packets get dropped because the queue is full.) RED drops arriving packets probabilistically. The probability of drop increases as the estimated average queue size grows. Note that RED responds to a time-averaged queue length, not an instantaneous one. Thus, if the queue has been mostly empty in the recent past, RED won't tend to drop packets (unless the queue overflows, of course!). On the other hand, if the queue has recently been relatively full, indicating persistent congestion, newly arriving packets are more likely to be dropped. I didn't make that up. I got it from RFC 2309. :-) Is there any difference in when packets are dropped when WRED is being used (instead of RED)? Here is where it really gets interesting. From reading descriptions of RED versus WRED in the excellent book Integrating Voice and Data Networks by Scott Keagy, I would say that WRED does muck with packets already queued. Whereas RED cares only about the size of the queue, WRED also has some scheduling capabilities. Here's what he says: Unlike RED, which purely manages queue depth, WRED also has some characteristics of a scheduling algorithm. Instead of explicitly stating which packets will go next, WRED selects which packets will not go next. Most scheduling algorithms are additive in nature, where the final packet order is the result of each packet being explicitly placed in order. WRED starts with a random ordering of packets, and removes packets such that the desired packet ordering is approached. This subtractive process offers a very limited scheduling functionality. The additive process offers a much finer control, but the subtractive process uses far fewer system resources. Whereas the additive ordering mechanism must actively move (or at least store a pointer for) each packet into a new reordered buffer, the subtractive mechanism merely discards packets that violate the ordering rules. Each packet requires less processing and less buffer resources when using the subtractive ordering mechanism. Priscilla Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51691t=51650 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
every sub-area is same area number: was Re: two ABRs for a [7:51199]
Ran across some text in Doyle's V1 that confirms JMcL's comment below (page 462, Partioned Areas section). So, the next question for the group is the following: OSPF doesn't track the area information once the routing information gets injected into the backbone. Suppose you have a network with N different physical locations and each will be configured as sub-area. Each sub-area connects to the backbone via it's own ABR. Is there any reason to use different area numbers in this situation? From an Ops perspective (say where you have tools to go out and touch the configs on the ABR and sub-area routers), using the same area number will simplify the configs and tool logic. So, is there some benefit to actually use different sub-area IDs? Thanks bergenpeak wrote: Suppose I have two ABRs that are supporting the same sub-area. The ABRs are not directly connected, but can reach each other through links inside the sub-area. Suppose a link fails causing the two ABRs to not have connectivity through the sub-area. The sub-area is therefore partitioned. Suppose the ABRs are not doing route summarization. Will this cause a problem from the backbone perspective? Will this cause a problem for traffic which needs to flow from one side of the sub-area to the other part of the sub-area? Thanks I don't believe it will cause any problems. I'm not going to look it up right now, but I'm sure I've researched this one before. As long as there is no summarisation (or no overlapping summarisation), the two partitions are simply treated as two sub-areas. JMcL Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51199t=51199 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: every sub-area is same area number: was Re: two ABRs for a [7:51210]
Hi Peter, Thanks for the response. Yes, the assumption is that each ABR terminates a single sub-area. The topology supports this assumption. In a response I was preparing for Chuck's comment, there is one other item I should add-- future service needs might result in the need for TE. I believe the current OSPF specs only supports carrying TE information within an area. Given how OSPF works today, I'd expect that TE would also work, across areas, without the need to carry the actual area ID information. But I'm guessing Thanks Peter van Oene wrote: Having all sub-areas use the same area-id is functionally possible, but imposes some key limitations. First off, you can only have ABRs that terminate 1 sub-area as they have no mechanism for differentiating more than one. If one were to connect multiple, similarly identified yet separate areas to the ABR, you would end up with one area thereby defeating your original goal. This is about the only key limitation I can think of off hand, but is highly restrictive and certainly overcomes any desire to optimize config script tools. pete At 06:12 PM 8/11/2002 m??, bergenpeak wrote: Ran across some text in Doyle's V1 that confirms JMcL's comment below (page 462, Partioned Areas section). So, the next question for the group is the following: OSPF doesn't track the area information once the routing information gets injected into the backbone. Suppose you have a network with N different physical locations and each will be configured as sub-area. Each sub-area connects to the backbone via it's own ABR. Is there any reason to use different area numbers in this situation? From an Ops perspective (say where you have tools to go out and touch the configs on the ABR and sub-area routers), using the same area number will simplify the configs and tool logic. So, is there some benefit to actually use different sub-area IDs? Thanks bergenpeak wrote: Suppose I have two ABRs that are supporting the same sub-area. The ABRs are not directly connected, but can reach each other through links inside the sub-area. Suppose a link fails causing the two ABRs to not have connectivity through the sub-area. The sub-area is therefore partitioned. Suppose the ABRs are not doing route summarization. Will this cause a problem from the backbone perspective? Will this cause a problem for traffic which needs to flow from one side of the sub-area to the other part of the sub-area? Thanks I don't believe it will cause any problems. I'm not going to look it up right now, but I'm sure I've researched this one before. As long as there is no summarisation (or no overlapping summarisation), the two partitions are simply treated as two sub-areas. JMcL Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51210t=51210 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
two ABRs for a sub-area and partitioning [7:50621]
Suppose I have two ABRs that are supporting the same sub-area. The ABRs are not directly connected, but can reach each other through links inside the sub-area. Suppose a link fails causing the two ABRs to not have connectivity through the sub-area. The sub-area is therefore partitioned. Suppose the ABRs are not doing route summarization. Will this cause a problem from the backbone perspective? Will this cause a problem for traffic which needs to flow from one side of the sub-area to the other part of the sub-area? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50621t=50621 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF, /31s on FE/GE, and ip ospf network point-to-point [7:50630]
In a network where FE/GE are used as direct connects between routers (with a /30 mask), is there any issue from a network or OSPF perspective if - one numbers these links with a /31 network in order to save two IPs per link. - one uses the ip ospf network point-to-point command remove the need for the DR router to generate a corresponding type 2 LSA? Can anyone think of any issues this might cause? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50630t=50630 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NSSA and related design questions [7:50608]
I'd like to setup a group of routers to be in an OSPF sub-area. The sub-area will connect to the backbone via one or two ABRs. All other routers in the sub-area will be ASBRs. The ABRs will not be ASBRs. From a design perspective, I want to put these routers into a sub-area so that I can limit the amount of routing information they need to be aware of. Further, I'd like to limit what information the backbone routers see regarding these ASBRs. Stub and Totally Stubby areas are not an option since the sub- areas contains ASBRs. Configuring the sub-area as an NSSA would help limit the number of routes in the sub-area (via the ABR nssa no-summary command) as the sub-area will have just a default, intra-area, and type 7 routes from the redist process. This is good. When the ABR gets the Type 7 LSAs from the ASBRs, it will translate them into type 5s and flood them throughout the backbone. While it appears that the backbone routers don't see the ASBRs (via type 4 LSAs from the ABR), I'd like to determine if it's possible to configure the ABR to take the type 7s and include these routes instead in the ABR's type 3 LSA? This would prevent the backbone routers from seeing the type 5s. Is this possible? Or, is it possible to perform redist from RIP into OSPF, but to configure this router to put the routes learned via RIP into it's type 1 LSA (ie do a redist but prevent the router from being an ASBR) Thanks for any info. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50608t=50608 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF and auto-cost refernce-bandwidth question, value selection [7:49950]
Suppose you have a network with a mix of FE, GE, OC-3/12/48 POS links. With the standard OSPF link costing mechanism, all of these links turn out to have a link cost of 1. Are there reasons to not go ahead and change the link cost calculation via the auto-cost reference-bandwidth command to better reference the link capacities? (I'm assuming that changing this value on all routers will cause a cascade of LSAs and SPF recalcs, but that one is willing to take that hit) Suppose the decision is to go ahead and make the auto-cost change. Is is possible that the calculated OSPF paths will be different if one uses OC-48 or OC-192 as the reference bandwidth? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49950t=49950 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF and authentication [7:49952]
What are the different ways one might be able to inject bogus routing announcements into a network running OSPF? I'm trying to determine if there really is a need for enabling authentication on OSPF or if this is really not needed. Suppose OSPF is running throughout a network but that all interfaces connecting to peers have been set to passive. Will a router process an OSPF packet if it's received and the destination IP address is not 224.0.0.x? So, if someone sends an OSPF packet to a physical interface on a router (or its loopback), would the router process anyway? Is it possible to for someone to build a neighbor relationship with a router in the network which are not directly connected (ala bgp nulti-hop)? Again, I'm assuming someone is trying to do this maliciously, so the attacked router won't be configured with a virtual link back to the attacking device. Any thoughts appreciated. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49952t=49952 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
does the SPF process/steps change based on the type of LSA [7:49953]
I've been monitoring the SPF counters on some routers in the network and wanted to understand if the router performs different parts of the SPF algorithm depending on what information is currently in the database and what new information is received via some LSA. Consider the following two different scenarios: 1) Suppose I have a transit router that's part of an OSPF network and has an interface which is ethernet. While this router is a transit router, there are no other routers on this enet interface so this interface would be a stub network. Suppose this interface went from the up to the down state. The router would flood an LSA indicating this network is no longer reachable. WHile this is a transit router, the only change was related to the stub network interface and so there doesn't seem to be a need for all other routers to run the complete SPF as each router's current SPF tree would not change. Does only the second phase (terminology from 16.1 in RFC 2328), and not the complete SPF process, get performed for this situation? 2) Same toplogy as above-- router is transit with an ethernet network which has no other routers on. One adds a secondary to the ethernet interface. An LSA gets flooded, but the only change would be the addition of a new network (as opposed to a link changing state). Would only the second phase of OSPF be performed? One can see how many SPFs have been performed by a router-- I'm trying to determine if the complete process is performed for any type of LSA change or if only parts of the SPF are performed. If the later, is it possible to see how many complete SPFs where performed and how many of the just second phase where performed. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49953t=49953 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
show process cpu and the interrupt value [7:49954]
When one does a show process cpu, one is shown the overall information and then the breakdown per process. It's my understanding that the information shown on the summary line, specifically for the 5 sec information (30%/24%), shows the total CPU utilization and that which has been consumed handling interrupts. In the above snipet, the CPU was operating at 30% utilization over the last 5 seconds. A total of 24% of the overall utilization in the last 5 seconds was handling interrupts (or at least that's my understanding) Does knowing the interrupt information help one determine anything about the state of the router or the network? Is it better (ie the network/router is healthy) if the interrupt value is closer to the overall CPU utilization or closer to 0? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49954t=49954 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco IP Telephony [7:48673]
For the folks who have tis up and running-- what tools, if any, are being used to make sure the VOIP service is operating at the desired level (delay and jitter bounds within spec, call cut-offs within spec, etc.) Thanks Brad Ellis wrote: I setup call mangler for us to replace our analog system. It's been pretty much a work horse for the past 5 months. From my experience, it's a pain in the butt to set it up, but if you set it up right, it's awesome. I cant say enough good things about it (after it's setup...the setting up part sucks) We did a straight out full replace (but we only have 6 or so phones and 4 analog lines to deal with). If you have more than 15 phones, I'd go with a planned parallel migration route. Just my thoughts thanks, -Brad Ellis CCIE#5796 (RS / Security) Network Learning Inc [EMAIL PROTECTED] www.optsys.net (Cisco hardware) Naomi James wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... We are thinking about getting Cisco's IP Telephony equipment. Is anyone using it. If so, can you tell me your thoughts about it (success/failure stories). Did it replace your phone lines or run in paralell? Are you still able to make 800 and 911 calls with the IP phones. Thanks for any information. Naomi James Computer Services and Information Technology Savannah State University 912-356-2509 [GroupStudy.com removed an attachment of type image/gif which had a name of Mabelt.gif] [GroupStudy.com removed an attachment of type image/gif which had a name of Mabelb.gif] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48689t=48673 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF Problem, resolved [7:48474]
In the config provided the interface subnets were configured into OSPF via the redist as well as via the network command-- which would have precendence-- redist or network? Thanks Peter van Oene wrote: Hi John, Although what you have works, I have one suggestion. Redistributing routes into OSPF (ie redist connected) causes your interface addresses to enter the OSPF domain as type 5 LSA's. Type 5 LSA's flood throughout the entire OSPF domain unconstrained and cannot be controlled with the nice ABR knobs which provide varying degrees of stubbiness. It is generally better practise to explicitly add to OSPF (via a network command) each interface on each router that you wish to be reachable in the OSPF domain. If interfaces are not likely to form adjacencies (ie stub network interfaces), configuring them as passive will save on some processor cycles and provide a little security. By doing things this way, your interface addresses enter OSPF as type1 (or 2 in some cases) LSA's which can then be constrained by ABR's at area borders using both the aforementioned knobs, or per prefix filtering if you like. Pete At 06:41 AM 7/10/2002 m??, you wrote: Hi All, thanks for the replies. Yes my config was all over the shop. Replaced it in both routers with the following (completely changed some things) Router B interface Ethernet0 ip address 192.168.2.20 255.255.255.0 no ip directed-broadcast ! interface Serial0 ip address 192.168.1.20 255.255.255.0 no ip directed-broadcast encapsulation ppp ! router ospf 10 redistribute connected subnets network 192.168.0.0 0.0.255.255 area 0 Router A interface Ethernet0 ip address 192.168.3.10 255.255.255.0 no ip directed-broadcast ! interface Serial0 bandwidth 64 clock rate 64000 ip address 192.168.1.10 255.255.255.0 no ip directed-broadcast encapsulation ppp ! router ospf 10 redistribute connected subnets network 192.168.0.0 0.0.255.255 area 0 All is working fine now, thanks for your help John ** visit http://www.solution6.com visit http://www.eccountancy.com - everything for accountants. UK Customers - http://www.solution6.co.uk * This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48690t=48474 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF, when is it time for more than area 0 (try 2) [7:47129]
I've got a rather large OSPF area 0 network with no non-zero areas. This network will continue to grow both in number of network elements and number of subnets on these routers. What commands, and specifically, what information provided by these commands, will give me insight as to whether these routers are nearing the point, from a routing perspective, that its time to segement the network in some fashion? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47129t=47129 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
admin distance question [7:47147]
Looking at the administrative distance values for the different routing mechanisms. Why would eBGP have a lower admin distance for a route than if learned via an IGP (like OSPF or ISIS)? Why wouldn't the default behavior be to prefer routes learned from the local IGP rather than via eBGP? THanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47147t=47147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
telnet pass through on serial line auth prob [7:45440]
I've got a 3640 sitting in an RDC connected to a number of sun servers. I'm running TACACS on the 3640 to authenticate people who telnet directly to the 3640. I've configured telnet pass through so that one can telnet through the 3640 directly to a console port (telnet 3640-lo0 port). This allows one to connect directly to a console port on one of the servers. The problem is with how authentication is working when one tries the pass through. Right now, one needs to auth via TACAcs before they actually get the console prompt. I'd like to prevent the 3640 from being involved in any authentication when one does this pass through (and thus rely on the server passwd for auth). How can I config these ports to not require a TAC authentication? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45440t=45440 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
slb on 7609 [7:44337]
I'm considering running slb on a 7609 to load balance across a number of DNS servers. Wondering when others have done this if this has worked well (no bugs, good performance, etc.). Would also be interested in what MIBs or traps where used for monitoring slb operation and performance Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44337t=44337 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ospf-- default-information originate vs redist static [7:42294]
Here's what I did: 1) Configured OSPF between a number of routers. Verified all where seeing routes via OSPF. 2) Made the following config additions: ip route 0.0.0.0 0.0.0.0 a.b.c.d ip route 1.2.3.4 255.255.255.255 a.b.c.d router ospf 100 redistribute static subnets where a.b.c.d is a valid next-hop then did a show ip route on the other ospf routers. None show the default route but all show an E2 1.2.3.4/32 route. 3) Removed the redistribute static subnets. Did a show ip route on the other routers. The 1.2.3.4/32 subnet disappeared. 4) Added a default-information originate. Did a show ip route on the other OSPF routers and the 0/0 default appears as an E2 route. Cisco doesn't (apparently) treat a 0/0 route as a real route/subnet. For instance, suppose you have a default route defined on a router. Then do a show ip route 4.5.6.7. If you don't have a prefix which covers this subnet, one might expect it to report the 0/0 resultant route. IMO, this is what it should do. It instead shows a network not in table error. Still learning Audy Bautista wrote: The other day, I simulated the same sceanario but I got opposite results. When I first added the default-information originate after I added a default router (ip route 0.0.0.0 .0.0.0.0 a.b.c.d), the default route did not propagate through my OSPF network. But, when I took of that statement and added the restribute static subnets statement, it propagated successfully. Did you add a static default route (ip route 0.0.0.0 .0.0.0.0 a.b.c.d) before you tried the default-information originate statement? bergenpeak wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Trying to understand OSPF behavior when generating a default route. If I do a default-information originate in OSPF, I see a E2 0/0 route on all other OSPF routers. Ok, I understand this. If I instead define a static default route ip route 0.0.0.0 0.0.0.0 a.b.c.d and then in my OSPF setup do a redistribute static subnets (and not the default information originate), then the other routers do not see a 0/0 route. Why? THanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42294t=42294 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ospf-- default-information originate vs redist static subnets [7:41938]
Trying to understand OSPF behavior when generating a default route. If I do a default-information originate in OSPF, I see a E2 0/0 route on all other OSPF routers. Ok, I understand this. If I instead define a static default route ip route 0.0.0.0 0.0.0.0 a.b.c.d and then in my OSPF setup do a redistribute static subnets (and not the default information originate), then the other routers do not see a 0/0 route. Why? THanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=41938t=41938 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Was Re: longest match vs. other metrics [7:41692]
Related question to the above thread. As discussed, each routing protocol will maintain its list of prefixes that it knows about. A route selection process runs that considers the routes from each routing process and puts the best into the routing table. (best being defined by the route selection process). show ip route will show those routes selected and in the routing table. Is there an equivalent command that will show me the same information (prefix/length, next hop/interface) for all the prefixs known by a routing protocol? Suppose I'm running OSPF and BGP on a box and I wanted to see what prefix/lengths are being carried in each routing protocol. What commands would I use to see this? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=41816t=41692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ethernet interface keepalives [7:40432]
Thanks for the comments so far. Does the ethernet keepalive mechanism have any value when the interface is operating in full duplex mode? Will the remote-end reply or echo the frame? In full duplex mode, the interface is not actively sensing the transmission, right? So how does the interface know that transmission was really successful. Thanks Priscilla Oppenheimer wrote: The router sends a message to itself every 10 seconds. It actually uses the old loopback message from the original Ethernet specification: Ethernet Header Destination: 00:00:0C:05:3E:80 Source: 00:00:0C:05:3E:80 Protocol Type:0x9000 Packet Data: 46 bytes (all zeros) The frame really does go out on the network, despite it being addressed to the sender. So the router can judge its ability to send and receive. Priscilla At 10:49 PM 4/3/02, bergenpeak wrote: What exactly does this do? Thanks Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=40574t=40432 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
route-map next-hop question [7:40431]
I'm trying to use the set ip next-hop feature in a route-map and seeing some behavior I don't understand. If I define the ip next-hop to be an IP address that's not on an interface directly connected to the router performing the route-map, the router does the recursive lookup and forwards the packet accordingly. This is good. If I define the ip next-hop to be an IP address for the remote end of a locally connected POS interface, the packet is forwarded out the POS interface. This is good. If I define the ip next-hop to be an IP address for a router directly connected via an ethernet interface, the packet appears to get dropped. Basically, I have a setup where I'm using an ethernet as a point-to-point link and when the next-hop is set to the IP at the other end of the ethernet /30, forwarding doesn't seem to work. Any thoughts on why this doesn't work when on ethernet? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=40431t=40431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ethernet interface keepalives [7:40432]
What exactly does this do? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=40432t=40432 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ACRC chapter 11 (optimizing routing) questions [7:39372]
I'm reading through ACRC chapter 11 and have a couple of questions. I expect these are pretty basic... * On page 267-268 theres the comment that Only a default static route is automatically advertised. I'm not sure I understand this-- does it mean that I don't need to enable redistribution in my iGP or eGP in order for other routers to see an advetisement for this default static? * route filters (page 270 and 271). It looks like diagram 11-3 is incorrect and does not match with the steps provide on p270. In the second diamond (is there an entry for this address), if the answer is no, isn't the update filtered? (step 4 on p270, indicates that the update would be dropped) * the distance command (p284). Specifically the address and mask parameters. Do these two parameters define what interfaces the distance command is actually applied? Can one have multiple distance command per routing instance? * does the ip default-network subnet command only have meaning or significance in classful routing protocols (RIPv1, IGRP)? ** Must this command be coupled with the ip classless command on those routers which will see the advertisement for the default-network? ** Does a 0.0.0.0/0 route get advertised or is there an attribute set on the default network update which the routers detect and then create a 0.0.0.0/0 routing entry whch has the same next hop as the default network? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39372t=39372 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: interface, MAC, IP_address ? [7:39352]
All DOCSIS modems will have MAC addresses and the modem will use DHCP to get an IP address. The modem must be able to get an IP address via DHCP as part of it's boot-up sequence. Some older modem technologies did not require the modem have a MAC address. A proprietary protocol was used between the modem and the CMTS to configure and access the modem. Note, bridges and switches will have lots of MAC addresses and very few or no IP addresses. For the most part, a modem is a bridging device. John Green wrote: the CableModem has a MAC address. right ? what is this interfaces' IP-address ? i guess it does not have ? but then it does have MAC address. its hard to understand how an interface can have a MAC and not an IP address. cannot reason this out ? can you help with this ? __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39375t=39352 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: issue with PIX and dhcp ? [7:39269]
Hi John, Cable companies often configure their provisioning (DHCP) severs to verify that the incoming DHCP request is from a MAC which is known. Couple of things to try. * Power cycle the CM and then have the PIX attempt to do DHCP. Do you get a DHCP OFFER? * After you power cycle the modem, put a sniffer on the wire between the PIX and modem to make sure that the PIX is generating enet frames from only one src MAC address. Depending on your service and how the CM is configured, the CM might be configured to learn one MAC on the home-side. If the PIX is generating frames with different MAC src then the one used for DHCP, this could be your issue. * If the above doesn't help and you have a host which does get an IP address, configure the PIX (if possible) to generate MAC src frames which originate with the host's MAC. If this works, its likely because the cable company's DHCP servers will only respond to known MACs. If you're an ATTBI-(former E@H/TCI) customer, unknown MACs will usually get an IP address (but you'll have limited access). If you're an ATTBI-(former Roadrunner/Mediaone) customer, the provisioning system must know your MAC in order for it to respond to your DHCP. Hope this helps, John Green wrote: is any one aware of any issue with PIX501 and connecting via cable modem to get an ip address (dhcp) ? internet-cable-PIXHOST modem 501 without the pix, the HOST is able to get the dhcp ip address fine. the pix is configured to get an ipaddress from dhcp for its outside interface. but it is failing. does anyone know of such issues ? __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39296t=39269 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is cable network really a shared medium? [7:38705]
Hi Sam, The shared vs non-shared issue DSL providers mention is somewhat misleading. In any residential cable or DSL network, you will have stat muxing. In a cable network, this happens on the HFC network. In a DSL network, this happens at the Agg router (the one that terminates all of those DSL connections). The Internet is one big stat mux. In either the DSL or Cable approach, the customer observed performance will be a result of many factors, including access network design (how many subs share the cable or agg router), the behaviors of these other users, the regional network design, the size and types of peering connections, and where the users are actually surfing too. My house has a long driveway that only I use. Does that mean I'll get to work faster than the neighbors down the street which live in an apartment complex and share a driveway with other folks? In both approaches, one can prioritize traffic or partition bandwidth to certain groups of users. The current standard for how IP/ethernet frames are transmitted over an HFC network is defined via the DOCSIS 1.0 spec. This specification is available at www.cablelabs.com. This spec defines how to support best-effort IP transport. Support for additional features, include QoS, is defined in the DOCSIS 1.1 spec. This document is also available at the above web site. Some details about DOCSIS cable networks: * On the HFC network, a single downstream channel can support ~25-35 Mb/s (depending on the modulation being used). * The upstream connection typically can support between 5-10 Mb/s (depending on modulation and the size of the channel). * The cable operator can opt, based on RF combining, how many homes (fiber nodes) share a downstream or upstream.When service is initially launched in an area, an operator might combine several nodes together and as the take rate increases, reduce the amount of combining (which effectovely reduces the number of customers who share the bandwidth). * When a cable modem is brought online, it gets an IP address via DHCP and then is loaded with configuration information (IP, L2, and L4 filters), network management, etc information. These filters prevent issues which arise when DHCP servers are running in a customer's home, prevents my NETBIOS traffic from being seen by neighbors, etc. There are other technologies still deployed by cable operators to support HSD (LanCity, Motorola CDLP, Com21, etc.) which may not operate the same as DOCSIS. Hope this helps. sam sneed wrote: I just changed services from DSL to cable modem. I have heard from people, including verizon, that cable is not as secure as DSL becuase it is over a shared medium. I connected to my cable modem and fired up my packet sniffer. I did not see anyone elses traffic on the line so i am assuming the bandwith is shared( a known fact about cable access) but is somehow filtered at the cable modem(bridge). Does anyone know if this assumption is true and the inside details of the how data is transmitted over the cable network? A link to a whitepaer would be great. thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38787t=38705 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ospf and sub-interfaces [7:38788]
I'm looking at an design where there's a hub-spoke network based on 802.1q. Specifically, there will be a number of routers connect back via FE/GE into a central router through an 802.1q trunked interface. Each remote router will run OSPF and thus should form an OSPF adjancency with the central router over its respective sub-interface. Any issues or gotchas with this? I've not gotten a chance to test this out yet. Thanks much. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38788t=38788 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is cable network really a shared medium?(more [7:38718]
Some clarifications for this post: * Just about every DOCSIS cable modem on the market operates as an ethernet bridge. If one has residential HSD service from a cable company and you lease the modem, then you have a bridging modem. * While DOCSIS modems are bridging devices, they will not bridge all observed ethernet frames. Instead, the modem will bridge only frames with MAC DA values which are known to exist on the modem's ethernet interface. The modem *may* also bridge certain broadcast and multicast traffic. * BPI (baseline privacy) is a mechanism where a security association is created dynamically between the cable modem and the CMTS. Each time the CMTS sends a frame to a modem, it encrypts the frame using the security information agreed to with that modem. This means that there's a unique security association between the CMTS and each modem running BPI. In order to prevent a modem from decrypting each frame to determine if it's one of interest to the modem (ie one that it wants to bridge), the DOCSIS spec indicates that certain frame fields are to be sent in clear text. These fields include the ethernet's SA and DA MAC fields and the DOCSIS SID value. The modem can then filter frames until it sees one with an interesting DA value, decrypt the PDU, and then forward the un-encrypted PDU (ethernet frame) out the ethernet interface. The modem need not decrypt every packet to determine which are of interest. Fraasch James wrote: You guys are both right. Cable modem plants are a broadcast network. All packets are sent down the line and you have the ability to see everyone's traffic 'IF' you could sniff the cable line and not sniff the ethernet cable going to your PC. Most cable modems are simply mini-routers so if packets are not destined for you then they are dropped. However, if you could console into your modem (depending on brand) you could change the thing to a bridge. So if your modem was set up as a bridge then you could see all the traffic. And baseline privacy it's great in theory yes. But think about this: When subcribers first get their equipment installed there is no software added to their PC that allows them to de-encrypt the data traveling around the network. So where does the de-encryption happen? The modem and CMTS are what de-encyrpt the data. And in order for your modem to know if a packet is destined for you on this broadcast network it needs to de-encrypt the packet and then drop it. So you are on a broadcast network where all cable modems can de-encrypt all data. If the modem was configured as a bridge and simply forwarded all data to the ethernet port, then you could sniff til the cows come home. Understand that I am a HUGE fan of cable modem services. There are just some small holes that need to be filled. Security is one issue and quality of service at the cable modem level is another- although this can be addressed a little bit by playing with the bandwidth settings in the cmconfig files that are downloaded when the thing boots up. James www.itpapers.com has about 85 papers on Cable Modems. Registration is required and free- except for the occasional email. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38890t=38718 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
which encap on a POS interface [7:38557]
I was somewhat surprised to see a Juniper box support cisco hdlc encap on a POS interface. Didn't realize that other vendors supported this standard. Which brings me to my question. Is there any unique benefit to the specific encap (PPP, cisco HDLC) used on a POS interface? Is there some technical or operational reason to select one encap over the other? Since I don't know what vendors besides cisco and juniper support cisco-hdlc, assume that both ends of the POS pipe support cisco hdlc. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38557t=38557 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: basic OSPF questions [7:37142]
Hi Priscilla, The use of the ip ospf network point-to-point as a mechanism to enable one to advertise the loopback address as a subnet route is from Doyle (Routing TCP/IP V1), page 417, footnote 9. Priscilla Oppenheimer wrote: At 08:59 AM 3/4/02, bergenpeak wrote: 1) A loopback address is normally advertised by OSPF as a host route. The command ip ospf network point-to-point enables one to specify that the interface should be advertised as a subnet route. What are the benefits for doing this? I can't imagine any benefits. Where did you find this info?? I do see some mention in RFC 2328 of using a host versus a subnet for the Link ID. On point-to-point networks, if the neighbor's IP address is known, set the Link ID of the Type 3 link to the neighbor's IP address, and the Link Data to the mask 0x (indicating a host route) If a subnet has been assigned to the point-to-point link, set the Link ID of the Type 3 link to the subnet's IP address, and the Link Data to the subnet's mask... 2) Must a link cost be the same on for all routers that share the link? Is there a protocol reason for this? Some other reason? I couldn't find anything in RFC 2328 that says that two routers connected to a link MUST agree on the cost. The RFC writers use the term MUST carefully. If it were required, they would put it in the RFC. I think it would be a good idea to make them agree, though 3) In the Exstart phase, how is the master selected? Chappel's book says RID while Doyle's say highest interface IP address. Which is it? The router with the higher Router ID becomes the master. 4) I'm somewhat unclear on the Exchange and the Loading states. When a router goes into Exchange state, does it send all DDPs it knows about before processing any DDPs received from other adjancent neighbors? I think so, but I've never thought about the database synchronization issues associated with a router that is a neighbor to many routers. My guess is that it can only be in the exchange state with one router at a time. Otherwise it would be exchanging database info with one router as the info was being updated by another router?? Thus, a router goes into Exchange state, sends all DDPs it knows about, then goes into Loading state, where it issues LSRs for LSAs it wants more details on? Is this the process? Sounds right. See the RFC for the details. 5) Is there a difference between DBD and DDP packets? I would avoid the term DDP, since it means Datagram Delivery Protocol to AppleTalk people. ;-) Thanks Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37255t=37142 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
policy routing and route tags [7:37258]
Is it possible to tag routes (via an IGP or BGP) and then perform a policy route decision which in part does a check for this tag? Specifically, the logic I'm looking for is a route-map which is applied in the packet forwarding phase which will change the forwarding behavior if the packet is for a destination which is covered by a route advertisement which has one of these special tags. Pseudo-logic for route-map: route-map permit 10 if (dst IP is covered by most specific route adverstisement which has a tag = XYZ) then set attribute=value etc. Extra credit for details on how this can be done on a Juniper or other platform. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37258t=37258 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
basic OSPF questions [7:37142]
1) A loopback address is normally advertised by OSPF as a host route. The command ip ospf network point-to-point enables one to specify that the interface should be advertised as a subnet route. What are the benefits for doing this? 2) Must a link cost be the same on for all routers that share the link? Is there a protocol reason for this? Some other reason? 3) In the Exstart phase, how is the master selected? Chappel's book says RID while Doyle's say highest interface IP address. Which is it? 4) I'm somewhat unclear on the Exchange and the Loading states. When a router goes into Exchange state, does it send all DDPs it knows about before processing any DDPs received from other adjancent neighbors? Thus, a router goes into Exchange state, sends all DDPs it knows about, then goes into Loading state, where it issues LSRs for LSAs it wants more details on? Is this the process? 5) Is there a difference between DBD and DDP packets? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37142t=37142 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
line card utilization. where's the line? [7:37073]
Got some GSRs with some OC interfaces (engine 0) which connect to our tier-1 where I've had to put in some inbound ACLs (SNMP filter, etc.) Since these are engine 0 cards, I've had to use Turbo ACLs. The line card CPUs are running about 50-60% utilization. If I need to add more ACLs to these interfaces, how high can I take the line card CPU utilization before I need to consider somethign else? I've heard running the line card utilization up to ~90% is not an issue, but looking for what others are doing or threshold values their using in this space. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37073t=37073 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IGP and millisecond convergence time [7:36368]
There was a paper published by PacketDesign 1-2 years ago which suggested that features like MPLS fast-reconvergence were solving a problem which could be better done by getting IGP protocols to re-converge faster. There was some discussion that IGPs could be updated to support this (much bigger pipes means one could sending hellos much more periodically; running new forms of SPF which only re-computed the part of the tree which would change, etc.) I see that there was an IS-IS ID published in 2000 that discussed these topics. The ID has since expired and so I don't know the real content of what was proposed. Looks like this work was also presented at Nanog 20. It doesn't look like this ID became an RFC. Anyone have an idea where the technology is around fast reconvergence? Are folks still thinking that it can be done by IGPs alone or must we use other mechanisms (MPLS fast-reconvergence, DPT/RPR, etc.)? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36368t=36368 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Secondary ip address and ip helper-address [7:35539]
Just a clarification. It is possible to have multiple subnets on an interface and configure the DHCP server to assign IPs to any of these scopes. No router address flip-flopping or other machinations are required or needed. As has been posted, the primary IP address on the interface is *usually* (see details below) the giaddr placed into the DHCP packet by the relay agent (router). Lets assume that the interface doing the IP helpering has four subnets: P (the primary) and S1, S2, and S3. On any reasonable DHCP server, one can configure the secondary subnets to be secondaries to the primary in the DHCP config. So when one configures their DHCP server, they define the primary subnet information for P, and then define the information for S1, S2, and S3. One then ties these all together by making S1 a secondary of P on the DHCP server. Ditto for S2 and S3. The manner in which one makes S1, S2, and S3 secondaries is DHCP server dependent. If you have CNR and want to make S1 a secondary to P do the following: 1) Define the scope information for P, S1, S2, and S3. This would entail defining the range of address to hand out for each scope, the policy (DHCP attributes, selection tags, etc.) 2) Using the GUI, select the S1 subnet, then properties and then the advanced tab. Half way down, there a selection box to make this scope a secondary. Select this box, and when you do this, you can then select the primary for this scope. Select P. Note, this can also be done using the CLI. I believe the attribute name is primary-scope (or something close). Using the CLI, for scope S1, set its primary-scope attribute to the scope name you defined for subnet P. Once you;ve done this, when a packet arrives at the DHCP server with a giaddr of P, the DHCP server now knows that P and S1, S2, and S3 are all related. The DHCP server uses this, and any configurations the operator has provided to help select the appropriate scope (subnet) and thus IP for this device. Doing the above is very common practice in the cable industry. On any CMTS cable inteface, cable companies will have customer IPs subnets (for PCs) and subnets for cable modems. CPEs will be assigned globally routeable addresses (net24, net12, etc). and the cable modems will be assigned net10 addresses. The structure define above is used-- one of these subnets will be the primary on the CMTS interface and the rest will be secondaries. All are tied together on the DHCP server via the priamry-secondary logic described above. Cable operators configure the DHCP server logic to identify a DHCP request from a modem and map it to one of the subnet(s) on the interface created for modems. Ditto for PCs. Note, above I indicated that the primary address is *usually* the giaddr. Two caveats to this: * Cisco changed how the relay helpering works in some IOS revs-- in some 11.x or 12.x revs, the giaddr can cycle through all gateway addresses assigned on the helpering interface. That is, when a packet gets helpered, the router will initially insert the P address as the giaddr. If the DHCP server does not respond, and the router has helpered 3-4 DISCOVERs on behalf of a source, the 5-8th DHCP DISCOVER packets will get helpered using a giaddr of S1. This repeats 3-4 times, and if no DHCP response is received, S2 is used as the next giaddr. Note, the router maintains the state for each source so a new device will get helpered initially with P as the giaddr. (I don't recall when cisco enabled this cycling feature to be the defualt behavior. I believe they changed the default behavior back to only using P as the giaddr (I don't recall the IOS rev). However, I believe they've added a new know so that one can enable this cycling feature in current IOS revs. * On cable infrastructure gear (CMTSs), there are extra knobs to customize what value is inserted into the giaddr. One can configure the CMTS to always use the P address as the giaddr or to perform the cycling (described above). Michael Williams wrote: Plus, upon re-reading your post, I don't see an IP helper setup on the eth0 interface on the spoke router just like you have on the hub router. You need to add that. The point of my previous post was to highlight the fact that you need to make sure that the primary IP on the eth0 on the spoke router be in the same subnet with the IPs you want to hand out via DHCP. AFAIK, it's not possible to service multiple subnets simultaneously on a single interface via IP-Helper. (i.e. I don't think it's possible service any secondary IP subnets on eth0 at the spoke site because the IP-Helper uses the primary eth0 IP as the source address for the DHCP directed request) Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35602t=35539 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure
Re: Secondary ip address and ip helper-address [7:35539]
Hi Mike, Responses inline: I understand the logic of tying the secondary scopes to the primary at ehe DHCP side, however if the giaddr always reflects the primary subnet, how the the DHCP server ever know to hand out addrs from the other secondary scopes? On the DHCP server, one configures the S1, S2, and S3 scopes to be related to the P scope. The DHCP server then knows there are four different subnets on this interface are related through P. When the DHCP server receives a DHCP DISCOVER with P as the giaddr, the above linkage indicates to the DHCP server that four subnets are on the same router interface. Without any additional logic, the DHCP server could randonly pick a free IP address from any of these four scopes, and send the selected IP in the DHCP OFFER. Note, that the DHCP server will send the DHCP OFFER (and ACK) to the giaddr IP (P). The router receives the DHCP packet, knows what interface it's asociated with (P), and forwards out the inteface accordingly. Also note that the DHCP server will likely also return other DHCP information in the OFFER including default gateway, subnet mask, DNS server IPs and domain information. The default gateway and subnet mask will be specific to the scope from which the IP was selected. Now, one could configure extra smarts into the DHCP server so that based on the device making the DHCP request, the DHCP server could assign the device an address out of one specific scope. Some devices will use DHCP Option 60 to inform the DHCP server of its device type. The DHCP server can be configured to use this information to help it select which of the scopes on the interface are applicable for this device. There are other mechanisms that can also be used by the DHCP server to help determine how to select which scope the DHCP request should be mapped to (device MAC address or OUI, DHCP Option 82, etc.) This feature you describe sounds pretty worthless. If the giaddr is always from P, and rotates through S1, S2, S3, etc when the DHCP server doesn't respond, then unless your DHCP server is down or all IPs have been allotted for subnet P, then the DHCP request will always result in an IP from the scope for P. I think the idea for this cycling feature is as follows: If one wanted to assign multiple subnets onto an interface and these subnets are configured to have their IPs assigned via DHCP, then you have the problem discussed in this thread. I expect that there are some off-the-shelf DHCP servers which didn't have the ability to logically associate multiple subnets together. That is, the DHCP server had the limitation that each scope had to appear as if it was on its own interface. In this sort of environment, the only way for the DHCP server to match any of the secondary subnets was if it saw a giaddr from one of these secondary subnets. If the router only ever inserted the P address in the giaddr, none of the other scopes would ever be matched. This cycling approach causes the giaddr to change and rotate through all the subnets on the interface. As mentioned before, cisco now has a command which allows one to specify the DHCP relay behavior (ie always use the primary address or cycle through all subnets on the interface). This command is called ip dhcp smart-relay. http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122sup/122csum/csum1/122csip1/1sfdhcp.htm#xtocid1563023 So in answer to the original poster's question, this command could be used to solve his/her problem. Of course, one needs to be running the right IOS rev and this approach will take 10s of seconds or minutes for the device to come online (as the DHCP cycling happens). Configuring the interaces to be related on the DHCP server is really that way to go (IMO). Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35626t=35539 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
cef vs fast switching [7:35183]
Suppose you have an edge router that has 10 or so connected subnets and a default egress route. This box is not running a dynamic routing protocol. If one was to enable CEF on this box (over fast switching), would one expect to see any/much performance improvement? This box does not support dCEF (72xx chassis). Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35183t=35183 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Interesting Web Alias [7:34994]
AIC (American Internet Comp) made, among other things, a DHCP server product. Cisco bought AIC and repackaged the AIC DHCP server as CNR. Ozzie Sutcliffe wrote: This guy also made site bulder for Novell way back when..1995 and he owned www.american.com then So Cisco got the site name as bonus I guess http://www.i-m.com/February-22-29-1996/0030.html here is what the corp did amd the corp name was American Internet Company. I think Cisoc like the name more than anything else. kinda would have made some in San Hose choke if the competition got that name to trade under//Grin Oz Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35039t=34994 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
show ip route longer-prefixes [7:34834]
Hi, I've got a router with a number of routes defined (connected interfaces, route learned from OSPF, etc.) One of these routes is a default route. When I do a show ip route for a network which has a specific routing entry (ie non-default), I get back the expected routing information. If I do a show ip route for a network not explicitly in the routing table, I get a Network not in table. Why do I get an error message instead of the command returning the entry for the default route? I've noticed that for networks not explicitly covered by a non-default entry in the routing table that if I do a show ip route longer-prefixes the default route is returned. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34834t=34834 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
kazaa / morpheus blocking / rate-limiting [7:34529]
Hi, Wondering if anyone has been using ACLs to block or rate-limit Kazaa/Morpheus traffic. I'd be interested in how well this worked. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34529t=34529 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: cef debug error quot;slow servicequot;, what [7:34218]
Nope, but I am using VRFs. Joseph Brunner wrote: are you running cef with NAT ? Joseph Brunner ASN 21572 MortgageIT MITLending New York, NY 10038 (212) 651 - 7695 Voice (212) 651 - 7795 Fax -Original Message- From: bergenpeak [mailto:[EMAIL PROTECTED]] Sent: Saturday, February 02, 2002 4:03 PM To: [EMAIL PROTECTED] Subject: cef debug error slow service, what's it mean? [7:34218] I'm having some problems wit CEF and so enabled a number of CEF debug commands (ip cef drops, events, received). I'm getting periodic debug output which says CEF: slow service. What does this mean? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34232t=34218 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
cef debug error slow service, what's it mean? [7:34218]
I'm having some problems wit CEF and so enabled a number of CEF debug commands (ip cef drops, events, received). I'm getting periodic debug output which says CEF: slow service. What does this mean? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34218t=34218 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
the global tag and ip route [7:34060]
What does the global tag do when part of an ip route command? ip route . global Does this tag only have meaning when the ip route is being used to add a route into a vrf? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34060t=34060 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ethernet underruns [7:33821]
What exactly is an underrun and what are the possible causes for FE underruns? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33821t=33821 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MD5 encrypting vty passords [7:33533]
Is the MD5 encryption used when one enables the service password-encryption before entering the vty password? What encryption mechanism is used when a password is entered as type 7? Thanks Henry D. wrote: It's not possible to use MD5 on vty's. I suppose the reason would be that MD5 enable password is not all that much more secure than type 7 passwords. When you type them they both are being sent over the network in clear text anyway. The only reason for using MD5 would be so anyone who sees your config wouldn't be able to crack the MD5 password as easily as type 7. But on the other hand, if you have access to the config, you're either already in enabled mode or you store it in insecure place. If insecure place then there may be other ways to break into or your equipment anyways. You see, there is no perfect simple solution, you got to rely on many steps to protect what needs to be protected. Charlie Wehner wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Is there any way to MD5 encrypt vty passords? If so, how? If not, why not? Thanks, Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33561t=33533 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
simple ISDN / PRI question [7:33357]
In Europe, a PRI carries 30B and one D channels. Each operates at 64kb/s. The overall PRI bandwidth is 2.048 Mb/s. 31 channels at 64 kb/s is 64kbps less than 2.048Mb/s. What's the 32nd 64kbps channel used for? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33357t=33357 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ACLs, TCP segements, and the fragments keyword [7:32922]
Thanks for the responses so far. One more variation to this question. What if there was an application on my network that instead of blocking, I wanted to control the amount of bandwidth it consumed. One might define an ACL to identify the traffic by L4 port and map this traffic to a rate-limiting mechanism. Now, if the application generates data in such a way that it causes the data to be mostly carried in IP fragements, this ACL will not identify all packets associated with the application. Rate-limiting will only manage the bandwidth of the first IP packet in each segement. This may or may not work in throttling the traffic. Does using the ACL fragement option help here or would this require moving to some other session identification mechanism? (I've got no idea how likely standard applications are to send segements sufficiently large so that IP fragementation occurs...) Thanks Sean Knox wrote: In addition to Priscilla's comments, sending IP/TCP/UDP fragments is a useful way to fingerprint a host's OS. The response from the fragmented packet(s) can be used as a clue to determine what OS/platform is running on the other end. Nmap, among many other tools, has options to send fragmented packets in a variety of ways. Check out http://www.insecure.org for some informative white papers on OS fingerprinting. - Sean -Original Message- From: bergenpeak [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 23, 2002 4:18 AM To: [EMAIL PROTECTED] Subject: ACLs, TCP segements, and the fragments keyword [7:32922] Looking at extended ACLs I see there's an option to define ACL statements which can key on whether the IP packet contains a fragment. Besides for NAT purposes, could someone provide me with a scenario where one would need develop an ACL to key on IP packets carrying fragements? I'd be particularly interested in situations where one might want to block a TCP application and decided that one had to block traffic to the TCP port as well as fragments going to the server. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33286t=32922 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VACLs [7:33182]
Trying to get more information on VACLs. ANyone know of a URL white papaer on VACLs? What switches or images support VACLs? THanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33182t=33182 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
difference between DEC and 802.1d spanning tree protocols [7:32694]
What's the difference between these two protocols? Besides some cisco switch equipment, what other vendors support the DEC form of spanning tree? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32694t=32694 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BPDU port id question [7:32697]
In 802.1d spanning tree, the BPDU contains a number of fields including the Port ID. THis is a two byte value where one octet contains a priority value and the second byte contains a value assigned to each port. For some of the higher density switches, (55xx, 65xx), one can have more then 256 ports on a switch. It looks like cisco has extended the 802.1d standard to allow for these higher density port counts by using 10 of this field's 16 bits for port identification and 6 bits for priority. What impact, if any, does this have on 802.1d operation in a multi-vendor environment? Is the 802.1d standard being updated to address the limitation in the current 802.1d standard? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32697t=32697 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
cat 1900 address violation question [7:32701]
When a cat1900 is configured with the port-secure command, it appears that unauthorized frames will trigger an address violation action. How does one change and view the current action setting for address violations? It would seem that address violations only occur on frames received on the port and not by frames which get switched to the port. If the port is set to the default action of suspend, is it the arrival of authorized frames on the port or switched to the port which re-enable frame forwarding? How can one tell if the port is in this suspend action state? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32701t=32701 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISL / DISL and a non-cisco switch [7:32757]
Is it possible to establish a DISL trunk between a cisco switch and a non-cisco switch? If so, how would one configure the port on the cisco switch side? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32757t=32757 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BPDU port id question [7:32697]
Hi Priscilla, My reference to cisco's apparent tweak of the Port ID field in 802.1d comes from the book Cisco Lan Switching by K. Clark, page 230. Based on your comments and further review of the text, I think I'm in agreement that this new bit slicing approach should not cause any inconsistent behavior. Much like you suggest, the Port ID field is similar in use to the Root BID field. Even with more than 256 ports, the 16 bit Port ID field will be unique for a device. So, as long as the Port ID field is always tested as a 16 bit quantity, and there's no expectations of uniqueness of the port number octet, than all should work as expected. Thanks Priscilla Oppenheimer wrote: Hello Bergenpeak, Please see some comments below.. At 11:11 AM 1/21/02, bergenpeak wrote: In 802.1d spanning tree, the BPDU contains a number of fields including the Port ID. THis is a two byte value where one octet contains a priority value and the second byte contains a value assigned to each port. For some of the higher density switches, (55xx, 65xx), one can have more then 256 ports on a switch. It looks like cisco has extended the 802.1d standard to allow for these higher density port counts by using 10 of this field's 16 bits for port identification and 6 bits for priority. Where did you get this info? Do you have a link? Thanks. What impact, if any, does this have on 802.1d operation in a multi-vendor environment? It might not have any impact. I would guess that the encoding of the Port ID (and the priority component of the Port ID) isn't relevant to inter-switch communication. IEEE says this: The more significant octet of a Port Identifier is a settable priority component that permits the relative priority of Ports on the same Bridge to be managed. So, it sounds like IEEE thinks it's just used internally, even though it is transmitted in Configuration BPDUs. Think about when the Port ID actually gets used on Cisco switches. The only time I've ever had to set the priority was when using two redundant trunk links between switches. The priority gets used to determine which VLANs by default are associated with each trunk on a single switch. With ordinary STP, the Bridge ID is much more relevant. It also has a priority component. Messing with the encoding of that would affect multi-vendor interoperability. I don't think messing with the Port ID would cause a problem, however. Feel free to correct me on any of this. I didn't have time to review my STP knowledge and STP is rather convoluted. Priscilla Is the 802.1d standard being updated to address the limitation in the current 802.1d standard? Thanks Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32774t=32697 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PPP link negotiation problem [7:31132]
Thanks for the URL, Stefan. That link explained why this command might be useful. In the context I was dinking in (p2p serial), this command has little value. Stefan Dozier wrote: I agree! From what I've read, that's not how it's suppose to work! This link came through the list recently! http://www.cisco.com/warp/public/131/ppp_callin_hostname.html I'm not sure if you've seen it or not, if you have, I apologize for not reading the entire thread! If you haven'tcheck it out! If you can't get to work as advertised, post your results, and I'll try and see what happens! -Stefan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of bergenpeak Sent: Wednesday, January 09, 2002 10:26 AM To: [EMAIL PROTECTED] Subject: Re: PPP link negotiation problem [7:31132] Thanks for the responses so far. I still don't understand the purpose of the ppp chap hostname command under the interface config. Using this command, I am now able to get a PPP link up. But I must do the following: rtr-a config: username rtr-b int serial 0 encap ppp ppp chap hostname rtr-a rtr-b config: username rtr-a int serial 0 encap ppp ppp chap hostname rtr-b That is, I must define the hostnames to be *different* on each side, and then define the corresponding global username to match the remote hostname on each side of the link. Thus, the interface ppp chap hostname command doesn't appaear to simplify the CHAP config. This seems to defeat the purpose of this command as suposedly it's used to simplify the CHAP config so that the same hostname can be used on multiple routers. Or so its stated in the ICRC book (page 373). So, I'm not really sure what benefit there is for this command, as it doesn't seem to simplify the config. But I'm sure I'm missing something... :-) Thanks for any more info/comments. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31630t=31132 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PPP link negotiation problem [7:31132]
Thanks for the responses so far. I still don't understand the purpose of the ppp chap hostname command under the interface config. Using this command, I am now able to get a PPP link up. But I must do the following: rtr-a config: username rtr-b int serial 0 encap ppp ppp chap hostname rtr-a rtr-b config: username rtr-a int serial 0 encap ppp ppp chap hostname rtr-b That is, I must define the hostnames to be *different* on each side, and then define the corresponding global username to match the remote hostname on each side of the link. Thus, the interface ppp chap hostname command doesn't appaear to simplify the CHAP config. This seems to defeat the purpose of this command as suposedly it's used to simplify the CHAP config so that the same hostname can be used on multiple routers. Or so its stated in the ICRC book (page 373). So, I'm not really sure what benefit there is for this command, as it doesn't seem to simplify the config. But I'm sure I'm missing something... :-) Thanks for any more info/comments. Cisco Breaker wrote: Your only choice is to use global username other router and password the sama as your router they must be identical on both sides. bergenpeak wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... sent-username is not an option for me under ppp chap. My options at ppp chap are hostname, password, wait, and refuse. Thanks McCallum, Robert wrote: what about ppp chap sent-username ? -Original Message- From: bergenpeak [mailto:[EMAIL PROTECTED]] Sent: 07 January 2002 13:09 To: [EMAIL PROTECTED] Subject: PPP link negotiation problem [7:31132] I'm working through the different ways one can configure CHAP authentication between two routers over a PPP serial link. If I configure ppp encap and ppp chap authentication and both sides of the link and use the global: username password for identification, the link comes up and IPCP is established. The routers have hostnames defined to be rtr-2505 and rtr-2514. When I try to use the simpler CHAP config, where one can encode in the interface directly the same hostname and password, I see the error: PPP Serial0: Using alternative CHAP hostname something PPP Serial0: CHAP Challenge id=14 received from something PPP Serial0: ignoring challenge with local name On both rtrs I have the following defined on the serial interface: ppp encap ppp authentication chap ppp chap hostname something ppp chap password else there are no usernames defined globally. Ideas? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31389t=31132 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PPP link negotiation problem [7:31132]
sent-username is not an option for me under ppp chap. My options at ppp chap are hostname, password, wait, and refuse. Thanks McCallum, Robert wrote: what about ppp chap sent-username ? -Original Message- From: bergenpeak [mailto:[EMAIL PROTECTED]] Sent: 07 January 2002 13:09 To: [EMAIL PROTECTED] Subject: PPP link negotiation problem [7:31132] I'm working through the different ways one can configure CHAP authentication between two routers over a PPP serial link. If I configure ppp encap and ppp chap authentication and both sides of the link and use the global: username password for identification, the link comes up and IPCP is established. The routers have hostnames defined to be rtr-2505 and rtr-2514. When I try to use the simpler CHAP config, where one can encode in the interface directly the same hostname and password, I see the error: PPP Serial0: Using alternative CHAP hostname something PPP Serial0: CHAP Challenge id=14 received from something PPP Serial0: ignoring challenge with local name On both rtrs I have the following defined on the serial interface: ppp encap ppp authentication chap ppp chap hostname something ppp chap password else there are no usernames defined globally. Ideas? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31267t=31132 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PPP link negotiation problem [7:31132]
I'm working through the different ways one can configure CHAP authentication between two routers over a PPP serial link. If I configure ppp encap and ppp chap authentication and both sides of the link and use the global: username password for identification, the link comes up and IPCP is established. The routers have hostnames defined to be rtr-2505 and rtr-2514. When I try to use the simpler CHAP config, where one can encode in the interface directly the same hostname and password, I see the error: PPP Serial0: Using alternative CHAP hostname something PPP Serial0: CHAP Challenge id=14 received from something PPP Serial0: ignoring challenge with local name On both rtrs I have the following defined on the serial interface: ppp encap ppp authentication chap ppp chap hostname something ppp chap password else there are no usernames defined globally. Ideas? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31132t=31132 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
difference between banner motd and login [7:30918]
Simple question I'd guess. When is the motd banner displayed and when is the login banner displayed? I've configured both on a router and both seem to be displayed when I login via a vty or console. Is there a time when only one of these are displayed, and if so, when? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30918t=30918 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IPX and ethernet framing options [7:30921]
Question from Chappel's book (ICRC, Chapter 11, page 269). Is generic as well. About IPX framing options. ICRC shows four different ways to frame IPX on ethernet: Cisco name frame format - - novell-ether802.3 IPX sap 802.3 802.2_LLC IPX arpaethernet IPX snap802.3 802.2_LLC SNAP IPX I understand arpa format to be where ethernet format is where the 2 bytes following the SRC MAC is a type field. sap and snap format is where these 2 bytes are a length field and are minimally followed by an 802.2 LLC. My question is about the novell-ether format. This format shows an 802.3 header but no field for a type value. Is this correct that there is no explicit type field in the novell-ether format? Is the DST MAC used to identify this as a Novel frame, and hence no type field is necessary? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30921t=30921 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]