RE: OT Microsoft worm [7:74045]
I now know of some that have survived the BLASTER, and have totally fallen to NACHIA. WRT the laptop / unmanaged machine issue - we shouldn't trivialize this totally, even in cases where you are allowed to require patches there are cases where there are 250+ users in a building for every tech support rep, and not like they weren't busy before ... Having said that, I still think they should be patched and 'surpervised' :). For those curious about NACHIA, the short version is: Attempts to patch machine (ms03-026) Attempts to remove BLASTER Generates a tremendous amount of ICMP traffic, to the point that just a few compromised hosts seem to be sufficient to hammer networks down. The longer versions: Symantechttp://www.sarc.com/avcenter/venc/data/w32.welchia.worm.html Sophos http://sophos.com/virusinfo/analyses/w32nachia.html Network Assoc. http://vil.nai.com/vil/content/v_100559.htm SANShttp://isc.sans.org/diary.html?date=2003-08-18 Truly amazing. Thanks! TJ [EMAIL PROTECTED] -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Monday, August 18, 2003 3:23 PM To: [EMAIL PROTECTED] Subject: RE: OT Microsoft worm [7:74045] Evans, Timothy R (BearingPoint) wrote: > > I know of several organizations in the Washington / NoVa / MD > area that were > effected - the MD Motor Vehicle Administration was offline for > quite some > time, for example. > > > Sadly - too many people, many who should know better, assumed > that as long > as the "edge" was secured than all was good. Unfortunately it > only takes > one laptop (for ex) to break that theory :). Makes me wonder about people's security policies. Bringing in a laptop that isn't running software approved by IT shouldn't be allowed. This software should include patched OSs, anti-virus, and personal firewall. Of course, enforcing that is difficult. Friday night I was walking by a local bank and noticed that the ligths were still on. I had to chuckle when I looked inside and noticed IT guys hunched over PCs at the tellers' stations. I'm pretty sure I know what they were doing. And yes, IT guys are easy to recognize. You know who you are. :-) Today I went to my favoriate local coffee shop. The public Internet acccess PC was turned off with a sign that said, "Not in service due to virus. Bye, bye Miss American Pie." Ah, the day the music died. This blaster thing is yet another wake-up call. The big one is still coming. We are lucky that so far it's been benign tricksters attacking our networks. Sorry for the dire warning, but I truly predict a huge failure at some point. Argh > > > Luckily - this was/is a very sloppy worm: > Noisy enough to easily tracedown > Poor propogation method > Limited vectors of attack > No destructive payload > (don't get me wrong - having a backdoor is bad, but let's say > it wiped data > from hardrives 8 hours after infecting them, or performed some > other > non-randon act of data destruction) > ... and, to top it all off, its attempted DoS was to the wrong > URL and > was easily sidestepped, although some people caused local RST > floods on > their network by attempting to mitigate it incorrectly :) It's not just Microsoft that has software bugs! Getting the wrong URL was an amazingly stupid bug, but benign. A lot of the infamous worms of the past spread unintentionally like wildfire because of software bugs. Why is software so hard to get right? Well, I know why. But this has gotta change Priscilla > > > > Thanks! > TJ > ... not all windows admin's are incompetent > ... and some are network admins as well :) > > -Original Message- > From: Reimer, Fred [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 16, 2003 4:23 PM > To: [EMAIL PROTECTED] > Subject: RE: OT Microsoft worm [7:74045] > > For reasons of confidentiality I won't and can't name any > names, but I am > aware of several hospitals that were affected pretty > seriously. Everyone > here knows that Cisco Call Manager runs on Windows, so imagine > what happens > to your entire phone infrastructure if you are running VoIP. > Network grinds > to a halt and admitting can't access the applications to admit > people in the > ER. Lab orders don't go through, so meds can't be dispersed > based on the > results of tests. Everything goes back to a paper fall-back > scheme until > the Windows administrators patch the systems like they should > have done > weeks ago. > > So no, don't assume that even large organizations have a handle > on things. > Especially hospitals which
RE: OT Microsoft worm [7:74045]
I know of several organizations in the Washington / NoVa / MD area that were effected - the MD Motor Vehicle Administration was offline for quite some time, for example. Sadly - too many people, many who should know better, assumed that as long as the "edge" was secured than all was good. Unfortunately it only takes one laptop (for ex) to break that theory :). Luckily - this was/is a very sloppy worm: Noisy enough to easily tracedown Poor propogation method Limited vectors of attack No destructive payload (don't get me wrong - having a backdoor is bad, but let's say it wiped data from hardrives 8 hours after infecting them, or performed some other non-randon act of data destruction) .. and, to top it all off, its attempted DoS was to the wrong URL and was easily sidestepped, although some people caused local RST floods on their network by attempting to mitigate it incorrectly :) Thanks! TJ .. not all windows admin's are incompetent .. and some are network admins as well :) -Original Message- From: Reimer, Fred [mailto:[EMAIL PROTECTED] Sent: Saturday, August 16, 2003 4:23 PM To: [EMAIL PROTECTED] Subject: RE: OT Microsoft worm [7:74045] For reasons of confidentiality I won't and can't name any names, but I am aware of several hospitals that were affected pretty seriously. Everyone here knows that Cisco Call Manager runs on Windows, so imagine what happens to your entire phone infrastructure if you are running VoIP. Network grinds to a halt and admitting can't access the applications to admit people in the ER. Lab orders don't go through, so meds can't be dispersed based on the results of tests. Everything goes back to a paper fall-back scheme until the Windows administrators patch the systems like they should have done weeks ago. So no, don't assume that even large organizations have a handle on things. Especially hospitals which are notoriously on the low end as far as adequately staffing, at the right levels, their IT staff. One thing I sincerely hope is changed in our lexicon is calling Windows administrators "network administrators." It makes me physically ill, because those folks don't "administer" the "network," if anything they actually do can be classified as competent administration. They should be called what they are "systems administrators," or, if you want to be more specific, "Windows administrators." I personally think they deserve a classification of their own. All I can say is that the Windows systems that our group has to use and is responsible for were patched long ago, and did not exhibit any issues. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Saturday, August 16, 2003 1:22 PM To: [EMAIL PROTECTED] Subject: OT Microsoft worm [7:74045] Just wondering, is this new LOVSAN msblast worm as big as it seems to be? I've been helping lots of Windows users clean up their machines. They all had the worm. These are mostly home users. I can't believe they would use broadband, "always-on" access and not have a firewall, but they didn't! What are you all seeing? Is this a big one? I suppose enterprise networks are much better protected (hopefully) than the home networks I've been helping out with. One has to wonder if the huge power outage could be related. I can imagine a Windows computer somewhere in Ohio that played a surprisingly important role in keeping the grid working and had been infected. But I read a lot of science fiction. :-) By the way, the stupid worm is attacking the wrong Microsoft URL! So that aspect of it isn't going to be as bad as once thought. Comments? Priscilla **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html ** The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or
RE: wireless security and VPN software? [7:73988]
.. not a stupid question at all. The issues we ran into: 1. We put the wireless users on a completely untrusted segment 2. We needed to permit DHCP+DNS to clients pre-VPN connection DHCP to get an IP, obviously DNS because our VPN Profiles used DNS names 3. We needed to also permit access to the concentrator(s) (seems obvious, but you'd be surprised ... ) 4. We used CS-ACS for the auth., this works reasonably well for us. (aside from not being able to apply service packs to Win2k in a timely fashiondammit) Other issues: 1. Make sure your WAP's and VPN Concentrators are able to handle double the expected load . 2. Make sure you have good WAP coverage - once they can get wireless access from anywhere users will be miffed if they can't get access from their favorite corner of the lunchroom. 3. Maybe someone else has a answer for this - but one problem we do have is when a user roams from one WAP-area to another their VPN gets dropped. 4. If using all one brand you can go for other security options (e.g.-LEAP) 5. If it is a static, reasonably small user population you could also go for mac filtering. (I know - you can get around this, but ... think layers) The truly surprising part is that the client is willing to consider making a performance/ease-of-use sacrifices for security! You should run with it. Thanks! TJ -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 7:52 PM To: [EMAIL PROTECTED] Subject: wireless security and VPN software? [7:73988] For a large campus network that has a need for wireless access in conference rooms, cafeterias, etc., would it be overkill to require wireless clients to use VPN IPSec software to access the campus network? This is for a customer who is paranoid about security and understands the tradeoff of ease-of-use versus security. There are othere downsides with requiring VPN software, of course, including the usual issues of incompatibility with some apps, the lack of support for protocols other than IP, and the lack of support for multicast applications (from what I understand). Also, we have to consider the scalability of the current VPN solution and whether it can support numerous transient wireless users, but we think it can. There are many advantages with IPSec too, like support for encryption that actually works... What do you all think? Do any of you require your campus wireless users to use VPN software? Sorry if it's a stupid question. Priscilla ** The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74013&t=73988 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Technology, Certification, Skill Sets, and Altruiism in the [7:71358]
Good Morning! Statement 1: In general - businesses are not well known for being altruistic in their hiring & compensation practices. Statement 2: Any good manager would be rather foolish to not appreciate, and compensate accordingly, a hard-working and presumably valued employee. (S)He would also be rather foolish to pay more than needed ... there is a delicate balancing act, with a very precipitous fall into bankruptcy being one of the major indications of failure! Caveats:NOTE - I said the following -incredibly- subjective things: "good manager" "foolish" "accordingly" "hard working" "valued employee" "needed" .. furthermore the "valued employee" part may be invoking a bit of circular login, since the "value" may be seen as directly related to the compensation. Alternatively - your level of compensation may also be more indicative of what you WERE worth to the company AT ONE TIME, and if it exceeds certain levels may actually decrease your overall value to the company.("the highest paid are the first to go") .. let's get back to networking before I decide to go sell real estate ... Thanks! TJ -Original Message- From: n rf [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 8:48 AM To: [EMAIL PROTECTED] Subject: RE: Technology, Certification, Skill Sets, and Loo [7:70953] Mark E. Hayes wrote: > > Ok Sen. McCarthy, > > Your response is Bolshevik, get it? ;) All I'm talking about is > taking > care of people who took care of you. As an employee I have an > obligation > to do x amount of work. I always do more than that, it's a > pride thing. > I want the business I work for to prosper. What is wrong with > showing an > employee like that some loyalty. Hey, if the employer wants to do that, there is nothing wrong at all. What's 'wrong' is that you apparently expect them to do so. The employer is obligated to compensate you for your time according to whatever employment agreement you arranged when you were hired, nothing more, nothing less. If you want to altruistically give time and effort above and beyond what is necessary, that's your prerogative, but the employer is not obligated to reward you for it, and if you're truly being altruistic, then you shouldn't have anything to complain about, because altruism means to do something without any expectation of recompense. Now, if you're not being altruistic and you are willing to do extraordinary work but because you expect a reward for it, then you should play "Let's Make a Deal". Tell your employer that you're willing to do this-and-that task but only for such-and-such an increase in compensation or a similar arrangement.But if you don't do that, you can't complain ex-post-facto. ** The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71358&t=71358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Any suggestions for buying equipment for a home lab? [7:66468]
Anyone lease equipment? Best prices, ebay? Anyone have examples of a good home lab equipment list? Should I spend the extra couple grand on 2 3550s? How many of the routers should be 26XX? Should I purchase a set based switch? Timothy T. Lewis CCNP, CCDP, MCDBA, MCSE (2000) 1771 West Mason Morrow Rd. Lebanon, OH 45036 X Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66468&t=66468 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Lab study group in Cincinnati? [7:66431]
Anyone interested? Timothy T. Lewis CCNP, CCDP, MCDBA, MCSE (2000) 1771 West Mason Morrow Rd. Lebanon, OH 45036 X Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66431&t=66431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: URGENT Frame Relay Encapsulation Failing [7:62614]
When studying for the CCIE with friends, we decided that if you forget the "broadcast" keyword, the terrorists win. --T Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62754&t=62614 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Simple Ip issue (need help) [7:62728]
I think something is being lost in the translation... This confuses me, too. --T Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62753&t=62728 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Networking Academy [7:60953]
A friend of mine works for a local community college and is interested in starting up a Cisco Networking Academy. Is anyone familiar with how one goes about getting one of these started? Any information would be appreciated and passed on. Thanks Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60953&t=60953 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Network Academy [7:60952]
A friend of mine works for a local community college and is interested in starting up a Cisco Networking Academy. Is anyone familiar with how one goes about getting one of these started? Any information would be appreciated and passed on. Thanks Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60952&t=60952 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Vs. BS or MS dergree [7:59481]
This is a great question. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 18, 2002 12:38 PM To: [EMAIL PROTECTED] Subject: CCIE Vs. BS or MS dergree [7:59481] Hello I've been arguing with a collegue of mine which one would be tougher to achieve. I told him that it would be much more harder to have a computer science or a networking degree (you have to take the GRE and complete 2 or 3 years of school works) than a CCIE, but my collegue think other wise. He literally believes that having a CCIE is equivalent of having a Ph.d in Networking. I'd like to hear your thought. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59484&t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP/OSPF table-map tag question???? [7:56188]
table-map/bgp/ospf/origin code question. I'm having some trouble getting it to work. r1 has a loopback 1.1.1.1 and has a network statement in BGP for it, i'm taking the bgp routes, putting them into ospf and trying to tag them (with origin code) and then when that route makes it over to r3, trying to read the tag and set it again so it shows "i" and not incomplete but I can't seem to get the external tag data into ospf. Here's the setup.. 1.1.1.1 (lo1 in BGP as 1) R1---ospf0r2ospf0--r3(3.3.3.3 in bgp as 3) here's the relevant configs r1 nterface Loopback1 ip address 1.1.1.1 255.255.255.0 ! interface Serial0 ip address 192.168.1.1 255.255.255.0 encapsulation frame-relay ! router ospf 1 log-adjacency-changes redistribute bgp 1 subnets network 192.168.1.0 0.0.0.255 area 0 neighbor 192.168.1.2 priority 1 ! router bgp 1 table-map autotag bgp log-neighbor-changes network 1.1.1.0 mask 255.255.255.0 redistribute ospf 1 metric 5 match internal external 1 external 2 route-map tags no auto-summary ! route-map tags permit 10 set as-path tag ! route-map autotag permit 10 set automatic-tag r2 interface Ethernet0 ip address 172.16.1.2 255.255.255.0 ! interface Serial0 ip address 192.168.1.2 255.255.255.0 encapsulation frame-relay frame-relay map ip 192.168.1.1 201 broadcast ! router ospf 1 log-adjacency-changes network 172.16.1.0 0.0.0.255 area 0 network 192.168.1.0 0.0.0.255 area 0 neighbor 192.168.1.1 r3 nterface Loopback0 ip address 3.3.3.3 255.255.255.0 ! interface Ethernet0 ip address 172.16.1.3 255.255.255.0 ! router ospf 1 log-adjacency-changes redistribute bgp 3 subnets network 172.16.1.0 0.0.0.255 area 0 ! router bgp 3 table-map autotag bgp log-neighbor-changes network 3.3.3.0 mask 255.255.255.0 redistribute ospf 1 metric 5 match internal external 1 external 2 route-map tags no auto-summary ! route-map tags permit 10 set as-path tag ! route-map autotag permit 10 set automatic-tag here's the info about 1.1.1.0/24 from r1 but from r3's perspective. r3#sh ip bgp 1.1.1.0 BGP routing table entry for 1.1.1.0/24, version 7 Paths: (1 available, best #1, table Default-IP-Routing-Table) Not advertised to any peer Local 172.16.1.2 from 0.0.0.0 (3.3.3.3) Origin incomplete, metric 5, localpref 100, weight 32768, valid, sourced, best r3# 3#sh ip ospf data e OSPF Router with ID (3.3.3.3) (Process ID 1) Type-5 AS External Link States Routing Bit Set on this LSA LS age: 879 Options: (No TOS-capability, DC) LS Type: AS External Link Link State ID: 1.1.1.0 (External Network Number ) Advertising Router: 1.1.1.1 LS Seq Number: 8001 Checksum: 0xE6C5 Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 1 Forward Address: 0.0.0.0 External Route Tag: 0 LS age: 815 Options: (No TOS-capability, DC) LS Type: AS External Link Link State ID: 3.3.3.0 (External Network Number ) Advertising Router: 3.3.3.3 LS Seq Number: 8001 Checksum: 0x623C Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 1 Forward Address: 0.0.0.0 External Route Tag: 0 r3# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56188&t=56188 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: vpn clients on VPN3030, loosing connectivity to DNS servers [7:55365]
Dunno about the DNS issue; but WRT the client-session disconnects - their was a bug in some older version (don't recall the cutoff) that caused disconnects during periods of heavy traffic. Are any of the users who are having problems running the latest client code? Don't recall the actual "reason", but the fix was to upgrade the clients. One cool thing about the latest VPN Concentrator Code - it shows you what version the attached clients are running (administration, admin sessions); much easier than trying to ask a users ... :) (Are there any other bits of info you could provide(only happens during heavy loads, only happens when more than X clients connected, only happens on Tuesdays :) ...) (... and do you see anything in the event log ... I would assume TAC had you look already, but did you see anything of interest?) Thanks! TJ KPMG Consulting is now BearingPoint. As part of our Global Rebranding my email address has changed --> [EMAIL PROTECTED] -Original Message- From: Elijah Savage III [mailto:esavage@;digitalrage.org] Sent: Thursday, October 10, 2002 11:18 PM To: [EMAIL PROTECTED] Subject: RE: vpn clients on VPN3030, loosing connectivity to DNS servers [7:55332] If you find a fix for this please let me know because I have even opened a TAC case for this exact same thing and they have not been able to provide me with an answer. We were told to upgrade and did so to the latest on the concentrator which are 2 3030's, clients range from 3.5.4 to 3.6.2. Also from time to time our clients seem to get disconnected totally and have to reconnect, no answer for this either we have the idle time set for 2 hours. I have been disconnected in the middle of browsing the web so I know it is not the idle timeout causing it. -Original Message- From: Eagles Fan [mailto:sxp22@;hotmail.com] Sent: Thursday, October 10, 2002 9:28 PM To: [EMAIL PROTECTED] Subject: vpn clients on VPN3030, loosing connectivity to DNS servers [7:55324] Has anyone else experienced this? there are about 350 users connecting to VPN3030. Concentrator supplies two dns servers to the client upon connection. Occasionally and sporadically, loose access to dns servers. Usually doesn't last very long and regains access to them. It doesn't appear to loose the setting. just an inquiry, anyone? vpn 3030 Concentrator Version 3.5.4.Rel vpn clients range from 3.0.6 to 3.6.2 _ Send and receive Hotmail on your mobile device: http://mobile.msn.com ** The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55365&t=55365 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Show running-config all at once [7:54367]
depending on the device and how many slots are populated, show tech can be quite overwhelming ;-) -Original Message- From: McIntosh, Leslie (US - Tulsa) [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 28, 2002 10:08 AM To: Tim Metz; [EMAIL PROTECTED] Subject: RE: Show running-config all at once [7:54367] I just use show tech-support when I want my running-config without page breaks. I need the Page breaks due to the nifty feature of HyperTerminal with XP scambling the buffer once it gets full... Les -Original Message- From: Tim Metz [mailto:[EMAIL PROTECTED]] Sent: Fri 9/27/2002 4:12 PM To: [EMAIL PROTECTED] Cc: Subject: Re: Show running-config all at once [7:54367] so that's what that does, and that explains why cisco works is always using it. Tim ""John Neiberger"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Use "terminal length 0" from priveleged mode to turn off the more > prompt. > > HTH, > John > > >>> "Don Claybrook" 9/27/02 2:29:31 PM > >>> > Hello. > > A customer asked me if I knew of a way to show the running > configuration all > at once, not page-at-a-time ("-more-"). I have no idea, but any > hints, > clues, or outright answers would be appreciated. > > Thanks. &i=54372&t=54367 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] - This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. - If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. [GroupStudy.com removed an attachment of type application/ms-tnef which had a name of winmail.dat] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54424&t=54367 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: 2924 reboots when I plug in a console cabl [7:53135]
I have seen this happen quite often in the past. It is usually caused by the laptop sending a signal out the serial port upon boot up that causes the Cisco box to freak out. It has been noticed more ofter with Dell Laptops. -Original Message- From: Elijah Savage III [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 17, 2002 5:14 AM To: [EMAIL PROTECTED] Subject: RE: RE: 2924 reboots when I plug in a console cabl [7:53135] We had a ton of these devices at work that would do this exact thing. When I told some of the other engineers to be careful of it they laughed at me, until one of them plugged into the dmz switch in the middle of the day and had it reboot. Anyway I put in a tac case and of course the answer was to flash it, even after flashing it we still had the problem. I know this is going to sound stupid but what we found out is if we plug our machine in to the switch then turn the laptop on it would cause the switch to reboot. If we booted the laptop all the way up, then open up procomm plus before plugging in to the console port the switch would NOT reboot. We did this numerous times in our lab with 2900 switches. After explaining this to TAC they actually sent us replacements and we sent the others back. -Original Message- From: Ciaron Gogarty [mailto:[EMAIL PROTECTED]] Sent: Monday, September 16, 2002 11:07 AM To: [EMAIL PROTECTED] Subject: RE: RE: 2924 reboots when I plug in a console cabl [7:53135] Sorry to follow up this thread kind of late. We had a similiar problem, and one of the guys in work found out from cisco that a batch of switchs were sent out with the wrong setting's for the config-reg. Another feature... rgds, C -Original Message- From: Jason Owens To: [EMAIL PROTECTED] Sent: 13/09/02 13:25 Subject: Re: RE: 2924 reboots when I plug in a console cabl [7:53135] I actually am using a Dell laptop. I guess I'll have to look at that too. I was just going to upgrade the IOS on all of these switches. Thanks. [EMAIL PROTECTED] wrote: > > Are you using a DELL laptop. There is know problem with the Dell's > and some Cisco devices. Check CCO for more details. > > > > From: "Haakon Claassen (hclaasse)" > > Date: 2002/09/11 Wed PM 04:14:33 EDT > > To: [EMAIL PROTECTED] > > Subject: RE: 2924 reboots when I plug in a console cable > [7:53135] > > > > Never had it > > > > Configured over a hundred of these devices the field > > Using w2k and XP with Hyperterm or terraterm > > > > regs > > > > > > Haakon Claassen > > EMEA - IT Transport Services -WAN > > > > Cisco Systems > > De Kleetlaan 6b - Pegasus Park > > B-1831 Diegem (Belgium) > > > > > > > > -Original Message- > > From: Jason Owens [mailto:[EMAIL PROTECTED]] > > Sent: woensdag 11 september 2002 21:51 > > To: [EMAIL PROTECTED] > > Subject: 2924 reboots when I plug in a console cable [7:53135] > > > > When I plug in a console cable to some of my 2924's they > reboot (My > > coworker > > is convinced that it is Win2000 sending out a probe because of > > plug-and-play). I have only seen this on the 2924 and it > doesn't happen > > on > > all of the ones I have. Has this happened to anyone else? I > have been > > unable > > to find anything about this on the Cisco web site. > > > > Here is a sh ver from one of the switches this has happened > on: > > > > Cisco Internetwork Operating System Software > > IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version > 12.0(5)XU, RELEASE > > SOFTWARE (fc1) > > Copyright (c) 1986-2000 by cisco Systems, Inc. > > Compiled Mon 03-Apr-00 16:37 by swati > > Image text-base: 0x3000, data-base: 0x00301398 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53477&t=53135 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ACS Single SignOn (Cisco 5350/VPN3060/RADIUS) [7:52387]
RADIUS AUTHENTICATION SYNCHRONIZATION FOR A RAS/VPN SESSION. For a VPN Client, connecting to a VPN3060 concentrator on a dial-up session QUESTION - Can RADIUS ACS by synchronized for a Single Sign On use of both the RAS DialUp and VPN Client session. If RADIUS cannot do the job what other solutions exist? Tim Weil | Sr. Consultant | KPMG Consulting, Inc. | Public Services/Treasury | Office: 301.429.6251 | Cell: 301-452.3541| Fax: 240-337.1305 * The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52387&t=52387 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
configuring catalyst 1200 [7:52319]
Am not having any luck configuring a cat 1200 using hyperterm and the rollover cable and adapter that I used to configure a 2500 router. Am not seeing anything in the Hyperterm session. TIA!! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52319&t=52319 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF GRE tunnel to connect areas. [7:50579]
it's working. Had a couple of issues. First off, forgot to put my area 0 authentication on the tunnel. I also had my tunnel source/destinations mixed up Does anyone have any good notes they've taken on Tunnels? below is the config for r2 interface Tunnel1 ip address 192.168.1.1 255.255.255.252 ip ospf authentication ip ospf authentication-key cisco tunnel source Ethernet0 tunnel destination 150.1.222.5 and r5 interface Tunnel0 ip address 192.168.1.2 255.255.255.252 ip ospf authentication ip ospf authentication-key cisco tunnel source Ethernet0 tunnel destination 150.1.222.2 ! r5(#on Neighbor ID Pri State Dead Time Address Interface 150.1.222.2 1 FULL/DROTHER00:00:37150.1.222.2 Ethernet0 150.1.222.6 1 FULL/DR 00:00:39150.1.222.6 Ethernet0 150.1.111.3 1 FULL/DR 00:01:50150.1.111.3 Serial0 150.1.222.2 1 FULL/ -00:00:34192.168.1.1 Tunnel0 Tim On 3 Aug 2002 08:31:20 -, [EMAIL PROTECTED] ("Timothy Ouellette") wrote: >Hey team, > >Just playing around with OSPF and GRE tunnels and having no luck. Can >anyone help? > >Router1's s1 interface is in area 12 as is router2's s0. Between R2 >and R5 is area 51 >(network 151.1.222.0/24). As you can see in order for area 12 to >communicate with the rest >of the ospf network it needs a virtual link beween r2 and r5. I did >that and it worked. > >What i'm trying to do now is a GRE tunnel between r2 and r5. The tunnel >is up but r1 never >sees the routers that it did when the virtual-link was up. The tunnel >interfaces show up >can I ping the loopback on r5 from r2 and vice verase but r1 sees no >ospf routes. > > >R1--area12--R2area51--R5--area0 > (150.1.2.2) (151.1.5.5) > > >Below are the configs. Feel free to email me directly with my blunder >if you so desire. > > >r2's config >- >nterface Loopback0 > ip address 150.1.2.2 255.255.255.0 >! >interface Tunnel1 > ip unnumbered Loopback0 > tunnel source Loopback0 > tunnel destination 150.1.5.5 >! >interface Ethernet0 > ip address 150.1.222.2 255.255.255.0 >! >interface Serial0 > ip address 150.1.12.2 255.255.255.0 > clockrate 64000 >! >router ospf 1 > router-id 150.1.222.2 > log-adjacency-changes > network 150.1.12.2 0.0.0.0 area 12 > network 150.1.222.2 0.0.0.0 area 51 >! >ip classless >ip route 150.1.5.5 255.255.255.255 Ethernet0 > > >r5's config > >interface Loopback0 > ip address 150.1.5.5 255.255.255.0 >! >interface Tunnel0 > ip unnumbered Loopback0 > tunnel source Loopback0 > tunnel destination 150.1.2.2 >! >interface Ethernet0 > ip address 150.1.222.5 255.255.255.0 >! >! >router ospf 1 > router-id 150.1.111.5 > log-adjacency-changes > network 150.1.111.5 0.0.0.0 area 0 > network 150.1.222.5 0.0.0.0 area 51 >! >ip classless >ip route 150.1.2.2 255.255.255.255 Ethernet0 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50584&t=50579 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF GRE tunnel to connect areas. [7:50579]
Hey team, Just playing around with OSPF and GRE tunnels and having no luck. Can anyone help? Router1's s1 interface is in area 12 as is router2's s0. Between R2 and R5 is area 51 (network 151.1.222.0/24). As you can see in order for area 12 to communicate with the rest of the ospf network it needs a virtual link beween r2 and r5. I did that and it worked. What i'm trying to do now is a GRE tunnel between r2 and r5. The tunnel is up but r1 never sees the routers that it did when the virtual-link was up. The tunnel interfaces show up can I ping the loopback on r5 from r2 and vice verase but r1 sees no ospf routes. R1--area12--R2area51--R5--area0 (150.1.2.2) (151.1.5.5) Below are the configs. Feel free to email me directly with my blunder if you so desire. r2's config - nterface Loopback0 ip address 150.1.2.2 255.255.255.0 ! interface Tunnel1 ip unnumbered Loopback0 tunnel source Loopback0 tunnel destination 150.1.5.5 ! interface Ethernet0 ip address 150.1.222.2 255.255.255.0 ! interface Serial0 ip address 150.1.12.2 255.255.255.0 clockrate 64000 ! router ospf 1 router-id 150.1.222.2 log-adjacency-changes network 150.1.12.2 0.0.0.0 area 12 network 150.1.222.2 0.0.0.0 area 51 ! ip classless ip route 150.1.5.5 255.255.255.255 Ethernet0 r5's config interface Loopback0 ip address 150.1.5.5 255.255.255.0 ! interface Tunnel0 ip unnumbered Loopback0 tunnel source Loopback0 tunnel destination 150.1.2.2 ! interface Ethernet0 ip address 150.1.222.5 255.255.255.0 ! ! router ospf 1 router-id 150.1.111.5 log-adjacency-changes network 150.1.111.5 0.0.0.0 area 0 network 150.1.222.5 0.0.0.0 area 51 ! ip classless ip route 150.1.2.2 255.255.255.255 Ethernet0 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50579&t=50579 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IRC server down [7:49616]
Hey Geoff/All, is the irc.tacorp.net:6667 server down or has it changed? If anyone knows, please inform me as I like the real-time interaction with others studying for the lab. Thanks... Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49616&t=49616 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ebgp routes tagged when sent into OSPF? Weird Issue? [7:49226]
Having another wonderfull night listening to the hum of 10 routers. Here's the deal. router5 ebgp--- router3 - ospf area 0 - r1 Router 5 is generating a couple of external networks via the loopback. Namely 172.16.0.0/24, 10.0.0.0/24, 192.168.1.0/24, 69.69.0.0/16, and is also sending in a 0.0.0.0/0 default. On r3, i'm also using a "default-information originate" in order for the ospf speaks behind r1 to get the default. Everything was running fine and I started filtering with OSPF tags. The one thing that I noticed on r1 (see below) is that the 0.0.0.0/0 had already had a tag of "1" so when I started filtering things broke because I assumed that it would have a tag of 0 (like all the other ospf routes prior to modification/redistro) The next odd thing was that the routes that r3 was receving from BGP were getting redistributed into OSPF (i know, i know, bad design) but the weird part is that on r1 they were showing with a tag as 11 (which is the as that r5 is in) Below is a "sh ip ospf d" on r1. Does this look normal? All of the ebgp learned routes sent to r3 from r5 have an ospf tag of 11? r1#sh ip ospf d OSPF Router with ID (141.108.255.5) (Process ID 1) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 141.108.3.1 141.108.3.1 12470x8003 0x747B 2 141.108.4.1 141.108.4.1 607 0x8005 0xF601 1 141.108.255.5 141.108.255.5 12840x8003 0x9888 3 Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 141.108.255.1 141.108.255.5 12840x8002 0xA1A2 141.108.255.5 141.108.255.5 12840x8002 0x6CD4 Summary Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 141.108.4.0 141.108.4.1 14350x8002 0x4607 Type-5 AS External Link States Link ID ADV Router Age Seq# Checksum Tag 0.0.0.0 141.108.4.1 425 0x8001 0xBBF7 1 10.10.10.0 141.108.4.1 581 0x8001 0x78411 16.16.16.0 141.108.255.5 15320x8002 0xB1CB 0 69.69.0.0 141.108.4.1 582 0x8001 0xAC72 11 141.108.1.0 141.108.255.5 15320x8002 0x1A8B 0 141.108.2.0 141.108.255.5 15320x8002 0xAA04 0 141.108.3.0 141.108.255.5 12850x8002 0x9F0E 0 141.108.4.0 141.108.255.5 12850x8002 0x9418 0 141.108.255.0 141.108.255.5 15320x8002 0xC0EF 0 150.150.0.0 141.108.255.5 15320x8002 0xB5BD 0 172.16.1.0 141.108.4.1 582 0x8001 0xDF0C 11 192.168.1.0 141.108.4.1 582 0x8001 0xB38B 11 r1# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49226&t=49226 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IRC server. Geoff? [7:49203]
Is there still a IRC server for groupstudy folks? Sure could use some after hours support *grin* Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49203&t=49203 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF/RIP w/ Summary address. [7:49107]
Serial connection between r2 and r1 is hdlc on the 141.108.1.0/24 network with RIP running on it for both r2 and r1. R1-->R3 and R1--> R4 are running OSPF in area 0. Generating the 141.108.3.0/24 from lo0 on r4 and 141.108.4.0/24 from r3. r2 ---141.108.1.0/24 ---r1 -- 141.108.255.0/30-r3 \___ 141.108.255.4/30 r4 What i'm trying to do is get the 141.108.3.0/24 and 141.108.4.0/24 to show up on r2 as rip routes heard from r1. I'm redistributing ospf 1 into rip with a metric of 5. Since r1 is considered a border router because it's connected to another protcol I figured I could use the "summary-address 141.108.3.0 255.255.255.0" command to generate a summary address to r2. This did not work until a put a static route to null0 for that particular network and then it showed up. r2#r 141.108.0.0/24 is subnetted, 3 subnets C 141.108.1.0 is directly connected, Serial0 R 141.108.3.0 [120/1] via 141.108.1.4, 00:00:22, Serial0 R 141.108.4.0 [120/1] via 141.108.1.4, 00:00:22, Serial0 150.150.0.0/24 is subnetted, 1 subnets C 150.150.150.0 is directly connected, Loopback0 My understanding of the summary-address command is to normally take external routes and summarize them into OSPF but maybe I'm using it backwards in this case to solve the my issue. I would have also though that there would be the same /24 route installed in the rest of the OSPF routers but it is not there (atleast not as a /24) or in the ospf database. r4#r Gateway of last resort is not set 141.108.0.0/16 is variably subnetted, 5 subnets, 3 masks C 141.108.255.4/30 is directly connected, Serial0 O 141.108.255.0/30 [110/128] via 141.108.255.5, 00:09:10, Serial0 C 141.108.3.0/29 is directly connected, Loopback0 O 141.108.5.0/28 [110/129] via 141.108.255.5, 00:09:10, Serial0 O 141.108.4.0/28 [110/129] via 141.108.255.5, 00:09:10, Serial0 r4# I would have thought it would show up on R4 and R3 but only the /28's are. Below is the config of the router with the redistribution and the summary-addresses. Is there another way to do this with multiple ospf processes too or any other tricks you folks may know? r1#sr Building configuration... Current configuration : 2950 bytes ! version 12.2 no service single-slot-reload-enable service timestamps debug datetime localtime service timestamps log datetime localtime no service password-encryption ! hostname r1 ! logging rate-limit console 10 except errors enable secret 5 $1$eE3Z$08gdpU0xizpkuKkrvzmr0. ! clock timezone est -5 clock summer-time est recurring ip subnet-zero no ip finger ip tcp synwait-time 5 no ip domain-lookup ! no ip dhcp-client network-discovery frame-relay switching ! ! ! interface Loopback0 ip address 141.108.2.1 255.255.255.128 ip ospf network point-to-point ! interface Serial0 no ip address encapsulation frame-relay no fair-queue no frame-relay inverse-arp ! interface Serial0.1 point-to-point ip address 141.108.255.1 255.255.255.252 ip ospf network non-broadcast frame-relay interface-dlci 103 ! interface Serial0.2 point-to-point ip address 141.108.255.5 255.255.255.252 ip ospf network non-broadcast frame-relay interface-dlci 104 ! interface Serial1 no ip address shutdown ! interface Serial2 no ip address encapsulation frame-relay clockrate 64000 frame-relay intf-type dce frame-relay route 103 interface Serial4 301 frame-relay route 104 interface Serial5 401 ! interface Serial3 no ip address shutdown ! interface Serial4 no ip address encapsulation frame-relay clockrate 64000 frame-relay intf-type dce frame-relay route 301 interface Serial2 103 ! interface Serial5 no ip address encapsulation frame-relay clockrate 64000 frame-relay intf-type dce frame-relay route 401 interface Serial2 104 ! interface Serial6 no ip address shutdown ! interface Serial7 no ip address shutdown ! interface Serial8 no ip address shutdown ! interface Serial9 ip address 141.108.1.4 255.255.255.0 clockrate 64000 ! interface TokenRing0 no ip address shutdown ! interface BRI0 no ip address shutdown cdapi buffers regular 0 cdapi buffers raw 0 cdapi buffers large 0 ! router ospf 1 router-id 141.108.255.5 log-adjacency-changes summary-address 141.108.3.0 255.255.255.0 summary-address 141.108.4.0 255.255.255.0 passive-interface Loopback0 network 141.108.255.1 0.0.0.0 area 0 network 141.108.255.5 0.0.0.0 area 0 neighbor 141.108.255.6 priority 1 neighbor 141.108.255.2 priority 1 ! router rip redistribute ospf 1 metric 2 network 141.108.0.0 ! ip kerberos source-interface any ip classless ip route 141.108.3.0 255.255.255.0 Null0 ip route 141.108.4.0 255.255.255.0 Null0 ip http server ! alias exec ib sh ip int brief alias exec c config terminal alias exec sr sh run alias exec r sh ip route alias exec bs sh ip bgp summary alias exec b sh ip bgp alias exec cb clear ip bgp * alias exec on sh ip ospf neigh ! l end r1# Message Posted
RE: Queueing Question [7:47587]
your problem probably isn't their network, but the Internet (if that is their transport). VOIP doesn't mean: no long distance charges by putting our phone system on the internet. You can queue all day, but if the internet is congested, your QOS goes right out the door. --Tim saj wrote: > > Hi, > I have a customer who is having serious problems > regarding voice quality.They are doing Voip thru > Multitech VOIP box and their internet connection is > thru Cisco 1720.They have two locations and both > locations have the similar setup.Is this possible to > implement any sort of queueing in this scenario?(As > voice is not coming directly to Cisco router,whereas > VOIP is done by Multitech box).Is this recommended to > implement priority queueing in this scenario? > Thanks. > Saj > > __ > Do You Yahoo!? > Yahoo! - Official partner of 2002 FIFA World Cup > http://fifaworldcup.yahoo.com > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47590&t=47587 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RIP w/ key-chains [7:46673]
Yeah, it is kind of interesting. What's more interesting is the following. I think that when you define your key-chain and you put a space and the end that it doesn't really take that. What I think is happening is that when you try to apply it under the "ip rip authentication key test " with the space at the end. You'll notice that if you type that in and press ? that you can do the following "ip rip authentication key test 1 2 3 4 5 6 7 8 9 10" forever, does that mean you can call multiple key-chains? I'm not sure, so what I think may be happening is that space may be telling the router that there is another key-chain following the first one and then it cannot find the next one (cuz there isn't one) and that's why it fails. I accept your statement about the key-chaings being locally significant, but what about key id's? I remember reading somewhere that those have to be the same such that if your using key 1 on routera, key 1 better be on routerb. Or was that eigrp? I'll have to play "lab it up" a little more. Tim Nick Shah wrote: > Tim, > > Very interesting Q. > > However, one thing, *key Chain* names are only locally significant (on the > router on which its defined). *key string* should be same for "pair" of > routers (or adjacent routers which are going to exchange updates). I have > checked it at various sources, DOC CD under IP ROUTING PROTOCOL INDEPENDENT > features, and also in RIPV2 chapter in Doyle I. Both have stated that key > chain names are only locally significant, key-strings should be the same on > both ends. > > My guess regarding the behaviour of blank space is that when you are > defining key-chain , the space doesn't form a part of the actual name, but > when you are applying it to the interface its being considered (it could > also be the other way around). > > I will lab it up tonight and give it a check. > > rgds > Nick > - Original Message - > From: Timothy Ouellette > To: ; > Sent: Saturday, June 15, 2002 1:15 PM > Subject: RIP w/ key-chains > > > Okay folks, starting off a late night studying and noticed something > > weird. Got two boxes connected like so RouterA---RouterB > > > > Router B has a bunch of segments off of it. Something weird. Per some > > of the material I have, the key chain names are supposed to be the same > > but I've found that on routerA I can use the name "test" and router B I > > can use the name "test2" and it'll work (i.e Routes get passed properly) > > > > Router A > > > > key chain test > > key 1 > >key-string cisco > > > > ip rip authentication key test > > > > Router B > > key chain test2 > > key 1 > > key-string cisco > > > > ip rip authentication test2 > > > > But if on routerB, I change the key-chain name to "test ". (yes there is > > a space at the end) and apply the appropriate "ip rip authentication > > test " into the interface then the router spits back about it not liking > > the authentication (invalid authentication) > > > > Am I loosing my mind. "test" and "test12345" are the same but "test" > > and "test " are different? I know that in BGP, you can apply multiple > > route-maps and if you leave a space at the end, the router things there > > is another route-map your calling and therefor may not make it through. > > > > Thanks all! > > > > Tim > > _ > > Commercial lab list: http://www.groupstudy.com/list/commercial.html > > Please discuss commercial lab solutions on this list. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46673&t=46673 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RIP w/ key-chains [7:46670]
Okay folks, starting off a late night studying and noticed something weird. Got two boxes connected like so RouterA---RouterB Router B has a bunch of segments off of it. Something weird. Per some of the material I have, the key chain names are supposed to be the same but I've found that on routerA I can use the name "test" and router B I can use the name "test2" and it'll work (i.e Routes get passed properly) Router A key chain test key 1 key-string cisco ip rip authentication key test Router B key chain test2 key 1 key-string cisco ip rip authentication test2 But if on routerB, I change the key-chain name to "test ". (yes there is a space at the end) and apply the appropriate "ip rip authentication test " into the interface then the router spits back about it not liking the authentication (invalid authentication) Am I loosing my mind. "test" and "test12345" are the same but "test" and "test " are different? I know that in BGP, you can apply multiple route-maps and if you leave a space at the end, the router things there is another route-map your calling and therefor may not make it through. Thanks all! Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46670&t=46670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Serial no MAC [7:46429]
I would like to revise and extend your answer. :-) A serial interface is not *always* point-to-point. The answer actually depends on the Layer 2 protocol you are using. If you are using Frame-relay, you have a DLCI mapped to the IP address. On ATM you have a VPI/VCI combo. On point-to-point (PPP, etc...) the router, as Steven said, doesn't need a hardware address, since it is just sending and recieving on the interface where there is only one possible recipient, so the router only needs to know that the destination is out a specific p-t-p serial interface. -Tim Steven A. Ridder wrote: > > point-to-point, so no mac is needed. There is only one > recepient. > > -- > > RFC 1149 Compliant. > > > > ""Stanzin Takpa"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > When there is no MAC address on serial interface, how the > packets are > > routing ? > > > > > > > > Stanzin > > > > [GroupStudy.com removed an attachment of type > application/ms-tnef which > had > > a name of winmail.dat] > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46448&t=46429 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP Question [7:46255]
I may be off on this, but I think the bgp always-compare-med command enables the comparison of MEDs from different AS's for best path determination, but it does not make it the primary criteria. MED comparison is like step 6 in the path determination algorithm. check the following link on the Cisco Site: http://www.cisco.com/warp/public/459/25.shtml --Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46260&t=46255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: dial up problem [7:44244]
I don't think either other response actually answered the question. And the answer is: it depends. If you are in an area of the US with modern telephone switching equipment (i.e. almost all of it), I believe the answer is "No, it will make no difference." Should you find yourself on the set of "Deliverance" then it might be a problem, but evading the hillbillies who are proclaiming that you have a pretty mouth will be much higher on your list of priorities. You could also ask the telecom folks to replace your can of dialtone, as you think it may be running low. --Tim, the sarcastic Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44306&t=44244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BeachFrontDirect.com [7:44048]
I used BFQ on the MCSE, and it was perfect. Too Perfect. Right down to the typos on the MS test itself... It definately contributed to my perfect record on cert exams, but one must make sure they understand the concepts, not just memorize the answers. --Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44299&t=44048 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Number [7:44294]
I thought the 1st one was 1024 (1k). Don't know the most recent. --Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44298&t=44294 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: cmd. to test all 7 layers of the OSI?? [7:44157]
Sounds like your cow-orker was trained in the Miscrosoft way. Any networked application verifies the stack if it is functioning. --Tim Cisco Nuts wrote: > > Hello,What is the command that tests all 7 layers of the OSI?My > answer is > any protocol that works at the Application layer including > telnet, ftp > etc. But my coworker thinks it's only telnet?Anyone with > ideas??Thanks! > > > > Chat with friends online, try MSN Messenger: Click Here > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44223&t=44157 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DNS - Unicast or Broadcast? [7:44060]
Why would you have to set a DNS address or have it DHCP'd to you if you were going to broadcast the request? Unicast it is! --Tim Kaminski, Shawn G wrote: > > This may be a silly question but I'm tired of searching for the > answer, so > here's the question: > > Does a Windows client send unicast or broadcast packets when > querying a DNS > server(s)? > > The reason I'm asking is that I was looking through my old CID > book and came > across the statement that "Windows clients send unicast packets > to the WINS > server at a well-known address". However, there is nothing > regarding this > when it comes to DNS. An Internet search came up with the same > thing > everywhere I looked: "the Windows client sends a DNS query". > What kind of > query? Unicast or Broadcast? > > Shawn G. Kaminski > EDS Network Engineering - DowNET > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44090&t=44060 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: cheapest router supporting two ethernet ports [7:44061]
If all you need is 2 ethernet ports, and depending on your use for it, try to find a 3101. 2 ethernet, 0 serial, 1 Con, 1 Aux. They are fairly ancient, and not considered labworthy, but they (I think) can hold an IOS with the firewall set, and they can NAT. If they don't have the memory natively, it can always be upgraded. Oh, and since they were discontinued, they are cheap (when you can find them). --Tim Patrick Ramsey wrote: > > Anyone know what the cheapest cisco router is that supports 2 > ethernet ports? Either built in or modular. (if any of the > older 25xx series have two aui ports, that would work as > well!) I would also like to put IOS-firewall on it so memory > constraints may dictate which one I buy as well. > > thanks, > > -Patrick > > > > Confidentiality DisclaimerThis email and any files transmitted with it may contain > confidential and /or proprietary information in the possession > of WellStar Health System, Inc. ("WellStar") and is intended > only for the individual or entity to whom addressed. This > email may contain information that is held to be privileged, > confidential and exempt from disclosure under applicable law. > If the reader of this message is not the intended recipient, > you are hereby notified that any unauthorized access, > dissemination, distribution or copying of any information from > this email is strictly prohibited, and may subject you to > criminal and/or civil liability. If you have received this > email in error, please notify the sender by reply email and > then delete this email and its attachments from your computer. > Thank you. > > > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44089&t=44061 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Difference "spantree root" vs spantree p [7:43978]
It was also told to me (on the 5th day of christmas) that the "set spantree root" will dynamically decrement the spanning tree priority until that switch becomes the root bridge. Note, however, that the "set spantree root" command doesn't guarantee that the switch will become root. i.e. if two switches are using it. the priority will decrement to zero on both and we'll use another method to choose like MAC addresses. Thus spake someone to me. --Tim JohnZ wrote: > > Hi group, I am try to figure out what is the difference between > the > following two commands: > > set spantree root 5 > set spantree priority 0 5 > > Do both of them provide the same results: set vlan 5 as the > root bridge. > > Thanks. > JZ > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44036&t=43978 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Without any violation....... [7:43318]
**Shakes Magic 8-Ball** "My sources say No" Well, there you have it. The frame-switch is preconfigured for you. I got a similar response when I consulted it about the communications server. --Tim, the Cheerful Cynic. Juan Blanco wrote: > > Team, > > Do you have to setup the frame-relay switch when you take the > lab test or it > is already configure (save time), just a curiosity.. > > Thanks, > > J > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43417&t=43318 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: dot1q problem [7:43392]
See if this link helps your situation... http://www.cisco.com/warp/public/473/23.html --Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43394&t=43392 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Urgent help Please! [7:43084]
I'm glad someone else feels that way. Talk about opening yourself up for trouble... --Tim Gragido,William wrote: > > Members, > > This is a problem. I feel that is not only inappropriate for > someone to > solicit the aide of this board and its subscribers in order to > crack > passwords, its unethical and potentially illegal. No offense > Ravi, but this > is unacceptable given to current state of legislation regarding > Information > Security. Paul, its your call and as such, I will leave it to > your > discretion, however there are clear problems with this. > > Regards, > > Will Gragido > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of > [EMAIL PROTECTED] > Sent: Wednesday, May 01, 2002 11:19 PM > To: [EMAIL PROTECTED] > Subject: Urgent help Please! [7:43084] > > > Hi ! All, > > Can any one please break this password? > > enable secret 5 $1$rMrT$blzJIo4ZyCBfJkvu2CP/Z1 > > Thanks in advance. > > === > WARNING > This message may contain information that is confidential > and may be subject to the provisions of section 61A of the > Police Act 1958, which creates an offence to have unlawful > possession of Police documents. If you are not the > intended recipient of this message or have received > this message in error, you must not peruse, use, pass or > copy this message or any of its contents. > > Also note, the views expressed in this message may not > necessarily reflect those of the New Zealand Police. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43155&t=43084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: switching exam [7:43038]
You people spend MONEY on certification prep materials? I'm sorry. :-) --Tim Kaminski, Shawn G wrote: > > It's sad, the true signs of brainwashing :-) > > I never said anything was wrong with them. The proven track > record comes > from the fact that they've done a great job marketing their > products. Boson > has quality products, BUT, BUT, BUT, as I've mentioned before, > there are > other companies out there that offer materials that are just as > good if not > better than Boson and the prices are about 80% cheaper. I would > mention the > companies, but I have a financial interest in these companies > and I'd get > flamed to death (believe it or not, I also have a financial > interest in > Boson/Quizware, but not anywhere near as much as I'd like :-) ) > You can't > really blame Boson for their high prices because they have to > pay a > percentage to their authors. Plus, like you said, people have > been > brainwashed into believing that Boson is the only company out > there, which > allows Boson to charge higher prices. > > So, look around a little and take a chance on some of these > other companies. > Don't worry, no one is going to yell at you for spending less > money on > certification materials :-) I'm just trying to save people some > money while > at the same time hoping that I make a little, as well! > > Shawn K. > > > -Original Message- > > From: Jon Krabbenschmidt [SMTP:[EMAIL PROTECTED]] > > Sent: Wednesday, May 01, 2002 8:28 PM > > To: [EMAIL PROTECTED] > > Subject:RE: switching exam [7:43038] > > > > Boson worked well for me too, but I hardly consider $40 > expensive > > especially > > given the cost of others. > > > > Jon > > > > -Original Message- > > From: Adam Hickey [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, May 01, 2002 4:22 PM > > To: [EMAIL PROTECTED] > > Subject: Re: switching exam [7:43038] > > > > I don't think I could have gotten through my tests without > Boson's help - > > other than being expensive, what is wrong with them? I don't > think I see a > > cult here but I do see the proven track record and the > quality name Boson > > has developed for themselves. High price is a direct result > of high demand > > - > > simple economics. > > > > > > > > Adam Hickey > > [EMAIL PROTECTED] > > > > > > > > - Original Message - > > From: "Kaminski, Shawn G" > > To: > > Sent: Wednesday, May 01, 2002 3:31 PM > > Subject: RE: switching exam [7:43038] > > > > > > > Please, people, snap out of the Boson trance. I can't take > it anymore. > > :-) > > I > > > just had a discussion with Paul Borghese a few days ago > about how Boson > > > always gets through the filters but other vendors don't. > Hopefully, that > > > will change soon and we'll start to see better and less > expensive > > options > > > come through the list without being filtered. In fact, I > wonder if this > > will > > > make it through the filter since I'm saying something "bad" > about the > > Boson > > > cult? :-) > > > > > > Please proceed with flaming, ragging, name calling, tar and > feathering, > > etc. > > > However, one of these days you'll thank me from preventing > you from > > getting > > > that Boson tattoo on your chest ( on the ankle for the > ladies) :-) > > > > > > If you're up for an argument, please email me offline :-) > > > > > > Shawn K. > > > > > > > -Original Message- > > > > From: NetEng [SMTP:[EMAIL PROTECTED]] > > > > Sent: Wednesday, May 01, 2002 5:18 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: switching exam [7:43038] > > > > > > > > just took that switching exam: 79 ?'s, 90 minutes and 699 > to pass. > > pretty > > > > easy test, boson's were great as usual. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43156&t=43038 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem with access-list [7:43021]
I don't think you can filter based on MAC with Ethernet... There is a technology in which you can, but I'm drawing a blank on what it was. I think it was Token Ring only or some such nonsense. I think that it's irrelevant, however, since it's still a router function and the switching engine is still going to blissfully forward packets and ignore your access-lists. --Tim Christian Fredrickson wrote: > >IP standard access list > IP extended access list > IP standard access list (expanded range) > IP extended access list (expanded range) > > Then is it possible to create an access list based on the host > MAC address? > > Chris > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Thursday, May 02, 2002 8:36 AM > To: [EMAIL PROTECTED] > Subject: RE: Problem with access-list [7:43021] > > > OK, I'm not an all-powerful CCIE, but I'll take a stab at this. > > Applying an access list to a switch is only going to limit > access to and > from your management interface. Switched traffic through the > switch is > still switched traffic, and by and large, a switch doesn't ever > look at IP > information, thus wouldn't filter anything based on an IP > address. > > That would explain why you can't ping the host from the switch > (I'd imagine > you are getting a "Request Timed Out") but the traffic from the > outside > world still gets through. > > Also, What's up with the "2000" access list? Would not an > extended IP list > be 100-199? > > --Tim > > Christian Fredrickson wrote: > > > > Running a Cisco switch 3548XL > > Trying to block a specific IP address. The access-list looks > > like: > > (I substituted the IP addresses) > > access-list 2000 deny ip host ip_address any > > access-list 2000 permit ip range.0 0.0.0.255 any > > access-list 2000 deny ip any any > > > > All ports on this switch belong to the same VLAN and all other > > switches use > > this switch to get to the upper layer switch and use that to > > get to the > > router. The vlan looks like: > > (I substituted the IP addresses) > > interface VLAN1 > > description line > > ip address switch_ip 255.255.255.0 > > ip access-group 2000 in > > > > But I can still ping the host from external addresses. Why is > > this ACL not > > working? > > > > Thank you all in advance. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43153&t=43021 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem with access-list [7:43021]
well, that's a bit twisted. :-) I guess those 200 other IP access lists were not enough? I fear the router which can use them all and still somehow forward packets. I'm curious to find if I was correct on the other bit, though... The access list should only apply to the Management functions on the switch, right? Just because it's an IOS switch doesn't mean it has routing functions. Switched traffic would not be effected by an access list applied to the switch. It would only limit traffic from the specified host from, say, telnetting into the sc0 (or keep pings from returning). The rest of the time, the switch will keep on passing traffic based on Layer 2 information, and never pay attention to Layer 3. --Tim, I so much want to be right on this... :-) Marko Milivojevic wrote: > > > Also, What's up with the "2000" access list? Would not an > > extended IP list > > be 100-199? > > 2000-2699 are also extended IP lists. Cisco calls them > "expanded > range" :-). Sort of reminds me of expanded and extended memory > in DOS days > ;-) > > > Marko. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43137&t=43021 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem with access-list [7:43021]
OK, I'm not an all-powerful CCIE, but I'll take a stab at this. Applying an access list to a switch is only going to limit access to and from your management interface. Switched traffic through the switch is still switched traffic, and by and large, a switch doesn't ever look at IP information, thus wouldn't filter anything based on an IP address. That would explain why you can't ping the host from the switch (I'd imagine you are getting a "Request Timed Out") but the traffic from the outside world still gets through. Also, What's up with the "2000" access list? Would not an extended IP list be 100-199? --Tim Christian Fredrickson wrote: > > Running a Cisco switch 3548XL > Trying to block a specific IP address. The access-list looks > like: > (I substituted the IP addresses) > access-list 2000 deny ip host ip_address any > access-list 2000 permit ip range.0 0.0.0.255 any > access-list 2000 deny ip any any > > All ports on this switch belong to the same VLAN and all other > switches use > this switch to get to the upper layer switch and use that to > get to the > router. The vlan looks like: > (I substituted the IP addresses) > interface VLAN1 > description line > ip address switch_ip 255.255.255.0 > ip access-group 2000 in > > But I can still ping the host from external addresses. Why is > this ACL not > working? > > Thank you all in advance. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43117&t=43021 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: To The Experts and Gurus [7:42996]
wow... I'm glad you were joking. there were 5 posts while I wrote mine! --Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43018&t=42996 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: To The Experts and Gurus [7:42996]
I'm glad you're just sending regards today, 'cause I'd send Rebecca right back with your love. What you just posted was 2 things. 1) It was not about cisco equipment, thus by your argument it should not have been posted. 2) It was quite possibly the most arrogant thing I have ever seen anyone post here. While I will NEVER claim to be perfect or always correct (I am frequently wrong, but usually catch myself before posting), I have to believe that with all the studying I have done, I have something to add to the discussions. This is not a strict issue/resolution forum. We are not here to simply leech configs. It is, last I checked, a discussion group for those aspiring to the highest standards in networking knowlege. Remember, the CCIE has no prereq's, so lack of certs means precisely zero. FOR INSTANCE: Our own darling Priscilla Oppenheimer, generally agreed to be at the level of Network Goddess, does not have her CCIE. So, by your rule, she who has been networking since I entered kindergarden would not be qualified to post here. Don't put too much weight on certs. When you get down to it, they're mostly just letters. Sorry for the tirade, guys, but that really bugged me. *dismounts soapbox* --Tim, CCNA, MCSE, MCP+I, UPoAR, sorry, no parenting cert. (thankfully, I have not spawned... could you imagine?) John Neiberger wrote: > > I've been noticing a growing trend on the list for several > months now > and I'm hoping to start some discussion and perhaps alleviate > this > particular issue. > > As everyone knows we have a fair number of true, guru-level > experts > that participate in the list and provide a wealth of excellent > networking knowledge. However, very often this isn't > Cisco-specific and > as such is not of much value and it really seems to irritate > other > members of the list who understand that the only topics worth > studying > are Cisco-related. > > To make matters even worse, many of these so-called experts > aren't even > Cisco certified!! I was under the impression that to be a true > expert > one must have attained the CCIE certification, or at least CCNP > with > multiple specializations. How can we trust your advice if you > we don't > see those initials in your email sigs?? > > Participation on the list by these sorts of experts, regardless > of > there vast experience and knowledge, causes excessive distress > to > certain list members. In order to show more tolerance toward > the easily > annoyed, perhaps we should consider only allowing CCIEs to > answer posts. > I'm sure others would agree that this would solve this > problem. We > must find a way to prune the non-certified from our ranks. > > Regards, > > John parenting > advice unless you've passed some sort of parenting > certification. > Thanks.) > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43017&t=42996 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF over ISDN demand circuit [7:42348]
point. --Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42459&t=42348 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Ausente [7:42361]
This is almost as good as when I got an email from Papa John (yes, the pizza guy) to tell me he'd be out of the office. I've never met the guy, but I'm glad he told me, I was gonna order a pizza that week! --Tim Paulo Cesar Buerger wrote: > > Estarei ausente no periodo de 21/01/2002 a 25/01/2002. Favor > encaminhar as > questoes mais urgentes para o Luis Beu ([EMAIL PROTECTED]). > > Paulo Buerger > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42438&t=42361 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF over ISDN demand circuit [7:42348]
If one wishes for routing updates to bring up the link, can one not just use the "passive-interface" command on the ISDN interface? If it is a backup link, passive interface will keep routing updates will keep the link from coming up for updates. Then a couple of floating static routes on either end should bring it up if the primary (dynamic)link goes down as long as the administrative distance for the floaters are greater then that of OSPF. --Tim Ruihai An wrote: > > Hi, Group, > > On an ISDN circuit running ospf , if I want to use "ip ospf > demand-circuit" > to keep it from being brought up by ospf update, do I need to > define > 224.0.0.5 as non-interesting traffic in dialer-list? > > I have configured "ip ospf demand-circuit" on one side of the > ISDN, but > routing update to 224.0.0.5 keeps activating the circuit? What > is the > problem? > > Thanks > > Ruihai > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42431&t=42348 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Summary addressing [7:41998]
The best way for me to understand is to do the binary, and let the shortcuts go hang. As someone once said to me "I'm not smart enough to do the shortcuts" Kage Roc wrote: > > I promise I will not be a knowledge leech, I will contribute > what I know as well. Ofcourse I do have a question regarding > IP Summaization: Up untill today I thought I had > summarization down cold until I tried a few self made > excercises. The formula I used to gather a summ address was > 2n=x. Thats 2 to the n power equals x. > x is the number of subnets that you want to summarize and n > will be how much you subtract from the lowest mask of those > subnets. for example: > > > 216.52.146.136/30 > 216.52.146.140/30 > 216.52.146.144/30 > 216.52.146.148/30 you can only summarize to where the bits are identical. Looking at the last octet: 136=10001000 140=10001100 144=1001 148=10010100 the boundary would be at /27, the total of the first three octets and the 3 bits of the fourth. The summary route would be 216.52.146.128/27 If you use /28 for those networks, you're gonna get something funky. > > using that formula the summ would be 216.52.146.136/28which is > not a valid route. Hoever that formula works here: > 216.52.146.48/29 > 216.52.146.56/29 > > summ route: 216.52.146.48 /28 > here the last octets are: 48=0011 56=00111000 making the masked bits /28 (3 octets + 4 identical bits) > I guess my question is, what is the best/effective/convient way > to derive summary addresses? Thanks for any input. > If you're very lucky, you have the brain to do this silliness in your head. Otherwise, just do the binary conversions and draw lines. --Tim, the pretty sure he got that right. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42241&t=41998 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP feas dist and successor [7:41957]
Excellent description John. Reinforced my understanding of FD and AD Tim On 19 Apr 2002 12:07:22 -0400, [EMAIL PROTECTED] ("John Neiberger") wrote: >The key words here are Feasible Distance and Advertised Distance, or in >this case, reported distance. The FD is the metric for the current >path. If we have two neighbors who are reporting that they can reach >that network, both will be advertising what *their* FD is, which from >our perspective is the Advertised Distance. > > >[RA]---(10)[RB]-(50)-Network Z > \/ >\/ > \--(20)[RC]-(50)--/ > > >Imagine that somewhere beyond Routers B and C is a Network, Z. They >each have a metric of 50 to that network, which is their FD. Router A >will see two available routes to Z but the one through B has a lower >metric and it will be installed into the routing table. > >However, because RC's Advertised Distance to Z (50) is less than Router >A's current FD (60), it will be installed as a feasible successor. If >the metric from Router C to Network Z was 60 or over, it would not be a >feasible successor. In that case, if the link from A to B were to go >away, A would not immediately begin using RC as the next hop to Z. >Instead it would send queries to all of its EIGRP neighbors and it would >start forwarding to C after C answers that it can reach Z. > >I hope that makes sense. I have a cold and am fairly medicated right >now. ;-) > >John > > "Sean Wolfe" 4/19/02 9:34:03 AM >>> >EIGRP question: > >According to Cisco's website: "Feasible distance is the best metric >along a >path to a destination network, including the metric to the neighbor >advertising that path. A feasible successor is a path whose reported >distance is less than the feasible distance." > >But wouldn't a route with a distance less than the feasible distance be >in >the routing table already, since it had a better metric? > >It makes more sense to me that the feasible successor is a route with >a >slightly larger metric than the current route. That way if the current >route >dies, the next-best path is promoted. > >But that's not what I'm reading at >http://www.cisco.com/warp/public/103/eigrp1.html#6 > >So . . . whaddya say? > >Thanks, -Sean. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41989&t=41957 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Helpppppp [7:41796]
Is it possible that someone put the no-exec line on the console port or your speed isn't set to 9600. Are you using hyperterm or teraterm or equivalent? If this isn't a production box, why not practice your password recovery skills and set a new vty password and then check the console settings? Tim On 17 Apr 2002 23:04:32 -0400, [EMAIL PROTECTED] ("Juan Blanco") wrote: >Team, >I have a 2500 route which I don't seem to be able to connect to the console >port, and one serial interface has an ip, which I can ping to and I can >telnet to it but I don't seem to be able to have the correct password. What >else I can do here to get into this baby. > >Thanks, > >JB Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41799&t=41796 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CS-516 Terminal Server Issues [7:41760]
I think I made a mistake in my last post. Anyways, here's my config of my cs-516. ccie-lab#sh conf Using 650 out of 32512 bytes ! version 9.21 no service pad service password-encryption ! hostname ccie-lab ! clock timezone EST -5 enable password 7 051F0F02 ! no ip domain-lookup ip tcp synwait-time 5 ! interface Ethernet0 ip address 192.168.1.254 255.255.255.0 no lat enabled no mop enabled ! ip host R1 2001 192.168.1.254 ip host R2 2002 192.168.1.254 ip host R3 2003 192.168.1.254 ip host R4 2004 192.168.1.254 ip host R5 2005 192.168.1.254 ip host R6 2006 192.168.1.254 ip host R7 2007 192.168.1.254 ip host R8 2008 192.168.1.254 ip host R9 2009 192.168.1.254 ip host R10 2010 192.168.254 logging buffered ! line con 0 no exec exec-timeout 0 0 line 1 16 no exec transport input telnet stopbits 1 line vty 0 4 exec-timeout 0 0 password 7 login ! end ccie-lab# On 17 Apr 2002 14:20:12 -0400, [EMAIL PROTECTED] ("Tim Lovelace") wrote: >I finally have gotten back around to getting my CS-516 back up and >working, and I am having a problem.. > >To actually connect to a console takes somewhere in the area of 5 >minutes, I hope that is not normal. Also, many times I get "Connection >refused by remote host" although I could connect 20 minutes before and I >can still consol in with my laptop fine. Below is a sh ver and wr term. >If anyone has any advice, please let me know. Thanks for the help. > >Tim > >CS#sh ver >CS Software (CS500-KR), Version 9.21(3), RELEASE SOFTWARE (fc1) >Copyright (c) 1986-1994 by cisco Systems, Inc. >Compiled Tue 03-May-94 16:25 by jyang > >ROM: System Bootstrap, Version 4.7(3), RELEASE SOFTWARE > >CS uptime is 1 hour, 55 minutes >System restarted by reload >System image file is unknown, booted via tty1 > >Cisco-CS500 (68331) processor with 10240K bytes of memory. >SuperLAT software (copyright 1990 by Meridian Technology Corp). >1 Ethernet/IEEE 802.3 interface. >16 terminal lines. >32K bytes of non-volatile configuration memory. >Configuration register is 0x101 > >CS#wr term >## >Current configuration: >! >version 9.21 >no service pad >! >hostname CS >! >enable password XX >! >ip routing >no ip domain-lookup >! >interface Loopback0 >ip address 10.10.10.10 255.255.255.0 >! >interface Ethernet0 >ip address XXX.XXX.XXX.XXX 255.255.255.0 >! >ip host R9 2009 10.10.10.10 >ip host R7 2007 10.10.10.10 >ip host R8 2008 10.10.10.10 >ip host R1 2001 10.10.10.10 >ip host R2 2002 10.10.10.10 >ip host R3 2003 10.10.10.10 >ip host R4 2004 10.10.10.10 >ip host R5 2005 10.10.10.10 >ip host R6 2006 10.10.10.10 >ip host R10 2010 10.10.10.10 >ip host R11 2011 10.10.10.10 >ip host R12 2012 10.10.10.10 >ip host R13 2013 10.10.10.10 >ip host R14 2014 10.10.10.10 >ip host R15 2015 10.10.10.10 >ip host R16 2016 10.10.10.10 >ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX >! >line con 0 >line 1 16 >transport input telnet >line vty 0 4 >password >login >! >end > >CS# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41795&t=41760 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CS-516 Terminal Server Issues [7:41760]
You may want to try the no-exec under your line con 0 Maybe there's a bunch of noise of the line from the other boxes trying to establish a connection. Just a thought. Tim On 17 Apr 2002 14:20:12 -0400, [EMAIL PROTECTED] ("Tim Lovelace") wrote: >I finally have gotten back around to getting my CS-516 back up and >working, and I am having a problem.. > >To actually connect to a console takes somewhere in the area of 5 >minutes, I hope that is not normal. Also, many times I get "Connection >refused by remote host" although I could connect 20 minutes before and I >can still consol in with my laptop fine. Below is a sh ver and wr term. >If anyone has any advice, please let me know. Thanks for the help. > >Tim > >CS#sh ver >CS Software (CS500-KR), Version 9.21(3), RELEASE SOFTWARE (fc1) >Copyright (c) 1986-1994 by cisco Systems, Inc. >Compiled Tue 03-May-94 16:25 by jyang > >ROM: System Bootstrap, Version 4.7(3), RELEASE SOFTWARE > >CS uptime is 1 hour, 55 minutes >System restarted by reload >System image file is unknown, booted via tty1 > >Cisco-CS500 (68331) processor with 10240K bytes of memory. >SuperLAT software (copyright 1990 by Meridian Technology Corp). >1 Ethernet/IEEE 802.3 interface. >16 terminal lines. >32K bytes of non-volatile configuration memory. >Configuration register is 0x101 > >CS#wr term >## >Current configuration: >! >version 9.21 >no service pad >! >hostname CS >! >enable password XX >! >ip routing >no ip domain-lookup >! >interface Loopback0 >ip address 10.10.10.10 255.255.255.0 >! >interface Ethernet0 >ip address XXX.XXX.XXX.XXX 255.255.255.0 >! >ip host R9 2009 10.10.10.10 >ip host R7 2007 10.10.10.10 >ip host R8 2008 10.10.10.10 >ip host R1 2001 10.10.10.10 >ip host R2 2002 10.10.10.10 >ip host R3 2003 10.10.10.10 >ip host R4 2004 10.10.10.10 >ip host R5 2005 10.10.10.10 >ip host R6 2006 10.10.10.10 >ip host R10 2010 10.10.10.10 >ip host R11 2011 10.10.10.10 >ip host R12 2012 10.10.10.10 >ip host R13 2013 10.10.10.10 >ip host R14 2014 10.10.10.10 >ip host R15 2015 10.10.10.10 >ip host R16 2016 10.10.10.10 >ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX >! >line con 0 >line 1 16 >transport input telnet >line vty 0 4 >password >login >! >end > >CS# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41787&t=41760 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Frame-Relay Map [7:41709]
oh, ok I was operating on what he said without the book in front of me... Duh! --T Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41770&t=41709 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP Training? [7:41456]
I certainly hope that was a joke... Remote Access read like Japanese stero instructions, but with no promised reward of music when you were done. :-) --Tim Kris Keen wrote: > > Go Switching, Remote and Support are a piece of cake, actually > Remote Access I enjoyed reading, it was a great read.. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41495&t=41456 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IE Written [7:41320]
Sorry if I seem negative but what does it matter what "we" think? If this is something you want, why not go get it? If you think that it'll put you in a more marketable position (i'm sure it will, even in Dallas) than why not do it. Not to mention, it's all about the knowledge man! (especially now that the industry pay has gone to the birds) Tim On 13 Apr 2002 02:39:36 -0400, in groupstudy.cisco you wrote: >I hope no one jumps on me about this but I am in Dallas and as most of you >know the market here is horrible. And that is an understatement. I am >wanting to go for my IE written in about 3 months but I only have a year of >experience. I know that is not enough by Cisco standards but it may be my >only option right now for another job. What do ya'll(had to throw that in) >think my chances are? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41352&t=41320 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ping times? Am i missing something [7:41151]
Okay, I'm much clearer on this now. So in reality, the IP TTL doesn't really measure anything anymore, we just need to make sure our routers decrement it so that a box getting an IP packet with 0 will discard it any not let it float around the networka aimlessly. Thanks for the help. Much appreciated! Tim On 11 Apr 2002 13:54:41 -0400, [EMAIL PROTECTED] ("Priscilla Oppenheimer") wrote: >Timoue (timeout!? ;-) > >IP TTL is a reverse hop count. The sender sets it to some large number like >255 or 64 or 32 (depending on the OS). Each router decrements it by one. If >that causes the TTL to become zero, then the packet is dead. The router >discards it. The goal is to stop a packet from travelling around an >internetwork forever, which could happen if there were a routing loop. > >Originally, the IP designers also envisioned that the TTL could be a rough >measurement of time. A router could decrement the TTL by more than one if >it took more than one second to handle the frame. The router could >decrement the TTL by the number of seconds it took to work on the frame. >These days if a router took more than a second to forward a frame, you >would pull the plug and use it as a boat anchor. > >Some protocol analyzers still show the TTL value as hops/seconds. I think >the Sniffer still does this. It's misleading for two reasons. No routers >use seconds anymore, and the hops/seconds makes it look like a ratio. Ugh. > >One more comment, you were worried about 15,000 milliseconds. Remember >that's only 15 seconds. So if the TTL were measured in seconds, 255 would >be much bigger. > >By the way, my ping using 3600 seconds on my Albany router (see my previous >reply) is still sitting there! > >Priscilla > > >At 02:58 AM 4/11/02, [EMAIL PROTECTED] (Timothy Ouellette) wrote: >>Okay, so ICMP doens't specify a TTL on it's own. Doesn't IP by itself >>have a TTL of 255? >> >>Maybe i'm missing something. >> >>Tim >> >>On 11 Apr 2002 01:26:56 -0400, [EMAIL PROTECTED] ("Joseph >>Ezerski") wrote: >> >> >Ok, according to Stevens (TCP/IP Illustrated Vol 1), the ICMP Ping Packet >> >looks like this: >> > >> > >> >0 1 2 3 >> >0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 >> > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> > | Type | Code | Checksum | >> > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> > | Identifier | Sequence Number | >> > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> > | Optional Data| >> > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> > >> >The RFC 792, does not specify a time value, other than IP TTL (at that >time, >> >assumed to be in units of seconds). I think it really depends on how your >> >OS has implemented it. For example, on my Windows PC, the default timeout >> >is 2000ms. However, there is an option you can set (-w in the windows >> >world) to extend that timeout. Stevens mentions something about newer >UNIX >> >implementations (as of the early 90s) timing out after 20 seconds. My >> >Solaris box times out after 20 s, and it is listed in the man pages as >such. >> > >> >HTH >> > >> >-Joe >> > >> > >> > >> >-Original Message- >> >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >> >Ouellette, Tim >> >Sent: Wednesday, April 10, 2002 8:13 PM >> >To: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' >> >Subject: Ping times? Am i missing something >> > >> > >> >The other day while troubleshooting an issue, I saw some pings from out >> >Tivoli Netview box and it was showing ping times in the 15,000+ ms range. >Is >> >this possible? I though there was a limit on this particular field in the >> >head. If an of our frame-format experts (Priscilla?) or sniffer gurus >> >(again... Priscilla?), could point me someone I'd appreciate it. Thanks a >> >bunch! >> >_ >> >Commercial lab list: http://www.groupstudy.com/list/commercial.html >> >Please discuss commercial lab solutions on this list. > > >Priscilla Oppenheimer >http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41242&t=41151 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ping times? Am i missing something [7:41151]
Okay, so ICMP doens't specify a TTL on it's own. Doesn't IP by itself have a TTL of 255? Maybe i'm missing something. Tim On 11 Apr 2002 01:26:56 -0400, [EMAIL PROTECTED] ("Joseph Ezerski") wrote: >Ok, according to Stevens (TCP/IP Illustrated Vol 1), the ICMP Ping Packet >looks like this: > > >0 1 2 3 >0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | Type | Code | Checksum | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | Identifier | Sequence Number | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | Optional Data| > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > >The RFC 792, does not specify a time value, other than IP TTL (at that time, >assumed to be in units of seconds). I think it really depends on how your >OS has implemented it. For example, on my Windows PC, the default timeout >is 2000ms. However, there is an option you can set (-w in the windows >world) to extend that timeout. Stevens mentions something about newer UNIX >implementations (as of the early 90s) timing out after 20 seconds. My >Solaris box times out after 20 s, and it is listed in the man pages as such. > >HTH > >-Joe > > > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Ouellette, Tim >Sent: Wednesday, April 10, 2002 8:13 PM >To: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' >Subject: Ping times? Am i missing something > > >The other day while troubleshooting an issue, I saw some pings from out >Tivoli Netview box and it was showing ping times in the 15,000+ ms range. Is >this possible? I though there was a limit on this particular field in the >head. If an of our frame-format experts (Priscilla?) or sniffer gurus >(again... Priscilla?), could point me someone I'd appreciate it. Thanks a >bunch! >_ >Commercial lab list: http://www.groupstudy.com/list/commercial.html >Please discuss commercial lab solutions on this list. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41160&t=41151 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Change the Bridge ID on a cat5k [7:41157]
set cam {dynamic | static | permanent} {unicast_mac | multicast_mac | route_descr} mod_num/port_nums [vlan] Could that be it? I don't have a cat5k to check this on? On 11 Apr 2002 02:31:22 -0400, [EMAIL PROTECTED] ("Timothy Ouellette") wrote: >Scouring cisco for an answer that someone mentioned. > >I'm trying to change the Bridge-ID (BID) for a particular vlan on a >cat5k. I know it's possible if I just change the priorty for that >particular vlan. Is it possible to change the mac address on a vlan so >that the BID will change without change the prioty. Here's the question >that was posed "how does one change the bridge ID for VLAN 200 on a >Catalyst 5000 (os is 5.5(10)b" > >Can anyone help? > >Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41159&t=41157 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Change the Bridge ID on a cat5k [7:41157]
Scouring cisco for an answer that someone mentioned. I'm trying to change the Bridge-ID (BID) for a particular vlan on a cat5k. I know it's possible if I just change the priorty for that particular vlan. Is it possible to change the mac address on a vlan so that the BID will change without change the prioty. Here's the question that was posed "how does one change the bridge ID for VLAN 200 on a Catalyst 5000 (os is 5.5(10)b" Can anyone help? Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41157&t=41157 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Broadcast [7:41019]
What are you trying to ping when you see the broadcasts? is it local or remote? is there a chance you are seeing the pre-ping arp requests? --Tim kaushalender wrote: > > Hi group , > > I have network of 172.16.32/24 .When i put debug of ip icmp i > see all ip > in this network r pinging 172.16.255.255.Can somebody will help > me to > tell whis this is so. > > Thanx > kaushalender > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41048&t=41019 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP exams [7:41039]
I kinda hope that was meant to be funny. :-) --Timsamuel zou wrote: > > I'v just passed the BCRAN, there's no exam about 500 series > > Best Regard Samuel zou Tel: 62259099E-mail: > mailto:[EMAIL PROTECTED]>From: > "Brian Zeitz" >Reply-To: "Brian Zeitz" >To: [EMAIL PROTECTED] > >Subject: CCNP exams [7:41039] >Date: Wed, 10 Apr 2002 10:27:39 > -0400 > > >Funny, I just logged into 2test.com and it still is letting me > schedule > misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > SkA*;z5DEsSQ=xPP=;Aw#,GkJ9SC MSN Messenger#:5%;w4K4& > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41047&t=41039 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Can this be HSRP on a single router [7:40995]
that looks odd, but I noticed different in the 2 configs was this: 1) Frame encapsulation was different (one was default, i.e. cisco, the other was ietf (I Eat ToFu)) making it look like at different times, there were different vendors routers across the link. 2) the bandwidth, which makes it look like (to me) that the link has ben upgraded. My deduction: when the line was upgraded and the equipment was switched, somebody left the old config on one subif and put the new config on another. Probably so if things crashed, they had something to fall back on. Of course, I could be totally wrong. :-) --Tim Nuurul Basar Mohd Baki wrote: > > Hai, > > I've recived a config that contain a sound like HSRP on a > single router. > The function is for Serial 0 to back up Serial 1 and vice versa. > I am unable to see how does it works :( > Can some help me on this > > > Interface serial1/1 > bandwidth 128 > no ip addres > encaps fr > fr lmi-type ansi > > interface serial1/1.2 point-to-point > bandwidth 64 > ip address *.*.*.89 255.255.255.252 > no arp fr > fr interface-dlci 21 > > ! > > interface serial 1/2 > bandwidth 128 > no ip address > ecnaps fr ietf > fr lmi-type ansi > > interface serial 1/2.8 point-to-point > badwidth 64 > ip address *.*.*.89 255.255.255.252 > fr interface-dlci 21 > > ! > > * The link is not having any load balancing configured on it. > * If serial 0 is down all route will be auto rerouted to S1 > > Question: > > 1) How those this works ?, since both subinterface is having > the same ip > address. > 2) From the branch site, how do they chose the correct route?. > 3) Can this be define as HSRP ? > > I hope that some one can help me on this matters. > > Thanks > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41025&t=40995 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Configure transparent bridging on Cisco router [7:40709]
I believe you are right... You are working on a ROUTER, therefore, it prefers to ROUTE ROUTABLE traffic. If you take the ROUTING option away, then it will attempt other configured methods of forwarding traffic. --Tim Priscilla Oppenheimer wrote: > > At 11:50 AM 4/6/02, nntp.groupstudy.com wrote: > >I put two FA interfaces into same bridge group, and enable > bridge protocol > >ieee. There is not IP address configured on the bridge port. > But it will > >not > >bridge any IP traffic unless I disable IP routing on the router > > I think that's normal. If you want to bridge IP, you must > disable IP > routing because IP routing is enabled by default. See this: > > http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fibm_c/bcfpart1/bcftb.htm#xtocid30 > > >or use bridge > >irb. I was expecting the bridged ports will bridge IP, > because there is no > >IP configured on these two interface. Can somebody explain > why? > > > >Thanks > > > >Ruihai > > > Priscilla Oppenheimer > http://www.priscilla.com > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40828&t=40709 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Routing Question [7:40766]
This is why we love Priscilla. :-) Here we were making the ASSumption that we were using a classfull subnet mask. Thank you, Priscilla, for once again letting us know we aren't really worthy! :-) --Tim Priscilla Oppenheimer wrote: > > How many bits are defining network IDs and how many are > defining node IDs? > (that is, what's the subnet mask?) > > With some subnet masks, you have 3 segments in Scenario 2. With > other > subnet masks, you have a broken network (the routers can't talk > to each > other across the middle). > > Priscilla > > At 05:16 PM 4/7/02, Kent Browning wrote: > >Scenario 1 > >== > > > >---int0-(R1)-int1 int0-(R2)-int1 --- > > > >Router 1 > >Int 0: 192.168.1.1 > >Int 1: 192.168.2.1 > > > >Router 2 > >Int 0: 192.168.2.2 > >Int 1: 192.168.3.1 > > > > > >Scenario 2 > >== > > > >---int0-(R1)-int1 int0-(R2)-int1 --- > > > >Router 1 > >Int 0: 192.168.1.1 > >Int 1: 192.168.2.1 > > > >Router 2 > >Int 0: 192.168.3.1 > >Int 1: 192.168.4.1 > > > > > >Question: > >= > >In Scenario 1, there are 3 segments: > >Segment1: 192.168.1.0 > >Segment2: 192.168.2.0 > >Segment3: 192.168.3.0 > >I know this is correct. > > > >In Scenario 2, how many segments are there? > >Is there anything wrong with routing router 1 to router 2 and > not using a > >common segment? > > > Priscilla Oppenheimer > http://www.priscilla.com > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40825&t=40766 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP Link Bandwidth. Interesting [7:40655]
Just snooping around cisco and found this interesting enhancement for unequal load balancing for both ibgp and ebgp. It'll advertise the exit link bandwidth as a community to you can make routing decisions on it. Pretty cool. Here's the link. http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ftbgplb.htm Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40655&t=40655 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: test prep 607 CCNA HELP [7:40228]
and yes, to those who study Cisco, there is only one "Todd". -T Jimmy wrote: > > I'm studying for the CCNA test. but should i wait to pick up > the Sybex 607 > book, or will the 507 book suffice? > You guys mention Todd's book. You guys are reffering to the > Sybex book > right? > Also, is the test the same as the 507 but with simulators or > did they scrap > the entire question list and start a new one? Please help me > out... > > thanks, > Jimmy. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40247&t=40228 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 802.3ab [7:40158]
nothing solid that I know of... I know in the production networks I have SEEN, nobody seems to care how many cables can be bundled. It's never been an issue in the networks I've experienced. Lou wrote: > > I am working on a project and have a question I can't find the > answer > to, despite 4 hours searching. > If you have Cat5E or Cat6 ieee standard cabling, properly > tested... Is > there a Max amount of cables you can run side by side before > experiencing alien Crosstalk.. (Crosstalk between the cables, > not > between pairs, or NEXT, or FEXT) > > If you know of a link to a whitepaper or any thing solid... I > sure would > appreciate > > Lou Nelson > Consulting System Engineer > CCNP, CCDP, Campus ATM Specialized > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40178&t=40158 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Flapping [7:38822]
The truly fabulous way would be to wire in a toggle switch into the cable... preferably with a large wad of electrical tape. It should flap like a champ then. -T PING wrote: > > I am looking for some tool which can generate hardware line > flaps. I > have been doing this by going into the lab and manually > jiggling the > interface cable at various intervals and watching the debug > output on > the console. > I was wondering if there were any tools that would help me do > this in a > smarter way? > > Nadeem > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38832&t=38822 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: which encap on a POS interface [7:38557]
bergenpeak wrote: > > I was somewhat surprised to see a Juniper box support cisco hdlc > encap on a POS interface. Didn't realize that other vendors > supported > this standard. Which brings me to my question. If such a goodly number of Juniper Engineers weren't former Cisco Engineers, I'd be somewhat surprised. As it is, I am not. --Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38678&t=38557 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Who is Priscilla Oppenheimer ? [7:38662]
read her background, and understand. --Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38667&t=38662 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE program will be dropping token ring! [7:37422]
I read this and wept for joy. Then I went out to spread the good tidings to the networking masses. They were likewise moved to tears. --Tim -for God Loveth a Cheerful Cynic.Steven A. Ridder wrote: > > I'm in a meeting with the CCIE program manager and they will be > removing > Token-ring soon! > > -- > > RFC 1149 Compliant. > > > ""Scott H."" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Not that bad. A bunch of dates open in March and April in > San Jose--if > you > > can't do that, you are screwed until August. The one thing > that I have > > noticed is that when people get within their 28 day window, > they drop > their > > date. This opens up dates for the more serious contenders. > > > > Best of luck! > > Scott > > > > ""AMR"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > What's the wait time like nowadays? > > > > > > -A > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37547&t=37422 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Lab - San Jose [7:37444]
If you test date is a long way off, or you are close by, start walking now. Remember to pack food and supplies for cold and warm weather. Also, a rain poncho may be wise. Carry or search for a cardboard box (the only approved Homeless/bum shelter approved for use within San Jose). Find a space to sleep either near the cisco compound or near a light-rail station. Transportation from Box to Cisco: Take the light-rail. USUALLY nobody will even check for a ticket. If the transit police DO check, at least you have a better place to sleep tomorrow night. Seriously, though, things are not cheap in San Jose. BUT, the do have an abundance of Starbucks Coffee Installations, where jack-booted Caffiene-Nazi's are likely to force you to consume the People's Drink. --Tim James wrote: > > Hello, > > I hope to get some advice from those who attempted the > lab in San Jose. I have a lab scheduled soon and hope > that someone can let me know where to stay at the best > rates, travel arrangements from hotel to Cisco, etc.. > any information is greatly appreciated. > Thank you > > > > __ > Do You Yahoo!? > Try FREE Yahoo! Mail - the world's greatest free email! > http://mail.yahoo.com/ > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37546&t=37444 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cat 6505 Error Message [7:37543]
Does the fact that it wasn't on a UPS imply that it also wasn't on a surge supressor? extrapolate conclusion. --Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37545&t=37543 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
had to show you all this [7:37352]
I hope this link goes through. This is one of the funniest things i've seen related to CCIE training. heheh http://unixsex.com/netadmin/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37352&t=37352 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Ubr924 for ccie voip lab? [7:36756]
I was browsing the endless pages on ebay looking for a good deal for more "shtuff" for my home ccie lab. Saw an auction for a cisco ubr924 that went for like $200 or so. Supposedly it's a cable modem with 4 built in ethernet ports, and two voice ports (per the url below). It runs IOS too. Would this work for playing with VOIP in a home lab? Any recommendations would be great. Thanks team! http://www.cisco.com/warp/public/cc/pd/rt/900/prodlit/ubr92_ds.htm Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36756&t=36756 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP metrics [7:36596]
Chuck, Wouldn't it be safer to say that if a BGP speaking router learns a prefix from a peer that doesn't have an AS-path attribute (what you referenced as being originated from) then it is IBGP because bgp won't tag it's own as-path onto a prefix until it tries to go over a ebgp connectiong. Furthermore, when you set up your 'neighbor x.x.x.x remote-as yyy' your pretty much defining that routes learned from that neighbor are ibgp (if that yyy is the same as your yyy) or ebgp (if they're different). Tim On 27 Feb 2002 01:35:07 -0500, [EMAIL PROTECTED] ("Chuck") wrote: >how does the router know? I would imagine the router OS checks the BGP >origin. If I am AS 559 and I receive a BGP route that originates in AS 559, >it is either iBGP, or I have a loop. If AS 559 is the only AS in the AS >path, it follows that it is an iBGP route, and therefore is assigned an AD >of 200. > >make sense? > > > >""Thom Castognalia"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> How does a router assign an iBGP AD vs. an eBGP AD? The iBGP AD is less >> preferred than EIGRP and the other interior RPs, is that correct? (one >week >> until R&S qual. exam) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36753&t=36596 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP Redistro/Backdoor bug? Any ideas... [7:36191]
Team, Was working on BGP backdoor on routerb. Routera is advertising the 3.3.3.0/24 via eigrp 23 to routerb (the _ representing Ethernet). Routera is also advertising that same prefix via ebgp to routerb (the === marks represent the serial link). No biggie, so I threw the network 3.3.3.0 mask 255.255.255.0 backdoor) command on routerb and Voila, routerb decided to use the route learned via eigrp (ad=90) rather than the route learned via ebgp (ad=20). ___Eigrp 23___ | | 3.3.3.0/24---routera==routerb (ebgp) I then decided I was going to play around with redistribution. So I made routea stop advertising that 3.3.3.0/24 prefix to routerb via ebgp. No problem, routerb still knew about 3.3.3.0/24 via its Ethernet. I went into the bgp 2 process on routerb and did a redistribute eigrp 23. After about 90 seconds, I didnt see the 3.3.3.0/24 route in routerbs bgp table. I though what the and looked for any typos (considering Ive been studying for 11 hours so far) but didnt see any. I did however see that I forgot to take out the backdoor statement from the previous exercise. I took that out and about 15 seconds later I got this message (after turning on debugging of course) BGP(0): nettable_walker 3.3.3.0/24 route sourced locally So I took a look in the bgp table and saw r2#sh ip bgp BGP table version is 16, local router ID is 22.22.4.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next HopMetric LocPrf Weight Path *> 3.3.3.0/24 25.25.25.3 409600 32768 ? My question is, is this a bug that if you have that backdoor in there, BGP will not redistribute? The only thing I changed in my config was that line and then it worked. While I study, Im compiling a list of gotchas I need to remember for BGP. Anyone else done this, maybe we can compare notes? Thanks team! Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36191&t=36191 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Recent One-Day Lab Takers?? [7:33592]
I *KNOW* I didn't just see a brit scoff at some other country's food. Not from the country that brought us meat pies and pudding that isn't. j/k :-) --Qtone Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33704&t=33592 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router doesn't hold Enable Passwrod [7:33645]
This may just be me operating witout caffiene, but are you saving the config to Startup after the changes? copy run star works wonders. if I just insulted your intelligence, slap me around later. -QTone Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33703&t=33645 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
No Terminal Server? No problem [7:29573]
Hey guys. After looking around for a cisco 500 or 2509, and not being able to get my xyplex terminal serving working. I started looking for a manual 2-4 port manual switchbox to connect my pc serial port to and be able to connect to my home lab routers. While looking, I came across an 8 port automatic (button) switchbox that pacificable.com sells (part # SA13) Check it out, I think I may go for it. Unless anyone else has any other suggestions on how to accomplish such a task cheaply. I have no affiliation with these folks btw. Take care. Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29573&t=29573 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access Lists [7:28927]
Jill, How did you apply the list? To what interface? In which direction? Timothy Estes NA,DA -Original Message- From: J. Johnson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 12, 2001 2:24 PM To: [EMAIL PROTECTED] Subject: Access Lists [7:28927] We have a Cisco 5300 Dial-up. We want to allow everyone to get to our network when they dial in. We do not want everyone to get on the internet when they dial-in. This is what my access list look like access-list 110 permit ip 165.5.0.0 0.0.255.255 any access-list 110 deny ip any any Everyone can get to our network and get on the internet with the above list. Can you see anything wrong? Thanks. Jill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28972&t=28927 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: All you veterans... [7:26301]
I contacted Cisco, the Veterans Administration and the California Department of Veterans Affairs about this subject in July. Unfortunately I haven't hear anything in a while. The VA advised me that for veterans to be reimbursed for the Cisco Career Certification program, the program would have to be "accredited" by the state Department of Veterans Affairs in the state where Cisco's headquarters resides. I contacted the California Department of Veterans affairs and found them to be very cooperative. They wished to be put in contact with the correct people at Cisco, so I gave them all of the contact info I could from my perspective. After a couple of weeks, I received the following email from Cisco ([EMAIL PROTECTED])... >Dear Timothy, > >Thank you for your feedback. > >Due to requests from our dedicated customers, such as yourself, Cisco has >applied to have the Cisco Career Certification exams approved under the VA >Reimbursement Program. Once the details are finalized we will post the >information to our website. > >We thank you for your continued support of the Cisco Career Certifications >program. > >Cisco Career Certifications I have no idea what the status of Cisco's application is. I hope them get it approved soon, I have the 4 CCNP test to go! Maybe as a group we could use our collective resources to expedite this application? Timothy Estes CCNA, CCDA Sr. Network Systems Analyst Intermedia Communications (WorldCom) Tampa FL [EMAIL PROTECTED] (formerly RM3 USN) -Original Message- From: Sal DiStefano [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 14, 2001 9:04 PM To: [EMAIL PROTECTED] Subject: Re: All you veterans... [7:26301] Funny the Golf Course Superintendents Association of America is on the list but not Cisco. I called and they said to send it in and they may pay for it anyway. Sal - Original Message - From: "Jeff D" To: Sent: Wednesday, November 14, 2001 5:32 PM Subject: All you veterans... [7:26301] > Check it out for reimbursement: > > https://www.gibill.va.gov/Education/LCVets.htm Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26360&t=26301 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Basic RIP problem - am I missing something? [7:25787]
This should have been a simple rip setup that I was going to use to play around with offset-lists and stuff but it's not functioning the way I thought it would. Can you guys/gals have a look! ethernetA - Router A ===HDLC=== Router B - ethernetB router a is connected to router b with 2 serial int's running rip. The address of 10.1.1.1 is the ethernet of routerA and i'm consoled into router B. I have no ip route-cache on all the serial interface's in this setup. I've also done a "sh ip cache" just to make sure. lola#sh ip route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 4 subnets C 10.1.3.0 is directly connected, Ethernet0 C 10.1.2.0 is directly connected, Serial0 R 10.1.1.0 [120/1] via 10.1.2.1, 00:00:05, Serial0 [120/1] via 10.1.4.1, 00:00:05, Serial1 C 10.1.4.0 is directly connected, Serial1 lola# lola#ping 10.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/12 ms lola# 03:45:09: ICMP: echo reply rcvd, src 10.1.1.1, dst 10.1.2.2 03:45:09: ICMP: echo reply rcvd, src 10.1.1.1, dst 10.1.2.2 03:45:09: ICMP: echo reply rcvd, src 10.1.1.1, dst 10.1.2.2 03:45:09: ICMP: echo reply rcvd, src 10.1.1.1, dst 10.1.2.2 03:45:09: ICMP: echo reply rcvd, src 10.1.1.1, dst 10.1.2.2 lola#ping 10.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/12 ms lola# 03:45:13: ICMP: echo reply rcvd, src 10.1.1.1, dst 10.1.4.2 03:45:13: ICMP: echo reply rcvd, src 10.1.1.1, dst 10.1.4.2 03:45:13: ICMP: echo reply rcvd, src 10.1.1.1, dst 10.1.4.2 03:45:13: ICMP: echo reply rcvd, src 10.1.1.1, dst 10.1.4.2 03:45:13: ICMP: echo reply rcvd, src 10.1.1.1, dst 10.1.4.2 lola#ping 10.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/12 ms lola# 03:45:16: ICMP: echo reply rcvd, src 10.1.1.1, dst 10.1.2.2 03:45:16: ICMP: echo reply rcvd, src 10.1.1.1, dst 10.1.2.2 03:45:16: ICMP: echo reply rcvd, src 10.1.1.1, dst 10.1.2.2 03:45:16: ICMP: echo reply rcvd, src 10.1.1.1, dst 10.1.2.2 03:45:16: ICMP: echo reply rcvd, src 10.1.1.1, dst 10.1.2.2 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=25787&t=25787 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Access-list question [7:25008]
Hey guys/gals, After doing a simple mentorlabs vlab, I just wanted to make sure that I didn't miss anything on my access-list config. The router names/places have been masked to protect the innocent. Does my ACL do exactly the same job as theirs but with more lines (hey, who needs efficiency *grin*) Tim Theirs: access-list 101 deny icmp any any echo log access-list 101 permit icmp any any echo-reply log access-list 101 permit tcp host 10.1.1.2 any eq telnet log access-list 101 permit tcp any eq telnet any established log access-list 101 permit udp any any eq rip log access-list 101 deny ip any any log Mine: access-list 101 permit icmp any host 10.1.1.1 echo-reply access-list 101 permit icmp any host 10.1.2.1 echo-reply access-list 101 deny icmp any host 10.1.1.1 log access-list 101 deny icmp any host 10.1.2.1 log access-list 101 deny icmp any 10.14.0.0 0.0.255.255 log access-list 101 permit icmp any any access-list 101 permit tcp host 10.1.1.2 any eq telnet log access-list 101 permit tcp any eq telnet any established log access-list 101 permit udp any any eq rip Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=25008&t=25008 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT:Underrun errors [7:20447]
Okay networking gurus, here's one for you all. I have a problm with a 7204 that has 8000+ underrun errors on the FastEthernet interface. I understand that an underrun is the failure of the router to pass data to the transmitter fast enough. So it would seem that the processor can't keep up, right? But none of the ATM or Token Ring interfaces have this problem and the processor utilization is around 10%. So is the problem with the FastEthernet adapter? If anyone has seen this problem before? If so, please let me know Thanks. [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20447&t=20447 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HP Openview [7:20259]
I've heard of this one before. HSRP drives OpenView nuts. As others have already pointed out, you can disable this event in Event Configuration. I don't know about you, but I have way too many other problems to shoot to be worrying about duplicate IP issues, so losing this event shouldn't hinder your ability to manage your network. I would check on OVFORUM (http://www.ovforum.org) to see if any of the OV gurus there have an answer. I seem to remember a couple of questions about HSRP on that group lately. Timothy Estes CCNA CCDA Brainbench MVP for TCP/IP Administration Senior Network Systems Analyst Tier III Systems Support Intermedia Communications [EMAIL PROTECTED] -Original Message- From: Patrick Donlon [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 8:41 AM To: [EMAIL PROTECTED] Subject: HP Openview [7:20259] Need some info from all you HPOV experts, I'm seeing alarms from a router every 62 minutes. The alarm states "router reports address 0x0c07ac00 for 10.10.10.1, router reported 0x00d0bbcc9400 via snmp" -the first mac address is the virtual mac address for the standby interface, -the second mac address is one of the ethernet interfaces from the router. >From reading the detail information on the trap it appears this info is generated because the node has more than one mac for the interface. Can anyone help me stop these traps, I'm about to set up a lot more standby interfaces so it'll become a real nuisance then. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20279&t=20259 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Weird SNMP message..... [7:18083]
Michael, What OID is the Trap coming across as? (.1.3.6.1.4.1.?) Timothy Estes CCNA, CCDA -Original Message- From: Michael Williams [mailto:[EMAIL PROTECTED]] Sent: Friday, August 31, 2001 9:52 AM To: [EMAIL PROTECTED] Subject: Weird SNMP message. [7:18083] Hello all I've noticed a weird trap in HP OpenView that comes up (seemingly random). It's coming from a 5500 switch. We have two of these switches configured identically (except for stuff on the MSFCs, but that's not where the trap is coming from). We get this message from one of the switches, but not the other: System NVRAM has changed Sometimes it goes hours without this message then sometimes we get this message 5-10 times within a couple of minutes. Any ideas on this? TIA, Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18090&t=18083 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Question about the CCIE groupstudy - Is there a moderator? [7:16234]
Hello all. I have recently passed the tried to join the CCIE lab groupstudy by sending an email stating my lab date and the time I passed the written but I haven't heard anything back about it. Is there a moderator of it, hopefully they "hang out" here too and will see this message. Thanks a bunch. TIm Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16234&t=16234 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT, was RE: Tacacs+ for home Use? and Passed CCIE written [7:14415]
Disable it in the bios. -Original Message- From: Jonathan Hays [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 31, 2001 4:20 PM To: [EMAIL PROTECTED] Subject: Re: OT, was RE: Tacacs+ for home Use? and Passed CCIE written [7:14413] No keyboard? It depends. While it's true that native UNIX workstations (Sun, HP, etc.) will run "headless", most Intel x86 boxes I have encountered require you to plug in a keyboard or the machine won't boot, regardless of the OS installed. Or is there a way around this I don't know about? --- Jonathan Symon Thurlow wrote: > I agree with Carroll, I have been predominantly MS and Novell, but have > started to learn Linux. It isn't hard if you have a good grounding in > Networking/IP/Network OS's. It is just a matter of finding/learning the > commands. > > Another beauty of a *nix box; you only need two cables for it, power and > network. Forget screen, keyboard, mouse... > > Symon > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Carroll Kong > Sent: 31 July 2001 00:32 > To: [EMAIL PROTECTED] > Subject: Re: Tacacs+ for home Use? and Passed CCIE written today > [7:14288] > > At 06:40 PM 7/30/01 -0400, [EMAIL PROTECTED] (Timothy Ouellette) wrote: > >Hello all. I just passed my CCIE today (very happy). I was not as > >difficult as I expected (possibly over studied for it, if that's > >possible). Anyways, I am about to embark on the long journey to > >complete the CCIE by taking the lab. I have my own home lab and I was > >wondering if there is a free version of Tacacs+ out there? I know > >cisco has a Unix version they supply but I don't run Unix here at home > >(win2k for my lab) and I was wondering if anyone could help. Thanks > >for your time! > > > >Tim > > Congratulations on passing the CCIE Written! > > I guess you might be out of luck. Here are some of your options > > a) continue searching for a free version of TACACS+ for Windows. > b) Buy Cisco Secure ACS. > c) Get an old machine and install Linux, Solaris x86, FreeBSD, NetBSD, or > OpenBSD and grab tacacs+ from > http://www.gazi.edu.tr/tacacs/ > d) Port the code yourself from Unix to Windows. > > Obviously there is a certain time host inherent to the last three > options. You should certainly weigh out the costs, as ALL of the options > have an inherent cost to it, even a). Personally, I think learning Unix is > not so bad (maybe I am biased after all of these years) and may only take > perhaps a week of your time (if you are a fast learner, one day) if you > want to just get TACACS+ on it. You can consider multi-booting, but then > you will have to take out more time to make sure you do not fry your > machine. I hope you do know a lot about partitioning on x86 > hardware. :) It honestly is not that bad, win2k's bootloader is quite > friendly with booting the unices. On the side, I do not think TACACS+ is a > requirement for the lab. Not that it is a good reason to not learn > TACACS+. Every CCIE should learn that eventually, on at least one platform. > > If you install FreeBSD, you may run into issues compiling the code, I > patched it so it can work on it. (not as hard as it sounds, only a small > line change). If you choose that route, I can help you patch the code so > it will compile on FreeBSD. Good luck! > > -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14415&t=14415 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Foundation Exam Opinion [7:14353]
I'm starting my studies for CCNP and am wondering how many of you CCNPs out there have taken the Foundation Exam instead of the individual exams. If you have taken it, would you recommend it to others? Thanks, Timothy Estes CCNA, CCDA Brainbench MVP for TCP/IP Administration Brainbench Certified Internet Professional http://www.brainbench.com/transcript.jsp?pid=1198549 Senior Network Systems Analyst Tier III Systems Support Intermedia Communications Inc. 1 Intermedia Way FLT TE-2 Tampa FL 33647 Email - [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14353&t=14353 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Tacacs+ for home Use? and Passed CCIE written today [7:14284]
Hello all. I just passed my CCIE today (very happy). I was not as difficult as I expected (possibly over studied for it, if that's possible). Anyways, I am about to embark on the long journey to complete the CCIE by taking the lab. I have my own home lab and I was wondering if there is a free version of Tacacs+ out there? I know cisco has a Unix version they supply but I don't run Unix here at home (win2k for my lab) and I was wondering if anyone could help. Thanks for your time! Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14284&t=14284 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2948 - gigabit over copper [7:13074]
Just used some of the GBIC's yesterday. Here is a link to some info : http://www.cisco.com/warp/public/cc/pd/si/casi/ca3500xl/prodlit/1kbs_ds.htm Looks like the 2948 is not supported. - Tim -Original Message- From: johan ericsson [mailto:[EMAIL PROTECTED]] Sent: Friday, July 20, 2001 7:41 AM To: [EMAIL PROTECTED] Subject: 2948 - gigabit over copper [7:13074] Hi! Searching cisco's releasenotes the past few hours and can't find the answer for my question.. so thought I could try here instead. Anyone that can confirm that it is really true that only gigabit over fiber is supported on the 2948 (and not over copper?). Thanks! best regards, Johan Ericsson Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=13084&t=13074 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Written [7:9128]
Is the CCIE written all multiple choice or are there other types of questions? Thanks Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=9128&t=9128 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: administrator password problem [7:8913]
If you do a search on a security related site you can find a tool to dump the SAM database in NT and then you will be able to "retrieve" the administrator password. On 17 Jun 2001 23:18:34 -0400, [EMAIL PROTECTED] ("parky chan") wrote: >Dear all Expert >can you help me solve this problem? >if i don't know the administrator password (N.T.) >but i need to use admin right to do something >what can i do? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8914&t=8913 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Detroit Area CCIE Study Partner [7:7969]
Paul, I'm over in Windsor and I work in Troy. I wouldn't mind having a partner to prepare for the CCIE lab. I just passed CID on friday, and taking the written in about 3 weeks. I have 6 routers here and a POTS teltone simulator. Send me an email if your interested [EMAIL PROTECTED] Take care. On 11 Jun 2001 09:57:38 -0400, [EMAIL PROTECTED] ("CCIE Wanna BE") wrote: >I have a Dec 16 Lab date, and am looking for a study >partner. > >I have the following in my home lab: > >5509 w/24 port 10/100 blade >7500 >7000 >(5) 2500's > >Please let me know if you live in the Metro Detroit >area... > > >Thanks! > >= >Paul M. Immo CCDP CCNP MCSE >___ >Imagination is more important than knowledge >Albert Einstein > >__ >Do You Yahoo!? >Get personalized email addresses from Yahoo! Mail - only $35 >a year! http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8911&t=7969 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CID Test. [7:8909]
Hello group I just thought i'd let some of you folks know how my CID test went on friday. 100 questions and need a 755 to pass. I passed but I couldn't believe how poorly worded some of the questions on this test were. I mean, do the cisco guys review these questions and try to answer them? Not only were old technologies (SNA, TR) tested heavily but I found on some questions it wasn't the point of picking the correct answer, but more like picking the answer that's the least wrong. Just a tidbit for you guys studying. Take care. Onto ccie written for me. Tons of reading ahead. Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8909&t=8909 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Written [7:8276]
Is this test all multiple choice or are there fill in the blanks, matching, etc... Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8276&t=8276 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: T-shirt WAS RE: Anyone going to Networkers? [7:6719]
I think we should name the cat Kingsford, in honor of Priscilla. I feel like a stalker now. Don't worry Priscilla, I remember you had your cat's picture on your website. I like the shirt idea. How true is that design? - Tim -Original Message- From: Daniel Cotts [mailto:[EMAIL PROTECTED]] Sent: Friday, June 01, 2001 12:30 PM To: [EMAIL PROTECTED] Subject: T-shirt WAS RE: Anyone going to Networkers? [7:6719] A distinct T-shirt would be one way to identify one another. Let's reopen the Groupstudy T-shirt thread. Someone suggested that we create a T-shirt design and then make it available to members. There was some activity - but no conclusion. Let me submit a word picture of a suggested design: Room in home. Through window moon can be seen - it's late at night. Calendar on wall has two dates circled in red - labeled "LAB". Frantic but exhausted "candidate" is typing on keyboard. Rack of routers behind. AGS+ on floor with snoozing cat atop. Scattered books with first names of known authors on covers. Spouse in nightgown standing at bedroom door - arms folded - looking impatient. There should be versions for male and female GroupStudy members. Any thoughts? Yes, the cat's name is Clifford. > -Original Message- > From: Jon [mailto:[EMAIL PROTECTED]] > Sent: Friday, June 01, 2001 1:12 AM > To: [EMAIL PROTECTED] > Subject: Anyone going to Networkers? [7:6719] > > > Networkers L.A. is in a few short weeks. I'll be there, > probably wishing > everyone would turn the air conditioning up. > > Is anyone else from the list attending? Enough interest to > put together a > gathering on evening? Perhaps Sunday, before we get too > caught up in the > week's events -- assuming most folks are arriving early to > attend a power > session. > > Any ideas on how to decorate our nametags to show we're part > of the elite > GroupStudy following? (Following what, I know not, but I > suspect it's a > trail of Howard's bad jokes). > > -jon- > > __ > Do You Yahoo!? > Get personalized email addresses from Yahoo! Mail - only $35 > a year! http://personal.mail.yahoo.com/ > Report misconduct > and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6802&t=6719 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pass BCRAN low [7:6226]
I agree. That is a very good book for understanding many technologies. The writing is good, the material is thorough. Tim On 29 May 2001 20:08:03 -0400, [EMAIL PROTECTED] ("Michael L. Williams") wrote: >Here is a book that is excellent. it explains ISDN, Frame, and ATM is a >way that I've not seen elsewhere. Has excellent "Spot the issues" >exercises. The very first "Spot the issues" exercise has 45 (small) >paragraphs, each one discussing a separate issue with a single network. >Very thorough > >It's called Cisco Certification: Bridging, Switching, and Routing for CCIE >ISBN# 0130903892 > > http://www.bookpool.com/.x/hop8759eb1/ss/1?qs=0130903892 > >It goes for $63 at Borders (retail is $70), but you can pick it up for >$44.50 at www.bookpool.com (follow the above link). Even with FedEx 2 day >shipping it was only $51 for me. Great deal on a great book. > >Mike W. > > >"thinkworker" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> Today I passed BCRAN. I got a low mark of 785 which 706 for pass. >> >> I use the Sybex book and found there is quite something the book not >> covered. There is nothing more material than CCO. >> >> Is there any good recommandation for CCIE written? Is Sybex books good? >> >> Thanks! >FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6375&t=6226 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: external modem on 2500 router [7:6355]
line aux 0 modem InOut transport input all rxspeed 38400 txspeed 38400 stopbits 1 flowcontrol hardware That's pretty much all there is to it. I have a couple of 2501's with external USR 33.6 modems hung off of them to practice DDR with a teltone tls-4 pots simulator. Works great. Tim On 29 May 2001 23:58:54 -0400, [EMAIL PROTECTED] ("jim terry") wrote: >Can an external modem be attached to the Aux port of a router with a console >cable? If so, what is the port number for it that I would telnet to? > >Thanks, > >JT > > > > > >___ >Send a cool gift with your E-Card >http://www.bluemountain.com/giftcenter/ >FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6374&t=6355 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]