2501 VPN [7:73977]
I need assistance configuring VPN between a Cisco 2501 and a Cisco 827H. Both routers have IOS that supports VPN. The 2501 is connected to the ISP via a 768kb fractional T1 and the 827H has an ADSL connection to the same ISP. If anyone could please send sample configurations for either router, I would appreciate it. [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73977&t=73977 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
VOIP Class Recommendation [7:73480]
Does anyone have any recommendations for taking a class/training on the VOIP stuff ? I'm looking for something Cisco oriented, but if someone has something good to recommend on more general implementation options, and design for different protocols like SIP/H.323/MGCP, etc, that would be good too. Basically I'm looking to get more familiar with the AS53xx series, the interconnections with PSTN, gatekeeper, SIP proxies, added value services, etc. Not looking for CIPT stuff, but rather gateway type solutions. Thanks so much ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73480&t=73480 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Why I can't get ciscoMemoryPoolUtilization1Min? [7:72889]
$ snmpget -c public -v1 10.1.200.2 1.3.6.1.4.1.9.9.48.1.2.1.1.0 Error in packet Reason: (noSuchName) There is no such variable name in this MIB. Failed object: SNMPv2-SMI::enterprises.9.9.48.1.2.1.1.0 $ snmpget -c public -v1 10.1.200.2 1.3.6.1.4.1.9.9.48.1.1.1.6.0 SNMPv2-SMI::enterprises.9.9.48.1.1.1.6.1 = Gauge32: 16313376 $ the router's ios is c3660-js-mz.122-5d.bin. Why I can't get ciscoMemoryPoolUtilization1Min ? From SNMP Object Navigator ,I know the ios support ciscoMemoryPoolMIB .Do I need any another config or something ? thanks for your help Henry Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72889&t=72889 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: question about proxy-arp [7:71113]
today I already know why 2500 can ping 88.1.77.1 because proxy-arp doesn't function on serial interface. so what's the real function of proxy-arp on serial interface ? Does it work when bridge on the serial interface ? If bridge on serial interface,how ios transfer arp ? I think there isn't mac address on serial interface . Is there some encapusation to packet the mac and transfer the lan frame through serial interface ? regards Henry Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71120&t=71113 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
question about proxy-arp [7:71113]
2500-s0-88.1.201.1/16--88.1.201.2/24-s1/0--2611--e0/0--88.1.77.2/24---88.1.77.1/24-f0/42-3550 I can ping from router 2500 to 88.1.77.1 even if I disable proxy-arp of 2611's s1/0. There isn't any dynamic or static routing except a default route on 3550 to 2611. I can't understand this. Does I misunderstand the function of proxy-arp ? another related question, what's the real function of proxy-arp on serial interface ? thanks! Regards Henry Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71113&t=71113 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: netbios [7:71084]
Since your question already assumes these port ranges, it would mean your question is really whether NetBIOS over TCP/IP can be routed. And as such, it can, just like any other IP traffic. ""koh jef"" wrote in message news:[EMAIL PROTECTED] > hi guys, > > can netbios,using port 137, 138 and 139 be routed thru WAN ??? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71105&t=71084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Beta exams [7:70659]
To be honest, I don't like them :-( I took few beta exams and never got to pass any of them. When I went for the final version once available, I had no problems clearing any of them. And I don't think the problem was with my preparations either. The few exams I took were rather poorly structured, with many questions having multiple right answers. Literally, you could have a question and 4 answers, with 2 of the answers being exactly the same, how do they score that beats me. So, my advice, if you get it for free, go ahead and test yourself but if you have to pay anything, save yourself the few bucks and time and prepare for the final thing. ""Rodrigo Baldez"" wrote in message news:[EMAIL PROTECTED] > Just a curiosity.. > What are the most diferences between the normal cisco exams and the > temporary beta ones? Besides the price, are they more difficult? More > questions? I heard that you don4t receive a grade when you finishes any > beta, and so you can only know few weeks ahead is that true? > > Regars, > rodrigo Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70682&t=70659 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help with Cisco 3745 configuration [7:69765]
hmm, let's not forget we're not routing just for the routing sake. There is much more then just setting up these few routers to make them talk to each other. What will be routed data wise, what type of connectivity, applications, topology, protocols, business requirements, etc, etc. If you understand all that, and have some prior Cisco experience you might be able to pull it off without sepending too much time on the project. But if not, and your skills are lacking (whether router or design) then $5500 might be the way to go. Unless of course that fee doesn't cover the planning/investigaiton/design steps then you might be better off spending time on it yourself and re-learning/refreshing your skills. How much is your day's work actually worth ? :-) Add it all up and see what's better for you or your employer :-) ""J B"" wrote in message news:[EMAIL PROTECTED] > Hi, Everyone > I just been awarded the responsibility of installing 4 3745 Cisco routers. > The local phone company wanted $5500 dollars for the installation and my > employer thinks is to much. I was looking at the Cisco website for sample > configurations but I couldn't find them. I need to share the T1 channels > link for voice and data. I haven't done Cisco for like 2 years. Can > someone help me with some guidance to find some information in how to do that. > > Thanks > JBary Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=69791&t=69765 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
GRE OR IPSEC? [7:66980]
I have following topo: lan a---router a---router b--lan brouter crouter d---lan c lan a will communicate with lan c with ip protocol.But I don't want lan c can communicate with lan b.How could I do ? I setup gre tunnel between lan a and lan c,but lan c can also visit lan b. any comment are apprecatied,thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66980&t=66980 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: A career in MPLS..... [7:66609]
I don't mean to start any type of argument here, especially with someone who obviously has more experience than I do. Yes, you've been contributing to this study group many times. But also many times your contributions are rather rethorical than practical and at the same time you seem to draw attention to what your opinion is rather than to give an educated and objective view backed by any type of real life examples. So yes, I'm saying that some times you don't quite stick to the subject at hand. I don't see how your view on Cisco's curriculum in re to MPLS can be taken seriously without you putting actual examples of how you came to that conclusion. Even if the knowledge required for achieving Cisco's recognition in re to MPLS was not as advanced as one would hope, shouldn't we look at positives of the whole process ? There are still things to be learnt, and emphasising them rather than the weaknesses would be a better idea. You won't become an expert just by passing the test or taking a trainig class, but at the same token, you can still learn a lot while achieving those CCXX goals. Anyway, I'm sure there will be a good response coming, so let me be done with this subject. I had an early start today and I'm tired now. Good night ! ""nrf"" wrote in message news:[EMAIL PROTECTED] > ""Henry D."" wrote in message > news:[EMAIL PROTECTED] > > Let me say up front, I don't have much experience in MPLS, I have > > only played with it in the lab and not all that extensively either. > > But CN is simply trying to get an idea of what to expect to go that road. > > I believe that was precisely what I answered. > > > Is "nrf" saying not to advance in this field by studying Cisco's way of > > emphasising MPLS ? > > What I said is that if you want to advance in that field, you will need > substantially more than what Cisco wants you to know about it. Read my post > again. > > >You know, we all have our doubts, he's brave enough > > to come to this group and ask questions. As far as L3VPN's, why not > > concentrate > > on that at least to start with. > > I never said not to learn L3VPN's. Read my post again. What I said is that > study of L3VPN's shouldn't be emphasized to the degree that Cisco seems to > emphasize it. > > > It's still one reason to do the MPLS thing. > > By just > > doing that he'll need to touch on many aspects of MPLS anyway. He will > still > > use either LDP or RSVP, he still will use the LSP establishment, he might > as > > well > > learn the TE options available for establishment of those LSP's. He'll > need > > to learn > > how to use the LSP's for pushing traffic over them. He'll learn what and > how > > the > > labels get pushed/popped. Then why not study it that way. He's not > advancing > > his > > MPLS skills, he might not have any yet. He's simply trying to see if he > will > > be able to utilize any of the skills he will have to learn to make it > worth > > it his while. > > No doubt all learning is good. Again, read my post again. I never said > that he shouldn't learn it. What I said is that he shouldn't necessarily > learn it "the Cisco way". > > > > > Well, maybe someone else with more experience in MPLS arena and someone > more > > objective can give a better insight as to whether there is a demand for > > these skills. > > Are you implying that I'm not objective - that I have some kind of agenda? > > > > > > > > > ""nrf"" wrote in message > > news:[EMAIL PROTECTED] > > > ""Cisco Nuts"" wrote in message > > > news:[EMAIL PROTECTED] > > > > Hello group, How does one feel about a career in MPLS...I mean doing > > MPLS > > > > as part of your core job day in and out.Is it worth it? Since our > > > > network does not use MPLS (maybe never will) inspite of being one of > the > > > > Big Four Tier 1 SP's > > > > > > Let me guess. Do you work for Sprint? > > > > > > >are there other SP's that use MPLS in their > > > > backbone?? > > > > > > Yeah, there are some. > > > > > > >I have just given myself a month or so break from my CCIE Lab > > > > Prep.(yeah!yeah! most would consider me stupid on this) to study MPLS > > > > for the CCIP and am thinking if I should pursue this subject just > like > > I > > > > did for BGP.know
Re: A career in MPLS..... [7:66609]
Let me say up front, I don't have much experience in MPLS, I have only played with it in the lab and not all that extensively either. But CN is simply trying to get an idea of what to expect to go that road. Is "nrf" saying not to advance in this field by studying Cisco's way of emphasising MPLS ? You know, we all have our doubts, he's brave enough to come to this group and ask questions. As far as L3VPN's, why not concentrate on that at least to start with. It's still one reason to do the MPLS thing. By just doing that he'll need to touch on many aspects of MPLS anyway. He will still use either LDP or RSVP, he still will use the LSP establishment, he might as well learn the TE options available for establishment of those LSP's. He'll need to learn how to use the LSP's for pushing traffic over them. He'll learn what and how the labels get pushed/popped. Then why not study it that way. He's not advancing his MPLS skills, he might not have any yet. He's simply trying to see if he will be able to utilize any of the skills he will have to learn to make it worth it his while. Well, maybe someone else with more experience in MPLS arena and someone more objective can give a better insight as to whether there is a demand for these skills. ""nrf"" wrote in message news:[EMAIL PROTECTED] > ""Cisco Nuts"" wrote in message > news:[EMAIL PROTECTED] > > Hello group, How does one feel about a career in MPLS...I mean doing MPLS > > as part of your core job day in and out.Is it worth it? Since our > > network does not use MPLS (maybe never will) inspite of being one of the > > Big Four Tier 1 SP's > > Let me guess. Do you work for Sprint? > > >are there other SP's that use MPLS in their > > backbone?? > > Yeah, there are some. > > >I have just given myself a month or so break from my CCIE Lab > > Prep.(yeah!yeah! most would consider me stupid on this) to study MPLS > > for the CCIP and am thinking if I should pursue this subject just like I > > did for BGP.know it inside out cold.and maybe consider a new > > career/job in MPLS (obviously along with BGP, MBGP, MCast etc...) Does > > anyone know of how MPLS is viewed out there? I mean, in terms of > > implementation, popularity and last but not the least , $$$ ??? ;->Which > > of the Big SP's or Enterprise networks have implemented MPLS? Has it been > > worth the advantages that MPLS proposes??Thank you.Sincerely,CN > > The way I see it is this. MPLS is potentially powerful technology for it > can be used as a lingua-franca among a carrier's network and transport layer > and also as a way to impose circuit-switching discipline upon IP and > therefore offer circuit-switching services with a pure IP network. > > But MPLS is by no means a slam-dunk. Certain carriers, most notably > Sprint, have elected not to go down the MPLS path because they believe the > technology is immature (and they are correct) and also because they believe > that they can garner the benefits of MPLS by other means (also correct). > The point is that while MPLS offers great potential, it also presents > problems, so implementing it is not a no-brainer. > > And furthermore, I don't particularly like the way that Cisco is pushing > MPLS, particularly in its cert program. In my opinion, I think Cisco's cert > programs emphasize the least useful parts of MPLS while neglecting the more > useful parts. For example, I don't understand why Cisco pushes LDP the way > it does, for LDP merely builds LSP's that correspond to the route table, but > what's so useful about having LDP's that look like the route table? It is > far more useful to build LSP's that differ from the route table, but the > methods of doing that are not really covered very much (if at all) in the > Cisco curricula. Also, I don't understand why Cisco places such an emphasis > on L3VPN's, as if L3VPNs were the only important service that MPLS enables. > L3VPN's are only one of the new services that you can enable, and in my > opinion, one of the less important ones. Far more important are the L2VPN > capabilities and the ability to unify IP, ATM, and optical into a single > management plane.The point I'm making is that if you merely study MPLS > according to the Cisco curricula, you really haven't learned much about it > that's actually useful. > > > > > > > > > Add photos to your messages with MSN 8. Get 2 months FREE*. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66628&t=66609 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What tools can tell u r using lease line or IS [7:66561]
or syslog server Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66582&t=66561 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: why I can't download IOS to router via ftp? [7:66528]
I got it.it's a bug CSCdv70284. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66583&t=66528 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: why I can't download IOS to router via ftp? [7:66528]
If I use sniffer to trace,there are not any ftp packet from router to my pc. So I think maybe there are some problem on router when execute the command. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66541&t=66528 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: why I can't download IOS to router via ftp? [7:66528]
26t02#copy ftp://test:[EMAIL PROTECTED]/c2600-is-mz.120-21.bin flash: Destination filename [c2600-is-mz.120-21.bin]? problem is same Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66539&t=66528 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: This is even better - RIP / OSPF redistribution [7:66057]
hmm, don't know the whole story, but once you redistribute ospf into rip and you mess up filtering on the interface, wouldn't that allow you to see the redistributed routes on the router connecting to that interface ? It's just another way to see whether what you implemented actually does work... ""The Long and Winding Road"" wrote in message news:[EMAIL PROTECTED] > Again, a CCIE practice lab - > > R5 - the task calls for mutual redistribution of OSPF and RIP > > The next task says that no routes are to be advertised out the RIP > interface - only in. > > So tell me, why are we even bothering with the OSPF into RIP redistribution? > > I'm not sure I can fall asleep tonight, I'm laughing so hard. > > Goodnight. > > -- > TANSTAAFL > "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66084&t=66057 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Getting out of hand?? [7:65676]
Peter, I have many times come to the similar conclusion in regards to Cisco's ways of screwing up the whole certification recognition. It's no more one of the ways to validate individual's knowledge of technologies and Cisco products...However, as hard as I have worked to get the # I don't think I can afford to simply not recertify. Sure, there may be no reson right now as I'm still employed, but I might need it later on. The cert is still one of the things people look at before deciding to invite you for the interview, I don't necessarily say this is good, but that's what it is and at least for that one reason it makes it worth it to recertify for me. Well, don't get too discouraged.. ""Peter van Oene"" wrote in message news:[EMAIL PROTECTED] > At 07:31 PM 3/18/2003 +, Priscilla Oppenheimer wrote: > >Maccubbin, Duncan wrote: > > > > > > How is the industry supposed to keep up with this?? > > > >What's the issue? Not sure I'm seeing your point. What's wrong with Cisco > >announcing that their product received some sort of certificaton? > > Exactly.. I think the poster mistook the possibly ambiguous announcement as > yet another CCXX cert. > > >Now, if you were concerned that Cisco has too many ways for people to get > >certified and that the situation is getting out of hand, I might agree. > > I really am surprised at how many folks pour their heart/money into getting > one after another. I'm also amazed at how many folks will try and devote > a good portion of interview time to showing me their various certificates. > After the first couple I pretty much grasp that you have enough short term > memory to get through a multiple choice exam and we should really get back > to talking about technologies. > > Cisco makes big bucks on these certifications. The recert requirements > create a beautiful residual revenue stream making this business unit very > attractive internally to Cisco. Since they doubled the cost of the CCIE > recert, purely for profit, I have decided to let my certification lapse vs > give in to this obvious cash grab. Kudos to Cisco for making their VAR > channels one of their more lucrative revenue sources. > > >Priscilla > > > > > > > > > > "Cisco also announced today highly prestigious certification > > > support across > > > the entire PIX Family of security appliances. Certifications > > > earned include > > > the Common Criteria Evaluation Assurance Level 4 (EAL4) > > > certification, and > > > both ICSA Labs firewall and IPSec certifications. These > > > certifications > > > provide customers with independent and objective validation > > > that a company's > > > product meets certain levels of quality and reliability, and > > > are among the > > > industry's most respected and stringent criteria for > > > certification. > > > Providing customers broad certification support across the > > > Cisco PIX family > > > within a common operating system increases operational > > > efficiencies and > > > lowers support and management costs." > > > > > > > > > Duncan Maccubbin > > > US Network Support, Cable and Wireless > > > CCNA, CCNP, CSS1, MCSE4 > > > Work (703)287-6975 > > > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65744&t=65676 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: I see Cisco still hasn't fixed that bug [7:64813]
Chuck, you might want to read up on classful properties of this command...here's a tip: http://www.cisco.com/en/US/customer/tech/tk648/tk365/technologies_tech_note0 9186a0080094374.shtml#ipnetwork ""The Long and Winding Road"" wrote in message news:[EMAIL PROTECTED] > you know the one. you're working with subnets of a classful network. let's > say 10.0.0.0. you enter the command ip default-network 10.1.1.0 and what > shows up in the running config is ip route 10.0.0.0 255.0.0.0 10.1.1.0. > > Then try as you might, the command no ip route 10.0.0.0 255.0.0.0 10.1.1.0 > does not work. The error message states there is no matching route. Have to > reload before you can get the command to take. > > This one has been the bane of many a poor CCIE Lab candidate. Maybe that's > why Cisco leaves it in there. > > -- > TANSTAAFL > "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64869&t=64813 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Best Book/DOCs on MPLS [7:64257]
I dunno about "best" but there are some titles published by Cisco Press www.ciscopress.com , also www.juniper.net has some good papers. Besides that, there are many web sites out there that cover the subject and the nitty-griddy RFC's :-) wrote in message news:[EMAIL PROTECTED] > Hi All, > > Dose anyone recommend a good book on MPLS or dose anyone know a good > link. > > Thanks > Tarry Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64303&t=64257 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Who likes BGP? [7:64132]
I agree with the part that there are many human related problems with BGP configs and policies implementations. But that's the case with other protocols as well. In BGP's case it's probably showing more of people's carelesness or misunderstanding of the working of the protocol since as you mentioned there are rare instances of protocol implementations besides the Internet. All the things you can implement facing the customer are fine and dandy, you can protect yourself and the customer has to adhere to certain policies as well. I think there is a problem with the scope of some networks, if you have to deal with filtering and such of hundreds or thousands of prefixes then you will see there is a good chance for mistakes. This is probably even more a case with inter-provider peerings, where you are really limited to what you can do as the work load on you would be quite substantial. Even if you did the proper work, there are cases for updates and revisiting where you can run into additional problems. All in all, I don't think the problem is with the protocol, it's the diveristy of the networks that need to be supported, lack of consistent information and obviously the human factor. ""Logan, Harold"" wrote in message news:[EMAIL PROTECTED] > In my uneducated opinion, it seems to me like there are much larger concerns > out there than BGP security. I say uneducated because I haven't worked for > an ISP, nor have I worked for any other organization that would run BGP. My > BGP experience consists of reading and lab work, that's it. I'm a Cisco > Network Academy instructor, and the majority of my experience is from lab > work and consulting. I'm teaching my first CCNP Routing class starting next > week, so any input from those in the know would be appreciated. Hell, I'll > appreciate input from those not in the know, I'm not picky... just don't > expect me to take it as gospel truth. > > When I tell a router to peer with another BGP speaker, I can put > restrictions on it. I can tell it what AS paths I'll accept from that peer, > and what prefixes I'll accept from that peer. If I'm an ISP peering with a > customer who has the class C network 210.5.5.0 assigned to them, do I not > have a responsibility to configure my BGP router to ignore any BGP > advertisements from that customer that are not advertising 210.5.5.0? I know > that no one is going to hold me to it, it's not like the IETF has a squad of > mercenaries who are going to kick the door in and check my configs, but > doesn't that responsibility fall to both the customer and the ISP? > > Sorry if I'm off base here, but that's my basic understanding of how things > work; the customer has a responsibility to only advertise their networks, > and the ISP has a responsibility to only accept advertisements for that > customer's networks. Does the same relationship exist among ISPs, or do > things get too complex to filter updates at that point? > > It seems like the "security hole" in BGP is the human that configures a BGP > router to accept any route it gets. Thoughts? > > Hal Logan CCAI, CCDP, CCNP: Voice > Network Specialist / Adjunct Faculty > Computing & Engineering Technology > Manatee Community College > > > > -Original Message- > > From: Edwin R. Gonzalez [mailto:[EMAIL PROTECTED] > > Sent: Friday, February 28, 2003 11:39 PM > > To: [EMAIL PROTECTED] > > Subject: Who likes BGP? [7:64132] > > > > > > Hey, > > > > It's your friendly neighborhood CISCO MAN! > > Sorry, it's Friday night, I'm still at work with a coffee > > buzz that might last me until the morning. > > > > I came across this article that might be of interest to > > some people, check it out; > > http://news.com.com/2100-1009-990608.html?tag=fd_lede1_hed > > > > > > > > -- > > _ > > The harder you work, the luckier you get! > > _ > > The only place success comes before > > work is in the dictionary!!! > > _ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64167&t=64132 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can you claim Cisco Tests as a tax exemption? [7:64042]
I suppose if you're able to itemize deductions there should be no problem, I do it all the time, that also includes books, any travel expenses related to taking the exams or improving my professional skills, buying the equipment, etc. As long as you have a prove, such as credit crad statements you should be good to go. ""Mossburg, Geoff (MAN-Corporate)"" wrote in message news:[EMAIL PROTECTED] > Does anyone know if it's legal to claim the price of a Cisco test and/or > Cisco class as an exemption on your Federal taxes? From what I'm reading in > the IRS's Publication 529, "Miscellaneous Deductions", it sure seems like > it! > Geoff Mossburg Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64102&t=64042 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MBGP/MPLS VPN question [7:64036]
I don't think they should have a problem. The VRF should be created just for you so there should be no conflict. I never used this service from any of my providers so I cannot be certain. But as far as I'm concerned they shouldn't even care what addressing you're using between the sites. They provide the tunnel and shouldn't care much for your addressing scheme unless you ask them too, and as long as your contract is properly setup I think it would be no big deal. ""Lo Ching"" wrote in message news:[EMAIL PROTECTED] > Dear All, > > We have some ip address that use internally,eg, 30.x or 40.x but it is not > in private address range. Can I still use this range when connect to the > IP-VPN provider that using MPLS technology? I know that MPLS can allow > overlapping of customer address by using VRF and RD. I wonder any technical > conflict issue on Normal BGP in this case. > > Thanks in advance. > > rgds, > Lo Ching Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64041&t=64036 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Loopback Testing [7:63515]
Actually, Frame Relay switches don't forward the loop messages received on local port to the remote port. You can only loop between each end router and it's local Frame Relay switch. So, unless this is a cross-over simulation, you won't be able to achieve end-to-end loop. So, you can do loopback tests between each end router and it's Frame Switch. As long as those tests show fine - and your configuration is correct :-) - and you still have issues it might simply be the telco problem. But most often than not, you gotta prove it to them by running these tests. ""Curious"" wrote in message news:[EMAIL PROTECTED] > I want to do a loopback testing between my router and a remote router over a > Frame Circuit. > Tell me what i need to configure > Both routers are Cisco 2600 and running 12.0 IOS. > > thanks, > > > -- > Curious > > MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63526&t=63515 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco CWDM Experiences [7:62841]
Actually, this CWDM seems to be Cisco specific and is incompatible with DWDM, looks like mostly because of the wavelengths used in this solution. Cisco has a 2-slot chassis that pretty much you populate with OADM or MUX cards. These cards in turn are crossconnected to switches by SMF and you use special CWDM GBIC's for that. The GBIC's are what provides different lambda. These GBIC's seem to be supported on multiple platforms with proper IOS/CatOS ranging from 2900 to 6500 series. Here's the link: http://www.cisco.com/en/US/customer/netsol/ns110/ns112/ns113/ns197/networkin g_solutions_package.html Looks like mostly plug-n-play as long as proper attenuation is considered and you get the correct modules/GBIC's mix in there. ""Henry D."" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi everyone, > > I'm looking at some of the CWDM docs and this solution seems > to be a really good (read easy) way to increase the bandwidth between > sites with existing SMF. I don't have any DWDM experience, but looking > at this solution it would seem you don't need to do much in order > to achieve pretty substantial bandwidth increase. > > Does anyone have any experience with this technology ? > Pretty much just looking to see how well this stuff really works > in the field. It doesn't seem like you can do much to monitor/manage > this solution which kind of makes me skeptical. > > Any inputs welcomed ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62865&t=62841 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco CWDM Experiences [7:62841]
Hi everyone, I'm looking at some of the CWDM docs and this solution seems to be a really good (read easy) way to increase the bandwidth between sites with existing SMF. I don't have any DWDM experience, but looking at this solution it would seem you don't need to do much in order to achieve pretty substantial bandwidth increase. Does anyone have any experience with this technology ? Pretty much just looking to see how well this stuff really works in the field. It doesn't seem like you can do much to monitor/manage this solution which kind of makes me skeptical. Any inputs welcomed ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62841&t=62841 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Enterprise Design Probelm / Study [7:61351]
Consider yourself lucky, that's a great thing you get to work on a project of that scale, especially if you get to be one of the major players in putting the puzzle together. I wish I could be part of it as well. Good luck ! ""The Long and Winding Road"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Have I got a good one! > > Just got through reading an RFP for a large organization. Over 30 sites, > 12,000 ports, and 2000 phones. Complete rebuild of the network LAN and WAN > infrastructure. Add to that throwing out all their old PBX and key systems > and building for VoIP and video, in addition to current data traffic. New > switches, new routers, client asking for generous redundancy. L3 switching > up the wazoo ( that's a technical term meaning lotsa money to spend ) > > The thrill of the design is something else. Customer wants a centralized > Call Manager, but also wants certainty in case of failure at any of the > usual places. > > This oughta keep me out of trouble for a few weeks. > > TTFN > > Chuck > > -- > TANSTAAFL > "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61401&t=61351 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Written Study Material [7:61026]
All, What is a good Book to use as a basis for studying for the CCIE written exam 350-001. I see this one on Amazon. 1) NLI's Study Guide for The CCIE R&S Written Exam Please Advise, Bob __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61026&t=61026 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: catalyst 6513 conversion from cos to ios [7:60388]
I did this a little while back, all worked out pretty well during the process. As long as you follow the doc describing this on CCO you should be ok (I know it's not all that clear but read it few times and you'll get it). I think the problem with this upgrade could be rather poor documentation. You have to make sure you get the right images for your particular platform, making sure you apply proper images in regards to your SUP1/SUP2 and MSFC1/MSFC2 and any other requirements, like the boot image requirement of 12.0.7XE (I think, don't remember now) on MSFC. The setup I used it with had rather simple L2/L3 implementation so I had no major issues with config convertion but I could see that as a problem if your setup is more convulted (if possible, testing it in your lab should be required). Besides, maybe anyone here knows of any such tool to convert a config from CatOS to IOS for 6000 series ??? Good luck ! ""Thomas"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Has anyone ever converted a catalyst 6513 from COS to IOS. If so did anyone > encounter any problems. Any issues I should be aware of. Thanks in > advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60391&t=60388 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic but interesting - R&S networking future? [7:59261]
Since we're just throwing out our thoughts here... I tend to disagree, following your logic, if the IP network becomes such a commodity, I think this would just create more jobs for people like us, I mean R/S guys. You seem to think that once the IP network is used for the services such as Voice, the Voice people will have taken the jobs. This may be so to some degree. But from the last few years of my experience, I doubt there will be a data network acting as reliably as PSTN any time soon - as you mention about broadband. For this reason, I think R/S folks with few extra skills will still be in demand for the telcos, someone has to keep on making this thing work, fixing, upgrading, estimating, reporting, understanding data networks, etc. I agree that VOIP on the Net will not change how the telcos work. It's one thing to have a customer use the Internet for placing calls, the customer's expectations are already set low, knowing the Quality will not be as great. But when you pick up the receiver at home, you expect current quality, no delays, no noise, no whatever. Internet is simply too unpredictable for Carrier class Voice. ""nrf"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > ""The Long and Winding Road"" wrote in > message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > right up NRF's alley. Certainly for those considering their futures, > > something worth considering as part of the mix. > > > > http://cookreport.com/11.10.shtml > > > > Can't afford the un-snipped version right now, but since I work for a > telco, > > and I recognize the issues described, and have read all the top corporate > > executive e-mails that are doled out to us worker bees, I enjoyed the > > counter arguments presented here. > > There are two parts to this report that I think bear mentioning. One is the > future of VoIP. The other is the value (or lack thereof) of present > broadband rollouts. > > VoIP is certainly transforming the way that the PSTN will operate, if slowly > (very very slowly). Note, I didn't say voice over the Internet, but rather > voice over IP. I believe, for numerous reasons, telcos will choose not to > merge their phone services to the Internet, but will rather build out an IP > network through which they will deliver services. Stick a telephony feature > server on top of a functioning IP network (again, not the Internet, but a > private IP network), and you now have a phone system. > > But that further speaks to the commoditization of IP skills in general and > R/S skills specifically. IP networks will simply become a utility, like > electric power. How many electric power engineers does a typical company > have? Unless you're the electric company, probably zero - electricity is > just something that reliably comes out of the wall socket and you use it to > plug in your refrigerator. The value-add (ergo the jobs) will go to the > people who understand the services that can be layered on top. That's not > to say that there will be no jobs for people who know R/S (and only R/S), > only that there will be less of them and they will be less pay for them. I > do not see a bright future for R/S skills as the IP network becomes more and > more commoditized. > > About broadband - it is absolutely true that the telcos have basically > provided something that consumers do not want. Yet I disagree with the idea > that the telcos simply need to provide a more symmetric offering to entice > consumers. In my experience, consumers do not want broadband regardless of > whether it is assymetric or symmetric or whatever. The 2 problems with > broadband? Price and reliability. Let's face it, dial is reliable, whereas > broadband can and does goes down for weeks at a time (happened to me a bunch > of times). Furthermore, the Hart/Winston study showed that most people > think that $40-50 a month is too much money to pay. No wonder that despite > the fact that broadband is now available at over 80% of households, the > take rate for broadband is less than 15% where it is available. > > Here is the Hart/Winston study. Yes, it's a year old, but not a whole lot > has changed in a year. The most damning quote: "Forty-eight percent have > no interest regardless of price and another 21 percent are willing to pay at > most $20 per month..." > > http://www.comptel.org/press/nov29_2001_voices.html > > The biggest problem with broadband? Simple. There is no mass-market app > that actually requires broadband. Most people are perfectly happy with > dial. After all, what do they do on the Internet - surf a few pages, send a > few emails, do some instant messaging - all low-impact apps. Most regular > people (who are mostly nontechnical) simply don't see why they should pay > more and put up with a less reliable technology in order to do the things > they do a little faster. And again, it's not because they don't know what > it means to have a fast connection. A lot of these people wo
Re: Last Minute Thought - OSPF authentication issue? [7:58352]
It would seem you wanted to use md5 authentication but you used plain text authentication keys. In this situation - when there are no md5 authentication keys specified - I think the routers will use null key, meaning no authentication will take place... ""The Long and Winding Road"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > check this out. > > R10 > -- > Neighbor ID Pri State Dead Time Address Interface > 222.222.222.7 1 FULL/DR 00:01:58149.22.4.7 Serial0 > 222.222.222.111 FULL/DR 00:00:38149.22.252.2 Ethernet0 > Router_10# > > interface Serial0 > ip address 149.22.4.10 255.255.255.0 > encapsulation frame-relay > no ip route-cache > ip ospf authentication message-digest > ip ospf authentication-key 7 qwertyzzyzx > > R7 > - > Neighbor ID Pri State Dead Time Address Interface > 222.222.222.101 FULL/BDR00:01:57149.22.4.10 Serial1 > Router_7# > > interface Serial1 > ip address 149.22.4.7 255.255.255.0 > encapsulation frame-relay > no ip route-cache > ip ospf authentication message-digest > ip ospf authentication-key 7 cisco > > By my reckoning, the adjacency should NOT form because of the mismatched > passwords. Both routers have the area 0 authentication message-digest > command under the ospf process. > > This is exactly what I don't want to know at this point in my life :-) > > -- > TANSTAAFL > "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58353&t=58352 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
carrier transitions: [7:57401]
Hello, Can someone tell what carrier transitions are, and if they cause routers to bounce...thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57401&t=57401 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: time needs to be spent on CCIE study [7:55803]
It all depends on many factors. Your learning capabilities, work experience, access to equipment, personal life, etc. You should test yourself and be honest with yourself in your studies. There are materials available on the net in regards to different lab scenarios, some are free and some will cost you money - and you need to spend money. Once you do them and you feel confident with all the technologies as well as the methodology used in figuring out not only technical stuff but also the way the questions are being asked , you'll know you're ready. As you're looking for some more specific time frames, to give you an idea I myself went from very light networking/cisco skills to CCNP/CCDP within 7 months of study. Then another 2 months to CCIE written test. To pass the lab it took more than one try, over 1 year after the written I became CCIE certified. Also, during all this time I was working with Cisco gear in networking field. Some people do it quicker some take longer, I think my time frame would be about average you'd need, but it's just one man's opinion. ""Paul So"" wrote in message news:200210171322.NAA10361@;groupstudy.com... > Hi all, > > Would like some experience sharing from those who passed their written or > lab exam. > > How long did you prepare before the written exam and how much long before > your first lab attempt? > How many hours did you study every day and during the weekend? > How did you plan your study strategies? > > I gained my CCNP a year ago and am considering to take on this hardwork > towards CCIE. It seems to be difficult to start all over again after a year > break. I have read the blueprint and have a list of recommended books and > reference, also a list of equipment which should have as home lab. All I > need to do now is to create a good study strategy and time allocation plan. > > I would appreciate any experience you ever had during your studying, they > would be absolutely valuable for me. > > Thanks in advance > > Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55818&t=55803 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: traceroute blocked port [7:53657]
Well if that's the case then you'll have a hard time finding where it's blocked. Ususally, transit providers don't do this, so it should be the ISP/Provider on either end of the connection. However, there are some transit providers, especially in countries where VOIP is prohibited or highly regulated (Middle East for example) that don't allow this type of traffic. Looks like you have more work to do on your hands...:-( ""Osama Kamal"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I am having a problem with a blocked port somewhere on the internet down to > my router, my ISP is denying any blocking from their side, is there is any > way to know where exactly the port is blocked? > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53722&t=53657 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: traceroute blocked port [7:53657]
I guess you'd need to have someone from outside claiming that the traceroute is blocked to actually send you the output of the trace, it should show there :-) On the other hand, you might want to try it yourself from other networks. Go to www.traceroute.org, pick a route server/looking glass and try from there. ""Osama Kamal"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I am having a problem with a blocked port somewhere on the internet down to > my router, my ISP is denying any blocking from their side, is there is any > way to know where exactly the port is blocked? > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53659&t=53657 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX Failover [7:51491]
Whenever you type a command on the active unit it's being replicated to the standby unit. So yes, it will automatically update standby unit but it's not written to memory unless you write to memory on the active first. ""Steven A. Ridder"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Speaking of stateful PIX's, if I make a change on 1 PIX, and it has failover > on, will it automatically make a change on the other PIX? > > > ""Gaz"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > In article , [EMAIL PROTECTED] > > says... > > > Hi, > > > > > > In a Stataful configuration, and two PIX are interconnected via a > > > dedicated Failover Fastethernet, in case of the Active unit's Internal > > > interface fails, is there any method to shift traffic to the Standby > > > unit's Internal interface to maintain connectivity, thanks. > > > > > > Leo > > > Best Regards. > > Not sure what you mean there. That's what failover does unless I'm > > misunderstanding your question. > > > > You configure the main IP address for the interface and you configure a > > failover address. If the Pix's decide that the active one has a problem > > (power,interface down etc) the secondary pix takes over the main IP > > address. > > If the primary is still contactable it will have the failover IP address > > on its inside interface. > > > > That's why it's safe to telnet to the main IP address and you know that > > you're on the active Pix, but by console you need to do a show fail to > > make sure the device you're on is primary active or secondary active > > before you make changes. > > > > Regards, > > > > Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51521&t=51491 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSPFA Beta Exams [7:50984]
I just came back from taking the first out of 3, MCNS beta. I have no comparison to the 2.0 version, never really was planning to take these tests but since they're free then why not... Anyway, I studied for the test using the MCNS 2.0 Ciscopress book for the last 4 evenings. I can say there is not all that much different on this new exam than what you get from the "old" book. Just follow the blueprint, I think it really represents the scope of what you need to know for the test. And finally, I think with a little bit of luck I passed this test. Out of 97 questions, there were maybe 5 that didn't make any sense. There were few that I just didn't know answers to, but overall the exam wasn't bad at all. Worth noting again is that there was no options for comments at all. Good luck everyone. ""Roberts, Larry"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Just curious if anyone else has taken this exam yet? > Wanted to see if your opinion of it is the same as mine! This being the > first beta I have taken for Cisco, I can only hope the other 2 are better! > > > Thanks > > Larry Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51056&t=50984 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Serial Interface Bandwidth [7:50381]
That would work if you have integrated CSU, the timeslots would be there. If you connect say with V.35 to an external CSU/DSU then you won't get the timeslot information. The only way to figure out the bandwidth then would be to stress-test the circuit and see how far you can get the bandwidth utilization on this interface. ""Turpin, Mark"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > A show interface serial 'x' > where x = the serial interface's number will tell you > a couple things that are important. > > 1) the 5 minute load average for input/output > 2) the timeslots used > > You can use the timeslots to determine the bandwidth > that is technically available, and the load average > to get an idea of what is currently being used. > > hth, > -mark > > -Original Message- > From: Curious [mailto:[EMAIL PROTECTED]] > Sent: Thursday, August 01, 2002 9:43 AM > To: [EMAIL PROTECTED] > Subject: Serial Interface Bandwidth [7:50381] > > > I want to know the current bandwidth of my serial Interface of Router. Lets > say i have a fractional T1, how would i know what bandwidth i have for my > serial interface. > > thanks, > "The information transmitted is intended only for the person or entity to > which it is addressed and may contain confidential and/or privileged > material. Any review, retransmission, dissemination or other use of, or > taking of any action in reliance upon, this information by persons or > entities other than the intended recipient is prohibited. If you received > this in error, please contact the sender and delete the material from all > computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50400&t=50381 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Recertification [7:50372]
Just the written, thank God ! :-) ""Reza"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello Group, > I know that CCIE,s have to recertify every 2 years. For recertification do > you have to take the Lab or the Written? > > Thanks > Reza Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50374&t=50372 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Experiences? My Road Ahead... [7:50139]
Robert, In 1999 when I started looking into CCNA cert I didn't know much about switching, routing or Cisco equipment all together. I decided to go thru CCNP/CCDP tracks, as my experience was very limited. By late 2001 and after few tries at the lab I got my number. It doesn't require all those years of experience. Having few years of working with the gear and some protocols already, should really help you out. With some dedication and support you can achieve CCIE status within a year or so if you got what it takes :-) And as others have mentioned, this is just a beginning.. ""Robert D. Cluett"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > All (CCIE's and CCIE Written) > > I was wondering if you could help me understand what it is I am in for. I > have 3 years of experience at tier 3 IP support with Verizon. OSPF mostly. > I have experience with various Cisco and Nortel routers and switches. My > question is this, knowing OSPF and circuit troublshooting is excellent > knowledge, but I know that is only a fraction of what the CCIE demands. I > recently passed the CCNA, and have jumped into the studying for the routing > exam. The only thing which seems tough is the BGP (I have not touched it > before). So, my question is, what can I expect from this road ahead. Is it > feasable to eventually obtain my CCIE or is the CCIE for those people who > have the 10 years of experience working for an ISP? Any advice would help! > > Rob Cluett, CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50159&t=50139 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Source quench from network element. [7:49990]
Priscilla, Isn't there statement in the RFC's that Source Quench message should be sent if the host is overwhelmed with data ? Is that really being used in the real world applications ? On the other note, I have seen HP-UX machines keep on responding with these messages to ICMP Echo requests, solution was to apply certain patch. ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > LIM Chin Chye wrote: > > > > How can I eliminate a source quench generate by a network > > element? This > > element is directly connected to the Cisco 7200 series router, > > but it > > replies a error, "Source Quench received." when ICMP attempt. > > The network element replies with Source Quench Received? That doesn't make > sense unless you SENT it a Source Quench. You're probably seeing the result > of what it sent which was a Source Quench, not Source Quench Received. > > > Appreciate for > > advices, thanks! > > > > > > What is the network element?? > > There's probably no easy way to get it to stop sending a Source Quench other > than to stop bugging it with your ICMP messages. It's probably built into > the operating system on the "network element" to send "source quench" when > too many messages of a certain type are received. Mac OS used to do this. I > don't know what other OSs do it, but if you tell us the OS maybe there's a > registry change or something. > > Per RFC 1821, routers should not send source quench, but end hosts still can > per RFC 1122. It's not anything to worry about. You should probably just > ignore it. > > Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50062&t=49990 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can't Disable Spanning Tree on 2980G [7:50009]
John, It might be just a display issue on the switch, I just checked couple of my 6500's and for the VLAN's that have the STP disabled with active ports I see the same results. I think when you plug in a laptop to any available port on the same VLAN you'll see that it doesn't go thru STP phases and automatically goes into forwarding... ""John Neiberger"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have an interesting problem that I'm not able to resolve. On a > particular 2980G I need to completely disable spanning tree. After > issuing the command 'set spantree disable all' I would expect not to see > any ports participating in STP. However, look at this: > > SCORP0201-A> (enable) show spantree > VLAN 1 > Spanning tree disabled > > Bridge ID MAC ADDR 00-08-e2-b3-8c-00 > Bridge ID Priority 32768 > Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec > > Port Vlan Port-StateCost Prio Portfast > Channel_id > - - > -- > 3/1 1not-connected 100 32 disabled 0 > > 3/2 1not-connected 100 32 disabled 0 > > 3/3 1forwarding 100 32 disabled 0 > > 3/4 1forwarding 100 32 disabled 0 > > 3/5 1not-connected 100 32 disabled 0 > > 3/6 1not-connected 100 32 disabled 0 > > 3/7 1not-connected 100 32 disabled 0 > > 3/8 1not-connected 100 32 disabled 0 > > 3/9 1forwarding 100 32 disabled 0 > > 3/101forwarding 100 32 disabled 0 > > 3/111not-connected 100 32 disabled 0 > > 3/121not-connected 100 32 disabled 0 > > 3/131not-connected 100 32 disabled 0 > > 3/141not-connected 100 32 disabled 0 > > --More-- > > Initially it says that STP on VLAN1 is disabled, but then goes on to > show several ports in VLAN 1 that are still running spanning tree. STP > was successfully disabled on the other VLANs but I just can't get this > to go away and we really need to get this done thanks to another > annoying issue that no one has resolved yet. > > We have certain Dell machines that will BSOD if the network isn't > immediately available. STP portfast isn't fast enough so I've been > disabling STP altogether. > > Any thoughts on this? Am I missing something very obvious? I've > checked CCO and there appears to be no STP-related bugs on the 2948. > Unfortunately, they don't have separate info for the 2980G. > > Thanks, > John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50025&t=50009 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Here we go again ( Pix 515) [7:49492]
sorry, just couldn't resist - hahaha besides, if you're capable of doing all these multiple things with and on the networks, you're not just an NT guy even though your work title might say that :-) ""Kevin O'Gilvie"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hey, > > No flames aginst NT admins. > In these tuff times Network Admins need to know all > FW's, Servers, PC's, Mac's, Switches, Routers, even Cabling.. > In order to survive. > Like myself!! > > > >From: Juan Blanco > >Reply-To: [EMAIL PROTECTED] > >To: 'Kevin O'Gilvie' , [EMAIL PROTECTED] > >Subject: RE: Here we go again ( Pix 515) [7:49492] > >Date: Thu, 25 Jul 2002 11:14:08 -0400 > > > >Team, > >The way I see it, dhcp on the firewall is only for small number of users, > >when it comes to mid-size-up network you don't want to use a firewall for a > >DHCPCan you see an NT administrator making changes in your firewall > >because he/she is having problems with DHCP(This network will be > >available to hackers in the Theater near You) > > > >My two cents. > > > >-Original Message- > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > >Kevin O'Gilvie > >Sent: Thursday, July 25, 2002 10:27 AM > >To: [EMAIL PROTECTED] > >Subject: Re: Here we go again ( Pix 515) [7:49492] > > > > > >I wouldnt put dhcp on the firewall for 300 users. > >But for 10 or 15 I would. > > > >Thanks, > > > >-Kevin > > > > > > >From: "Gaz" > > >Reply-To: "Gaz" > > >To: [EMAIL PROTECTED] > > >Subject: Re: Here we go again ( Pix 515) [7:49492] > > >Date: Wed, 24 Jul 2002 22:37:12 GMT > > > > > >What's everybody's view on using the Pix as a DHCP server? > > > > > >I used it once, only because after arriving on site to install the Pix > >the > > >customer mentioned that his old Firewall was doing DHCP and he had no > >plans > > >to do it on anything else. > > >Seemed to go fine, but would like to know if people have come across > > >limitations/issues. > > > > > >I tend to agree with the view "Right box for the job", i.e. don't make > >the > > >Pix do things it's not made for, but if pushed into the situation, how > >does > > >it compare. > > > > > >Cheers, > > > > > >Gaz > > > > > >""Kevin O'Gilvie"" wrote in message > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Hi Kelly, > > > > > > > > You are absolutely right, and I love your strategy. > > > > That is the way I did it 2 years ago, but the only thing now is > >finding > > >a > > > > vpn solution for the Macs. I used Pix for the PC's last time round but > > >never > > > > had to do this for the Mac's. Any ideas? > > > > > > > > > > > > >From: "Kelly Cobean" > > > > >Reply-To: "Kelly Cobean" > > > > >To: [EMAIL PROTECTED] > > > > >Subject: RE: Here we go again ( Pix 515) [7:49492] > > > > >Date: Wed, 24 Jul 2002 02:18:38 GMT > > > > > > > > > >Man, you aren't asking much, are you? ;-) > > > > > > > > > >Ok, here's the order I'd do things in... > > > > > > > > > >First things first, get that firewall in place. You don't list what > > >their > > > > >internet connectivity is, but if they bought a PIX, it's safe to > >assume > > > > >that > > > > >they have a persistent connection, and that being true, they're > >really > > > > >hanging it out there for someone to cut off, so to speak. Network > > >security > > > > >is always a primary concern, and the firewall won't take alot of time > > >to > > > > >set > > > > >up. Not setting it up could be very costly. If they already have a > > > > >light(er)-weight firewall like a Linux host running IP chains or IP > > >tables, > > > > >replacing this first will save your users down-time later because you > > >can > > > > >pre-configure your internet rulebase/access in preparation for your > > >private > > > > >addressing. > > > > > > > > > >Next, I'd do the DHCP and Private Addressing. These go hand in hand, > > >and > > > > >since your firewall is now in place, you can do the NAT/PAT > > >translations > > >as > > > > >needed and not have to rethink these later. > > > > > > > > > >Third, get Exchange up and running. If it's going on a different > > >system > > > > >than Quick mail is running on, great! Now you can get them running > >in > > > > >parallel, and move users accounts over one at a time or in batches. > > >There > > > > >are probably tools out there to do the mailbox format conversion. > >Now > > >that > > > > >your network is secure at layer3/4, you can focus on the nitty-gritty > > >of > > > > >the > > > > >user data. (Oh yeah, don't forget that backup!!!) > > > > > > > > > >It's a 10,000 foot view, but that's how I'd do it. I'm not really a > > >MAC > > > > >guy, but I'd venture a guess that most or all of your MAC's run > >TCP/IP > > >and > > > > >support DHCP, so from an L3/4 standpoint, they're really no different > > >than > > > > >your PC's. > > > > > > > > > >When doing multiple projects like this, I tend to work along the OSI > > >model. > > > > >If the wiring is horrible, or the NIC's are al
Re: Here we go again ( Pix 515) [7:49492]
I haven't used DHCP server on the PIX, reading the documentation it seems you gotta be careful with how many Active Hosts you'll have. Looks like some low end PIX's do only 32 Active Hosts. On the other hand, I suppose the only reason for having PIX do DHCP would be for small offices, where some of these number limitations should be no problem. There are obviously other drawbacks besides any scalability, I wouldn't want my LAN Windows Administrator touch the PIX just because he needs to check/clear the DHCP assignments :-( ""Gaz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > What's everybody's view on using the Pix as a DHCP server? > > I used it once, only because after arriving on site to install the Pix the > customer mentioned that his old Firewall was doing DHCP and he had no plans > to do it on anything else. > Seemed to go fine, but would like to know if people have come across > limitations/issues. > > I tend to agree with the view "Right box for the job", i.e. don't make the > Pix do things it's not made for, but if pushed into the situation, how does > it compare. > > Cheers, > > Gaz > > ""Kevin O'Gilvie"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi Kelly, > > > > You are absolutely right, and I love your strategy. > > That is the way I did it 2 years ago, but the only thing now is finding a > > vpn solution for the Macs. I used Pix for the PC's last time round but > never > > had to do this for the Mac's. Any ideas? > > > > > > >From: "Kelly Cobean" > > >Reply-To: "Kelly Cobean" > > >To: [EMAIL PROTECTED] > > >Subject: RE: Here we go again ( Pix 515) [7:49492] > > >Date: Wed, 24 Jul 2002 02:18:38 GMT > > > > > >Man, you aren't asking much, are you? ;-) > > > > > >Ok, here's the order I'd do things in... > > > > > >First things first, get that firewall in place. You don't list what > their > > >internet connectivity is, but if they bought a PIX, it's safe to assume > > >that > > >they have a persistent connection, and that being true, they're really > > >hanging it out there for someone to cut off, so to speak. Network > security > > >is always a primary concern, and the firewall won't take alot of time to > > >set > > >up. Not setting it up could be very costly. If they already have a > > >light(er)-weight firewall like a Linux host running IP chains or IP > tables, > > >replacing this first will save your users down-time later because you can > > >pre-configure your internet rulebase/access in preparation for your > private > > >addressing. > > > > > >Next, I'd do the DHCP and Private Addressing. These go hand in hand, and > > >since your firewall is now in place, you can do the NAT/PAT translations > as > > >needed and not have to rethink these later. > > > > > >Third, get Exchange up and running. If it's going on a different system > > >than Quick mail is running on, great! Now you can get them running in > > >parallel, and move users accounts over one at a time or in batches. > There > > >are probably tools out there to do the mailbox format conversion. Now > that > > >your network is secure at layer3/4, you can focus on the nitty-gritty of > > >the > > >user data. (Oh yeah, don't forget that backup!!!) > > > > > >It's a 10,000 foot view, but that's how I'd do it. I'm not really a MAC > > >guy, but I'd venture a guess that most or all of your MAC's run TCP/IP > and > > >support DHCP, so from an L3/4 standpoint, they're really no different > than > > >your PC's. > > > > > >When doing multiple projects like this, I tend to work along the OSI > model. > > >If the wiring is horrible, or the NIC's are all old 10Base2 nics and have > > >transceivers to hook them to your BaseT network, take care of the layer 1 > > >stuff first. Next, if the network is all unmanaged hubs, and your > network > > >is one gigantic broadcast domain, start installing switches to quiet down > > >the network. Next, get VLANs/routing/security in place for Layer3/4. > > >Next, > > >work on the "upper layers" where all of your apps and data live and talk. > > >Just my $0.02 worth. > > > > > >HTH, > > >Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I > > >Network Engineer > > >AT&T Government Solutions, Inc. > > > > > >-Original Message- > > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > >Kevin O'Gilvie > > >Sent: Tuesday, July 23, 2002 9:07 PM > > >To: [EMAIL PROTECTED] > > >Subject: Here we go again ( Pix 515) [7:49492] > > > > > > > > >Dear All, > > > > > >I am jumping into a similar mess as when I started at my current company, > > >but this time the Macs out number the PC's. Well here is the scoop: > > >180 Macs > > >50 PC's > > >Static Ip's > > >No DHCP > > >No FW > > >Quick Mail Server > > >and a whole bunch of other nasty things.. > > >- They just purchases a Pix 515 > > >- They just bought Exchange 5.5 > > > > > >My projects are: > > >Set up DHCP > > >Set up Pix > > >Set up Private Addressing > > >Set up Exchange > > >Migrate them f
Re: Catalyst Switches and CDP [7:48603]
This appears to be a code version issue. I have the same symptoms on the 6509 running 5.5(3)CatOS while another 6509 running 6.3(5) CatOS is showing the neighors by their system names/hostnames. Even though they're not running IOS I think it still relates. It appears to be just a display/cosmetic issue. Or maybe they're trying to force you to go for "detail" option and all the other good info :-) ""John Neiberger"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > When displaying cdp neighbors on a switch -- specifically, our new 6513 > -- instead of a helpful device name I get a completely worthless device > ID. In some cases the hostname of the device is appended to this ID but > I'd really like to get rid of it entirely and I haven't figured out how > to do this by checking CCO. > > Is there a way to get the remote device's hostname to show up without > the meaningless device ID? > > Thanks, > John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48631&t=48603 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ATM IMA interface problems [7:47849]
This is going to be of no help to you but when we used these cards to bundle multiple T1's we had nothing good to say about the way it worked. There were multiple issues, i.e looping one T1 would cause the whole bundle to go down. Clearing groups like removing one T1 from the bundle was causing problems as well. After a while we simply trashed the whole thing and went with the actual telco solution from a vendor specializing in this type of setup. I was hoping the issue was the premature realease of the code supporting the feature but hearing it now from you just proves that Cisco doesn't really cut it when it comes to the telco equipment or equivalent :( wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello all, I'm having a problem with my IMA interface on a 7206 running > 12.2(5) (c7200-ds-mz.122-5.bin). When I switched from UBR to VBR-NRT the > pvc I was working on disappeared from the running config and no data will > pass through that circuit. I tried to add the pvc back into the config but > all I get is this in the log: > > %ATM-3-FAILCREATEVC: ATM failed to create VC(VCD=39, VPI=1, VCI=140) on > Interface ATM4/ima0, (Cause of the failure: vpi/vci pair already in use) > > I tried removing the interface and adding it back in with the same results. > I've done a 'clear interface' on many frame relay links before with no ill > effects but I'm hesistant to do the same thing here since, at times, the IMA > interface is another beast altogether from your standard interface. The > only other option I'm aware of is to reboot the router which is very > difficult because it's right at the core. > > Has anyone tried the 'clear interface atm4/ima0' command without causing > problems or is there another way to clear the vpi/vci config from memory so > it will accept the pvc correctly again without rebooting? > > Thanks!! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47881&t=47849 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 802.11a [7:47628]
IMHO, 2.4GHz frequency is a relatively "congested" RF band, and the most you can only have is 3 non-overlapping channels, and that will be a limiting factor in an enterprise environment regardless b or g. My Panasonic 2.4GHz cordless phone, my home theatre wireless control, my microwave oven... all compete for the 2.4GHz range. 802.11a uses 5.4GHz RF, UNII-1 and UNII-2 offer 8 non-overlapping channels and the air is relatively "quiet" compared to the 2.4GHz band. In 2-3 years, maybe there will be many devices running in this frequency range,... who knows. So, I still believe .11a will have its advantage over b and g. Henryh Reply-To: "Chris Young" To: "'Dennis Laganiere'" Subject: RE: 802.11a Date: Thu, 27 Jun 2002 20:09:40 -0400 Dennis, It looks like you are doing your homework on the wireless. Make sure that you don't discount .11g. IMHO .11g will have a far greater market impact than .11a for WLAN applications. It offers backward compatability with .11b and offers the higher data rate of 11.a. Just my $.02 Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dennis Laganiere Sent: Thursday, June 27, 2002 6:32 PM To: Dennis Laganiere Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' Subject: RE: 802.11a Several people sent me some excellent links. Thank you all... Here's what I ended up with... Cisco - The Aironet 1200 access point can be configured to support any of the standards, but they only have 802.11b available right now. NetGear - They have 802.11b and 802.11a access points, but nothing that will do both, which means losing all my current investment in NICs. D-Link - They have an access point that does both. I went ahead and ordered the D-link access point and a couple of NICs so I could start to play right away; and I'll "upgrade" to the Cisco unit once they have a real product offering... Thanks all, you guys are great... By the way, if there are any Cisco people on the list who would like to put me on a beta list, I'm open to it... :) --- Dennis -Original Message- From: Dennis Laganiere Sent: Thursday, June 27, 2002 3:06 PM To: 'Harish DV/peakxv'; Dennis Laganiere Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: RE: 802.11a There are several good write-ups on the technology on the CCO, so I knew that; but I was looking for an actual product to play with to determine if the 5 MGHz traffic interferes with other systems in my manufacturing group (a major concern). Cisco's Aironet 1200 access point has the capability, but it looks the antennas and NICs aren't out yet. D-Link has a fully functioning set-up I can use for my initial testing. --- Dennis -Original Message- From: Harish DV/peakxv [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 27, 2002 2:20 PM To: Dennis Laganiere Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: Re: 802.11a 802.11a works at 5GHz and can support upto 54mbps as compared to 2.4GHz/11mbps of 802.11b This link might help http://www.wlana.org/pdf/highspeed.pdf Harish Dennis Laganiere , "'[EMAIL PROTECTED]'" ionics.com> Sent by: cc: nobody@groupstudy.Subject: 802.11a com 06/27/2002 01:39 PM Please respond to Dennis Laganiere I've been reading about the new, faster wireless solutions. Is anybody's 802.11a technology ready-for-prime time? I'm ordering a Aironet 1200 access point to play with, and it should be capable (with the right antenna), but I understand Cisco's product is not out yet... Anybody know anything about the new "a" standard? Thanks... --- Dennis _ Commercial lab list: http://www.groupstudy.com/list/commercial.html Please discuss commercial lab solutions on this list. _ Commercial lab list: http://www.groupstudy.com/list/commercial.html Please discuss commercial lab solutions on this list. _ Commercial lab list: http://www.groupstudy.com/list/commercial.html Please discuss commercial lab solutions on this list. _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47628&t=47628 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP NLRI [7:47337]
Think of it as a route with additional info. BGP uses such things as AS number, MED value, communities, etc. NLRI consists of the prefix plus that extra info. ""rick"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I am having some trouble understanding NLRI as opposed to > straight network routing updates. > Anyone got a pointer to information that might clear up NLRI > some? > > Thanks > > -- > --Rick Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47368&t=47337 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco pakage delivery. [7:46903]
Hi , I have a cisco 2621 with IOS 12.0 (3) T3 , I am trying to upgrade the IOS to IOS 12.0 (4) T using the Cisco works 2000 . How do I make a package of this IOS and how do I deliver this package to this router whose IP is 3.20.79.221. Henry. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46903&t=46903 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question about the 350 series AP [7:45971]
Mine included everything. ""Roberts, Larry"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > OK, > > Can someone confirm/deny that the 350 will only accept in-line power? > Does it come with the in-line power injector, or is this a separate item? > I have read everything I can and all points say it only has in-line power, > but none say whether this is included ( I can't image it wouldn't be ) > > > Thanks > > Larry Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46040&t=45971 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX + VPN Router or Just VPN Router? [7:45315]
What you are describing doesn't really make sense. You say you have connections back to the core site from all remotes. If that was the case there would be no reason for the pix at remote sites or an obvious reason for vpn tunnels between remotes and the core site. In that case, you could just put the core pix in front of the core site and the remotes, terminate the remotes before the core pix, and no need for all the other mess. But I have a feeling there is more involved than we know at the moment.:( ""Jeffrey Reed"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I am curious about recommendations on remote office connections when VPNs > are involved. Today, in two separate occasions I ran into designs that > showed remote sites with a small 1720 router and a PIX 506. The 506 > terminated one end of a tunnel back to the core PIX and the 1720 facilitated > the frame connection. All traffic will be going back to the core, then if > needed, to the Internet through the central sites main connection. > > Why cant you just use the 1720s ability to terminate a tunnel and drop all > non-encrypted traffic and eliminate the need for the PIX? This would reduce > the costs of both the initial purchase as well as ongoing support. What are > the downsides to a design without a PIX at the remote site? > > Thanks!! > > Jeff Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=45316&t=45315 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP's neighbor advertisement-interval command [7:44521]
I'm not certain on this one but assuming the same logic I'd say that the advertisement for the prefix with the metric of next-hop changing would take place once, it would trigger a 10 minute countdown, and if there is another change in the metric within the countdown it would send new advertisement with the new metric at the end of the 10 minute interval. >From BGP Command reference: This command will cause BGP to advertise a MED that corresponds to the IGP metric associated with the next hop of the route. This command applies to generated, IBGP-, and EBGP-derived routes.If this command is used, multiple BGP speakers in a common autonomous system (AS) can advertise different MEDs for a particular prefix. Also, note that if the IGP metric changes, BGP will readvertise the route every 10 minutes. ""cebuano"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Henry, > Thanks for the verification. Although I'd like to add another command > to the picture --- "set metric-type internal". > The documentation says "if the IGP metric changes, BGP will readvertise > the route every 10 minutes". > There is no mention how long BGP will readvertise the affected > routes. Any ideas? > > Thanks. > Elmer > - Original Message - > From: "Henry D." > To: > Sent: Monday, May 20, 2002 12:04 PM > Subject: Re: BGP's neighbor advertisement-interval command [7:44521] > > > > You're correct, however if there are route changes happening constantly > > you don't want the router to keep sending updates as it might exhaust the > > peers. > > The interval is used so there is a limit of how often the updates are sent > > regardless > > of how often the routes actually change. > > > > ""cebuano"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Hi ,all. > > > Can someone give a better explanation about this BGP command > > > "neighbor advertisement-interval"? I know you can change the default > > > values of 30 sec for external and 5 sec for internal peers. > > > But I always thought that BGP sends routing updates ONLY when > > > something about the route changes, either an UPDATE or WITHDRAWN > > > message. Any explanation better than CCO or Parkhurst's is greatly > > > appreciated. > > > > > > Elmer Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44551&t=44521 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP's neighbor advertisement-interval command [7:44521]
You're correct, however if there are route changes happening constantly you don't want the router to keep sending updates as it might exhaust the peers. The interval is used so there is a limit of how often the updates are sent regardless of how often the routes actually change. ""cebuano"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi ,all. > Can someone give a better explanation about this BGP command > "neighbor advertisement-interval"? I know you can change the default > values of 30 sec for external and 5 sec for internal peers. > But I always thought that BGP sends routing updates ONLY when > something about the route changes, either an UPDATE or WITHDRAWN > message. Any explanation better than CCO or Parkhurst's is greatly > appreciated. > > Elmer Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44531&t=44521 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE in 3-6 Months from cisco Interesting [7:43306]
I agree with all of the people that because of the economy most CCIE's won't see big salaries from few years back. I also agree that "paper" CCIE doesn't really compare to a "paper" MCSE, SCSA or whatever else. A CCIE needs to have some hands-on. The problem is that lab testing has little to do with real life environment. On top of that, there is so much info out there on what's being tested on the lab that people have much work cut down for them to pass the tests. This creates a limit of what you really need to know for the lab and how you get to that level, this limit however is not how a CCIE will be judged in real life environment. So, yes the salaries are gone, and yes there are some CCIE's who will have trouble designing a "simple" network. I think as long as people don't cheat themselves they will know whether they are worthy of this certification. You need to take a look at yourself and forget about the little paper you put on the wall or on your cubicle. The paper means nothing, it's what's in you what really counts. And as far as that goes you can still make a great living being a CCIE ! CCIE #8472 ""Johnzaggat"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Join Cisco and get CCIE in 3-6 months. Must be a typo. > > http://www.cisco.com/pcgi-bin/jobs/JobAgent?rm=jobdetail&req_id=703608&keywo > rds=+ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43336&t=43306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: passed MCAST/QOS exam [7:40345]
Congrats ! ""Reinhold Fischer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > hi all, > > today i took the multicast and qos exam (640-905). In my opinion it is the > hardest of the three exams to achieve the CCIP/MPLS cert. > > For preparation i have used the Ciscopress 'developing ip multicast > networks' book and read up the relevant sections of the Quality of Service > Solutions Configuration Guide and the Multicast section of the IP Routing > and IP Confguration Config Guide. If i had to take the exam again i would > try to get my hands on the original course documentation as there were loads > of questions that probably best would be answered with knowledge of the > original course text. > > good luck to you in all your studies ! > > Cheers > > Reinhold Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40367&t=40345 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: MPLS in the Enterprise [7:36670]
Interesting, let me also bring few things up here, not that I have much experience in MPLS/VPN but who does ? :-) I suppose one of the problems with this particular service is that not all SP's or Enterprises fully understand the potential, or technology in general. First, SP's might not be able to provide overall cheaper connectivity for the Ent's if their network doesn't span around the existing Ent's POP's. I suppose when considering the service, one needs to realize all the advantages of it and compare it to what they have now. As with any technology, there are many ways to implement it. One might be able to just start the service for interconnecting the HUB locations for example. Another advantage could be the Internet traffic which no more has to travel thru dedicated lines which are shared thru the whole Enterprise. Referring to John's original post, the CE equipment doesn't have to participate in the MPLS, so the MPLS looks like any other connection to the rest of your network. Now, it's a choice or not, depending on the service and possibly other customer requirements, whether CE participates in MPLS. In general, SP would take care of the routing between the sites, the routing would be totally independent of their other MPLS/VPN's or Internet routing which gives the Enterprise traffic protection in the form of invisibility to other SP customers or Internet users when required. It all depends, the best thing is to study the technology and the the details of offerings. I personally have no real time experience in this whole new area but I hope in theory I should be pretty close to what one needs to be aware of. ""John Neiberger"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > To make things even more interesting... > > While discussing this with a few different vendors I decided > that this particular solution is smoke-and-mirrors, at least in > our area. We'd have to buy new point-to-point circuits that > all point to a _single_ POP. > > MPLS isn't even needed in this case because every location > would be hitting the same POP! Unless, of course, they have a > whole bunch of routers at the POP but then we're really using > MPLS to get from one side of the room to the other. > > We'd be better off simply buying a couple of frame DS3 circuits > for our hub and repointing all the branch PVCs to those > circuits. Cheaper and we accomplish the same thing without > using another vendor and without buying a whole bunch of new > circuits. > > In fact, one vendor that I asked about this proposed this very > solution, except he was suggesting we use their facilities. > They offered to set up a couple of routers exclusively for our > company to connect to. Again, we don't really accomplish much > with that solution since we can do that at our own facility if > we want to. > > John > > > > On Sat, 9 Mar 2002, Kent Yu ([EMAIL PROTECTED]) wrote: > > > John, > > > > I think you brought an interesting topic. > > > > With all these pitches about Layer 3 VPN, the question has > been > > bothering me > > for a while, how many enterprises out there really need to > have an > > any-to-any solution? Less than 0.5% is my guess. Most of the > enterprise > > client/server applications fit into the hub-spoke topology > pretty well, > > really have no reasons to get direct connections among their > branches. > > > > > > > > Theoretically, MPLS should give the service providers the > ability to > > provide > > more scalable and cheaper fully meshed VPN solution, as the > SPs do not > > have > > to manage those hundreds of thousands PVCs, ect. From the > enterprises' > > perspective, if this gives them a reliable and affordable > alternative to > > the > > traditional hub-spoke frame relay network, it sounds > attractive, but > > seems > > to me all the current implementations are even more > expensive, not to > > mention their reliability probably is no where near the > legacy frame > > network, at least not for a while. > > > > > > > > The vendors want to sell their MPLS VPN solutions to SPs, the > SPs who > > built > > the network want to sell it enterprises , but my guess is > that 99% > > enterprises will not buy it, not till... > > > > > > > > My .02 > > > > Kent > > > > ""John Neiberger"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Okay, I'm about to show how clueless I am when it comes to > MPLS > > > > > > I've been getting calls from multiple providers lately all > trying to > > > suggest that I migrate our 100-site frame relay network to > their MPLS > > > network, suggesting that we'll have any-to-any connectivity > and the > > > ability to prioritize traffic classes within the MPLS > network. > > > > > > Are any of you doing something like this? I'm going to > read up on it > > > but I'm having trouble visualizing it. Does this basically > turn our > > > network into a giant multipoint network? Do our branch > routers need > > to > > > be aware
Re: Visual switch manager gone after upgrade TFTP. [7:35716]
Hi Sim , Have you enabled the http server on the switch ?. Henry D'souza, Infrastructure Development & Management TATA CONSULTANCY SERVICES Seepz, Mumbai - 400096. Hello # 8291680 ext 1208. Direct line 8292406 "Sim, CT (Chee Tong)" cc: Sent by: Subject: Visual switch manager gone after upgrade TFTP. [7:35716] [EMAIL PROTECTED] 02/18/2002 03:13 PM Please respond to "Sim, CT (Chee Tong)" I was doing a TFTP upgrade procedure on the XL switch. There is a procedure to delete the HTML files: delete flash:html/* before copying the new flash and I have done that. After I upgraded the IOS and reload it. The IOS was successfully upgraded but when I go to web based (Visual switch manager) , there is no page shown. Then I go to my flash:html/ , it is empty % SwitchA#dir flash:html/ Directory of flash:html/ 190 d--x 0 Mar 01 1993 00:09:40 Snmp 3612672 bytes total (1850880 bytes free) %% I went to other switch (B), I found there are a lot of files on the html folder, what should I do to make the Visual Switch manager working again? Should I copy all the file to switch A? SwitchB#dir flash:html/ Directory of flash:html/ 5 -rwx 965 Mar 01 1993 00:09:55 Detective.html.gz 6 -rwx 671 Mar 01 1993 00:09:55 GraphFrame.html.gz 7 -rwx 675 Mar 01 1993 00:09:55 GraphFrameIE.html.gz 8 -rwx1182 Mar 01 1993 00:09:55 ethhelp.html.gz 9 -rwx1499 Mar 01 1993 00:09:55 fddihelp.html.gz 10 -rwx1538 Mar 01 1993 00:09:56 fdnethlp.html.gz 11 -rwx 538 Mar 01 1993 00:09:56 ieGraph.html.gz 12 -rwx 524 Mar 01 1993 00:09:56 ieLink.html.gz 13 -rwx 959 Mar 01 1993 00:09:56 LinkFetch.html.gz 14 -rwx 960 Mar 01 1993 00:09:56 LinkFetchIE.html.gz 15 -rwx 796 Mar 01 1993 00:09:56 LinkReport.html.gz 16 -rwx3346 Mar 01 1993 00:09:56 TopoMain.html.gz 17 -rwx5154 Mar 01 1993 00:09:57 address.html.gz 18 -rwx3332 Mar 01 1993 00:09:57 addrhelp.html.gz 19 -rwx2573 Mar 01 1993 00:09:57 amether.html.gz 20 -rwx2706 Mar 01 1993 00:09:57 amfddi.html.gz 21 -rwx2907 Mar 01 1993 00:09:58 amfdnet.html.gz 22 -rwx3291 Mar 01 1993 00:09:58 amtr.html.gz 23 -rwx3018 Mar 01 1993 00:09:58 amtrnet.html.gz 24 -rwx3071 Mar 01 1993 00:09:58 arp.html.gz 25 -rwx1147 Mar 01 1993 00:09:58 arphelp.html.gz 26 -rwx 210 Mar 01 1993 00:09:59 back.html.gz 27 -rwx4975 Mar 01 1993 00:09:59 balboa.html.gz 28 -rwx3171 Mar 01 1993 00:09:59 basichlp.html.gz 29 -rwx 171 Mar 01 1993 00:09:59 blank.html.gz 30 -rwx 527 Mar 01 1993 00:09:59 bottom.html.gz 31 -rwx3861 Mar 01 1993 00:10:00 cdp.html.gz 32 -rwx1562 Mar 01 1993 00:10:00 cdphelp.html.gz 33 -rwx3926 Mar 01 1993 00:10:00 cgmp.html.gz 34 -rwx1790 Mar 01 1993 00:10:00 cgmphelp.html.gz == De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. == The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. == Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35724&t=35716 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct a
Re: PVC status don't go down [7:35389]
Makes sense to me ! But is that the real cause ?. "eric.lange@u sbank.com" To: [EMAIL PROTECTED] http://www.groupstudy.com/form/read.php?f=7&i=35483&t=35389 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Malformed Packet... [7:35436]
Rahul , CIAC has information that there have been an ongoing series of denial-of- service attacks directed at whole blocks of IP addresses. The attack uses UDP fragmentation to exploit a known vulnerability on unpatched Windows NT and Windows 95 systems. The attack is a sequence of two UDP packets, the first being the setup packet, and the second, a malformed UDP packet. Because of the way Microsoft implements the TCP/IP stack, processing these UDP packets places the TCP/IP stack in an unstable state. Unprotected Windows NT machines crash and display the "blue screen of death" during or soon after the attack. Windows NT boxes with only SP1 applied seem to reboot. Windows 95 machines hang. The attack is not intentionally damaging to the machines, but as with all such issues can do damage if the machine is accessing the hard drive at the moment the attack occurs. Microsoft has tested these malformed packets and believes the teardrop2 hotfix solves this problem. We suggest patching all machines with this hotfix and the smb/cifs (srv hotfix) which protects against a similar attack. See CIAC Bulletin I-19 for more information on this type of attack and the machines that are vulnerable. Note also that Microsoft has updated and combined the patches for the Teardrop and Land attacks on Windows NT. This patch is now the teardrop2 fix. The teardrop2 hotfix should be used instead of the patches listed in the I-19 Bulletin. We have noted that Windows NT and Windows95 machines that were located behind firewalls did not fail during these attacks. We believe this is due to the fact that most firewalls automatically drop malformed UDP packets. "Rahul Kachalia"To: [EMAIL PROTECTED] Subject: Malformed Packet... [7:35436] Sent by: nobody@groups tudy.com 02/15/2002 02:38 AM Please respond to "Rahul Kachalia" Hi All, I am not sure what "Malformed Pkt" by some sniffer or OS means, but assuming either the expected information is missing or didnt matched. While sending fragmented pkt on network I am seeing such messages on sniffer, can some one provide more info on it.. thanks, rahul. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35480&t=35436 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cat5k Reboots sporadically [7:35477]
Sean, Looks like the power supply problem here ! The power supply must be going down and coming on again ! Plug off the power supply and bring the device on the standby power supply only. Henry D'souza, Infrastructure development & Management,(IDM), TATA CONSULTANCY SERVICES Seepz, Mumbai , 400096. Hello # 8291680 ext 1208. Direct line 8292406 @ Pager 9624 - 370346. "Sean Knox" cc: Sent by: Subject: Cat5k Reboots sporadically [7:35477] nobody@groups tudy.com 02/15/2002 12:52 PM Please respond to "Sean Knox" I have a old Catalyst 5500 that is continually resetting. A show log displays: Console> (enable) show log Network Management Processor (ACTIVE NMP) Log: Reset count: 538 Re-boot History: Feb 15 2002 01:46:06 0, Feb 15 2002 00:10:24 0 Feb 15 2002 00:03:35 0, Feb 14 2002 14:13:25 0 Feb 14 2002 14:07:15 0, Feb 14 2002 14:05:16 0 Feb 14 2002 13:12:20 0, Feb 14 2002 11:29:54 0 Feb 14 2002 11:05:38 0, Feb 14 2002 10:35:35 0 Bootrom Checksum Failures: 0 UART Failures: 0 Flash Checksum Failures:0 Flash Program Failures: 0 Power Supply 1 Failures: 65 Power Supply 2 Failures:0 Swapped to CLKA:0 Swapped to CLKB:0 Swapped to Processor 1: 0 Swapped to Processor 2: 0 DRAM Failures: 0 Exceptions: 0 Loaded NMP version:4.5(12) Reload same NMP version count: 176 Last software reset by user: 2/15/2002,00:10:13 output omitted I'm assuming the 65 power supply 1 failures is a possible cause? Does this indicate a dying power supply and the source of the resets, or is something else to blame? - Sean Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35479&t=35477 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Checking ! [7:35476]
This is a frist time I am writing ! If you can recieve this mail , pls respond ! Henry D'souza, Infrastructure development & Management,(IDM), TATA CONSULTANCY SERVICES Seepz, Mumbai , 400096. Hello # 8291680 ext 1208. Direct line 8292406 @ Pager 9624 - 370346. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35476&t=35476 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MD5 encrypting vty passords [7:33533]
That specifies type 7 encryption, you can enable it before or after you configured your vty's. "enable secret " is used to enter password which will be encrypted with MD5. If using MD5 don't use it in conjunction with "enable password " command as that would create another enable password and would make your MD5 password as prone to discoveries as type 7. ""bergenpeak"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Is the MD5 encryption used when one enables the "service > password-encryption" > before entering the vty password? > > What encryption mechanism is used when a password is entered as type 7? > > Thanks > > > "Henry D." wrote: > > > > It's not possible to use MD5 on vty's. > > I suppose the reason would be that MD5 enable > > password is not all that much more secure than type > > 7 passwords. When you type them they both are being > > sent over the network in clear text anyway. The only reason > > for using MD5 would be so anyone who sees your config > > wouldn't be able to crack the MD5 password as easily as type 7. > > But on the other hand, if you have access to the config, you're either > > already in enabled mode or you store it in insecure place. If insecure > place > > then there may be other ways to break into or your equipment anyways. > > You see, there is no perfect simple solution, you got to rely on many steps > > to protect what needs to be protected. > > > > ""Charlie Wehner"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Is there any way to MD5 encrypt vty passords? > > > > > > If so, how? > > > > > > If not, why not? > > > > > > Thanks, > > > Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33564&t=33533 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: More Confused!!! Re: Neighbor commands...Yes or No?? [7:33560]
I think you're still confused. Both physical frame interface and multipoint sub-interface are by default OSPF Non_Broadcast type. This means for OSPF to function you'd need to configure neighbor command in either scenario. With the config you showed on RTA (the HUB router) you wouldn't even be able to ping both spokes as there are no maps defined (aside from missing netmask), and if relying only on inverse-arp, it would map only one spoke and no more. The rule is that inverse-arp will map only one Layer3 to the same Layer2, i.e one IP to DLCI X, one IPX to DLCI X, one IP to DLCI Y, etc. You're showing routes in the spokes, but we really don't know all of the configs when these routes show up in the routing table. What's the configs, output of "sh frame-relay pvc", "sh frame-relay map" ? ""Cisco Nuts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > OK, I have finally found out this and concluded that: > > Neighbor commands are ONLY required in an OSPF point-to-multipoint > Non-Broadcast mode in a FR hub-and-spoke topology. > > Not required in a NBMA mode or any other modefor that matter. > > > > >From: "Cisco Nuts" >Reply-To: "Cisco Nuts" >To: [EMAIL PROTECTED] > >Subject: More Confused!!! Re: Neighbor commands...Yes or No?? [7:33547] > >Date: Tue, 29 Jan 2002 01:38:45 -0500 > >Hello!! > >I am even more > confused now! :-( > >Just finished configuring 3 routers in a FR > hub-and-spoke topology with >OSPF in the default non-broadcast mode with > NO neighbor commands on the >hub router and FR map commands on both the > spokes to get to one another. >It works!! I mean without the neighbor > commands on the hub router, the >spoke routers are learning about the > networks on the other spoke, that >too in a different area. Why?? > > >Thanks! > >Here is some output: BTW: RTA is the hub and RTB and RTC the > spokes. FR >configed. on physical interfaces: > >RTB routing table: > >O > IA 192.168.10.192/27 [110/70] via 192.168.10.243, 00:01:20, Serial0 >O IA > 192.168.10.128/26 [110/74] via 192.168.10.243, 00:01:20, Serial0 > >RTA > config: > >RTA#sh ru int s0 >Building configuration... > >Current > configuration : 214 bytes >! >interface Serial0 > bandwidth 1544 > ip > address 192.168.10.241 255.255 > encapsulation frame-relay > ip ospf > priority 10 > logging event subif-link-status > logging event > dlci-status-change > no fair-queue >end > >RTC routing table: > >O IA > 192.168.10.64/26 [110/74] via 192.168.10.241, 00:17:50, Serial0 >O IA > 192.168.10.0/26 [110/74] via 192.168.10.242, 00:17:50, Serial0 > > >From: > "Henry Dziewa" >To: "Cisco Nuts" >Subject: Re: Neighbor >commands...Yes > or No?? [7:33486] >Date: Mon, 28 Jan 2002 20:11:07 -0500 > > >Well, it's > your loss:) > >Hub and spoke, in order for the spoke to >talk to > another spoke you >need to map the remote spoke's IP to the same >DLCI > used for >mapping to HUB router on both spokes. >The HUB router >already > has the mapping to both so >it knows where everyone is. > >By >default, > physical frame interfaces are ospf non-broadcast, this means > >that > you'd need to configure neighbor statement, preferably >on the HUB > >router. > > >- Original Message - >From: "Cisco Nuts" >To: > >Sent: >Monday, January 28, 2002 3:42 PM >Subject: Re: Neighbor > commands...Yes or >No?? [7:33486] > > > > And that's exactly what I am > asking my friend. > > >First, it's the layer 2 issue..that of fr map > statements to get from one > > > spoke to another via the hubaka Mr. > Caslow. > > > > And there is >the ospf issue of either issuing the > neighbor commands or not > > in the >default non-broadcast mode when > using physical fr intfs. > > > > Is it >one of both? And that is the > confusing issue for me. > > > > :-) Can you >help? > > > > > > >From: > "Henry D." > > >Reply-To: "Henry D." > > >To: >[EMAIL PROTECTED] > > > >Subject: Re: Neighbor commands...Yes or No?? >[7:33486] > > >Date: Mon, > 28 Jan 2002 14:38:06 -0500 > > > > > >There are >2 different issues. > > > > > > >1. Layer 2 to Layer 3 mapping. > > >2. >Routing > > > > > >You > need to separate these 2 in order to understand >how it all works. > > > >If I gave you all the
Re: Can ping from one side only!! why? [7:33527]
Can you post the relevant configs then ? ""Cisco Nuts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello, > I have router RTA connected to router BBR running ospf 100. Router BBR has a > static route of 0.0.0.0 to router TS. Router BBR also has a redistribute > static command under ospf. > > Router TS is connected to router Remote both running Rip. Static routes are > configured on TS for RTA's and BBR's networks. This is redistributed under > Rip with a default metric of 2. Also, the router TS has a defult-network > command to inject a default route to router Remote. > > On router Remote, I see the networks of routers RTA and BBR discovered via > RIP > R4.0.0.0/8 [120/2] via 10.10.1.2, 00:00:18, Ethernet0 > R5.0.0.0/8 [120/2] via 10.10.1.2, 00:00:18, Ethernet0 > > I can ping these addresses successfully. > > But I cannot ping these same addresses from the TS. Why?? The packet from > Remote goes thru TS to get to routers RTA and BBR. Then how come I cannot > ping these same addresses from TS?? Also, I cannot ping any networks on > Remote from RTA > > The solution I came up with was: > 1.) Configure a default-information originate command on the router BBR > which then injects a default route on RTA which allows me to ping networks > on router Remote. This works! > > 2.) Configure on router BBR the serial network address between router BBR > and TS under OSPF. This allows me to ping the networks of RTA from the TS. > This works! > > So the question is more of a packet flow from router Remote from where pings > work to RTA and BBR but not from router TS. > > Can someone help me understand this? > Thank you. > > > > > > > > _ > Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33540&t=33527 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MD5 encrypting vty passords [7:33533]
It's not possible to use MD5 on vty's. I suppose the reason would be that MD5 enable password is not all that much more secure than type 7 passwords. When you type them they both are being sent over the network in clear text anyway. The only reason for using MD5 would be so anyone who sees your config wouldn't be able to crack the MD5 password as easily as type 7. But on the other hand, if you have access to the config, you're either already in enabled mode or you store it in insecure place. If insecure place then there may be other ways to break into or your equipment anyways. You see, there is no perfect simple solution, you got to rely on many steps to protect what needs to be protected. ""Charlie Wehner"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Is there any way to MD5 encrypt vty passords? > > If so, how? > > If not, why not? > > Thanks, > Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33539&t=33533 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can ping from one side only!! why? [7:33527]
In your scenario, packet originates on router Remote with destination of router RTA - with IP address of the network connecting RTA to BBR. Remote knows to use TS because of the RIP information and sends packet to TS, TS knows how to get there because it has statics so it forwards the packet to BBR, BBR is directly connected to the network so it knows where RTA is and forwards it out to RTA. RTA gets the packets but it doesn't know where Remote router is so the packet gets dropped. Now, if Remote was for example pinging IP of BBR on the same subnet as RTA this would work because BBR knows thru static default how to get back to Remote. In case of RTA, it has no default route information even though you used redistribution under OSPF. The problem is that OSPF will not start advertising default route unless specifically configured to do so with "default-information originate" command. The same goes when trying from TS router, RTA has no information on how to get back to the network you have configured between BBR and TS. Hope it helps. ""Cisco Nuts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello, > I have router RTA connected to router BBR running ospf 100. Router BBR has a > static route of 0.0.0.0 to router TS. Router BBR also has a redistribute > static command under ospf. > > Router TS is connected to router Remote both running Rip. Static routes are > configured on TS for RTA's and BBR's networks. This is redistributed under > Rip with a default metric of 2. Also, the router TS has a defult-network > command to inject a default route to router Remote. > > On router Remote, I see the networks of routers RTA and BBR discovered via > RIP > R4.0.0.0/8 [120/2] via 10.10.1.2, 00:00:18, Ethernet0 > R5.0.0.0/8 [120/2] via 10.10.1.2, 00:00:18, Ethernet0 > > I can ping these addresses successfully. > > But I cannot ping these same addresses from the TS. Why?? The packet from > Remote goes thru TS to get to routers RTA and BBR. Then how come I cannot > ping these same addresses from TS?? Also, I cannot ping any networks on > Remote from RTA > > The solution I came up with was: > 1.) Configure a default-information originate command on the router BBR > which then injects a default route on RTA which allows me to ping networks > on router Remote. This works! > > 2.) Configure on router BBR the serial network address between router BBR > and TS under OSPF. This allows me to ping the networks of RTA from the TS. > This works! > > So the question is more of a packet flow from router Remote from where pings > work to RTA and BBR but not from router TS. > > Can someone help me understand this? > Thank you. > > > > > > > > _ > Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33529&t=33527 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Lab Kit.... [7:33412]
It could be possible to only use 4 routers and still be able to do some complicated labs. But what real CCIE lab is about is to put a lot of stuff in one physical topology, mixing all of this together, confusing you which protocol or interface you still need to get to, what and how the redistribution will play in this whole mess, making all of it depend on many other things you might have configured earlier and being able to keep on going without breaking later what worked before. From my own experience as well as most of the "real" preparation labs you'll find will require more routers. I used 9 routers and 1 switch. This allowed me to do most labs from all the resources I was able to find on the web. Good Luck ! And yeah, it worked for me ! ""Joel Satterley"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Can anyone advise on the base set of equipment for running test labs as a > prep > for the CCIE lab ? > > I'm thinking - > > 4 x eth + tok routers (3 with at least one serial + 1 with three or more) > 2 x Cat switches (2900 + 4000) > 1 x Token ring switch. > 3 x PC's > > Anything else (apart from modems + ISDN, got plenty of that). Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33526&t=33412 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Neighbor commands...Yes or No?? [7:33486]
There are 2 different issues. 1. Layer 2 to Layer 3 mapping. 2. Routing You need to separate these 2 in order to understand how it all works. If I gave you all the answers then it wouldn't be fair to you as you need to grasp it for yourself, especially if planning to gor for CCIE. ""Cisco Nuts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello, > Would someone clarify this for me as I am getting very confused :-( > In a Frame-Relay hub-and-spoke config. using physical interfaces and > frame-relay map statements at the spokes and using OSPF, do we need to > configure neighbor commands? Yes or No? > From what I understand, OSPF works in a Non-Broadcast mode by default and > neighbor commands are only needed if not a full-mesh. In this case, will the > frame-relay map commands suffice to get from one spoke to another thru the > hub router? > Thank you. > > > _ > MSN Photos is the easiest way to share and print your photos: > http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33490&t=33486 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Backdoor! Lab on Friday, Please HELP! [7:33423]
I suspect your ISIS between Glori and Bilbo is either not working or this specific route is not exchanged with ISIS. Can we see the whole config for these bad boys ? Also, what happens when you shut the BGP session between Bilbo and Elrand, do you get the ISIS route then ? You don't need backdoor command on Erland either. "Wilson, Christian"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I am struggling with BGP backdoor. I seem to get the more complicated > aspects of BGP, but this backdoor command is really getting me down. I test > on Friday and would appreciate any help. In the configs below, BILBO and > GLORI have EBGP connections to ELROND. BILBO and GLORI have a ISIS > connection between each other. ISIS is actually running on all the routers > as an IGP. All the routers know about the network 3.0.0.0 from ISIS. GLORI > injects 3.0.0.0 into BGP using the network command and the update is sent > across the EBGP connection to ELROND, who in turn passes the update across > his EBGP connection to BILBO. BILBO has the "network 3.0.0.0 backdoor" > added to his configuration, but the BGP route still appears in the routing > table instead of the ISIS route. I have omitted a lot of the config files > because they are huge and harsh to read through, but I tried to include all > relevant text. I have tried this so many ways and times that I am beginning > to have doubts about myself since such a seemingly simple task is stumping > me. Please help!! > > hostname Bilbo > > interface Serial0/0 > no ip address > encapsulation frame-relay > ! > interface Serial0/0.1 multipoint > ip address 150.150.10.1 255.255.255.0 > ip router isis > ip ospf network point-to-multipoint > ! > interface Serial0/0.2 point-to-point > ip address 150.150.20.1 255.255.255.0 > ip router isis > ipx network 200 > ipx nlsp a1 enable > frame-relay interface-dlci 940 > ! > router bgp 100 > network 3.0.0.0 backdoor > neighbor 150.150.20.2 remote-as 200 > > Bilbo#b > BGP table version is 2, local router ID is 200.200.9.1 > Status codes: s suppressed, d damped, h history, * valid, > best, i - > internal > Origin codes: i - IGP, e - EGP, ? - incomplete > >Network Next HopMetric LocPrf Weight Path > *> 3.0.0.0 150.150.20.2 0 200 300 i > > Bilbo#i > i L2 1.0.0.0/8 [115/20] via 150.150.20.2, Serial0/0.2 > C2.0.0.0/8 is directly connected, Virtual-TokenRing2 > B3.0.0.0/8 [20/0] via 150.150.20.2, 00:26:45 > i L2 4.0.0.0/8 [115/20] via 150.150.10.2, Serial0/0.1 > O E1 5.0.0.0/8 [110/128] via 150.150.10.3, 00:29:29, Serial0/0.1 > O E1 200.200.220.0/24 [110/128] via 150.150.10.3, 00:29:29, Serial0/0.1 > > > > hostname Elrond > > interface Serial0/0.1 point-to-point > ip address 150.150.20.2 255.255.255.0 > no ip directed-broadcast > ip router isis > ipx network 200 > > interface Serial0/0.3 point-to-point > ip address 150.150.21.1 255.255.255.0 > no ip directed-broadcast > ip router isis > ipx network 21 > > router bgp 200 > network 3.0.0.0 backdoor > neighbor 150.150.20.1 remote-as 100 > neighbor 150.150.21.2 remote-as 300 > > Elrond#b > BGP table version is 2, local router ID is 200.200.240.1 > Status codes: s suppressed, d damped, h history, * valid, > best, i - > internal > Origin codes: i - IGP, e - EGP, ? - incomplete > >Network Next HopMetric LocPrf Weight Path > *> 3.0.0.0 150.150.21.2 0 0 300 i > > > hostname GLORI > > interface Serial0/0 > ip address 150.150.10.2 255.255.255.0 > no ip directed-broadcast > ip router isis > encapsulation frame-relay > > interface Serial0/0.2 point-to-point > ip address 150.150.21.2 255.255.255.0 > no ip directed-broadcast > ip router isis > ipx network 21 > > router bgp 300 > network 3.0.0.0 > neighbor 150.150.21.1 remote-as 200 > > GLORI#b > BGP table version is 2, local router ID is 200.200.230.1 > Status codes: s suppressed, d damped, h history, * valid, > best, i - > internal > Origin codes: i - IGP, e - EGP, ? - incomplete > >Network Next HopMetric LocPrf Weight Path > *> 3.0.0.0 0.0.0.0 0 32768 i > > GLORI#i > i L2 1.0.0.0/8 [115/30] via 150.150.10.1, Serial0/0 > C3.0.0.0/8 is directly connected, Virtual-TokenRing3 > C4.0.0.0/8 is directly connected, Virtual-TokenRing4 > i L2 5.0.0.0/8 [115/84] via 150.150.10.1, Serial0/0 > i L2 200.200.220.0/24 [115/84] via 150.150.10.1, Serial0/0 > i L2 6.0.0.0/8 [115/84] via 150.150.10.1, Serial0/0 > i L2 200.200.241.0/24 [115/84] via 150.150.10.1, Serial0/0 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33435&t=33423 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: tunneling with previously undefined endpoint? [7:32057]
If I get this correctly you can use dynamic-map feature as seen in the example here: http://www.cisco.com/warp/customer/707/ios_804.html ""the-other-jason"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Help, I can't think of a way to do this . :-( > > We have two IPSec "appliances" at work that require known, routable > addresses on their "non-secure" ethernet interfaces. > > We want to create a kit engineers can take home for remote IPSec access > into the network from personal cable/dsl connections. Our typical home > networks have a cheapo router running NAT. The router is getting a real > "outside" address from a service provider via DHCP (point "C" in the > drawing). On the inside, we use private addressing (point "B"). > > The problem is to configure an IPSec appliance with a real address but > connect it via the private address LAN at home. The obvious way to do > this is with a tunnel, so we've managed to scavenge a couple of old > 2500s for this purpose... > > > IPSec cheapo IPSec > appliance -->2500-->router-->ISP-->Internet-->3660-->2500-->appliance > A B C D > > Ideally, we want a tunnel from the left side of the left 2500 to either > the 3660 or the right 2500 so that we can give the left IPSec > appliance some of our address space. With GRE, however, you have to > specify the endpoint addresses in advance, and of course we don't know > what address the ISP will give one via DHCP > > After some reading, I _think_ PPPoE, L2F, PPTP, and L2TP won't help us much > > Does anyone have any ideas? > > Jason Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32059&t=32057 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Kindly assist. (IPSEC over ISDN + HSRP) [7:31116]
With the mix of dial profiles and correct crypto maps there shouldn't be a problem. ""Pius"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...> Hi, > > I am using ISDN routers to connect to 2 remote sites, the headquarter has 2 > router which will be running HSRP. > > The primary router and the remote sites' router are using IPSEC > tunnel.however, the backup router is not using IPSEC. > > The primary router has 2 BRI interface running 128k connecting to the 2 > remote sites router, however, the backup router has only 1 BRI interface. > > Is this configuration possible? i.e. when the primary fail, can the backup > router connected to the remote sites without using IPSEC using 1 channel > each? > > Thanks, > Pius Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31194&t=31116 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Regarding E1 controllers [7:31126]
It wouldn't work at all if framing was incorrect. You may be encountering a bug of some sort. I 'd make sure you have the lates IOS installed and that you PA revision is not too old. Some of these bad boys caused us problems when we first started using them but not any more. ""K.RAMESH BABU"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi , > > Having cisco7206 with Multichannel E1/PRI cards at service provider > environment .Terminated different 2Mbps customers on these cards. > Sometimes I find some customer ckt goes down and when I go for > checking "sh controller e1 " ,I find LOSS OF FRAME alarm. > By changing framing settings under controller configuration and again > revert back for the same framing settings once or twice, ckt is coming > up.Why this is happening so ? Is it related to some buffers problem > or some thing else? > > Pls write me back if anyone has similar problem or anyone knows the > reason. > > Thanks & regards > Ramesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31189&t=31126 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Activating VPN slows connection drastically, Why? [7:30043]
I don't know much about CheckPoint's VPN solutions but the logical things that could cause degradation in performance could be either client PC's that now with VPN are required to encrypt/decrypt data, the end point machine that has to do the same things, some issues within the infrastructure beyond the VPN Checkpoint machine, all or some of the above issues could cause problems. Simply more information is required for better analysis. ""Chuck Larrieu"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > can you clarify for me? > > HQinternet827bunch of PC's > > PC's are running the Checkpoint VPN client. VPN tunnels go from PC to HQ > Checkpoint device, with the 827 doing only routing/bridging ( depending on > how the ISP is set up ) > > Is this correct? > > When you say "the connection slows down" does that mean that prior to using > the VPN client, connection to HQ was fast? Or were you gauging by internet > access, as the PC's cannot access HQ without the client? > > You will want to differentiate what is slow and what is fast. Then it will > be easier to focus in on a cause. > > Chuck > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Bruce Williams > Sent: Monday, December 24, 2001 12:38 PM > To: [EMAIL PROTECTED] > Subject: Activating VPN slows connnection drastically, Why? [7:30043] > > > We have a DSL line connected through a Cisco 800 series router. The > connection is very fast until the checkpoint client software is activated to > access a checkpoint firewall vpn in the corporate office. This slows down > the connection drastically. What in the VPN could cause this? I just want to > get an idea where to start troubleshooting? > > Bruce Williams > Verizon > mailto:[EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30068&t=30043 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Lab Swap 01/11/2002 [7:27455]
All, I curently have 1/11/2002 scheduled to take the ccie lab in RTP. I cannot attend due to an unscheduled business trip. I would like to swap with a date between 3/1/2002 and 3/28/2002. Please email me back if you have a date in the range above and are willing to swap. Thanks, __ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27455&t=27455 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help with Voice over IP over ATM [7:25163]
You need to have VAD disabled in your dial-peers. ""William Lijewski"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have been looking for what is probably a one line command for about 2 days > now. > > In the lab I am working on you are to do Voice over IP over ATM SVC's. They > want it so if no one is talking it still sends empty voice packets. Right > now if no one is talking you can hear it go dead silent until someone speeks > again. How do you get the empty voice packets to be transmitted so the line > is constantly active even if no one is talking? > > I have looked in the Caslow book, searched the Cisco documentation CD, and > I'm just having no luck. Any help would be great. > > Thanks, > Bill L. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=25184&t=25163 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Confederations [7:24940]
Disregard my last post, I got it all messed up.. In confed cluster you peer over IBGP using a different AS than the confed ID, or real AS number. ""Henry D."" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > If you think about it, in the config you specify bgp process > as confed id, which means if you need to peer over IBGP > you actually peer with confed ID and not the real AS number. > So, yes you do need confed id specified on each BGP in confed cluster. > > ""McCallum, Robert"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi, > > > > If you have 4 routers within an confederation r1,r2,r3&r4. R1 has and > EBGP > > connection to another As so therefore has the bgp confederation id and > > confed peer statements on it. My question is do all of the IBGP router > > (r2,r3&r4) require the confed statements on them even if they are only > IBGP > > routers?? > > > > 14 days to go!! Starting to have some fun !! > > > > Robert McCallum Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24948&t=24940 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Confederations [7:24940]
If you think about it, in the config you specify bgp process as confed id, which means if you need to peer over IBGP you actually peer with confed ID and not the real AS number. So, yes you do need confed id specified on each BGP in confed cluster. ""McCallum, Robert"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > > If you have 4 routers within an confederation r1,r2,r3&r4. R1 has and EBGP > connection to another As so therefore has the bgp confederation id and > confed peer statements on it. My question is do all of the IBGP router > (r2,r3&r4) require the confed statements on them even if they are only IBGP > routers?? > > 14 days to go!! Starting to have some fun !! > > Robert McCallum Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24945&t=24940 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: To Passive or Not to Passive [7:24771]
In regards to Q number one. I think it would be much better not to specify passive interface under OSPF as long as your network statement does not include the IP of the interface in question. The reason for that, at least in my head, is that if I were a proctor I might think you don't understand how OSPF works. For question 2, passive should be a norm on interfaces you don't want to form neighboorship or sending routing updates. Make sure you understand that passive works differenty for RIP than for EIGRP. ""McCallum, Robert"" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Dear all, > > Before I take the leap into the lab (2 weeks to go now), I have a question > which has dogged me for a while now. Scenario below. > > > Router 1 has the following interfaces, Lo0, Eth0/0, S0/0, S0/1 and say > Fast0/1. > > Router 2 has the following interfaces Lo0, Lo1, Eth 0/1, S0/0. > > Between Router 1 (s0/0) and Router 2 (s0/0) we are running say OSPF. On > router 1 (e0/0 and s0/1) we are running RIP. > On Router 2 (e0/1 and lo1) we are also running Rip. > > Router 1 (lo0, s0/1) and Router 2 (lo0) are running Eigrp. > > Now for the questions > > 1. On router 1 OSPF process is running Q: should I put lo0,e0/0, fast0/1 > and s0/1 as passive interface ??? This worries me quite a bit as the > argument of if you dont put the network command under ospf then ospf will > not run on that interface...BUT I have been told that you should ALWAYS put > every > "in use" interface into passive if it is not being used under the routing > process. > > 2. This is not a question but a sanity check that for EIGRP and RIP then > the "norm" rules of passive interfaces apply. > > Thanks for anyones help in clearing this annoying matter up. > > Robert McCallum > Ext 730 3448 > DDI : 01415663448 > Mobile : 07818002241 > > > > > Message Posted at: > http://www.groupstudy.com/form/read.php?f=7&i=24771&t=24771 > -- > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] >
Re: Questions about PIX firewall [7:24634]
Yeah, there is a GUI but you'll be better off just trying to get used to the CLI. It's just better, trust me. By HA I suppose you mean High Availability, there is a good link describing how failover works: http://www.cisco.com/warp/customer/110/failover.html We've had good experience with failover, I think it rocks ! ""dovelet"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > > Our company wants to use PIX 515 firewall but I never use it before. I have > some questions and I hope someone can help me. > > 1. To configure a PIX, is there any GUI interface or need to use Command > Line Interface? If it has GUI interface, is it bundle with a PIX or need to > purchase separately? > 2. We plan to use 2 PIX for HA solution. Is it stable? > 3. Is there any materials to describe the PIX failover? > > Regards, > Dovelet Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24675&t=24634 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Slow wan link. TCP traffic "ok", UDP not okay. Please help! [7:24074]
And yes, you need to have anonymous login allowed if you don't want to specify a specific username: r2#debug ip ftp FTP transactions debugging is on r2#term mon r2#copy startup-config ftp: Address or name of remote host []? 192.168.168.101 Destination filename [startup-config]? Writing startup-config ! 1543 bytes copied in 0.300 secs r2# 00:52:04: FTP: 220 3Com 3CDaemon FTP Server Version 2.0 00:52:04: FTP: ---> USER anonymous 00:52:04: FTP: 331 User name ok, need password 00:52:04: FTP: ---> PASS [EMAIL PROTECTED] 00:52:04: FTP: 230 User logged in 00:52:04: FTP: ---> TYPE I 00:52:04: FTP: 200 Type set to I. 00:52:04: FTP: ---> PASV 00:52:04: FTP: 227 Entering passive mode (192,168,168,101,4,70) 00:52:04: FTP: ---> STOR startup-config 00:52:04: FTP: 125 Using existing data connection 00:52:04: FTP: 226 Closing data connection; File transfer successful. 00:52:04: FTP: ---> QUIT 00:52:04: FTP: 221 Service closing control connection ""Ouellette, Tim"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Yeah, try copying a 12 meg msfc .bin over a WAN link that has latency of > 125ms. So I only get to send 8 packets per seccond each as 512 bytes. > (1000ms/125ms = 8) > > tftp at the application layer is the one who sends the acks. For some > reason I can't do a a "copy flash ftp". I'm guessing because I don't have > anonymous login allowed on my ftp? Does that sound right? > > Tim > > > > -Original Message- > > From: Chuck Larrieu [SMTP:[EMAIL PROTECTED]] > > Sent: Tuesday, October 23, 2001 12:44 AM > > To: [EMAIL PROTECTED] > > Subject: Re: Slow wan link. TCP traffic "ok", UDP not okay. Please > > help! [7:23853] > > > > validating this thought, I have had reason to upgrade my router pod IOS > > images of late. Cisco's router Software Loader uses TFTP to copy new > > images > > into flash via a direct ehternet to ethernet connection. copying 16 meg > > images takes an inordinate amount of time, especially considering there > > are > > only two devices on the network involved. > > > > it would appear, then, that the router writes each packet to flash before > > requesting the next packet. at least that goes a long way towards > > explaining > > why the copies take several minutes on a 10baseT link with just the two > > devices connected via a crossover cable. > > > > thanks for the insight > > > > Chuck > > > > > > ""Priscilla Oppenheimer"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > One more (serious!) comment. I asked a protocol guru about the question > > of > > > TFTP being so slow. He agreed with the poster that the TFTP throughput > > > seems awfully low, but he agreed with me too that TFTP is not optimized > > for > > > throughput. He also mentioned one other stupidity with TFTP > > > implementations. He said that some actually write the 512-byte block of > > > data to the hard disk before ACKing and asking for the next block. So a > > > slow hard disk would cause problems. > > > > > > TFTP and UDP don't have a PSH bit like TCP has. With TCP, the sender > > would > > > output a bunch of data and then perhaps set the PSH bit which would tell > > > TCP to give the data (in RAM) to the application. At that point, you > > might > > > see a short hiccup as FTP wrote the data to the hard drive (not > > necessarily > > > because FTP could still keep the data in memory until the session is > > > closed; it's implementation-dependent.) > > > > > > TFTP is also implementation-dependent, but with some implementations, > > it's > > > one block at a time that is written to storage and then ACKed before > > more > > > data is sent. > > > > > > Since FTP works well, you have proof that the problem isn't with the > > > network. Can't you pass this onto the server or application people!? ;-) > > > > > > Priscilla > > > > > > At 02:34 PM 10/18/01, Priscilla Oppenheimer wrote: > > > >At 02:23 PM 10/18/01, Ouellette, Tim wrote: > > > > >Priscilla, > > > > > > > > > > > > > > > > > > >Thanks for the response. Any idea as to why the TFTP protcol over > > our > > > WAN > > > > >will run at 4k/sec and FTP at 165k/sec. I just figured that the > > smaller > > > > >packet size of UDP would help. > > > > > > > >Nope. That would not help. It would make the throughput worse. > > > > > > > > > I also thought that UDP is connectionless and > > > > >thefor requires no ACKS. > > > > > > > >TFTP has ACKs. > > > > > > > > > Other sites on our WAN I can transfer large files > > > > >via TFTP and they run at very good speeds. > > > > > > > >Have you done the same sort of comparison of FTP versus TFTP at those > > > >sites. I bet FTP has much better throughput. > > > > > > > > >I'm just concerned about this one > > > > >site. Any other ideas? > > > > > > > >See the message from Phil Barker. It made some good points about TFTP > > and > > > >UDP in general not being tuned for WANs. The next step would be to put > > a > > > >Sniffer on it and see what's really happening. But there m
Re: IPsec question!!! [7:24020]
The good book to read for (in my opinion) great IPSec coverage is "Enhanced IP Services For Cisco Networks" by Donald C. Lee - ISBN 1-57870-106-6 ""Hussam Adili"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Dear All, > > I have a question about IPsec tunnel mode. As I understood that it will > encrypt the original packet with its IP header and it will use another > IP header (the o/p interface address header) to route the packet over > the Internet (any open network). > > Does this mean that the source address can be a non-routerable IP > address and it can reach the destination address (which is also > non-routable) through the IPsec tunnel ? Or, for such senario we need to > use GRE tunnel first between the non-routable network addresses , then > encrypt using IPsec? > > Your help is appreciated > - > Regards > Hussam Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24069&t=24020 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Route Reflectors and Peer Groups [7:23765]
Hi there, Did you ever get an answer, or figured this out ? I can't quite get a clearer understanding of what they're talking about in the excerpt you submitted either. I was looking at the BGP case studies on cisco's web site and I still can't get it. Thanks ""Lupi, Guy"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Below is an excerpt from a Cisco case study on multiple route reflectors > within a cluster: > > An important thing to note, is that peer-groups were not used in the above > configuration. If the clients inside a cluster do not have direct IBGP peers > among one another and they exchange updates through the RR, peer-goups > should not be used. If peer groups were to be configured, then a potential > withdrawal to the source of a route on the RR would be sent to all clients > inside the cluster and could cause problems. > > The router sub-command bgp client-to-client reflection is enabled by default > on the RR. If BGP client-to-client reflection were turned off on the RR and > redundant BGP peering was made between the clients, then using peer groups > would be alright. > > Does anyone know what they mean? I know in IOS versions 12.0 and lower there > were issues with route reflection using peer groups, but I am trying to > figure out what they are trying to say here. What do they mean by a > potential withdrawal to the source of a route on the RR? Any help would be > appreciated. > > Guy H. Lupi > NOC Engineer > Eureka GGN > 270 Madison Avenue, 5th Floor > NY, NY 10016 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23823&t=23765 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Design Question - Spanning-tree Protocol. [7:23614]
Hmm, I think your STP/EtherChannel might be misconfigured. EtherChannel should be treated as a single logical link. With an STP running on top of it your both links should be forwarding. So in case one of the physical links fails, there is no need to re-calculate anything with STP. Are you sure they are configured for etherchannel and not just trunking ? ""Urooj's Hi-speed Internet"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi Folks, > I have a design in which Cisco 3548 XL's are GBIC-stacked on various floors > of a campus and are uplinked to a core Cat 6509 switch. The uplink from > every floor stack is ether-channeled to the core via two parallel equal-cost > paths. One uplink path starts "forwarding" and the other goes into > "blocking" mode from each floor stack. > > Here is my confusion... If only one link of a 400 MBps full-duplex > ether-channel fails from the forwarding path , will it invoke spanning-tree > recalculation ??? Or will the 'now' sub-optimal path still remain in > forwarding mode and the now more-bandwidth path remain in blocking mode ??? > > Since spanning-tree recalculation causes a lot of ripples throughout the > switched network, I would assume that the latter were true. However, I would > like to hear views from people who would think that the former scenario is > more probable. > > Thanks very much. > > Aziz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23637&t=23614 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPX transport control [7:23389]
My wife works for a pretty big Enterprise company. They have about 300 sites, all of them have IPX running. All WAN stuff is IPX EIGRP in addition to IP and some SNA. To me it would suggest that bigger Enterprise companies are still in need for network people with good IPX understanding, especially those who know how to control it :) This may be considered by some a legacy stuff, but legacy is what makes those who know it even more valuable... ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Thanks. That sounds right to me. By default the router discards a packet if > the IPX hop count reaches 16. But I discovered that you can configure the > number of hops with the "ipx maximum-hops" command. There wouldn't be any > need in a RIP network, because RIP can't learn about a network with 16 or > more hops. (16 means infinity.) But routers running EIGRP and NLSP can > learn about paths that are more than 15 hops away, so it might make sense > in those cases. > > Does anyone care about IPX anymore? IPX RIP? EIGRP for IPX? NLSP for IPX? > > Any feedback would be appreciated. Thanks. > > Priscilla > > At 09:50 PM 10/18/01, Henry D. wrote: > >I'm no expert at this but from I was able to get from cisco's web site is > >that the router discards the packet if the control field is set to 16 or up > >for ipx rip. > >In mixed environment, with both NLSP and RIP running, the router might > >have routes of greater than 16 if it learnt those routes using NLSP,the > >important thing > >would be the servers' configuration. If the server supports only RIP, then > >obviously > >the hop count would still be an issue and the server would discard the RIP > >update > >with 16 and up. To take the full benefit from NLSP and its hop count > >enhancement > >I'd think one would have to run NLSP in the whole network, including the > >servers. > > > >Again, i'm not experienced with IPX... > >""Priscilla Oppenheimer"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > The IPX header has a "transport control" field which is really a "hop > > > count." The sender sets it to zero. Each router adds one to it. > > > > > > Novell documentation used to show it as a 4-bit field with 4 bits > reserved > > > before it. Recent documentation shows it as an 8-bit field. Older > document > > > ion said a router would trash a frame if it arrived with a transport > > > control field already at 15 (0x). Recently I read this weird thing on > > > Novell's site: > > > > > > A RIP router discards the packet if the value in this field is greater > >than > > > 15. > > > > > > An NLSP router discards the packet if the value in this field is greater > > > than the value of the Hop Count Limit parameter, which is 127 by default. > > > > > > Is this believable? From what we know about the router having two > separate > > > tasks (forwarding and learning the topology), I think the hop-count > limits > > > happen when installing routes. I could believe that RIP and NLSP are > > > different. But when a router goes to forward a frame, is it really going > >to > > > behave differently with respect to hop count if it's running NLSP versus > > > RIP? Does it even care which protocol installed the route. The FIB > >probably > > > wouldn't even say which protocol installed the route? > > > > > > Chuck likes to remind us about these differences so maybe he has some > > > comments. > > > > > > Thanks > > > > > > Priscilla > > > > > > > > > > > > > > > > > > > > > > > > Priscilla Oppenheimer > > > http://www.priscilla.com > > > Priscilla Oppenheimer > http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23517&t=23389 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPX transport control [7:23389]
I'm no expert at this but from I was able to get from cisco's web site is that the router discards the packet if the control field is set to 16 or up for ipx rip. In mixed environment, with both NLSP and RIP running, the router might have routes of greater than 16 if it learnt those routes using NLSP,the important thing would be the servers' configuration. If the server supports only RIP, then obviously the hop count would still be an issue and the server would discard the RIP update with 16 and up. To take the full benefit from NLSP and its hop count enhancement I'd think one would have to run NLSP in the whole network, including the servers. Again, i'm not experienced with IPX... ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The IPX header has a "transport control" field which is really a "hop > count." The sender sets it to zero. Each router adds one to it. > > Novell documentation used to show it as a 4-bit field with 4 bits reserved > before it. Recent documentation shows it as an 8-bit field. Older document > ion said a router would trash a frame if it arrived with a transport > control field already at 15 (0x). Recently I read this weird thing on > Novell's site: > > A RIP router discards the packet if the value in this field is greater than > 15. > > An NLSP router discards the packet if the value in this field is greater > than the value of the Hop Count Limit parameter, which is 127 by default. > > Is this believable? From what we know about the router having two separate > tasks (forwarding and learning the topology), I think the hop-count limits > happen when installing routes. I could believe that RIP and NLSP are > different. But when a router goes to forward a frame, is it really going to > behave differently with respect to hop count if it's running NLSP versus > RIP? Does it even care which protocol installed the route. The FIB probably > wouldn't even say which protocol installed the route? > > Chuck likes to remind us about these differences so maybe he has some > comments. > > Thanks > > Priscilla > > > > > > > > Priscilla Oppenheimer > http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23466&t=23389 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Linux Syslogd and multiple device question [7:21910]
Install syslog-ng, much better for handling what you're describing. ""Telemachus Luu"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > > I have multiple nodes and have set up logging to a syslog server. > Currently, in my /etc/syslog.conf, I have local0.debug through local7.debug > being used writing to separate log files. On the first 8 devices, I have > set logging facility local0 throught local7 for each device accordingly. > However, how can I setup logging for the device beyond the 8th? I know I > can setup the same facility and parse out the info by IP, but I would prefer > to have separate files for each device. Any suggestions? > > Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21928&t=21910 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Passed CIT! CCNP At Last! [7:21919]
I would like to thank everyone on the list for posting and answering questions that helped me to understand various topics. CCDA is next. Thanks, Marcus CCNP, MCSE, MCP+I Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21919&t=21919 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Some questions about Cheetsheets 504 [7:20768]
Sorry, to all disturbed. I realized that I am doing this in a wrong way. I am new to the forum, how to take this back? Can i delete it? Or the administrator delete it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20861&t=20768 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Some questions about Cheetsheets 504 [7:20768]
Yes, they were just from my 504 exam last Friday. John, and I just got 923. Why should I post them here? Very simple, I read cheetsheets before the exam, and I think the answer from cheetsheet is wrong, and they all happened to my exam. I want to get the reasonable explanation, no matter I am right or wrong. I don't think I am just studying the answer, I have already passed, I want reasonable explanation. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20811&t=20768 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Some questions about Cheetsheets 504 [7:20768]
Although I have passed 504, score 923. But I still want to make this clear. 1. With VLAN routing, a switched VLAN corresponds to a(n) __ a. Bridge group b. Media interface c. ISI trunk interface d. Single routed subnet e. Spanning-tree branch why is c, not d? 2. In which transmission method are frames replicated as needed? a. Unicast b. Multicast c. Simulcast d. Broadcast The answer is b, but I think a is also right. 3. Applying an outgoing access list to an interface __. a. Results in no action taken by the MLS-SE b. Generates an MLSP message from the MLS-RP to the MLS-SE c. Purges any entries for flows on that interface and records no new entries d. Records enable packets only if the administrator sets the MLS RP IP ACL command on the interface e. Causes the MLS-SE to retain the MLS cache entries until they age out and no longer record any new entries Cheetsheets answer: C. but I think C is just right on its first statement, the last statment("records no new entries") is wrong, because just input ACL will lead all flow come to Router processer by default, not output ACL. 4. Which two statements about VLANs are true? (choose two) a. A trunk link does not have a native VLAN. b. A trunk link does not belong to a specific VLAN. c. All VLANs can be transported on a single trunk link. d. There are four identification techniques to determine which VLAN a frame belongs to when it is received on a trunk link. Cheetsheets answer: bc my choice: cd Why d is not right? 5. The router creates a CGMP frame __. a. And forwards it to a well-known address, 224.0.0.1 b. And forwards it to a well-known address to which all CGMP switches listen. c. And forwards it to the rendezvous point to ensure consistent configurations. d. And assigns it a TTL equal to or less than the TTL assigned to the forwarding instance. e. Containing the request type, the multicast group address, and the actual MAC addresses of the destination devices. Cheetsheets answer: b my answer: e cgmp message is sent to a well-know address all the switch can receive, but just the CGMP enable process the frame. Do u agree with me? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20768&t=20768 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
I want some help about this 504 questions [7:20767]
1. In a switch internetwork, which two situations would cause broadcast traffic to be contained within the physical segment? a. Host interface is constantly sending IGMP requests. b. Host interface is constantly sending frame fragments. c. Host interface is constantly sending IP echo requests. d. Host interface is constantly sending broadcast frames. e. Host interface is constantly sending frames with CRC errors. Cheetsheet's answer: be my choise: cd 2. In which two situations would cause broadcast traffic NOT be contained within the VLAN boundries? a. Host interface is constantly sending IGMP requests. b. Host interface is constantly sending frame fragments. c. Host interface is constantly sending IP echo requests. d. Host interface is constantly sending broadcast frames. e. Host interface is constantly sending frames with CRC errors. I still choose: cd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20767&t=20767 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Looking for CISCO newsgroups [7:17352]
Hi. This is my first post on this news group. I am working in an environment where I need to learn as much as possible about CISCO routers and switches, so I am looking for newsgroups as well as books and classes to take. My boss also wants me to evaluate a CISCO enterprise level routable switch that we have an opportunity to buy. He wants me to give him an assessment of what it is worth. Do any of you know some good sources to check on this? Are there other public news groups that you use for CISCO info? Please reply also to: [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17352&t=17352 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP ROUTING PRODUCT [7:12423]
Hi all: I need help with a training product I purchased called Cisco Interactive Mentor, IP Routing version 1.0. When finished configuring Router 1, the program instructs you to switch to Router 5 using the command Ctrl+Shift+6, X. This command is not working. What am I doing wrong? Thanks in advance. Marcus Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12423&t=12423 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CIM IP Routing [7:12422]
Hi all: I need help with a training product I purchased called Cisco Interactive Mentor, IP Routing version 1.0. When finished configuring Router 1, the program instructs you to switch to Router 5 using the command Ctrl+Shift+6, X. This command is not working. What am I doing wrong? Thanks in advance. Marcus Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12422&t=12422 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ´ð¸´: IOS upgrade, failure [7:3591]
It's very easy. You can use Unix tools gzip to compress the IOS file . Then change IOS file from *.bin to *.Z Final you should have 4MB plus IOS file size(uncompress) RAM Then you can play IOS 12.03 with 4MB flash and 18MB(16+2)RAM Good Luck "[EMAIL PROTECTED]" wrote: > You can't do that upgrade,I have also a 2503 with 4MB flash, i want IOS > 12.0??!! > > "John Brandis" > 7" 2001-05-08 09:04 > Gk4p84 8x "John Brandis" > > > JU 3-KM#: > 4+UfVB#: > VwLb#: IOS upgrade, failure [7:3513] > > Hey all, I am back on for the day, > Have a 2503 router with suspected 4MB flash. I need to upgrade from IOS > 10.2 > to at least 11.3. Problem is that IOS 11.3 is 5MB. > What can I do besides upgrade the flash.?? > > John Brandis > Network Engineer > GoWireless Communications > 155 George Street Sydney > +61 2 9251 5000 > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3591&t=3591 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ´ð¸´: IOS upgrade, failure [7:3592]
It's very easy. You can use Unix tools gzip to compress the IOS file . Then change IOS file from *.bin to *.Z Final you should have 4MB plus IOS file size(uncompress) RAM Then you can play IOS 12.03 with 4MB flash and 18MB(16+2)RAM Good Luck "[EMAIL PROTECTED]" wrote: > You can't do that upgrade,I have also a 2503 with 4MB flash, i want IOS > 12.0??!! > > "John Brandis" > 7" 2001-05-08 09:04 > Gk4p84 8x "John Brandis" > > > JU 3-KM#: > 4+UfVB#: > VwLb#: IOS upgrade, failure [7:3513] > > Hey all, I am back on for the day, > Have a 2503 router with suspected 4MB flash. I need to upgrade from IOS > 10.2 > to at least 11.3. Problem is that IOS 11.3 is 5MB. > What can I do besides upgrade the flash.?? > > John Brandis > Network Engineer > GoWireless Communications > 155 George Street Sydney > +61 2 9251 5000 > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3592&t=3592 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ´ð¸´: IOS upgrade, failure [7:3590]
It's very easy. You can use Unix tools gzip to compress the IOS file . Then change IOS file from *.bin to *.Z Final you should have 4MB plus IOS file size(uncompress) RAM Then you can play IOS 12.03 with 4MB flash and 18MB(16+2)RAM Good Luck "[EMAIL PROTECTED]" wrote: > You can't do that upgrade,I have also a 2503 with 4MB flash, i want IOS > 12.0??!! > > "John Brandis" > 7" 2001-05-08 09:04 > Gk4p84 8x "John Brandis" > > > JU 3-KM#: > 4+UfVB#: > VwLb#: IOS upgrade, failure [7:3513] > > Hey all, I am back on for the day, > Have a 2503 router with suspected 4MB flash. I need to upgrade from IOS > 10.2 > to at least 11.3. Problem is that IOS 11.3 is 5MB. > What can I do besides upgrade the flash.?? > > John Brandis > Network Engineer > GoWireless Communications > 155 George Street Sydney > +61 2 9251 5000 > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3590&t=3590 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ´ð¸´: IOS upgrade, failure [7:3593]
It's very easy. You can use Unix tools gzip to compress the IOS file . Then change IOS file from *.bin to *.Z Final you should have 4MB plus IOS file size(uncompress) RAM Then you can play IOS 12.03 with 4MB flash and 18MB(16+2)RAM Good Luck "[EMAIL PROTECTED]" wrote: > You can't do that upgrade,I have also a 2503 with 4MB flash, i want IOS > 12.0??!! > > "John Brandis" > 7" 2001-05-08 09:04 > Gk4p84 8x "John Brandis" > > > JU 3-KM#: > 4+UfVB#: > VwLb#: IOS upgrade, failure [7:3513] > > Hey all, I am back on for the day, > Have a 2503 router with suspected 4MB flash. I need to upgrade from IOS > 10.2 > to at least 11.3. Problem is that IOS 11.3 is 5MB. > What can I do besides upgrade the flash.?? > > John Brandis > Network Engineer > GoWireless Communications > 155 George Street Sydney > +61 2 9251 5000 > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3593&t=3593 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs [7:2602]
I'm not an expert in TACACS but I know you can have more than 1 server specified in the routers. I mainly used it just for authentication, in which case there was no problem whatsoever with this setup. If first specified server is not reachable, the other is being used. I don't think there would be an issue if I used authorization/accounting features either. There would simply be no need to try to fall back to the main server in case it came up while using the backup server on the current session. BTW, what do you mean by "terminating L2F tunnels" ? Do you just authenticate, or you also use the authorization/accounting features on the tunnel ? If so, could you elaborate a bit more on this topic ? ""Kevin Wigle"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Dear Group, > > A Tacacs question. > > Is it possible to configure Tacacs+ to use 2 different home gateways? > > Specifically, gate1 to be used to terminate L2F tunnels. > > If that fails, use gate2. > > And, another question if that is possible.. > > When gate1 is reachable again, will the users on gate2 be disconnected or > stay > there until they disconnect while "new" connections go to gate1 again? > > tia > > Kevin Wigle > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2630&t=2602 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Qual...Off-topic [7:1185]
You can't gather a mere $60 to help you pursue a $1550 exam (with lab) with some hint of legitimacy? That is very sad. Of course MAYBE I'm overreacting and you simply lost your codes for the referenced exams which you have already purchased, and you wish to study RIGHT THIS MINUTE and the B O S O N offices are not open yet for you to get the codes again. Yeah...that's probably it. Shame on me for thinking such bad thoughts initially --- now where's my crack pipe ;-] Quoting "[EMAIL PROTECTED]" : > Could somebody provide me the signature files of CCIE Qual 1 & 2, for > converting the trial versions of Boson tests ? > > If you want to take it offline, reply. > > -a CCNP > > - > Get free personalized email at http://email.lycos.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > -- FREE ANONYMOUS EMAIL! Sign up now. http://www.subdimension.com/freemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1186&t=1185 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Fwd: Re: sharing a Juniper exam experience [7:991]
C'mon Sean, do yourself some credit, I was sitting next to you and you finished in just under 15 minutes and got a 99%. I would say the Juniper exam is more like a gillion, zillion times more difficult than the CCIE exam. If anyone doubts any of this, you can check with the easterbunny, he was in seat #3, or elvis, in seat #4. I must admit being a bit shocked when John Chambers ran in and put a gold star on Sean's score report and offered to hire him away from his job at Juniper's Marketing Department. All in good fun. Quoting Sean Young : > Hi everyone, > > I took the Juniper exam yesterday and passed the exam with a score of > 80% (the passing score is 80%). In restropect, I have to say that the > materials are really difficult, the questions are very tricky but fair. > One thing I like about Juniper is that the exam is that even though the > questions are tricky, they are very interesting and challenging. The > exam lasted 90 minutes and I actually used the whole 90 minutes. When I > took the CCIE written 2 months ago, I don't remember the CCIE to be that > difficult. I remembered finishing the CCIE exam in about 30 minutes. > My score on the CCIE written was 95% so I think I got the concept down > very well. However, if anyone think that if you have a easy time with > the CCIE written, you should also have an easy with the Juniper exam, > then you are DEAD wrong (if I am wrong, please correct me on this one). > The juniper exam will make Cisco exam looks like child's play. If you > don't have hand-on experience with Juniper, you will have a very > difficult time with Juniper exam. Attending Juniper training will help > you somewhat for the exam, but it will not totally prepare for the exam. > With Juniper exam, if you don't have BGP, OSPF and MPLS down cold, and > I really mean it, you can just forget about taking the exam. Between > CCIE and Juniper, I would have to say that Juniper is about 5 times more > difficult than CCIE exam because I don't think any of us has that much > experience with traffic engineering. After taking the exam, I really > have an appreciation for Juniper Engineers. They REALLY know their > stuffs. There is just no f***ing at the core. If you are working with > Juniper product, you are at the major league. > > Anyone who did take the Juniper exam or about to and would like to share > your experience, I would like to hear from you. > > Sean > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > -- FREE ANONYMOUS EMAIL! Sign up now. http://www.subdimension.com/freemail - End forwarded message - -- FREE ANONYMOUS EMAIL! Sign up now. http://www.subdimension.com/freemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=996&t=991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]