Ethernet bogs down help has anyone seen this problem [7:75238]

[[EMAIL PROTECTED]]

I have a customer that has a small office with a Cisco 56K Frame router.
They
are running Nat. Now when I plug in the frame side the ethernet side gets 
constant request for translation then it gets to the point where you can no 
longer even ping the ethernet side. If I remove the RG45 cable from the
frame side.
No problem the request stop and I can ping my ethernet side of the router 
fine with 10ml sec responses all day. The users office is down because he
can not
get out to the web. I've checked for viruses and everything seems fine. Does 
anyone have any ideas? This one is driving me crazy. The ISP says that my 
router is bad, but I doubt it. It started all of a sudden after working fine
for 2
years.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=75238t=75238
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Ethernet bogs down help has anyone seen this problem [7:75263]

[Daniel Cotts]

I'll bet the trouble started when the Nachi worm started spreading. It uses
pings to find hosts to infect. See the following to see what happens to NAT
when pinged from the outside.
http://www.cisco.com/warp/public/556/4.html

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
 Sent: Thursday, September 11, 2003 7:01 AM
 To: [EMAIL PROTECTED]
 Subject: Ethernet bogs down help has anyone seen this problem 
 [7:75238]
 
 
 I have a customer that has a small office with a Cisco 56K 
 Frame router.
 They
 are running Nat. Now when I plug in the frame side the 
 ethernet side gets 
 constant request for translation then it gets to the point 
 where you can no 
 longer even ping the ethernet side. If I remove the RG45 
 cable from the
 frame side.
 No problem the request stop and I can ping my ethernet side 
 of the router 
 fine with 10ml sec responses all day. The users office is 
 down because he
 can not
 get out to the web. I've checked for viruses and everything 
 seems fine. Does 
 anyone have any ideas? This one is driving me crazy. The ISP 
 says that my 
 router is bad, but I doubt it. It started all of a sudden 
 after working fine
 for 2
 years.
 **Please support GroupStudy by purchasing from the GroupStudy Store:
 http://shop.groupstudy.com
 FAQ, list archives, and subscription info: 
 http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=75263t=75263
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Ethernet bogs down help has anyone seen this problem [7:75277]

[Andrew Larkins]

Try an access-list that denies ICMP and then use IP accounting access-
violations to see - more than likely a virus

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
 Sent: Thursday, September 11, 2003 7:01 AM
 To: [EMAIL PROTECTED]
 Subject: Ethernet bogs down help has anyone seen this problem
 [7:75238]
 
 
 I have a customer that has a small office with a Cisco 56K
 Frame router.
 They
 are running Nat. Now when I plug in the frame side the 
 ethernet side gets 
 constant request for translation then it gets to the point 
 where you can no 
 longer even ping the ethernet side. If I remove the RG45 
 cable from the
 frame side.
 No problem the request stop and I can ping my ethernet side 
 of the router 
 fine with 10ml sec responses all day. The users office is 
 down because he
 can not
 get out to the web. I've checked for viruses and everything 
 seems fine. Does 
 anyone have any ideas? This one is driving me crazy. The ISP 
 says that my 
 router is bad, but I doubt it. It started all of a sudden 
 after working fine
 for 2
 years.
 **Please support GroupStudy by purchasing from the GroupStudy Store:
 http://shop.groupstudy.com
 FAQ, list archives, and subscription info: 
 http://www.groupstudy.com/list/cisco.html
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=75277t=75277
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: Ethernet bogs down help has anyone seen this problem [7:75285]

[MADMAN]

Do a sh ip nat trans.  Are you seeing a quadrillion icmp translations 
all sourcing a same host or few hosts?

   Dave

Andrew Larkins wrote:

 Try an access-list that denies ICMP and then use IP accounting access-
 violations to see - more than likely a virus
 
 
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 11, 2003 7:01 AM
To: [EMAIL PROTECTED]
Subject: Ethernet bogs down help has anyone seen this problem
[7:75238]


I have a customer that has a small office with a Cisco 56K
Frame router.
They
are running Nat. Now when I plug in the frame side the 
ethernet side gets 
constant request for translation then it gets to the point 
where you can no 
longer even ping the ethernet side. If I remove the RG45 
cable from the
frame side.
No problem the request stop and I can ping my ethernet side 
of the router 
fine with 10ml sec responses all day. The users office is 
down because he
can not
get out to the web. I've checked for viruses and everything 
seems fine. Does 
anyone have any ideas? This one is driving me crazy. The ISP 
says that my 
router is bad, but I doubt it. It started all of a sudden 
after working fine
for 2
years.
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: 
http://www.groupstudy.com/list/cisco.html
 
 **Please support GroupStudy by purchasing from the GroupStudy Store:
 http://shop.groupstudy.com
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 **Please support GroupStudy by purchasing from the GroupStudy Store:
 http://shop.groupstudy.com
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 

-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

Emotion should reflect reason not guide it




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=75285t=75285
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: EM VoIP Problem [7:74717]

[[EMAIL PROTECTED]]

Sounds like problems initiating on the remote site or the reception of the
session onthis site.

Start debugging on remote site, pls show us the output. 

Show call/pots/dial-

Any number expansion/wildcard issues?

debug call rsvp-sync events 

Martijn 

-Oorspronkelijk bericht-
Van: lost in space [mailto:[EMAIL PROTECTED]
Verzonden: woensdag 3 september 2003 18:03
Aan: [EMAIL PROTECTED]
Onderwerp: EM VoIP Problem [7:74717]


Dear Experts,

I am having this problem with EM VoIP.  We are using an EM PABX operating
with 4 wire and using immediate signalling.  The network are connected via 2
Mbps Leased Line.  I can make voice calls from my site to remote site,
however when i asked someone from the remote site to call the other way
around he get busy tones all the time eventough the extension were actually
not bust at that time.

The strange thing is that the remote site can make voice call to my site
only to 2 extension (300 and 400),  but when they dial another extension ex:
363, or 369 they get busy tones all the time.

the dial-peer configuration on the remote router are like this

dial-peer voice 1 pots
destination-pattern +...
port 1/0/0

dial-peer voice 1 pots
destination-pattern +...
port 1/0/1

dial-peer voice 3 voip
destination-pattern +3..
session target ipv4:172.23.1.34(ip address of router's serial interface at
my site).


dial-peer voice 4 voip
destination-pattern +4..
session target ipv4:172.23.1.34 (ip address of router's serial interface at
my site).

Is it the wiring arrangement problem?
i already set up the wiring arrangement based on a reference i got from CCO.

Is it a timeouts parameter problem?

or Is it the EM PABX problem?

Like always, the PABX technician feel that he has done everything correctly.

I am also confident that i have done the configuration correctly.

Anyone has similar experience?

Any idea would be greaty appreciated.

Thanks in advance.


RD
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=75160t=74717
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

CDP problem [7:74949]

[Iwan Hoogendoorn]

Hi people of Groupstudy, 


I have a little problem with CDP.

I have a problem with CDP over Frame relay connectivity but i have no CLUE
what the problem is

I have an HUB AND SPOKE 4 routers are connected to the frame switch 

The Frame switch has no CDP information (how is this possible?)

R2
R4
R5
R6

R2 is the HUB 

Can someone help me with this ?

Thanks Bye 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74949t=74949
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: CDP problem [7:74949]

[Jesse Loggins]

What does show CDP nei give you?

If you recieve 

Router#show cdp neighbors
% CDP is not enabled
This is self explainatory
The CDP run command should solve that.


If you get this then maybe your remote router does not have CDP enabled

Router#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
  S - Switch, H - Host, I - IGMP, r - Repeater

Device IDLocal Intrfce HoldtmeCapability  Platform  Port ID
Router# 

Also remember that CDP is a non-routable protocol so only directly connected
neighbors are shown

Also remember that CDP can be disabled on a per interface basis
HTH I know that I might be stating the obvious here.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74996t=74949
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: CDP problem [7:74949]

[Ben W]

I don't think the Frame swich should have a CDP entry for the directly
conencted neighbors.  Your Frame sites that are connected to each other VIA
the frame switch should, for example R2 should have a CDP entry for its
spokes, and the spokes should see R2.  Remember that CDP is a layer 2
protocol, so between two layer 2 connections you should see CDP neighbors. 
Your Frame spokes and the hub are all layer 2 connections, but your frame
switch is not actually a layer 2 termination.  Its just acting as the Frame
cloud connecting the Layer 2 Frame connections together.  Maybe I'm wrong
but that is my envisioning of it, maybe someone else can at least explain it
better.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74999t=74949
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

DNS Problem [7:74890]

[Router Kid]

Guys,
I am having problem resolving DNS names.
I have a Cisco 2600 and configured for right name-servers and domain name,
but I am still unable to ping www.yahoo.com from my router and a unix box.
My router/unix is behind a PIX firewall. I also created an ACL to allow
outbound conections to my internal Unix/Router. Following is my pix ACL. I
am wondering if somehow my firewall is not allowing DNS resolution. I can
ping outside fine.
Any help would be greatly appreciated.

Regards!!

access-list outside_in permit tcp any host 204.1.2.2 eq telnet
access-list outside_in permit icmp any any
access-list outside_in permit tcp any host 204.1.2.2 eq ftp
access-list outside_in permit tcp any host 204.1.2.2 eq www
access-list outside_in permit tcp any host 204.1.2.2 eq domain
access-list outside_in permit udp any host 204.1.2.2 eq domain
access-group outside_in in interface outside


global (outside) 1 204.1.2.1 netmask 255.255.255.0
nat (inside) 1 10.1.1.0 255.255.255.0 0 0
static (inside,outside) 204.1.2.2 10.1.1.1 netmask 255.255.255.255 0 0
(Unix Box )
static (inside,outside) 204.1.2.3 10.1.1.6 netmask 255.255.255.255 0 0
(Router)

=
These are the logs from my PIX firewall..

(tried nslookup from unix box)

302015: Built outbound UDP connection 23742 for outside:129.250.35.251/53
(129.250.35.251/53) to inside:10.1.1.1/10166 (204.1.159.205/10166) 302015:
Built outbound UDP connection 23743 for outside:129.250.35.250/53
(129.250.35.250/53) to inside:10.1.1.1/10166 (204.1.159.205/10166)
302016: Teardown UDP connection 23740 for outside:129.250.35.251/53 to
inside:10.1.1.1/40069 duration 0:02:41 bytes 188
302016: Teardown UDP connection 23741 for outside:129.250.35.250/53 to
inside:10.1.1.1/40069 duration 0:02:56 bytes 188




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74890t=74890
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

2950 problem (see my previous post) [7:74842]

[Pintens, Koen]

Hi
here is an extract from a test we are able to run

C3 System IO Registers test

CALHOUN SKU id 0: 24 Fast Ethernet Ports, 0 Gigabit ports

cmic_read_miim ERROR: timeout (addr=0x01 id=0x00)

cmic_read_miim: error (could not read MII register #1).

ERROR: CALHOUN SKU id 0: 0 ports found, 24 ports expected.

ERROR: SKU id 0 found, expected SKU id -1

Board claims to be a Calhoun 24 (24 FE) instead of a Unknown Platform

FAILED

C4 LED Test

cmic_write_miim ERROR: timeout (addr=0x14 id=0x00 data=0x9900)

SetLedColor: cmic_write_miim() failed!

cmic_write_miim ERROR: timeout (addr=0x14 id=0x01 data=0x9900)

SetLedColor: cmic_write_miim() failed!





Anybody has any ideas?



Thanks in advance



Koen



**
This electronic message together with any attachments is confidential. If
you receive it in error: (i) you must not use, disclose, copy or retain
it; (ii) please contact the sender immediately by reply email and then
delete the emails. Views expressed in this email may not be those of the
Airways Corporation of New Zealand Limited
**




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74842t=74842
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

EM VoIP Problem [7:74717]

[lost in space]

Dear Experts,

I am having this problem with EM VoIP.  We are using an EM PABX operating
with 4 wire and using immediate signalling.  The network are connected via 2
Mbps Leased Line.  I can make voice calls from my site to remote site,
however when i asked someone from the remote site to call the other way
around he get busy tones all the time eventough the extension were actually
not bust at that time.

The strange thing is that the remote site can make voice call to my site
only to 2 extension (300 and 400),  but when they dial another extension ex:
363, or 369 they get busy tones all the time.

the dial-peer configuration on the remote router are like this

dial-peer voice 1 pots
destination-pattern +...
port 1/0/0

dial-peer voice 1 pots
destination-pattern +...
port 1/0/1

dial-peer voice 3 voip
destination-pattern +3..
session target ipv4:172.23.1.34(ip address of router's serial interface at
my site).


dial-peer voice 4 voip
destination-pattern +4..
session target ipv4:172.23.1.34 (ip address of router's serial interface at
my site).

Is it the wiring arrangement problem?
i already set up the wiring arrangement based on a reference i got from CCO.

Is it a timeouts parameter problem?

or Is it the EM PABX problem?

Like always, the PABX technician feel that he has done everything correctly.

I am also confident that i have done the configuration correctly.

Anyone has similar experience?

Any idea would be greaty appreciated.

Thanks in advance.


RD



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74717t=74717
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

BGP PEERGROUP PROBLEM [7:74725]

[JMC Nel]

Could someone please assist me? I set up a customer to received the Partial 
TABLE but for some reason the customer is receiving the Full Table. I 
checked the filter list but that does not seem to be the problem. Any 
assistance will be greatly appreciated.
Thanks
GP

_
Get MSN 8 and enjoy automatic e-mail virus protection.   
http://join.msn.com/?page=features/virus




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74725t=74725
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: BGP PEERGROUP PROBLEM [7:74725]

[John Neiberger]

Perhaps a config would be helpful. Or do you expect us to use our psychic
abilities to determine the problem?  ;-)

 JMC Nel 9/3/03 12:29:06 PM 
Could someone please assist me? I set up a customer to received the Partial

TABLE but for some reason the customer is receiving the Full Table. I 
checked the filter list but that does not seem to be the problem. Any 
assistance will be greatly appreciated.
Thanks
GP

_
Get MSN 8 and enjoy automatic e-mail virus protection.   
http://join.msn.com/?page=features/virus 
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com 
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74728t=74725
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: BGP PEERGROUP PROBLEM [7:74725]

[Chibwe, Oliver J, NEO]

Is it possible to have some sh run, sh ip route, sh ip bgp nei configs
please any two will do.You don't have to give away you IDs for 

Thank you

Ollie
ATT Common Backbone
866-397-7309 Opt 1


-Original Message-
From: JMC Nel [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 03, 2003 12:53 PM
To: [EMAIL PROTECTED]
Subject: BGP PEERGROUP PROBLEM [7:74725]


Could someone please assist me? I set up a customer to received the
Partial 
TABLE but for some reason the customer is receiving the Full Table. I 
checked the filter list but that does not seem to be the problem. Any 
assistance will be greatly appreciated.
Thanks
GP

_
Get MSN 8 and enjoy automatic e-mail virus protection.   
http://join.msn.com/?page=features/virus
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74731t=74725
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Serial line problem [7:74530]

[Jeroen Timmer]

Hi all,

Small problem 

We got an update today from 128kb to 512kb leased line.
We got 2 3640 routers, 1 on each end off the leased line . IOS on first
3640 12.0(13) on second 3640 router 12.0(4).

Both routers have a NM-4T module.

On first router: 

All is up, DCD=up  DSR=up  DTR=up  RTS=up  CTS=up and Serial3/0 is up.
Only problem : line protocol is down.

When we check the controller .. sh controller serial 3/0 :

M4T: show controller:
PAS unit 4, subunit 0, f/w version 1-45, rev ID 0x281, version 3
idb = 0x6100B4F0, ds = 0x6100CDD0, ssb=0x6100D0A0
Clock mux=0x0, ucmd_ctrl=0xC, port_status=0x74
Serial config=0x8, line config=0x200
maxdgram=1608, bufpool=48Kb, 31 particles
 DCD=up  DSR=up  DTR=up  RTS=up  CTS=up
line state: up
cable type : V.35 DTE cable, received clockrate 246

base0 registers=0x3D80, base1 registers=0x3D802000
mxt_ds=0x6138C950, rx ring entries=40, tx ring entries=128
rxring=0x25F34A0, rxr shadow=0x61010CD4, rx_head=0
txring=0x25F3620, txr shadow=0x61010EE0, tx_head=47, tx_tail=47, tx_count=0
throttled=0, enabled=0
rx_no_eop_err=0, rx_no_stp_err=0, rx_no_eop_stp_err=0
rx_no_buf=0, rx_soft_overrun_err=0, dump_err= 0, bogus=0, mxt_flags=0x0
tx_underrun_err=0, tx_soft_underrun_err=0, tx_limited=1(2)
tx_fullring=362444708, tx_started=1033135562


Now when i look at the second router :

cable type : V.35 DTE cable, received clockrate 511680

Don't those 2 clockrates have to be the same, 511680 looks good to me for a
512kb line? And does this problem point
to the Telco who has a problem with their clockrate ??
Anyone with a clew ? Cause i think that when line protocol is down, that the
problems mostly is on the Telco's site.


Thnx in advance,


JT




**
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept
for the presence of computer viruses.

**




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74530t=74530
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: Serial line problem [7:74530]

[M.C. van den Bovenkamp]

Jeroen Timmer wrote:

 Don't those 2 clockrates have to be the same, 511680 looks good to me for a
 512kb line? And does this problem point
 to the Telco who has a problem with their clockrate ??

Yeah, that's what it looks like. Your first router isn't getting a clock 
from the line. Assuming it was an in-place upgrade (so you didn't toch 
anything) that looks like a telco problem. If you did swap cables or 
router ports, you might want to look at those first...

Regards,

Marco.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74532t=74530
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: FXS Problem - Always getting a busy signal on either [7:74285]

[Erick B.]

What voice ports are the phones plugged into
physically? Maybe you have phone in port x/y/1 instead
of x/y/0. 'show voice port port#' will give details on
voice port status too.

You may want to do a 'csim start ' or 'csim start
' to see if the router with that phone actually
rings (don't have any phones picked up at this point).

--- Maria  wrote:
 GDay Everyone,
 Just hoping you all may be
 able to shed some light
 onto this for me. This is the fist time I have tired
 to configure FXS ports
 and its proving to be getting the better of me. I
 have 2 routers (2610XM)
 connected together via a serial back to back. in
 each of these routers I
 have a VIC-2FXS card in each NM-2V module. I have
 followed a basic
 configuration
 and I get a dial tone in the ear handset but for the
 life of me I am
 continually getting a busy tone from each phone.
 When the phone is taken off
 hook I do get a green light on the vic. Below is the
 configuration
 
 Router A
 hostname Router-A
 voice-port 1/0/0
 voice-port 1/0/1
 dial-peer voice 1 pots
  destination-pattern 
  port 1/0/0
 dial-peer voice 2 voip
  destination-pattern 
  session target ipv4:10.1.1.2
 interface Serial0/0
  ip address 10.1.1.1 255.255.255.0
  no fair-queue
 
 Router B
 hostname Router-B
 voice-port 1/1/0
 voice-port 1/1/1
 dial-peer voice 1 pots
  destination-pattern 
  port 1/1/0
 dial-peer voice 2 voip
  destination-pattern 
  session target ipv4:10.1.1.1
 interface Serial0/0
  ip address 10.1.1.2 255.255.255.0
  no fair-queue
  clockrate 400
 
 I can ping from either router the other router OK.
 Any thoughts would be of
 great advantage. Thanks for you assistance
 
 John
 **Please support GroupStudy by purchasing from the
 GroupStudy Store:
 http://shop.groupstudy.com
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html


__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74285t=74285
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: FXS Problem - Always getting a busy signal on [7:74285]

[Northgatenet]

The only thing that I could see that was not done is as follows:

Create a Loopback0 Interface on each router say 135.25.2.1  135.25.0.1

Have the Session Target  point to each others Loopback rather than the
Serial Interface

OSPF was used with an inverted mask in which this IP Scope includes all of
the IPs used on the point to point and the two Loopbacks

Router OSPF 64
 network 135.25.0.0 0.0.255.255 area 0 (on both routers)

With the above OSPF Network you will have 

ip classless or no ip classless



Hope this helps!

/northgatenet





Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74291t=74285
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: problem after upgrading 3620 IOS [7:74160]

[Northgatenet]

If the .bin file is not larger than 16M, and your system meets the
requirements, go to the following link:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configuration_guide_chapter09186a00800ca550.html

Good Luck!

/northgatenet


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74293t=74160
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: FXS Problem - Always getting a busy signal on either [7:74294]

[John]

Everyone,
I have found the solution. It was to do with my phones. If
you connect a non US phone to port 0 it wont work :) Here is a url that
might help anyone else in the future.
http://www.cisco.com/en/US/tech/tk652/tk653/technologies_tech_note09186a0080094fac.shtml
The information under Pinout Information
Port 0 on a VIC-2FXS is designed to accommodate a US style 2-line phone,
instead of the usual European style 1-line phone.

This means that in addition to pins 3 and 4 being used, pins 2 and 5 are
also monitored. With some phone handsets it is possible that pins 2 and 5
are wired up to allow last number re-call or call-forwarding. If this is the
case, Port 0 on the VIC will assume you have a 2-line phone, and shutdown
port 1.



Hope this helps



John


Maria  wrote in message
news:[EMAIL PROTECTED]
 GDay Everyone,
 Just hoping you all may be able to shed some light
 onto this for me. This is the fist time I have tired to configure FXS
ports
 and its proving to be getting the better of me. I have 2 routers (2610XM)
 connected together via a serial back to back. in each of these routers I
 have a VIC-2FXS card in each NM-2V module. I have followed a basic
 configuration
 and I get a dial tone in the ear handset but for the life of me I am
 continually getting a busy tone from each phone. When the phone is taken
off
 hook I do get a green light on the vic. Below is the configuration

 Router A
 hostname Router-A
 voice-port 1/0/0
 voice-port 1/0/1
 dial-peer voice 1 pots
  destination-pattern 
  port 1/0/0
 dial-peer voice 2 voip
  destination-pattern 
  session target ipv4:10.1.1.2
 interface Serial0/0
  ip address 10.1.1.1 255.255.255.0
  no fair-queue

 Router B
 hostname Router-B
 voice-port 1/1/0
 voice-port 1/1/1
 dial-peer voice 1 pots
  destination-pattern 
  port 1/1/0
 dial-peer voice 2 voip
  destination-pattern 
  session target ipv4:10.1.1.1
 interface Serial0/0
  ip address 10.1.1.2 255.255.255.0
  no fair-queue
  clockrate 400

 I can ping from either router the other router OK. Any thoughts would be
of
 great advantage. Thanks for you assistance

 John
 **Please support GroupStudy by purchasing from the GroupStudy Store:
 http://shop.groupstudy.com
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74294t=74294
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: FXS Problem - Always getting a busy signal on [7:74294]

[Zsombor Papp]

John wrote:
 
 Everyone,
 I have found the solution. It was to do with my
 phones. If
 you connect a non US phone to port 0 it wont work :)

I might be reading this wrong, but IMHO this document says that port 1 won't
work if you connect a US-style phone (or one that looks like that) to port
0. Not that you have to connect a US-style phone to port 0.

Thanks,

Zsombor


 Here is a
 url that
 might help anyone else in the future.

http://www.cisco.com/en/US/tech/tk652/tk653/technologies_tech_note09186a0080094fac.shtml
 The information under Pinout Information
 Port 0 on a VIC-2FXS is designed to accommodate a US style
 2-line phone,
 instead of the usual European style 1-line phone.
 
 This means that in addition to pins 3 and 4 being used, pins 2
 and 5 are
 also monitored. With some phone handsets it is possible that
 pins 2 and 5
 are wired up to allow last number re-call or call-forwarding.
 If this is the
 case, Port 0 on the VIC will assume you have a 2-line phone,
 and shutdown
 port 1.
 
 
 
 Hope this helps
 
 
 
 John
 
 
 Maria  wrote in message
 news:[EMAIL PROTECTED]
  GDay Everyone,
  Just hoping you all may be able to
 shed some light
  onto this for me. This is the fist time I have tired to
 configure FXS
 ports
  and its proving to be getting the better of me. I have 2
 routers (2610XM)
  connected together via a serial back to back. in each of
 these routers I
  have a VIC-2FXS card in each NM-2V module. I have followed a
 basic
  configuration
  and I get a dial tone in the ear handset but for the life of
 me I am
  continually getting a busy tone from each phone. When the
 phone is taken
 off
  hook I do get a green light on the vic. Below is the
 configuration
 
  Router A
  hostname Router-A
  voice-port 1/0/0
  voice-port 1/0/1
  dial-peer voice 1 pots
   destination-pattern 
   port 1/0/0
  dial-peer voice 2 voip
   destination-pattern 
   session target ipv4:10.1.1.2
  interface Serial0/0
   ip address 10.1.1.1 255.255.255.0
   no fair-queue
 
  Router B
  hostname Router-B
  voice-port 1/1/0
  voice-port 1/1/1
  dial-peer voice 1 pots
   destination-pattern 
   port 1/1/0
  dial-peer voice 2 voip
   destination-pattern 
   session target ipv4:10.1.1.1
  interface Serial0/0
   ip address 10.1.1.2 255.255.255.0
   no fair-queue
   clockrate 400
 
  I can ping from either router the other router OK. Any
 thoughts would be
 of
  great advantage. Thanks for you assistance
 
  John
  **Please support GroupStudy by purchasing from the GroupStudy
 Store:
  http://shop.groupstudy.com
  FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 
 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74295t=74294
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

FXS Problem - Always getting a busy signal on either router. [7:74283]

[Maria]

GDay Everyone,
Just hoping you all may be able to shed some light
onto this for me. This is the fist time I have tired to configure FXS ports
and its proving to be getting the better of me. I have 2 routers (2610XM)
connected together via a serial back to back. in each of these routers I
have a VIC-2FXS card in each NM-2V module. I have followed a basic
configuration
and I get a dial tone in the ear handset but for the life of me I am
continually getting a busy tone from each phone. When the phone is taken off
hook I do get a green light on the vic. Below is the configuration

Router A
hostname Router-A
voice-port 1/0/0
voice-port 1/0/1
dial-peer voice 1 pots
 destination-pattern 
 port 1/0/0
dial-peer voice 2 voip
 destination-pattern 
 session target ipv4:10.1.1.2
interface Serial0/0
 ip address 10.1.1.1 255.255.255.0
 no fair-queue

Router B
hostname Router-B
voice-port 1/1/0
voice-port 1/1/1
dial-peer voice 1 pots
 destination-pattern 
 port 1/1/0
dial-peer voice 2 voip
 destination-pattern 
 session target ipv4:10.1.1.1
interface Serial0/0
 ip address 10.1.1.2 255.255.255.0
 no fair-queue
 clockrate 400

I can ping from either router the other router OK. Any thoughts would be of
great advantage. Thanks for you assistance

John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74283t=74283
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: BGP Connectivity Problem [7:74100]

[[EMAIL PROTECTED]]

What about mobile IP or VPN to border router and get an internal IP for the
tftp server's point of view...

Just in a typing mood.

Martijn 


-Oorspronkelijk bericht-
Van: Eddie [mailto:[EMAIL PROTECTED]
Verzonden: maandag 18 augustus 2003 15:06
Aan: [EMAIL PROTECTED]
Onderwerp: Re: BGP Connectivity Problem [7:74100]


Matthew Webster wrote:
 Hi all,
 
 I have done a sample bgp configuration at r1r2.com. My network setup is as
 follows:
 
 TFTP_Server-(e0)r1(s0)--(s0)r2
 
 s0 = 192.168.100.0/24 (.1 for r1, .2 for r2) and e0 = 10.1.4.1/24.
 
 The problem is that while I can ping the TFTP server (10.1.4.3 from Rtr1's
 e0 interface), I can't ping from r2, or from r1's s0 interface.
[..]
I suppose your TFTP server doesn't have a route entry pointing to the
network 192.168.100.0

EC
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74153t=74100
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

problem after upgrading 3620 IOS [7:74160]

[star star7]

i get a message that memory is not enough for decompressing the IOS image
after upgrading my 3620 with 12.2 IOS , but i have 32MB DRAM , and 16MB
flash , it says you have to manually set the memory space , what is the
problem , how i do it

previous IOS was 11.1




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74160t=74160
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: problem after upgrading 3620 IOS [7:74160]

[Manuel Rojas]

What feature set are you trying to install?  For example, the 12.2(1) IP
PLUS feature set requires 48MB DRAM and 16MB Flash whereas the IP only
feature set requires only 32MB DRAM and 8MB Flash.  If you are trying to
intall all feature sets then you will need at least 64MB DRAM and 16MB
Flash.  

With the memory you have, you should install either IP or IP/FW/IDS
feature sets.


On Tue, 2003-08-19 at 02:49, star star7 wrote:
 i get a message that memory is not enough for decompressing the IOS image
 after upgrading my 3620 with 12.2 IOS , but i have 32MB DRAM , and 16MB
 flash , it says you have to manually set the memory space , what is the
 problem , how i do it
 
 previous IOS was 11.1
 **Please support GroupStudy by purchasing from the GroupStudy Store:
 http://shop.groupstudy.com
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74165t=74160
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: problem after upgrading 3620 IOS [7:74160]

[Andrew Larkins]

The new IOS is heavy on DRAM - the only way to solve this would be to
upgrade the DRAM memory in the box or have a smaller feature set code. It is
very important to read the memory requirements before uploading the code.

Newer images can use up to 64MB and greater of DRAM


Andrew

-Original Message-
From: star star7 [mailto:[EMAIL PROTECTED] 
Sent: 19 August 2003 11:50
To: [EMAIL PROTECTED]
Subject: problem after upgrading 3620 IOS [7:74160]


i get a message that memory is not enough for decompressing the IOS image
after upgrading my 3620 with 12.2 IOS , but i have 32MB DRAM , and 16MB
flash , it says you have to manually set the memory space , what is the
problem , how i do it

previous IOS was 11.1
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74175t=74160
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: BGP Connectivity Problem [7:74100]

[[EMAIL PROTECTED]]

Not completely on topic, sorry It is about a router, not a pc box.

Martijn 


-Oorspronkelijk bericht-
Van: Jansen, M 
Verzonden: dinsdag 19 augustus 2003 8:15
Aan: Eddie; [EMAIL PROTECTED]
Onderwerp: RE: BGP Connectivity Problem [7:74100]


What about mobile IP or VPN to border router and get an internal IP for the
tftp server's point of view...

Just in a typing mood.

Martijn 


-Oorspronkelijk bericht-
Van: Eddie [mailto:[EMAIL PROTECTED]
Verzonden: maandag 18 augustus 2003 15:06
Aan: [EMAIL PROTECTED]
Onderwerp: Re: BGP Connectivity Problem [7:74100]


Matthew Webster wrote:
 Hi all,
 
 I have done a sample bgp configuration at r1r2.com. My network setup is as
 follows:
 
 TFTP_Server-(e0)r1(s0)--(s0)r2
 
 s0 = 192.168.100.0/24 (.1 for r1, .2 for r2) and e0 = 10.1.4.1/24.
 
 The problem is that while I can ping the TFTP server (10.1.4.3 from Rtr1's
 e0 interface), I can't ping from r2, or from r1's s0 interface.
[..]
I suppose your TFTP server doesn't have a route entry pointing to the
network 192.168.100.0

EC
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74154t=74100
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

BGP Connectivity Problem [7:74100]

[Matthew Webster]

Hi all,

I have done a sample bgp configuration at r1r2.com. My network setup is as
follows:

TFTP_Server-(e0)r1(s0)--(s0)r2

s0 = 192.168.100.0/24 (.1 for r1, .2 for r2) and e0 = 10.1.4.1/24.

The problem is that while I can ping the TFTP server (10.1.4.3 from Rtr1's
e0 interface), I can't ping from r2, or from r1's s0 interface.

Here are the configs (I give more if needed)

r1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
   i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate
default
   U - per-user static route, o - ODR

Gateway of last resort is not set

C192.168.200.0/24 is directly connected, Loopback0
 10.0.0.0/24 is subnetted, 1 subnets
C   10.1.4.0 is directly connected, Ethernet0
C192.168.100.0/24 is directly connected, Serial0

r1#sh ip bgp
BGP table version is 2, local router ID is 192.168.100.1
Status codes: s suppressed, d damped, h history, * valid,  best, i -
internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network  Next HopMetric LocPrf Weight Path
* 10.1.4.0/24  0.0.0.0  0 32768 i


r2#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
   i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate
default
   U - per-user static route, o - ODR

Gateway of last resort is not set

C192.168.201.0/24 is directly connected, Loopback0
 10.0.0.0/24 is subnetted, 1 subnets
B   10.1.4.0 [200/0] via 192.168.100.1, 01:18:32
C192.168.100.0/24 is directly connected, Serial0

r2#sh ip bgp
BGP table version is 2, local router ID is 192.168.100.2
Status codes: s suppressed, d damped, h history, * valid,  best, i -
internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network  Next HopMetric LocPrf Weight Path
*i10.1.4.0/24  192.168.100.10100  0 i

TIA,
Matthew.



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74100t=74100
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: BGP Connectivity Problem [7:74100]

[Eddie]

Matthew Webster wrote:
 Hi all,
 
 I have done a sample bgp configuration at r1r2.com. My network setup is as
 follows:
 
 TFTP_Server-(e0)r1(s0)--(s0)r2
 
 s0 = 192.168.100.0/24 (.1 for r1, .2 for r2) and e0 = 10.1.4.1/24.
 
 The problem is that while I can ping the TFTP server (10.1.4.3 from Rtr1's
 e0 interface), I can't ping from r2, or from r1's s0 interface.
[..]
I suppose your TFTP server doesn't have a route entry pointing to the
network 192.168.100.0

EC




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74106t=74100
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: BGP Connectivity Problem [7:74100]

[Reimer, Fred]

The default route on your TFTP server is not set properly.

Fred Reimer - CCNA


Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050


NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.


-Original Message-
From: Matthew Webster [mailto:[EMAIL PROTECTED] 
Sent: Monday, August 18, 2003 7:29 AM
To: [EMAIL PROTECTED]
Subject: BGP Connectivity Problem [7:74100]

Hi all,

I have done a sample bgp configuration at r1r2.com. My network setup is as
follows:

TFTP_Server-(e0)r1(s0)--(s0)r2

s0 = 192.168.100.0/24 (.1 for r1, .2 for r2) and e0 = 10.1.4.1/24.

The problem is that while I can ping the TFTP server (10.1.4.3 from Rtr1's
e0 interface), I can't ping from r2, or from r1's s0 interface.

Here are the configs (I give more if needed)

r1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
   i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate
default
   U - per-user static route, o - ODR

Gateway of last resort is not set

C192.168.200.0/24 is directly connected, Loopback0
 10.0.0.0/24 is subnetted, 1 subnets
C   10.1.4.0 is directly connected, Ethernet0
C192.168.100.0/24 is directly connected, Serial0

r1#sh ip bgp
BGP table version is 2, local router ID is 192.168.100.1
Status codes: s suppressed, d damped, h history, * valid,  best, i -
internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network  Next HopMetric LocPrf Weight Path
* 10.1.4.0/24  0.0.0.0  0 32768 i


r2#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
   i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate
default
   U - per-user static route, o - ODR

Gateway of last resort is not set

C192.168.201.0/24 is directly connected, Loopback0
 10.0.0.0/24 is subnetted, 1 subnets
B   10.1.4.0 [200/0] via 192.168.100.1, 01:18:32
C192.168.100.0/24 is directly connected, Serial0

r2#sh ip bgp
BGP table version is 2, local router ID is 192.168.100.2
Status codes: s suppressed, d damped, h history, * valid,  best, i -
internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network  Next HopMetric LocPrf Weight Path
*i10.1.4.0/24  192.168.100.10100  0 i

TIA,
Matthew.
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74104t=74100
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: BGP Connectivity Problem [7:74100]

[Matthew Webster]

HI Eddie, Fred,

thanks for your help...I think this most likely is the problem. As I do not
have access to teh TFTP server, I am unable to fix it though.

cheers,
Matthew.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74130t=74100
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: RE: PIX translation problem [7:72567]

[Greg Owens]

changing the timeout value worked, so the problem is fixed

Thanks all
 
 From: Reimer, Fred 
 Date: 2003/08/08 Fri AM 11:26:37 EDT
 To: [EMAIL PROTECTED]
 Subject: RE: PIX translation problem [7:72567]
 
 

Greg Owens
202-398-2552

[GroupStudy removed an attachment with a content-type header it could not
parse.]
[Content-Type: null; name=replyAll]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73744t=72567
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: PIX translation problem [7:72567]

[Reimer, Fred]

Well, it depends on how big your global pool is.  Most people likely don't
have more than a Class C public address space from their ISP, so it's likely
less than 250 (because of static mappings for DMZ hosts).  If you use NAT,
then there is a one-to-one mapping from an internal host to an external IP
address in the pool.  If you use PAT, then you map many internal hosts to
one external IP address (up to 64,000, but more like 4,000 in practice).

Fred Reimer - CCNA


Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050


NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.


-Original Message-
From: Lynne Padgett [mailto:[EMAIL PROTECTED] 
Sent: Friday, August 08, 2003 11:15 AM
To: Reimer, Fred; [EMAIL PROTECTED]
Subject: RE: PIX translation problem [7:72567]

What is the maximum number of translations in a global pool on a PIX?  I
didn't realize there was a cap.  I was under the impression that the
number of translations was directly related to the PIX user/connection
license.

-Original Message-
From: Reimer, Fred [mailto:[EMAIL PROTECTED] 
Sent: Thursday, August 07, 2003 5:01 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX translation problem [7:72567]

No, but I know what it means.  What kind of NAT are you doing?  A global
pool, or a single address doing PAT?  If it's a pool, then you can
define a
single address (or interface) to do PAT when the global pool runs out.
Or,
if you already have PAT and that is being exhausted, then you can define
a
backup PAT address in case the first PAT address is exhausted.

Fred Reimer - CCNA


Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050


NOTICE; This email contains confidential or proprietary information
which
may be legally privileged. It is intended only for the named
recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy,
print
or rely on this email, and should immediately delete it from your
computer.


-Original Message-
From: Greg Owens [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 18, 2003 8:33 AM
To: [EMAIL PROTECTED]
Subject: PIX translation problem [7:72567]

have anybody seen this message.

07-15-2003  13:55:38Local4.Error192.168.1.1 Jul 15
2003
09:53:35:
%PIX-3-202001: Out of address translation slots!

  I told the customer to change the translation time-out


Greg Owens
202-398-2552

[GroupStudy removed an attachment with a content-type header it could
not
parse.]
[Content-Type: null; name=replyAll]
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73733t=72567
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: RE: PIX translation problem [7:72567]

[Greg Owens]

4000 even though their 65000 ports available
 
 From: Lynne Padgett 
 Date: 2003/08/08 Fri AM 11:11:01 EDT To: [EMAIL PROTECTED]
 Subject: RE: PIX translation problem [7:72567]
 
 

Greg Owens
202-398-2552

[GroupStudy removed an attachment with a content-type header it could not
parse.]
[Content-Type: null; name=replyAll]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73743t=72567
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: PIX translation problem [7:72567]

[Reimer, Fred]

No, but I know what it means.  What kind of NAT are you doing?  A global
pool, or a single address doing PAT?  If it's a pool, then you can define a
single address (or interface) to do PAT when the global pool runs out.  Or,
if you already have PAT and that is being exhausted, then you can define a
backup PAT address in case the first PAT address is exhausted.

Fred Reimer - CCNA


Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050


NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.


-Original Message-
From: Greg Owens [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 18, 2003 8:33 AM
To: [EMAIL PROTECTED]
Subject: PIX translation problem [7:72567]

have anybody seen this message.

07-15-2003  13:55:38Local4.Error192.168.1.1 Jul 15 2003
09:53:35:
%PIX-3-202001: Out of address translation slots!

  I told the customer to change the translation time-out


Greg Owens
202-398-2552

[GroupStudy removed an attachment with a content-type header it could not
parse.]
[Content-Type: null; name=replyAll]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73689t=72567
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Strange VPN problem [7:73641] OT:F funny [7:73722]

[[EMAIL PROTECTED]]

I mailed that! 

Only your explanation is superior.  ;-) 

When i have time, not studying for my lab, i study the English
language..  Say, getting dizzy over the CC BGP guide

(that should be during my sleep though, like very wannabee, I have not seen
a normal book in a while)

Martijn 


-Oorspronkelijk bericht-
Van: Reimer, Fred [mailto:[EMAIL PROTECTED]
Verzonden: donderdag 7 augustus 2003 15:33
Aan: [EMAIL PROTECTED]
Onderwerp: RE: Strange VPN problem [7:73641]


Does anyone read the manuals around here???

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secu
r_r/sec_c2g.htm#1070272

You probably have your IKE proposal in your concentrator set for XAUTH, and
you don't have your router setup for that.  You can configure your router as
the reference manual says, or you }may{ be able to add in a new or modify an
existing IKE policy under Configuration | System | Tunneling Protocols |
IPSec | IKE Proposals so that the Authentication mode is not one that has
(XAUTH) at the end of it.  Probably Preshared Keys would be the one you
want.  If you create a new one (recommended) they you would have to change
the IKE policy used for your SA under Configuration | Policy Management |
Traffic Management | SAs.

Fred Reimer - CCNA


Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050


NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.


-Original Message-
From: suaveguru [mailto:[EMAIL PROTECTED] 
Sent: Thursday, August 07, 2003 1:08 AM
To: [EMAIL PROTECTED]
Subject: Strange VPN problem [7:73641]

hi all, 

I am trying to setup a easy VPN solution for a cisco
837 to a cisco VPN concentrator 3005 using network
extension mode but I keep getting this error msg Aug 
7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth
Request, Please enter the following command:
Aug  7 13:08:16.571: EZVPN: crypto ipsec client ezvpn
xauth

Any form of input will be appreciated 

suaveguru

__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73722t=73722
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Strange VPN problem [7:73641]

[[EMAIL PROTECTED]]

XAUTH is in my perception for authentication of users, (local) escpecially
radius or tacacs.

So what we do at the hub site for a static IKE peer is disable XAUTH, so
that a spoke router does not get an auth prompt, or the hub does not wait
for it. 

So I think the HUb is waiting for an answer, maybe used to authenticate VPN
users only.



WHAT DID YOU PUT AT THE SCREEN IKE PROPOSALS? You need Preshareds  keys
there!
8.
The following example shows the various policies used in the IKE policy
named CiscoVPNClient-3DES-MD. 
In this policy, Preshared Keys(XAUTH) for Authentication Mode is being used
so that the client will be prompted to supply a username and password at the
end of IKE negotiations.

http://www.cisco.com/en/US/products/sw/secursw/ps2276/products_configuration
_example09186a008010edf4.shtml#task2_steps

Martijn 



-Oorspronkelijk bericht-
Van: suaveguru [mailto:[EMAIL PROTECTED]
Verzonden: donderdag 7 augustus 2003 9:40
Aan: Jansen, M
Onderwerp: RE: Strange VPN problem [7:73641]


thanks for your prompt reply , but I am using easyvpn
configuration for cisco 805 router to concentrator
3005 with the cisco 805 as client mode and
concentrator as hub . I can't find the line that you
indicate for my cisco 805 , could it be easyvpn
configuration that i am using?

suaveguru
--- [EMAIL PROTECTED] wrote:
 Guru.
 
 Type the no-xauth behind the key-mapping.
 
 
 
 isakmp key **NEWKEYNEWCUSTO** address  x.x.x.x
 netmask 255.255.255.255
 no-xauth no-config-mode
 
 
 
 Martijn 
 
 
 -Oorspronkelijk bericht-
 Van: suaveguru [mailto:[EMAIL PROTECTED]
 Verzonden: donderdag 7 augustus 2003 7:08
 Aan: [EMAIL PROTECTED]
 Onderwerp: Strange VPN problem [7:73641]
 
 
 hi all, 
 
 I am trying to setup a easy VPN solution for a cisco
 837 to a cisco VPN concentrator 3005 using network
 extension mode but I keep getting this error msg
 Aug 
 7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth
 Request, Please enter the following command:
 Aug  7 13:08:16.571: EZVPN: crypto ipsec client
 ezvpn
 xauth
 
 Any form of input will be appreciated 
 
 suaveguru
 
 __
 Do you Yahoo!?
 Yahoo! SiteBuilder - Free, easy-to-use web site
 design software
 http://sitebuilder.yahoo.com
 **Please support GroupStudy by purchasing from the
 GroupStudy Store:
 http://shop.groupstudy.com
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html


__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73648t=73641
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Strange VPN problem [7:73641]

[[EMAIL PROTECTED]]

Guru.

Type the no-xauth behind the key-mapping.



isakmp key **NEWKEYNEWCUSTO** address  x.x.x.x netmask 255.255.255.255
no-xauth no-config-mode



Martijn 


-Oorspronkelijk bericht-
Van: suaveguru [mailto:[EMAIL PROTECTED]
Verzonden: donderdag 7 augustus 2003 7:08
Aan: [EMAIL PROTECTED]
Onderwerp: Strange VPN problem [7:73641]


hi all, 

I am trying to setup a easy VPN solution for a cisco
837 to a cisco VPN concentrator 3005 using network
extension mode but I keep getting this error msg Aug 
7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth
Request, Please enter the following command:
Aug  7 13:08:16.571: EZVPN: crypto ipsec client ezvpn
xauth

Any form of input will be appreciated 

suaveguru

__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73645t=73641
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: AAA/privilege problem [7:73610]

[ccie study]

1 privilege exec level 2 enable

Is why console doesn't allow you to enable mode. When you login to your 
console in your config, you login into privilege level 1 shell.  Since 
enable command is in 2, you dont have access to it. Even if you add aaa 
authorization commands 2 console none To your console line, you will not be 
able to access.

2 you're missing privilege in your user commands.  username user2 privilege 
2 password cisco. That should fix 2nd issue.


From: Jens Petter Eikeland 
Reply-To: Jens Petter Eikeland 
To: , 
Subject: AAA/privilege problem
Date: Wed, 6 Aug 2003 11:23:23 +0200

I have played with som aaa. The aaa works fine when telneting in to r2 *1,
but when I try to go in directly from the terminal werver on to r2 and I
type the enable command, I have locked my self out. Why is that. Which
command is it that is locking me out from exec mode from the console

*1 It seems taht user2 and user5 have the same privilege when logging inn.
What have I done wrong?... See att the bottom

And also, is this the right metod to pit in privilege level 3 and 5 on the
vty lines to access exec mode. If I did not put in these commands I did not
get in to exec.
Are there some other method I am missing

r2#
01:51:31: %SYS-5-CONFIG_I: Configured from console by consolewr t
Building configuration...

Current configuration : 4576 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname r2
!
aaa new-model
aaa authentication login no_tacacs none
aaa authentication login tac_auth group tacacs+
aaa authentication login loc_auth local
aaa authorization exec no_tacacs none
aaa authorization exec loc_autho local
aaa authorization commands 3 no_tacacs none
aaa authorization commands 3 lo_autho local
aaa authorization commands 5 no_tacacs none
aaa authorization commands 5 lo_autho local
aaa authorization commands 15 no_tacacs none
aaa authorization commands 15 lo_autho local
aaa accounting exec ac_tacacs start-stop group tacacs+
aaa accounting commands 3 ac_tacacs start-stop group tacacs+
aaa accounting commands 15 ac_tacacs start-stop group tacacs+
!
username user2 password 0 hello
username user5 password 0 hello
memory-size iomem 10
ip subnet-zero
!
!
!
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface Loopback0
ip address 22.22.22.22 255.255.255.0
!
interface Loopback1
ip address 122.122.122.122 255.255.255.0
!
interface FastEthernet0/0
ip address 150.50.22.2 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
no ip address
encapsulation frame-relay
!
interface Serial0/0.21 point-to-point
ip address 150.50.12.2 255.255.255.0
ip ospf message-digest-key 1 md5 hello
ip ospf network point-to-point
frame-relay interface-dlci 121
!
interface Serial0/0.24 point-to-point
ip address 150.50.24.2 255.255.255.0
ip ospf message-digest-key 1 md5 hello
ip ospf network point-to-point
frame-relay interface-dlci 124
!
interface Serial0/0.26 point-to-point
ip address 150.50.26.2 255.255.255.0
ip ospf message-digest-key 1 md5 hello
ip ospf network point-to-point
frame-relay interface-dlci 126
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
!
router ospf 100
router-id 22.22.22.22
log-adjacency-changes
area 1 authentication message-digest
area 1 virtual-link 11.11.11.11 authentication message-digest
area 1 virtual-link 11.11.11.11 message-digest-key 1 md5 hello
area 2 authentication message-digest
redistribute static subnets tag 1000
network 22.22.22.0 0.0.0.255 area 1
network 150.50.12.0 0.0.0.255 area 1
network 150.50.24.0 0.0.0.255 area 1
network 150.50.26.0 0.0.0.255 area 2
distribute-list 10 in
!
router bgp 4799
no synchronization
bgp log-neighbor-changes
network 122.122.122.0 mask 255.255.255.0
aggregate-address 202.202.0.0 255.255.0.0 as-set
redistribute ospf 100 route-map ospftoas112
neighbor 11.11.11.11 remote-as 4799
neighbor 11.11.11.11 password hello
neighbor 11.11.11.11 update-source Loopback0
neighbor 11.11.11.11 route-reflector-client
neighbor 11.11.11.11 next-hop-self
neighbor 11.11.11.11 soft-reconfiguration inbound
neighbor 11.11.11.11 prefix-list bgpfilter out
neighbor 55.55.55.55 remote-as 4799
neighbor 55.55.55.55 password hello
neighbor 55.55.55.55 update-source Loopback0
neighbor 55.55.55.55 route-reflector-client
neighbor 55.55.55.55 next-hop-self
neighbor 55.55.55.55 soft-reconfiguration inbound
neighbor 55.55.55.55 prefix-list bgpfilter out
neighbor 150.50.22.112 remote-as 112
neighbor 150.50.22.112 remove-private-AS
neighbor 150.50.22.112 soft-reconfiguration inbound
neighbor 150.50.24.4 remote-as 65044
neighbor 150.50.24.4 soft-reconfiguration inbound
neighbor 150.50.24.4 prefix-list bgpfilter out
no auto-summary
!
ip classless
ip route 160.60.15.0 255.255.255.0 150.50.12.1
ip tacacs source-interface Loopback0
ip http server
ip pim bidir-enable
!
!
ip prefix-list bgpfilter seq 10 deny 202.202.1.0/24
ip prefix-list bgpfilter seq 20 deny 202.202.2.0/24
ip prefix-list

RE: Strange VPN problem [7:73641]

[suaveguru]

I have done that but now more problems crop in look at
my latest mail with attatchment

suaveguru
--- [EMAIL PROTECTED] 
wrote:
 Guru.
 
 Type the no-xauth behind the key-mapping.
 
 
 
 isakmp key **NEWKEYNEWCUSTO** address  x.x.x.x
 netmask 255.255.255.255
 no-xauth no-config-mode
 
 
 
 Martijn 
 
 
 -Oorspronkelijk bericht-
 Van: suaveguru [mailto:[EMAIL PROTECTED]
 Verzonden: donderdag 7 augustus 2003 7:08
 Aan: [EMAIL PROTECTED]
 Onderwerp: Strange VPN problem [7:73641]
 
 
 hi all, 
 
 I am trying to setup a easy VPN solution for a cisco
 837 to a cisco VPN concentrator 3005 using network
 extension mode but I keep getting this error msg
 Aug 
 7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth
 Request, Please enter the following command:
 Aug  7 13:08:16.571: EZVPN: crypto ipsec client
 ezvpn
 xauth
 
 Any form of input will be appreciated 
 
 suaveguru
 
 __
 Do you Yahoo!?
 Yahoo! SiteBuilder - Free, easy-to-use web site
 design software
 http://sitebuilder.yahoo.com
 **Please support GroupStudy by purchasing from the
 GroupStudy Store:
 http://shop.groupstudy.com
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 **Please support GroupStudy by purchasing from the
 GroupStudy Store:
 http://shop.groupstudy.com
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html


__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73705t=73641
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Strange VPN problem [7:73641]

[suaveguru]

thanks for your reply , I will read the documentation
and see if I can solve my problem
--- Reimer, Fred  wrote:
 Does anyone read the manuals around here???
 

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secu
 r_r/sec_c2g.htm#1070272
 
 You probably have your IKE proposal in your
 concentrator set for XAUTH, and
 you don't have your router setup for that.  You can
 configure your router as
 the reference manual says, or you }may{ be able to
 add in a new or modify an
 existing IKE policy under Configuration | System |
 Tunneling Protocols |
 IPSec | IKE Proposals so that the Authentication
 mode is not one that has
 (XAUTH) at the end of it.  Probably Preshared Keys
 would be the one you
 want.  If you create a new one (recommended) they
 you would have to change
 the IKE policy used for your SA under Configuration
 | Policy Management |
 Traffic Management | SAs.
 
 Fred Reimer - CCNA
 
 
 Eclipsys Corporation, 200 Ashford Center North,
 Atlanta, GA 30338
 Phone: 404-847-5177  Cell: 770-490-3071  Pager:
 888-260-2050
 
 
 NOTICE; This email contains confidential or
 proprietary information which
 may be legally privileged. It is intended only for
 the named recipient(s).
 If an addressing or transmission error has
 misdirected the email, please
 notify the author by replying to this message. If
 you are not the named
 recipient, you are not authorized to use, disclose,
 distribute, copy, print
 or rely on this email, and should immediately delete
 it from your computer.
 
 
 -Original Message-
 From: suaveguru [mailto:[EMAIL PROTECTED] 
 Sent: Thursday, August 07, 2003 1:08 AM
 To: [EMAIL PROTECTED]
 Subject: Strange VPN problem [7:73641]
 
 hi all, 
 
 I am trying to setup a easy VPN solution for a cisco
 837 to a cisco VPN concentrator 3005 using network
 extension mode but I keep getting this error msg
 Aug 
 7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth
 Request, Please enter the following command:
 Aug  7 13:08:16.571: EZVPN: crypto ipsec client
 ezvpn
 xauth
 
 Any form of input will be appreciated 
 
 suaveguru
 
 __
 Do you Yahoo!?
 Yahoo! SiteBuilder - Free, easy-to-use web site
 design software
 http://sitebuilder.yahoo.com
 **Please support GroupStudy by purchasing from the
 GroupStudy Store:
 http://shop.groupstudy.com
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html


__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73698t=73641
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: IP Multicast Problem in relation to Reuters Xtra30 [7:73465]

[Doan Nguyen]

I doubt that this is a bandwidth issue because unless you have some sort of
QoS for your multicasting, the news simply doesn't get dropped over the
price update.  The 3 minute time limit when the news traffic drops sounds
like a dense mode problem with the flood-prune every 3 minutes.  Are you
running PIM Dense, PIM SM, or PIM DM-SM?
You need to check the DR of the client end to see if it's still subscribing
to the news mcast group when your news feed stops.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73678t=73465
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: PIX translation problem [7:72567]

[Lynne Padgett]

What is the maximum number of translations in a global pool on a PIX?  I
didn't realize there was a cap.  I was under the impression that the
number of translations was directly related to the PIX user/connection
license.

-Original Message-
From: Reimer, Fred [mailto:[EMAIL PROTECTED] 
Sent: Thursday, August 07, 2003 5:01 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX translation problem [7:72567]

No, but I know what it means.  What kind of NAT are you doing?  A global
pool, or a single address doing PAT?  If it's a pool, then you can
define a
single address (or interface) to do PAT when the global pool runs out.
Or,
if you already have PAT and that is being exhausted, then you can define
a
backup PAT address in case the first PAT address is exhausted.

Fred Reimer - CCNA


Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050


NOTICE; This email contains confidential or proprietary information
which
may be legally privileged. It is intended only for the named
recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy,
print
or rely on this email, and should immediately delete it from your
computer.


-Original Message-
From: Greg Owens [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 18, 2003 8:33 AM
To: [EMAIL PROTECTED]
Subject: PIX translation problem [7:72567]

have anybody seen this message.

07-15-2003  13:55:38Local4.Error192.168.1.1 Jul 15
2003
09:53:35:
%PIX-3-202001: Out of address translation slots!

  I told the customer to change the translation time-out


Greg Owens
202-398-2552

[GroupStudy removed an attachment with a content-type header it could
not
parse.]
[Content-Type: null; name=replyAll]
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73732t=72567
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Strange VPN problem [7:73641]

[Joel Satterley]

Get the latest version of CRWS (Cisco Router Web Setup) then yo can use
Xauth with a nice web front end.  The IOS based version is in my opinion -
unusable  not for end users.

Joel.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: 07 August 2003 15:31
To: [EMAIL PROTECTED]
Subject: RE: Strange VPN problem [7:73641]

XAUTH is in my perception for authentication of users, (local) escpecially
radius or tacacs.

So what we do at the hub site for a static IKE peer is disable XAUTH, so
that a spoke router does not get an auth prompt, or the hub does not wait
for it. 

So I think the HUb is waiting for an answer, maybe used to authenticate VPN
users only.



WHAT DID YOU PUT AT THE SCREEN IKE PROPOSALS? You need Preshareds  keys
there!
8.
The following example shows the various policies used in the IKE policy
named CiscoVPNClient-3DES-MD. 
In this policy, Preshared Keys(XAUTH) for Authentication Mode is being used
so that the client will be prompted to supply a username and password at the
end of IKE negotiations.

http://www.cisco.com/en/US/products/sw/secursw/ps2276/products_configuration
_example09186a008010edf4.shtml#task2_steps

Martijn 



-Oorspronkelijk bericht-
Van: suaveguru [mailto:[EMAIL PROTECTED]
Verzonden: donderdag 7 augustus 2003 9:40
Aan: Jansen, M
Onderwerp: RE: Strange VPN problem [7:73641]


thanks for your prompt reply , but I am using easyvpn
configuration for cisco 805 router to concentrator
3005 with the cisco 805 as client mode and
concentrator as hub . I can't find the line that you
indicate for my cisco 805 , could it be easyvpn
configuration that i am using?

suaveguru
--- [EMAIL PROTECTED] wrote:
 Guru.
 
 Type the no-xauth behind the key-mapping.
 
 
 
 isakmp key **NEWKEYNEWCUSTO** address  x.x.x.x
 netmask 255.255.255.255
 no-xauth no-config-mode
 
 
 
 Martijn 
 
 
 -Oorspronkelijk bericht-
 Van: suaveguru [mailto:[EMAIL PROTECTED]
 Verzonden: donderdag 7 augustus 2003 7:08
 Aan: [EMAIL PROTECTED]
 Onderwerp: Strange VPN problem [7:73641]
 
 
 hi all, 
 
 I am trying to setup a easy VPN solution for a cisco
 837 to a cisco VPN concentrator 3005 using network
 extension mode but I keep getting this error msg
 Aug 
 7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth
 Request, Please enter the following command:
 Aug  7 13:08:16.571: EZVPN: crypto ipsec client
 ezvpn
 xauth
 
 Any form of input will be appreciated 
 
 suaveguru
 
 __
 Do you Yahoo!?
 Yahoo! SiteBuilder - Free, easy-to-use web site
 design software
 http://sitebuilder.yahoo.com
 **Please support GroupStudy by purchasing from the
 GroupStudy Store:
 http://shop.groupstudy.com
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html


__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html

===
  This message has been checked for all known viruses by the 
Sirocom Virus Scanning Service   
===

===
   This message has been checked for all known viruses by the
 Sirocom Virus Scanning Service

  WWW.SIROCOM.COM  
===




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73668t=73641
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Strange VPN problem [7:73641]

[suaveguru]

hi all, 

I am trying to setup a easy VPN solution for a cisco
837 to a cisco VPN concentrator 3005 using network
extension mode but I keep getting this error msg Aug 
7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth
Request, Please enter the following command:
Aug  7 13:08:16.571: EZVPN: crypto ipsec client ezvpn
xauth

Any form of input will be appreciated 

suaveguru

__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73641t=73641
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Strange VPN problem [7:73641]

[suaveguru]

thanks for your answer , I will try and let you know
the results.

regards,
suaveguru
--- [EMAIL PROTECTED] wrote:
 GURU:
 XAUTH is in my perception for authentication of
 users, (local) escpecially
 radius or tacacs.
 
 So what we do at the hub site for a static IKE peer
 is disable XAUTH, so
 that a spoke router does not get an auth prompt, or
 the hub does not wait
 for it. 
 
 So I think the HUb is waiting for an answer, maybe
 used to authenticate VPN
 users only.
 
 
 
 WHAT DID YOU PUT AT THE SCREEN IKE PROPOSALS? You
 need Preshareds  keys
 there!
 8.
 The following example shows the various policies
 used in the IKE policy
 named CiscoVPNClient-3DES-MD. 
 In this policy, Preshared Keys(XAUTH) for
 Authentication Mode is being used
 so that the client will be prompted to supply a
 username and password at the
 end of IKE negotiations.
 

http://www.cisco.com/en/US/products/sw/secursw/ps2276/products_configuration
 _example09186a008010edf4.shtml#task2_steps
 
 Martijn 
 
 
 
 -Oorspronkelijk bericht-
 Van: suaveguru [mailto:[EMAIL PROTECTED]
 Verzonden: donderdag 7 augustus 2003 9:40
 Aan: Jansen, M
 Onderwerp: RE: Strange VPN problem [7:73641]
 
 
 thanks for your prompt reply , but I am using
 easyvpn
 configuration for cisco 805 router to concentrator
 3005 with the cisco 805 as client mode and
 concentrator as hub . I can't find the line that you
 indicate for my cisco 805 , could it be easyvpn
 configuration that i am using?
 
 suaveguru
 --- [EMAIL PROTECTED] wrote:
  Guru.
  
  Type the no-xauth behind the key-mapping.
  
  
  
  isakmp key **NEWKEYNEWCUSTO** address  x.x.x.x
  netmask 255.255.255.255
  no-xauth no-config-mode
  
  
  
  Martijn 
  
  
  -Oorspronkelijk bericht-
  Van: suaveguru [mailto:[EMAIL PROTECTED]
  Verzonden: donderdag 7 augustus 2003 7:08
  Aan: [EMAIL PROTECTED]
  Onderwerp: Strange VPN problem [7:73641]
  
  
  hi all, 
  
  I am trying to setup a easy VPN solution for a
 cisco
  837 to a cisco VPN concentrator 3005 using network
  extension mode but I keep getting this error msg
  Aug 
  7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth
  Request, Please enter the following command:
  Aug  7 13:08:16.571: EZVPN: crypto ipsec client
  ezvpn
  xauth
  
  Any form of input will be appreciated 
  
  suaveguru
  
  __
  Do you Yahoo!?
  Yahoo! SiteBuilder - Free, easy-to-use web site
  design software
  http://sitebuilder.yahoo.com
  **Please support GroupStudy by purchasing from the
  GroupStudy Store:
  http://shop.groupstudy.com
  FAQ, list archives, and subscription info:
  http://www.groupstudy.com/list/cisco.html
 
 
 __
 Do you Yahoo!?
 Yahoo! SiteBuilder - Free, easy-to-use web site
 design software
 http://sitebuilder.yahoo.com


__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73651t=73641
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Strange VPN problem [7:73641]

[Reimer, Fred]

Does anyone read the manuals around here???

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secu
r_r/sec_c2g.htm#1070272

You probably have your IKE proposal in your concentrator set for XAUTH, and
you don't have your router setup for that.  You can configure your router as
the reference manual says, or you }may{ be able to add in a new or modify an
existing IKE policy under Configuration | System | Tunneling Protocols |
IPSec | IKE Proposals so that the Authentication mode is not one that has
(XAUTH) at the end of it.  Probably Preshared Keys would be the one you
want.  If you create a new one (recommended) they you would have to change
the IKE policy used for your SA under Configuration | Policy Management |
Traffic Management | SAs.

Fred Reimer - CCNA


Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050


NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.


-Original Message-
From: suaveguru [mailto:[EMAIL PROTECTED] 
Sent: Thursday, August 07, 2003 1:08 AM
To: [EMAIL PROTECTED]
Subject: Strange VPN problem [7:73641]

hi all, 

I am trying to setup a easy VPN solution for a cisco
837 to a cisco VPN concentrator 3005 using network
extension mode but I keep getting this error msg Aug 
7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth
Request, Please enter the following command:
Aug  7 13:08:16.571: EZVPN: crypto ipsec client ezvpn
xauth

Any form of input will be appreciated 

suaveguru

__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73661t=73641
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

SV: AAA/privilege problem [7:73618]

[Eikeland, Jens Petter]

 So will this do the job?, Or will I have to put the privilege level 15 in
under console 0
 
 username user2 privilege 3 password 0 hello
 username user5 privilege 5 password 0 hello
 username admin privilege 15 password cisco
 
 privilege configure level 5 snmp-server community * ro
 privilege configure level 5 snmp-server community * rw
 privilege configure level 5 snmp-server enable traps *
 privilege exec level 2 configure terminal
 privilege exec level 15 disable
 privilege exec level 5 show snmp session brief
 privilege exec level 5 show snmp user
 
 
 line con 0
 authorization commands 3 no_tacacs
 authorization commands 15 no_tacacs
 authorization exec no_tacacs
 login authentication no_tacacs
 line aux 0
 line vty 0 4
 authorization commands 3 lo_autho
 authorization commands 5 lo_autho
 authorization commands 15 lo_autho
 authorization exec loc_autho
 accounting commands 3 ac_tacacs
 accounting commands 15 ac_tacacs
 accounting exec ac_tacacs
 
 
 
 -Opprinnelig melding-
 Fra: ccie study [mailto:[EMAIL PROTECTED]
 Sendt: 6. august 2003 16:56
 Til: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
 Emne: Re: AAA/privilege problem
 
 
 1 privilege exec level 2 enable
 
 Is why console doesn't allow you to enable mode. When you login to your 
 console in your config, you login into privilege level 1 shell.  Since 
 enable command is in 2, you dont have access to it. Even if you add aaa 
 authorization commands 2 console none To your console line, you will not
be
 able to access.
 
 2 you're missing privilege in your user commands.  username user2
privilege
 2 password cisco. That should fix 2nd issue.
 
 
 From: Jens Petter Eikeland 
 Reply-To: Jens Petter Eikeland 
 To: , 
 Subject: AAA/privilege problem
 Date: Wed, 6 Aug 2003 11:23:23 +0200
 
 I have played with som aaa. The aaa works fine when telneting in to r2 *1,
 but when I try to go in directly from the terminal werver on to r2 and I
 type the enable command, I have locked my self out. Why is that. Which
 command is it that is locking me out from exec mode from the console
 
 *1 It seems taht user2 and user5 have the same privilege when logging inn.
 What have I done wrong?... See att the bottom
 
 And also, is this the right metod to pit in privilege level 3 and 5 on the
 vty lines to access exec mode. If I did not put in these commands I did
not
 get in to exec.
 Are there some other method I am missing
 
 r2#
 01:51:31: %SYS-5-CONFIG_I: Configured from console by consolewr t
 Building configuration...
 
 Current configuration : 4576 bytes
 !
 version 12.2
 service timestamps debug uptime
 service timestamps log uptime
 no service password-encryption
 !
 hostname r2
 !
 aaa new-model
 aaa authentication login no_tacacs none
 aaa authentication login tac_auth group tacacs+
 aaa authentication login loc_auth local
 aaa authorization exec no_tacacs none
 aaa authorization exec loc_autho local
 aaa authorization commands 3 no_tacacs none
 aaa authorization commands 3 lo_autho local
 aaa authorization commands 5 no_tacacs none
 aaa authorization commands 5 lo_autho local
 aaa authorization commands 15 no_tacacs none
 aaa authorization commands 15 lo_autho local
 aaa accounting exec ac_tacacs start-stop group tacacs+
 aaa accounting commands 3 ac_tacacs start-stop group tacacs+
 aaa accounting commands 15 ac_tacacs start-stop group tacacs+
 !
 username user2 password 0 hello
 username user5 password 0 hello
 memory-size iomem 10
 ip subnet-zero
 !
 !
 !
 !
 call rsvp-sync
 !
 !
 !
 !
 !
 !
 !
 !
 interface Loopback0
 ip address 22.22.22.22 255.255.255.0
 !
 interface Loopback1
 ip address 122.122.122.122 255.255.255.0 
 !
 interface FastEthernet0/0
 ip address 150.50.22.2 255.255.255.0
 duplex auto
 speed auto
 !
 interface Serial0/0
 no ip address
 encapsulation frame-relay
 !
 interface Serial0/0.21 point-to-point
 ip address 150.50.12.2 255.255.255.0
 ip ospf message-digest-key 1 md5 hello
 ip ospf network point-to-point
 frame-relay interface-dlci 121
 !
 interface Serial0/0.24 point-to-point
 ip address 150.50.24.2 255.255.255.0
 ip ospf message-digest-key 1 md5 hello
 ip ospf network point-to-point
 frame-relay interface-dlci 124
 !
 interface Serial0/0.26 point-to-point
 ip address 150.50.26.2 255.255.255.0
 ip ospf message-digest-key 1 md5 hello
 ip ospf network point-to-point
 frame-relay interface-dlci 126
 !
 interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
 !
 interface Serial0/1
 no ip address
 shutdown
 !
 router ospf 100
 router-id 22.22.22.22
 log-adjacency-changes
 area 1 authentication message-digest
 area 1 virtual-link 11.11.11.11 authentication message-digest
 area 1 virtual-link 11.11.11.11 message-digest-key 1 md5 hello
 area 2 authentication message-digest
 redistribute static subnets tag 1000
 network 22.22.22.0 0.0.0.255 area 1
 network 150.50.12.0 0.0.0.255 area 1
 network 150.50.24.0 0.0.0.255 area 1
 network 150.50.26.0 0.0.0.255 area 2
 distribute-list 10 in
 !
 router bgp

SV: AAA/privilege problem [7:73611]

[Eikeland, Jens Petter]

So will this do the job?, Or will I have to put the privilege level 15 in
under console 0

username user2 privilege 3 password 0 hello
username user5 privilege 5 password 0 hello
username admin privilege 15 password cisco

privilege configure level 5 snmp-server community * ro
privilege configure level 5 snmp-server community * rw
privilege configure level 5 snmp-server enable traps *
privilege exec level 2 configure terminal
privilege exec level 15 disable
privilege exec level 5 show snmp session brief
privilege exec level 5 show snmp user


line con 0
authorization commands 3 no_tacacs
authorization commands 15 no_tacacs
authorization exec no_tacacs
login authentication no_tacacs
line aux 0
line vty 0 4
authorization commands 3 lo_autho
authorization commands 5 lo_autho
authorization commands 15 lo_autho
authorization exec loc_autho
accounting commands 3 ac_tacacs
accounting commands 15 ac_tacacs
accounting exec ac_tacacs



-Opprinnelig melding-
Fra: ccie study [mailto:[EMAIL PROTECTED]
Sendt: 6. august 2003 16:56
Til: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Emne: Re: AAA/privilege problem


1 privilege exec level 2 enable

Is why console doesn't allow you to enable mode. When you login to your 
console in your config, you login into privilege level 1 shell.  Since 
enable command is in 2, you dont have access to it. Even if you add aaa 
authorization commands 2 console none To your console line, you will not be 
able to access.

2 you're missing privilege in your user commands.  username user2 privilege 
2 password cisco. That should fix 2nd issue.


From: Jens Petter Eikeland 
Reply-To: Jens Petter Eikeland 
To: , 
Subject: AAA/privilege problem
Date: Wed, 6 Aug 2003 11:23:23 +0200

I have played with som aaa. The aaa works fine when telneting in to r2 *1,
but when I try to go in directly from the terminal werver on to r2 and I
type the enable command, I have locked my self out. Why is that. Which
command is it that is locking me out from exec mode from the console

*1 It seems taht user2 and user5 have the same privilege when logging inn.
What have I done wrong?... See att the bottom

And also, is this the right metod to pit in privilege level 3 and 5 on the
vty lines to access exec mode. If I did not put in these commands I did not
get in to exec.
Are there some other method I am missing

r2#
01:51:31: %SYS-5-CONFIG_I: Configured from console by consolewr t
Building configuration...

Current configuration : 4576 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname r2
!
aaa new-model
aaa authentication login no_tacacs none
aaa authentication login tac_auth group tacacs+
aaa authentication login loc_auth local
aaa authorization exec no_tacacs none
aaa authorization exec loc_autho local
aaa authorization commands 3 no_tacacs none
aaa authorization commands 3 lo_autho local
aaa authorization commands 5 no_tacacs none
aaa authorization commands 5 lo_autho local
aaa authorization commands 15 no_tacacs none
aaa authorization commands 15 lo_autho local
aaa accounting exec ac_tacacs start-stop group tacacs+
aaa accounting commands 3 ac_tacacs start-stop group tacacs+
aaa accounting commands 15 ac_tacacs start-stop group tacacs+
!
username user2 password 0 hello
username user5 password 0 hello
memory-size iomem 10
ip subnet-zero
!
!
!
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface Loopback0
ip address 22.22.22.22 255.255.255.0
!
interface Loopback1
ip address 122.122.122.122 255.255.255.0
!
interface FastEthernet0/0
ip address 150.50.22.2 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
no ip address
encapsulation frame-relay
!
interface Serial0/0.21 point-to-point
ip address 150.50.12.2 255.255.255.0
ip ospf message-digest-key 1 md5 hello
ip ospf network point-to-point
frame-relay interface-dlci 121
!
interface Serial0/0.24 point-to-point
ip address 150.50.24.2 255.255.255.0
ip ospf message-digest-key 1 md5 hello
ip ospf network point-to-point
frame-relay interface-dlci 124
!
interface Serial0/0.26 point-to-point
ip address 150.50.26.2 255.255.255.0
ip ospf message-digest-key 1 md5 hello
ip ospf network point-to-point
frame-relay interface-dlci 126
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
!
router ospf 100
router-id 22.22.22.22
log-adjacency-changes
area 1 authentication message-digest
area 1 virtual-link 11.11.11.11 authentication message-digest
area 1 virtual-link 11.11.11.11 message-digest-key 1 md5 hello
area 2 authentication message-digest
redistribute static subnets tag 1000
network 22.22.22.0 0.0.0.255 area 1
network 150.50.12.0 0.0.0.255 area 1
network 150.50.24.0 0.0.0.255 area 1
network 150.50.26.0 0.0.0.255 area 2
distribute-list 10 in
!
router bgp 4799
no synchronization
bgp log-neighbor-changes
network 122.122.122.0 mask 255.255.255.0
aggregate-address 202.202.0.0 255.255.0.0 as-set
redistribute ospf 100 route-map

IP Multicast Problem in relation to Reuters Xtra3000 apps [7:73465]

[[EMAIL PROTECTED]]

Can anyone shed some light on this problem?

We are doing remote WAN multicast under a PIM Auto-RP environment.  The
remote Xtra3000 client will stop updating the News within 3 mins from
launch. However, the price update will not stop no matter how long it runs.
Looks like multicast is working because the price update is. But how come
the News update will stop within 3 mins?  Show ip mroute count revealed
that the forwarding counter is growing, and the (* , G) and (S , G) states
all looked fine, OILs were not disappearing when the News update stopped.
Is it a bandwidth issue?  We have a 192K bandwidth limit set on the WAN
link.

Does anyone have similar experience or know some special behaviour of
Reuters Xtra3000 client?

Many thanks in advance.





This communication is for informational purposes only.  It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan Chase  Co., its
subsidiaries
and affiliates.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73465t=73465
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

mutlihoming problem with grapgh [7:73233]

[Ali Al-Sayyed]

Hi all 
i have the following setup so I am please if any body can help me for
configuration or if it possible to implement or not and how. 
We have this customer and we need to apply load sharing with automatic
failover (take in consideration the customer have firewall) . so did any
body know how I can implement it with BGP u can see also GLBP for help 
 
 
 
| |-RouterA-- ISPA
|---Internet
|--Firewall|Saudi
Telecom
|
|-RouterB---ISPB-|---Internet
 
 
 
 
Best regards,




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73233t=73233
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: HSRP + ARP Problem [7:73098]

[Reimer, Fred]

There is a known issue in some switches (6500's running hybrid mode) where
the CEF adjacencies are not populated correctly.  We've seen issues with
pings and ARP between MSFC's.  Possibly the 2950's have a similar issue...

Fred Reimer - CCNA

Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050

NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.


-Original Message-
From: Henrique Issamu Terada [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2003 12:28 PM
To: [EMAIL PROTECTED]
Subject: RES: HSRP + ARP Problem [7:73098]

maybe something in the switch . . . 
are both routers active , noone in standby ?

 _ 
 Henrique Issamu Terada, CCIE # 7460
 IT Support - Open Network
 CPM S.A. - Tecnologia criando valor 
 Tel.: 55 11 4196-0710
 Fax: 55 11 4196-0900
 [EMAIL PROTECTED]
 www.cpm.com.br
 --
 ---
 Esta mensagem pode conter informagco confidencial e/ou privilegiada.  Se
 vocj nco for o destinatario ou a pessoa autorizada a receber esta
 mensagem, nco pode usar, copiar ou divulgar as informagues nela contidas
 ou tomar qualquer agco baseada nessas informagues.  Se vocj recebeu esta
 mensagem por engano, por favor avise imediatamente o remetente,
 respondendo o e-mail e em seguida apague-o. Agradecemos sua cooperagco. 
 
 This message may contain confidential and/or privileged information. If
 you are not the addressee or authorized to receive this for the addressee,
 you must not use, copy,  disclose or take any action based on this message
 or any information herein. If you have received this message in error,
 please advise the sender immediately by reply e-mail and delete this
 message. Thank you for your cooperation.
 
 
 -Mensagem original-
 De:   [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]
 Enviada em:   segunda-feira, 28 de julho de 2003 10:58
 Para: [EMAIL PROTECTED]
 Assunto:  RE: HSRP + ARP Problem [7:73098]
 
 Try
 
 Where they also give you an alternative to use the burned HW in-address
 instead of a virtual HW address.
 
 http://www.cisco.com/warp/public/473/62.pdf
 
 Martijn Jansen
 
 
 -Oorspronkelijk bericht-
 Van: Tim Champion [mailto:[EMAIL PROTECTED]
 Verzonden: maandag 28 juli 2003 13:35
 Aan: [EMAIL PROTECTED]
 Onderwerp: HSRP + ARP Problem [7:73098]
 
 
 Bit of a strange one this. We have 2 7206 routers running HSRP that are
 support by our telecoms provider. The fast ethernet interface of each is
 connected into our 2950 along with a firewall.
 
 From the switch, or firewall, I can ping either of the 'real' ip addresses
 but not the virtual address. I have used debug arp and seen the arp
 request
 go out for the virtual address (the telco has done the same and see's the
 request come in) but there is no reply. If we configure a static arp entry
 it all works fine.
 
 Anyone ever experienced anything like this???
 
 Many thanks
 
 
 Tim
 Incoming mail is certified Virus Free.
 Checked by AVG anti-virus system (http://www.grisoft.com).
 Version: 6.0.504 / Virus Database: 302 - Release Date: 24/07/2003
  
 
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.504 / Virus Database: 302 - Release Date: 24/07/2003




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73172t=73098
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

HSRP + ARP Problem [7:73098]

[Tim Champion]

Bit of a strange one this. We have 2 7206 routers running HSRP that are
support by our telecoms provider. The fast ethernet interface of each is
connected into our 2950 along with a firewall.

From the switch, or firewall, I can ping either of the 'real' ip addresses
but not the virtual address. I have used debug arp and seen the arp request
go out for the virtual address (the telco has done the same and see's the
request come in) but there is no reply. If we configure a static arp entry
it all works fine.

Anyone ever experienced anything like this???

Many thanks


Tim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73098t=73098
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: HSRP + ARP Problem [7:73098]

[[EMAIL PROTECTED]]

Try

Where they also give you an alternative to use the burned HW in-address
instead of a virtual HW address.

http://www.cisco.com/warp/public/473/62.pdf

Martijn Jansen


-Oorspronkelijk bericht-
Van: Tim Champion [mailto:[EMAIL PROTECTED]
Verzonden: maandag 28 juli 2003 13:35
Aan: [EMAIL PROTECTED]
Onderwerp: HSRP + ARP Problem [7:73098]


Bit of a strange one this. We have 2 7206 routers running HSRP that are
support by our telecoms provider. The fast ethernet interface of each is
connected into our 2950 along with a firewall.

From the switch, or firewall, I can ping either of the 'real' ip addresses
but not the virtual address. I have used debug arp and seen the arp request
go out for the virtual address (the telco has done the same and see's the
request come in) but there is no reply. If we configure a static arp entry
it all works fine.

Anyone ever experienced anything like this???

Many thanks


Tim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73101t=73098
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: HSRP + ARP Problem [7:73098]

[[EMAIL PROTECTED]]

Could you debug HSRP for us?

Thought DEBUG STANDBY should do it.


Cisco 7200/7500 with PA-2FEISL
 HSRP gets stuck in init state on PA-2FEISL module in 7200/7500.
 CSCdr01156 (registered customers only)
 software upgrade; see bug for revision details
 Reset the interface using the shutdown and no shutdown commands
 


 
SB: Ethernet0 state Virgin - Listen
SB: Starting up hot standby process
SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip
192.168.72.29
SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip
192.168.72.29
SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip
192.168.72.29
SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip
192.168.72.29
SB: Ethernet0 state Listen - Speak
SB:Ethernet0 Hello out 192.168.72.20 Speak pri 100 hel 3 hol 10 ip
192.168.72.29
SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip
192.168.72.29
SB:Ethernet0 Hello out 192.168.72.20 Speak pri 100 hel 3 hol 10 ip
192.168.72.29
SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip
192.168.72.29
SB:Ethernet0 Hello out 192.168.72.20 Speak pri 100 hel 3 hol 10 ip
192.168.72.29
SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip
192.168.72.29
SB: Ethernet0 state Speak - Standby
SB:Ethernet0 Hello out 192.168.72.20 Standby pri 100 hel 3 hol 10 ip
192.168.72.29
SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip
192.168.72.29
SB:Ethernet0 Hello out 192.168.72.20 Standby pri 100 hel 3 hol 10 ip
192.168.72.29
SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip
192.168.72.29
SB:Ethernet0 Hello out 192.168.72.20 Standby pri 100 hel 3 hol 10 ip
192.168.72.29
SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip
192.168.72.29
SB: Ethernet0 Coup out 192.168.72.20 Standby pri 100 hel 3 hol 10 ip
192.168.72.29
SB: Ethernet0 state Standby - Active
SB:Ethernet0 Hello out 192.168.72.20 Active pri 100 hel 3 hol 10 ip
192.168.72.29
SB:Ethernet0 Hello in 192.168.72.21 Speak pri 90 hel 3 hol 10 ip
192.168.72.29
SB:Ethernet0 Hello out 192.168.72.20 Active pri 100 hel 3 hol 10 ip
192.168.72.29
SB:Ethernet0 Hello in 192.168.72.21 Speak pri 90 hel 3 hol 10 ip
192.168.72.29
SB:Ethernet0 Hello out 192.168.72.20 Active pri 100 hel 3 hol 10 ip
192.168.72.29
 

Martijn Jansen


-Oorspronkelijk bericht-
Van: Tim Champion [mailto:[EMAIL PROTECTED]
Verzonden: maandag 28 juli 2003 13:35
Aan: [EMAIL PROTECTED]
Onderwerp: HSRP + ARP Problem [7:73098]


Bit of a strange one this. We have 2 7206 routers running HSRP that are
support by our telecoms provider. The fast ethernet interface of each is
connected into our 2950 along with a firewall.

From the switch, or firewall, I can ping either of the 'real' ip addresses
but not the virtual address. I have used debug arp and seen the arp request
go out for the virtual address (the telco has done the same and see's the
request come in) but there is no reply. If we configure a static arp entry
it all works fine.

Anyone ever experienced anything like this???

Many thanks


Tim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73100t=73098
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

SRC and DST NAT problem [7:72783]

[[EMAIL PROTECTED]]

Problem description: 
Problem when NATing both source and destination addresses based on an
route-map

Diagram:
_
   |   R1|
   |   |
   -
  |  |
Fa0/0.1 Fa0/0.2
  |  |
  |  |
  __ 1.1.1.0/24 LAN
  | |2.2.2.0/24 LAN
  | |  
  | |
- -
|   | ||
- -  
PC1:1.1.1.10PC2:2.2.2.10
 Actual PhysicalActual Physical 
ip addressip address

Setup description:
Cisco 2600 router connected to a Cisco 2950 switch using Fa0/0 port. We have
created subinterface on F0/0. 
The subinterface F0/0.1 connects to 1.1.1.0/24 LAN. The subinterface F0/0.2
connects to 2.2.2.0/24 LAN. 
The router routes traffic between these subnets.Int f0/0.1 is the nat
inside interface.Int f0/0.2 is the nat outside interface.

Requirement: 
1) When telnet traffic(identified by a route-map)  from 1.1.1.0/24 LAN needs
to flow to the 2.2.2.0/24 LAN  (which actually appears as 11.11.10.0/24 LAN
to the 1.1.1.0 network) , the source address should be NATed  as
1.1.1.0/24 172.16.1.0/24 and the destination should be NATed as
11.11.10.0/242.2.2.0/24. 

2) When certain other type of traffic from 1.1.1.0/24 LAN needs to flow to
the 2.2.2.0/24 LAN  , the source address and destination address should not
be NATed.

Problem:
Requirement no.2 is working fine.
For Requirement no.1 :
The source IP address of the Inside-to-outside packets is being NATed. But
not the destination address.

Below is the expected sequence.
i.e. 1)PC1 sends a telnet packet to PC2. src ip: 1.1.1.10 ,dst ip:11.11.2.10
2)R1 nats the source ip properly. ie. src ip :1.1.1.10 172.16.1.10 . I
also want R1 to NAT the destination ip address . i.e i want dst
ip:11.11.2.102.2.2.10. The packet should then hit PC2.
Similar reverse translation is need on the reverse path for the return
packet.

Below is the sh runn for R1
R1#sh run
!
interface FastEthernet0/0.1
 encapsulation dot1Q 4
 ip address 1.1.1.1 255.255.255.0
 ip nat inside
!
interface FastEthernet0/0.2
 encapsulation dot1Q 5
 ip address 2.2.2.1 255.255.255.0
 ip nat outside
!
ip nat pool IN2OUTNATPOOL 172.16.1.1 172.16.1.254 prefix-length 24 type
match-host
ip nat pool OUT2INNATPOOL 10.10.0.1 10.10.0.254 prefix-length 16 type
match-host
ip nat inside source route-map IN2OUT pool IN2OUTNATPOOL
ip nat outside source route-map OUT2IN pool OUT2INNATPOOL
ip classless
ip route 11.11.2.0 255.255.255.0 FastEthernet0/0.2
ip route 172.16.1.0 255.255.255.0 FastEthernet0/0.1
!

access-list 188 permit tcp any any eq telnet
access-list 188 permit tcp any eq telnet any
access-list 188 deny   ip any any
!
route-map IN2OUT permit 10
 match ip address 188
!
route-map OUT2IN permit 10
 match ip address 188
!
Thanks and Regards   

Simon K. Carvalho 
RMC Support Engineer (Senior Member)
Network Solutions Ltd. , Bangalore
Email:  :[EMAIL PROTECTED]
Web  :   www.netsol.co.in 
Phone   :  +91 80 5535228 ext 433
Mobile  :  +91 9845349843

Tomorrow's Networks.Today.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72783t=72783
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX translation problem [7:72567]

[Bikespace]

Sorry to give one of those annoying answers. I saw this a couple of weeks
ago while configuring a Pix. I looked at the config and I had typo'd.
Unfortunately I can't remember what I'd done wrong at the time. Can you post
the config and it may jog my memory.

Regards,

Bikespace


Greg Owens  wrote in message
news:[EMAIL PROTECTED]
 have anybody seen this message.

 07-15-2003 13:55:38 Local4.Error 192.168.1.1 Jul 15 2003 09:53:35:
 %PIX-3-202001: Out of address translation slots!

   I told the customer to change the translation time-out


 Greg Owens
 202-398-2552

 [GroupStudy removed an attachment with a content-type header it could not
 parse.]
 [Content-Type: null; name=replyAll]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72670t=72567
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

need input on a frame relay t1 problem [7:72621]

[Wilmes, Rusty]

I've got a frame line thats almost 100% errors, mostly framing.  Local
Hardware is a 1604 w/ t1 wic (for testing purposes only.  will be a 3640.)
Remote hardware for the 6 pvc's are 1604's w/ t1 wics on fractional frame
lines.  Remotes have existing pvcs back to the 3640 on the production
network.

PVCs come up but line protocol bounces continuously.
telco has reported that they can get to their network termination but not to
my csu.  I've triple checked the extension from the NIU to the WIC and it
looks good.  Its about 75 feet of shielded t1 cable.  Tried both clock
source line and clock source internal.  on clock source line I lose the pvcs
(deleted).  Telco verified lmi type cisco (they had it at auto but changed
to cisco).  I tried ANSI on my side and got no LMI rcvs.  W/ type set to
cisco LMI enq/rcv is incrementing but drifting all over the place.
Interface resets increment each time I lose line protocol.  Carrier resets
are incrementing slowly as well.

Im still suspecting telco issues but any input would be greatly appreciated.




interface Serial0
 no ip address
 encapsulation frame-relay
 fair-queue 64 32 0
 service-module t1 clock source internal
 service-module t1 timeslots all
 frame-relay lmi-type cisco

local-test#sho int s0
Serial0 is up, line protocol is up
  Hardware is QUICC Serial (with FT1 CSU/DSU WIC)
  MTU 1500 bytes, BW 1536 Kbit, DLY 2 usec, rely 189/255, load 1/255
  Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec)
  LMI enq sent  18, LMI stat recvd 11, LMI upd recvd 0, DTE LMI up
  LMI enq recvd 0, LMI stat sent  0, LMI upd sent  0
  LMI DLCI 1023  LMI type is CISCO  frame relay DTE
  Broadcast queue 0/64, broadcasts sent/dropped 76/0, interface broadcasts
66
  Last input 00:00:08, output 00:00:00, output hang never
  Last clearing of show interface counters 00:03:06
  Input queue: 0/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
 Conversations  0/1/32 (active/max active/max total)
 Reserved Conversations 0/0 (allocated/max allocated)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 1 packets/sec
 19 packets input, 1466 bytes, 0 no buffer
 Received 11 broadcasts, 0 runts, 0 giants, 0 throttles
 1154 input errors, 89 CRC, 737 frame, 0 overrun, 0 ignored, 328 abort
 99 packets output, 8280 bytes, 0 underruns
 0 output errors, 0 collisions, 3 interface resets
 0 output buffer failures, 0 output buffers swapped out
 0 carrier transitions
 DCD=up  DSR=up  DTR=up  RTS=up  CTS=up
 
local-test#
local-test#
local-test#
local-test#
local-test#sho frame lmi
 
LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO
  Invalid Unnumbered info 0Invalid Prot Disc 0
  Invalid dummy Call Ref 0Invalid Msg Type 0
  Invalid Status Message 0Invalid Lock Shift 0
  Invalid Information ID 0Invalid Report IE Len 0
  Invalid Report Request 0Invalid Keep IE Len 0
  Num Status Enq. Sent 19Num Status msgs Rcvd 12
  Num Update Status Rcvd 0Num Status Timeouts 8




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72621t=72621
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: need input on a frame relay t1 problem [7:72621]

[Jonathan V Hays]

Wilmes, Rusty wrote:
 I've got a frame line thats almost 100% errors, mostly framing.  Local
 Hardware is a 1604 w/ t1 wic (for testing purposes only.  will be a 3640.)
 Remote hardware for the 6 pvc's are 1604's w/ t1 wics on fractional frame
 lines.  Remotes have existing pvcs back to the 3640 on the production
 network.
 
 PVCs come up but line protocol bounces continuously.
 telco has reported that they can get to their network termination but not
to
 my csu.  I've triple checked the extension from the NIU to the WIC and it
 looks good.  Its about 75 feet of shielded t1 cable.  Tried both clock
 source line and clock source internal.  on clock source line I lose the
pvcs
 (deleted).  Telco verified lmi type cisco (they had it at auto but changed
 to cisco).  I tried ANSI on my side and got no LMI rcvs.  W/ type set to
 cisco LMI enq/rcv is incrementing but drifting all over the place.
 Interface resets increment each time I lose line protocol.  Carrier resets
 are incrementing slowly as well.
 
 Im still suspecting telco issues but any input would be greatly
appreciated.
 
 
 
 
 interface Serial0
  no ip address
  encapsulation frame-relay
  fair-queue 64 32 0
  service-module t1 clock source internal
  service-module t1 timeslots all
  frame-relay lmi-type cisco
 
 local-test#sho int s0
 Serial0 is up, line protocol is up
   Hardware is QUICC Serial (with FT1 CSU/DSU WIC)
   MTU 1500 bytes, BW 1536 Kbit, DLY 2 usec, rely 189/255, load 1/255
   Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec)
   LMI enq sent  18, LMI stat recvd 11, LMI upd recvd 0, DTE LMI up
   LMI enq recvd 0, LMI stat sent  0, LMI upd sent  0
   LMI DLCI 1023  LMI type is CISCO  frame relay DTE
   Broadcast queue 0/64, broadcasts sent/dropped 76/0, interface broadcasts
 66
   Last input 00:00:08, output 00:00:00, output hang never
   Last clearing of show interface counters 00:03:06
   Input queue: 0/75/0 (size/max/drops); Total output drops: 0
   Queueing strategy: weighted fair
   Output queue: 0/1000/64/0 (size/max total/threshold/drops)
  Conversations  0/1/32 (active/max active/max total)
  Reserved Conversations 0/0 (allocated/max allocated)
   5 minute input rate 0 bits/sec, 0 packets/sec
   5 minute output rate 0 bits/sec, 1 packets/sec
  19 packets input, 1466 bytes, 0 no buffer
  Received 11 broadcasts, 0 runts, 0 giants, 0 throttles
  1154 input errors, 89 CRC, 737 frame, 0 overrun, 0 ignored, 328 abort
  99 packets output, 8280 bytes, 0 underruns
  0 output errors, 0 collisions, 3 interface resets
  0 output buffer failures, 0 output buffers swapped out
  0 carrier transitions
  DCD=up  DSR=up  DTR=up  RTS=up  CTS=up
  
 local-test#
 local-test#
 local-test#
 local-test#
 local-test#sho frame lmi
  
 LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO
   Invalid Unnumbered info 0Invalid Prot Disc 0
   Invalid dummy Call Ref 0Invalid Msg Type 0
   Invalid Status Message 0Invalid Lock Shift 0
   Invalid Information ID 0Invalid Report IE Len 0
   Invalid Report Request 0Invalid Keep IE Len 0
   Num Status Enq. Sent 19Num Status msgs Rcvd 12
   Num Update Status Rcvd 0Num Status Timeouts 8
Without actually being there, it sounds like a clocking problem 
to me.

0. I'm surprised that you are using internal clocking. Getting 
clock from the telco is usually much more reliable than your DSU. 
Are they supposed to be providing clock?

1. Have you run any loopback tests on the interface? If the 
problem continues with the interface looped, it is likely to be a 
router or WIC-1T problem.

2. Do you have any spare hardware for swapping?
- swap the 75 foot cable
- swap the WIC-1T
- try direct serial-serial connection to another test router

3. Take a look at some debug output, such as debug serial 
interface and debug frame-relay

HTH




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72625t=72621
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: need input on a frame relay t1 problem [7:72621]

[Wilmes, Rusty]

Thanks to all.  We've isolated it to the house cabling extension.  If i jack
the router directly to the niu the line comes up and runs error free.  Crud,
I hate it when its not verizons fault :)
Thanks again,
Rusty


-Original Message-
From: Wilmes, Rusty 
Sent: Saturday, July 19, 2003 8:39 AM
To: [EMAIL PROTECTED]
Subject: need input on a frame relay t1 problem [7:72621]


I've got a frame line thats almost 100% errors, mostly framing.  Local
Hardware is a 1604 w/ t1 wic (for testing purposes only.  will be a 3640.)
Remote hardware for the 6 pvc's are 1604's w/ t1 wics on fractional frame
lines.  Remotes have existing pvcs back to the 3640 on the production
network.

PVCs come up but line protocol bounces continuously.
telco has reported that they can get to their network termination but not to
my csu.  I've triple checked the extension from the NIU to the WIC and it
looks good.  Its about 75 feet of shielded t1 cable.  Tried both clock
source line and clock source internal.  on clock source line I lose the pvcs
(deleted).  Telco verified lmi type cisco (they had it at auto but changed
to cisco).  I tried ANSI on my side and got no LMI rcvs.  W/ type set to
cisco LMI enq/rcv is incrementing but drifting all over the place.
Interface resets increment each time I lose line protocol.  Carrier resets
are incrementing slowly as well.

Im still suspecting telco issues but any input would be greatly appreciated.




interface Serial0
 no ip address
 encapsulation frame-relay
 fair-queue 64 32 0
 service-module t1 clock source internal
 service-module t1 timeslots all
 frame-relay lmi-type cisco

local-test#sho int s0
Serial0 is up, line protocol is up
  Hardware is QUICC Serial (with FT1 CSU/DSU WIC)
  MTU 1500 bytes, BW 1536 Kbit, DLY 2 usec, rely 189/255, load 1/255
  Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec)
  LMI enq sent  18, LMI stat recvd 11, LMI upd recvd 0, DTE LMI up
  LMI enq recvd 0, LMI stat sent  0, LMI upd sent  0
  LMI DLCI 1023  LMI type is CISCO  frame relay DTE
  Broadcast queue 0/64, broadcasts sent/dropped 76/0, interface broadcasts
66
  Last input 00:00:08, output 00:00:00, output hang never
  Last clearing of show interface counters 00:03:06
  Input queue: 0/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
 Conversations  0/1/32 (active/max active/max total)
 Reserved Conversations 0/0 (allocated/max allocated)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 1 packets/sec
 19 packets input, 1466 bytes, 0 no buffer
 Received 11 broadcasts, 0 runts, 0 giants, 0 throttles
 1154 input errors, 89 CRC, 737 frame, 0 overrun, 0 ignored, 328 abort
 99 packets output, 8280 bytes, 0 underruns
 0 output errors, 0 collisions, 3 interface resets
 0 output buffer failures, 0 output buffers swapped out
 0 carrier transitions
 DCD=up  DSR=up  DTR=up  RTS=up  CTS=up
 
local-test#
local-test#
local-test#
local-test#
local-test#sho frame lmi
 
LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO
  Invalid Unnumbered info 0Invalid Prot Disc 0
  Invalid dummy Call Ref 0Invalid Msg Type 0
  Invalid Status Message 0Invalid Lock Shift 0
  Invalid Information ID 0Invalid Report IE Len 0
  Invalid Report Request 0Invalid Keep IE Len 0
  Num Status Enq. Sent 19Num Status msgs Rcvd 12
  Num Update Status Rcvd 0Num Status Timeouts 8




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72627t=72621
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX translation problem [7:72567]

[Greg Owens]

have anybody seen this message.

07-15-2003  13:55:38Local4.Error192.168.1.1 Jul 15 2003 09:53:35:
%PIX-3-202001: Out of address translation slots!

  I told the customer to change the translation time-out


Greg Owens
202-398-2552

[GroupStudy removed an attachment with a content-type header it could not
parse.]
[Content-Type: null; name=replyAll]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72567t=72567
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: STP problem [7:70797]

[DeVoe, Charles (PKI)]

We had a similar situation.  Only in this case, the user was taking down
internet access.  Seems whoever configured the machine put the default
gateway in as the users address.  At the time we were running two protocols,
decnet and tcp/ip.  Decnet was the first one to be used.  The only time
there was a problem was when the  user would try to access the internet.
After a week of troubleshooting, we started looking at all of the PCs that
had been installed recently.  It was pure luck that we found it.

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 17, 2003 4:35 PM
To: [EMAIL PROTECTED]
Subject: Re: STP problem [7:70797]


Access points can be configured to do bridging and I wouldn't be surprised
to discover that they don't do STP, especially low-end ones from the local
KMart. A lot of low-end switches don't do STP either. So, the access point
would have to be inserted into the network just right so that it caused a
loop, but that's certainly possible. In that case all the looping broadcast
traffic, not to mention looping unknown unicast traffic, could bring a
network to its knees.

I'm surprised so many people doubted his decription of the problem!? 

Anyway, finding it will be hard, though there's good advice from Tom and
others. I think I would revert to an old-fasioned communications channel.
Announce over the loud speaker that if you just connected a wireless access
point, disconnect it now and report to the office! :-)

Priscilla

Tom Martin wrote:
 
 Chris,
 
 STP should be enough to avoid these types of problems. In order
 to cause
 a bridging loop the station would have to have both interfaces
 in the
 same VLAN and forward all L2 traffic except for BPDUs. Even if
 this were
 the case the wireless network (10-Mbps?) shouldn't be enough to
 bring
 the LAN to its knees (100-Mbps?). If you have STP enabled on
 all of your
 switches, I'm doubt that a single station is bringing the
 network down.
 
 Once you find the offending switch that you need to reboot, you
 can
 issue console commands to determine the root bridge and any
 blocked
 ports. Make sure that things are normal. You do have your root
 bridge
 set manually, don't you? :)
 
 To find out which port is causing the loop, take a look at the
 interface
 counters. You should see an unreal amount of traffic on the
 offending
 port (and the uplink to the core switch).
 
 When STP has been enabled I have only come across layer-2 loops
 twice.
 Once when a few HP switches had gone bad, and another time when
 a
 customer had configured channeling on one side but not the
 other (3500
 series, no channel negotiation).
 
 In both cases I found that the problem was made worse with
 increasing
 traffic levels, and the problem also revolved around the same
 set of
 switches. The channeling problem was a bit more difficult to
 narrow down
 though, since it disabled MLS on the core switch and every
 segment
 appeared to have problems!!!
 
 I hope that helps,
 
 - Tom
 
 
 Christopher Dumais wrote:
  Hi all,
  We are having an STP problem where we think a user with an
 integrated
  wireless and LAN NIC is creating a bridge loop and bringing
 down the entire
  network. The problem occurs then goes away after 20 or so
 minutes unless we
  can narrow down which closet it is coming from and reboot the
 switch. All of
  our management tools die during the outage. Does anyone have
 any ideas on
  how we might prevent this from happening or track down the
 offender? We have
  6509's in our Core and a mix of 3548's and 3550-SMI. Any
 thoughts are
  appreciated. Thanks!
  
  Chris Dumais, CCNP, CNA
  Sr. Network Administrator
  NSS Customer and Desktop Services Team
  Maine Medical Center
  (207)871-6940
  [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72467t=70797
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: STP problem [7:70797]

[Reimer, Fred]

Heh, you should have been at Networkers 2003 in LA.  Cisco's wireless
network was...  Unstable to say the least.  I'd estimate that the network
was available only 50% of the time.  First someone hacked into the DHCP
server and brought that down.  They someone set their IP address the same as
the default route.  Then people setup peer-to-peer networks with the same
ESSID as the Cisco AP's.  It was almost comical!


Fred Reimer - CCNA


Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050


NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.


-Original Message-
From: DeVoe, Charles (PKI) [mailto:[EMAIL PROTECTED] 
Sent: Thursday, July 17, 2003 8:39 AM
To: [EMAIL PROTECTED]
Subject: RE: STP problem [7:70797]

We had a similar situation.  Only in this case, the user was taking down
internet access.  Seems whoever configured the machine put the default
gateway in as the users address.  At the time we were running two protocols,
decnet and tcp/ip.  Decnet was the first one to be used.  The only time
there was a problem was when the  user would try to access the internet.
After a week of troubleshooting, we started looking at all of the PCs that
had been installed recently.  It was pure luck that we found it.

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 17, 2003 4:35 PM
To: [EMAIL PROTECTED]
Subject: Re: STP problem [7:70797]


Access points can be configured to do bridging and I wouldn't be surprised
to discover that they don't do STP, especially low-end ones from the local
KMart. A lot of low-end switches don't do STP either. So, the access point
would have to be inserted into the network just right so that it caused a
loop, but that's certainly possible. In that case all the looping broadcast
traffic, not to mention looping unknown unicast traffic, could bring a
network to its knees.

I'm surprised so many people doubted his decription of the problem!? 

Anyway, finding it will be hard, though there's good advice from Tom and
others. I think I would revert to an old-fasioned communications channel.
Announce over the loud speaker that if you just connected a wireless access
point, disconnect it now and report to the office! :-)

Priscilla

Tom Martin wrote:
 
 Chris,
 
 STP should be enough to avoid these types of problems. In order
 to cause
 a bridging loop the station would have to have both interfaces
 in the
 same VLAN and forward all L2 traffic except for BPDUs. Even if
 this were
 the case the wireless network (10-Mbps?) shouldn't be enough to
 bring
 the LAN to its knees (100-Mbps?). If you have STP enabled on
 all of your
 switches, I'm doubt that a single station is bringing the
 network down.
 
 Once you find the offending switch that you need to reboot, you
 can
 issue console commands to determine the root bridge and any
 blocked
 ports. Make sure that things are normal. You do have your root
 bridge
 set manually, don't you? :)
 
 To find out which port is causing the loop, take a look at the
 interface
 counters. You should see an unreal amount of traffic on the
 offending
 port (and the uplink to the core switch).
 
 When STP has been enabled I have only come across layer-2 loops
 twice.
 Once when a few HP switches had gone bad, and another time when
 a
 customer had configured channeling on one side but not the
 other (3500
 series, no channel negotiation).
 
 In both cases I found that the problem was made worse with
 increasing
 traffic levels, and the problem also revolved around the same
 set of
 switches. The channeling problem was a bit more difficult to
 narrow down
 though, since it disabled MLS on the core switch and every
 segment
 appeared to have problems!!!
 
 I hope that helps,
 
 - Tom
 
 
 Christopher Dumais wrote:
  Hi all,
  We are having an STP problem where we think a user with an
 integrated
  wireless and LAN NIC is creating a bridge loop and bringing
 down the entire
  network. The problem occurs then goes away after 20 or so
 minutes unless we
  can narrow down which closet it is coming from and reboot the
 switch. All of
  our management tools die during the outage. Does anyone have
 any ideas on
  how we might prevent this from happening or track down the
 offender? We have
  6509's in our Core and a mix of 3548's and 3550-SMI. Any
 thoughts are
  appreciated. Thanks!
  
  Chris Dumais, CCNP, CNA
  Sr. Network Administrator
  NSS Customer and Desktop Services Team
  Maine Medical Center
  (207)871-6940
  [EMAIL PROTECTED]




Message Posted

SPAN problem [7:72507]

[Paul]

Hi all,

Quick question, I have enabled SPAN to mirror from one port to another.
However, when doing so the transmitting port appears detached form the
network. i.e.. I cannot ping from the PC attached to that port and nothing on
the network can ping it too. When I remove the port from the session I get
connectivity again. Could anyone give me any ideas on why this is occurring
please.

I used the 'monitor session' command and left it blank at the end implying
'both' rather than explicitly specifying 'TX or 'RX. None of the ports are
involved in trunking, they are in the same VLAN and they are on the same
physical switch, and even on the same blade (4006).

Any help would be greatly appreciated.

Kind regards

Paul 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72507t=72507
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: SPAN problem [7:72507]

[Priscilla Oppenheimer]

Paul wrote:
 
 Hi all,
 
 Quick question, I have enabled SPAN to mirror from one port to
 another.
 However, when doing so the transmitting port appears detached
 form the
 network. i.e.. I cannot ping from the PC attached to that port
 and nothing on
 the network can ping it too. When I remove the port from the
 session I get
 connectivity again. Could anyone give me any ideas on why this
 is occurring
 please.

If I understand what you're saying, that's normal. 

SPAN sends traffic to and from one or more source ports to a destination
port. A protocol analyzer resides at the destination port. The source ports
are the monitored ports whose traffic you want to analyze.

I'm not sure what you mean by transmitting port. Cisco doesn't use that
term becauses it's too unclear which port it refers to.

Now that we have the terminology straight :-), it's normal for traffic to be
disrupted to and from the destination port where the analyzer resides. Per
the config guide for the 4000, Once an interface becomes an active
destination interface, incoming traffic is disabled. You cannot configure a
SPAN destination interface to receive ingress traffic. The interface does
not forward any traffic except that required for the SPAN session. 

It is not normal for the traffic to be disrupted for the source port. If
that's what you're saying, then you better tell us more about the config and
the output from show monitor session. I'm guessing that's not what you meant
though...

Priscilla




 
 I used the 'monitor session' command and left it blank at the
 end implying
 'both' rather than explicitly specifying 'TX or 'RX. None of
 the ports are
 involved in trunking, they are in the same VLAN and they are on
 the same
 physical switch, and even on the same blade (4006).
 
 Any help would be greatly appreciated.
 
 Kind regards
 
 Paul 
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72518t=72507
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

console port problem [7:72298]

[star.7]

i have a problem with my console port of 2500 router as well as 1900 switch 


the speed settings are ok 


can you help me 


 


 
Get Your Private, Free E-mail from Indiatimes at  http://email.indiatimes.com
Buy The Best In BOOKS at http://www.bestsellers.indiatimes.com
Bid for Air Tickets @ Re.1 on Air Sahara Flights. Just log on to
http://airsahara.indiatimes.com and Bid Now !




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72298t=72298
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: console port problem [7:72298]

[star star7]

i cannot use my console port to access one of my 2524 router as well as 1900
switch , they don't respond but i can telnet to them.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72316t=72298
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: console port problem [7:72298]

[Robert Perez]

whats the problem??

-Original Message-
From: star.7 [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 15, 2003 9:59 AM
To: [EMAIL PROTECTED]
Subject: console port problem [7:72298]


i have a problem with my console port of 2500 router as well as 1900 switch 


the speed settings are ok 


can you help me 


 


 
Get Your Private, Free E-mail from Indiatimes at
http://email.indiatimes.com
Buy The Best In BOOKS at http://www.bestsellers.indiatimes.com
Bid for Air Tickets @ Re.1 on Air Sahara Flights. Just log on to
http://airsahara.indiatimes.com and Bid Now !




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72313t=72298
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: console port problem [7:72298]

[Reza]

Can you describe the problem?
Reza

star.7  wrote in message
news:[EMAIL PROTECTED]
 i have a problem with my console port of 2500 router as well as 1900
switch


 the speed settings are ok


 can you help me






 Get Your Private, Free E-mail from Indiatimes at
http://email.indiatimes.com
 Buy The Best In BOOKS at http://www.bestsellers.indiatimes.com
 Bid for Air Tickets @ Re.1 on Air Sahara Flights. Just log on to
 http://airsahara.indiatimes.com and Bid Now !




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72312t=72298
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: console port problem [7:72298]

[DeVoe, Charles (PKI)]

Perhaps a copy of the running config would help

-Original Message-
From: star star7 [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 15, 2003 11:48 AM
To: [EMAIL PROTECTED]
Subject: Re: console port problem [7:72298]


i cannot use my console port to access one of my 2524 router as well as 1900
switch , they don't respond but i can telnet to them.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72329t=72298
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: console port problem [7:72298]

[Reimer, Fred]

At least your console line.  Cut out any password through, it's not
cryptographically robust.

Fred Reimer - CCNA


Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050


NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.


-Original Message-
From: DeVoe, Charles (PKI) [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 15, 2003 1:29 PM
To: [EMAIL PROTECTED]
Subject: RE: console port problem [7:72298]

Perhaps a copy of the running config would help

-Original Message-
From: star star7 [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 15, 2003 11:48 AM
To: [EMAIL PROTECTED]
Subject: Re: console port problem [7:72298]


i cannot use my console port to access one of my 2524 router as well as 1900
switch , they don't respond but i can telnet to them.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72340t=72298
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

problem with 7206 router. [7:72177]

[Xy Hien Le]

Hi everyone,

I bought a 7206 router and it booted up as follow before booting by the Flash
Card contains IOS.
I think the internal flash device is missing or corrupted.
Anyone have any sugestion how I can fix  this?
Here is the boot up output:

System Bootstrap, Version 11.1(5) [mkamson 5], RELEASE SOFTWARE (fc1)
Copyright (c) 1994 by cisco Systems, Inc.
C7200 processor with 65536 Kbytes of main memory

monlib does not contain a valid magic number
boot: cannot open bootflash:
an alternate boot helper program is not specified
(monitor variable BOOTLDR is not set)
and unable to determine first file in bootflash
loadprog: error - on file open
boot: cannot load cisco2-C7200

And it will booted with the image installed in the Flash Card...

Any sugestion is much apreciated.

Xy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72177t=72177
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

problem about OSPF on environment NBMA [7:72181]

[ht ht]

Dear  all, 

I would like ask how to config cost in  OSPF: 

1. with enviroment NBMA (example Frame) and topology 
Hub-Spoke then  Cost from  Hub Router to  all Spoke
the same (becase the samer1 physical interface ). 
How to config cost different for each session
Hub-Spoke ?

2. if  Network type is: Point-to-Multipoint (RFC-2328)
then we can use command : 
a. IP OSPF cost  or 
b. Neighbor cost  
That in  2 command which commad decision  the  cost if
 to command haved config on  Hub router ? 

3. if  network type is : Point-to-Multipoint (non
broadcast) ready to order?: Frame-relay map ip 
between Spokes? (in case I-ARP has  enable auto ? ) 

Thanks  regard

__
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72181t=72181
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: problem with 7206 router. [7:72177]

[Zsombor Papp]

Default solution is to boot up the image on the flash card, format 
bootflash, and copy a new bootloader image onto it, but you might need just 
remove a few files from bootflash: so that the bootloader is the first 
file. What does 'show bootflash:' show?

Thanks,

Zsombor

At 08:23 AM 7/12/2003 +, Xy Hien Le wrote:
Hi everyone,

I bought a 7206 router and it booted up as follow before booting by the
Flash
Card contains IOS.
I think the internal flash device is missing or corrupted.
Anyone have any sugestion how I can fix  this?
Here is the boot up output:

System Bootstrap, Version 11.1(5) [mkamson 5], RELEASE SOFTWARE (fc1)
Copyright (c) 1994 by cisco Systems, Inc.
C7200 processor with 65536 Kbytes of main memory

monlib does not contain a valid magic number
boot: cannot open bootflash:
an alternate boot helper program is not specified
(monitor variable BOOTLDR is not set)
and unable to determine first file in bootflash
loadprog: error - on file open
boot: cannot load cisco2-C7200

And it will booted with the image installed in the Flash Card...

Any sugestion is much apreciated.

Xy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72186t=72177
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: problem with 7206 router. [7:72177]

[Brian]

hmm wonder if the config specifies a tftp boot of the image specified in
that error?  Tried removingthe config?


Brian

The path to a desireable destination
is often more difficult than the path to stay where you are.

On Sat, 12 Jul 2003, Zsombor Papp wrote:

 Default solution is to boot up the image on the flash card, format
 bootflash, and copy a new bootloader image onto it, but you might need just
 remove a few files from bootflash: so that the bootloader is the first
 file. What does 'show bootflash:' show?

 Thanks,

 Zsombor

 At 08:23 AM 7/12/2003 +, Xy Hien Le wrote:
 Hi everyone,
 
 I bought a 7206 router and it booted up as follow before booting by the
 Flash
 Card contains IOS.
 I think the internal flash device is missing or corrupted.
 Anyone have any sugestion how I can fix  this?
 Here is the boot up output:
 
 System Bootstrap, Version 11.1(5) [mkamson 5], RELEASE SOFTWARE (fc1)
 Copyright (c) 1994 by cisco Systems, Inc.
 C7200 processor with 65536 Kbytes of main memory
 
 monlib does not contain a valid magic number
 boot: cannot open bootflash:
 an alternate boot helper program is not specified
 (monitor variable BOOTLDR is not set)
 and unable to determine first file in bootflash
 loadprog: error - on file open
 boot: cannot load cisco2-C7200
 
 And it will booted with the image installed in the Flash Card...
 
 Any sugestion is much apreciated.
 
 Xy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72190t=72177
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

tftp problem via checkpoint firewalls [7:71971]

[Gray, Alan]

Hi,
I have a problem trying to tftp router configs through a cluster-pair of
checkpoint-nokia firewalls.  I can Telnet from the inside to the router
outside the firewall but get a firewall error message when attempt to tftp
the config back through the firewall.  This all worked fine on Checkpoint
firewall-1 running on NT, but doesn't work using Nokia boxes.  

external side:
tftp client (router) connected to external lan
external lan is vlan-X across two Cisco Cat switches
two firewalls with a connection to this external lan (fw1 on sw1 and fw2 on
sw2)

internal side:
tftp server (unix) connected to internal lan
internal lan is vlan-Y across same two Cisco Cat switches
same two firewalls with a connection to this internal lan (fw1 on sw1 and
fw2 on sw2)

inter-firewall:
a direct x-over cable between the firewall synch interfaces 

Tftp Client router attempts to tftp its configuration to the TFTP Host
The Tftp Client Router sees the Tftp Host as an external address with the
Checkpoint Firewalls translating this external address to the real
internal address.
This fails with the firewall logging the message Connection contains real
ip of NATed address

Checkpoint Knowledge Base Article SK14613 below seems to describe, but not
quite as we have each firewall connected to a different switch for
resilience.  
https://support.checkpoint.com/public/idsearch.jsp?id=sk14613QueryText=%28%
28real%2C+ip%29%29resultStart=1

Have raised a fault with Checkpoint but not holding my breath.  Any
thoughts?

regards,
Alan




**
This e-mail is for use by the addressee only. If the message is received
 by anyone other than the addressee, please return the message to the 
sender by replying to it and then delete the message from your 
computer.
Internet e-mail messages are not necessarily secure.
Ulster Bank Group/The Royal Bank of Scotland and each of its Group 
companies does not accept responsibility for changes made to this 
message after it was sent.
**




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71971t=71971
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IOS AUTH-PROXY problem [7:72005]

[Szabo, Vilmos]

Hi,

Just run away from 12.1.5T(9).
We had some problem with it and discussed in this group with Dmitry and
Fabrice.

Even if you do not enable http server on the router auth-proxy will be
invoked .

Regards,

Vilmos

-Original Message-
From: d tran [mailto:[EMAIL PROTECTED]
Sent: 06 July 2003 18:19
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: IOS AUTH-PROXY problem


All,
Below is the configuration I have with AUTH-PROXY.  I don't understand why 
the configuration works with IOS version 12.2.15(T) but doesn't work with
IOS version
12.1.5T(9).  With version 12.1.5T(9), I am not getting a authentication
failed.  Instead
I am getting bad request.  
 
Any ideas?
 
C2610#sh run
Building configuration...
Current configuration : 4248 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname C2610
!
logging buffered 8192 notifications
logging rate-limit 1
no logging console
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login NONE none
aaa authentication login TACACS group tacacs+ local enable
aaa authentication login LOCAL local enable
aaa authorization auth-proxy default group tacacs+
enable secret 5 $1$Bj2H$ad4Dn5rkgKvwPZzJDKAgZ1
!
memory-size iomem 10
ip subnet-zero
no ip source-route
!
!
no ip finger
ip tcp intercept list 100
ip tcp intercept connection-timeout 3600
ip tcp intercept watch-timeout 5
ip tcp intercept max-incomplete low 300
ip tcp intercept max-incomplete high 1000
ip tcp intercept one-minute low 100
ip tcp intercept one-minute high 500
ip domain-name micronetsolution.com
ip host tac 2065 10.10.10.10
ip name-server 172.17.1.2
ip name-server 129.174.1.8
ip dhcp excluded-address 10.100.0.71
ip dhcp excluded-address 10.100.0.72
ip dhcp excluded-address 10.100.0.254
ip dhcp ping packets 5
!
ip dhcp pool DHCP
   network 10.100.0.0 255.255.255.0
   netbios-name-server 172.17.1.2 129.174.1.8
   dns-server 172.17.1.2 129.174.1.8
   default-router 10.100.0.254
   domain-name micronetsolution.com
   lease 3
!
ip inspect audit-trail
ip inspect dns-timeout 15
ip inspect name CBAC tcp timeout 3600
ip inspect name CBAC udp timeout 3600
ip auth-proxy auth-proxy-banner
ip auth-proxy auth-proxy-audit
ip auth-proxy auth-cache-time 1
ip auth-proxy name AUTH-PROXY http
ip audit info action alarm drop reset
ip audit attack action alarm drop reset
ip audit notify log
ip audit po max-events 100
ip audit name ATTACK attack action alarm drop reset
ip audit name INFO info action alarm
!
!
call rsvp-sync
cns event-service server
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.10.10.10 255.255.255.255
!
interface Ethernet0/0
 ip address 172.18.1.1 255.255.0.0
 ip nat outside
 half-duplex
!
interface FastEthernet1/0
 ip address 10.100.0.254 255.255.255.0
 ip nat inside
 ip auth-proxy AUTH-PROXY
 speed 100
 full-duplex
!
ip kerberos source-interface any
ip nat pool natpool 172.18.1.1 172.18.1.1 netmask 255.255.0.0
ip nat inside source list 130 interface Ethernet0/0 overload
ip nat inside source static 10.100.0.71 172.18.0.71
ip classless
ip route 0.0.0.0 0.0.0.0 172.18.1.254
ip http server
ip http authentication aaa
!
!
ip access-list extended NAMEDACL
 permit tcp any any
 permit udp any any
 permit ip any any
ip access-list extended in2out
 permit udp 10.100.0.0 0.0.0.255 any eq domain reflect traffic
 permit tcp 10.100.0.0 0.0.0.255 any eq www reflect traffic
 permit tcp 10.100.0.0 0.0.0.255 any eq telnet reflect traffic
 deny   ip any any
ip access-list extended out2in
 permit icmp any any
 evaluate traffic
 deny   ip any any
logging trap notifications
logging facility local5
logging source-interface Ethernet0/0
logging 172.17.1.2
access-list 100 permit tcp any host 10.100.0.71 eq www
access-list 100 permit tcp any host 10.100.0.71 eq 443
access-list 100 permit tcp any host 10.100.0.71 eq 22
access-list 100 permit tcp any host 10.100.0.71 eq telnet
access-list 100 permit tcp any host 10.100.0.71 eq ftp
access-list 100 permit tcp any host 10.100.0.71 eq ftp-data
access-list 110 permit tcp 10.100.0.0 0.0.0.255 host 10.100.0.254 eq telnet
access-list 110 dynamic lock-and-key permit ip 10.100.0.0 0.0.0.255 any
access-list 110 deny   ip any any
access-list 120 permit udp 10.100.0.0 0.0.0.255 any eq domain
access-list 120 permit tcp 10.100.0.0 0.0.0.255 host 10.100.0.254 eq www
access-list 120 deny   ip any any
access-list 130 permit ip 10.100.0.0 0.0.0.255 any
access-list 140 permit ip host 172.18.1.2 host 172.18.1.1
access-list 140 permit icmp any 10.100.0.0 0.0.0.255
access-list 140 permit icmp any host 172.18.0.71
access-list 140 deny   ip any any
!
tacacs-server host 172.18.1.2
tacacs-server attempts 2
!
dial-peer cor custom
!
!
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 login authentication NONE
 transport input none
line aux 0
 login authentication NONE
 transport input all
line vty 0 4
 login authentication LOCAL
!
ntp clock-period 17208324
end

Re: Problem [7:71890]

[Jens Neelsen]

Hi,

first you need to enable ip routing to make it work.

Then your default route should look like this:
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx  where is
xxx.xxx.xxx.xxx is the other router interface. 
Note: after the destination network follows a subnet mask (not a
wildcard mask).

Make sure you have a route in your other back to this router
(Entires in the routing table are oneway only). Try show ip
route to verify.

With kind regards
Jens Neelsen

--- Projet AIM  wrote:
 Hi again
 I am pretty much thanksfull for your explanantion
 I have tried what you have suggested and still it doesn't work
 The thing is I am convainced that I am missing something but
 can't find out 
 what
 Thanx again and any help is appreciated
 Elias
 
 
 From: Jans van Deventer 
 Reply-To: Jans van Deventer 
 To: [EMAIL PROTECTED]
 Subject: Re: Problem [7:71890]
 Date: Fri, 4 Jul 2003 14:25:41 GMT
 
 Hi
 
 What you did when you typed no ip routing was to
 effectively change
 your router into an IP host. You must enable ip routing with
 ip
 routing and then add your static route. Test again and come
 back for
 help if it doensn't work.
 
 One advantage of disabling IP routing and effectively turning
 your
 router into a host is because you can then use all the nice
 debug
 functionalities like debug ip packet, as though your router
 was a host.
 
 Regards,
 Jans
 
 Projet AIM wrote:
 
  Hi all
  I have a cisco 3600 and I am facing an unknown problem
 maybe it is 
 stupuid
  but realy i don't know
  I have a pretty much common configuration 2 valid IP
 addresses on both
  interfaces. one of them are my network the other interface
 is linked to
  another router interface when I trie to ping the outside
 from the 
 router's
  consol I have a response but when I try to ping from a
 machine in my
 network
  and don't have any reply.
  I used static route as in
  ip route 0.0.0.0 255.255.255.255 xxx.xxx.xxx.xxx  where
 is
 xxx.xxx.xxx.xxx
is the other router interface
  I disabled ip routing
  no ip routing
  Can Anyone please help me if a missed anything
  THANX a lot
  Elias
  
 

_
  Trouvez l'bme soeur sur MSN Rencontres !
 http://g.msn.fr/FR1000/9551

_
 Dicouvrez les nouvelles imotictnes animies de 
 http://g.msn.fr/FR1001/866 
 MSN Messenger nouvelle formule
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71942t=71890
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IOS AUTH-PROXY problem [7:71952]

[d tran]

All,
Below is the configuration I have with AUTH-PROXY.  I don't understand why 
the configuration works with IOS version 12.2.15(T) but doesn't work with
IOS version
12.1.5T(9).  With version 12.1.5T(9), I am not getting a authentication
failed.  Instead
I am getting bad request.  
 
Any ideas?
 
C2610#sh run
Building configuration...
Current configuration : 4248 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname C2610
!
logging buffered 8192 notifications
logging rate-limit 1
no logging console
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login NONE none
aaa authentication login TACACS group tacacs+ local enable
aaa authentication login LOCAL local enable
aaa authorization auth-proxy default group tacacs+
enable secret 5 $1$Bj2H$ad4Dn5rkgKvwPZzJDKAgZ1
!
memory-size iomem 10
ip subnet-zero
no ip source-route
!
!
no ip finger
ip tcp intercept list 100
ip tcp intercept connection-timeout 3600
ip tcp intercept watch-timeout 5
ip tcp intercept max-incomplete low 300
ip tcp intercept max-incomplete high 1000
ip tcp intercept one-minute low 100
ip tcp intercept one-minute high 500
ip domain-name micronetsolution.com
ip host tac 2065 10.10.10.10
ip name-server 172.17.1.2
ip name-server 129.174.1.8
ip dhcp excluded-address 10.100.0.71
ip dhcp excluded-address 10.100.0.72
ip dhcp excluded-address 10.100.0.254
ip dhcp ping packets 5
!
ip dhcp pool DHCP
   network 10.100.0.0 255.255.255.0
   netbios-name-server 172.17.1.2 129.174.1.8
   dns-server 172.17.1.2 129.174.1.8
   default-router 10.100.0.254
   domain-name micronetsolution.com
   lease 3
!
ip inspect audit-trail
ip inspect dns-timeout 15
ip inspect name CBAC tcp timeout 3600
ip inspect name CBAC udp timeout 3600
ip auth-proxy auth-proxy-banner
ip auth-proxy auth-proxy-audit
ip auth-proxy auth-cache-time 1
ip auth-proxy name AUTH-PROXY http
ip audit info action alarm drop reset
ip audit attack action alarm drop reset
ip audit notify log
ip audit po max-events 100
ip audit name ATTACK attack action alarm drop reset
ip audit name INFO info action alarm
!
!
call rsvp-sync
cns event-service server
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.10.10.10 255.255.255.255
!
interface Ethernet0/0
 ip address 172.18.1.1 255.255.0.0
 ip nat outside
 half-duplex
!
interface FastEthernet1/0
 ip address 10.100.0.254 255.255.255.0
 ip nat inside
 ip auth-proxy AUTH-PROXY
 speed 100
 full-duplex
!
ip kerberos source-interface any
ip nat pool natpool 172.18.1.1 172.18.1.1 netmask 255.255.0.0
ip nat inside source list 130 interface Ethernet0/0 overload
ip nat inside source static 10.100.0.71 172.18.0.71
ip classless
ip route 0.0.0.0 0.0.0.0 172.18.1.254
ip http server
ip http authentication aaa
!
!
ip access-list extended NAMEDACL
 permit tcp any any
 permit udp any any
 permit ip any any
ip access-list extended in2out
 permit udp 10.100.0.0 0.0.0.255 any eq domain reflect traffic
 permit tcp 10.100.0.0 0.0.0.255 any eq www reflect traffic
 permit tcp 10.100.0.0 0.0.0.255 any eq telnet reflect traffic
 deny   ip any any
ip access-list extended out2in
 permit icmp any any
 evaluate traffic
 deny   ip any any
logging trap notifications
logging facility local5
logging source-interface Ethernet0/0
logging 172.17.1.2
access-list 100 permit tcp any host 10.100.0.71 eq www
access-list 100 permit tcp any host 10.100.0.71 eq 443
access-list 100 permit tcp any host 10.100.0.71 eq 22
access-list 100 permit tcp any host 10.100.0.71 eq telnet
access-list 100 permit tcp any host 10.100.0.71 eq ftp
access-list 100 permit tcp any host 10.100.0.71 eq ftp-data
access-list 110 permit tcp 10.100.0.0 0.0.0.255 host 10.100.0.254 eq telnet
access-list 110 dynamic lock-and-key permit ip 10.100.0.0 0.0.0.255 any
access-list 110 deny   ip any any
access-list 120 permit udp 10.100.0.0 0.0.0.255 any eq domain
access-list 120 permit tcp 10.100.0.0 0.0.0.255 host 10.100.0.254 eq www
access-list 120 deny   ip any any
access-list 130 permit ip 10.100.0.0 0.0.0.255 any
access-list 140 permit ip host 172.18.1.2 host 172.18.1.1
access-list 140 permit icmp any 10.100.0.0 0.0.0.255
access-list 140 permit icmp any host 172.18.0.71
access-list 140 deny   ip any any
!
tacacs-server host 172.18.1.2
tacacs-server attempts 2
!
dial-peer cor custom
!
!
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 login authentication NONE
 transport input none
line aux 0
 login authentication NONE
 transport input all
line vty 0 4
 login authentication LOCAL
!
ntp clock-period 17208324
end
C2610#


-
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71952t=71952
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL 

Re: IOS AUTH-PROXY problem [7:71956]

[Joe Deleonardo]

It could just be that in version of 12.2.15(T) it is finally fully
implemented.  12.1.5T(9) is just an earlier version.  I ran into this last
night while working on blocking Nimda and Code Red.  The feature required to
do the blocking was released in 12.1E (not exactly sure which version, I
can't find my notes).  I couldn't find the feature anywhere in the
documentation for 12.1, but as soon as I looked in 12.2, it was there. Hope
that helps.

Cheers,

Joe

- Original Message - 
From: d tran 
To: ; 
Sent: Sunday, July 06, 2003 10:18 AM
Subject: IOS AUTH-PROXY problem


 All,
 Below is the configuration I have with AUTH-PROXY.  I don't understand why
 the configuration works with IOS version 12.2.15(T) but doesn't work with
IOS version
 12.1.5T(9).  With version 12.1.5T(9), I am not getting a authentication
failed.  Instead
 I am getting bad request.

 Any ideas?

 C2610#sh run
 Building configuration...
 Current configuration : 4248 bytes
 !
 version 12.1
 no service single-slot-reload-enable
 service timestamps debug uptime
 service timestamps log uptime
 no service password-encryption
 !
 hostname C2610
 !
 logging buffered 8192 notifications
 logging rate-limit 1
 no logging console
 aaa new-model
 aaa authentication login default group tacacs+ local
 aaa authentication login NONE none
 aaa authentication login TACACS group tacacs+ local enable
 aaa authentication login LOCAL local enable
 aaa authorization auth-proxy default group tacacs+
 enable secret 5 $1$Bj2H$ad4Dn5rkgKvwPZzJDKAgZ1
 !
 memory-size iomem 10
 ip subnet-zero
 no ip source-route
 !
 !
 no ip finger
 ip tcp intercept list 100
 ip tcp intercept connection-timeout 3600
 ip tcp intercept watch-timeout 5
 ip tcp intercept max-incomplete low 300
 ip tcp intercept max-incomplete high 1000
 ip tcp intercept one-minute low 100
 ip tcp intercept one-minute high 500
 ip domain-name micronetsolution.com
 ip host tac 2065 10.10.10.10
 ip name-server 172.17.1.2
 ip name-server 129.174.1.8
 ip dhcp excluded-address 10.100.0.71
 ip dhcp excluded-address 10.100.0.72
 ip dhcp excluded-address 10.100.0.254
 ip dhcp ping packets 5
 !
 ip dhcp pool DHCP
network 10.100.0.0 255.255.255.0
netbios-name-server 172.17.1.2 129.174.1.8
dns-server 172.17.1.2 129.174.1.8
default-router 10.100.0.254
domain-name micronetsolution.com
lease 3
 !
 ip inspect audit-trail
 ip inspect dns-timeout 15
 ip inspect name CBAC tcp timeout 3600
 ip inspect name CBAC udp timeout 3600
 ip auth-proxy auth-proxy-banner
 ip auth-proxy auth-proxy-audit
 ip auth-proxy auth-cache-time 1
 ip auth-proxy name AUTH-PROXY http
 ip audit info action alarm drop reset
 ip audit attack action alarm drop reset
 ip audit notify log
 ip audit po max-events 100
 ip audit name ATTACK attack action alarm drop reset
 ip audit name INFO info action alarm
 !
 !
 call rsvp-sync
 cns event-service server
 !
 !
 !
 !
 !
 !
 !
 !
 interface Loopback0
  ip address 10.10.10.10 255.255.255.255
 !
 interface Ethernet0/0
  ip address 172.18.1.1 255.255.0.0
  ip nat outside
  half-duplex
 !
 interface FastEthernet1/0
  ip address 10.100.0.254 255.255.255.0
  ip nat inside
  ip auth-proxy AUTH-PROXY
  speed 100
  full-duplex
 !
 ip kerberos source-interface any
 ip nat pool natpool 172.18.1.1 172.18.1.1 netmask 255.255.0.0
 ip nat inside source list 130 interface Ethernet0/0 overload
 ip nat inside source static 10.100.0.71 172.18.0.71
 ip classless
 ip route 0.0.0.0 0.0.0.0 172.18.1.254
 ip http server
 ip http authentication aaa
 !
 !
 ip access-list extended NAMEDACL
  permit tcp any any
  permit udp any any
  permit ip any any
 ip access-list extended in2out
  permit udp 10.100.0.0 0.0.0.255 any eq domain reflect traffic
  permit tcp 10.100.0.0 0.0.0.255 any eq www reflect traffic
  permit tcp 10.100.0.0 0.0.0.255 any eq telnet reflect traffic
  deny   ip any any
 ip access-list extended out2in
  permit icmp any any
  evaluate traffic
  deny   ip any any
 logging trap notifications
 logging facility local5
 logging source-interface Ethernet0/0
 logging 172.17.1.2
 access-list 100 permit tcp any host 10.100.0.71 eq www
 access-list 100 permit tcp any host 10.100.0.71 eq 443
 access-list 100 permit tcp any host 10.100.0.71 eq 22
 access-list 100 permit tcp any host 10.100.0.71 eq telnet
 access-list 100 permit tcp any host 10.100.0.71 eq ftp
 access-list 100 permit tcp any host 10.100.0.71 eq ftp-data
 access-list 110 permit tcp 10.100.0.0 0.0.0.255 host 10.100.0.254 eq
telnet
 access-list 110 dynamic lock-and-key permit ip 10.100.0.0 0.0.0.255 any
 access-list 110 deny   ip any any
 access-list 120 permit udp 10.100.0.0 0.0.0.255 any eq domain
 access-list 120 permit tcp 10.100.0.0 0.0.0.255 host 10.100.0.254 eq www
 access-list 120 deny   ip any any
 access-list 130 permit ip 10.100.0.0 0.0.0.255 any
 access-list 140 permit ip host 172.18.1.2 host 172.18.1.1
 access-list 140 permit icmp any 10.100.0.0 0.0.0.255
 access-list 140 permit icmp any host 172.18.0.71
 access-list 140

Problem [7:71890]

[Projet AIM]

Hi all
I have a cisco 3600 and I am facing an unknown problem maybe it is stupuid 
but realy i don't know
I have a pretty much common configuration 2 valid IP addresses on both 
interfaces. one of them are my network the other interface is linked to 
another router interface when I trie to ping the outside from the router's 
consol I have a response but when I try to ping from a machine in my network 
and don't have any reply.
I used static route as in
ip route 0.0.0.0 255.255.255.255 xxx.xxx.xxx.xxx  where is xxx.xxx.xxx.xxx 
  is the other router interface
I disabled ip routing
no ip routing
Can Anyone please help me if a missed anything
THANX a lot
Elias

_
Trouvez l'bme soeur sur MSN Rencontres ! http://g.msn.fr/FR1000/9551




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71890t=71890
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Problem [7:71890]

[Janó van Deventer]

Hi

What you did when you typed no ip routing was to effectively change 
your router into an IP host. You must enable ip routing with ip 
routing and then add your static route. Test again and come back for 
help if it doensn't work.

One advantage of disabling IP routing and effectively turning your 
router into a host is because you can then use all the nice debug 
functionalities like debug ip packet, as though your router was a host.

Regards,
Jans

Projet AIM wrote:

Hi all
I have a cisco 3600 and I am facing an unknown problem maybe it is stupuid 
but realy i don't know
I have a pretty much common configuration 2 valid IP addresses on both 
interfaces. one of them are my network the other interface is linked to 
another router interface when I trie to ping the outside from the router's 
consol I have a response but when I try to ping from a machine in my
network
and don't have any reply.
I used static route as in
ip route 0.0.0.0 255.255.255.255 xxx.xxx.xxx.xxx  where is
xxx.xxx.xxx.xxx
  is the other router interface
I disabled ip routing
no ip routing
Can Anyone please help me if a missed anything
THANX a lot
Elias

_
Trouvez l'bme soeur sur MSN Rencontres ! http://g.msn.fr/FR1000/9551




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71891t=71890
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Problem [7:71890]

[Projet AIM]

Hi again
I am pretty much thanksfull for your explanantion
I have tried what you have suggested and still it doesn't work
The thing is I am convainced that I am missing something but can't find out 
what
Thanx again and any help is appreciated
Elias


From: Jans van Deventer 
Reply-To: Jans van Deventer 
To: [EMAIL PROTECTED]
Subject: Re: Problem [7:71890]
Date: Fri, 4 Jul 2003 14:25:41 GMT

Hi

What you did when you typed no ip routing was to effectively change
your router into an IP host. You must enable ip routing with ip
routing and then add your static route. Test again and come back for
help if it doensn't work.

One advantage of disabling IP routing and effectively turning your
router into a host is because you can then use all the nice debug
functionalities like debug ip packet, as though your router was a host.

Regards,
Jans

Projet AIM wrote:

 Hi all
 I have a cisco 3600 and I am facing an unknown problem maybe it is 
stupuid
 but realy i don't know
 I have a pretty much common configuration 2 valid IP addresses on both
 interfaces. one of them are my network the other interface is linked to
 another router interface when I trie to ping the outside from the 
router's
 consol I have a response but when I try to ping from a machine in my
network
 and don't have any reply.
 I used static route as in
 ip route 0.0.0.0 255.255.255.255 xxx.xxx.xxx.xxx  where is
xxx.xxx.xxx.xxx
   is the other router interface
 I disabled ip routing
 no ip routing
 Can Anyone please help me if a missed anything
 THANX a lot
 Elias
 
 _
 Trouvez l'bme soeur sur MSN Rencontres ! http://g.msn.fr/FR1000/9551
_
Dicouvrez les nouvelles imotictnes animies de  http://g.msn.fr/FR1001/866 
MSN Messenger nouvelle formule




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71893t=71890
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Problem [7:71890]

[Zsombor Papp]

Probably the outside world doesn't know about your network that's behind 
the 3600. The ping reply needs to come back somehow.

Thanks,

Zsombor


At 04:32 PM 7/4/2003 +, Projet AIM wrote:
Hi again
I am pretty much thanksfull for your explanantion
I have tried what you have suggested and still it doesn't work
The thing is I am convainced that I am missing something but can't find out
what
Thanx again and any help is appreciated
Elias


 From: Jans van Deventer
 Reply-To: Jans van Deventer
 To: [EMAIL PROTECTED]
 Subject: Re: Problem [7:71890]
 Date: Fri, 4 Jul 2003 14:25:41 GMT
 
 Hi
 
 What you did when you typed no ip routing was to effectively change
 your router into an IP host. You must enable ip routing with ip
 routing and then add your static route. Test again and come back for
 help if it doensn't work.
 
 One advantage of disabling IP routing and effectively turning your
 router into a host is because you can then use all the nice debug
 functionalities like debug ip packet, as though your router was a host.
 
 Regards,
 Jans
 
 Projet AIM wrote:
 
  Hi all
  I have a cisco 3600 and I am facing an unknown problem maybe it is
 stupuid
  but realy i don't know
  I have a pretty much common configuration 2 valid IP addresses on both
  interfaces. one of them are my network the other interface is linked to
  another router interface when I trie to ping the outside from the
 router's
  consol I have a response but when I try to ping from a machine in my
 network
  and don't have any reply.
  I used static route as in
  ip route 0.0.0.0 255.255.255.255 xxx.xxx.xxx.xxx  where is
 xxx.xxx.xxx.xxx
is the other router interface
  I disabled ip routing
  no ip routing
  Can Anyone please help me if a missed anything
  THANX a lot
  Elias
  
  _
  Trouvez l'bme soeur sur MSN Rencontres ! http://g.msn.fr/FR1000/9551
_
Dicouvrez les nouvelles imotictnes animies de  http://g.msn.fr/FR1001/866
MSN Messenger nouvelle formule




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71897t=71890
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Problem [7:71890]

[Zsombor Papp]

Probably the outside world doesn't know about your network that's behind 
the 3600. The ping reply needs to come back somehow.

And/or the host behind the 3600 doesn't know that the 3600 is the gateway.

Thanks,

Zsombor


At 04:32 PM 7/4/2003 +, Projet AIM wrote:
Hi again
I am pretty much thanksfull for your explanantion
I have tried what you have suggested and still it doesn't work
The thing is I am convainced that I am missing something but can't find out
what
Thanx again and any help is appreciated
Elias


 From: Jans van Deventer
 Reply-To: Jans van Deventer
 To: [EMAIL PROTECTED]
 Subject: Re: Problem [7:71890]
 Date: Fri, 4 Jul 2003 14:25:41 GMT
 
 Hi
 
 What you did when you typed no ip routing was to effectively change
 your router into an IP host. You must enable ip routing with ip
 routing and then add your static route. Test again and come back for
 help if it doensn't work.
 
 One advantage of disabling IP routing and effectively turning your
 router into a host is because you can then use all the nice debug
 functionalities like debug ip packet, as though your router was a host.
 
 Regards,
 Jans
 
 Projet AIM wrote:
 
  Hi all
  I have a cisco 3600 and I am facing an unknown problem maybe it is
 stupuid
  but realy i don't know
  I have a pretty much common configuration 2 valid IP addresses on both
  interfaces. one of them are my network the other interface is linked to
  another router interface when I trie to ping the outside from the
 router's
  consol I have a response but when I try to ping from a machine in my
 network
  and don't have any reply.
  I used static route as in
  ip route 0.0.0.0 255.255.255.255 xxx.xxx.xxx.xxx  where is
 xxx.xxx.xxx.xxx
is the other router interface
  I disabled ip routing
  no ip routing
  Can Anyone please help me if a missed anything
  THANX a lot
  Elias
  
  _
  Trouvez l'bme soeur sur MSN Rencontres ! http://g.msn.fr/FR1000/9551
_
Dicouvrez les nouvelles imotictnes animies de  http://g.msn.fr/FR1001/866
MSN Messenger nouvelle formule




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71899t=71890
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ????DHCP Problem???? [7:71667]

[Troy Leliard]

It also depends on how your ISP is assigning IP addresses  My Cable provider
only assigned IP's to registered MAC addresses.  In this case you can either
register you E1 mac address with them, or you can spoof a  registered mac
address.

Below is a snipet of one of my routers spoofing a MAC address, and
configured to received its IP address via DHCP.

interface Ethernet0
 mac-address 0030.ab14.537a
 ip address dhcp client-id Ethernet0




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71776t=71667
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ????DHCP Problem???? [7:71667]

[John Q Public]

UPDATE!!!

I was able to get an IP on my 806 off my linksys, thru DHCP after I removed
the ip verify unicast reverse-path command , but still unable to get one
from my ISP thru my cable modem, even though I can get one on my linksys and
direct to my PC off the same modem, kinda weird, maybe Cisco uses a
different port # for DHCP requests and my ISP may not recognize it or be
blocking it




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71674t=71667
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ????DHCP Problem???? [7:71667]

[- jvd]

Try 
interface ethernet 1
   ip address negotiated

I've seen some configuration like this before and believe it is when the
other side is running a DHCP server.

Kind regards,
Janó


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71732t=71667
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IMA problem between Cisco 3600 and Nortel Passport [7:71632]

[Raul Arango]

Hi,

I am having a stability trouble with an IMA configured over a Cisco 3600
router. The IMA is connected to a Nortel Passport 7480.
The IMA has 2 links, and continuously one of the links fails. 

Here is the IMA configuration:

interface ATM1/0
 no ip address
 no ip mroute-cache
 no atm oversubscribe
 no atm ilmi-keepalive
 ima-group 0
 scrambling-payload
 impedance 120-ohm
!
interface ATM1/1
 no ip address
 no ip mroute-cache
 no atm oversubscribe
 no atm ilmi-keepalive
 ima-group 0
 scrambling-payload
 impedance 120-ohm
!

interface ATM1/IMA0
 no ip address
 no atm ilmi-keepalive
!
interface ATM1/IMA0.1 point-to-point
 ip address 10.7.128.154 255.255.255.252
 pvc 3/223
  ubr 3840
  encapsulation aal5snap
 !
!
interface ATM1/IMA0.2 point-to-point
 ip address 10.16.0.82 255.255.255.252
 pvc 3/224

As can be seen, the passport detects many remote links failures:

CRITICAL SET 70111213 03-06-29 17:35:45 EM/PPMAL010 LP/1 IMA/1 LK/2
CRITICAL SET 70111213 03-06-29 17:35:45 EM/PPMAL010 LP/1 IMA/1 LK/1
CLEARED  CLR 70111213 03-06-29 17:35:55 EM/PPMAL010 LP/1 IMA/1 LK/2
CLEARED  CLR 70111213 03-06-29 17:35:55 EM/PPMAL010 LP/1 IMA/1 LK/1
MAJORSET 09990012 03-06-29 18:07:40 EM/PPMAL010 LP/1 IMA/1 LK/2
CLEARED  CLR 09990012 03-06-29 18:10:19 EM/PPMAL010 LP/1 IMA/1 LK/2
MAJORSET 09990012 03-06-29 18:10:48 EM/PPMAL010 LP/1 IMA/1 LK/1
CRITICAL SET 70111213 03-06-29 18:17:42 EM/PPMAL010 LP/1 IMA/1 LK/1
CLEARED  CLR 09990012 03-06-29 18:17:42 EM/PPMAL010 LP/1 IMA/1 LK/1
CLEARED  CLR 70111213 03-06-29 18:17:52 EM/PPMAL010 LP/1 IMA/1 LK/1

I want to know if somebody have experience configuring IMA in similar
surroundings and can help me.

Regards,

Raúl.



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71632t=71632
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IMA problem between Cisco 3600 and Nortel Pass [7:71632]

[Annlee Hines]

What does the troubleshooting NTP (I forget the exact name  number, but if
you have a PP, you probably know it) say about error 7011 1213 and 0999
0012? I notice the former is a critical while the latter is a major; also,
the times on the errors sometime overlap. You may have to read down into the
verbiage to get a description. It's highly likely they both result from a
single root cause, and looking at the detailed description on both error
messages may yield what the PP thinks is the problem. That should then lead
you to what needs to change (and that might be on either switch).

Sorry I can't help more than that, but I don't have PP handy anymore.

Annlee

Raul Arango wrote:
 
 Hi,
 
 I am having a stability trouble with an IMA configured over a
 Cisco 3600 router. The IMA is connected to a Nortel Passport
 7480.
 The IMA has 2 links, and continuously one of the links fails. 
 
 Here is the IMA configuration:
 
 interface ATM1/0
  no ip address
  no ip mroute-cache
  no atm oversubscribe
  no atm ilmi-keepalive
  ima-group 0
  scrambling-payload
  impedance 120-ohm
 !
 interface ATM1/1
  no ip address
  no ip mroute-cache
  no atm oversubscribe
  no atm ilmi-keepalive
  ima-group 0
  scrambling-payload
  impedance 120-ohm
 !
 
 interface ATM1/IMA0
  no ip address
  no atm ilmi-keepalive
 !
 interface ATM1/IMA0.1 point-to-point
  ip address 10.7.128.154 255.255.255.252
  pvc 3/223
   ubr 3840
   encapsulation aal5snap
  !
 !
 interface ATM1/IMA0.2 point-to-point
  ip address 10.16.0.82 255.255.255.252
  pvc 3/224
 
 As can be seen, the passport detects many remote links failures:
 
 CRITICAL SET 70111213 03-06-29 17:35:45 EM/PPMAL010 LP/1 IMA/1
 LK/2
 CRITICAL SET 70111213 03-06-29 17:35:45 EM/PPMAL010 LP/1 IMA/1
 LK/1
 CLEARED  CLR 70111213 03-06-29 17:35:55 EM/PPMAL010 LP/1 IMA/1
 LK/2
 CLEARED  CLR 70111213 03-06-29 17:35:55 EM/PPMAL010 LP/1 IMA/1
 LK/1
 MAJORSET 09990012 03-06-29 18:07:40 EM/PPMAL010 LP/1 IMA/1
 LK/2
 CLEARED  CLR 09990012 03-06-29 18:10:19 EM/PPMAL010 LP/1 IMA/1
 LK/2
 MAJORSET 09990012 03-06-29 18:10:48 EM/PPMAL010 LP/1 IMA/1
 LK/1
 CRITICAL SET 70111213 03-06-29 18:17:42 EM/PPMAL010 LP/1 IMA/1
 LK/1
 CLEARED  CLR 09990012 03-06-29 18:17:42 EM/PPMAL010 LP/1 IMA/1
 LK/1
 CLEARED  CLR 70111213 03-06-29 18:17:52 EM/PPMAL010 LP/1 IMA/1
 LK/1
 
 I want to know if somebody have experience configuring IMA in
 similar surroundings and can help me.
 
 Regards,
 
 Raúl.
 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71654t=71632
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

????DHCP Problem???? [7:71667]

[John Q Public]

Hi,

I have started a home lab and have a Cisco 806 router with IOS 12.2 IP F/W
Plus installed on it. I am trying to set up the 806 to be my gateway between
my home network and my cable modem. I have set up nat and have that working
properly, and I have tried RIP v2 running between the 806 and Linksys, which
works ok, my problem is that I can't pull a DHCP IP address from my ISP from
my e1 int to save my life, I can get an ip on my linksys off the cable modem
and direct into my PC just fine but when I try it on my 806 no matter what I
try it just wont take an IP off my cable modem, I know it has to be
something in my config, because my modem works fine everywhere else, if you
guys could take a look at my config and help me out I would appreciate it -
THANKS!!!

806#sh ru
Building configuration...

Current configuration : 1726 bytes
!
version 12.2
no parser cache
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname 806
!
logging console informational
!

clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip source-route
no ip domain lookup
ip name-server x.x.x.x
ip name-server x.x.x.x
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.2
ip dhcp ping packets 1
ip dhcp ping timeout 100
!
ip dhcp pool CLIENT
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
!
ip dhcp pool client
!
no ip bootp server
ip cef
!
!
!
interface Ethernet0
ip address 10.10.10.3 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip nat inside
no cdp enable
hold-queue 32 in
hold-queue 100 out
!
interface Ethernet1
description Internet
ip address dhcp
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip nat outside
no cdp enable
!
ip nat log translations syslog
ip nat inside source list 1 interface Ethernet0 overload
no ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
no ip http server
!
!
access-list 1 permit any
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
no cdp run
!
line con 0
exec-timeout 120 0
logging synchronous
stopbits 1
line vty 0 4
exec-timeout 0 0
exec prompt timestamp
length 0
!
scheduler max-task-time 5000
scheduler interval 500
end 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71667t=71667
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ????DHCP Problem???? [7:71667]

[John Q Public]

UPDATE!!!

I was able to get an IP on my 806 off my linksys, thru DHCP after I removed
the ip verify unicast reverse-path command , but still unable to get one
from my ISP thru my cable modem, even though I can get one on my linksys and
direct to my PC off the same modem, kinda weird, maybe Cisco uses a
different port # for DHCP requests and my ISP may not recognize it or be
blocking it


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71673t=71667
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Boot problem with new 6513 [7:71390]

[MADMAN]

I assume you have OS somewhere on this box.  If the OS is on 
bootflash, from the ROMMON prompt try boot bootflash:filename  You 
should be able to verify a files existance by doing a dir bootflash:

   Dave

Ron wrote:
 I have a new 6513 Catalyst switch and am getting the following when I boot
 the device:
 
 Autoboot: failed, BOOT string is empty
 rommon 1 
 
 Can someone lead me in the right direction on what to do to get the boot
 string set up properly?
-- 
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367

Government can do something for the people only in proportion as it
can do something to the people. -- Thomas Jefferson




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71438t=71390
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Switch cluster managment problem. [7:71336]

[Stuart Pittwood]

Hi all,

We have a 3550-12T which is connected to 3 2950G-48-EI's via the GBIC ports.

When I access the cluster managment software on the 3550 is shows the 2950s
as unknown devices, if I access the CMS on one of the 2950s it shows me the
correct switch (but only the one) and I'm able to manage it.

Is there anyway I can get the CMS on the 3550 to pick up the model of the
switches it's connected to correctly.

Thanks

Stu P




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71336t=71336
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Boot problem with new 6513 [7:71390]

[Ron]

I have a new 6513 Catalyst switch and am getting the following when I boot
the device:

Autoboot: failed, BOOT string is empty
rommon 1 

Can someone lead me in the right direction on what to do to get the boot
string set up properly?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71390t=71390
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Boot problem with new 6513 [7:71390]

[Larry Letterman]

Is there a slot card in the sup ?
If so , try to boot from slot0:


Larry Letterman
Cisco Systems




-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Ron
Sent: Wednesday, June 25, 2003 3:55 PM
To: [EMAIL PROTECTED]
Subject: Boot problem with new 6513 [7:71390]


I have a new 6513 Catalyst switch and am getting the following when I
boot the device:

Autoboot: failed, BOOT string is empty
rommon 1 

Can someone lead me in the right direction on what to do to get the boot
string set up properly?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71392t=71390
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Boot problem with new 6513 [7:71390]

[Ronnie Higginbotham]

Ronnie
Ron  wrote in message
news:[EMAIL PROTECTED]
 I have a new 6513 Catalyst switch and am getting the following when I boot
 the device:

 Autoboot: failed, BOOT string is empty
 rommon 1 

 Can someone lead me in the right direction on what to do to get the boot
 string set up properly?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71400t=71390
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RES: Problem w/ 802.1q trunking [7:70901]

[CCIEwaNNaB]

The native Vlan on the 5500 is Vlan 13. 

Hemingway: 
The config I posted was from a 4500M router with a NP-6e module installed.
Like I said before I have don't have a problem with 2 of the 3 vlans on the
trunk link, but it's Vlan 13 that's the problem. I'm not able to ping from
and to anywhere on that Vlan.

jvd:
I think starting with the release of 12.2 you are able to trunk on 10Mb
links on routers 2600 and above. Try it...



Hemingway wrote:
 
 - jvd  wrote in message
 news:[EMAIL PROTECTED]
  Hi,
 
  802.1q is supported by Cisco on FastEthernet and
 GigabitEthernet, and not
 on
  Ethernet. Check out:
 
 moving to a new computer, and can't locate the beginning of
 this thread.
 sorry if this was covered previously.
 
 the 2610 and 11 will support dot1q trunking on the built in
 10baseT ethernet
 ports. I believe this startrd with one of the earlier 12.1 IOS
 images.
 
 I also have  done dot1q trunking of NM ethernet modules, both
 on the 36xx
 and 26xx platforms, again with an appropriate IOS image.
 
 If it was router ports of which you were speaking.
 
 Can't say as to whether or not there are 10baseT switch ports
 that support
 dot1q, although I believe you can do it on 35xx switches
 where the
 fastethernet port is forced to a 10megabit speed.
 
 
 
 

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca801.html#xtocid18
 
  ISL is supported by Cisco on Ethernet, FastEthernet and
 GigabitEthernet.
 
  Hope this helps.
  Regards,
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71255t=70901
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RES: Problem w/ 802.1q trunking [7:70901]

[- jvd]

This is very interesting. The URL that I posted earlier:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_config
uration_guide_chapter09186a00800ca801.html#xtocid18 

is for IOS 12.2 Mainline. 

From the original message posted you can see that it is really ethernet
ports the guy is trying to configure. And Hemingway is saying that he has
configured 802.1q on router ethernet ports before with IOS 12.1.

Any comments on this?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71089t=70901
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RES: Problem w/ 802.1q trunking [7:70901]

[- jvd]

Hi,

802.1q is supported by Cisco on FastEthernet and GigabitEthernet, and not on
Ethernet. Check out:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca801.html#xtocid18

ISL is supported by Cisco on Ethernet, FastEthernet and GigabitEthernet.

Hope this helps.
Regards,



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71064t=70901
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]