RE: question on Cisco Certification Challenge from cis [7:72272]
What's the URl for the questions? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72286t=72272 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
question on Cisco Certification Challenge from cisco.com [7:72272]
Hi Guys Just a quick question on the Cisco Certification Challenge questions found on downloaded from Cisco.com.Im taking my CCNP recert in a few days and just wanted to know if these challenge questions on each CCNP segment is of a comparable level as in the actual exam. Thanks Simon. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72272t=72272 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: hacking challenge [7:66720]
Many thanks to all who replied. I've got some good verbage now. In particular the multi-layer defense. -Original Message- From: Evans, TJ (BearingPoint) [mailto:[EMAIL PROTECTED] Sent: Thursday, April 03, 2003 12:36 PM To: [EMAIL PROTECTED] Subject: RE: hacking challenge [7:66720] So ... doesn't that give them enough supporting evidence all by itself? If not, maybe it is a lost cause? As an aside - a pix, if it was permitting the offending port through as well, may not have stopped the worm either. Think Defense in Depth. A firewall, while a necessity for -everyone- (IMHO) is not a cure-all; it is a piece of a very large, very complex puzzle (even for a small network!). .. Have someone in a Decision-making position there read Hacking __(pick an os - Windows2k, Linux, etc.), or attend a SANS course (or just visit their reading room - TONS of articles). Read Eric Cole's or Ed Skoudis's books. .. or, teach him/her to use google ... Thanks! TJ -Original Message- From: Wilmes, Rusty [mailto:[EMAIL PROTECTED] Sent: Thursday, April 03, 2003 2:05 PM To: [EMAIL PROTECTED] Subject: RE: hacking challenge [7:66720] there's an access list on the ethernet interface thats directly connected to a dsl modem. they're allowing telnet and smpt to basically, any any plus various other protocols from/to specific addresses. There're only two outside addresses that are natted but its really hideous and the access list is the only thing resembling a layer of security between the internet and their server farm. I was just hoping to hear some really good verbage about how vulnerable they are. I've told them for 3 months to get a pix but it just aint sinking in. Now they've got a worm loose on their mail server thats bringing down their main host system and their internet line (but thats another story). -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Thursday, April 03, 2003 8:46 AM To: [EMAIL PROTECTED] Subject: RE: hacking challenge [7:66720] Wilmes, Rusty wrote: this is a general question for the security specialists. Im trying to convince a client that they need a firewall so hypothetically, if you had telnet via the internet open to a router (with an access list that allowed smtp and telnet) (assuming you didn't know the telnet password or the enable password)that had a bunch of nt servers on another interface, Do you actually mean that you are allowing Telnet and SMTP to go through the router? You said to above which is confusing. Allowing Telnet to the router unrestricted would be a horrible security hole, even for people who don't know the password because passwords are often guessable. But I don't think that's what you meant... Allowing Telnet and SMTP through the router is more common, especially SMTP. You have to allow SMTP if you have an e-mail server that gets mail from the outside world. Avoid Telnet, though, if you can. It sends all text as clear text, including passwords. The question is really how vulnerable is the operating system that the SMTP server is running on? It's probably horribly vulnerable if your client hasn't kept up with the latest patches, and it sounds like your client is the type that hasn't? In fact, the server is probably busy attacking the rest of us right now! ;-0 So, as far as convicing your customer The best way may be to put a free firewall, like Zone Alarm, on the decision maker's computer and show her/him all the attacks happening all the time. Or if she already has a firewall, walk her through the log. Good luck. I have a good book to recommend on this topic: Greenberg, Eric. Mission-Critical Security Planner. New York, New York, Wiley Publishing, Inc., 2003. Here's an Amazon link: http://www.amazon.com/exec/obidos/ASIN/0471211656/opendoornetw inc/104-9901005-4572707 Priscilla how long would it take a determined hacker a) cause some kind of network downtime and b) to map a network drive to a share on a file server over the internet. Thanks, Rusty -Original Message- From: Larry Letterman [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 02, 2003 1:44 PM To: [EMAIL PROTECTED] Subject: RE: VLAN loop problem [7:66656] Yes, it prevents loops in spanning tree on layer 2 switches from causing a loop by disabling the port on a cisco switch... Larry Letterman Network Engineer Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thomas N. Sent: Wednesday, April 02, 2003 12:18 PM To: [EMAIL PROTECTED] Subject: Re: VLAN loop problem [7
Re: hacking challenge [7:66720]
Depending on the servers you could do it in 5 min. There is an annonamys account that runs over netbios in the 130's port area. If there isn't a firewall in place to filer this port you can use the net use command and have access to the box. After this you can download the backup copy of the SAM off the server run a crack program like lophtcrack and BLING BLING. You have every user name and password on the system. All to easy. I would recommend the Hacking Exposed book. If you want to protect your system from cracker / hackers. You need to know what they can and will do to get what they want. However don't let a firewall be your end all do all solution. Look into hardening you Server OS, if its Win2k try learning about group policy's they are a wonderful addition. If it's Novell or Linux, sorry I can't be much help. But the rule applies Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66753t=66720 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: hacking challenge [7:66720]
Wilmes, Rusty wrote: this is a general question for the security specialists. Im trying to convince a client that they need a firewall so hypothetically, if you had telnet via the internet open to a router (with an access list that allowed smtp and telnet) (assuming you didn't know the telnet password or the enable password)that had a bunch of nt servers on another interface, Do you actually mean that you are allowing Telnet and SMTP to go through the router? You said to above which is confusing. Allowing Telnet to the router unrestricted would be a horrible security hole, even for people who don't know the password because passwords are often guessable. But I don't think that's what you meant... Allowing Telnet and SMTP through the router is more common, especially SMTP. You have to allow SMTP if you have an e-mail server that gets mail from the outside world. Avoid Telnet, though, if you can. It sends all text as clear text, including passwords. The question is really how vulnerable is the operating system that the SMTP server is running on? It's probably horribly vulnerable if your client hasn't kept up with the latest patches, and it sounds like your client is the type that hasn't? In fact, the server is probably busy attacking the rest of us right now! ;-0 So, as far as convicing your customer The best way may be to put a free firewall, like Zone Alarm, on the decision maker's computer and show her/him all the attacks happening all the time. Or if she already has a firewall, walk her through the log. Good luck. I have a good book to recommend on this topic: Greenberg, Eric. Mission-Critical Security Planner. New York, New York, Wiley Publishing, Inc., 2003. Here's an Amazon link: http://www.amazon.com/exec/obidos/ASIN/0471211656/opendoornetwinc/104-9901005-4572707 Priscilla how long would it take a determined hacker a) cause some kind of network downtime and b) to map a network drive to a share on a file server over the internet. Thanks, Rusty -Original Message- From: Larry Letterman [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 02, 2003 1:44 PM To: [EMAIL PROTECTED] Subject: RE: VLAN loop problem [7:66656] Yes, it prevents loops in spanning tree on layer 2 switches from causing a loop by disabling the port on a cisco switch... Larry Letterman Network Engineer Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thomas N. Sent: Wednesday, April 02, 2003 12:18 PM To: [EMAIL PROTECTED] Subject: Re: VLAN loop problem [7:66656] What does portfast bpdu-guard do? Does it prevent interfaces with portfast enabled from causing the loop in my scenario? Larry Letterman wrote in message news:[EMAIL PROTECTED] port mac address security might work, altho its a lot of admin overhead..are you running portfast bpdu-guard on the access ports? Larry Letterman Network Engineer Cisco Systems - Original Message - From: Thomas N. To: [EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 8:14 PM Subject: VLAN loop problem [7:66656] Hi All, I got a problem in the production campus LAN here between VLANs. Please help me out! Below is the scenario: We have VLAN 10 (10.10.x.x) and VLAN 20 (10.20.x.x) subnets. Routing is enable/allowed between the two subnets using MSFC of the 6500. Each subnet has a DHCP server to assign IP address to devices on its subnet. Spanning-tree is enable; however, portfast is turned on on all non-trunking/uplink ports. Recently, devices on VLAN 10 got assigned an IP address of 10.20.x.x , which is from the DHCP on the other scope and also from 10.10.x.x scope, and vice versa. It seems that we a loop somewhere between the 2 subnets but we don't know where. I noticed lots of end users have a little unmanged hub/switch hang off the network jacks in their cubicals and potentially cause loop. Is there any way that we can block the loop on the Cisco switches without visiting cubicals taking those little umanaged hubs/switches? Thanks! Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66758t=66720 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hacking challenge [7:66720]
However don't let a firewall be your end all do all solution. Look into hardening you Server OS, if its Win2k try learning about group policy's they are a wonderful addition. If it's Novell or Linux, sorry I can't be much help. But the rule applies If you're looking for security on Win2k then here's some advice. Close it off to the world. Completely. Run a PIX of PF firewall in front of your networks behind a router. If you want a secure OS then move to a Linux or xBSD. This is getting off topic. -Karsten On Thursday 03 April 2003 07:29 am, Steven Aiello wrote: Depending on the servers you could do it in 5 min. There is an annonamys account that runs over netbios in the 130's port area. If there isn't a firewall in place to filer this port you can use the net use command and have access to the box. After this you can download the backup copy of the SAM off the server run a crack program like lophtcrack and BLING BLING. You have every user name and password on the system. All to easy. I would recommend the Hacking Exposed book. If you want to protect your system from cracker / hackers. You need to know what they can and will do to get what they want. However don't let a firewall be your end all do all solution. Look into hardening you Server OS, if its Win2k try learning about group policy's they are a wonderful addition. If it's Novell or Linux, sorry I can't be much help. But the rule applies Steve Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66763t=66720 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hacking challenge [7:66720]
Rusty, I'm not clear from your question if there is an acl blocking everything inbound to the nt servers except smtp and telnet or if the acl is for inbound to the router itself. In the former case, unless your client is forcing their users to use good passwords, it's likely that a brute force telnet attempt would succeed in anywhere from a few hours to a few days, ditto for brute force on the router. If they're not logging failed login attempts, they would never know this was occurring. If they have no filtering if any kind inbound to their servers, there are many netbios/nt vulnerabilities that they could be susceptible to, without knowing more specifics about the patches applied and the services being run I can't give you anything more specific. You can search on securityfocus.com to see what might be applicable to your client. One thing to keep in mind, for a small site the Cisco firewall feature set may be adequate. At the very least, a correctly configured access-list provides some rudimentary protection. See the cisco site or Phrack issue 52 for info on Cisco router security. (phrack.com) Also, security works best when applied in layers. It's not enough to have a firewall, enabling centralized logging, patching and hardening servers, backup procedures and implementing change control procedures are just a few of the things that need to be done as well. A firewall is just the beginning. HTH, Kent PS If your trying to get your client to take security seriously, you should probably begin by asking business questions like: What is the worth of the information contained on your servers? How long could you operate without that information? If you lost all of the information on your servers, could your business operate? Are you aware of how much money businesses lost last year due to security breaches according to the FBI/CSI annual report? Are you aware of the potential legal issues related to not following due care practices for securing your information infrastructure, etc. etc. On Wed, 2003-04-02 at 19:09, Wilmes, Rusty wrote: this is a general question for the security specialists. Im trying to convince a client that they need a firewall so hypothetically, if you had telnet via the internet open to a router (with an access list that allowed smtp and telnet) (assuming you didn't know the telnet password or the enable password)that had a bunch of nt servers on another interface, how long would it take a determined hacker a) cause some kind of network downtime and b) to map a network drive to a share on a file server over the internet. Thanks, Rusty -Original Message- From: Larry Letterman [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 02, 2003 1:44 PM To: [EMAIL PROTECTED] Subject: RE: VLAN loop problem [7:66656] Yes, it prevents loops in spanning tree on layer 2 switches from causing a loop by disabling the port on a cisco switch... Larry Letterman Network Engineer Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thomas N. Sent: Wednesday, April 02, 2003 12:18 PM To: [EMAIL PROTECTED] Subject: Re: VLAN loop problem [7:66656] What does portfast bpdu-guard do? Does it prevent interfaces with portfast enabled from causing the loop in my scenario? Larry Letterman wrote in message news:[EMAIL PROTECTED] port mac address security might work, altho its a lot of admin overhead..are you running portfast bpdu-guard on the access ports? Larry Letterman Network Engineer Cisco Systems - Original Message - From: Thomas N. To: [EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 8:14 PM Subject: VLAN loop problem [7:66656] Hi All, I got a problem in the production campus LAN here between VLANs. Please help me out! Below is the scenario: We have VLAN 10 (10.10.x.x) and VLAN 20 (10.20.x.x) subnets. Routing is enable/allowed between the two subnets using MSFC of the 6500. Each subnet has a DHCP server to assign IP address to devices on its subnet. Spanning-tree is enable; however, portfast is turned on on all non-trunking/uplink ports. Recently, devices on VLAN 10 got assigned an IP address of 10.20.x.x , which is from the DHCP on the other scope and also from 10.10.x.x scope, and vice versa. It seems that we a loop somewhere between the 2 subnets but we don't know where. I noticed lots of end users have a little unmanged hub/switch hang off the network jacks in their cubicals and potentially cause loop. Is there any way that we can block the loop on the Cisco switches without visiting cubicals taking those little umanaged hubs/switches? Thanks! Thomas Message Posted at:
RE: hacking challenge [7:66720]
Easy, show them RFC 3514 and let them know you would need a firewall to block the Evil bit...cash, check or charge? -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Thursday, April 03, 2003 11:46 AM To: [EMAIL PROTECTED] Subject: RE: hacking challenge [7:66720] Wilmes, Rusty wrote: this is a general question for the security specialists. Im trying to convince a client that they need a firewall so hypothetically, if you had telnet via the internet open to a router (with an access list that allowed smtp and telnet) (assuming you didn't know the telnet password or the enable password)that had a bunch of nt servers on another interface, Do you actually mean that you are allowing Telnet and SMTP to go through the router? You said to above which is confusing. Allowing Telnet to the router unrestricted would be a horrible security hole, even for people who don't know the password because passwords are often guessable. But I don't think that's what you meant... Allowing Telnet and SMTP through the router is more common, especially SMTP. You have to allow SMTP if you have an e-mail server that gets mail from the outside world. Avoid Telnet, though, if you can. It sends all text as clear text, including passwords. The question is really how vulnerable is the operating system that the SMTP server is running on? It's probably horribly vulnerable if your client hasn't kept up with the latest patches, and it sounds like your client is the type that hasn't? In fact, the server is probably busy attacking the rest of us right now! ;-0 So, as far as convicing your customer The best way may be to put a free firewall, like Zone Alarm, on the decision maker's computer and show her/him all the attacks happening all the time. Or if she already has a firewall, walk her through the log. Good luck. I have a good book to recommend on this topic: Greenberg, Eric. Mission-Critical Security Planner. New York, New York, Wiley Publishing, Inc., 2003. Here's an Amazon link: http://www.amazon.com/exec/obidos/ASIN/0471211656/opendoornetwinc/104-99 01005-4572707 Priscilla how long would it take a determined hacker a) cause some kind of network downtime and b) to map a network drive to a share on a file server over the internet. Thanks, Rusty -Original Message- From: Larry Letterman [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 02, 2003 1:44 PM To: [EMAIL PROTECTED] Subject: RE: VLAN loop problem [7:66656] Yes, it prevents loops in spanning tree on layer 2 switches from causing a loop by disabling the port on a cisco switch... Larry Letterman Network Engineer Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thomas N. Sent: Wednesday, April 02, 2003 12:18 PM To: [EMAIL PROTECTED] Subject: Re: VLAN loop problem [7:66656] What does portfast bpdu-guard do? Does it prevent interfaces with portfast enabled from causing the loop in my scenario? Larry Letterman wrote in message news:[EMAIL PROTECTED] port mac address security might work, altho its a lot of admin overhead..are you running portfast bpdu-guard on the access ports? Larry Letterman Network Engineer Cisco Systems - Original Message - From: Thomas N. To: [EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 8:14 PM Subject: VLAN loop problem [7:66656] Hi All, I got a problem in the production campus LAN here between VLANs. Please help me out! Below is the scenario: We have VLAN 10 (10.10.x.x) and VLAN 20 (10.20.x.x) subnets. Routing is enable/allowed between the two subnets using MSFC of the 6500. Each subnet has a DHCP server to assign IP address to devices on its subnet. Spanning-tree is enable; however, portfast is turned on on all non-trunking/uplink ports. Recently, devices on VLAN 10 got assigned an IP address of 10.20.x.x , which is from the DHCP on the other scope and also from 10.10.x.x scope, and vice versa. It seems that we a loop somewhere between the 2 subnets but we don't know where. I noticed lots of end users have a little unmanged hub/switch hang off the network jacks in their cubicals and potentially cause loop. Is there any way that we can block the loop on the Cisco switches without visiting cubicals taking those little umanaged hubs/switches? Thanks! Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66770t=66720 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: hacking challenge [7:66720]
there's an access list on the ethernet interface thats directly connected to a dsl modem. they're allowing telnet and smpt to basically, any any plus various other protocols from/to specific addresses. There're only two outside addresses that are natted but its really hideous and the access list is the only thing resembling a layer of security between the internet and their server farm. I was just hoping to hear some really good verbage about how vulnerable they are. I've told them for 3 months to get a pix but it just aint sinking in. Now they've got a worm loose on their mail server thats bringing down their main host system and their internet line (but thats another story). -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Thursday, April 03, 2003 8:46 AM To: [EMAIL PROTECTED] Subject: RE: hacking challenge [7:66720] Wilmes, Rusty wrote: this is a general question for the security specialists. Im trying to convince a client that they need a firewall so hypothetically, if you had telnet via the internet open to a router (with an access list that allowed smtp and telnet) (assuming you didn't know the telnet password or the enable password)that had a bunch of nt servers on another interface, Do you actually mean that you are allowing Telnet and SMTP to go through the router? You said to above which is confusing. Allowing Telnet to the router unrestricted would be a horrible security hole, even for people who don't know the password because passwords are often guessable. But I don't think that's what you meant... Allowing Telnet and SMTP through the router is more common, especially SMTP. You have to allow SMTP if you have an e-mail server that gets mail from the outside world. Avoid Telnet, though, if you can. It sends all text as clear text, including passwords. The question is really how vulnerable is the operating system that the SMTP server is running on? It's probably horribly vulnerable if your client hasn't kept up with the latest patches, and it sounds like your client is the type that hasn't? In fact, the server is probably busy attacking the rest of us right now! ;-0 So, as far as convicing your customer The best way may be to put a free firewall, like Zone Alarm, on the decision maker's computer and show her/him all the attacks happening all the time. Or if she already has a firewall, walk her through the log. Good luck. I have a good book to recommend on this topic: Greenberg, Eric. Mission-Critical Security Planner. New York, New York, Wiley Publishing, Inc., 2003. Here's an Amazon link: http://www.amazon.com/exec/obidos/ASIN/0471211656/opendoornetw inc/104-9901005-4572707 Priscilla how long would it take a determined hacker a) cause some kind of network downtime and b) to map a network drive to a share on a file server over the internet. Thanks, Rusty -Original Message- From: Larry Letterman [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 02, 2003 1:44 PM To: [EMAIL PROTECTED] Subject: RE: VLAN loop problem [7:66656] Yes, it prevents loops in spanning tree on layer 2 switches from causing a loop by disabling the port on a cisco switch... Larry Letterman Network Engineer Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thomas N. Sent: Wednesday, April 02, 2003 12:18 PM To: [EMAIL PROTECTED] Subject: Re: VLAN loop problem [7:66656] What does portfast bpdu-guard do? Does it prevent interfaces with portfast enabled from causing the loop in my scenario? Larry Letterman wrote in message news:[EMAIL PROTECTED] port mac address security might work, altho its a lot of admin overhead..are you running portfast bpdu-guard on the access ports? Larry Letterman Network Engineer Cisco Systems - Original Message - From: Thomas N. To: [EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 8:14 PM Subject: VLAN loop problem [7:66656] Hi All, I got a problem in the production campus LAN here between VLANs. Please help me out! Below is the scenario: We have VLAN 10 (10.10.x.x) and VLAN 20 (10.20.x.x) subnets. Routing is enable/allowed between the two subnets using MSFC of the 6500. Each subnet has a DHCP server to assign IP address to devices on its subnet. Spanning-tree is enable; however, portfast is turned on on all non-trunking/uplink ports. Recently, devices on VLAN 10 got assigned an IP address of 10.20.x.x , which is from the DHCP on the other scope and also from 10.10.x.x scope, and vice versa. It seems
RE: hacking challenge [7:66720]
This prompts me to say something about a comment from a previous poster about how vulnerable Windows is compared to Linux/xBSD etc I see many, many vulnerability alerts weekly for *nix based systems. Probably just as many as you see for Windows. You should of course harden any Internet facing network device, however the point is not really the type of server OS you run, or the Apps on it, but how good you are at proactively keeping them patched. I suggest that you go to some firewall vendor sites and plagiarise a bit of marketing guff if you want to sell the firewall idea to a sceptic, although just plonking a firewall in front of your unpatched sendmail server won't achieve a great deal. My 2c, YMMV Symon -Original Message- From: Wilmes, Rusty [mailto:[EMAIL PROTECTED] Sent: 03 April 2003 20:05 To: [EMAIL PROTECTED] Subject: RE: hacking challenge [7:66720] there's an access list on the ethernet interface thats directly connected to a dsl modem. they're allowing telnet and smpt to basically, any any plus various other protocols from/to specific addresses. There're only two outside addresses that are natted but its really hideous and the access list is the only thing resembling a layer of security between the internet and their server farm. I was just hoping to hear some really good verbage about how vulnerable they are. I've told them for 3 months to get a pix but it just aint sinking in. Now they've got a worm loose on their mail server thats bringing down their main host system and their internet line (but thats another story). -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Thursday, April 03, 2003 8:46 AM To: [EMAIL PROTECTED] Subject: RE: hacking challenge [7:66720] Wilmes, Rusty wrote: this is a general question for the security specialists. Im trying to convince a client that they need a firewall so hypothetically, if you had telnet via the internet open to a router (with an access list that allowed smtp and telnet) (assuming you didn't know the telnet password or the enable password)that had a bunch of nt servers on another interface, Do you actually mean that you are allowing Telnet and SMTP to go through the router? You said to above which is confusing. Allowing Telnet to the router unrestricted would be a horrible security hole, even for people who don't know the password because passwords are often guessable. But I don't think that's what you meant... Allowing Telnet and SMTP through the router is more common, especially SMTP. You have to allow SMTP if you have an e-mail server that gets mail from the outside world. Avoid Telnet, though, if you can. It sends all text as clear text, including passwords. The question is really how vulnerable is the operating system that the SMTP server is running on? It's probably horribly vulnerable if your client hasn't kept up with the latest patches, and it sounds like your client is the type that hasn't? In fact, the server is probably busy attacking the rest of us right now! ;-0 So, as far as convicing your customer The best way may be to put a free firewall, like Zone Alarm, on the decision maker's computer and show her/him all the attacks happening all the time. Or if she already has a firewall, walk her through the log. Good luck. I have a good book to recommend on this topic: Greenberg, Eric. Mission-Critical Security Planner. New York, New York, Wiley Publishing, Inc., 2003. Here's an Amazon link: http://www.amazon.com/exec/obidos/ASIN/0471211656/opendoornetw inc/104-9901005-4572707 Priscilla how long would it take a determined hacker a) cause some kind of network downtime and b) to map a network drive to a share on a file server over the internet. Thanks, Rusty -Original Message- From: Larry Letterman [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 02, 2003 1:44 PM To: [EMAIL PROTECTED] Subject: RE: VLAN loop problem [7:66656] Yes, it prevents loops in spanning tree on layer 2 switches from causing a loop by disabling the port on a cisco switch... Larry Letterman Network Engineer Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thomas N. Sent: Wednesday, April 02, 2003 12:18 PM To: [EMAIL PROTECTED] Subject: Re: VLAN loop problem [7:66656] What does portfast bpdu-guard do? Does it prevent interfaces with portfast enabled from causing the loop in my scenario? Larry Letterman wrote in message news:[EMAIL PROTECTED] port mac address security might work, altho its a lot of admin overhead..are you running portfast bpdu-guard on the access ports? Larry Letterman Network Engineer Cisco Systems - Original
RE: hacking challenge [7:66720]
So ... doesn't that give them enough supporting evidence all by itself? If not, maybe it is a lost cause? As an aside - a pix, if it was permitting the offending port through as well, may not have stopped the worm either. Think Defense in Depth. A firewall, while a necessity for -everyone- (IMHO) is not a cure-all; it is a piece of a very large, very complex puzzle (even for a small network!). .. Have someone in a Decision-making position there read Hacking __(pick an os - Windows2k, Linux, etc.), or attend a SANS course (or just visit their reading room - TONS of articles). Read Eric Cole's or Ed Skoudis's books. .. or, teach him/her to use google ... Thanks! TJ -Original Message- From: Wilmes, Rusty [mailto:[EMAIL PROTECTED] Sent: Thursday, April 03, 2003 2:05 PM To: [EMAIL PROTECTED] Subject: RE: hacking challenge [7:66720] there's an access list on the ethernet interface thats directly connected to a dsl modem. they're allowing telnet and smpt to basically, any any plus various other protocols from/to specific addresses. There're only two outside addresses that are natted but its really hideous and the access list is the only thing resembling a layer of security between the internet and their server farm. I was just hoping to hear some really good verbage about how vulnerable they are. I've told them for 3 months to get a pix but it just aint sinking in. Now they've got a worm loose on their mail server thats bringing down their main host system and their internet line (but thats another story). -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Thursday, April 03, 2003 8:46 AM To: [EMAIL PROTECTED] Subject: RE: hacking challenge [7:66720] Wilmes, Rusty wrote: this is a general question for the security specialists. Im trying to convince a client that they need a firewall so hypothetically, if you had telnet via the internet open to a router (with an access list that allowed smtp and telnet) (assuming you didn't know the telnet password or the enable password)that had a bunch of nt servers on another interface, Do you actually mean that you are allowing Telnet and SMTP to go through the router? You said to above which is confusing. Allowing Telnet to the router unrestricted would be a horrible security hole, even for people who don't know the password because passwords are often guessable. But I don't think that's what you meant... Allowing Telnet and SMTP through the router is more common, especially SMTP. You have to allow SMTP if you have an e-mail server that gets mail from the outside world. Avoid Telnet, though, if you can. It sends all text as clear text, including passwords. The question is really how vulnerable is the operating system that the SMTP server is running on? It's probably horribly vulnerable if your client hasn't kept up with the latest patches, and it sounds like your client is the type that hasn't? In fact, the server is probably busy attacking the rest of us right now! ;-0 So, as far as convicing your customer The best way may be to put a free firewall, like Zone Alarm, on the decision maker's computer and show her/him all the attacks happening all the time. Or if she already has a firewall, walk her through the log. Good luck. I have a good book to recommend on this topic: Greenberg, Eric. Mission-Critical Security Planner. New York, New York, Wiley Publishing, Inc., 2003. Here's an Amazon link: http://www.amazon.com/exec/obidos/ASIN/0471211656/opendoornetw inc/104-9901005-4572707 Priscilla how long would it take a determined hacker a) cause some kind of network downtime and b) to map a network drive to a share on a file server over the internet. Thanks, Rusty -Original Message- From: Larry Letterman [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 02, 2003 1:44 PM To: [EMAIL PROTECTED] Subject: RE: VLAN loop problem [7:66656] Yes, it prevents loops in spanning tree on layer 2 switches from causing a loop by disabling the port on a cisco switch... Larry Letterman Network Engineer Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thomas N. Sent: Wednesday, April 02, 2003 12:18 PM To: [EMAIL PROTECTED] Subject: Re: VLAN loop problem [7:66656] What does portfast bpdu-guard do? Does it prevent interfaces with portfast enabled from causing the loop in my scenario? Larry Letterman wrote in message news:[EMAIL PROTECTED] port mac address security might work, altho its a lot of admin overhead..are you running portfast bpdu-guard on the access ports? Larry Letterman Network Engineer Cisco Systems - Original Message
Re: hacking challenge [7:66720]
my company does a lot of firewall consulting and I run into this question all the time. frankly I don't have a great answer for it though. packet filters (i.e. access-lists) are technically first generation firewalls, so they do have a firewall in place already. the sell really comes into play when you state that first generation firewalls aren't as robust and up-to-date as the latest third generation firewalls and are open to concerted attacks. this usually they can understand. trying to explain multilayer stateful inspection to them is pointless, so don't even try. probably the best thing you can do (as already sugeested), is make sure your acl is complete and anytime a security issue comes up point out the problem as relates to no firewall. after about a year of you doing this, they'll catch on and will budget it in eventually. scott Wilmes, Rusty wrote in message news:[EMAIL PROTECTED] there's an access list on the ethernet interface thats directly connected to a dsl modem. they're allowing telnet and smpt to basically, any any plus various other protocols from/to specific addresses. There're only two outside addresses that are natted but its really hideous and the access list is the only thing resembling a layer of security between the internet and their server farm. I was just hoping to hear some really good verbage about how vulnerable they are. I've told them for 3 months to get a pix but it just aint sinking in. Now they've got a worm loose on their mail server thats bringing down their main host system and their internet line (but thats another story). -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Thursday, April 03, 2003 8:46 AM To: [EMAIL PROTECTED] Subject: RE: hacking challenge [7:66720] Wilmes, Rusty wrote: this is a general question for the security specialists. Im trying to convince a client that they need a firewall so hypothetically, if you had telnet via the internet open to a router (with an access list that allowed smtp and telnet) (assuming you didn't know the telnet password or the enable password)that had a bunch of nt servers on another interface, Do you actually mean that you are allowing Telnet and SMTP to go through the router? You said to above which is confusing. Allowing Telnet to the router unrestricted would be a horrible security hole, even for people who don't know the password because passwords are often guessable. But I don't think that's what you meant... Allowing Telnet and SMTP through the router is more common, especially SMTP. You have to allow SMTP if you have an e-mail server that gets mail from the outside world. Avoid Telnet, though, if you can. It sends all text as clear text, including passwords. The question is really how vulnerable is the operating system that the SMTP server is running on? It's probably horribly vulnerable if your client hasn't kept up with the latest patches, and it sounds like your client is the type that hasn't? In fact, the server is probably busy attacking the rest of us right now! ;-0 So, as far as convicing your customer The best way may be to put a free firewall, like Zone Alarm, on the decision maker's computer and show her/him all the attacks happening all the time. Or if she already has a firewall, walk her through the log. Good luck. I have a good book to recommend on this topic: Greenberg, Eric. Mission-Critical Security Planner. New York, New York, Wiley Publishing, Inc., 2003. Here's an Amazon link: http://www.amazon.com/exec/obidos/ASIN/0471211656/opendoornetw inc/104-9901005-4572707 Priscilla how long would it take a determined hacker a) cause some kind of network downtime and b) to map a network drive to a share on a file server over the internet. Thanks, Rusty -Original Message- From: Larry Letterman [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 02, 2003 1:44 PM To: [EMAIL PROTECTED] Subject: RE: VLAN loop problem [7:66656] Yes, it prevents loops in spanning tree on layer 2 switches from causing a loop by disabling the port on a cisco switch... Larry Letterman Network Engineer Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thomas N. Sent: Wednesday, April 02, 2003 12:18 PM To: [EMAIL PROTECTED] Subject: Re: VLAN loop problem [7:66656] What does portfast bpdu-guard do? Does it prevent interfaces with portfast enabled from causing the loop in my scenario? Larry Letterman wrote in message news:[EMAIL PROTECTED] port mac address security might work, altho its a lot of admin overhead..are you running portfast bpdu-guard
RE: hacking challenge [7:66720]
I would have to take issue with the following statement: You should of course harden any Internet facing network device, however the point is not really the type of server OS you run, or the Apps on it, but how good you are at proactively keeping them patched. -MANY- so-called vulnerabilities are actually by design, we usually call them features. This is where the quality of the original coding, the quality/details of the installation/configuration, and the layers wrapped around all of this come together. Typically, we as users have no control over the coding aspect, aside from auditing the application in question before deploying it and choosing your vendor accordingly. The installation / config is *very* important. Nearly every vulnerability would be bypassed if we could just disable all of the services, or leave the machine without a network connection :). Code Red and Slammer, to site two VERY BIG examples, would never have been an issue if the recommended best practices from the vendor (MS, in this case) had been followed. Patching, of course, is not to be underrated. This *REALLY* comes into play when the vulnerability exists in the services you offer - web services or SQL, for ex. I hate to sound repetitive, but the key lies in knowing how to address all applicable layers and do maintain vigilance in doing so. Defense in Depth Thanks! TJ -Original Message- From: Symon Thurlow [mailto:[EMAIL PROTECTED] Sent: Thursday, April 03, 2003 4:09 PM To: [EMAIL PROTECTED] Subject: RE: hacking challenge [7:66720] This prompts me to say something about a comment from a previous poster about how vulnerable Windows is compared to Linux/xBSD etc I see many, many vulnerability alerts weekly for *nix based systems. Probably just as many as you see for Windows. You should of course harden any Internet facing network device, however the point is not really the type of server OS you run, or the Apps on it, but how good you are at proactively keeping them patched. I suggest that you go to some firewall vendor sites and plagiarise a bit of marketing guff if you want to sell the firewall idea to a sceptic, although just plonking a firewall in front of your unpatched sendmail server won't achieve a great deal. My 2c, YMMV Symon -Original Message- From: Wilmes, Rusty [mailto:[EMAIL PROTECTED] Sent: 03 April 2003 20:05 To: [EMAIL PROTECTED] Subject: RE: hacking challenge [7:66720] there's an access list on the ethernet interface thats directly connected to a dsl modem. they're allowing telnet and smpt to basically, any any plus various other protocols from/to specific addresses. There're only two outside addresses that are natted but its really hideous and the access list is the only thing resembling a layer of security between the internet and their server farm. I was just hoping to hear some really good verbage about how vulnerable they are. I've told them for 3 months to get a pix but it just aint sinking in. Now they've got a worm loose on their mail server thats bringing down their main host system and their internet line (but thats another story). -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Thursday, April 03, 2003 8:46 AM To: [EMAIL PROTECTED] Subject: RE: hacking challenge [7:66720] Wilmes, Rusty wrote: this is a general question for the security specialists. Im trying to convince a client that they need a firewall so hypothetically, if you had telnet via the internet open to a router (with an access list that allowed smtp and telnet) (assuming you didn't know the telnet password or the enable password)that had a bunch of nt servers on another interface, Do you actually mean that you are allowing Telnet and SMTP to go through the router? You said to above which is confusing. Allowing Telnet to the router unrestricted would be a horrible security hole, even for people who don't know the password because passwords are often guessable. But I don't think that's what you meant... Allowing Telnet and SMTP through the router is more common, especially SMTP. You have to allow SMTP if you have an e-mail server that gets mail from the outside world. Avoid Telnet, though, if you can. It sends all text as clear text, including passwords. The question is really how vulnerable is the operating system that the SMTP server is running on? It's probably horribly vulnerable if your client hasn't kept up with the latest patches, and it sounds like your client is the type that hasn't? In fact, the server is probably busy attacking the rest of us right now! ;-0 So, as far as convicing your customer The best way may be to put a free firewall, like Zone Alarm, on the decision maker's computer and show her/him all the attacks happening all the time. Or if she already has a firewall, walk her through the log. Good luck. I have a good book to recommend
hacking challenge [7:66720]
this is a general question for the security specialists. Im trying to convince a client that they need a firewall so hypothetically, if you had telnet via the internet open to a router (with an access list that allowed smtp and telnet) (assuming you didn't know the telnet password or the enable password)that had a bunch of nt servers on another interface, how long would it take a determined hacker a) cause some kind of network downtime and b) to map a network drive to a share on a file server over the internet. Thanks, Rusty -Original Message- From: Larry Letterman [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 02, 2003 1:44 PM To: [EMAIL PROTECTED] Subject: RE: VLAN loop problem [7:66656] Yes, it prevents loops in spanning tree on layer 2 switches from causing a loop by disabling the port on a cisco switch... Larry Letterman Network Engineer Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thomas N. Sent: Wednesday, April 02, 2003 12:18 PM To: [EMAIL PROTECTED] Subject: Re: VLAN loop problem [7:66656] What does portfast bpdu-guard do? Does it prevent interfaces with portfast enabled from causing the loop in my scenario? Larry Letterman wrote in message news:[EMAIL PROTECTED] port mac address security might work, altho its a lot of admin overhead..are you running portfast bpdu-guard on the access ports? Larry Letterman Network Engineer Cisco Systems - Original Message - From: Thomas N. To: [EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 8:14 PM Subject: VLAN loop problem [7:66656] Hi All, I got a problem in the production campus LAN here between VLANs. Please help me out! Below is the scenario: We have VLAN 10 (10.10.x.x) and VLAN 20 (10.20.x.x) subnets. Routing is enable/allowed between the two subnets using MSFC of the 6500. Each subnet has a DHCP server to assign IP address to devices on its subnet. Spanning-tree is enable; however, portfast is turned on on all non-trunking/uplink ports. Recently, devices on VLAN 10 got assigned an IP address of 10.20.x.x , which is from the DHCP on the other scope and also from 10.10.x.x scope, and vice versa. It seems that we a loop somewhere between the 2 subnets but we don't know where. I noticed lots of end users have a little unmanged hub/switch hang off the network jacks in their cubicals and potentially cause loop. Is there any way that we can block the loop on the Cisco switches without visiting cubicals taking those little umanaged hubs/switches? Thanks! Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66720t=66720 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Challenge question...layer 2 and 3 frame analysis...#2 [7:56663]
Priscilla got #1. Here is number two which is harder. I reworded it to narrow the focus. This is not about Cisco IOS. (tricky arp caches and timeouts, nat, proxy arp ect...). It is PCs and hubs mainly, and routers and switches just in the basic sense that routers separates broadcast domains and switches separate collision domains. But, I removed switches and hubs anyway. Challenge # 2 reworded. #2. A PC host receives a frame intended for tcp protocol in transport layer (i.e. no upper layer data). Layer 3 drops it. No switches, no routers. No arp cache timeouts/issues. PCs and hubs only. Real or not? If not, list the critical issue? If real, list an exception? Is this question a treat or a trick? :-) I'm sure you have something trickier in mind than what I came up with, No, it is not about tricks. Just good ole OSI, cables, and hubs. I modified the question to remove routers completely to better focus it. I remember reading recently a very long thread about somebody using an rj-45 splitter and asking what the implications are versus a hub/switch. I throughly enjoyed the resulting thread. This is meant along the same lines. My original challenge had 4 questions, all the same form... a packet is dropped at layer 3 destined for a specified protocol, describe how. I thought posting all at once would be too much, so broke it down but wording is the same and has a nice appeal. CG Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56663t=56663 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Challenge question...layer 2 and 3 frame analysis...#2 [7:56662]
Priscilla got #1. Here is number two which is harder. I reworded it to narrow the focus. This is not about Cisco IOS. (tricky arp caches and timeouts, nat, proxy arp ect...). It is PCs and hubs mainly, and routers and switches just in the basic sense that routers separates broadcast domains and switches separate collision domains. But, I removed switches and hubs anyway. Challenge # 2 reworded. #2. A PC host receives a frame intended for tcp protocol in transport layer (i.e. no upper layer data). Layer 3 drops it. No switches, no routers. No arp cache timeouts/issues. PCs and hubs only. Real or not? If not, list the critical issue? If real, list an exception? Is this question a treat or a trick? :-) I'm sure you have something trickier in mind than what I came up with, No, it is not about tricks. Just good ole OSI, cables, and hubs. I modified the question to remove routers completely to better focus it. I remember reading recently a very long thread about somebody using an rj-45 splitter and asking what the implications are versus a hub/switch. I throughly enjoyed the resulting thread. This is meant along the same lines. My original challenge had 4 questions, all the same form... a packet is dropped at layer 3 destined for a specified protocol, describe how. I thought posting all at once would be too much, so broke it down but wording is the same and has a nice appeal. CG Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56662t=56662 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Challenge question...layer 2 and 3 frame analysis [7:56600]
involved. No trick static entries on any device in the network. Scenario: 1. A PC host receives an ethernet II arp frame. Layer 3 drops it. 2. A PC host receives a tcp frame. Layer 3 drops it. Questions: Which of the above is possible/not possible? If so, describe the frame and the network layout for your scenario? If not, provide reasoning. #1 is not so difficult, it is meant to start your thinking for #2. Cable Guy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56600t=56600 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Challenge question...layer 2 and 3 frame analysis [7:56600]
Cable Guy wrote: Background: All devices correctly configured with static IPs. No multicast involved. No trick static entries on any device in the network. Scenario: 1. A PC host receives an ethernet II arp frame. Layer 3 drops it. I assume you mean the ARP process drops it. An ARP frame doesn't have a Layer 3 header. An ARP frame doesn't get passed to IP. Since ARP requests are sent as broadcasts, it's quite likely a PC would receive an ARP request where the Target IP Address in the ARP data is not associated with the PC, so the PC drops the frame. So this step is definitely possible 2. A PC host receives a tcp frame. Layer 3 drops it. Entries in the ARP cache on a Cisco router last 4 hours. So a router could easily send a frame to a MAC address with the wrong IP address if the IP address on the PC host had been changed. The router wouldn't have sent an ARP request if the mapping were already in the ARP cache though. Did you mean step 1 and step 2 to be linked? The sender sends an ARP that is ignored and then sends a frame anyway? Is this question a treat or a trick? :-) I'm sure you have something trickier in mind than what I came up with, but I just can't think of anything else. I wracked my brains thinking about IP spoofing, NAT, Proxy ARP and can't think of anything. Of course software bugs could cause something like this, but that's probbaly not what you had in mind either. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Questions: Which of the above is possible/not possible? If so, describe the frame and the network layout for your scenario? If not, provide reasoning. #1 is not so difficult, it is meant to start your thinking for #2. Cable Guy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56607t=56600 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
GTS Challenge [7:48872]
Hi There. I'm configuring GTS and I'd like an advice. The command line for GTS is (in interface config mode): - traffic-shape rate bit-rate [burst-size [excess-burst-size]] I think that the method to get the values to configure GTS is similar to FRTS, like the folowing: bit-rate=minCIR burst-size=Bc excess-burst-size=Be Tc=1/8s Based on that considerations, if I want to limit a traffic to 10Mbps guaranteed plus 5Mbps burst (total 15Mbps), the calculation should be: EIR=(10Mbps+5Mbps)-10Mbps=500bps bit-rate=minCIR=10Mbps=1000bps burst-size=Bc=minCir/8=1000bps/8=125bps excess-burst-size=Be=EIR/8=500bps/8=625000bps or excess-burst-size=Be=Bc=125bps ??? Is that right? Is there any misunderstanding on those calculations? Tks for your advices. Luciano. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48872t=48872 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN -- challenge! [7:46496]
Could you post the output from a 'debug dialer events' command. Then we can see the reason that routerB initiates the call. __ Thomas Crowe Senior Systems Engineer / Senior Architect EMC Proven Master Architect CTS Professional Services - Atlanta __ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 6:34 PM To: [EMAIL PROTECTED] Subject: ISDN -- challenge! [7:46496] Router A and Router B are connected to an Atlas 550 via BRI interfaces Router A ATLAS --- ROUTER B Both router are configured with DDR Dialer maps so that Router A can call router B or vice-versa (basic stuff). When Router A is called by Router B, Router A answers normally and the link goes up, but then (surprisingly), Router A attempts to initiate a connection to Router B . This connection fails because I only configured the phone number for one channel (Isdn error 17: User is busy). Is this calling of Router A a normal behavior? (I don't think so!) I fixed the problem by simpling removing the phone number from the map statement of Router A. I am posting here the debug before and after I removed the phone number on A. The debug where captured on Router A. I have spent the day on the apparently trivial question: why is Router A calling Router B when I have no call back of any sort. Still no light ... Want to step up to the challenge? :) Before: 00:32:45: ISDN BR0/0: RX on B1 at 64 Kb/s 00:32:45: ISDN BR0/0: Event: Accepting the call id 0xD 00:32:193273528320: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to up 01:51:113824615516: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up 00:32:45: ISDN BR0/0: TX - CALL_PROC pd = 8 callref = 0x84 00:32:45: Channel ID i = 0x89 00:32:45: ISDN BR0/0: TX - CONNECT pd = 8 callref = 0x84 00:32:45: Channel ID i = 0x89 00:32:45: ISDN BR0/0: RX SETUP pd = 8 callref = 0x09 00:32:47: Bearer Capability i = 0x8890 00:32:47: Channel ID i = 0x83 00:32:47: Keypad Facility i = '555' 00:32:47: ISDN BR0/0: RX RELEASE pd = 8 callref = 0x09 00:32:47: ISDN BR0/0: RX SETUP pd = 8 callref = 0x0A 00:32:49: Bearer Capability i = 0x8890 00:32:49: Channel ID i = 0x83 00:32:49: Keypad Facility i = '555' 00:32:49: ISDN BR0/0: RX RELEASE pd = 8 callref = 0x0A 00:32:49: ISDN BR0/0: RX SETUP pd = 8 callref = 0x0B 00:32:51: Bearer Capability i = 0x8890 00:32:51: Channel ID i = 0x83 00:32:51: Keypad Facility i = '555' 00:32:51: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected to isdn3 00:32:51: ISDN BR0/0: RX RELEASE pd = 8 callref = 0x0B 00:32:51: ISDN BR0/0: RX SETUP pd = 8 callref = 0x0C 00:32:53: Bearer Capability i = 0x8890 00:32:53: Channel ID i = 0x83 00:32:53: Keypad Facility i = '555' 00:32:53: ISDN BR0/0: RX RELEASE pd = 8 callref = 0x0C 00:32:53: ISDN BR0/0: RX on B1 at 64 Kb/s 00:41:53: ISDN BR0/0: Event: Accepting the call id 0x10 00:41:227633266688: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to up 02:00:14602128: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 5551234 00:41:53: ISDN BR0/0: TX - CALL_PROC pd = 8 callref = 0x85 00:41:53: Channel ID i = 0x89 00:41:53: ISDN BR0/0: TX - CONNECT pd = 8 callref = 0x85 00:41:53: Channel ID i = 0x89 00:41:53: ISDN BR0/0: RX - CONNECT_ACK pd = 8 callref = 0x05.. 02:00:37: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up 00:41:56: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1, changed state to up. 02:00:40: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 5551234 isdn1 00:41:59: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected to isdn3.. [GroupStudy.com removed an attachment of type text/x-vcard which had a name of Thomas Crowe.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46564t=46496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN -- challenge! [7:46496]
I only see the BEFORE and not AFTER. Anyway, sho dialer on rtr-A should tell you the reason why the call was initiated. Are you running any routing protocols on the BRI int? --- Original Message --- From: Thomas Crowe To: [EMAIL PROTECTED] Subject: RE: ISDN -- challenge! [7:46496] Could you post the output from a 'debug dialer events' command. Then we can see the reason that routerB initiates the call. __ Thomas Crowe Senior Systems Engineer / Senior Architect EMC Proven Master Architect CTS Professional Services - Atlanta __ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 6:34 PM To: [EMAIL PROTECTED] Subject: ISDN -- challenge! [7:46496] Router A and Router B are connected to an Atlas 550 via BRI interfaces Router A ATLAS --- ROUTER B Both router are configured with DDR Dialer maps so that Router A can call router B or vice-versa (basic stuff). When Router A is called by Router B, Router A answers normally and the link goes up, but then (surprisingly), Router A attempts to initiate a connection to Router B . This connection fails because I only configured the phone number for one channel (Isdn error 17: User is busy). Is this calling of Router A a normal behavior? (I don't think so!) I fixed the problem by simpling removing the phone number from the map statement of Router A. I am posting here the debug before and after I removed the phone number on A. The debug where captured on Router A. I have spent the day on the apparently trivial question: why is Router A calling Router B when I have no call back of any sort. Still no light ... Want to step up to the challenge? :) Before: 00:32:45: ISDN BR0/0: RX on B1 at 64 Kb/s 00:32:45: ISDN BR0/0: Event: Accepting the call id 0xD 00:32:193273528320: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to up 01:51:113824615516: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up 00:32:45: ISDN BR0/0: TX - CALL_PROC pd = 8 callref = 0x84 00:32:45: Channel ID i = 0x89 00:32:45: ISDN BR0/0: TX - CONNECT pd = 8 callref = 0x84 00:32:45: Channel ID i = 0x89 00:32:45: ISDN BR0/0: RX SETUP pd = 8 callref = 0x09 00:32:47: Bearer Capability i = 0x8890 00:32:47: Channel ID i = 0x83 00:32:47: Keypad Facility i = '555' 00:32:47: ISDN BR0/0: RX RELEASE pd = 8 callref = 0x09 00:32:47: ISDN BR0/0: RX SETUP pd = 8 callref = 0x0A 00:32:49: Bearer Capability i = 0x8890 00:32:49: Channel ID i = 0x83 00:32:49: Keypad Facility i = '555' 00:32:49: ISDN BR0/0: RX RELEASE pd = 8 callref = 0x0A 00:32:49: ISDN BR0/0: RX SETUP pd = 8 callref = 0x0B 00:32:51: Bearer Capability i = 0x8890 00:32:51: Channel ID i = 0x83 00:32:51: Keypad Facility i = '555' 00:32:51: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected to isdn3 00:32:51: ISDN BR0/0: RX RELEASE pd = 8 callref = 0x0B 00:32:51: ISDN BR0/0: RX SETUP pd = 8 callref = 0x0C 00:32:53: Bearer Capability i = 0x8890 00:32:53: Channel ID i = 0x83 00:32:53: Keypad Facility i = '555' 00:32:53: ISDN BR0/0: RX RELEASE pd = 8 callref = 0x0C 00:32:53: ISDN BR0/0: RX on B1 at 64 Kb/s 00:41:53: ISDN BR0/0: Event: Accepting the call id 0x10 00:41:227633266688: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to up 02:00:14602128: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 5551234 00:41:53: ISDN BR0/0: TX - CALL_PROC pd = 8 callref = 0x85 00:41:53: Channel ID i = 0x89 00:41:53: ISDN BR0/0: TX - CONNECT pd = 8 callref = 0x85 00:41:53: Channel ID i = 0x89 00:41:53: ISDN BR0/0: RX 02:00:37: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up 00:41:56: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1, changed state to up. 02:00:40: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 5551234 isdn1 00:41:59: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected to isdn3.. [GroupStudy.com removed an attachment of type text/x- vcard which had a name of Thomas Crowe.vcf] f=7i=46564t=46496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46604t=46496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN -- challenge! [7:46496]
From router B, I pinged a boggus destination. This triggered the bri interface on router B. Here is the output of the debug dialer events from Router A. You can see that router A (for no apparent reason) is trying to call router B (even though it is router B who initiated the call.) Of course the result of this is that the isdn timers will time out because the only channel available is busy with the call initiated by router B. Why would router A attempt to call the next hop? (172.16.1.2) Sending 5, 100-byte ICMP Echos to 1.2.3.6, timeout is 2 seconds: 00:17:27: BR0/0 DDR: Dialing cause ip (s=172.16.1.1, d=172.16.1.2) 00:17:27: BR0/0 DDR: Attempting to dial 5554000 00:17:27: BRI0/0: wait for isdn carrier timeout, call id=0x8006. 00:17:29: BR0/0 DDR: Dialing cause ip (s=172.16.1.1, d=172.16.1.2) 00:17:29: BR0/0 DDR: Attempting to dial 5554000 00:17:29: BRI0/0: wait for isdn carrier timeout, call id=0x8007. 00:17:31: BR0/0 DDR: Dialing cause ip (s=172.16.1.1, d=172.16.1.2) 00:17:31: BR0/0 DDR: Attempting to dial 5554000 00:17:31: BRI0/0: wait for isdn carrier timeout, call id=0x8008. 00:17:33: BR0/0 DDR: Dialing cause ip (s=172.16.1.1, d=172.16.1.2) 00:17:33: BR0/0 DDR: Attempting to dial 5554000 00:17:33: BRI0/0: wait for isdn carrier timeout, call id=0x8009. 00:17:35: BR0/0 DDR: Dialing cause ip (s=172.16.1.1, d=172.16.1.2) 00:17:35: BR0/0 DDR: Attempting to dial 5554000 00:17:35: BRI0/0: wait for isdn carrier timeout, call id=0x800A. Success rate is 0 percent (0/5) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46607t=46496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN -- challenge! [7:46496]
No I am not running any routing protocol! Here are my configs: isdn1 (router A) isdn1#show run Building configuration... Current configuration : 1166 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname isdn1 ! enable secret 5 $1$9PdI$e3RshbiT8O9CiQxW317VQ0 ! username isdn2 password 0 cisco username isdn3 password 0 cisco ip subnet-zero ! ! no ip domain-lookup ip host isdn2 2065 1.1.1.1 ! isdn switch-type basic-ni ! ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface Serial0/0 no ip address shutdown no fair-queue ! interface BRI0/0 ip address 172.16.1.1 255.255.255.0 encapsulation ppp dialer map ip 172.16.1.2 broadcast 5554000 dialer-group 1 isdn switch-type basic-ni isdn spid1 51055512340001 isdn spid2 51055512350001 ppp authentication chap ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1 no ip address shutdown ! ip classless ip route 0.0.0.0 0.0.0.0 172.16.1.2 ip http server ip pim bidir-enable ! dialer-list 1 protocol ip permit ! line con 0 escape-character 19 line aux 0 no exec transport input all line vty 0 4 password san-fran login ! no scheduler allocate end isdn 2 (Router B) isdn2#show run Building configuration... Current configuration : 1115 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname isdn2 ! logging rate-limit console 1 enable secret 5 $1$8Z95$B21CJMn0N8R9EqeGB8olj1 ! username isdn1 password 0 cisco ip subnet-zero ! ! no ip domain-lookup ip host switch 2065 1.1.1.1 ! isdn switch-type basic-ni ! ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface BRI0/0 ip address 172.16.1.2 255.255.255.0 encapsulation ppp dialer map ip 172.16.1.1 broadcast 5551234 dialer-group 1 isdn switch-type basic-ni isdn spid1 5105554001 isdn spid2 51055540010001 ppp authentication chap ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! ip classless ip route 0.0.0.0 0.0.0.0 172.16.1.1 no ip http server ip pim bidir-enable ! access-list 1 permit any dialer-list 1 protocol ip list 1 ! line con 0 escape-character 18 line aux 0 no exec transport input all line vty 0 4 password san-fran login ! no scheduler allocate end Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46608t=46496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN -- challenge! [7:46496]
This may sound daft, and I'm almost embarrassed to suggest it, but will you humour me and remove the ip host isdn2 2065 1.1.1.1 command from Router-isdn1. Distant memories are haunting me. I haven't got an ISDN simulator to play with at home, but I'm stumped too. Gaz Pierre-Alex Guanel wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... No I am not running any routing protocol! Here are my configs: isdn1 (router A) isdn1#show run Building configuration... Current configuration : 1166 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname isdn1 ! enable secret 5 $1$9PdI$e3RshbiT8O9CiQxW317VQ0 ! username isdn2 password 0 cisco username isdn3 password 0 cisco ip subnet-zero ! ! no ip domain-lookup ip host isdn2 2065 1.1.1.1 ! isdn switch-type basic-ni ! ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface Serial0/0 no ip address shutdown no fair-queue ! interface BRI0/0 ip address 172.16.1.1 255.255.255.0 encapsulation ppp dialer map ip 172.16.1.2 broadcast 5554000 dialer-group 1 isdn switch-type basic-ni isdn spid1 51055512340001 isdn spid2 51055512350001 ppp authentication chap ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1 no ip address shutdown ! ip classless ip route 0.0.0.0 0.0.0.0 172.16.1.2 ip http server ip pim bidir-enable ! dialer-list 1 protocol ip permit ! line con 0 escape-character 19 line aux 0 no exec transport input all line vty 0 4 password san-fran login ! no scheduler allocate end isdn 2 (Router B) isdn2#show run Building configuration... Current configuration : 1115 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname isdn2 ! logging rate-limit console 1 enable secret 5 $1$8Z95$B21CJMn0N8R9EqeGB8olj1 ! username isdn1 password 0 cisco ip subnet-zero ! ! no ip domain-lookup ip host switch 2065 1.1.1.1 ! isdn switch-type basic-ni ! ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface BRI0/0 ip address 172.16.1.2 255.255.255.0 encapsulation ppp dialer map ip 172.16.1.1 broadcast 5551234 dialer-group 1 isdn switch-type basic-ni isdn spid1 5105554001 isdn spid2 51055540010001 ppp authentication chap ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! ip classless ip route 0.0.0.0 0.0.0.0 172.16.1.1 no ip http server ip pim bidir-enable ! access-list 1 permit any dialer-list 1 protocol ip list 1 ! line con 0 escape-character 18 line aux 0 no exec transport input all line vty 0 4 password san-fran login ! no scheduler allocate end Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46614t=46496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN -- challenge! [7:46496]
You have default routes pointed towards one another. You ping an address that doesn't exist on either router. The first sends it off to the second. The second doesn't know what to do with it so sends it on to its default which is the first. Try doing a no keepalive on some of your unused FastE interfaces and give them an ip address. Or create additional loopback interfaces. Use a default route on one router and add statics on the other to the far end's Loopbacks. It should then work as desired. -Original Message- From: Pierre-Alex Guanel [mailto:[EMAIL PROTECTED]] Sent: Friday, June 14, 2002 12:19 PM To: [EMAIL PROTECTED] Subject: RE: ISDN -- challenge! [7:46496] No I am not running any routing protocol! Here are my configs: isdn1 (router A) isdn1#show run Building configuration... Current configuration : 1166 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname isdn1 ! enable secret 5 $1$9PdI$e3RshbiT8O9CiQxW317VQ0 ! username isdn2 password 0 cisco username isdn3 password 0 cisco ip subnet-zero ! ! no ip domain-lookup ip host isdn2 2065 1.1.1.1 ! isdn switch-type basic-ni ! ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface Serial0/0 no ip address shutdown no fair-queue ! interface BRI0/0 ip address 172.16.1.1 255.255.255.0 encapsulation ppp dialer map ip 172.16.1.2 broadcast 5554000 dialer-group 1 isdn switch-type basic-ni isdn spid1 51055512340001 isdn spid2 51055512350001 ppp authentication chap ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1 no ip address shutdown ! ip classless ip route 0.0.0.0 0.0.0.0 172.16.1.2 ip http server ip pim bidir-enable ! dialer-list 1 protocol ip permit ! line con 0 escape-character 19 line aux 0 no exec transport input all line vty 0 4 password san-fran login ! no scheduler allocate end isdn 2 (Router B) isdn2#show run Building configuration... Current configuration : 1115 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname isdn2 ! logging rate-limit console 1 enable secret 5 $1$8Z95$B21CJMn0N8R9EqeGB8olj1 ! username isdn1 password 0 cisco ip subnet-zero ! ! no ip domain-lookup ip host switch 2065 1.1.1.1 ! isdn switch-type basic-ni ! ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface BRI0/0 ip address 172.16.1.2 255.255.255.0 encapsulation ppp dialer map ip 172.16.1.1 broadcast 5551234 dialer-group 1 isdn switch-type basic-ni isdn spid1 5105554001 isdn spid2 51055540010001 ppp authentication chap ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! ip classless ip route 0.0.0.0 0.0.0.0 172.16.1.1 no ip http server ip pim bidir-enable ! access-list 1 permit any dialer-list 1 protocol ip list 1 ! line con 0 escape-character 18 line aux 0 no exec transport input all line vty 0 4 password san-fran login ! no scheduler allocate end Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46617t=46496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN -- challenge! [7:46496]
You have default routes pointed towards one another. You ping an address that doesn't exist on either router. The first sends it off to the second. The second doesn't know what to do with it so sends it on to its default which is the first. I do agree with your statements ... However, what is the need to open a second channel when there is one already opened? Shouldn't Router A use the already existing channel? Pierre-Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46630t=46496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN -- challenge! [7:46496]
Gaz, you are going to have to educate me on cultural issues ... What is wrong with those numbers ? (ip host isdn2 2065 1.1.1.1) Pierre-Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46631t=46496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN -- challenge! [7:46496]
I see your point. I don't know the answer. May I suggest that you first remove that ip host statement that Gaz mentioned (it uses the name isdn2 which is the host name of your other router. I'm not sure if it will confuse your router). Then test. If the initial problem continues, then try my suggestion. If that solves it, then try to find the reason of why it behaved as it did. -Original Message- From: Pierre-Alex Guanel [mailto:[EMAIL PROTECTED]] Sent: Friday, June 14, 2002 3:34 PM To: [EMAIL PROTECTED] Subject: RE: ISDN -- challenge! [7:46496] You have default routes pointed towards one another. You ping an address that doesn't exist on either router. The first sends it off to the second. The second doesn't know what to do with it so sends it on to its default which is the first. I do agree with your statements ... However, what is the need to open a second channel when there is one already opened? Shouldn't Router A use the already existing channel? Pierre-Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46637t=46496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN -- challenge! [7:46496]
Oh you had to ruin it and make me explain my half-arsed guestimate shot in the dark theory :-) My reasoning was based only on the fact that isdn2 is the exact hostname of the other router, and I was just wondering whether it was causing confusion somehow. But... I think I changed my mind. Can you change your dialer map statements to: dialer map ip 172.16.1.2 name isdn2 broadcast 5554000 (on isdn1) and dialer map ip 172.16.1.1 name isdn1 broadcast 5551234 (on isdn2) Gaz Pierre-Alex Guanel wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Gaz, you are going to have to educate me on cultural issues ... What is wrong with those numbers ? (ip host isdn2 2065 1.1.1.1) Pierre-Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46644t=46496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN -- challenge! [7:46496]
Sorry Gaz, I did not mean to spoil to the suspense. I thought you meant the humbers 2065 1.1.1.1 were unlucky numbers. Something like :) That is why I asked you to explain if there was any cultural issues with my numbers ... Anyway,I am redoing the exercise right now with Fast Ethenernet Interfaces up and I am renumbering the loopbacks I will let you know. Thanks! Pierre-Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46649t=46496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN -- challenge! [7:46496]
Ok, here are the result of my tests (cummulative) 1) I gave the loopbacks unique IP addresses and tested result: no change 2) I assigned isdn1 f0/0 to vlan11 and isdn f0/0 to vlan12 on isdn1 f0/0 ip address was 192.168.10.1/24 on isdn2 f0/0 ip address was 192.168.20.1/24 I left the default route unchanged on both routers and tested result: no change 3) I remove the default route and created specific routes instead on isdn1: ip route 192.168.10.0 255.255.255.0 172.16.1.2 on isdn2: ip route 192.168.20.0 255.255.255.0 172.16.1.1 result: no change. When the first bri channel was up, I was able to ping nor the two fast ethernet interfaces nor the two bri interface. Strange!!! 4) I added the keyword name to each map statement (as suggested by Gaz) on isnd1:dialer map ip 172.16.1.2 name isdn2 broadcast 5554000 on isdn2:dialer map ip 172.16.1.1 name isdn1 broadcast 5551234 result: double success. RouterA (isdn1) did not try to initiate another connection AND I was able to ping the fast ethernet interfaces and the bri interfaces. See below: isdn2#ping 192.168.10.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds: 01:12:30: ISDN BR0/0: RX on B1 at 64 Kb/s 01:12:30: ISDN BR0/0: Event: Accepting the call id 0x10 01:12:131009057551: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to up 01:12:30: ISDN BR0/0: TX - CALL_PROC pd = 8 callref = 0x94 01:12:30: Channel ID i = 0x89 01:12:30: ISDN BR0/0: TX - CONNECT pd = 8 callref = 0x94 01:12:30: Channel ID i = 0x89 01:12:30: ISDN BR0/0: RX - CONNECT_ACK pd = 8 callref = 0x14 03:55:06: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to up. 01:12:32: BR0/0:1 DDR: dialer protocol up.!!! Success rate is 60 percent (3/5), round-trip min/avg/max = 32/32/32 ms isdn2# 01:12:33: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1, changed state to up 03:55:09: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1, changed state to up Now that the problem is solved (thanks Gaz, Daniel, Ahoang and Thomas), we need to understand the reasons for the behavior of router A . To summarize: 1) Without the name keyword, routerA attempts to initiate a connection on receiving a connection initiated by router B. 2) Once the channel setup from B is up, data traffic does not flow even with proper routes. My gut feeling is that name keyword is preventing data traffic to flow between the two routers , even when the channel is up! This would explain why routeA is attempting to open a new connection even though there is a channel already up. routerA must be thinking that it is not allowed to use the already existing channel to reply to router B ... but then it would mean that something must have leaked from A to B to prone routerA to initiate a connection ... but what if not ip data? I will do some more research on this and post my findingsremaksquestions in a next post. Pierre-Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46663t=46496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN -- challenge! [7:46496]
Your dialer map statement associates the IP address 172.16.1.2 with the telephone number 5554000. All that isdn1 knows is that it must dial 5554000 if it needs to get to 172.16.1.2. By adding the name statements, when isdn1 receives a call from isdn2 it associates this call with the dialer map statement i.e. it knows it already has that link up and will not try to open another one when it needs to get back to 172.16.1.2. Whether this is the correct terminology/logic I do not know, but it seems to be the way it works and it's the way I keep it straight (ish) in my head. If you find the real explanation (if it's different) I'd be interested to hear. Cheers, Gaz Pierre-Alex Guanel wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Ok, here are the result of my tests (cummulative) 1) I gave the loopbacks unique IP addresses and tested result: no change 2) I assigned isdn1 f0/0 to vlan11 and isdn f0/0 to vlan12 on isdn1 f0/0 ip address was 192.168.10.1/24 on isdn2 f0/0 ip address was 192.168.20.1/24 I left the default route unchanged on both routers and tested result: no change 3) I remove the default route and created specific routes instead on isdn1: ip route 192.168.10.0 255.255.255.0 172.16.1.2 on isdn2: ip route 192.168.20.0 255.255.255.0 172.16.1.1 result: no change. When the first bri channel was up, I was able to ping nor the two fast ethernet interfaces nor the two bri interface. Strange!!! 4) I added the keyword name to each map statement (as suggested by Gaz) on isnd1:dialer map ip 172.16.1.2 name isdn2 broadcast 5554000 on isdn2:dialer map ip 172.16.1.1 name isdn1 broadcast 5551234 result: double success. RouterA (isdn1) did not try to initiate another connection AND I was able to ping the fast ethernet interfaces and the bri interfaces. See below: isdn2#ping 192.168.10.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds: 01:12:30: ISDN BR0/0: RX on B1 at 64 Kb/s 01:12:30: ISDN BR0/0: Event: Accepting the call id 0x10 01:12:131009057551: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to up 01:12:30: ISDN BR0/0: TX - CALL_PROC pd = 8 callref = 0x94 01:12:30: Channel ID i = 0x89 01:12:30: ISDN BR0/0: TX - CONNECT pd = 8 callref = 0x94 01:12:30: Channel ID i = 0x89 01:12:30: ISDN BR0/0: RX 03:55:06: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to up. 01:12:32: BR0/0:1 DDR: dialer protocol up.!!! Success rate is 60 percent (3/5), round-trip min/avg/max = 32/32/32 ms isdn2# 01:12:33: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1, changed state to up 03:55:09: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1, changed state to up Now that the problem is solved (thanks Gaz, Daniel, Ahoang and Thomas), we need to understand the reasons for the behavior of router A . To summarize: 1) Without the name keyword, routerA attempts to initiate a connection on receiving a connection initiated by router B. 2) Once the channel setup from B is up, data traffic does not flow even with proper routes. My gut feeling is that name keyword is preventing data traffic to flow between the two routers , even when the channel is up! This would explain why routeA is attempting to open a new connection even though there is a channel already up. routerA must be thinking that it is not allowed to use the already existing channel to reply to router B ... but then it would mean that something must have leaked from A to B to prone routerA to initiate a connection ... but what if not ip data? I will do some more research on this and post my findingsremaksquestions in a next post. Pierre-Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=4t=46496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN -- challenge! [7:46496]
Router A and Router B are connected to an Atlas 550 via BRI interfaces Router A ATLAS --- ROUTER B Both router are configured with DDR Dialer maps so that Router A can call router B or vice-versa (basic stuff). When Router A is called by Router B, Router A answers normally and the link goes up, but then (surprisingly), Router A attempts to initiate a connection to Router B . This connection fails because I only configured the phone number for one channel (Isdn error 17: User is busy). Is this calling of Router A a normal behavior? (I don't think so!) I fixed the problem by simpling removing the phone number from the map statement of Router A. I am posting here the debug before and after I removed the phone number on A. The debug where captured on Router A. I have spent the day on the apparently trivial question: why is Router A calling Router B when I have no call back of any sort. Still no light ... Want to step up to the challenge? :) Before: 00:32:45: ISDN BR0/0: RX on B1 at 64 Kb/s 00:32:45: ISDN BR0/0: Event: Accepting the call id 0xD 00:32:193273528320: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to up 01:51:113824615516: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up 00:32:45: ISDN BR0/0: TX - CALL_PROC pd = 8 callref = 0x84 00:32:45: Channel ID i = 0x89 00:32:45: ISDN BR0/0: TX - CONNECT pd = 8 callref = 0x84 00:32:45: Channel ID i = 0x89 00:32:45: ISDN BR0/0: RX SETUP pd = 8 callref = 0x09 00:32:47: Bearer Capability i = 0x8890 00:32:47: Channel ID i = 0x83 00:32:47: Keypad Facility i = '555' 00:32:47: ISDN BR0/0: RX RELEASE pd = 8 callref = 0x09 00:32:47: ISDN BR0/0: RX SETUP pd = 8 callref = 0x0A 00:32:49: Bearer Capability i = 0x8890 00:32:49: Channel ID i = 0x83 00:32:49: Keypad Facility i = '555' 00:32:49: ISDN BR0/0: RX RELEASE pd = 8 callref = 0x0A 00:32:49: ISDN BR0/0: RX SETUP pd = 8 callref = 0x0B 00:32:51: Bearer Capability i = 0x8890 00:32:51: Channel ID i = 0x83 00:32:51: Keypad Facility i = '555' 00:32:51: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected to isdn3 00:32:51: ISDN BR0/0: RX RELEASE pd = 8 callref = 0x0B 00:32:51: ISDN BR0/0: RX SETUP pd = 8 callref = 0x0C 00:32:53: Bearer Capability i = 0x8890 00:32:53: Channel ID i = 0x83 00:32:53: Keypad Facility i = '555' 00:32:53: ISDN BR0/0: RX RELEASE pd = 8 callref = 0x0C 00:32:53: ISDN BR0/0: RX on B1 at 64 Kb/s 00:41:53: ISDN BR0/0: Event: Accepting the call id 0x10 00:41:227633266688: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to up 02:00:14602128: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 5551234 00:41:53: ISDN BR0/0: TX - CALL_PROC pd = 8 callref = 0x85 00:41:53: Channel ID i = 0x89 00:41:53: ISDN BR0/0: TX - CONNECT pd = 8 callref = 0x85 00:41:53: Channel ID i = 0x89 00:41:53: ISDN BR0/0: RX - CONNECT_ACK pd = 8 callref = 0x05.. 02:00:37: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up 00:41:56: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1, changed state to up. 02:00:40: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 5551234 isdn1 00:41:59: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected to isdn3.. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46496t=46496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Fwd: Challenge Question from Karl solia Practical studies [7:39348]
RESENT From: IT Guy Reply-To: IT Guy To: [EMAIL PROTECTED] Subject: Challenge Question from Karl solia Practical studies [7:39339] Date: Sun, 24 Mar 2002 01:44:19 -0500 Hi guys, I did a search on Karl solie End book Labs and here is the tough extract for you guys to get your help and comments. Q1.A Main frame resides on Vlan2 with three IP Addresses which coreesponds to single MAC address. Configure Router R4(vlan2) to suppot forwarding traffice to single MAC address for all three IP address??? Q2 A large amount of IP fragmentation is occuring on VLAN2.Tune DLSW so that the IP fragmentation will not occur as soon Q3. Configure Rx such that workstations on Vlan30 can dynamically locate their default gways.They are not using DHCP?? (Page 1167) Q4 On R2, create a SAP filter blocking all saps starting with fake Q5.Configure VLan30 such that saps are advertised onlu when new server comes online? Q6.Configure R1 as an NTP server. Configure peer asssociation such that R4 synchronize with R1. When R4 synchronized allow R2 and R3 to synchronize with R4. If R4 is not Synchronized with R1, R2 and R3 also should not synchronize?? Q7. COnfigure R1 so that when the user Unnamed logs into the router, its immdediately put in enable mode.(pg 1177) Hope u will enjoy... Thanks for u help. TOM _ Send and receive Hotmail on your mobile device: http://mobile.msn.com _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39348t=39348 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Challenge Question from Karl solia Practical studies [7:39373]
I will give some of these a try, I have to admit I have been through most of the book already. See comments in line: ~-Original Message- ~From: IT Guy [mailto:[EMAIL PROTECTED]] ~Sent: Sunday, March 24, 2002 1:44 AM ~To: [EMAIL PROTECTED] ~Subject: Challenge Question from Karl solia Practical studies [7:39339] ~ ~ ~Hi guys, ~ ~I did a search on Karl solie End book Labs and here is the ~tough extract for ~you guys to get your help and comments. ~ ~ ~Q1.A Main frame resides on Vlan2 with three IP Addresses which ~coreesponds ~to single MAC address. Configure Router R4(vlan2) to suppot forwarding ~traffice to single MAC address for all three IP address??? Static arp entries will do this. I.E. 511(config)#arp 1.1.1.1 3.3.3 arpa 2511(config)#end 2511#sh arp Protocol Address Age (min) Hardware Addr Type Interface Internet 1.1.1.1 - 0003.0003.0003 ARPA ~ ~Q2 ~A large amount of IP fragmentation is occuring on VLAN2.Tune ~DLSW so that ~the IP fragmentation will not occur as soon Make the largest frame size 1500 with lf 1500, I have heard that you should even take it a little smaller, to like 1476. That should stop the fragmentation. ~ ~ ~Q3. Configure Rx such that workstations on Vlan30 can ~dynamically locate ~their default gways.They are not using DHCP?? (Page 1167) You could use IRDP here. ~ ~Q4 On R2, create a SAP filter blocking all saps starting with fake ~ Don't quote me on this one, but I believe that this would do it: access 1000 deny -1 0 fake* ~Q5.Configure VLan30 such that saps are advertised onlu when ~new server comes ~online? No idea, will have to find out. ~ ~Q6.Configure R1 as an NTP server. Configure peer asssociation ~such that R4 ~synchronize with R1. When R4 synchronized allow R2 and R3 to ~synchronize ~with R4. If R4 is not Synchronized with R1, R2 and R3 also should not ~synchronize?? ~ This is an interesting one, no idea, will have to try it. ~ ~Q7. COnfigure R1 so that when the user Unnamed logs into the ~router, its ~immdediately put in enable mode.(pg 1177) username unnamed privilege 15 password ~ ~Hope u will enjoy... ~ ~Thanks for u help. ~ ~TOM ~ ~_ ~Send and receive Hotmail on your mobile device: http://mobile.msn.com ~ ~ ~ ~ ~Report misconduct ~and Nondisclosure violations to [EMAIL PROTECTED] ~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39373t=39373 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Challenge Question from Karl solia Practical studies [7:39339]
Hi guys, I did a search on Karl solie End book Labs and here is the tough extract for you guys to get your help and comments. Q1.A Main frame resides on Vlan2 with three IP Addresses which coreesponds to single MAC address. Configure Router R4(vlan2) to suppot forwarding traffice to single MAC address for all three IP address??? Q2 A large amount of IP fragmentation is occuring on VLAN2.Tune DLSW so that the IP fragmentation will not occur as soon Q3. Configure Rx such that workstations on Vlan30 can dynamically locate their default gways.They are not using DHCP?? (Page 1167) Q4 On R2, create a SAP filter blocking all saps starting with fake Q5.Configure VLan30 such that saps are advertised onlu when new server comes online? Q6.Configure R1 as an NTP server. Configure peer asssociation such that R4 synchronize with R1. When R4 synchronized allow R2 and R3 to synchronize with R4. If R4 is not Synchronized with R1, R2 and R3 also should not synchronize?? Q7. COnfigure R1 so that when the user Unnamed logs into the router, its immdediately put in enable mode.(pg 1177) Hope u will enjoy... Thanks for u help. TOM _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39339t=39339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IGRP Unequal load balancing CHALLENGE [7:31693]
R1 // \ R2__R3 R1 and R2 are connected via a T1 link (Network ID: 10.2.1.0/24 AND a 56K link (Network ID: 10.2.2.0/24) R1 and R3 are connected via a T1 link (Network ID: 10.2.3.0/24 R2 and R3 are connected via ethernet (Network ID:10.1.4.0/24) R1, R2 and R3 are running IGRP 200 The goal is to configure R1 for unequal load balancing and see 2 routes for network 10.1.4.0 in the routing table. PROPOSED SOLUTION: From R1, the metric of the T1 route to 10.1.4.0 would be: delay bandwidth=(2000+100)+10^(7)/15440 = 8576 From R1, the metric of the 56K route to 10.1.4.0 would be: delay bandwidth=(2000+100)+10^(7)/56 = 180671 So the variance would be 22 because 180671/8576 = 21.07 On R1, we should configure the variance as 22 Does that look right? Pierre-Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31693t=31693 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IGRP Unequal load balancing CHALLENGE [7:31693]
As load is not taken in to consideration, when the per packet load balancing starts, wouldn't the packets be balanced equally between the three routes? So at anything above 168k of total throughput, the 56k link is maxing out? Thats my guess, and it is a guess! Gaz Pierre-Alex J. Guanel wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... R1 // \ R2__R3 R1 and R2 are connected via a T1 link (Network ID: 10.2.1.0/24 AND a 56K link (Network ID: 10.2.2.0/24) R1 and R3 are connected via a T1 link (Network ID: 10.2.3.0/24 R2 and R3 are connected via ethernet (Network ID:10.1.4.0/24) R1, R2 and R3 are running IGRP 200 The goal is to configure R1 for unequal load balancing and see 2 routes for network 10.1.4.0 in the routing table. PROPOSED SOLUTION: From R1, the metric of the T1 route to 10.1.4.0 would be: delay bandwidth=(2000+100)+10^(7)/15440 = 8576 From R1, the metric of the 56K route to 10.1.4.0 would be: delay bandwidth=(2000+100)+10^(7)/56 = 180671 So the variance would be 22 because 180671/8576 = 21.07 On R1, we should configure the variance as 22 Does that look right? Pierre-Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31694t=31693 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IGRP Unequal load balancing CHALLENGE [7:31693]
Maybe I should RTFQ :-) Sorry, I had three links. Correction below: As load is not taken in to consideration, when the per packet load balancing starts, wouldn't the packets be balanced equally between the two routes? So at anything above 112k of total throughput, the 56k link is maxing out? Thats my guess, and it is a guess! Gaz Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... As load is not taken in to consideration, when the per packet load balancing starts, wouldn't the packets be balanced equally between the three routes? So at anything above 168k of total throughput, the 56k link is maxing out? Thats my guess, and it is a guess! Gaz Pierre-Alex J. Guanel wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... R1 // \ R2__R3 R1 and R2 are connected via a T1 link (Network ID: 10.2.1.0/24 AND a 56K link (Network ID: 10.2.2.0/24) R1 and R3 are connected via a T1 link (Network ID: 10.2.3.0/24 R2 and R3 are connected via ethernet (Network ID:10.1.4.0/24) R1, R2 and R3 are running IGRP 200 The goal is to configure R1 for unequal load balancing and see 2 routes for network 10.1.4.0 in the routing table. PROPOSED SOLUTION: From R1, the metric of the T1 route to 10.1.4.0 would be: delay bandwidth=(2000+100)+10^(7)/15440 = 8576 From R1, the metric of the 56K route to 10.1.4.0 would be: delay bandwidth=(2000+100)+10^(7)/56 = 180671 So the variance would be 22 because 180671/8576 = 21.07 On R1, we should configure the variance as 22 Does that look right? Pierre-Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31695t=31693 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IGRP Unequal load balancing CHALLENGE [7:31693]
I think that you are correct on the variance. As for the unequal cost load balancing, I'm pretty sure that IGRP is just like EIGRP. The number of packets per link is calculated something like: worst metric / worst metric = 1 worst metric / better metric = some n 1 I think you also have to issue the 'traffic-share balanced' router config commmand. I can't say for sure if it is acually packets or destinations that get balanced. All of the Cisco literature seems to suggest packets. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31697t=31693 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IGRP Unequal load balancing CHALLENGE [7:31693]
Here is a good link: http://www.cisco.com/warp/public/103/19.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31698t=31693 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IGRP Unequal load balancing CHALLENGE [7:31693]
The problem is that when I configure the router with the calculated variance, I don't get the 56K route. There must be a rule I am overlooking. Pierre-Alex -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, January 11, 2002 5:57 PM To: [EMAIL PROTECTED] Subject: Re: IGRP Unequal load balancing CHALLENGE [7:31693] I think that you are correct on the variance. As for the unequal cost load balancing, I'm pretty sure that IGRP is just like EIGRP. The number of packets per link is calculated something like: worst metric / worst metric = 1 worst metric / better metric = some n 1 I think you also have to issue the 'traffic-share balanced' router config commmand. I can't say for sure if it is acually packets or destinations that get balanced. All of the Cisco literature seems to suggest packets. PROBLEM: R1 // \ R2__R3 R1 and R2 are connected via a T1 link (Network ID: 10.2.1.0/24 AND a 56K link (Network ID: 10.2.2.0/24) R1 and R3 are connected via a T1 link (Network ID: 10.2.3.0/24 R2 and R3 are connected via ethernet (Network ID:10.1.4.0/24) R1, R2 and R3 are running IGRP 200 The goal is to configure R1 for unequal load balancing and see 2 routes for network 10.1.4.0 in the routing table. PROPOSED SOLUTION: From R1, the metric of the T1 route to 10.1.4.0 would be: delay bandwidth=(2000+100)+10^(7)/15440 = 8576 From R1, the metric of the 56K route to 10.1.4.0 would be: delay bandwidth=(2000+100)+10^(7)/56 = 180671 So the variance would be 22 because 180671/8576 = 21.07 On R1, we should configure the variance as 22 Does that look right? Pierre-Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31702t=31693 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ccboot 2 bgp AS3 challenge [7:28934]
Icmp router discovery protocol and gateway discovery protocol. I am guessing that maybe if this works there are 3 solutions. IRDP is cool. It advertises out the interface you specify at intervals you specify. On the other side you run gateway discovery protocol and it listens for the IRDP. Once it here's the irdp it enters the ip address of the advertising irdp as it's default gateway. IDRP doesn't use GDP, just ICMP. GDP was a Cisco proprietary protocol that preceded IDRP, and Cisco deprecated it -- I didn't think it was even supported any longer. The main operational problem with IDRP is, given its default timer settings, discovery is very slow. Alternatives in the UNIX world including using RIP for router discovery. IPv6 has neighbor discovery mechanisms that will meet this need. It's probably faster all around to have hosts get a default router address through DHCP, and have this address be a HSRP virtual address when there are multiple routers. Thinking about it this morning though, I have never tried advertisements from different interfaces to a router. I have tried advertising from 2 routers of the same ethernet and setting priority so they both end up as defaults. I dunno if it would work but I am goin to try it when I have time. - Original Message - From: EA Louie To: Chris Larson ; Sent: Wednesday, December 12, 2001 2:53 AM Subject: Re: ccboot 2 bgp AS3 challenge I don't understand the abbreviations... IRDP? internal route distribution protocol? GDP? general data processing? - Original Message - From: Chris Larson To: EA Louie ; Sent: Tuesday, December 11, 2001 8:00 PM Subject: Re: ccboot 2 bgp AS3 challenge Well, I will take a stab at one of the solutions I can think of off the top off my head. I think this would work, I will have to put it to the test in the lab. IRDP on R5 GDP on R6 facing R5. IRDP on R6 facing R7 GDP on R7 facing R6. - Original Message - From: EA Louie To: Sent: Tuesday, December 11, 2001 8:57 PM Subject: ccboot 2 bgp AS3 challenge In the configuration of R6, there is no route to R5's ethernet. Therefore, R7 has no route to the next-hop router, and does not populate it's table. In the instructions, you are given the opportunity to add a static default route to R5 to get the bgp routes to R7. I found 2 other ways to accomplish this without that static default route, keeping in mind that the static route solution may not be viable in the lab exam. Is anyone working that lab and would you like to take a stab at it? (all of the solutions are elegant and require very little thought) -e- _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=28934t=28934 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Expert Labs: Multiprotocol Challenge [7:21943]
Has anyone seen or used the Cisco Interactive Mentor CDs ? There is a new one coming out this month more for the CCIE level called: Expert Labs: Multiprotocol Challenge If anyone has any input and think its worth the money let me know. There is also one for ISDN, but I do not know if it is any good. Thanks Derrick Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21943t=21943 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Expert Labs: Multiprotocol Challenge [7:21943]
I used the one for Basic Voice over IP last year before most rack rental companies had them in their racks. I thought it was very good although it was a lot more info than I needed for the CCIE lab. John Kaberna CCIE #7146 NETCG Inc. Cisco Premier Partner www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm Derrick Monahan wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Has anyone seen or used the Cisco Interactive Mentor CDs ? There is a new one coming out this month more for the CCIE level called: Expert Labs: Multiprotocol Challenge If anyone has any input and think its worth the money let me know. There is also one for ISDN, but I do not know if it is any good. Thanks Derrick Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21947t=21943 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load Balancing using BGP challenge problem [7:19339]
What is the real address, I understand if your reticent to provide it but is it part of a larger CIDR block from the other provider? If so and the satellite provider is announcing a more specific /24 then all traffic will come over the satellite link. there is much info missing to really help you in any meaningful way. Dave suaveguru wrote: Most of the traffic is arriving via the provider your doing BGP with and is via this one block of ip with a /24 e.g 1.1.1.0/24 I am seeing almost 100% utilisation via the satellite down-link (1st provider running BGP) and very minimum traffic at the second provider( terrestrial) running default route Because the customer does not have their own AS so a private AS is used regards, suaveguru --- MADMAN wrote: A prepend will surely influence the inbound traffic. Is most of your traffic currently arriving via the provider your doing BGP with? What exactly are you seeing?? Why are you even doing BGP with a private AS that is incoming only?? With the info you provided it's hard to give a good answer. dave suaveguru wrote: do you think having them change private AS to public AS number then do AS-PREPEND will be able to do some kind of influencing? regards, suaveguru --- MADMAN wrote: You have no way of influencing via BGP the inbound routes since your using a private AS on one link and default on the other. You need to work with your providers if you wish to have incoming traffic to your network influenced one way or the other. suaveguru wrote: hi all I have been cracking my head with this load-balancing issue but still no answer . It goes as such Customer A has two providers to Internet The first provider runs BGP with Customer A and is only a Receive-Only Inbound link over Satellite The second provider is a terrestrial link full-duplex but the customer does not run BGP with them but purely a default route Question is how can I use BGP to balance the traffic between the two providers for the Inbound traffic to the customer. I have been contemplating on using AS-PATH prepend but was not so ready to use it because the customer does not have their own AS-NUMBER and is using private AS number provided by the first satellite provider and the first provider simply strip private AS-Numbers at their router Any form of input will be greatly appreciated __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com to [EMAIL PROTECTED] -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19571t=19339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load Balancing using BGP challenge problem [7:19339]
You have no way of influencing via BGP the inbound routes since your using a private AS on one link and default on the other. You need to work with your providers if you wish to have incoming traffic to your network influenced one way or the other. suaveguru wrote: hi all I have been cracking my head with this load-balancing issue but still no answer . It goes as such Customer A has two providers to Internet The first provider runs BGP with Customer A and is only a Receive-Only Inbound link over Satellite The second provider is a terrestrial link full-duplex but the customer does not run BGP with them but purely a default route Question is how can I use BGP to balance the traffic between the two providers for the Inbound traffic to the customer. I have been contemplating on using AS-PATH prepend but was not so ready to use it because the customer does not have their own AS-NUMBER and is using private AS number provided by the first satellite provider and the first provider simply strip private AS-Numbers at their router Any form of input will be greatly appreciated __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19413t=19339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load Balancing using BGP challenge problem [7:19339]
what do you mean by this? --- Brian wrote: Troll Alert - Original Message - From: Farhan Ahmed To: Sent: Monday, September 10, 2001 9:30 PM Subject: RE: Load Balancing using BGP challenge problem [7:19339] then u should think abt running 2 static routes and forget abt bgp cuz its really doesnt exsist -Original Message- From: suaveguru [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 4:53 AM To: [EMAIL PROTECTED] Subject: Load Balancing using BGP challenge problem [7:19339] hi all I have been cracking my head with this load-balancing issue but still no answer . It goes as such Customer A has two providers to Internet The first provider runs BGP with Customer A and is only a Receive-Only Inbound link over Satellite The second provider is a terrestrial link full-duplex but the customer does not run BGP with them but purely a default route Question is how can I use BGP to balance the traffic between the two providers for the Inbound traffic to the customer. I have been contemplating on using AS-PATH prepend but was not so ready to use it because the customer does not have their own AS-NUMBER and is using private AS number provided by the first satellite provider and the first provider simply strip private AS-Numbers at their router Any form of input will be greatly appreciated __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com [EMAIL PROTECTED] __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19418t=19339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load Balancing using BGP challenge problem [7:19339]
do you think having them change private AS to public AS number then do AS-PREPEND will be able to do some kind of influencing? regards, suaveguru --- MADMAN wrote: You have no way of influencing via BGP the inbound routes since your using a private AS on one link and default on the other. You need to work with your providers if you wish to have incoming traffic to your network influenced one way or the other. suaveguru wrote: hi all I have been cracking my head with this load-balancing issue but still no answer . It goes as such Customer A has two providers to Internet The first provider runs BGP with Customer A and is only a Receive-Only Inbound link over Satellite The second provider is a terrestrial link full-duplex but the customer does not run BGP with them but purely a default route Question is how can I use BGP to balance the traffic between the two providers for the Inbound traffic to the customer. I have been contemplating on using AS-PATH prepend but was not so ready to use it because the customer does not have their own AS-NUMBER and is using private AS number provided by the first satellite provider and the first provider simply strip private AS-Numbers at their router Any form of input will be greatly appreciated __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com [EMAIL PROTECTED] -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19415t=19339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load Balancing using BGP challenge problem [7:19339]
A prepend will surely influence the inbound traffic. Is most of your traffic currently arriving via the provider your doing BGP with? What exactly are you seeing?? Why are you even doing BGP with a private AS that is incoming only?? With the info you provided it's hard to give a good answer. dave suaveguru wrote: do you think having them change private AS to public AS number then do AS-PREPEND will be able to do some kind of influencing? regards, suaveguru --- MADMAN wrote: You have no way of influencing via BGP the inbound routes since your using a private AS on one link and default on the other. You need to work with your providers if you wish to have incoming traffic to your network influenced one way or the other. suaveguru wrote: hi all I have been cracking my head with this load-balancing issue but still no answer . It goes as such Customer A has two providers to Internet The first provider runs BGP with Customer A and is only a Receive-Only Inbound link over Satellite The second provider is a terrestrial link full-duplex but the customer does not run BGP with them but purely a default route Question is how can I use BGP to balance the traffic between the two providers for the Inbound traffic to the customer. I have been contemplating on using AS-PATH prepend but was not so ready to use it because the customer does not have their own AS-NUMBER and is using private AS number provided by the first satellite provider and the first provider simply strip private AS-Numbers at their router Any form of input will be greatly appreciated __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com [EMAIL PROTECTED] -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19421t=19339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load Balancing using BGP challenge problem [7:19339]
I think what he means is since they are not using a registered AS the AS that they are using is striped at the provider and your network is seen as originating from your provider not from your private AS. Dave suaveguru wrote: what do you mean by this? --- Brian wrote: Troll Alert - Original Message - From: Farhan Ahmed To: Sent: Monday, September 10, 2001 9:30 PM Subject: RE: Load Balancing using BGP challenge problem [7:19339] then u should think abt running 2 static routes and forget abt bgp cuz its really doesnt exsist -Original Message- From: suaveguru [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 4:53 AM To: [EMAIL PROTECTED] Subject: Load Balancing using BGP challenge problem [7:19339] hi all I have been cracking my head with this load-balancing issue but still no answer . It goes as such Customer A has two providers to Internet The first provider runs BGP with Customer A and is only a Receive-Only Inbound link over Satellite The second provider is a terrestrial link full-duplex but the customer does not run BGP with them but purely a default route Question is how can I use BGP to balance the traffic between the two providers for the Inbound traffic to the customer. I have been contemplating on using AS-PATH prepend but was not so ready to use it because the customer does not have their own AS-NUMBER and is using private AS number provided by the first satellite provider and the first provider simply strip private AS-Numbers at their router Any form of input will be greatly appreciated __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com [EMAIL PROTECTED] __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19426t=19339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load Balancing using BGP challenge problem [7:19339]
Most of the traffic is arriving via the provider your doing BGP with and is via this one block of ip with a /24 e.g 1.1.1.0/24 I am seeing almost 100% utilisation via the satellite down-link (1st provider running BGP) and very minimum traffic at the second provider( terrestrial) running default route Because the customer does not have their own AS so a private AS is used regards, suaveguru --- MADMAN wrote: A prepend will surely influence the inbound traffic. Is most of your traffic currently arriving via the provider your doing BGP with? What exactly are you seeing?? Why are you even doing BGP with a private AS that is incoming only?? With the info you provided it's hard to give a good answer. dave suaveguru wrote: do you think having them change private AS to public AS number then do AS-PREPEND will be able to do some kind of influencing? regards, suaveguru --- MADMAN wrote: You have no way of influencing via BGP the inbound routes since your using a private AS on one link and default on the other. You need to work with your providers if you wish to have incoming traffic to your network influenced one way or the other. suaveguru wrote: hi all I have been cracking my head with this load-balancing issue but still no answer . It goes as such Customer A has two providers to Internet The first provider runs BGP with Customer A and is only a Receive-Only Inbound link over Satellite The second provider is a terrestrial link full-duplex but the customer does not run BGP with them but purely a default route Question is how can I use BGP to balance the traffic between the two providers for the Inbound traffic to the customer. I have been contemplating on using AS-PATH prepend but was not so ready to use it because the customer does not have their own AS-NUMBER and is using private AS number provided by the first satellite provider and the first provider simply strip private AS-Numbers at their router Any form of input will be greatly appreciated __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com to [EMAIL PROTECTED] -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19531t=19339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Load Balancing using BGP challenge problem [7:19339]
hi all I have been cracking my head with this load-balancing issue but still no answer . It goes as such Customer A has two providers to Internet The first provider runs BGP with Customer A and is only a Receive-Only Inbound link over Satellite The second provider is a terrestrial link full-duplex but the customer does not run BGP with them but purely a default route Question is how can I use BGP to balance the traffic between the two providers for the Inbound traffic to the customer. I have been contemplating on using AS-PATH prepend but was not so ready to use it because the customer does not have their own AS-NUMBER and is using private AS number provided by the first satellite provider and the first provider simply strip private AS-Numbers at their router Any form of input will be greatly appreciated __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19339t=19339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Load Balancing using BGP challenge problem [7:19339]
then u should think abt running 2 static routes and forget abt bgp cuz its really doesnt exsist -Original Message- From: suaveguru [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 4:53 AM To: [EMAIL PROTECTED] Subject: Load Balancing using BGP challenge problem [7:19339] hi all I have been cracking my head with this load-balancing issue but still no answer . It goes as such Customer A has two providers to Internet The first provider runs BGP with Customer A and is only a Receive-Only Inbound link over Satellite The second provider is a terrestrial link full-duplex but the customer does not run BGP with them but purely a default route Question is how can I use BGP to balance the traffic between the two providers for the Inbound traffic to the customer. I have been contemplating on using AS-PATH prepend but was not so ready to use it because the customer does not have their own AS-NUMBER and is using private AS number provided by the first satellite provider and the first provider simply strip private AS-Numbers at their router Any form of input will be greatly appreciated __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19371t=19339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load Balancing using BGP challenge problem [7:19339]
Troll Alert - Original Message - From: Farhan Ahmed To: Sent: Monday, September 10, 2001 9:30 PM Subject: RE: Load Balancing using BGP challenge problem [7:19339] then u should think abt running 2 static routes and forget abt bgp cuz its really doesnt exsist -Original Message- From: suaveguru [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 4:53 AM To: [EMAIL PROTECTED] Subject: Load Balancing using BGP challenge problem [7:19339] hi all I have been cracking my head with this load-balancing issue but still no answer . It goes as such Customer A has two providers to Internet The first provider runs BGP with Customer A and is only a Receive-Only Inbound link over Satellite The second provider is a terrestrial link full-duplex but the customer does not run BGP with them but purely a default route Question is how can I use BGP to balance the traffic between the two providers for the Inbound traffic to the customer. I have been contemplating on using AS-PATH prepend but was not so ready to use it because the customer does not have their own AS-NUMBER and is using private AS number provided by the first satellite provider and the first provider simply strip private AS-Numbers at their router Any form of input will be greatly appreciated __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19372t=19339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Load Balancing using BGP challenge problem [7:19339]
I can't put static routes because one provider is down-link only and the other is two-way regards, suaveguru --- Farhan Ahmed wrote: then u should think abt running 2 static routes and forget abt bgp cuz its really doesnt exsist -Original Message- From: suaveguru [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 4:53 AM To: [EMAIL PROTECTED] Subject: Load Balancing using BGP challenge problem [7:19339] hi all I have been cracking my head with this load-balancing issue but still no answer . It goes as such Customer A has two providers to Internet The first provider runs BGP with Customer A and is only a Receive-Only Inbound link over Satellite The second provider is a terrestrial link full-duplex but the customer does not run BGP with them but purely a default route Question is how can I use BGP to balance the traffic between the two providers for the Inbound traffic to the customer. I have been contemplating on using AS-PATH prepend but was not so ready to use it because the customer does not have their own AS-NUMBER and is using private AS number provided by the first satellite provider and the first provider simply strip private AS-Numbers at their router Any form of input will be greatly appreciated __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com [EMAIL PROTECTED] __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19377t=19339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IPSEC Challenge Problem [7:17844]
Guys, The objective of the problem I m going to explain you is to encrypt ONLY TELNET traffic b/w these two routers. THe main problem I m facing is that IM not able to do this by implementing specific host lists that permits only telnet traffic from one to another host..Like access-list 101 permit tcp host A host B eq telnet. The only way I can run this is by using normal list allowing complete traffic b/w these two hosts.Please have a look and let me know if u find any problem in my config. Thanks. ISDN1#sh crypto engine connections ac ISDN1#sh crypto engine connections active ID Interface IP-Address State Algorithm Encrypt Decrypt 1 setHMAC_MD5+DES_56_CB0 0 2 setHMAC_MD5+DES_56_CB0 0 2000 Serial0/0 135.25.11.1 setHMAC_MD5+DES_56_CB0 54 2001 Serial0/0 135.25.11.1 setHMAC_MD5+DES_56_CB 40 0 ISDN1#sh run Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname ISDN1 ! enable password cisco ! ! ! ! ! memory-size iomem 7 ip subnet-zero ip telnet source-interface Loopback0 no ip domain-lookup ! isdn voice-call-failure 0 cns event-service server ! ! ! ! crypto isakmp policy 10 hash md5 authentication pre-share crypto isakmp key hello address 135.25.11.2 255.255.255.255 crypto isakmp key hello address 135.25.3.1 255.255.255.255 ! ! crypto ipsec transform-set cisco esp-des esp-md5-hmac ! ! crypto map CCIE local-address Loopback0 crypto map CCIE 10 ipsec-isakmp set peer 135.25.11.2 set peer 135.25.3.1 set transform-set cisco match address 101 ! ! ! ! interface Loopback0 ip address 135.25.4.1 255.255.255.255 no ip directed-broadcast ! interface FastEthernet0/0 no ip address no ip directed-broadcast shutdown duplex auto speed auto ! interface Serial0/0 ip address 135.25.11.1 255.255.255.0 no ip directed-broadcast no ip mroute-cache no fair-queue crypto map CCIE ! interface BRI0/0 no ip address no ip directed-broadcast shutdown isdn guard-timer 0 on-expiry accept ! interface FastEthernet0/1 no ip address no ip directed-broadcast shutdown duplex auto speed auto ! ip classless ip route 0.0.0.0 0.0.0.0 135.25.11.2 no ip http server ! access-list 101 permit ip host 135.25.4.1 host 135.25.3.1 ! ! voice-port 1/0/0 ! voice-port 1/0/1 ! voice-port 1/1/0 ! voice-port 1/1/1 ! ! ! line con 0 password cisco transport input none line aux 0 line vty 0 4 password cisco login ! hostname ISDN2 ! enable password cisco ! ! ! ! ! ip subnet-zero ip telnet source-interface Loopback0 no ip domain-lookup ! isdn voice-call-failure 0 cns event-service server ! ! crypto isakmp policy 10 hash md5 authentication pre-share crypto isakmp key hello address 135.25.11.1 crypto isakmp key hello address 135.25.4.1 ! ! crypto ipsec transform-set cisco esp-des esp-md5-hmac ! ! crypto map CCIE local-address Loopback0 crypto map CCIE 10 ipsec-isakmp set peer 135.25.11.1 set peer 135.25.4.1 set transform-set cisco match address 101 partition flash 2 16 8 ! ! ! ! ! ! ! interface Loopback0 ip address 135.25.3.1 255.255.255.255 no ip directed-broadcast ! interface Ethernet0/0 no ip address no ip directed-broadcast shutdown ! interface Serial0/0 no ip address no ip directed-broadcast shutdown ! interface BRI0/0 no ip address no ip directed-broadcast shutdown isdn guard-timer 0 on-expiry accept ! interface Ethernet0/1 no ip address no ip directed-broadcast shutdown ! interface Serial1/0 no ip address no ip directed-broadcast shutdown ! interface Serial1/1 ip address 135.25.11.2 255.255.255.0 no ip directed-broadcast clockrate 64000 crypto map CCIE ! interface Serial1/2 no ip address no ip directed-broadcast shutdown ! interface Serial1/3 no ip address no ip directed-broadcast shutdown ! interface Serial1/4 ip address 135.25.12.1 255.255.255.0 no ip directed-broadcast ! interface Serial1/5 no ip address no ip directed-broadcast shutdown ! interface Serial1/6 no ip address no ip directed-broadcast shutdown ! interface Serial1/7 no ip address no ip directed-broadcast shutdown ! ip classless ip route 0.0.0.0 0.0.0.0 135.25.11.1 no ip http server ! access-list 101 permit ip host 135.25.3.1 host 135.25.4.1 ! ! line con 0 exec-timeout 0 0 password cisco transport input none line aux 0 line vty 0 4 password cisco login ! end ISDN2# _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=17844t=17844 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF Challenge Q's :) [7:17852]
(1) How to change the OSPF cost of using ethernet interface to 90 and serial interface to 580 across whole network ,WITHOUT using ip ospf cost command??? (2)How to propagate SOme loopback interfaces via OSPF such that these loopback interfaces are not configured for ospf .Also these routes should not be seen as external. :( Is that tough?? _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=17852t=17852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF Challenge Q's :) [7:17852]
1) ip ospf reference bandwidth. or you can change the bandwidth parameters on each interface. 2) redistribute connected with route maps if needed. -Original Message- From: Cisco Lover [mailto:[EMAIL PROTECTED]] Sent: 30 August 2001 13:36 To: [EMAIL PROTECTED] Subject: OSPF Challenge Q's :) [7:17852] (1) How to change the OSPF cost of using ethernet interface to 90 and serial interface to 580 across whole network ,WITHOUT using ip ospf cost command??? (2)How to propagate SOme loopback interfaces via OSPF such that these loopback interfaces are not configured for ospf .Also these routes should not be seen as external. :( Is that tough?? _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=17857t=17852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPSEC Challenge Problem [7:17844]
The problem is most likely your access-lists. You need to create an acl that allows telnet traffic from A to B and the return traffic from B to A: For telnet from A to B: on A: access-list 101 permit host A gt 1023 host B eq 23 on B: access-list 101 permit host B eq 23 host A gt 1023 (create reverse images of these entries for telnet from B to A) Note that the acl's on B and A are mirror images of each other, as stated in the Cisco docs. You need to remember that the source port for a client initiating telnet is a randomly chosen port above 1023. You don't _have_ to list the 'gt 1023', but when using acl's for IPSec I like to specify both src and dst ports if possible for consistency. HTH, Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Cisco Lover Sent: Thursday, August 30, 2001 4:21 AM To: [EMAIL PROTECTED] Subject: IPSEC Challenge Problem [7:17844] Guys, The objective of the problem I m going to explain you is to encrypt ONLY TELNET traffic b/w these two routers. THe main problem I m facing is that IM not able to do this by implementing specific host lists that permits only telnet traffic from one to another host..Like access-list 101 permit tcp host A host B eq telnet. The only way I can run this is by using normal list allowing complete traffic b/w these two hosts.Please have a look and let me know if u find any problem in my config. Thanks. ISDN1#sh crypto engine connections ac ISDN1#sh crypto engine connections active ID Interface IP-Address State Algorithm Encrypt Decrypt 1 setHMAC_MD5+DES_56_CB0 0 2 setHMAC_MD5+DES_56_CB0 0 2000 Serial0/0 135.25.11.1 setHMAC_MD5+DES_56_CB0 54 2001 Serial0/0 135.25.11.1 setHMAC_MD5+DES_56_CB 40 0 ISDN1#sh run Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname ISDN1 ! enable password cisco ! ! ! ! ! memory-size iomem 7 ip subnet-zero ip telnet source-interface Loopback0 no ip domain-lookup ! isdn voice-call-failure 0 cns event-service server ! ! ! ! crypto isakmp policy 10 hash md5 authentication pre-share crypto isakmp key hello address 135.25.11.2 255.255.255.255 crypto isakmp key hello address 135.25.3.1 255.255.255.255 ! ! crypto ipsec transform-set cisco esp-des esp-md5-hmac ! ! crypto map CCIE local-address Loopback0 crypto map CCIE 10 ipsec-isakmp set peer 135.25.11.2 set peer 135.25.3.1 set transform-set cisco match address 101 ! ! ! ! interface Loopback0 ip address 135.25.4.1 255.255.255.255 no ip directed-broadcast ! interface FastEthernet0/0 no ip address no ip directed-broadcast shutdown duplex auto speed auto ! interface Serial0/0 ip address 135.25.11.1 255.255.255.0 no ip directed-broadcast no ip mroute-cache no fair-queue crypto map CCIE ! interface BRI0/0 no ip address no ip directed-broadcast shutdown isdn guard-timer 0 on-expiry accept ! interface FastEthernet0/1 no ip address no ip directed-broadcast shutdown duplex auto speed auto ! ip classless ip route 0.0.0.0 0.0.0.0 135.25.11.2 no ip http server ! access-list 101 permit ip host 135.25.4.1 host 135.25.3.1 ! ! voice-port 1/0/0 ! voice-port 1/0/1 ! voice-port 1/1/0 ! voice-port 1/1/1 ! ! ! line con 0 password cisco transport input none line aux 0 line vty 0 4 password cisco login ! hostname ISDN2 ! enable password cisco ! ! ! ! ! ip subnet-zero ip telnet source-interface Loopback0 no ip domain-lookup ! isdn voice-call-failure 0 cns event-service server ! ! crypto isakmp policy 10 hash md5 authentication pre-share crypto isakmp key hello address 135.25.11.1 crypto isakmp key hello address 135.25.4.1 ! ! crypto ipsec transform-set cisco esp-des esp-md5-hmac ! ! crypto map CCIE local-address Loopback0 crypto map CCIE 10 ipsec-isakmp set peer 135.25.11.1 set peer 135.25.4.1 set transform-set cisco match address 101 partition flash 2 16 8 ! ! ! ! ! ! ! interface Loopback0 ip address 135.25.3.1 255.255.255.255 no ip directed-broadcast ! interface Ethernet0/0 no ip address no ip directed-broadcast shutdown ! interface Serial0/0 no ip address no ip directed-broadcast shutdown ! interface BRI0/0 no ip address no ip directed-broadcast shutdown isdn guard-timer 0 on-expiry accept ! interface Ethernet0/1 no ip address no ip directed-broadcast shutdown ! interface Serial1/0 no ip address no ip directed-broadcast shutdown ! interface Serial1/1 ip address 135.25.11.2 255.255.255.0 no ip directed-broadcast clockrate 64000 crypto map CCIE ! interface Serial1/2 no ip address no ip directed-broadcast shutdown ! interface Serial1/3 no ip address no ip directed-broadcast shutdown ! interface Serial1/4 ip address 135.25.12.1 255.255.255.0 no ip directed-broadcast ! interface Serial1/5 no ip address no ip directed-broadcast shutdown ! interface Serial1/6 no ip address no ip
RE: IPSEC Challenge Problem [7:17844]
Wonderfull!!! GREA Kent U solved my problem.. Thanks a lot!!! From: Kent Hundley Reply-To: Kent Hundley To: [EMAIL PROTECTED] Subject: RE: IPSEC Challenge Problem [7:17844] Date: Thu, 30 Aug 2001 17:03:25 -0400 The problem is most likely your access-lists. You need to create an acl that allows telnet traffic from A to B and the return traffic from B to A: For telnet from A to B: on A: access-list 101 permit host A gt 1023 host B eq 23 on B: access-list 101 permit host B eq 23 host A gt 1023 (create reverse images of these entries for telnet from B to A) Note that the acl's on B and A are mirror images of each other, as stated in the Cisco docs. You need to remember that the source port for a client initiating telnet is a randomly chosen port above 1023. You don't _have_ to list the 'gt 1023', but when using acl's for IPSec I like to specify both src and dst ports if possible for consistency. HTH, Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Cisco Lover Sent: Thursday, August 30, 2001 4:21 AM To: [EMAIL PROTECTED] Subject: IPSEC Challenge Problem [7:17844] Guys, The objective of the problem I m going to explain you is to encrypt ONLY TELNET traffic b/w these two routers. THe main problem I m facing is that IM not able to do this by implementing specific host lists that permits only telnet traffic from one to another host..Like access-list 101 permit tcp host A host B eq telnet. The only way I can run this is by using normal list allowing complete traffic b/w these two hosts.Please have a look and let me know if u find any problem in my config. Thanks. ISDN1#sh crypto engine connections ac ISDN1#sh crypto engine connections active ID Interface IP-Address State Algorithm Encrypt Decrypt 1 setHMAC_MD5+DES_56_CB0 0 2 setHMAC_MD5+DES_56_CB0 0 2000 Serial0/0 135.25.11.1 setHMAC_MD5+DES_56_CB0 54 2001 Serial0/0 135.25.11.1 setHMAC_MD5+DES_56_CB 40 0 ISDN1#sh run Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname ISDN1 ! enable password cisco ! ! ! ! ! memory-size iomem 7 ip subnet-zero ip telnet source-interface Loopback0 no ip domain-lookup ! isdn voice-call-failure 0 cns event-service server ! ! ! ! crypto isakmp policy 10 hash md5 authentication pre-share crypto isakmp key hello address 135.25.11.2 255.255.255.255 crypto isakmp key hello address 135.25.3.1 255.255.255.255 ! ! crypto ipsec transform-set cisco esp-des esp-md5-hmac ! ! crypto map CCIE local-address Loopback0 crypto map CCIE 10 ipsec-isakmp set peer 135.25.11.2 set peer 135.25.3.1 set transform-set cisco match address 101 ! ! ! ! interface Loopback0 ip address 135.25.4.1 255.255.255.255 no ip directed-broadcast ! interface FastEthernet0/0 no ip address no ip directed-broadcast shutdown duplex auto speed auto ! interface Serial0/0 ip address 135.25.11.1 255.255.255.0 no ip directed-broadcast no ip mroute-cache no fair-queue crypto map CCIE ! interface BRI0/0 no ip address no ip directed-broadcast shutdown isdn guard-timer 0 on-expiry accept ! interface FastEthernet0/1 no ip address no ip directed-broadcast shutdown duplex auto speed auto ! ip classless ip route 0.0.0.0 0.0.0.0 135.25.11.2 no ip http server ! access-list 101 permit ip host 135.25.4.1 host 135.25.3.1 ! ! voice-port 1/0/0 ! voice-port 1/0/1 ! voice-port 1/1/0 ! voice-port 1/1/1 ! ! ! line con 0 password cisco transport input none line aux 0 line vty 0 4 password cisco login ! hostname ISDN2 ! enable password cisco ! ! ! ! ! ip subnet-zero ip telnet source-interface Loopback0 no ip domain-lookup ! isdn voice-call-failure 0 cns event-service server ! ! crypto isakmp policy 10 hash md5 authentication pre-share crypto isakmp key hello address 135.25.11.1 crypto isakmp key hello address 135.25.4.1 ! ! crypto ipsec transform-set cisco esp-des esp-md5-hmac ! ! crypto map CCIE local-address Loopback0 crypto map CCIE 10 ipsec-isakmp set peer 135.25.11.1 set peer 135.25.4.1 set transform-set cisco match address 101 partition flash 2 16 8 ! ! ! ! ! ! ! interface Loopback0 ip address 135.25.3.1 255.255.255.255 no ip directed-broadcast ! interface Ethernet0/0 no ip address no ip directed-broadcast shutdown ! interface Serial0/0 no ip address no ip directed-broadcast shutdown ! interface BRI0/0 no ip address no ip directed-broadcast shutdown isdn guard-timer 0 on-expiry accept ! interface Ethernet0/1 no ip address no ip directed-broadcast shutdown ! interface Serial1/0 no ip address no ip directed-broadcast shutdown ! interface Serial1/1 ip address 135.25.11.2 255.255.255.0 no ip directed-broadcast clockrate 64000 crypto map CCIE ! interface Serial1/2 no ip address no ip directed-broadcast shutdown ! interface Serial1/3 no ip
RE: CHALLENGE PROBLEM (now herrings and lemmings) [7:17112]
Sir, although I have never had the privilege of meeting you face to face, I have, after two years on this newsgroup and a great number of hours reading your books and papers, developed quite a detailed imaginary picture of your appearance. I'm now thinking maybe I should add 30-40 pounds to that picture. :- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Howard C. Berkowitz Sent: Friday, August 24, 2001 6:24 AM To: [EMAIL PROTECTED] Subject: RE: CHALLENGE PROBLEM (now herrings and lemmings) [7:17112] Brian, I just wanted to say publicly that this was an outstanding test question. outstanding because of all the red herrings it contained, as we saw from the wild guess responses. Sir, after several trips to Scandinavia, I find it hard to believe that any sensible tester would use more than one red (presumably tomato-sauced) herring. There are wide range of herring to pick from, including the basic wine-pickled, mustard, sour cream, etc., to say nothing of the cooked dishes containing herring. It is also important not to confuse herrings with lemmings, which are excellent simulators either for marketingdroids or those led by marketingdroids. Perhaps they have even more simulation capabilities; I find many of the attempts to coerce things into a concept of the OSI model that is long obsolete, or insist that one or another term is correct because a review book says so in contradiction of the actual standards. Howard so everyone knows, my own private reply was incorrect as well. doh! thanks for this - these kinds of challenges are what make groupstudy worthwhile to me at least. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brian Sent: Tuesday, August 21, 2001 7:51 AM To: [EMAIL PROTECTED] Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St.VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone:318-212-0245 fax: 318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18033t=17112 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CHALLENGE PROBLEM (now herrings and lemmings) [7:17112]
Brian, I just wanted to say publicly that this was an outstanding test question. outstanding because of all the red herrings it contained, as we saw from the wild guess responses. Sir, after several trips to Scandinavia, I find it hard to believe that any sensible tester would use more than one red (presumably tomato-sauced) herring. There are wide range of herring to pick from, including the basic wine-pickled, mustard, sour cream, etc., to say nothing of the cooked dishes containing herring. It is also important not to confuse herrings with lemmings, which are excellent simulators either for marketingdroids or those led by marketingdroids. Perhaps they have even more simulation capabilities; I find many of the attempts to coerce things into a concept of the OSI model that is long obsolete, or insist that one or another term is correct because a review book says so in contradiction of the actual standards. Howard so everyone knows, my own private reply was incorrect as well. doh! thanks for this - these kinds of challenges are what make groupstudy worthwhile to me at least. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brian Sent: Tuesday, August 21, 2001 7:51 AM To: [EMAIL PROTECTED] Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St.VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone:318-212-0245 fax: 318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=17112t=17112 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CHALLENGE PROBLEM (now herrings and lemmings) [7:17112]
Howard, you should try the Herrings in Curry Sauce the next time you're in Scandinavia (Denmark especially). Another good fish-out-of-a-can thing you should try, is the Macrel in tomato sause on an open faced sandwich with mayo on top - YUMMI!!! P.S. Don't forget that fish has to swim, so you'll have to swing down one or two small shots of Danish Akvavit. Ole (who's missing the Danish food now and then...) ~~~ Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 8:24 AM To: [EMAIL PROTECTED] Subject: RE: CHALLENGE PROBLEM (now herrings and lemmings) [7:17112] Brian, I just wanted to say publicly that this was an outstanding test question. outstanding because of all the red herrings it contained, as we saw from the wild guess responses. Sir, after several trips to Scandinavia, I find it hard to believe that any sensible tester would use more than one red (presumably tomato-sauced) herring. There are wide range of herring to pick from, including the basic wine-pickled, mustard, sour cream, etc., to say nothing of the cooked dishes containing herring. It is also important not to confuse herrings with lemmings, which are excellent simulators either for marketingdroids or those led by marketingdroids. Perhaps they have even more simulation capabilities; I find many of the attempts to coerce things into a concept of the OSI model that is long obsolete, or insist that one or another term is correct because a review book says so in contradiction of the actual standards. Howard so everyone knows, my own private reply was incorrect as well. doh! thanks for this - these kinds of challenges are what make groupstudy worthwhile to me at least. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brian Sent: Tuesday, August 21, 2001 7:51 AM To: [EMAIL PROTECTED] Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St.VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone:318-212-0245 fax: 318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=17114t=17112 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:17089]
Brian, I just wanted to say publicly that this was an outstanding test question. outstanding because of all the red herrings it contained, as we saw from the wild guess responses. so everyone knows, my own private reply was incorrect as well. doh! thanks for this - these kinds of challenges are what make groupstudy worthwhile to me at least. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brian Sent: Tuesday, August 21, 2001 7:51 AM To: [EMAIL PROTECTED] Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St. VISA/MC/AMEX/COD Suite 140130 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone: 318-212-0245 fax: 318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=17089t=17089 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:16659]
On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St. VISA/MC/AMEX/COD Suite 140130 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone: 318-212-0245 fax: 318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16659t=16659 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:16681]
I don't think bridge will work on this network because of split horizon. - Original Message - From: Brian To: Sent: Tuesday, August 21, 2001 7:51 AM Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St.VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone:318-212-0245 fax:318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16681t=16681 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:16687]
On Tue, 21 Aug 2001, Donald B Johnson jr wrote: I don't think bridge will work on this network because of split horizon. Can you be more clear about your answer? Brian - Original Message - From: Brian To: Sent: Tuesday, August 21, 2001 7:51 AM Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St.VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone:318-212-0245 fax:318-212-0246 I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St. VISA/MC/AMEX/COD Suite 140130 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone: 318-212-0245 fax: 318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16687t=16687 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:16690]
you can correct me here if I am wrong but split horizon is only used in distance vector protocols NO??? The problem here without giving the answer is that a router is expected to pass a packet out of an interface which is on its own subnet !! Doesn't compute! What is the routing protocol being used to route ip?? This is where the answer will lye -Original Message- From: Donald B Johnson jr [mailto:[EMAIL PROTECTED]] Sent: 21 August 2001 17:06 To: [EMAIL PROTECTED] Subject: Re: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16681] I don't think bridge will work on this network because of split horizon. - Original Message - From: Brian To: Sent: Tuesday, August 21, 2001 7:51 AM Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St.VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone:318-212-0245 fax:318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16690t=16690 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:16695]
yeah but he is using irb with a bvi and igrp it is probably a split h issue it creating a loopa - Original Message - From: McCallum, Robert To: 'Donald B Johnson jr' ; Sent: Tuesday, August 21, 2001 9:26 AM Subject: RE: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16681] you can correct me here if I am wrong but split horizon is only used in distance vector protocols NO??? The problem here without giving the answer is that a router is expected to pass a packet out of an interface which is on its own subnet !! Doesn't compute! What is the routing protocol being used to route ip?? This is where the answer will lye -Original Message- From: Donald B Johnson jr [mailto:[EMAIL PROTECTED]] Sent: 21 August 2001 17:06 To: [EMAIL PROTECTED] Subject: Re: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16681] I don't think bridge will work on this network because of split horizon. - Original Message - From: Brian To: Sent: Tuesday, August 21, 2001 7:51 AM Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St.VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone:318-212-0245 fax:318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16695t=16695 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:16694]
First of all, I believe you have a typo: router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 should have been router igrp 1 network 192.168.1.0 network 192.168.2.0 network 193.168.3.0 I have not an answer to your question yet. Ole ~~~ Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: Brian [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 9:51 AM To: [EMAIL PROTECTED] Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St. VISA/MC/AMEX/COD Suite 140130 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone: 318-212-0245 fax: 318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16694t=16694 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:16702]
To me this looks very similar to bridging with DSL. Since you cannot receive the ARP the router must proxy this. At 09:52 AM 8/21/2001, McCallum, Robert wrote: you can correct me here if I am wrong but split horizon is only used in distance vector protocols NO??? The problem here without giving the answer is that a router is expected to pass a packet out of an interface which is on its own subnet !! Doesn't compute! What is the routing protocol being used to route ip?? This is where the answer will lye -Original Message- From: Donald B Johnson jr [mailto:[EMAIL PROTECTED]] Sent: 21 August 2001 17:06 To: [EMAIL PROTECTED] Subject: Re: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16681] I don't think bridge will work on this network because of split horizon. - Original Message - From: Brian To: Sent: Tuesday, August 21, 2001 7:51 AM Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St.VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone:318-212-0245 fax:318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16702t=16702 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:16701]
yeah you got irb and bvi and igrp on same interface you are creating loops because SH is disabled - Original Message - From: Brian To: Sent: Tuesday, August 21, 2001 9:35 AM Subject: Re: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16687] On Tue, 21 Aug 2001, Donald B Johnson jr wrote: I don't think bridge will work on this network because of split horizon. Can you be more clear about your answer? Brian - Original Message - From: Brian To: Sent: Tuesday, August 21, 2001 7:51 AM Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St.VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone:318-212-0245 fax:318-212-0246 I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St.VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone:318-212-0245 fax:318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16701t=16701 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:16707]
Putting static routes on the remote routers pointing back to the hub router would work. Assuming the hub router has routes in it's routing table to all the remote routers. Darrin Gibson -Original Message- From: Wayne Wenthin [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 12:29 PM To: [EMAIL PROTECTED] Subject: RE: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16702] To me this looks very similar to bridging with DSL. Since you cannot receive the ARP the router must proxy this. At 09:52 AM 8/21/2001, McCallum, Robert wrote: you can correct me here if I am wrong but split horizon is only used in distance vector protocols NO??? The problem here without giving the answer is that a router is expected to pass a packet out of an interface which is on its own subnet !! Doesn't compute! What is the routing protocol being used to route ip?? This is where the answer will lye -Original Message- From: Donald B Johnson jr [mailto:[EMAIL PROTECTED]] Sent: 21 August 2001 17:06 To: [EMAIL PROTECTED] Subject: Re: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16681] I don't think bridge will work on this network because of split horizon. - Original Message - From: Brian To: Sent: Tuesday, August 21, 2001 7:51 AM Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St.VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone:318-212-0245 fax:318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16707t=16707 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:16711]
No one has gotten this problem yet. Remeber, making it so the clients are on differnt layer 3 networks works, but when they are on the same it doesn't. What mechanics are involved in how the packet will be treated different if on the same network vs. different networks. I'll still leave the answer open, someone will get this. Brian On Tue, 21 Aug 2001, Wayne Wenthin wrote: To me this looks very similar to bridging with DSL. Since you cannot receive the ARP the router must proxy this. At 09:52 AM 8/21/2001, McCallum, Robert wrote: you can correct me here if I am wrong but split horizon is only used in distance vector protocols NO??? The problem here without giving the answer is that a router is expected to pass a packet out of an interface which is on its own subnet !! Doesn't compute! What is the routing protocol being used to route ip?? This is where the answer will lye -Original Message- From: Donald B Johnson jr [mailto:[EMAIL PROTECTED]] Sent: 21 August 2001 17:06 To: [EMAIL PROTECTED] Subject: Re: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16681] I don't think bridge will work on this network because of split horizon. - Original Message - From: Brian To: Sent: Tuesday, August 21, 2001 7:51 AM Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St.VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone:318-212-0245 fax:318-212-0246 I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St. VISA/MC/AMEX/COD Suite 140130 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone: 318-212-0245 fax: 318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16711t=16711 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:16709]
yes that was a typo, but had nothing to do with the problem, good catch On Tue, 21 Aug 2001, Ole Drews Jensen wrote: First of all, I believe you have a typo: router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 should have been router igrp 1 network 192.168.1.0 network 192.168.2.0 network 193.168.3.0 I have not an answer to your question yet. Ole ~~~ Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: Brian [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 9:51 AM To: [EMAIL PROTECTED] Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St. VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101Cisco Channel Partner toll free: 866-2NETJAM phone: 318-212-0245 fax: 318-212-0246 I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St. VISA/MC/AMEX/COD Suite 140130 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone: 318-212-0245 fax: 318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16709t=16709 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:16710]
no thats not the problem On Tue, 21 Aug 2001, Donald B Johnson jr wrote: yeah you got irb and bvi and igrp on same interface you are creating loops because SH is disabled - Original Message - From: Brian To: Sent: Tuesday, August 21, 2001 9:35 AM Subject: Re: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16687] On Tue, 21 Aug 2001, Donald B Johnson jr wrote: I don't think bridge will work on this network because of split horizon. Can you be more clear about your answer? Brian - Original Message - From: Brian To: Sent: Tuesday, August 21, 2001 7:51 AM Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St.VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone:318-212-0245 fax:318-212-0246 I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St.VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone:318-212-0245 fax:318-212-0246 I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St. VISA/MC/AMEX/COD Suite 140130 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone: 318-212-0245 fax: 318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16710t=16710 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:16714]
I can think of two reason why it wouldn't work. 1. Because you're using bridging on the frame relay links, it must adhere to the spanning tree rules. This means that you cannot send traffic out the same interface you receive it on. In this configuration it would mean that information received on a DLCI it would not be able to be forwarded out any of the other DLCIs because they are on the same physical interface 2. You're using frame map bridge statements which disables inverse arp. You have to add static frame map ip statements for all the layer 3 addresses. This wouldn't explain why it works when the DLCIs are on different layer 3 networks though. Rob Brian @groupstudy.com on 08/21/2001 02:10:42 PM Please respond to Brian Sent by: [EMAIL PROTECTED] To: [EMAIL PROTECTED] cc: Subject: RE: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16711] No one has gotten this problem yet. Remeber, making it so the clients are on differnt layer 3 networks works, but when they are on the same it doesn't. What mechanics are involved in how the packet will be treated different if on the same network vs. different networks. I'll still leave the answer open, someone will get this. Brian On Tue, 21 Aug 2001, Wayne Wenthin wrote: To me this looks very similar to bridging with DSL. Since you cannot receive the ARP the router must proxy this. At 09:52 AM 8/21/2001, McCallum, Robert wrote: you can correct me here if I am wrong but split horizon is only used in distance vector protocols NO??? The problem here without giving the answer is that a router is expected to pass a packet out of an interface which is on its own subnet !! Doesn't compute! What is the routing protocol being used to route ip?? This is where the answer will lye -Original Message- From: Donald B Johnson jr [mailto:[EMAIL PROTECTED]] Sent: 21 August 2001 17:06 To: [EMAIL PROTECTED] Subject: Re: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16681] I don't think bridge will work on this network because of split horizon. - Original Message - From: Brian To: Sent: Tuesday, August 21, 2001 7:51 AM Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St.VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone:318-212-0245 fax:318-212-0246 I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St. VISA/MC/AMEX/COD Suite 140130 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone
Re: CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:16716]
On Tue, 21 Aug 2001, Sasha wrote: He is doing transparent bridging between pvc's, hence routing issues are irrelevant. The problem here is that a packet that comes into a physical interface is not transmitted back through the same physical interface (although on another pvc), and bridging will not work (you may call it split horizon, but I wouldn't). YES! You got it correct! One must remember that when bridging on a router, its just like a real bridge/switch. Interfaces are like ports on a bridge, and a packet entering a port will never go back out that same port. Using sub interfaces fixes it. Now why does it work when you put them on 2 different layer3 networks? Because this forces packets to tag the BVI, and thus get routed (BVI must be setup with secondary addressing). And routing can go out the port, tag the BVI, and go back down the port, but bridging will not work! (This limitation is intended to avoid bridging loops, I think, because STP will treat physical interface as a single bridge port.) The common solution is the use of p2p subinterfaces. Yes The config may be modified in one of two ways: * put pvc's on separate point-to-point subinterfaces: int ser4/0.200 point-to-point frame interface-dlci 200 bridge-group 1 int ser4/0.224 point-to-point frame interface-dlci 224 bridge-group 1 ... * use point-to-multipoint interface: int ser4/0.200 multipoint frame map bridge 200 broadcast bridge-group 1 int ser4/0.224 multi frame map bridge 224 broadcast bridge-group 1 Yes, or use different layer 3 networks, you can put numerous secondaries on the BVI, although ugly looking. Great job, I know this is not an obvious problem when first looked at. Brian --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St. VISA/MC/AMEX/COD Suite 140130 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone: 318-212-0245 fax: 318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16716t=16716 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:16717]
On Tue, 21 Aug 2001 [EMAIL PROTECTED] wrote: I can think of two reason why it wouldn't work. 1. Because you're using bridging on the frame relay links, it must adhere to the spanning tree rules. This means that you cannot send traffic out the same interface you receive it on. In this configuration it would mean that information received on a DLCI it would not be able to be forwarded out any of the other DLCIs because they are on the same physical interface Yes the above is correct! 2. You're using frame map bridge statements which disables inverse arp. You have to add static frame map ip statements for all the layer 3 addresses. This wouldn't explain why it works when the DLCIs are on different layer 3 networks though. The above is not really a problem in whats below. You can just put the DLCI's on differnt layer3 networks and it will work as is below. Rob Brian @groupstudy.com on 08/21/2001 02:10:42 PM Please respond to Brian Sent by: [EMAIL PROTECTED] To: [EMAIL PROTECTED] cc: Subject: RE: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16711] No one has gotten this problem yet. Remeber, making it so the clients are on differnt layer 3 networks works, but when they are on the same it doesn't. What mechanics are involved in how the packet will be treated different if on the same network vs. different networks. I'll still leave the answer open, someone will get this. Brian On Tue, 21 Aug 2001, Wayne Wenthin wrote: To me this looks very similar to bridging with DSL. Since you cannot receive the ARP the router must proxy this. At 09:52 AM 8/21/2001, McCallum, Robert wrote: you can correct me here if I am wrong but split horizon is only used in distance vector protocols NO??? The problem here without giving the answer is that a router is expected to pass a packet out of an interface which is on its own subnet !! Doesn't compute! What is the routing protocol being used to route ip?? This is where the answer will lye -Original Message- From: Donald B Johnson jr [mailto:[EMAIL PROTECTED]] Sent: 21 August 2001 17:06 To: [EMAIL PROTECTED] Subject: Re: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16681] I don't think bridge will work on this network because of split horizon. - Original Message - From: Brian To: Sent: Tuesday, August 21, 2001 7:51 AM Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St.VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone:318-212-0245 fax:318-212-0246 I'm buying / selling used CISCO gear
RE: CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:16718]
On Tue, 21 Aug 2001, Gibson, Darrin wrote: Putting static routes on the remote routers pointing back to the hub router would work. Assuming the hub router has routes in it's routing table to all the remote routers. that would not work. There is something fundementally wrong with the below config that prevents them from communicating. Darrin Gibson -Original Message- From: Wayne Wenthin [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 12:29 PM To: [EMAIL PROTECTED] Subject: RE: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16702] To me this looks very similar to bridging with DSL. Since you cannot receive the ARP the router must proxy this. At 09:52 AM 8/21/2001, McCallum, Robert wrote: you can correct me here if I am wrong but split horizon is only used in distance vector protocols NO??? The problem here without giving the answer is that a router is expected to pass a packet out of an interface which is on its own subnet !! Doesn't compute! What is the routing protocol being used to route ip?? This is where the answer will lye -Original Message- From: Donald B Johnson jr [mailto:[EMAIL PROTECTED]] Sent: 21 August 2001 17:06 To: [EMAIL PROTECTED] Subject: Re: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16681] I don't think bridge will work on this network because of split horizon. - Original Message - From: Brian To: Sent: Tuesday, August 21, 2001 7:51 AM Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St.VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone:318-212-0245 fax:318-212-0246 I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St. VISA/MC/AMEX/COD Suite 140130 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone: 318-212-0245 fax: 318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16718t=16718 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:16719]
If the clients are on different layer 3 network, then that should be configured as point to point network. If they are on same network then they can use point to multipoint. I think in the given senerio, it should be configured as point to point network. Arun --- Brian wrote: No one has gotten this problem yet. Remeber, making it so the clients are on differnt layer 3 networks works, but when they are on the same it doesn't. What mechanics are involved in how the packet will be treated different if on the same network vs. different networks. I'll still leave the answer open, someone will get this. Brian On Tue, 21 Aug 2001, Wayne Wenthin wrote: To me this looks very similar to bridging with DSL. Since you cannot receive the ARP the router must proxy this. At 09:52 AM 8/21/2001, McCallum, Robert wrote: you can correct me here if I am wrong but split horizon is only used in distance vector protocols NO??? The problem here without giving the answer is that a router is expected to pass a packet out of an interface which is on its own subnet !! Doesn't compute! What is the routing protocol being used to route ip?? This is where the answer will lye -Original Message- From: Donald B Johnson jr [mailto:[EMAIL PROTECTED]] Sent: 21 August 2001 17:06 To: [EMAIL PROTECTED] Subject: Re: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16681] I don't think bridge will work on this network because of split horizon. - Original Message - From: Brian To: Sent: Tuesday, August 21, 2001 7:51 AM Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St.VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone:318-212-0245 fax:318-212-0246 I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St. VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101Cisco Channel Partner toll free: 866-2NETJAM phone: 318-212-0245 fax: 318-212-0246 [EMAIL PROTECTED] = Arun Upadhyay SE Engineering MCSE CCNA CNA __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16719t=16719 -- FAQ, list archives, and subscription info
RE: CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:16722]
How about get rid of igrp and configure ospf in nbma mode? :) -Patrick Brian 08/21/01 02:10PM No one has gotten this problem yet. Remeber, making it so the clients are on differnt layer 3 networks works, but when they are on the same it doesn't. What mechanics are involved in how the packet will be treated different if on the same network vs. different networks. I'll still leave the answer open, someone will get this. Brian On Tue, 21 Aug 2001, Wayne Wenthin wrote: To me this looks very similar to bridging with DSL. Since you cannot receive the ARP the router must proxy this. At 09:52 AM 8/21/2001, McCallum, Robert wrote: you can correct me here if I am wrong but split horizon is only used in distance vector protocols NO??? The problem here without giving the answer is that a router is expected to pass a packet out of an interface which is on its own subnet !! Doesn't compute! What is the routing protocol being used to route ip?? This is where the answer will lye -Original Message- From: Donald B Johnson jr [mailto:[EMAIL PROTECTED]] Sent: 21 August 2001 17:06 To: [EMAIL PROTECTED] Subject: Re: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16681] I don't think bridge will work on this network because of split horizon. - Original Message - From: Brian To: Sent: Tuesday, August 21, 2001 7:51 AM Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St.VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone:318-212-0245 fax:318-212-0246 I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St. VISA/MC/AMEX/COD Suite 140130 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone: 318-212-0245 fax: 318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16722t=16722 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:16727]
On Tue, 21 Aug 2001, Patrick Ramsey wrote: How about get rid of igrp and configure ospf in nbma mode? :) the igrp has nothing to do with the problem though, its a bridging problem, someone had posted the solution. Brian -Patrick Brian 08/21/01 02:10PM No one has gotten this problem yet. Remeber, making it so the clients are on differnt layer 3 networks works, but when they are on the same it doesn't. What mechanics are involved in how the packet will be treated different if on the same network vs. different networks. I'll still leave the answer open, someone will get this. Brian On Tue, 21 Aug 2001, Wayne Wenthin wrote: To me this looks very similar to bridging with DSL. Since you cannot receive the ARP the router must proxy this. At 09:52 AM 8/21/2001, McCallum, Robert wrote: you can correct me here if I am wrong but split horizon is only used in distance vector protocols NO??? The problem here without giving the answer is that a router is expected to pass a packet out of an interface which is on its own subnet !! Doesn't compute! What is the routing protocol being used to route ip?? This is where the answer will lye -Original Message- From: Donald B Johnson jr [mailto:[EMAIL PROTECTED]] Sent: 21 August 2001 17:06 To: [EMAIL PROTECTED] Subject: Re: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16681] I don't think bridge will work on this network because of split horizon. - Original Message - From: Brian To: Sent: Tuesday, August 21, 2001 7:51 AM Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St.VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone:318-212-0245 fax:318-212-0246 I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St. VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101Cisco Channel Partner toll free: 866-2NETJAM phone: 318-212-0245 fax: 318-212-0246 I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St. VISA/MC/AMEX/COD Suite 140130 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone: 318-212-0245 fax
RE: CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:16728]
On Tue, 21 Aug 2001, Arun Upadhyay wrote: If the clients are on different layer 3 network, then that should be configured as point to point network. If they are on same network then they can use point to multipoint. Well, not really. In practice its fine to put bridged customers on a single multipoint and use different layer3 networks. Why would you do this? Well, in early DSL rollouts, things on Cisco routers like IDB's, BVI's, etc were limited resources..some routers could only do 300 even. So you would lump many DSL customers in on one multipoint interface. I think in the given senerio, it should be configured as point to point network. Yes, ideally, but its sort of like a typical Cisco or CCIE type problem, where the configuration is valid, but doesn't necessarly make sense or would be the best way to do it. Its just to demonstrate the issue or port blocking on a bridge. Arun --- Brian wrote: No one has gotten this problem yet. Remeber, making it so the clients are on differnt layer 3 networks works, but when they are on the same it doesn't. What mechanics are involved in how the packet will be treated different if on the same network vs. different networks. I'll still leave the answer open, someone will get this. Brian On Tue, 21 Aug 2001, Wayne Wenthin wrote: To me this looks very similar to bridging with DSL. Since you cannot receive the ARP the router must proxy this. At 09:52 AM 8/21/2001, McCallum, Robert wrote: you can correct me here if I am wrong but split horizon is only used in distance vector protocols NO??? The problem here without giving the answer is that a router is expected to pass a packet out of an interface which is on its own subnet !! Doesn't compute! What is the routing protocol being used to route ip?? This is where the answer will lye -Original Message- From: Donald B Johnson jr [mailto:[EMAIL PROTECTED]] Sent: 21 August 2001 17:06 To: [EMAIL PROTECTED] Subject: Re: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16681] I don't think bridge will work on this network because of split horizon. - Original Message - From: Brian To: Sent: Tuesday, August 21, 2001 7:51 AM Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St.VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone:318-212-0245 fax:318-212-0246 I'm buying / selling used CISCO gear
RE: CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:16755]
is it something to do with using classless rather than classful routing protocols? regards, suaveguru --- Patrick Ramsey wrote: How about get rid of igrp and configure ospf in nbma mode? :) -Patrick Brian 08/21/01 02:10PM No one has gotten this problem yet. Remeber, making it so the clients are on differnt layer 3 networks works, but when they are on the same it doesn't. What mechanics are involved in how the packet will be treated different if on the same network vs. different networks. I'll still leave the answer open, someone will get this. Brian On Tue, 21 Aug 2001, Wayne Wenthin wrote: To me this looks very similar to bridging with DSL. Since you cannot receive the ARP the router must proxy this. At 09:52 AM 8/21/2001, McCallum, Robert wrote: you can correct me here if I am wrong but split horizon is only used in distance vector protocols NO??? The problem here without giving the answer is that a router is expected to pass a packet out of an interface which is on its own subnet !! Doesn't compute! What is the routing protocol being used to route ip?? This is where the answer will lye -Original Message- From: Donald B Johnson jr [mailto:[EMAIL PROTECTED]] Sent: 21 August 2001 17:06 To: [EMAIL PROTECTED] Subject: Re: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16681] I don't think bridge will work on this network because of split horizon. - Original Message - From: Brian To: Sent: Tuesday, August 21, 2001 7:51 AM Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St.VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone:318-212-0245 fax:318-212-0246 I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St. VISA/MC/AMEX/COD Suite 1401 30 day warranty Shreveport, LA 71101Cisco Channel Partner toll free: 866-2NETJAM phone: 318-212-0245 fax: 318-212-0246 [EMAIL PROTECTED] __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16755t=16755 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct
RE: CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:16767]
On Tue, 21 Aug 2001, suaveguru wrote: is it something to do with using classless rather than classful routing protocols? no, it was answered already. It has to do with bridges blocking on ports data is sourced from. Brian --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St. VISA/MC/AMEX/COD Suite 140130 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone: 318-212-0245 fax: 318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16767t=16767 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:16768]
Sounds like Spanning tree is screwing it up. Since this is a multipoint interface. It think spanning tree will consider it as one port. Any packet that comes in the router and is destined for the same subnet doesn't hit the BVI and is bridged. 1st rule of bridge forwarding : If the destination MAC address is unknown, forward out all ports except the ingress port. Since all the packets come in the same port as far a spanning tree is concerned, unknown or ANY packets for that matter, will not be set out the same port. Packets on different subnets hit the BVI and are routed and so will bypass the bridging rule. A bridge will NEVER forward a frame out the same port in came it. Solution: Set up P to P subinterfaces. These should be treated by bridge as different ports and frames will get forwarded. IGRP and split horizon have nothing to do with it. At least I think this is the problem :) Tony M #6172 - Original Message - From: suaveguru To: Sent: Tuesday, August 21, 2001 7:55 PM Subject: RE: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16755] is it something to do with using classless rather than classful routing protocols? regards, suaveguru --- Patrick Ramsey wrote: How about get rid of igrp and configure ospf in nbma mode? :) -Patrick Brian 08/21/01 02:10PM No one has gotten this problem yet. Remeber, making it so the clients are on differnt layer 3 networks works, but when they are on the same it doesn't. What mechanics are involved in how the packet will be treated different if on the same network vs. different networks. I'll still leave the answer open, someone will get this. Brian On Tue, 21 Aug 2001, Wayne Wenthin wrote: To me this looks very similar to bridging with DSL. Since you cannot receive the ARP the router must proxy this. At 09:52 AM 8/21/2001, McCallum, Robert wrote: you can correct me here if I am wrong but split horizon is only used in distance vector protocols NO??? The problem here without giving the answer is that a router is expected to pass a packet out of an interface which is on its own subnet !! Doesn't compute! What is the routing protocol being used to route ip?? This is where the answer will lye -Original Message- From: Donald B Johnson jr [mailto:[EMAIL PROTECTED]] Sent: 21 August 2001 17:06 To: [EMAIL PROTECTED] Subject: Re: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16681] I don't think bridge will work on this network because of split horizon. - Original Message - From: Brian To: Sent: Tuesday, August 21, 2001 7:51 AM Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria
Re: CHALLENGE PROBLEM (was Re: For FR Grus.... [7:16635]) [7:16771]
yes tony thats it :) On Wed, 22 Aug 2001, Tony Medeiros wrote: Sounds like Spanning tree is screwing it up. Since this is a multipoint interface. It think spanning tree will consider it as one port. Any packet that comes in the router and is destined for the same subnet doesn't hit the BVI and is bridged. 1st rule of bridge forwarding : If the destination MAC address is unknown, forward out all ports except the ingress port. Since all the packets come in the same port as far a spanning tree is concerned, unknown or ANY packets for that matter, will not be set out the same port. Packets on different subnets hit the BVI and are routed and so will bypass the bridging rule. A bridge will NEVER forward a frame out the same port in came it. Solution: Set up P to P subinterfaces. These should be treated by bridge as different ports and frames will get forwarded. IGRP and split horizon have nothing to do with it. At least I think this is the problem :) Tony M #6172 - Original Message - From: suaveguru To: Sent: Tuesday, August 21, 2001 7:55 PM Subject: RE: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16755] is it something to do with using classless rather than classful routing protocols? regards, suaveguru --- Patrick Ramsey wrote: How about get rid of igrp and configure ospf in nbma mode? :) -Patrick Brian 08/21/01 02:10PM No one has gotten this problem yet. Remeber, making it so the clients are on differnt layer 3 networks works, but when they are on the same it doesn't. What mechanics are involved in how the packet will be treated different if on the same network vs. different networks. I'll still leave the answer open, someone will get this. Brian On Tue, 21 Aug 2001, Wayne Wenthin wrote: To me this looks very similar to bridging with DSL. Since you cannot receive the ARP the router must proxy this. At 09:52 AM 8/21/2001, McCallum, Robert wrote: you can correct me here if I am wrong but split horizon is only used in distance vector protocols NO??? The problem here without giving the answer is that a router is expected to pass a packet out of an interface which is on its own subnet !! Doesn't compute! What is the routing protocol being used to route ip?? This is where the answer will lye -Original Message- From: Donald B Johnson jr [mailto:[EMAIL PROTECTED]] Sent: 21 August 2001 17:06 To: [EMAIL PROTECTED] Subject: Re: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16681] I don't think bridge will work on this network because of split horizon. - Original Message - From: Brian To: Sent: Tuesday, August 21, 2001 7:51 AM Subject: CHALLENGE PROBLEM (was Re: For FR Grus [7:16635]) [7:16659] On Tue, 21 Aug 2001, Cisco Lover wrote: Hi Guys.. Come with some New Queston.. hmm, ok, so your looking for some challenging questions? Ok, I will post one, its got FR in it. First I'll post the problem, followed by the config: THE PROBLEM === Users on DLCI's 200, 224, 201, 225 cannot communicate to eachother. They can talk just fine to the rest of the network, but no packets can pass between them. Later discovery reveals that so long as they are on different layer 3 network addressing, communcation can occur, but if they are on the same network, such as 192.168.3.0, then they cannot communicate What is the problem? I will reply to let everyone know who got the correct answer. Below is the configuration: ! version 11.3 ! interface Ethernet2/0 ip address 192.168.1.242 255.255.255.0 ! interface Serial4/0 no ip address encapsulation frame-relay IETF keepalive 15 frame-relay map bridge 200 broadcast IETF frame-relay map bridge 224 broadcast IETF frame-relay map bridge 201 broadcast IETF frame-relay map bridge 225 broadcast IETF frame-relay lmi-type ansi bridge-group 1 ! interface BVI1 ip address 192.168.3.242 255.255.255.0 secondary ip address 192.168.2.242 255.255.255.0 ! router igrp 1 network 192.1.0.0 network 192.2.0.0 network 193.3.0.0 ! ip classless ! bridge irb bridge 1 protocol ieee bridge 1 route ip ! For eg, our FR switch is setup for Full mesh,But out network is setup as Hub Spoke FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure
Age Challenge for Oldest CCNP/DP on Earth!! [7:14167]
I need proof -- date of birth, place of birth, whether you are left-or right-handed or ambidextrous, etc. Without that -- I still claim the title. In fact, I am taking on the Republicans spin in Florida on this. My age has been broadcast over this list for months and no one successfully came forth and refuted my claim to the title. Thus, there has been an age count, and an age recount and even a recount on the age recount -- and there has not been anyone who can prove BRD (lawyers shorthand for Beyond a Reasonable Doubt!) that I am not the duly self-appointed and self-anointed oldest (albeit I concede not the wisest) CCNP/CCDP on this earth!! If necessary, I will call upon Ms. Katherine Harris (from Florida) to mediate this issue!!! See, we old folks have nothing on our plates so we can engage in this nonsensical, time-wasting behavior (at least while I'm having my first cuppa' tea this a.m. Then its on to work!!! Greg Macaulay Oldest CCNP/CCDP on Earth (pending recount!) Lifetime Member of AARP Retired Attorney/Law Professor -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, July 28, 2001 8:57 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: For those studying VoIP/CVoice! [7:14061] Greg, Good post on a reference URL for VoIP. I will be taking Cisco IP Voice class next week and will refer to some of these links. TNX Note: However, you'll have to revise your signature as I think for the moment I am most likely the Oldest and Bald CCIE wannabe ;-) at age 59 3/4 Ray Oldest CCNP/CCDP on Earth FYI I discovered this page on CCO by accident. Hope it helps those who are preparing for CVoice http://www.cisco.com/warp/public/788/voip/voip.shtml Greg Macaulay Oldest CCNP/CCDP on Earth Lifetime Member of AARP Retired Attorney/Law Professor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14167t=14167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167]
Give up Ray. the guys a lawyer even if he was 12 and 1/2 he would win. -Original Message- From: Greg Macaulay [SMTP:[EMAIL PROTECTED]] Sent: 30 July 2001 15:33 To: [EMAIL PROTECTED] Subject: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167] I need proof -- date of birth, place of birth, whether you are left-or right-handed or ambidextrous, etc. Without that -- I still claim the title. In fact, I am taking on the Republicans spin in Florida on this. My age has been broadcast over this list for months and no one successfully came forth and refuted my claim to the title. Thus, there has been an age count, and an age recount and even a recount on the age recount -- and there has not been anyone who can prove BRD (lawyers shorthand for Beyond a Reasonable Doubt!) that I am not the duly self-appointed and self-anointed oldest (albeit I concede not the wisest) CCNP/CCDP on this earth!! If necessary, I will call upon Ms. Katherine Harris (from Florida) to mediate this issue!!! See, we old folks have nothing on our plates so we can engage in this nonsensical, time-wasting behavior (at least while I'm having my first cuppa' tea this a.m. Then its on to work!!! Greg Macaulay Oldest CCNP/CCDP on Earth (pending recount!) Lifetime Member of AARP Retired Attorney/Law Professor -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, July 28, 2001 8:57 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: For those studying VoIP/CVoice! [7:14061] Greg, Good post on a reference URL for VoIP. I will be taking Cisco IP Voice class next week and will refer to some of these links. TNX Note: However, you'll have to revise your signature as I think for the moment I am most likely the Oldest and Bald CCIE wannabe ;-) at age 59 3/4 Ray Oldest CCNP/CCDP on Earth FYI I discovered this page on CCO by accident. Hope it helps those who are preparing for CVoice http://www.cisco.com/warp/public/788/voip/voip.shtml Greg Macaulay Oldest CCNP/CCDP on Earth Lifetime Member of AARP Retired Attorney/Law Professor * DISCLAIMER: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14204t=14167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167]
What made you give up law for Cisco? -P.Kil Preston Kilburn Author: Greg Macaulay (---.he.cox.rr.com) Date: 07-30-01 10:33 I need proof -- date of birth, place of birth, whether you are left-or right-handed or ambidextrous, etc. Without that -- I still claim the title. In fact, I am taking on the Republicans spin in Florida on this. My age has been broadcast over this list for months and no one successfully came forth and refuted my claim to the title. Thus, there has been an age count,and an age recount and even a recount on the age recount -- and there has not been anyone who can prove BRD (lawyers shorthand for Beyond a Reasonable Doubt!) that I am not the duly self-appointed and self-anointed oldest (albeit I concede not the wisest) CCNP/CCDP on this earth!! If necessary, I will call upon Ms. Katherine Harris (from Florida) to mediate this issue!!! See, we old folks have nothing on our plates so we can engage in this nonsensical, time-wasting behavior (at least while I'm having my first cuppa' tea this a.m. Then its on to work!!! Greg Macaulay Oldest CCNP/CCDP on Earth (pending recount!) Lifetime Member of AARP Retired Attorney/Law Professor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14224t=14167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167]
this is what I warn my kids aboutyou can be whatever you want to be on the NET and no one is the wiser!! Rick In a message dated 7/30/01 12:37:37 PM Eastern Daylight Time, [EMAIL PROTECTED] writes: Give up Ray. the guys a lawyer even if he was 12 and 1/2 he would win. -Original Message- From:Greg Macaulay [SMTP:[EMAIL PROTECTED]] Sent:30 July 2001 15:33 To:[EMAIL PROTECTED] Subject:Age Challenge for Oldest CCNP/DP on Earth!! [7:14167] I need proof -- date of birth, place of birth, whether you are left-or right-handed or ambidextrous, etc. Without that -- I still claim the title. In fact, I am taking on the Republicans spin in Florida on this. My age has been broadcast over this list for months and no one successfully came forth and refuted my claim to the title. Thus, there has been an age count, and an age recount and even a recount on the age recount -- and there has not been anyone who can prove BRD (lawyers shorthand for Beyond a Reasonable Doubt!) that I am not the duly self-appointed and self-anointed oldest (albeit I concede not the wisest) CCNP/CCDP on this earth!! If necessary, I will call upon Ms. Katherine Harris (from Florida) to mediate this issue!!! See, we old folks have nothing on our plates so we can engage in this nonsensical, time-wasting behavior (at least while I'm having my first cuppa' tea this a.m. Then its on to work!!! Greg Macaulay Oldest CCNP/CCDP on Earth (pending recount!) Lifetime Member of AARP Retired Attorney/Law Professor -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, July 28, 2001 8:57 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: For those studying VoIP/CVoice! [7:14061] Greg, Good post on a reference URL for VoIP. I will be taking Cisco IP Voice class next week and will refer to some of these links. TNX Note: However, you'll have to revise your signature as I think for the moment I am most likely the Oldest and Bald CCIE wannabe ;-) at age 59 3/4 Ray Oldest CCNP/CCDP on Earth Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14246t=14167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167]
I can't resist, how old are you? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Greg Macaulay Sent: Monday, July 30, 2001 9:33 AM To: [EMAIL PROTECTED] Subject: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167] I need proof -- date of birth, place of birth, whether you are left-or right-handed or ambidextrous, etc. Without that -- I still claim the title. In fact, I am taking on the Republicans spin in Florida on this. My age has been broadcast over this list for months and no one successfully came forth and refuted my claim to the title. Thus, there has been an age count, and an age recount and even a recount on the age recount -- and there has not been anyone who can prove BRD (lawyers shorthand for Beyond a Reasonable Doubt!) that I am not the duly self-appointed and self-anointed oldest (albeit I concede not the wisest) CCNP/CCDP on this earth!! If necessary, I will call upon Ms. Katherine Harris (from Florida) to mediate this issue!!! See, we old folks have nothing on our plates so we can engage in this nonsensical, time-wasting behavior (at least while I'm having my first cuppa' tea this a.m. Then its on to work!!! Greg Macaulay Oldest CCNP/CCDP on Earth (pending recount!) Lifetime Member of AARP Retired Attorney/Law Professor -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, July 28, 2001 8:57 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: For those studying VoIP/CVoice! [7:14061] Greg, Good post on a reference URL for VoIP. I will be taking Cisco IP Voice class next week and will refer to some of these links. TNX Note: However, you'll have to revise your signature as I think for the moment I am most likely the Oldest and Bald CCIE wannabe ;-) at age 59 3/4 Ray Oldest CCNP/CCDP on Earth FYI I discovered this page on CCO by accident. Hope it helps those who are preparing for CVoice http://www.cisco.com/warp/public/788/voip/voip.shtml Greg Macaulay Oldest CCNP/CCDP on Earth Lifetime Member of AARP Retired Attorney/Law Professor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14252t=14167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167]
Lawyer? Sounds more like a politician ;) 3 paragraphs still didn't state his age..rofl. Just having fun with ya ;) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Greg Macaulay Sent: Monday, July 30, 2001 9:33 AM To: [EMAIL PROTECTED] Subject: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167] I need proof -- date of birth, place of birth, whether you are left-or right-handed or ambidextrous, etc. Without that -- I still claim the title. In fact, I am taking on the Republicans spin in Florida on this. My age has been broadcast over this list for months and no one successfully came forth and refuted my claim to the title. Thus, there has been an age count, and an age recount and even a recount on the age recount -- and there has not been anyone who can prove BRD (lawyers shorthand for Beyond a Reasonable Doubt!) that I am not the duly self-appointed and self-anointed oldest (albeit I concede not the wisest) CCNP/CCDP on this earth!! If necessary, I will call upon Ms. Katherine Harris (from Florida) to mediate this issue!!! See, we old folks have nothing on our plates so we can engage in this nonsensical, time-wasting behavior (at least while I'm having my first cuppa' tea this a.m. Then its on to work!!! Greg Macaulay Oldest CCNP/CCDP on Earth (pending recount!) Lifetime Member of AARP Retired Attorney/Law Professor -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, July 28, 2001 8:57 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: For those studying VoIP/CVoice! [7:14061] Greg, Good post on a reference URL for VoIP. I will be taking Cisco IP Voice class next week and will refer to some of these links. TNX Note: However, you'll have to revise your signature as I think for the moment I am most likely the Oldest and Bald CCIE wannabe ;-) at age 59 3/4 Ray Oldest CCNP/CCDP on Earth FYI I discovered this page on CCO by accident. Hope it helps those who are preparing for CVoice http://www.cisco.com/warp/public/788/voip/voip.shtml Greg Macaulay Oldest CCNP/CCDP on Earth Lifetime Member of AARP Retired Attorney/Law Professor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14260t=14167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167]
Hes, 19 He just graduated from highSchool, where all of his friends were taking he academic CCNA from the highschool. He just got in late... LOL, - Original Message - From: William Gragido To: Sent: Monday, July 30, 2001 3:25 PM Subject: RE: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167] I can't resist, how old are you? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Greg Macaulay Sent: Monday, July 30, 2001 9:33 AM To: [EMAIL PROTECTED] Subject: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167] I need proof -- date of birth, place of birth, whether you are left-or right-handed or ambidextrous, etc. Without that -- I still claim the title. In fact, I am taking on the Republicans spin in Florida on this. My age has been broadcast over this list for months and no one successfully came forth and refuted my claim to the title. Thus, there has been an age count, and an age recount and even a recount on the age recount -- and there has not been anyone who can prove BRD (lawyers shorthand for Beyond a Reasonable Doubt!) that I am not the duly self-appointed and self-anointed oldest (albeit I concede not the wisest) CCNP/CCDP on this earth!! If necessary, I will call upon Ms. Katherine Harris (from Florida) to mediate this issue!!! See, we old folks have nothing on our plates so we can engage in this nonsensical, time-wasting behavior (at least while I'm having my first cuppa' tea this a.m. Then its on to work!!! Greg Macaulay Oldest CCNP/CCDP on Earth (pending recount!) Lifetime Member of AARP Retired Attorney/Law Professor -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, July 28, 2001 8:57 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: For those studying VoIP/CVoice! [7:14061] Greg, Good post on a reference URL for VoIP. I will be taking Cisco IP Voice class next week and will refer to some of these links. TNX Note: However, you'll have to revise your signature as I think for the moment I am most likely the Oldest and Bald CCIE wannabe ;-) at age 59 3/4 Ray Oldest CCNP/CCDP on Earth FYI I discovered this page on CCO by accident. Hope it helps those who are preparing for CVoice http://www.cisco.com/warp/public/788/voip/voip.shtml Greg Macaulay Oldest CCNP/CCDP on Earth Lifetime Member of AARP Retired Attorney/Law Professor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14261t=14167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167]
Hey Rick, Not to get defensive -- but would you like my D.C. Bar number?? -- and then you can check it out directly with the D.C. Bar! Greg M. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Monday, July 30, 2001 4:06 PM To: [EMAIL PROTECTED] Subject: Re: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167] this is what I warn my kids aboutyou can be whatever you want to be on the NET and no one is the wiser!! Rick In a message dated 7/30/01 12:37:37 PM Eastern Daylight Time, [EMAIL PROTECTED] writes: Give up Ray. the guys a lawyer even if he was 12 and 1/2 he would win. -Original Message- From:Greg Macaulay [SMTP:[EMAIL PROTECTED]] Sent:30 July 2001 15:33 To:[EMAIL PROTECTED] Subject:Age Challenge for Oldest CCNP/DP on Earth!! [7:14167] I need proof -- date of birth, place of birth, whether you are left-or right-handed or ambidextrous, etc. Without that -- I still claim the title. In fact, I am taking on the Republicans spin in Florida on this. My age has been broadcast over this list for months and no one successfully came forth and refuted my claim to the title. Thus, there has been an age count, and an age recount and even a recount on the age recount -- and there has not been anyone who can prove BRD (lawyers shorthand for Beyond a Reasonable Doubt!) that I am not the duly self-appointed and self-anointed oldest (albeit I concede not the wisest) CCNP/CCDP on this earth!! If necessary, I will call upon Ms. Katherine Harris (from Florida) to mediate this issue!!! See, we old folks have nothing on our plates so we can engage in this nonsensical, time-wasting behavior (at least while I'm having my first cuppa' tea this a.m. Then its on to work!!! Greg Macaulay Oldest CCNP/CCDP on Earth (pending recount!) Lifetime Member of AARP Retired Attorney/Law Professor -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, July 28, 2001 8:57 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: For those studying VoIP/CVoice! [7:14061] Greg, Good post on a reference URL for VoIP. I will be taking Cisco IP Voice class next week and will refer to some of these links. TNX Note: However, you'll have to revise your signature as I think for the moment I am most likely the Oldest and Bald CCIE wannabe ;-) at age 59 3/4 Ray Oldest CCNP/CCDP on Earth Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14264t=14167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167]
-Original Message- From: Greg Macaulay [mailto:[EMAIL PROTECTED]] Sent: Monday, July 30, 2001 4:55 PM To: [EMAIL PROTECTED] Subject: RE: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167] 56 -- and I can prove it -- 8 grandchildren -- can't recall their b-dates -- and I have white hair!!! Gosh, I really didn't think that many folks on the list had so much time on their hands to contribute to this nonsense (and fun!). Greg Macaulay Oldest CCNP/CCDP on Earth (recount in progress) Lifetime Member of AARP Retired Attorney/Law Professor -Original Message- From: William Gragido [mailto:[EMAIL PROTECTED]] Sent: Monday, July 30, 2001 4:10 PM To: 'Greg Macaulay'; [EMAIL PROTECTED] Subject: RE: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167] I can't resist, how old are you? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Greg Macaulay Sent: Monday, July 30, 2001 9:33 AM To: [EMAIL PROTECTED] Subject: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167] I need proof -- date of birth, place of birth, whether you are left-or right-handed or ambidextrous, etc. Without that -- I still claim the title. In fact, I am taking on the Republicans spin in Florida on this. My age has been broadcast over this list for months and no one successfully came forth and refuted my claim to the title. Thus, there has been an age count, and an age recount and even a recount on the age recount -- and there has not been anyone who can prove BRD (lawyers shorthand for Beyond a Reasonable Doubt!) that I am not the duly self-appointed and self-anointed oldest (albeit I concede not the wisest) CCNP/CCDP on this earth!! If necessary, I will call upon Ms. Katherine Harris (from Florida) to mediate this issue!!! See, we old folks have nothing on our plates so we can engage in this nonsensical, time-wasting behavior (at least while I'm having my first cuppa' tea this a.m. Then its on to work!!! Greg Macaulay Oldest CCNP/CCDP on Earth (pending recount!) Lifetime Member of AARP Retired Attorney/Law Professor -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, July 28, 2001 8:57 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: For those studying VoIP/CVoice! [7:14061] Greg, Good post on a reference URL for VoIP. I will be taking Cisco IP Voice class next week and will refer to some of these links. TNX Note: However, you'll have to revise your signature as I think for the moment I am most likely the Oldest and Bald CCIE wannabe ;-) at age 59 3/4 Ray Oldest CCNP/CCDP on Earth FYI I discovered this page on CCO by accident. Hope it helps those who are preparing for CVoice http://www.cisco.com/warp/public/788/voip/voip.shtml Greg Macaulay Oldest CCNP/CCDP on Earth Lifetime Member of AARP Retired Attorney/Law Professor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14265t=14167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167]
56 and counting!! -- and as still a member of the D.C. Bar -- being that I am in D.C. -- politics is the name of the game here! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Allen May Sent: Monday, July 30, 2001 4:53 PM To: [EMAIL PROTECTED] Subject: Re: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167] Lawyer? Sounds more like a politician ;) 3 paragraphs still didn't state his age..rofl. Just having fun with ya ;) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Greg Macaulay Sent: Monday, July 30, 2001 9:33 AM To: [EMAIL PROTECTED] Subject: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167] I need proof -- date of birth, place of birth, whether you are left-or right-handed or ambidextrous, etc. Without that -- I still claim the title. In fact, I am taking on the Republicans spin in Florida on this. My age has been broadcast over this list for months and no one successfully came forth and refuted my claim to the title. Thus, there has been an age count, and an age recount and even a recount on the age recount -- and there has not been anyone who can prove BRD (lawyers shorthand for Beyond a Reasonable Doubt!) that I am not the duly self-appointed and self-anointed oldest (albeit I concede not the wisest) CCNP/CCDP on this earth!! If necessary, I will call upon Ms. Katherine Harris (from Florida) to mediate this issue!!! See, we old folks have nothing on our plates so we can engage in this nonsensical, time-wasting behavior (at least while I'm having my first cuppa' tea this a.m. Then its on to work!!! Greg Macaulay Oldest CCNP/CCDP on Earth (pending recount!) Lifetime Member of AARP Retired Attorney/Law Professor -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, July 28, 2001 8:57 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: For those studying VoIP/CVoice! [7:14061] Greg, Good post on a reference URL for VoIP. I will be taking Cisco IP Voice class next week and will refer to some of these links. TNX Note: However, you'll have to revise your signature as I think for the moment I am most likely the Oldest and Bald CCIE wannabe ;-) at age 59 3/4 Ray Oldest CCNP/CCDP on Earth FYI I discovered this page on CCO by accident. Hope it helps those who are preparing for CVoice http://www.cisco.com/warp/public/788/voip/voip.shtml Greg Macaulay Oldest CCNP/CCDP on Earth Lifetime Member of AARP Retired Attorney/Law Professor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14267t=14167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167]
Offline please. - Original Message - From: Greg Macaulay To: Sent: Monday, July 30, 2001 5:13 PM Subject: FW: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167] -Original Message- From: Greg Macaulay [mailto:[EMAIL PROTECTED]] Sent: Monday, July 30, 2001 4:55 PM To: [EMAIL PROTECTED] Subject: RE: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167] 56 -- and I can prove it -- 8 grandchildren -- can't recall their b-dates -- and I have white hair!!! Gosh, I really didn't think that many folks on the list had so much time on their hands to contribute to this nonsense (and fun!). Greg Macaulay Oldest CCNP/CCDP on Earth (recount in progress) Lifetime Member of AARP Retired Attorney/Law Professor -Original Message- From: William Gragido [mailto:[EMAIL PROTECTED]] Sent: Monday, July 30, 2001 4:10 PM To: 'Greg Macaulay'; [EMAIL PROTECTED] Subject: RE: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167] I can't resist, how old are you? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Greg Macaulay Sent: Monday, July 30, 2001 9:33 AM To: [EMAIL PROTECTED] Subject: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167] I need proof -- date of birth, place of birth, whether you are left-or right-handed or ambidextrous, etc. Without that -- I still claim the title. In fact, I am taking on the Republicans spin in Florida on this. My age has been broadcast over this list for months and no one successfully came forth and refuted my claim to the title. Thus, there has been an age count, and an age recount and even a recount on the age recount -- and there has not been anyone who can prove BRD (lawyers shorthand for Beyond a Reasonable Doubt!) that I am not the duly self-appointed and self-anointed oldest (albeit I concede not the wisest) CCNP/CCDP on this earth!! If necessary, I will call upon Ms. Katherine Harris (from Florida) to mediate this issue!!! See, we old folks have nothing on our plates so we can engage in this nonsensical, time-wasting behavior (at least while I'm having my first cuppa' tea this a.m. Then its on to work!!! Greg Macaulay Oldest CCNP/CCDP on Earth (pending recount!) Lifetime Member of AARP Retired Attorney/Law Professor -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, July 28, 2001 8:57 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: For those studying VoIP/CVoice! [7:14061] Greg, Good post on a reference URL for VoIP. I will be taking Cisco IP Voice class next week and will refer to some of these links. TNX Note: However, you'll have to revise your signature as I think for the moment I am most likely the Oldest and Bald CCIE wannabe ;-) at age 59 3/4 Ray Oldest CCNP/CCDP on Earth FYI I discovered this page on CCO by accident. Hope it helps those who are preparing for CVoice http://www.cisco.com/warp/public/788/voip/voip.shtml Greg Macaulay Oldest CCNP/CCDP on Earth Lifetime Member of AARP Retired Attorney/Law Professor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=14269t=14167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
