eigrp, frame relay, and ISDN
So here's the scenario...Numerous routers in a central site connected to other remote sites via frame-relay with backup ISDN. Question: What is the best way to implement EIGRP in this scenario? My thoughts were to run EIGRP over the frame, set up the dialer interface / bri as a passive interface, and use floating static routes (static route with higher administrative distance for ISDN backup) Thoughs, comments, suggestions, ridicules? ;-) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Quick Survey: Con or Aux?
http://www.cisco.com/warp/public/76/9.html -Original Message- From: Gareth Hinton [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 28, 2000 3:12 PM To: [EMAIL PROTECTED] Subject: Re: Quick Survey: Con or Aux? Hi all, Anybody got any good links or info for connecting modem to console. I've been messing with a Multitech modem, trying to get the connection to console perfect. After various problems with modem init strings such as echo on causing a loop with router, I am getting towards suitable settings, but still experiencing some problems with connection dropping during set-up (2 or 3 times out of 10). Never seems to fail once exec-timeout has expired, although it does work fairly regularly before it's timed out. Search on CCO seems to point to the fact that console should never be used for modem connection for the security reasons already mentioned previously in this thread, and goes on to explain aux port connection. Sort of thing I would like to see is suggestions for flow control settings on modem, speed for remote hyperterminal session. I seem to get away with just about anything, but I would like to know the ideal. Regards, Gareth ""Elias Aggelidis"" <[EMAIL PROTECTED]> wrote in message 016401c070c2$7f3c52c0$[EMAIL PROTECTED]">news:016401c070c2$7f3c52c0$[EMAIL PROTECTED]... > You can use both Console and Aux to connect a modem, > but as Tony is syggesting use only the console for this kind of thinks ! > > > Regards > > Elias Aggelidis > CCNP + VOICE + SECURITY > - Original Message - > From: "Sam Adams" <[EMAIL PROTECTED]> > To: "'Andrew Whitaker'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Thursday, December 28, 2000 7:37 AM > Subject: RE: Quick Survey: Con or Aux? > > > > I thought the modem goes into the aux. That's the way I have seen them. I > > would like to hear more about this as well. > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > Andrew Whitaker > > Sent: Wednesday, December 27, 2000 4:20 PM > > To: '[EMAIL PROTECTED]' > > Subject: Quick Survey: Con or Aux? > > > > > > Today I got into a discussion about the appropriate place to connect a > > router for remote management of routers. If you plug it into a console > > port, you have the ability to reset the router and recover the password. > > However, if you get disconnected, you leave a session open, causing a > > security problem. Although you can use exec-timeout, it still can make it > > difficult to reconnect to it if you lose a connection. > > > > So, I'm curious...what is everyone's opinion on the best place to plug a > > modem in for remote management? The console port or the AUX port? > > > > _ > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: ciscoworks2000
Any one know of any good documentation on CiscoWorks2000 on Solaris? The manuals that come with it are basically just install guides, and Cisco's web site doesn't seem to have a whole lot. Looking for something that gets a little more in depth than just how to install it. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Quick Survey: Con or Aux?
Today I got into a discussion about the appropriate place to connect a router for remote management of routers. If you plug it into a console port, you have the ability to reset the router and recover the password. However, if you get disconnected, you leave a session open, causing a security problem. Although you can use exec-timeout, it still can make it difficult to reconnect to it if you lose a connection. So, I'm curious...what is everyone's opinion on the best place to plug a modem in for remote management? The console port or the AUX port? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
EIGRP and snapshot routing?
According to the Netcerts BCRAN book, snapshot routing works best with RIP, IGRP, RIP, RTMP, and RTP. No mention of EIGRP is given. Does anyone know of any reason why EIGRP would NOT be a good candidate for snapshot routing? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: distribute list problem
Here's my $0.2... Few questions, just to cover the obvious: 1) Is your ISP doing filtering that might prevent this route? 2) Did you ever advertise this without the distribute lists? If so, you may need to clear the bgp route to your 202.161.128.173 neighbor. 3) Although you have no synchronization turned on, make sure you can get to the network from the router. (I know this should be obvious, but its a good thing to check) Also, do a sh ip bgp ne adv to see if the network is being advertised. On a looking glass router on the internet, this is what I see: BGP routing table entry for 202.95.128.0/19, version 30499964 Paths: (2 available, best #2) Not advertised to any peer 6347 701 7018 11919 9875 64.242.87.5 from 64.242.87.5 (209.83.159.23) Origin IGP, localpref 100, weight 600, valid, external, ref 2 Community: 415958015 415961992 415961993 701 7018 11919 9875 157.130.160.141 from 157.130.160.141 (137.39.2.123) Origin IGP, localpref 100, weight 600, valid, external, best, ref 2 - Original Message - From: suaveguru <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, December 07, 2000 10:26 PM Subject: distribute list problem > Hi, > > I have already configured BGP for but our trafiic for > IP > Address 202.95.159.0/24 not yet routing back via this > circuit. Here is the > configuration at our router. Can you tell us, what's > wrong about our > configuration. > > router bgp 9875 > no synchronization > network 202.95.159.0 > network 202.95.128.0 mask 255.255.224.0 > neighbor 202.161.128.93 remote-as 11919 > neighbor 202.161.128.93 distribute-list 1 out > neighbor 202.161.128.173 remote-as 11919 > neighbor 202.161.128.173 distribute-list 2 out > no auto-summary > ! > access-list 1 permit 202.95.159.0 0.0.0.255 > access-list 2 deny 202.95.159.0 0.0.0.255 > access-list 2 permit any > > > __ > Do You Yahoo!? > Yahoo! Shopping - Thousands of Stores. Millions of Products. > http://shopping.yahoo.com/ > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Help Needed
Don't know if this applies or not, but check out: http://www.cisco.com/warp/public/770/39.shtml This lists a known issue with the 7507 causing this output. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Abdul Mujeeb Sent: Saturday, December 02, 2000 9:32 PM To: [EMAIL PROTECTED] Subject: Help Needed Hi While doing the RSP failover test for cisco 7507 running on IOS version 12.0(13). i found this message What does this below output mean , 19:%SYS-3-CPUHOG: Task ran for 2968 msec (53/44), process = Microc ode Loader, PC = 602A6368. -Traceback= 602A6370 602A6D64 602A43AC 60251804 602517F0 Dec 2 21:41:21: %RSP-3-SLAVECHANGE: Slave changed state from Slave to Non-parti cipant Dec 2 21:41:22: %RSP-3-SLAVECHANGE: Slave changed state from Non-participant to Slave is it something normal Thanks in Advance. Regards, Abdul Mujeeb _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
bgp question and subnetting
Scenario: Let's say you have a class C subnet that you break off into two smaller networks: 1.1.1.0/24 = 1.1.1.0/25 + 1.1.1.128/25 Problem: You are announcing this through BGP, but your provider only allows you to advertise full class C addresses. The problem lies in that you have to announce this network as 1.1.1.0/24 but still get traffic to 1.1.1.0/25 & 1.1.1.128/25. Solution: So, there are two ways to do this: 1) Use an aggregate-address with a suppress map to filter this. router bgp network 1.1.1.0 mask 255.255.255.128 network 1.1.1.128 mask 255.255.255.128 aggregate-address 1.1.1.0 255.255.255.0 suppress-map mysupressmap ! route-map mysuppressmap permit 10 match ip address 20 ! access-list 20 permit 1.1.1.0 0.0.0.128 access-list 20 permit 1.1.1.128 0.0.0.128 ! int vlan 1 ip add 1.1.1.1 255.255.255.128 no shut ! int vlan 2 ip add 1.1.1.129 255.255.255.128 no shut 2) Use null routes router bgp network 1.1.1.0 mask 255.255.255.0 ! ip route 1.1.1.0 255.255.255.0 null 0 ! int vlan 1 ip add 1.1.1.1 255.255.255.128 no shut ! int vlan 2 ip add 1.1.1.129 255.255.255.128 no shut Question: Which way do you all feel is better? I read in Boson's test that the preferred way is to use aggregate addresses, but this seems to be a much more complex way to do what a simple null route can accomplish? Thought / comments? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BCRAN question
For those of you that have passed this test, how important is it to know the various models of routers? I'm familiar with the different series routers and what Cisco recommends them for (i.e., branch office, telecommuter, central office), but do you have to know it down to actual port configurations? (i.e., model 25xx has so many serial ports, so many async ports, and so many ethernet ports, etc). It seems rather futile knowing this since in practice one can always look in the product guide, but the BCRAN book I have says it is important to know this stuff. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
another one passes the BSCN
Just passed the BSCN today - thanks to everyone who helped answer my routing questions! Although I did pass, I'm still going to go back and do some reviewing, particularly on redistribution. Three down, two to go... _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: question about loopback interfaces
Thanks for the response! I have two more questions: If in an OSPF and BGP environment, I think can see the stability with loopbacks... Correct me if I'm wrong in this theoritical scenario: Two routers in an OSPF share the highest priority. To break the tie and determine the DR, OSPF looks at router id, which is the highest interface address (let's say serial interface) and determines a particular router has the highest id. It becomes DR. Without a loopback address, if the serial interface goes down, then the BDR comes online and a new BDR election takes place. This requires processing power and could slow down the network. With a loopback interface configured with the highest IP address, then if a router is the DR and looses its serial interface, it would remain the DR. Is this correct? My second question involves the configuration of the loopback from real-world experience. What do most of you use - an address from the same subnet one of the interfaces is on or a seperate address? -Original Message- From: Tony van Ree [mailto:[EMAIL PROTECTED]] Sent: Monday, November 27, 2000 9:28 PM To: whitaker; [EMAIL PROTECTED] Subject: Re: question about loopback interfaces The notes I have here suggest that using a loopback interface provides a more stable interface than a physical interface. As the loopback interface is up as long as the RAM is working the chances of losing this interface are greatly reduced. Both OSPF and BGP use the highest active IP address as the router ID. If a loopback address is configured they will use the loopback address. Therefore the loopback address provides more stability. It can also make network management and troubleshooting tasks easier. Teunis. On Monday, November 27, 2000 at 08:58:00 PM, whitaker wrote: > Could someone explain the importance of using loopback interfaces? I keep > reading that it is important when using routing protocols to use loopback > interfaces. A consultant that is writing documentation for me suggested I > obtain an entire class C network just for loopback addresses. Cisco says > when configuring BGP that, "We recommend you use a loopback interface to > guarantee reachability in networks with multiple paths." (from > http://www.cisco.com/warp/public/459/23.html#3). > > Maybe I'm missing something totally obvious here, but exactly what benefit > do I gain from using loopback addresses? I know it is supposed to provide > reliability for routing protocols, but how? > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > -- www.tasmail.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
question about loopback interfaces
Could someone explain the importance of using loopback interfaces? I keep reading that it is important when using routing protocols to use loopback interfaces. A consultant that is writing documentation for me suggested I obtain an entire class C network just for loopback addresses. Cisco says when configuring BGP that, "We recommend you use a loopback interface to guarantee reachability in networks with multiple paths." (from http://www.cisco.com/warp/public/459/23.html#3). Maybe I'm missing something totally obvious here, but exactly what benefit do I gain from using loopback addresses? I know it is supposed to provide reliability for routing protocols, but how? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Repeated Questions
I just took my BCMSN test a few days ago (and passed-yippee!) and had the same thing happen. I had to read the question several times to make sure I wasn't reading it wrong, but yes, it was the same question. (Luckily, I knew the answer!) - Original Message - From: "Chan Yew Weng" <[EMAIL PROTECTED]> To: "Cisco Certification Digest" <[EMAIL PROTECTED]> Sent: Sunday, October 29, 2000 9:40 PM Subject: Repeated Questions > I have just taken my BCMSN test today (30/10) and have encountered > repeated questions in my test. > > 2 questions were repeated EXACTLY, word for word. i.e I got the same > questions twice. > > Another question was repeated, essentially the same, but with some > wordings changed. > > Too bad the repeated questions were the ones that I was unsure of the > answers. > > Have you guys encountered repeated questions before? I would have believed that the test generation algo is better than that! > 3 repeated ones! sigh > > -acy > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Challenge
Thanks for the feedback! I'm not familiar with RSPL (obviously); I'll read up on it. As far as the soft reconfiguration goes, I assume I'll need to add the line 'neighbor soft-reconfiguration inbound' command to enable soft reconfiguration. To load balance outbound, I assume I'll need to do the following: ! 6509A - connected to genuity route-map genuity-preference permit 10 match as-path 20 set local preference 10 ip as-path access-list 20 ^1$ neighbor route-map genuity-preference out route-map sprint-preference permit 10 match as-path 30 set local preference 100 ip as-path access-list 30 ^$ neighbor <6509B ip address> route-map sprint-preference out (And add the similiar statements to the 6509B) - Original Message - From: "Howard C. Berkowitz" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, October 29, 2000 4:35 PM Subject: Re: BGP Challenge > At 3:35 PM -0800 10/29/2000, whitaker wrote: > >ok, so I'm trying to implement some BGP routing for the first time. > >I've read through the advanced IP network design, Internet Routing > >Architectures, the RFCs, and a couple other books on BGP. But as we > >all know, none of this compares to good experience. So, before I > >attempt to implement BGP in mission critical datacenter, I thought > >I'd run it by the experts (that's you!) to make sure I'm > >understanding this right. > > While your comments are informative, I strongly suggest you write out > your routing policy in RPSL. It's good practice, in any case, to > write the policy and register it with an appropriate routing > registry. see http://www.radb.net. There are some tutorials at this > site, there's the RPSL and the "Using RPSL in Practice" RFCs, my BGP > series at CertificationZone, etc. Lots of material at > http://www.nanog.org -- in particular, look for Avi Friedman's BGP > 102 tutorial for more about filters. > > AS path prepend, as you point out, will influence traffic coming > towards you. Do you want to try for some load balancing in your > outgoing direction? One reasonable way to do that is to assign a > higher (i.e., more preferred) local preference to customer/direct > connected routes from each ISP (i.e., ASprovider +). > > >[snip] > > > > > > >Here's my questions: > >* Networks are going to be added once a week, not all at once. To > >add a network, it is my understanding that I type 'clear > >ip bgp * soft-reconfiguration outbound' to reset the bgp connection. > >Is this correct? > > You need to predefine soft reconfiguration. > > As far as adding networks, I really would want to know more about > your addressing. > > > > >* Does this configuration effectively make my network non-transitive? > > > >* I've read about peer groups - would this be an effective way of > >maintaining the configuration between the two 6509s? Or > >would it just be adding an additional level of complexity? > > Peer groups are helpful for multiple interfaces on the same router. > > > > >* Will this configuration help to balance out the traffic some > >across the two 6509s? > > > > > > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP Challenge
ok, so I'm trying to implement some BGP routing for the first time. I've read through the advanced IP network design, Internet Routing Architectures, the RFCs, and a couple other books on BGP. But as we all know, none of this compares to good experience. So, before I attempt to implement BGP in mission critical datacenter, I thought I'd run it by the experts (that's you!) to make sure I'm understanding this right. I have two 6509s, each connecting through hssi interface to seperate SONET rings to separate providers. We basically run like an ASP, and have several networks we're advertising. One of our provider's OC-12 ring is not currently implented yet, but this shouldn't make any difference in the configuration. So, here's my sample BGP config: ! 6509Arouter bgp no synchronization ! list networks to advertisenetwork mask 255.255.255.0network mask 255.255.255.240 ! define provider1 and second 6509 as neighborsneighbor remote-as 1neighbor remote-as ! Add filter list to only advertise internal routes so that we don't become transitiveneighbor filter-list 10 out ip as-path access-list 10 permit ^$ ! prepend my AS number to network that is on 6509B. This should help to 'load-balance' some.access-list 1 permit 255.255.255.0access-list 1 permit 255.255.255.0neighbor route-map add_as outroute-map add_as permit 10match ip address 1set as-path prepend ---! 6509Brouter bgp ! list networks to advertisenetwork mask 255.255.255.0network mask 255.255.255.0 ! define provider2 and first 6509 as neighborsneighbor remote-as neighbor remote-as ! Add filter list to only advertise internal routes so that we don't become transitive neighbor filter-list 10 out ip as-path access-list 10 permit ^$ ! prepend my AS number to networks that are on 6509A. This should help to 'load-balance' some.access-list 1 permit mask 255.255.255.0 access-list 1 permit mask 255.255.255.240neighbor route-map add_as outroute-map add_as permit 10match ip address 1set as-path prepend Here's my questions:* Networks are going to be added once a week, not all at once. To add a network, it is my understanding that I type 'clear ip bgp * soft-reconfiguration outbound' to reset the bgp connection. Is this correct? * Does this configuration effectively make my network non-transitive? * I've read about peer groups - would this be an effective way of maintaining the configuration between the two 6509s? Or would it just be adding an additional level of complexity? * Will this configuration help to balance out the traffic some across the two 6509s?
BGP Challenge
ok, so I'm trying to implement some BGP routing for the first time. I've read through the advanced IP network design, Internet Routing Architectures, the RFCs, and a couple other books on BGP. But as we all know, none of this compares to good experience. So, before I attempt to implement BGP in mission critical datacenter, I thought I'd run it by the experts (that's you!) to make sure I'm understanding this right. I have two 6509s, each connecting through hssi interface to seperate SONET rings to separate providers. We basically run like an ASP, and have several networks we're advertising. One of our provider's OC-12 ring is not currently implented yet, but this shouldn't make any difference in the configuration. So, here's my sample BGP config: ! 6509Arouter bgp no synchronization ! list networks to advertisenetwork mask 255.255.255.0network mask 255.255.255.240 ! define provider1 and second 6509 as neighborsneighbor remote-as 1neighbor remote-as ! Add filter list to only advertise internal routes so that we don't become transitiveneighbor filter-list 10 out ip as-path access-list 10 permit ^$ ! prepend my AS number to network that is on 6509B. This should help to 'load-balance' some.access-list 1 permit 255.255.255.0access-list 1 permit 255.255.255.0neighbor route-map add_as outroute-map add_as permit 10match ip address 1set as-path prepend ---! 6509Brouter bgp ! list networks to advertisenetwork mask 255.255.255.0network mask 255.255.255.0 ! define provider2 and first 6509 as neighborsneighbor remote-as neighbor remote-as ! Add filter list to only advertise internal routes so that we don't become transitive neighbor filter-list 10 out ip as-path access-list 10 permit ^$ ! prepend my AS number to networks that are on 6509A. This should help to 'load-balance' some.access-list 1 permit mask 255.255.255.0 access-list 1 permit mask 255.255.255.240neighbor route-map add_as outroute-map add_as permit 10match ip address 1set as-path prepend Here's my questions:* Networks are going to be added once a week, not all at once. To add a network, it is my understanding that I type 'clear ip bgp * soft-reconfiguration outbound' to reset the bgp connection. Is this correct? * Does this configuration effectively make my network non-transitive? * I've read about peer groups - would this be an effective way of maintaining the configuration between the two 6509s? Or would it just be adding an additional level of complexity? * Will this configuration help to balance out the traffic some across the two 6509s?
Re: NT or Linux as a TACACS+ or RADIUS Server
I have this set up on a Linux box without any problems. I used the Cisco IOS 12.0 Security book as a reference. (It also covers Radius) - Original Message - From: Glenn Flood To: '[EMAIL PROTECTED]' Sent: Tuesday, October 24, 2000 10:17 AM Subject: NT or Linux as a TACACS+ or RADIUS Server All, Is it possible to set up NT or Linux as a TACACS or RADIUS Server? If so where can I get the appropriate software. Thanks,Glenn
isl trunk on 6509
I was trying to set up an ISL trunk on my gigabit fiber link, but it responded that it was only able to run in nonegotiate mode. Since this is going between two 6509s gigabit fiber link, I was never able to exchange VTP information between the two in nonegotiate mode, and it wouldn't let me switch it to anything else. I now have a trunk running across one of the 10/100 switch module ports. Is this a limitation of the gigabit fiber links? Or is there something I'm missing here?
