RE: Frame Relay Back To Back Static PVC [7:72869]
Thanks Alex but when your routers are going back to back LMIs are turned off with the no keepalive command. I believe because a Frame switch is not involved in creating the PVC. In any case I updated the IOS image to 12.3.1a on both routers and the connection comes back up without any issues even after being unplugged and reconnected. Degracia, Alex wrote: > > Make sure lmi is being exchanged. > > Turn on keepalives for the pvc. > > > > -Original Message- > From: Maximus [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 24, 2003 11:13 AM > To: [EMAIL PROTECTED] > Subject: Frame Relay Back To Back Static PVC [7:72869] > > > Per these instructions, I am able to bring my frame connection > online: > http://www.cisco.com/warp/public/125/frbacktoback.html > > However when I intentionally break the connection (Pull the > Cable)the PVC doesn't automatically come back up. Is it because its > static to begin with? I know I'm probably missing something very > obvious but could you explain why the interface does not come back > online after being reconnected? So far, the only way I can get the > connection back online is by using a hard/software configured > loopback and removing it at which point I'm up, up. > > Thanks. > > BTW Using IOS versions 12.1(20) and 11.2(26)P4. Configs are > identical to the > instructions. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73505&t=72869 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Vty access class [7:72990]
I believe the standard ACL should be enough since your already specifying transport input ssh on line vty 0 4. Just my $0.02 Jablonski, Michael wrote: > > I'm having a bit of trouble with extended access-lists for vty > access. > Basically I'd like to setup an extended access list that only > allows ssh > access from certain IPs, but after creating the list and > applying it to the > VTY I lose access. But if I use a standard acl only allowing > certain IPs it > works fine... > > ip access-list extended local_shell > permit tcp host 192.168.1.2 host 192.168.1.1 eq 22 > > vty 0 4 > access-class local_shell in > transport input ssh > > Is the standard enough & is the above over-kill? > > Thanx, > mkj > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72991&t=72990 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco menu logins [7:72931]
SOCOM BROTHER!!! {-) - Original Message - From: "Tom Martin" To: Sent: Thursday, July 24, 2003 11:48 AM Subject: Re: Cisco menu logins [7:72931] > But I should keep the "All your base are belong to us" line in there??? :) > > It's a lab router! > > - Tom > > Reimer, Fred wrote: > > >If you use this in production you probably don't want to put "Welcome" in > >there. Plenty of note in Cisco course material on why not... > > > >Fred Reimer - CCNA > > > > > >Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 > >Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 > > > > > >NOTICE; This email contains confidential or proprietary information which > >may be legally privileged. It is intended only for the named recipient(s). > >If an addressing or transmission error has misdirected the email, please > >notify the author by replying to this message. If you are not the named > >recipient, you are not authorized to use, disclose, distribute, copy, print > >or rely on this email, and should immediately delete it from your computer. > > > > > >-Original Message- > >From: Tom Martin [mailto:[EMAIL PROTECTED] > >Sent: Thursday, July 24, 2003 9:47 AM > >To: [EMAIL PROTECTED] > >Subject: Cisco menu logins [7:72931] > > > >A couple of days ago I came across a new (to me anyway) Cisco feature, > >menus. So naturally I configured a router with menus to see how it > >works... Everything seems to work fine, except the login option. > > > >When Telneting to this router, I use the username and password as > >specified within the configuration file (attached in its entirety at the > >end of this post). Note: The "login authentication default" command > >isn't under the line configuration because it's default. After logging > >in the menu immediately appears as expected. > > > >All of the menu options work, but when I choose option 3 (which requires > >a second authentication), the command never runs! Here is an example > >where I re-authenticate properly: > > > >... text omitted ... > >9 Sign off > > > > Enter your selection, HUMAN: 3 > >Login required > > > >User Access Verification > > > >Username: fry > >Password: > > > >--More-- > >Welcome to my Cisco router > > All your base are belong to us. > >... text omitted ... > > > >Here is the output when I do not authenticate properly > > > >... text omitted ... > >9 Sign off > > > > Enter your selection, HUMAN: 3 > >Login required > > > >User Access Verification > > > >Username: alsdkfj;alsdkfj > >Password: > > > >% Authentication failed. > > > >--More-- > >Welcome to my Cisco router > > All your base are belong to us. > >... text omitted ... > > > >Has anyone ever successfully configured menus with a secondary > >authentication? Any ideas??? > > > >- Tom > > > >Full router configuration > >- > >Current configuration : 1593 bytes > >! > >version 12.2 > >service timestamps debug datetime msec > >service timestamps log datetime msec > >no service password-encryption > >! > >hostname Rtr-3 > >! > >logging queue-limit 100 > >enable secret 5 $1$F30N$HeewMLSkB0BkSZWKFr9BP1 > >! > >username fry password 0 guy > >aaa new-model > >! > >! > >aaa authentication login default local > >aaa session-id common > >ip subnet-zero > >! > >! > >no ip domain lookup > >! > >mpls ldp logging neighbor-changes > >! > >! > >! > >! > >! > >! > >! > >! > >! > >no voice hpi capture buffer > >no voice hpi capture destination > >! > >! > >mta receive maximum-recipients 0 > >! > >! > >! > >! > >interface Loopback0 > > ip address 1.0.0.1 255.255.255.0 > >! > >interface FastEthernet0/0 > > no ip address > > shutdown > > duplex auto > > speed auto > >! > >interface Serial0/0 > > no ip address > > shutdown > >! > >interface FastEthernet0/1 > > ip address dhcp > > duplex auto > > speed auto > >! > >interface Serial0/1 > > no ip address > > shutdown > >! > >ip http server > >ip classless > >! > >! > >! > >! > >menu TEST title ^C > > Welcome to my Cisco router > > All your base are belong to us. > >^C > >menu TEST prompt ^C Enter your selection, HUMAN: ^C > >menu TEST text 1 Show IP routing stuff > >menu TEST command 1 show ip route > >menu TEST text 2 Show IP protocol info > >menu TEST command 2 show ip protocol > >menu TEST text 3 Show the time > >menu TEST command 3 show clock > >menu TEST options 3 login > >menu TEST command bye menu-exit > >menu TEST text 9 Sign off > >menu TEST command 9 exit > >menu TEST line-mode > >! > >! > >radius-server authorization permit missing Service-Type > >call rsvp-sync > >! > >! > >mgcp profile default > >! > >dial-peer cor custom > >! > >! > >! > >! > >line con
Frame Relay Back To Back Static PVC [7:72869]
Per these instructions, I am able to bring my frame connection online: http://www.cisco.com/warp/public/125/frbacktoback.html However when I intentionally break the connection (Pull the Cable) the PVC doesn't automatically come back up. Is it because its static to begin with? I know I'm probably missing something very obvious but could you explain why the interface does not come back online after being reconnected? So far, the only way I can get the connection back online is by using a hard/software configured loopback and removing it at which point I'm up, up. Thanks. BTW Using IOS versions 12.1(20) and 11.2(26)P4. Configs are identical to the instructions. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72869&t=72869 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 640-861 CCDA [7:72217]
Sure Friend! Author: Priscilla Oppenheimer (---.ashlandfiber.net) Date: 07-16-03 17:38 The new CCDA course is very different. I haven't taken the test but I bet it's very different also. Here is a synopsis of the syllabus for the new course: The first module is on design methodologies. It teaches top-down network design. The recommended reading is "Top-Down Network Design." :-) Seriously, that's what the course suggests. The second module is on structuring and modularizing the network. Although it teaches the classic 3-layer hierarchical model (core, distribution, and access), it also focuses on Cisco's new SAFE architecture. See here for a SAFE study guide: http://www.cisco.com/warp/public/779/largeent/issues/security/safe.html The third module is on campus design. If you've taken any of Cisco's other tests, you should be OK, with this. It covers STP, VLANs, VTP, ISL, 802.1Q. The fourth module is on WANs. Same stuff you've heard before probably. The fifth module is IP addressing. Only new thing is a new focus on IPv6. The sixth module is on routing protocols. Top-Down Network Design would meet your needs there with a couple exceptions. The new course covers IS-IS and On Demand Routing (ODR). (Does anyone really use ODR, I wonder??) The seventh module is on security. SAFE should help there. The eight module is on Voice Transport in gory details. Get some voice books or read up on voice stuff and Cisco's AVVID here: http://www.cisco.com/en/US/netsol/netwarch/ns19/net_solution_home.html http://www.cisco.com/univercd/cc/td/doc/product/access/sc/rel9/soln/voip20/impl/scigdesn.htm http://www.cisco.com/warp/public/788/pkt-voice-general/7.html The ninth module is on network management. Andy Barkl wrote an article about the new CCDA for TCP Magazine. See here: http://tcpmag.com/Exams/article.asp?EditorialsID=71 Good luck! Priscilla Cisco Nuts wrote: > > Hello, > > Sorry, I myself did not catch it earlier. And I don't have a > login name > and password. Can you post Priscilla's thoughts on this new > exam. > > Thank you. > > Sincerely, > > >From: "Maximus " >Reply-To: "Maximus " >To: > [EMAIL PROTECTED] > >Subject: RE: 640-861 CCDA [7:72217] >Date: Sun, 20 Jul 2003 > 01:42:41 GMT > > >Did you catch the following comments compliments of > Priscilla: > > >~watch the wrap~ > >http://www.groupstudy.com/form/read.php?f=7&i=72415&t=72380 > > > >PacketEXPERTS wrote: > > > > I am looking to test next month > (CCDA > 640-861). > > > > I am looking for any and all books, tips and > info to > help test > > next month. > > > > Thanks > > > > > > = = = = = > = = = = = > = = = = = = = = > > Please send replys to: > > > > > [EMAIL PROTECTED] > > = = = = = = = = = = = = = = = = = > = > > > > > - > > Do you Yahoo!? > > SBC > Yahoo! DSL - > misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > MSN 8 with e-mail virus protection service: 2 months FREE* > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72669&t=72217 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 640-861 CCDA [7:72217]
Did you catch the following comments compliments of Priscilla: ~watch the wrap~ http://www.groupstudy.com/form/read.php?f=7&i=72415&t=72380 PacketEXPERTS wrote: > > I am looking to test next month (CCDA 640-861). > > I am looking for any and all books, tips and info to help test > next month. > > Thanks > > > = = = = = = = = = = = = = = = = = = > Please send replys to: > > [EMAIL PROTECTED] > = = = = = = = = = = = = = = = = = = > > - > Do you Yahoo!? > SBC Yahoo! DSL - Now only $29.95 per month! > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72642&t=72217 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Windows VPN through Cisco 2611 HELP!!! [7:69788]
Maximus wrote: oops i meant gre. replace esp with gre; should read: access-list 124 permit gre host (insert external vpn nic IP address) host 216.100.100.130 > > try: > > access-list 124 permit gre host (insert external vpn nic IP > address) host > 216.100.100.130 > > > - Original Message - > From: "Steve Collins" > To: > Sent: Thursday, May 29, 2003 5:41 PM > Subject: RE: Windows VPN through Cisco 2611 HELP!!! [7:69788] > > > > the reason i'm setting this up is to eliminate pc anywhere > and the ip > > addresses on the post are bogus. The inside nat address of > the vpn server > > is 192.168.1.180. I also have another nic with a public > address. What is > > the point of two nic cards? this may be a stupid question > but should the > > client connect to the external nic or the internal nic? > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=69841&t=69788 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT:P3 XEON to P4 Ugrade [7:66877]
Has anyone been able to successfully upgrade his or her systems hardware from a P3 Xeon Proc and Mobo to a P4 processor and motherboard without having to reinstall Microsoft 2000? I'm anticipating the B.S.O.D but I was curious... The processor, motherboard, memory, and power supply will be replaced. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66877&t=66877 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cool Tool Wish List [7:64991]
What about a tool that can determine the speed and duplex settings on multiple switch ports. CW2000 probably already does this but what about a tiny script...Maybe someone could post a link??? =) >Larry Letterman wrote: > > we have a tool like that. One of our script experts writes > stuff like that in > Perl.. > > Larry Letterman > Network Engineer > Cisco Systems > > > - Original Message - > From: John Neiberger > To: [EMAIL PROTECTED] > Sent: Monday, March 10, 2003 7:01 PM > Subject: Cool Tool Wish List [7:64991] > > > Here's a tool that would be relatively simple to write for > those with > good scripting skills (not me), and I'd love to get my hands > on it. > Wouldn't it be great to have a tool that could look at a > switch, > determine which interfaces have only a single host attached, > and then > change the port name or interface description to the hostname > of the > device? > > Man, I would love that! > > Okay, so I didn't really have a point... :-) > > John > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65035&t=64991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Veterans Benefits [7:64425]
Is that the correct link: can't find www.vfw.gov: Non-existent domainfred barreras wrote: > > Go to www.vfw.gov and you will find info on G.I. Bill benefits. > Iy also contains 800 number and email address where you can ask > them directly. They get back to you pretty fast. Good Luck. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64462&t=64425 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco VPN [7:63860]
I don't believe I'm meant to be able to accept incoming VPN requests and connect to my employer's VPN. Specifically the problem is VPN requests are serviced on the way in and at the same time I can successfully connect to my employer's VPN but I can't decrypt the packets coming back from my employer while I'm configured to accept VPN requests on my external interface (crypto map statement.) ODD or just not meant to be? Maybe its just the level of encryption? Any thoughts? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63860&t=63860 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Study groups in Jersey City? [7:62807]
Any CCIE study groups in the Jersey City area? -Max Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62807&t=62807 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: cisco IOS and VPN Client 3.X [7:61256]
try IOS Version 12.2(11)T3 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61260&t=61256 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: show trunk on 2924m-XL [7:60741]
2924Switch>sh int fa0/6 switchport Name: Fa0/6 Switchport: Enabled Administrative mode: static access Operational Mode: static access Administrative Trunking Encapsulation: isl Operational Trunking Encapsulation: isl Negotiation of Trunking: Disabled Access Mode VLAN: 10 (VLAN0010) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: NONE Pruning VLANs Enabled: NONE Priority for untagged frames: 0 Override vlan tag priority: FALSE Voice VLAN: none Appliance trust: none - Original Message - From: "Phil Wallisch" To: Sent: Thursday, January 09, 2003 3:36 PM Subject: show trunk on 2924m-XL [7:60741] > Does anyone know how to do the equivilant of a "show trunk" on an IOS > based switch? I've been having to do a "show run" to see if the port was > trunking. > > > > Help STOP SPAM: Try the new MSN 8 and get 2 months FREE* Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60823&t=60741 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: how to set extended range vlans (vlan number & [7:58617]
I believe you can create extended vlans in either Server/Transparent modes. You just cannot use VTP to manage these VLANs; they must be statically configured on each switch. watch the wrap http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_7_3/confg_gd/vlans.htm#xtocid9 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58619&t=58617 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: how to set extended range vlans (vlan number >1024) on [7:58610]
what CatOS are you running? set spantree macreduction {enable | disable} To: Sent: Thursday, December 05, 2002 12:17 AM Subject: how to set extended range vlans (vlan number >1024) on [7:58600] > the following is configuration of my cat6509: > > --- --- --- - -- > --- > 1 2WS-X6K-SUP2-2GE SAD053202VH Hw : 2.2 > Fw : 6.1(3) > Fw1: 6.1(3) > Sw : 6.3(3)X > Sw1: 6.3(3)X > WS-F6K-PFC2 SAD053301PG Hw : 2.0 > 2 2WS-X6K-SUP2-2GE SAD053302C4 Hw : 2.2 > Fw : 6.1(3) > Fw1: 6.1(3) > Sw : 6.3(3)X > Sw1: 6.3(3)X > WS-F6K-PFC2 SAD0532034X Hw : 1.4 > 3 8WS-X6408A-GBIC SAL05309JZU Hw : 2.0 > Fw : 5.4(2) > Sw : 6.3(3)X > 4 8WS-X6408A-GBIC SAL05309K0T Hw : 2.0 > Fw : 5.4(2) > Sw : 6.3(3)X > 5 48 WS-X6348-RJ-45 SAL0533ALLL Hw : 5.0 > Fw : 5.4(2) > Sw : 6.3(3)X > 6 8WS-X6408A-GBIC SAL06261Y3G Hw : 2.1 > Fw : 5.4(2) > Sw : 6.3(3)X > 15 1WS-F6K-MSFC2SAD053201MX Hw : 1.2 > Fw : 12.1(8a)E2 > Sw : 12.1(8a)E2 > 16 1WS-F6K-MSFC2SAD0532049U Hw : 1.2 > Fw : 12.1(8a)E2 > Sw : 12.1(8a)E2 > And i found in cisco document that 6509 can support vlan range between 1 and > 4094. > > but when i setup a new vlan as the following ,some mistake happened. > > 6509> (enable) set vlan 2000 > VTP advertisements transmitting temporarily stopped, > and will resume after the command finishes. > Cannot set vlans in extended range. > Reduced Mac Address feature is disabled in NVRAM. > > > can anyone tell me the reason? thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58610&t=58610 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pri, http://www.troubleshootingnetworks.com is dow [7:57611]
ok; online Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57618&t=57611 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pri, http://www.troubleshootingnetworks.com is down, any [7:57611]
Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57611&t=57611 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Clearing access lists counters [7:57241]
Worked for me on 12.2(12a): clear ip access-list counters - Original Message - From: "John Tafasi" To: Sent: Tuesday, November 12, 2002 5:22 PM Subject: Re: Clearing access lists counters [7:57241] > I tried this also and it did not work. He is what I did: > > > R5-2503#clear ip access-list count > > R5-2503#show access-lists abc > Extended IP access list abc > Dynamic test permit ip any any > permit ip host 10.10.110.16 any (38 matches) (time left 134) > permit tcp any host 10.10.110.3 eq telnet > R5-2503# > > ""Tim Metz"" wrote in message > news:200211120457.EAA20795@;groupstudy.com... > > although that should have worked, try clear ip access-list counter as > > well I just tested this on a 3662 and both commands worked (IOS 12.1) > > > > Tim > > > > ""John Tafasi"" wrote in message > > news:20022125.VAA01591@;groupstudy.com... > > > Can some one tell me how to clear access-list counters? I tried to use > the > > > command "clear access-list counters" but it did not work. Please see the > > > output of the show command below. > > > > > > R5-2503#show access-lis abc > > > Extended IP access list abc > > > Dynamic test permit ip any any > > > permit ip any any (158 matches) > > > permit tcp any host 10.10.110.3 eq telnet > > > R5-2503# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57334&t=57241 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multiple Supervisors, 6509 Chassis; Native IOS [7:51654]
I'm sorry Larry if I've caused any confusion but I only have a single 6509 with two supervisor 1 blades with msfc 2 in slots 1 and 2. Clay, I began to read the URL you posted and noticed in the second paragraph it states, "This paper is based on the hybrid software model for the Cat6500 Series...and not the Cisco IOS running natively." With that said please note the native IOS places these commands into the startup config by default; also I haven't been able to change these commands thus far: ! redundancy main-cpu auto-sync standard ! Jagan, I'm glad I'm not the only one! So I suppose its safe to conclude running native IOS on a 6509 w/two supervisor1 msfc2 modules yields a failover time of approximately 90-120 seconds. - Original Message - From: "Larry Letterman" To: Sent: Tuesday, August 20, 2002 1:34 AM Subject: RE: Multiple Supervisors 6509 Chassis; Native IOS [7:51654] > If you have two gateways(6509's) why goto the expense of two msfc's > in each chassis ? The failure should cause the hsrp to switch to the > secondary > 6509. Thats the way we run ours on our campus... > > > Larry Letterman > Cisco Systems > [EMAIL PROTECTED] - Original Message - From: "Larry Letterman" To: Sent: Monday, August 19, 2002 10:14 PM Subject: RE: Multiple Supervisors 6509 Chassis; Native IOS [7:51654] > we usually dont use dual msfc mods in our gateways..I'll ask some guys > on my team and find out...an dpost the reply. > > > Larry Letterman > Cisco Systems > [EMAIL PROTECTED] > > > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Monday, August 19, 2002 6:34 PM > To: [EMAIL PROTECTED] > Subject: Re: Multiple Supervisors 6509 Chassis; Native IOS [7:51654] > > > Hi Maximus > > I am using 6509 Sup2, MSFC2 and native IOS. Condition is the same. > If I pull the active sup it takes 2 minutes to reboot. > And all the blades also reboot. > > Larry > Is this the usual thing. > Pls let me know this is the type of redundancy provided in Cat 6509. > > thanks > jagan krishnaraj Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51727&t=51654 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multiple Supervisors 6509 Chassis; Native IOS [7:51654]
SUP 1/MSFC 2 - Original Message - From: "Larry Letterman" To: Sent: Monday, August 19, 2002 4:02 PM Subject: RE: Multiple Supervisors 6509 Chassis; Native IOS [7:51654] > I am assuming that both these are sup1/msfc1 modules... > > > > Larry Letterman > Cisco Systems > [EMAIL PROTECTED] > > > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Maximus > Sent: Monday, August 19, 2002 11:49 AM > To: [EMAIL PROTECTED] > Subject: Multiple Supervisors 6509 Chassis; Native IOS [7:51654] > > > This is how I learn: =) > Running IOS on my 6509, I wanted to see the amount of downtime I would cause > by deliberately causing the primary SUP to fail by one executing a reload on > the primary module and two simply pulling the primary from the chassis. > heeheehee > > What I found was the reload caused approximately 2 minutes downtime. This > was because the entire chassis of course booted. The secondary module did > however become the primary almost immediately following the reload command. > Now I figure that if I just removed the primary blade the system would > failover immediately and not reboot my 10/100/1000 blades. To my surprise, > this resulted in again 1 minute and 50 seconds downtime and network > connectivity was restored. BTW The blades also appeared to reboot. > > In terms of High Availability am I missing something? Considering these > results what would deter me from just sticking to HSRP. I am a novice and > looking for some constructive input. With that said note the following: > > IOS: > Cisco Catalyst 6000 (R7000) processor with 112640K/18432K bytes of memory. > R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3 Cache > ROM: System Bootstrap, Version 12.1(11r)E1, RELEASE SOFTWARE (fc1) > BOOTLDR: c6sup2_rp Software (c6sup2_rp-JSV-M), Version 12.1(11b)E4, EARLY > DEPLOYMENT RELEASE SOFTWARE (fc1) > > Hardware: > Router>sh mod > Mod Ports Card Type Model Serial > No. > --- - -- -- -- -- > --- > 12 Cat 6k sup 1 Enhanced QoS (Standby)WS-X6K-SUP1A-2GE > 22 Cat 6k sup 1 Enhanced QoS (Active) WS-X6K-SUP1A-2GE > 4 16 16 port 1000mb GBIC ethernet WS-X6416-GBIC > 9 48 48 port 10/100 mb RJ45 WS-X6348-RJ-45 > > Comments? > -Maximus Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51672&t=51654 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multiple Supervisors 6509 Chassis; Native IOS [7:51654]
thing about running the native IOS on the 6509 is the IOS autmatically configures the Primary and Secondary supervisors for me. Any change to the primary config or say Active blade is immediately applied to the secondary. Also note the secondary module is not available to configure while the primary is active. This means no console nor any other sort of access is available. It just remains say INACTIVE while the primary is online. - Original Message - From: Turpin, Mark To: 'Maximus' Sent: Monday, August 19, 2002 3:17 PM Subject: RE: Multiple Supervisors 6509 Chassis; Native IOS [7:51654] It would really help if you pasted your high availability config. -Original Message----- From: Maximus [mailto:[EMAIL PROTECTED]] Sent: Monday, August 19, 2002 1:49 PM To: Subject: Multiple Supervisors 6509 Chassis; Native IOS [7:51654] This is how I learn: =) Running IOS on my 6509, I wanted to see the amount of downtime I would cause by deliberately causing the primary SUP to fail by one executing a reload on the primary module and two simply pulling the primary from the chassis. heeheehee What I found was the reload caused approximately 2 minutes downtime. This was because the entire chassis of course booted. The secondary module did however become the primary almost immediately following the reload command. Now I figure that if I just removed the primary blade the system would failover immediately and not reboot my 10/100/1000 blades. To my surprise, this resulted in again 1 minute and 50 seconds downtime and network connectivity was restored. BTW The blades also appeared to reboot. In terms of High Availability am I missing something? Considering these results what would deter me from just sticking to HSRP. I am a novice and looking for some constructive input. With that said note the following: IOS: Cisco Catalyst 6000 (R7000) processor with 112640K/18432K bytes of memory. R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3 Cache ROM: System Bootstrap, Version 12.1(11r)E1, RELEASE SOFTWARE (fc1) BOOTLDR: c6sup2_rp Software (c6sup2_rp-JSV-M), Version 12.1(11b)E4, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Hardware: Router>sh mod Mod Ports Card Type Model Serial No. --- - -- -- --- 12 Cat 6k sup 1 Enhanced QoS (Standby)WS-X6K-SUP1A-2GE 22 Cat 6k sup 1 Enhanced QoS (Active) WS-X6K-SUP1A-2GE 4 16 16 port 1000mb GBIC ethernet WS-X6416-GBIC 9 48 48 port 10/100 mb RJ45 WS-X6348-RJ-45 Comments? -Maximus "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51663&t=51654 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Multiple Supervisors 6509 Chassis; Native IOS [7:51654]
This is how I learn: =) Running IOS on my 6509, I wanted to see the amount of downtime I would cause by deliberately causing the primary SUP to fail by one executing a reload on the primary module and two simply pulling the primary from the chassis. heeheehee What I found was the reload caused approximately 2 minutes downtime. This was because the entire chassis of course booted. The secondary module did however become the primary almost immediately following the reload command. Now I figure that if I just removed the primary blade the system would failover immediately and not reboot my 10/100/1000 blades. To my surprise, this resulted in again 1 minute and 50 seconds downtime and network connectivity was restored. BTW The blades also appeared to reboot. In terms of High Availability am I missing something? Considering these results what would deter me from just sticking to HSRP. I am a novice and looking for some constructive input. With that said note the following: IOS: Cisco Catalyst 6000 (R7000) processor with 112640K/18432K bytes of memory. R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3 Cache ROM: System Bootstrap, Version 12.1(11r)E1, RELEASE SOFTWARE (fc1) BOOTLDR: c6sup2_rp Software (c6sup2_rp-JSV-M), Version 12.1(11b)E4, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Hardware: Router>sh mod Mod Ports Card Type Model Serial No. --- - -- -- --- 12 Cat 6k sup 1 Enhanced QoS (Standby)WS-X6K-SUP1A-2GE 22 Cat 6k sup 1 Enhanced QoS (Active) WS-X6K-SUP1A-2GE 4 16 16 port 1000mb GBIC ethernet WS-X6416-GBIC 9 48 48 port 10/100 mb RJ45 WS-X6348-RJ-45 Comments? -Maximus Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51654&t=51654 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Unable to access MS Outlook using IPSec Lan-to-Lan [7:48540]
I thought I was the only one not able to traverse multiple domains through the VPN. This is interms of client/server applications. =) - Original Message - From: "Rod Rodericks" To: Sent: Wednesday, July 10, 2002 3:47 PM Subject: Re: Unable to access MS Outlook using IPSec Lan-to-Lan [7:48525] > I'm still trying to figure out if there's a way to allow multiple domains in > the VPN config > > domain? > > > - Original Message - > From: > To: > Sent: Wednesday, July 10, 2002 3:16 PM > Subject: RE: Unable to access MS Outlook using IPSec Lan-to-Lan [7:48496] > > > > can you ping the mail server by name? > > > > I experienced the same problem turns out, the remote pc was > > authenticating to a different domain than the mail server was on (no > > broadcast traffic between domains) after adding the mail server to the > host > > file on the PC, it worked fine. > > > > I'm still trying to figure out if there's a way to allow multiple domains > in > > the VPN config > > > > Hope it helps... lemme know if it doesn't work. > > > > -Original Message- > > From: George Kallingal [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, July 10, 2002 5:05 AM > > To: [EMAIL PROTECTED] > > Subject: Unable to access MS Outlook using IPSec Lan-to-Lan [7:48482] > > > > > > We have an IPSec LAN-to-LAN connection between two Cisco VPN 3000 > > Concentrators and for some strange reason, MS Outlook is unable to connect > > to the Exchange server on the other side of the tunnel. All other traffic > > seems to travel fine, and we know for a fact that the mailboxes are > > accessible locally. > > > > Has anyone experienced such a problem and found a solution? > > > > George Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48540&t=48540 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
All this talk about IDS.... [7:46690]
I've decided to take the plunge. 1.Has anyone ever successfully installed Snort on a 2000 box? 2.I downloaded Snort 1.8.6 and WinPcap. Dunno why I pulled down Winpcap, but I did. 3.Either way I'm just a newbie to Snort(IDS) and can't find a down and dirty guide to get started... Any help would be appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46690&t=46690 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Groupstudy Problem?!?! [7:44312]
Yes you are correct. I've been receiving little if any messages in comparison to the past. Also this AM the site was not even coming up. - Original Message - From: "s vermill" To: Sent: Thursday, May 16, 2002 3:18 PM Subject: RE: Groupstudy Problem?!?! [7:44312] > I've had difficulty hitting the web site. > > Michael Williams wrote: > > > > Hey all. the past few days, I've only been getting about 5 > > - 10 messages a day from groupstudy (I use Outlook Express as a > > News reader) and none of the posts I send in have been making > > it to the list > > > > Is this just me or has there been some recent troubles that I'm > > not aware of? > > > > Thanks! > > Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44316&t=44312 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: dual-homed hosts problems [7:43677]
Sorry list members, the spell-checker changed OSPF to SOP. - Original Message - From: "Maximus" To: Sent: Friday, May 10, 2002 12:40 PM Subject: Re: dual-homed hosts problems [7:43677] > I may be wrong but your friend is using a routing protocol and therefore the > below would not apply to the scenario. > As for running SOP on the server IMHO it would be overkill for this specific > situation. "Keep it simple." > Would I run SOP on a server? > Depends on why I had the server built in the first place. Have a nice day! > > - Original Message - > From: "Jeffrey Reed" > To: > Sent: Friday, May 10, 2002 8:27 AM > Subject: RE: dual-homed hosts problems [7:43677] > > > > I just talked to someone yesterday who said they are running OSPF on the > > WIN2000 servers and using dual NICs effectively. Is this a better way to > > dual home servers? > > > > Jeffrey Reed > > Classic Networking, Inc. > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Galo > > Villacis > > Sent: Thursday, May 09, 2002 7:18 PM > > To: [EMAIL PROTECTED] > > Subject: Re: dual-homed hosts problems [7:43677] > > > > I believe your issue may relate to the single IP stack on 2000. Try > > defaulting traffic to the internet and adding a static route to the > internal > > network opposed to specifying the gateway on the internal IP interface. > > Also I would go as far as disabling any NETBIOS on the external interface > > for security. > > > > cmd would be: > > > > route add -p Network Mask Gateway > > > > - Original Message - > > From: "Henrique Duarte" > > To: > > Sent: Thursday, May 09, 2002 5:48 PM > > Subject: Re: dual-homed hosts problems [7:43677] > > > > > > > Bulent, > > > > > > Thank you for the reply. I am afraid you may have misunderstood this > > > problem. Allow me to be more clear: > > > > > > > > > 192.168.0.1 - 192.168.0.150 - Host A - 128.59.39.3 > > > | (dual > > homed > > > server) > > > | > > > | > > > | > > > | > > > | > > > 128.59.39.2 > > > router A router > > > C Internet > > > | > > > 192.168.1.1 > > > | > > > | > > >T1 > > > | > > > | > > > 192.168.1.2 > > > | > > > router B > > > | > > > 192.168.2.1 > > > > > > > > > The problem happens on Host A. Host A is a WebServer with 2 > interfaces: > > a > > > public (which goes out to the internet) and a private (which talks to > the > > > database). The private interface has IP 192.168.0.150 and default GW > > > 192.168.0.1. The public has ip 128.59.39.3 and default GW 128.59.39.2. > > > Everything works fine if I leave the private interface's default GW > blank. > > > If I put Router C's address as the private interface's default gateway, > > > after some time I cannot ping anywhere from Host A, even though I can > ping > > > it from the outside world. I need to have the private interface > > configured > > > with 192.168.0.1 as the default GW because remote users need to be able > to > > > connect to that server via the back-end T1. Any light would be greatly > > > appreciated. > > > > > > Thanks, > > > > > > -H > > > > > > > > > - Original Message - > > > From: "B|lent ^ahin" > > > To: > > > Sent: Thursday, May 09, 2002 3:17 AM > > > Subject: RE: dual-homed hosts problems [7:43677] > > > > > > > > > > When configuring ethernet interfaces on MS environment, you have three > > > blank > > > > spaces to fill: IP_address, Subnet_mask and Default_gateway. So the > > people > > > > start to think every ethernet interface as a router: "This interface > > will > > > > route IP packets to the other interface, so the default gateway of the > > > first > > > > interface should be same as the IP address of the second interface.", > > but > > > > there is one router on the PC: CPU. Try to configure only one default > > > > gateway. You can use the command "route print"
Re: dual-homed hosts problems [7:43677]
I may be wrong but your friend is using a routing protocol and therefore the below would not apply to the scenario. As for running SOP on the server IMHO it would be overkill for this specific situation. "Keep it simple." Would I run SOP on a server? Depends on why I had the server built in the first place. Have a nice day! - Original Message - From: "Jeffrey Reed" To: Sent: Friday, May 10, 2002 8:27 AM Subject: RE: dual-homed hosts problems [7:43677] > I just talked to someone yesterday who said they are running OSPF on the > WIN2000 servers and using dual NICs effectively. Is this a better way to > dual home servers? > > Jeffrey Reed > Classic Networking, Inc. > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Galo > Villacis > Sent: Thursday, May 09, 2002 7:18 PM > To: [EMAIL PROTECTED] > Subject: Re: dual-homed hosts problems [7:43677] > > I believe your issue may relate to the single IP stack on 2000. Try > defaulting traffic to the internet and adding a static route to the internal > network opposed to specifying the gateway on the internal IP interface. > Also I would go as far as disabling any NETBIOS on the external interface > for security. > > cmd would be: > > route add -p Network Mask Gateway > > - Original Message - > From: "Henrique Duarte" > To: > Sent: Thursday, May 09, 2002 5:48 PM > Subject: Re: dual-homed hosts problems [7:43677] > > > > Bulent, > > > > Thank you for the reply. I am afraid you may have misunderstood this > > problem. Allow me to be more clear: > > > > > > 192.168.0.1 - 192.168.0.150 - Host A - 128.59.39.3 > > | (dual > homed > > server) > > | > > | > > | > > | > > | > > 128.59.39.2 > > router A router > > C Internet > > | > > 192.168.1.1 > > | > > | > >T1 > > | > > | > > 192.168.1.2 > > | > > router B > > | > > 192.168.2.1 > > > > > > The problem happens on Host A. Host A is a WebServer with 2 interfaces: > a > > public (which goes out to the internet) and a private (which talks to the > > database). The private interface has IP 192.168.0.150 and default GW > > 192.168.0.1. The public has ip 128.59.39.3 and default GW 128.59.39.2. > > Everything works fine if I leave the private interface's default GW blank. > > If I put Router C's address as the private interface's default gateway, > > after some time I cannot ping anywhere from Host A, even though I can ping > > it from the outside world. I need to have the private interface > configured > > with 192.168.0.1 as the default GW because remote users need to be able to > > connect to that server via the back-end T1. Any light would be greatly > > appreciated. > > > > Thanks, > > > > -H > > > > > > - Original Message - > > From: "B|lent ^ahin" > > To: > > Sent: Thursday, May 09, 2002 3:17 AM > > Subject: RE: dual-homed hosts problems [7:43677] > > > > > > > When configuring ethernet interfaces on MS environment, you have three > > blank > > > spaces to fill: IP_address, Subnet_mask and Default_gateway. So the > people > > > start to think every ethernet interface as a router: "This interface > will > > > route IP packets to the other interface, so the default gateway of the > > first > > > interface should be same as the IP address of the second interface.", > but > > > there is one router on the PC: CPU. Try to configure only one default > > > gateway. You can use the command "route print" to see what happens when > > you > > > configure two or more default gateways. > > > > > > Bulent > > > > > > > > > -Original Message- > > > From: Henrique Duarte [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, May 09, 2002 12:39 AM > > > To: [EMAIL PROTECTED] > > > Subject: dual-homed hosts problems [7:43677] > > > > > > > > > Hello All, > > > > > > I am working on some dual homed servers at a co-location where there is > a > > > public and private interface on each. The public interfaces attach to > the > > > internet via a router while the private ones are on its own separate > > private > > > subnet. The private subnet is attached to another router, which provides > > > remote users access to the private network via a T1 line. I am > > encountering > > > the following issue. When I set the private interfaces' default gateway > to > > > the private interface's router address, it works fine for about 10 > minutes > > > or so, but after that the server cannot ping and/or access the internet, > > > even though it is set with the public NIC to be the primary one. > However, > > as > > > soon as I take the default gateway out of the private interface NIC it > > works > > > fine and is able to ping the outside world. Does anyone have any ideas > why > > > this is happening and/or how to fix it? The servers are running Win
Re: Serial number [7:43211]; FYI Dion, Thierry [7:43236]
You can try: sh diag This will give you several serials! BTW I am a new comer so please no flame. Galo - Original Message - From: "Dion, Thierry" To: Sent: Friday, May 03, 2002 11:00 AM Subject: RE: Serial number [7:43211] > Nop >you cannot get chassis serial number on C7000 series router without this > command. > how can i get chassis serial on GSR 12000 series Router (show version don't > give it) > > -- show c7200 -- > > Network IO Interrupt Throttling: > throttle count=0, timer count=0 > active=0, configured=0 > netint usec=4000, netint mask usec=200 > > C7200 Midplane EEPROM: > Hardware revision 2.0 Board revision A0 > --> Serial number 18281725 Part number73-3905-03 > Test history 0x0 RMA number 00-00-00 > MAC=0001.6457.5000, MAC Size=1024 > EEPROM format version 1, Model=0x4 > EEPROM contents (hex): > 0x20: 01 04 02 00 01 16 F4 FD 49 0F 41 03 00 01 64 57 > 0x30: 50 00 04 00 00 00 00 00 00 02 22 50 00 00 FF 00 > > C7204VXR CPU EEPROM: > Hardware revision 4.2 Board revision A0 > Serial number 23322824 Part number73-3409-08 > Test history 0x7 RMA number 07-37-36 > EEPROM format version 1 > EEPROM contents (hex): > 0x20: 01 AE 04 02 01 63 E0 C8 49 0D 51 08 07 07 25 24 > 0x30: 50 00 00 00 00 00 00 00 00 00 FF FF FF FF FF 00 > > But look at the show version > > -- show version -- > > Cisco Internetwork Operating System Software > IOS (tm) 7200 Software (C7200-IS-M), Version 12.0(7)T, RELEASE SOFTWARE > (fc2) > Copyright (c) 1986-1999 by cisco Systems, Inc. > Compiled Tue 07-Dec-99 16:36 by phanguye > Image text-base: 0x60008900, data-base: 0x613D8000 > > ROM: System Bootstrap, Version 12.1(2824:081033) > [dbeazley-cosmos_e_LATEST 1 > 01], DEVELOPMENT SOFTWARE > BOOTFLASH: 7200 Software (C7200-BOOT-M), Version 12.0(4)XE, EARLY DEPLOYMENT > REL > EASE SOFTWARE (fc1) > > Router uptime is 2 hours, 6 minutes > System returned to ROM by reload at 14:19:15 Tue Mar 5 2002 > System restarted at 14:20:36 Tue Mar 5 2002 > System image file is "slot0:c7200-is-mz.120-7.bin" > > cisco 7204VXR (NPE300) processor with 40960K/24576K bytes of memory. > R7000 CPU at 262Mhz, Implementation 39, Rev 2.1, 256KB L2, 2048KB L3 Cache > 4 slot VXR midplane, Version 2.0... > > > the show version don't work for every components. > > Kind regards > > -Message d'origine- > De : Marko Milivojevic [mailto:[EMAIL PROTECTED]] > Envoyi : vendredi 3 mai 2002 16:08 > @ : [EMAIL PROTECTED] > Objet : RE: Serial number [7:43211] > Importance : Faible > > > > Hello, > > May i have a link on web Cisco for how to get chassis's serial numbers > > because > > it's differents According to equipements. > > Someone is strange like CISCO7200VXR (show c7200)!! > > You can always use show version and get the same info. > > > Marko. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43236&t=43236 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
802.1Q VLAN trunking with 2651 [7:1716]
Hi all, Need assistance in getting the above working. I have a 2651 with 2 x 10/100 interfaces and am trying to get 802.1Q VLAN trunking to work on 1 of the interfaces. Figured that I need IOS 12.1(7) with IP Plus features. Tried running IOS from TFTP as I don't have enough flash at the moment, but it did not work. Observed a boot loader error. Any suggestions? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1716&t=1716 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]