Ethernet bogs down help has anyone seen this problem [7:75238]
I have a customer that has a small office with a Cisco 56K Frame router. They are running Nat. Now when I plug in the frame side the ethernet side gets constant request for translation then it gets to the point where you can no longer even ping the ethernet side. If I remove the RG45 cable from the frame side. No problem the request stop and I can ping my ethernet side of the router fine with 10ml sec responses all day. The users office is down because he can not get out to the web. I've checked for viruses and everything seems fine. Does anyone have any ideas? This one is driving me crazy. The ISP says that my router is bad, but I doubt it. It started all of a sudden after working fine for 2 years. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75238t=75238 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Ethernet bogs down help has anyone seen this problem [7:75263]
I'll bet the trouble started when the Nachi worm started spreading. It uses pings to find hosts to infect. See the following to see what happens to NAT when pinged from the outside. http://www.cisco.com/warp/public/556/4.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, September 11, 2003 7:01 AM To: [EMAIL PROTECTED] Subject: Ethernet bogs down help has anyone seen this problem [7:75238] I have a customer that has a small office with a Cisco 56K Frame router. They are running Nat. Now when I plug in the frame side the ethernet side gets constant request for translation then it gets to the point where you can no longer even ping the ethernet side. If I remove the RG45 cable from the frame side. No problem the request stop and I can ping my ethernet side of the router fine with 10ml sec responses all day. The users office is down because he can not get out to the web. I've checked for viruses and everything seems fine. Does anyone have any ideas? This one is driving me crazy. The ISP says that my router is bad, but I doubt it. It started all of a sudden after working fine for 2 years. **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75263t=75263 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Ethernet bogs down help has anyone seen this problem [7:75277]
Try an access-list that denies ICMP and then use IP accounting access- violations to see - more than likely a virus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, September 11, 2003 7:01 AM To: [EMAIL PROTECTED] Subject: Ethernet bogs down help has anyone seen this problem [7:75238] I have a customer that has a small office with a Cisco 56K Frame router. They are running Nat. Now when I plug in the frame side the ethernet side gets constant request for translation then it gets to the point where you can no longer even ping the ethernet side. If I remove the RG45 cable from the frame side. No problem the request stop and I can ping my ethernet side of the router fine with 10ml sec responses all day. The users office is down because he can not get out to the web. I've checked for viruses and everything seems fine. Does anyone have any ideas? This one is driving me crazy. The ISP says that my router is bad, but I doubt it. It started all of a sudden after working fine for 2 years. **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75277t=75277 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Ethernet bogs down help has anyone seen this problem [7:75285]
Do a sh ip nat trans. Are you seeing a quadrillion icmp translations all sourcing a same host or few hosts? Dave Andrew Larkins wrote: Try an access-list that denies ICMP and then use IP accounting access- violations to see - more than likely a virus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, September 11, 2003 7:01 AM To: [EMAIL PROTECTED] Subject: Ethernet bogs down help has anyone seen this problem [7:75238] I have a customer that has a small office with a Cisco 56K Frame router. They are running Nat. Now when I plug in the frame side the ethernet side gets constant request for translation then it gets to the point where you can no longer even ping the ethernet side. If I remove the RG45 cable from the frame side. No problem the request stop and I can ping my ethernet side of the router fine with 10ml sec responses all day. The users office is down because he can not get out to the web. I've checked for viruses and everything seems fine. Does anyone have any ideas? This one is driving me crazy. The ISP says that my router is bad, but I doubt it. It started all of a sudden after working fine for 2 years. **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75285t=75285 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: EM VoIP Problem [7:74717]
Sounds like problems initiating on the remote site or the reception of the session onthis site. Start debugging on remote site, pls show us the output. Show call/pots/dial- Any number expansion/wildcard issues? debug call rsvp-sync events Martijn -Oorspronkelijk bericht- Van: lost in space [mailto:[EMAIL PROTECTED] Verzonden: woensdag 3 september 2003 18:03 Aan: [EMAIL PROTECTED] Onderwerp: EM VoIP Problem [7:74717] Dear Experts, I am having this problem with EM VoIP. We are using an EM PABX operating with 4 wire and using immediate signalling. The network are connected via 2 Mbps Leased Line. I can make voice calls from my site to remote site, however when i asked someone from the remote site to call the other way around he get busy tones all the time eventough the extension were actually not bust at that time. The strange thing is that the remote site can make voice call to my site only to 2 extension (300 and 400), but when they dial another extension ex: 363, or 369 they get busy tones all the time. the dial-peer configuration on the remote router are like this dial-peer voice 1 pots destination-pattern +... port 1/0/0 dial-peer voice 1 pots destination-pattern +... port 1/0/1 dial-peer voice 3 voip destination-pattern +3.. session target ipv4:172.23.1.34(ip address of router's serial interface at my site). dial-peer voice 4 voip destination-pattern +4.. session target ipv4:172.23.1.34 (ip address of router's serial interface at my site). Is it the wiring arrangement problem? i already set up the wiring arrangement based on a reference i got from CCO. Is it a timeouts parameter problem? or Is it the EM PABX problem? Like always, the PABX technician feel that he has done everything correctly. I am also confident that i have done the configuration correctly. Anyone has similar experience? Any idea would be greaty appreciated. Thanks in advance. RD **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75160t=74717 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
CDP problem [7:74949]
Hi people of Groupstudy, I have a little problem with CDP. I have a problem with CDP over Frame relay connectivity but i have no CLUE what the problem is I have an HUB AND SPOKE 4 routers are connected to the frame switch The Frame switch has no CDP information (how is this possible?) R2 R4 R5 R6 R2 is the HUB Can someone help me with this ? Thanks Bye Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74949t=74949 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: CDP problem [7:74949]
What does show CDP nei give you? If you recieve Router#show cdp neighbors % CDP is not enabled This is self explainatory The CDP run command should solve that. If you get this then maybe your remote router does not have CDP enabled Router#show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device IDLocal Intrfce HoldtmeCapability Platform Port ID Router# Also remember that CDP is a non-routable protocol so only directly connected neighbors are shown Also remember that CDP can be disabled on a per interface basis HTH I know that I might be stating the obvious here. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74996t=74949 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: CDP problem [7:74949]
I don't think the Frame swich should have a CDP entry for the directly conencted neighbors. Your Frame sites that are connected to each other VIA the frame switch should, for example R2 should have a CDP entry for its spokes, and the spokes should see R2. Remember that CDP is a layer 2 protocol, so between two layer 2 connections you should see CDP neighbors. Your Frame spokes and the hub are all layer 2 connections, but your frame switch is not actually a layer 2 termination. Its just acting as the Frame cloud connecting the Layer 2 Frame connections together. Maybe I'm wrong but that is my envisioning of it, maybe someone else can at least explain it better. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74999t=74949 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
DNS Problem [7:74890]
Guys, I am having problem resolving DNS names. I have a Cisco 2600 and configured for right name-servers and domain name, but I am still unable to ping www.yahoo.com from my router and a unix box. My router/unix is behind a PIX firewall. I also created an ACL to allow outbound conections to my internal Unix/Router. Following is my pix ACL. I am wondering if somehow my firewall is not allowing DNS resolution. I can ping outside fine. Any help would be greatly appreciated. Regards!! access-list outside_in permit tcp any host 204.1.2.2 eq telnet access-list outside_in permit icmp any any access-list outside_in permit tcp any host 204.1.2.2 eq ftp access-list outside_in permit tcp any host 204.1.2.2 eq www access-list outside_in permit tcp any host 204.1.2.2 eq domain access-list outside_in permit udp any host 204.1.2.2 eq domain access-group outside_in in interface outside global (outside) 1 204.1.2.1 netmask 255.255.255.0 nat (inside) 1 10.1.1.0 255.255.255.0 0 0 static (inside,outside) 204.1.2.2 10.1.1.1 netmask 255.255.255.255 0 0 (Unix Box ) static (inside,outside) 204.1.2.3 10.1.1.6 netmask 255.255.255.255 0 0 (Router) = These are the logs from my PIX firewall.. (tried nslookup from unix box) 302015: Built outbound UDP connection 23742 for outside:129.250.35.251/53 (129.250.35.251/53) to inside:10.1.1.1/10166 (204.1.159.205/10166) 302015: Built outbound UDP connection 23743 for outside:129.250.35.250/53 (129.250.35.250/53) to inside:10.1.1.1/10166 (204.1.159.205/10166) 302016: Teardown UDP connection 23740 for outside:129.250.35.251/53 to inside:10.1.1.1/40069 duration 0:02:41 bytes 188 302016: Teardown UDP connection 23741 for outside:129.250.35.250/53 to inside:10.1.1.1/40069 duration 0:02:56 bytes 188 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74890t=74890 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
2950 problem (see my previous post) [7:74842]
Hi here is an extract from a test we are able to run C3 System IO Registers test CALHOUN SKU id 0: 24 Fast Ethernet Ports, 0 Gigabit ports cmic_read_miim ERROR: timeout (addr=0x01 id=0x00) cmic_read_miim: error (could not read MII register #1). ERROR: CALHOUN SKU id 0: 0 ports found, 24 ports expected. ERROR: SKU id 0 found, expected SKU id -1 Board claims to be a Calhoun 24 (24 FE) instead of a Unknown Platform FAILED C4 LED Test cmic_write_miim ERROR: timeout (addr=0x14 id=0x00 data=0x9900) SetLedColor: cmic_write_miim() failed! cmic_write_miim ERROR: timeout (addr=0x14 id=0x01 data=0x9900) SetLedColor: cmic_write_miim() failed! Anybody has any ideas? Thanks in advance Koen ** This electronic message together with any attachments is confidential. If you receive it in error: (i) you must not use, disclose, copy or retain it; (ii) please contact the sender immediately by reply email and then delete the emails. Views expressed in this email may not be those of the Airways Corporation of New Zealand Limited ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74842t=74842 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
EM VoIP Problem [7:74717]
Dear Experts, I am having this problem with EM VoIP. We are using an EM PABX operating with 4 wire and using immediate signalling. The network are connected via 2 Mbps Leased Line. I can make voice calls from my site to remote site, however when i asked someone from the remote site to call the other way around he get busy tones all the time eventough the extension were actually not bust at that time. The strange thing is that the remote site can make voice call to my site only to 2 extension (300 and 400), but when they dial another extension ex: 363, or 369 they get busy tones all the time. the dial-peer configuration on the remote router are like this dial-peer voice 1 pots destination-pattern +... port 1/0/0 dial-peer voice 1 pots destination-pattern +... port 1/0/1 dial-peer voice 3 voip destination-pattern +3.. session target ipv4:172.23.1.34(ip address of router's serial interface at my site). dial-peer voice 4 voip destination-pattern +4.. session target ipv4:172.23.1.34 (ip address of router's serial interface at my site). Is it the wiring arrangement problem? i already set up the wiring arrangement based on a reference i got from CCO. Is it a timeouts parameter problem? or Is it the EM PABX problem? Like always, the PABX technician feel that he has done everything correctly. I am also confident that i have done the configuration correctly. Anyone has similar experience? Any idea would be greaty appreciated. Thanks in advance. RD Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74717t=74717 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
BGP PEERGROUP PROBLEM [7:74725]
Could someone please assist me? I set up a customer to received the Partial TABLE but for some reason the customer is receiving the Full Table. I checked the filter list but that does not seem to be the problem. Any assistance will be greatly appreciated. Thanks GP _ Get MSN 8 and enjoy automatic e-mail virus protection. http://join.msn.com/?page=features/virus Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74725t=74725 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: BGP PEERGROUP PROBLEM [7:74725]
Perhaps a config would be helpful. Or do you expect us to use our psychic abilities to determine the problem? ;-) JMC Nel 9/3/03 12:29:06 PM Could someone please assist me? I set up a customer to received the Partial TABLE but for some reason the customer is receiving the Full Table. I checked the filter list but that does not seem to be the problem. Any assistance will be greatly appreciated. Thanks GP _ Get MSN 8 and enjoy automatic e-mail virus protection. http://join.msn.com/?page=features/virus **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74728t=74725 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: BGP PEERGROUP PROBLEM [7:74725]
Is it possible to have some sh run, sh ip route, sh ip bgp nei configs please any two will do.You don't have to give away you IDs for Thank you Ollie ATT Common Backbone 866-397-7309 Opt 1 -Original Message- From: JMC Nel [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 03, 2003 12:53 PM To: [EMAIL PROTECTED] Subject: BGP PEERGROUP PROBLEM [7:74725] Could someone please assist me? I set up a customer to received the Partial TABLE but for some reason the customer is receiving the Full Table. I checked the filter list but that does not seem to be the problem. Any assistance will be greatly appreciated. Thanks GP _ Get MSN 8 and enjoy automatic e-mail virus protection. http://join.msn.com/?page=features/virus **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74731t=74725 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Serial line problem [7:74530]
Hi all, Small problem We got an update today from 128kb to 512kb leased line. We got 2 3640 routers, 1 on each end off the leased line . IOS on first 3640 12.0(13) on second 3640 router 12.0(4). Both routers have a NM-4T module. On first router: All is up, DCD=up DSR=up DTR=up RTS=up CTS=up and Serial3/0 is up. Only problem : line protocol is down. When we check the controller .. sh controller serial 3/0 : M4T: show controller: PAS unit 4, subunit 0, f/w version 1-45, rev ID 0x281, version 3 idb = 0x6100B4F0, ds = 0x6100CDD0, ssb=0x6100D0A0 Clock mux=0x0, ucmd_ctrl=0xC, port_status=0x74 Serial config=0x8, line config=0x200 maxdgram=1608, bufpool=48Kb, 31 particles DCD=up DSR=up DTR=up RTS=up CTS=up line state: up cable type : V.35 DTE cable, received clockrate 246 base0 registers=0x3D80, base1 registers=0x3D802000 mxt_ds=0x6138C950, rx ring entries=40, tx ring entries=128 rxring=0x25F34A0, rxr shadow=0x61010CD4, rx_head=0 txring=0x25F3620, txr shadow=0x61010EE0, tx_head=47, tx_tail=47, tx_count=0 throttled=0, enabled=0 rx_no_eop_err=0, rx_no_stp_err=0, rx_no_eop_stp_err=0 rx_no_buf=0, rx_soft_overrun_err=0, dump_err= 0, bogus=0, mxt_flags=0x0 tx_underrun_err=0, tx_soft_underrun_err=0, tx_limited=1(2) tx_fullring=362444708, tx_started=1033135562 Now when i look at the second router : cable type : V.35 DTE cable, received clockrate 511680 Don't those 2 clockrates have to be the same, 511680 looks good to me for a 512kb line? And does this problem point to the Telco who has a problem with their clockrate ?? Anyone with a clew ? Cause i think that when line protocol is down, that the problems mostly is on the Telco's site. Thnx in advance, JT ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74530t=74530 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Serial line problem [7:74530]
Jeroen Timmer wrote: Don't those 2 clockrates have to be the same, 511680 looks good to me for a 512kb line? And does this problem point to the Telco who has a problem with their clockrate ?? Yeah, that's what it looks like. Your first router isn't getting a clock from the line. Assuming it was an in-place upgrade (so you didn't toch anything) that looks like a telco problem. If you did swap cables or router ports, you might want to look at those first... Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74532t=74530 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: FXS Problem - Always getting a busy signal on either [7:74285]
What voice ports are the phones plugged into physically? Maybe you have phone in port x/y/1 instead of x/y/0. 'show voice port port#' will give details on voice port status too. You may want to do a 'csim start ' or 'csim start ' to see if the router with that phone actually rings (don't have any phones picked up at this point). --- Maria wrote: GDay Everyone, Just hoping you all may be able to shed some light onto this for me. This is the fist time I have tired to configure FXS ports and its proving to be getting the better of me. I have 2 routers (2610XM) connected together via a serial back to back. in each of these routers I have a VIC-2FXS card in each NM-2V module. I have followed a basic configuration and I get a dial tone in the ear handset but for the life of me I am continually getting a busy tone from each phone. When the phone is taken off hook I do get a green light on the vic. Below is the configuration Router A hostname Router-A voice-port 1/0/0 voice-port 1/0/1 dial-peer voice 1 pots destination-pattern port 1/0/0 dial-peer voice 2 voip destination-pattern session target ipv4:10.1.1.2 interface Serial0/0 ip address 10.1.1.1 255.255.255.0 no fair-queue Router B hostname Router-B voice-port 1/1/0 voice-port 1/1/1 dial-peer voice 1 pots destination-pattern port 1/1/0 dial-peer voice 2 voip destination-pattern session target ipv4:10.1.1.1 interface Serial0/0 ip address 10.1.1.2 255.255.255.0 no fair-queue clockrate 400 I can ping from either router the other router OK. Any thoughts would be of great advantage. Thanks for you assistance John **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74285t=74285 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: FXS Problem - Always getting a busy signal on [7:74285]
The only thing that I could see that was not done is as follows: Create a Loopback0 Interface on each router say 135.25.2.1 135.25.0.1 Have the Session Target point to each others Loopback rather than the Serial Interface OSPF was used with an inverted mask in which this IP Scope includes all of the IPs used on the point to point and the two Loopbacks Router OSPF 64 network 135.25.0.0 0.0.255.255 area 0 (on both routers) With the above OSPF Network you will have ip classless or no ip classless Hope this helps! /northgatenet Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74291t=74285 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: problem after upgrading 3620 IOS [7:74160]
If the .bin file is not larger than 16M, and your system meets the requirements, go to the following link: http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configuration_guide_chapter09186a00800ca550.html Good Luck! /northgatenet Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74293t=74160 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: FXS Problem - Always getting a busy signal on either [7:74294]
Everyone, I have found the solution. It was to do with my phones. If you connect a non US phone to port 0 it wont work :) Here is a url that might help anyone else in the future. http://www.cisco.com/en/US/tech/tk652/tk653/technologies_tech_note09186a0080094fac.shtml The information under Pinout Information Port 0 on a VIC-2FXS is designed to accommodate a US style 2-line phone, instead of the usual European style 1-line phone. This means that in addition to pins 3 and 4 being used, pins 2 and 5 are also monitored. With some phone handsets it is possible that pins 2 and 5 are wired up to allow last number re-call or call-forwarding. If this is the case, Port 0 on the VIC will assume you have a 2-line phone, and shutdown port 1. Hope this helps John Maria wrote in message news:[EMAIL PROTECTED] GDay Everyone, Just hoping you all may be able to shed some light onto this for me. This is the fist time I have tired to configure FXS ports and its proving to be getting the better of me. I have 2 routers (2610XM) connected together via a serial back to back. in each of these routers I have a VIC-2FXS card in each NM-2V module. I have followed a basic configuration and I get a dial tone in the ear handset but for the life of me I am continually getting a busy tone from each phone. When the phone is taken off hook I do get a green light on the vic. Below is the configuration Router A hostname Router-A voice-port 1/0/0 voice-port 1/0/1 dial-peer voice 1 pots destination-pattern port 1/0/0 dial-peer voice 2 voip destination-pattern session target ipv4:10.1.1.2 interface Serial0/0 ip address 10.1.1.1 255.255.255.0 no fair-queue Router B hostname Router-B voice-port 1/1/0 voice-port 1/1/1 dial-peer voice 1 pots destination-pattern port 1/1/0 dial-peer voice 2 voip destination-pattern session target ipv4:10.1.1.1 interface Serial0/0 ip address 10.1.1.2 255.255.255.0 no fair-queue clockrate 400 I can ping from either router the other router OK. Any thoughts would be of great advantage. Thanks for you assistance John **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74294t=74294 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: FXS Problem - Always getting a busy signal on [7:74294]
John wrote: Everyone, I have found the solution. It was to do with my phones. If you connect a non US phone to port 0 it wont work :) I might be reading this wrong, but IMHO this document says that port 1 won't work if you connect a US-style phone (or one that looks like that) to port 0. Not that you have to connect a US-style phone to port 0. Thanks, Zsombor Here is a url that might help anyone else in the future. http://www.cisco.com/en/US/tech/tk652/tk653/technologies_tech_note09186a0080094fac.shtml The information under Pinout Information Port 0 on a VIC-2FXS is designed to accommodate a US style 2-line phone, instead of the usual European style 1-line phone. This means that in addition to pins 3 and 4 being used, pins 2 and 5 are also monitored. With some phone handsets it is possible that pins 2 and 5 are wired up to allow last number re-call or call-forwarding. If this is the case, Port 0 on the VIC will assume you have a 2-line phone, and shutdown port 1. Hope this helps John Maria wrote in message news:[EMAIL PROTECTED] GDay Everyone, Just hoping you all may be able to shed some light onto this for me. This is the fist time I have tired to configure FXS ports and its proving to be getting the better of me. I have 2 routers (2610XM) connected together via a serial back to back. in each of these routers I have a VIC-2FXS card in each NM-2V module. I have followed a basic configuration and I get a dial tone in the ear handset but for the life of me I am continually getting a busy tone from each phone. When the phone is taken off hook I do get a green light on the vic. Below is the configuration Router A hostname Router-A voice-port 1/0/0 voice-port 1/0/1 dial-peer voice 1 pots destination-pattern port 1/0/0 dial-peer voice 2 voip destination-pattern session target ipv4:10.1.1.2 interface Serial0/0 ip address 10.1.1.1 255.255.255.0 no fair-queue Router B hostname Router-B voice-port 1/1/0 voice-port 1/1/1 dial-peer voice 1 pots destination-pattern port 1/1/0 dial-peer voice 2 voip destination-pattern session target ipv4:10.1.1.1 interface Serial0/0 ip address 10.1.1.2 255.255.255.0 no fair-queue clockrate 400 I can ping from either router the other router OK. Any thoughts would be of great advantage. Thanks for you assistance John **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74295t=74294 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
FXS Problem - Always getting a busy signal on either router. [7:74283]
GDay Everyone, Just hoping you all may be able to shed some light onto this for me. This is the fist time I have tired to configure FXS ports and its proving to be getting the better of me. I have 2 routers (2610XM) connected together via a serial back to back. in each of these routers I have a VIC-2FXS card in each NM-2V module. I have followed a basic configuration and I get a dial tone in the ear handset but for the life of me I am continually getting a busy tone from each phone. When the phone is taken off hook I do get a green light on the vic. Below is the configuration Router A hostname Router-A voice-port 1/0/0 voice-port 1/0/1 dial-peer voice 1 pots destination-pattern port 1/0/0 dial-peer voice 2 voip destination-pattern session target ipv4:10.1.1.2 interface Serial0/0 ip address 10.1.1.1 255.255.255.0 no fair-queue Router B hostname Router-B voice-port 1/1/0 voice-port 1/1/1 dial-peer voice 1 pots destination-pattern port 1/1/0 dial-peer voice 2 voip destination-pattern session target ipv4:10.1.1.1 interface Serial0/0 ip address 10.1.1.2 255.255.255.0 no fair-queue clockrate 400 I can ping from either router the other router OK. Any thoughts would be of great advantage. Thanks for you assistance John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74283t=74283 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: BGP Connectivity Problem [7:74100]
What about mobile IP or VPN to border router and get an internal IP for the tftp server's point of view... Just in a typing mood. Martijn -Oorspronkelijk bericht- Van: Eddie [mailto:[EMAIL PROTECTED] Verzonden: maandag 18 augustus 2003 15:06 Aan: [EMAIL PROTECTED] Onderwerp: Re: BGP Connectivity Problem [7:74100] Matthew Webster wrote: Hi all, I have done a sample bgp configuration at r1r2.com. My network setup is as follows: TFTP_Server-(e0)r1(s0)--(s0)r2 s0 = 192.168.100.0/24 (.1 for r1, .2 for r2) and e0 = 10.1.4.1/24. The problem is that while I can ping the TFTP server (10.1.4.3 from Rtr1's e0 interface), I can't ping from r2, or from r1's s0 interface. [..] I suppose your TFTP server doesn't have a route entry pointing to the network 192.168.100.0 EC **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74153t=74100 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
problem after upgrading 3620 IOS [7:74160]
i get a message that memory is not enough for decompressing the IOS image after upgrading my 3620 with 12.2 IOS , but i have 32MB DRAM , and 16MB flash , it says you have to manually set the memory space , what is the problem , how i do it previous IOS was 11.1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74160t=74160 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: problem after upgrading 3620 IOS [7:74160]
What feature set are you trying to install? For example, the 12.2(1) IP PLUS feature set requires 48MB DRAM and 16MB Flash whereas the IP only feature set requires only 32MB DRAM and 8MB Flash. If you are trying to intall all feature sets then you will need at least 64MB DRAM and 16MB Flash. With the memory you have, you should install either IP or IP/FW/IDS feature sets. On Tue, 2003-08-19 at 02:49, star star7 wrote: i get a message that memory is not enough for decompressing the IOS image after upgrading my 3620 with 12.2 IOS , but i have 32MB DRAM , and 16MB flash , it says you have to manually set the memory space , what is the problem , how i do it previous IOS was 11.1 **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74165t=74160 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: problem after upgrading 3620 IOS [7:74160]
The new IOS is heavy on DRAM - the only way to solve this would be to upgrade the DRAM memory in the box or have a smaller feature set code. It is very important to read the memory requirements before uploading the code. Newer images can use up to 64MB and greater of DRAM Andrew -Original Message- From: star star7 [mailto:[EMAIL PROTECTED] Sent: 19 August 2003 11:50 To: [EMAIL PROTECTED] Subject: problem after upgrading 3620 IOS [7:74160] i get a message that memory is not enough for decompressing the IOS image after upgrading my 3620 with 12.2 IOS , but i have 32MB DRAM , and 16MB flash , it says you have to manually set the memory space , what is the problem , how i do it previous IOS was 11.1 **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74175t=74160 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: BGP Connectivity Problem [7:74100]
Not completely on topic, sorry It is about a router, not a pc box. Martijn -Oorspronkelijk bericht- Van: Jansen, M Verzonden: dinsdag 19 augustus 2003 8:15 Aan: Eddie; [EMAIL PROTECTED] Onderwerp: RE: BGP Connectivity Problem [7:74100] What about mobile IP or VPN to border router and get an internal IP for the tftp server's point of view... Just in a typing mood. Martijn -Oorspronkelijk bericht- Van: Eddie [mailto:[EMAIL PROTECTED] Verzonden: maandag 18 augustus 2003 15:06 Aan: [EMAIL PROTECTED] Onderwerp: Re: BGP Connectivity Problem [7:74100] Matthew Webster wrote: Hi all, I have done a sample bgp configuration at r1r2.com. My network setup is as follows: TFTP_Server-(e0)r1(s0)--(s0)r2 s0 = 192.168.100.0/24 (.1 for r1, .2 for r2) and e0 = 10.1.4.1/24. The problem is that while I can ping the TFTP server (10.1.4.3 from Rtr1's e0 interface), I can't ping from r2, or from r1's s0 interface. [..] I suppose your TFTP server doesn't have a route entry pointing to the network 192.168.100.0 EC **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74154t=74100 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
BGP Connectivity Problem [7:74100]
Hi all, I have done a sample bgp configuration at r1r2.com. My network setup is as follows: TFTP_Server-(e0)r1(s0)--(s0)r2 s0 = 192.168.100.0/24 (.1 for r1, .2 for r2) and e0 = 10.1.4.1/24. The problem is that while I can ping the TFTP server (10.1.4.3 from Rtr1's e0 interface), I can't ping from r2, or from r1's s0 interface. Here are the configs (I give more if needed) r1#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR Gateway of last resort is not set C192.168.200.0/24 is directly connected, Loopback0 10.0.0.0/24 is subnetted, 1 subnets C 10.1.4.0 is directly connected, Ethernet0 C192.168.100.0/24 is directly connected, Serial0 r1#sh ip bgp BGP table version is 2, local router ID is 192.168.100.1 Status codes: s suppressed, d damped, h history, * valid, best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next HopMetric LocPrf Weight Path * 10.1.4.0/24 0.0.0.0 0 32768 i r2#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR Gateway of last resort is not set C192.168.201.0/24 is directly connected, Loopback0 10.0.0.0/24 is subnetted, 1 subnets B 10.1.4.0 [200/0] via 192.168.100.1, 01:18:32 C192.168.100.0/24 is directly connected, Serial0 r2#sh ip bgp BGP table version is 2, local router ID is 192.168.100.2 Status codes: s suppressed, d damped, h history, * valid, best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next HopMetric LocPrf Weight Path *i10.1.4.0/24 192.168.100.10100 0 i TIA, Matthew. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74100t=74100 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: BGP Connectivity Problem [7:74100]
Matthew Webster wrote: Hi all, I have done a sample bgp configuration at r1r2.com. My network setup is as follows: TFTP_Server-(e0)r1(s0)--(s0)r2 s0 = 192.168.100.0/24 (.1 for r1, .2 for r2) and e0 = 10.1.4.1/24. The problem is that while I can ping the TFTP server (10.1.4.3 from Rtr1's e0 interface), I can't ping from r2, or from r1's s0 interface. [..] I suppose your TFTP server doesn't have a route entry pointing to the network 192.168.100.0 EC Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74106t=74100 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: BGP Connectivity Problem [7:74100]
The default route on your TFTP server is not set properly. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Matthew Webster [mailto:[EMAIL PROTECTED] Sent: Monday, August 18, 2003 7:29 AM To: [EMAIL PROTECTED] Subject: BGP Connectivity Problem [7:74100] Hi all, I have done a sample bgp configuration at r1r2.com. My network setup is as follows: TFTP_Server-(e0)r1(s0)--(s0)r2 s0 = 192.168.100.0/24 (.1 for r1, .2 for r2) and e0 = 10.1.4.1/24. The problem is that while I can ping the TFTP server (10.1.4.3 from Rtr1's e0 interface), I can't ping from r2, or from r1's s0 interface. Here are the configs (I give more if needed) r1#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR Gateway of last resort is not set C192.168.200.0/24 is directly connected, Loopback0 10.0.0.0/24 is subnetted, 1 subnets C 10.1.4.0 is directly connected, Ethernet0 C192.168.100.0/24 is directly connected, Serial0 r1#sh ip bgp BGP table version is 2, local router ID is 192.168.100.1 Status codes: s suppressed, d damped, h history, * valid, best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next HopMetric LocPrf Weight Path * 10.1.4.0/24 0.0.0.0 0 32768 i r2#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR Gateway of last resort is not set C192.168.201.0/24 is directly connected, Loopback0 10.0.0.0/24 is subnetted, 1 subnets B 10.1.4.0 [200/0] via 192.168.100.1, 01:18:32 C192.168.100.0/24 is directly connected, Serial0 r2#sh ip bgp BGP table version is 2, local router ID is 192.168.100.2 Status codes: s suppressed, d damped, h history, * valid, best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next HopMetric LocPrf Weight Path *i10.1.4.0/24 192.168.100.10100 0 i TIA, Matthew. **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74104t=74100 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: BGP Connectivity Problem [7:74100]
HI Eddie, Fred, thanks for your help...I think this most likely is the problem. As I do not have access to teh TFTP server, I am unable to fix it though. cheers, Matthew. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74130t=74100 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: RE: PIX translation problem [7:72567]
changing the timeout value worked, so the problem is fixed Thanks all From: Reimer, Fred Date: 2003/08/08 Fri AM 11:26:37 EDT To: [EMAIL PROTECTED] Subject: RE: PIX translation problem [7:72567] Greg Owens 202-398-2552 [GroupStudy removed an attachment with a content-type header it could not parse.] [Content-Type: null; name=replyAll] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73744t=72567 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PIX translation problem [7:72567]
Well, it depends on how big your global pool is. Most people likely don't have more than a Class C public address space from their ISP, so it's likely less than 250 (because of static mappings for DMZ hosts). If you use NAT, then there is a one-to-one mapping from an internal host to an external IP address in the pool. If you use PAT, then you map many internal hosts to one external IP address (up to 64,000, but more like 4,000 in practice). Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Lynne Padgett [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2003 11:15 AM To: Reimer, Fred; [EMAIL PROTECTED] Subject: RE: PIX translation problem [7:72567] What is the maximum number of translations in a global pool on a PIX? I didn't realize there was a cap. I was under the impression that the number of translations was directly related to the PIX user/connection license. -Original Message- From: Reimer, Fred [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 5:01 PM To: [EMAIL PROTECTED] Subject: RE: PIX translation problem [7:72567] No, but I know what it means. What kind of NAT are you doing? A global pool, or a single address doing PAT? If it's a pool, then you can define a single address (or interface) to do PAT when the global pool runs out. Or, if you already have PAT and that is being exhausted, then you can define a backup PAT address in case the first PAT address is exhausted. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Greg Owens [mailto:[EMAIL PROTECTED] Sent: Friday, July 18, 2003 8:33 AM To: [EMAIL PROTECTED] Subject: PIX translation problem [7:72567] have anybody seen this message. 07-15-2003 13:55:38Local4.Error192.168.1.1 Jul 15 2003 09:53:35: %PIX-3-202001: Out of address translation slots! I told the customer to change the translation time-out Greg Owens 202-398-2552 [GroupStudy removed an attachment with a content-type header it could not parse.] [Content-Type: null; name=replyAll] **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73733t=72567 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: RE: PIX translation problem [7:72567]
4000 even though their 65000 ports available From: Lynne Padgett Date: 2003/08/08 Fri AM 11:11:01 EDT To: [EMAIL PROTECTED] Subject: RE: PIX translation problem [7:72567] Greg Owens 202-398-2552 [GroupStudy removed an attachment with a content-type header it could not parse.] [Content-Type: null; name=replyAll] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73743t=72567 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PIX translation problem [7:72567]
No, but I know what it means. What kind of NAT are you doing? A global pool, or a single address doing PAT? If it's a pool, then you can define a single address (or interface) to do PAT when the global pool runs out. Or, if you already have PAT and that is being exhausted, then you can define a backup PAT address in case the first PAT address is exhausted. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Greg Owens [mailto:[EMAIL PROTECTED] Sent: Friday, July 18, 2003 8:33 AM To: [EMAIL PROTECTED] Subject: PIX translation problem [7:72567] have anybody seen this message. 07-15-2003 13:55:38Local4.Error192.168.1.1 Jul 15 2003 09:53:35: %PIX-3-202001: Out of address translation slots! I told the customer to change the translation time-out Greg Owens 202-398-2552 [GroupStudy removed an attachment with a content-type header it could not parse.] [Content-Type: null; name=replyAll] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73689t=72567 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Strange VPN problem [7:73641] OT:F funny [7:73722]
I mailed that! Only your explanation is superior. ;-) When i have time, not studying for my lab, i study the English language.. Say, getting dizzy over the CC BGP guide (that should be during my sleep though, like very wannabee, I have not seen a normal book in a while) Martijn -Oorspronkelijk bericht- Van: Reimer, Fred [mailto:[EMAIL PROTECTED] Verzonden: donderdag 7 augustus 2003 15:33 Aan: [EMAIL PROTECTED] Onderwerp: RE: Strange VPN problem [7:73641] Does anyone read the manuals around here??? http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secu r_r/sec_c2g.htm#1070272 You probably have your IKE proposal in your concentrator set for XAUTH, and you don't have your router setup for that. You can configure your router as the reference manual says, or you }may{ be able to add in a new or modify an existing IKE policy under Configuration | System | Tunneling Protocols | IPSec | IKE Proposals so that the Authentication mode is not one that has (XAUTH) at the end of it. Probably Preshared Keys would be the one you want. If you create a new one (recommended) they you would have to change the IKE policy used for your SA under Configuration | Policy Management | Traffic Management | SAs. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: suaveguru [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 1:08 AM To: [EMAIL PROTECTED] Subject: Strange VPN problem [7:73641] hi all, I am trying to setup a easy VPN solution for a cisco 837 to a cisco VPN concentrator 3005 using network extension mode but I keep getting this error msg Aug 7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth Request, Please enter the following command: Aug 7 13:08:16.571: EZVPN: crypto ipsec client ezvpn xauth Any form of input will be appreciated suaveguru __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73722t=73722 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Strange VPN problem [7:73641]
XAUTH is in my perception for authentication of users, (local) escpecially radius or tacacs. So what we do at the hub site for a static IKE peer is disable XAUTH, so that a spoke router does not get an auth prompt, or the hub does not wait for it. So I think the HUb is waiting for an answer, maybe used to authenticate VPN users only. WHAT DID YOU PUT AT THE SCREEN IKE PROPOSALS? You need Preshareds keys there! 8. The following example shows the various policies used in the IKE policy named CiscoVPNClient-3DES-MD. In this policy, Preshared Keys(XAUTH) for Authentication Mode is being used so that the client will be prompted to supply a username and password at the end of IKE negotiations. http://www.cisco.com/en/US/products/sw/secursw/ps2276/products_configuration _example09186a008010edf4.shtml#task2_steps Martijn -Oorspronkelijk bericht- Van: suaveguru [mailto:[EMAIL PROTECTED] Verzonden: donderdag 7 augustus 2003 9:40 Aan: Jansen, M Onderwerp: RE: Strange VPN problem [7:73641] thanks for your prompt reply , but I am using easyvpn configuration for cisco 805 router to concentrator 3005 with the cisco 805 as client mode and concentrator as hub . I can't find the line that you indicate for my cisco 805 , could it be easyvpn configuration that i am using? suaveguru --- [EMAIL PROTECTED] wrote: Guru. Type the no-xauth behind the key-mapping. isakmp key **NEWKEYNEWCUSTO** address x.x.x.x netmask 255.255.255.255 no-xauth no-config-mode Martijn -Oorspronkelijk bericht- Van: suaveguru [mailto:[EMAIL PROTECTED] Verzonden: donderdag 7 augustus 2003 7:08 Aan: [EMAIL PROTECTED] Onderwerp: Strange VPN problem [7:73641] hi all, I am trying to setup a easy VPN solution for a cisco 837 to a cisco VPN concentrator 3005 using network extension mode but I keep getting this error msg Aug 7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth Request, Please enter the following command: Aug 7 13:08:16.571: EZVPN: crypto ipsec client ezvpn xauth Any form of input will be appreciated suaveguru __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73648t=73641 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Strange VPN problem [7:73641]
Guru. Type the no-xauth behind the key-mapping. isakmp key **NEWKEYNEWCUSTO** address x.x.x.x netmask 255.255.255.255 no-xauth no-config-mode Martijn -Oorspronkelijk bericht- Van: suaveguru [mailto:[EMAIL PROTECTED] Verzonden: donderdag 7 augustus 2003 7:08 Aan: [EMAIL PROTECTED] Onderwerp: Strange VPN problem [7:73641] hi all, I am trying to setup a easy VPN solution for a cisco 837 to a cisco VPN concentrator 3005 using network extension mode but I keep getting this error msg Aug 7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth Request, Please enter the following command: Aug 7 13:08:16.571: EZVPN: crypto ipsec client ezvpn xauth Any form of input will be appreciated suaveguru __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73645t=73641 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: AAA/privilege problem [7:73610]
1 privilege exec level 2 enable Is why console doesn't allow you to enable mode. When you login to your console in your config, you login into privilege level 1 shell. Since enable command is in 2, you dont have access to it. Even if you add aaa authorization commands 2 console none To your console line, you will not be able to access. 2 you're missing privilege in your user commands. username user2 privilege 2 password cisco. That should fix 2nd issue. From: Jens Petter Eikeland Reply-To: Jens Petter Eikeland To: , Subject: AAA/privilege problem Date: Wed, 6 Aug 2003 11:23:23 +0200 I have played with som aaa. The aaa works fine when telneting in to r2 *1, but when I try to go in directly from the terminal werver on to r2 and I type the enable command, I have locked my self out. Why is that. Which command is it that is locking me out from exec mode from the console *1 It seems taht user2 and user5 have the same privilege when logging inn. What have I done wrong?... See att the bottom And also, is this the right metod to pit in privilege level 3 and 5 on the vty lines to access exec mode. If I did not put in these commands I did not get in to exec. Are there some other method I am missing r2# 01:51:31: %SYS-5-CONFIG_I: Configured from console by consolewr t Building configuration... Current configuration : 4576 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname r2 ! aaa new-model aaa authentication login no_tacacs none aaa authentication login tac_auth group tacacs+ aaa authentication login loc_auth local aaa authorization exec no_tacacs none aaa authorization exec loc_autho local aaa authorization commands 3 no_tacacs none aaa authorization commands 3 lo_autho local aaa authorization commands 5 no_tacacs none aaa authorization commands 5 lo_autho local aaa authorization commands 15 no_tacacs none aaa authorization commands 15 lo_autho local aaa accounting exec ac_tacacs start-stop group tacacs+ aaa accounting commands 3 ac_tacacs start-stop group tacacs+ aaa accounting commands 15 ac_tacacs start-stop group tacacs+ ! username user2 password 0 hello username user5 password 0 hello memory-size iomem 10 ip subnet-zero ! ! ! ! call rsvp-sync ! ! ! ! ! ! ! ! interface Loopback0 ip address 22.22.22.22 255.255.255.0 ! interface Loopback1 ip address 122.122.122.122 255.255.255.0 ! interface FastEthernet0/0 ip address 150.50.22.2 255.255.255.0 duplex auto speed auto ! interface Serial0/0 no ip address encapsulation frame-relay ! interface Serial0/0.21 point-to-point ip address 150.50.12.2 255.255.255.0 ip ospf message-digest-key 1 md5 hello ip ospf network point-to-point frame-relay interface-dlci 121 ! interface Serial0/0.24 point-to-point ip address 150.50.24.2 255.255.255.0 ip ospf message-digest-key 1 md5 hello ip ospf network point-to-point frame-relay interface-dlci 124 ! interface Serial0/0.26 point-to-point ip address 150.50.26.2 255.255.255.0 ip ospf message-digest-key 1 md5 hello ip ospf network point-to-point frame-relay interface-dlci 126 ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1 no ip address shutdown ! router ospf 100 router-id 22.22.22.22 log-adjacency-changes area 1 authentication message-digest area 1 virtual-link 11.11.11.11 authentication message-digest area 1 virtual-link 11.11.11.11 message-digest-key 1 md5 hello area 2 authentication message-digest redistribute static subnets tag 1000 network 22.22.22.0 0.0.0.255 area 1 network 150.50.12.0 0.0.0.255 area 1 network 150.50.24.0 0.0.0.255 area 1 network 150.50.26.0 0.0.0.255 area 2 distribute-list 10 in ! router bgp 4799 no synchronization bgp log-neighbor-changes network 122.122.122.0 mask 255.255.255.0 aggregate-address 202.202.0.0 255.255.0.0 as-set redistribute ospf 100 route-map ospftoas112 neighbor 11.11.11.11 remote-as 4799 neighbor 11.11.11.11 password hello neighbor 11.11.11.11 update-source Loopback0 neighbor 11.11.11.11 route-reflector-client neighbor 11.11.11.11 next-hop-self neighbor 11.11.11.11 soft-reconfiguration inbound neighbor 11.11.11.11 prefix-list bgpfilter out neighbor 55.55.55.55 remote-as 4799 neighbor 55.55.55.55 password hello neighbor 55.55.55.55 update-source Loopback0 neighbor 55.55.55.55 route-reflector-client neighbor 55.55.55.55 next-hop-self neighbor 55.55.55.55 soft-reconfiguration inbound neighbor 55.55.55.55 prefix-list bgpfilter out neighbor 150.50.22.112 remote-as 112 neighbor 150.50.22.112 remove-private-AS neighbor 150.50.22.112 soft-reconfiguration inbound neighbor 150.50.24.4 remote-as 65044 neighbor 150.50.24.4 soft-reconfiguration inbound neighbor 150.50.24.4 prefix-list bgpfilter out no auto-summary ! ip classless ip route 160.60.15.0 255.255.255.0 150.50.12.1 ip tacacs source-interface Loopback0 ip http server ip pim bidir-enable ! ! ip prefix-list bgpfilter seq 10 deny 202.202.1.0/24 ip prefix-list bgpfilter seq 20 deny 202.202.2.0/24 ip prefix-list
RE: Strange VPN problem [7:73641]
I have done that but now more problems crop in look at my latest mail with attatchment suaveguru --- [EMAIL PROTECTED] wrote: Guru. Type the no-xauth behind the key-mapping. isakmp key **NEWKEYNEWCUSTO** address x.x.x.x netmask 255.255.255.255 no-xauth no-config-mode Martijn -Oorspronkelijk bericht- Van: suaveguru [mailto:[EMAIL PROTECTED] Verzonden: donderdag 7 augustus 2003 7:08 Aan: [EMAIL PROTECTED] Onderwerp: Strange VPN problem [7:73641] hi all, I am trying to setup a easy VPN solution for a cisco 837 to a cisco VPN concentrator 3005 using network extension mode but I keep getting this error msg Aug 7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth Request, Please enter the following command: Aug 7 13:08:16.571: EZVPN: crypto ipsec client ezvpn xauth Any form of input will be appreciated suaveguru __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73705t=73641 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Strange VPN problem [7:73641]
thanks for your reply , I will read the documentation and see if I can solve my problem --- Reimer, Fred wrote: Does anyone read the manuals around here??? http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secu r_r/sec_c2g.htm#1070272 You probably have your IKE proposal in your concentrator set for XAUTH, and you don't have your router setup for that. You can configure your router as the reference manual says, or you }may{ be able to add in a new or modify an existing IKE policy under Configuration | System | Tunneling Protocols | IPSec | IKE Proposals so that the Authentication mode is not one that has (XAUTH) at the end of it. Probably Preshared Keys would be the one you want. If you create a new one (recommended) they you would have to change the IKE policy used for your SA under Configuration | Policy Management | Traffic Management | SAs. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: suaveguru [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 1:08 AM To: [EMAIL PROTECTED] Subject: Strange VPN problem [7:73641] hi all, I am trying to setup a easy VPN solution for a cisco 837 to a cisco VPN concentrator 3005 using network extension mode but I keep getting this error msg Aug 7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth Request, Please enter the following command: Aug 7 13:08:16.571: EZVPN: crypto ipsec client ezvpn xauth Any form of input will be appreciated suaveguru __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73698t=73641 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: IP Multicast Problem in relation to Reuters Xtra30 [7:73465]
I doubt that this is a bandwidth issue because unless you have some sort of QoS for your multicasting, the news simply doesn't get dropped over the price update. The 3 minute time limit when the news traffic drops sounds like a dense mode problem with the flood-prune every 3 minutes. Are you running PIM Dense, PIM SM, or PIM DM-SM? You need to check the DR of the client end to see if it's still subscribing to the news mcast group when your news feed stops. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73678t=73465 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PIX translation problem [7:72567]
What is the maximum number of translations in a global pool on a PIX? I didn't realize there was a cap. I was under the impression that the number of translations was directly related to the PIX user/connection license. -Original Message- From: Reimer, Fred [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 5:01 PM To: [EMAIL PROTECTED] Subject: RE: PIX translation problem [7:72567] No, but I know what it means. What kind of NAT are you doing? A global pool, or a single address doing PAT? If it's a pool, then you can define a single address (or interface) to do PAT when the global pool runs out. Or, if you already have PAT and that is being exhausted, then you can define a backup PAT address in case the first PAT address is exhausted. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Greg Owens [mailto:[EMAIL PROTECTED] Sent: Friday, July 18, 2003 8:33 AM To: [EMAIL PROTECTED] Subject: PIX translation problem [7:72567] have anybody seen this message. 07-15-2003 13:55:38Local4.Error192.168.1.1 Jul 15 2003 09:53:35: %PIX-3-202001: Out of address translation slots! I told the customer to change the translation time-out Greg Owens 202-398-2552 [GroupStudy removed an attachment with a content-type header it could not parse.] [Content-Type: null; name=replyAll] **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73732t=72567 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Strange VPN problem [7:73641]
Get the latest version of CRWS (Cisco Router Web Setup) then yo can use Xauth with a nice web front end. The IOS based version is in my opinion - unusable not for end users. Joel. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 07 August 2003 15:31 To: [EMAIL PROTECTED] Subject: RE: Strange VPN problem [7:73641] XAUTH is in my perception for authentication of users, (local) escpecially radius or tacacs. So what we do at the hub site for a static IKE peer is disable XAUTH, so that a spoke router does not get an auth prompt, or the hub does not wait for it. So I think the HUb is waiting for an answer, maybe used to authenticate VPN users only. WHAT DID YOU PUT AT THE SCREEN IKE PROPOSALS? You need Preshareds keys there! 8. The following example shows the various policies used in the IKE policy named CiscoVPNClient-3DES-MD. In this policy, Preshared Keys(XAUTH) for Authentication Mode is being used so that the client will be prompted to supply a username and password at the end of IKE negotiations. http://www.cisco.com/en/US/products/sw/secursw/ps2276/products_configuration _example09186a008010edf4.shtml#task2_steps Martijn -Oorspronkelijk bericht- Van: suaveguru [mailto:[EMAIL PROTECTED] Verzonden: donderdag 7 augustus 2003 9:40 Aan: Jansen, M Onderwerp: RE: Strange VPN problem [7:73641] thanks for your prompt reply , but I am using easyvpn configuration for cisco 805 router to concentrator 3005 with the cisco 805 as client mode and concentrator as hub . I can't find the line that you indicate for my cisco 805 , could it be easyvpn configuration that i am using? suaveguru --- [EMAIL PROTECTED] wrote: Guru. Type the no-xauth behind the key-mapping. isakmp key **NEWKEYNEWCUSTO** address x.x.x.x netmask 255.255.255.255 no-xauth no-config-mode Martijn -Oorspronkelijk bericht- Van: suaveguru [mailto:[EMAIL PROTECTED] Verzonden: donderdag 7 augustus 2003 7:08 Aan: [EMAIL PROTECTED] Onderwerp: Strange VPN problem [7:73641] hi all, I am trying to setup a easy VPN solution for a cisco 837 to a cisco VPN concentrator 3005 using network extension mode but I keep getting this error msg Aug 7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth Request, Please enter the following command: Aug 7 13:08:16.571: EZVPN: crypto ipsec client ezvpn xauth Any form of input will be appreciated suaveguru __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html === This message has been checked for all known viruses by the Sirocom Virus Scanning Service === === This message has been checked for all known viruses by the Sirocom Virus Scanning Service WWW.SIROCOM.COM === Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73668t=73641 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Strange VPN problem [7:73641]
hi all, I am trying to setup a easy VPN solution for a cisco 837 to a cisco VPN concentrator 3005 using network extension mode but I keep getting this error msg Aug 7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth Request, Please enter the following command: Aug 7 13:08:16.571: EZVPN: crypto ipsec client ezvpn xauth Any form of input will be appreciated suaveguru __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73641t=73641 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Strange VPN problem [7:73641]
thanks for your answer , I will try and let you know the results. regards, suaveguru --- [EMAIL PROTECTED] wrote: GURU: XAUTH is in my perception for authentication of users, (local) escpecially radius or tacacs. So what we do at the hub site for a static IKE peer is disable XAUTH, so that a spoke router does not get an auth prompt, or the hub does not wait for it. So I think the HUb is waiting for an answer, maybe used to authenticate VPN users only. WHAT DID YOU PUT AT THE SCREEN IKE PROPOSALS? You need Preshareds keys there! 8. The following example shows the various policies used in the IKE policy named CiscoVPNClient-3DES-MD. In this policy, Preshared Keys(XAUTH) for Authentication Mode is being used so that the client will be prompted to supply a username and password at the end of IKE negotiations. http://www.cisco.com/en/US/products/sw/secursw/ps2276/products_configuration _example09186a008010edf4.shtml#task2_steps Martijn -Oorspronkelijk bericht- Van: suaveguru [mailto:[EMAIL PROTECTED] Verzonden: donderdag 7 augustus 2003 9:40 Aan: Jansen, M Onderwerp: RE: Strange VPN problem [7:73641] thanks for your prompt reply , but I am using easyvpn configuration for cisco 805 router to concentrator 3005 with the cisco 805 as client mode and concentrator as hub . I can't find the line that you indicate for my cisco 805 , could it be easyvpn configuration that i am using? suaveguru --- [EMAIL PROTECTED] wrote: Guru. Type the no-xauth behind the key-mapping. isakmp key **NEWKEYNEWCUSTO** address x.x.x.x netmask 255.255.255.255 no-xauth no-config-mode Martijn -Oorspronkelijk bericht- Van: suaveguru [mailto:[EMAIL PROTECTED] Verzonden: donderdag 7 augustus 2003 7:08 Aan: [EMAIL PROTECTED] Onderwerp: Strange VPN problem [7:73641] hi all, I am trying to setup a easy VPN solution for a cisco 837 to a cisco VPN concentrator 3005 using network extension mode but I keep getting this error msg Aug 7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth Request, Please enter the following command: Aug 7 13:08:16.571: EZVPN: crypto ipsec client ezvpn xauth Any form of input will be appreciated suaveguru __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73651t=73641 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Strange VPN problem [7:73641]
Does anyone read the manuals around here??? http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secu r_r/sec_c2g.htm#1070272 You probably have your IKE proposal in your concentrator set for XAUTH, and you don't have your router setup for that. You can configure your router as the reference manual says, or you }may{ be able to add in a new or modify an existing IKE policy under Configuration | System | Tunneling Protocols | IPSec | IKE Proposals so that the Authentication mode is not one that has (XAUTH) at the end of it. Probably Preshared Keys would be the one you want. If you create a new one (recommended) they you would have to change the IKE policy used for your SA under Configuration | Policy Management | Traffic Management | SAs. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: suaveguru [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 1:08 AM To: [EMAIL PROTECTED] Subject: Strange VPN problem [7:73641] hi all, I am trying to setup a easy VPN solution for a cisco 837 to a cisco VPN concentrator 3005 using network extension mode but I keep getting this error msg Aug 7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth Request, Please enter the following command: Aug 7 13:08:16.571: EZVPN: crypto ipsec client ezvpn xauth Any form of input will be appreciated suaveguru __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73661t=73641 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
SV: AAA/privilege problem [7:73618]
So will this do the job?, Or will I have to put the privilege level 15 in under console 0 username user2 privilege 3 password 0 hello username user5 privilege 5 password 0 hello username admin privilege 15 password cisco privilege configure level 5 snmp-server community * ro privilege configure level 5 snmp-server community * rw privilege configure level 5 snmp-server enable traps * privilege exec level 2 configure terminal privilege exec level 15 disable privilege exec level 5 show snmp session brief privilege exec level 5 show snmp user line con 0 authorization commands 3 no_tacacs authorization commands 15 no_tacacs authorization exec no_tacacs login authentication no_tacacs line aux 0 line vty 0 4 authorization commands 3 lo_autho authorization commands 5 lo_autho authorization commands 15 lo_autho authorization exec loc_autho accounting commands 3 ac_tacacs accounting commands 15 ac_tacacs accounting exec ac_tacacs -Opprinnelig melding- Fra: ccie study [mailto:[EMAIL PROTECTED] Sendt: 6. august 2003 16:56 Til: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Emne: Re: AAA/privilege problem 1 privilege exec level 2 enable Is why console doesn't allow you to enable mode. When you login to your console in your config, you login into privilege level 1 shell. Since enable command is in 2, you dont have access to it. Even if you add aaa authorization commands 2 console none To your console line, you will not be able to access. 2 you're missing privilege in your user commands. username user2 privilege 2 password cisco. That should fix 2nd issue. From: Jens Petter Eikeland Reply-To: Jens Petter Eikeland To: , Subject: AAA/privilege problem Date: Wed, 6 Aug 2003 11:23:23 +0200 I have played with som aaa. The aaa works fine when telneting in to r2 *1, but when I try to go in directly from the terminal werver on to r2 and I type the enable command, I have locked my self out. Why is that. Which command is it that is locking me out from exec mode from the console *1 It seems taht user2 and user5 have the same privilege when logging inn. What have I done wrong?... See att the bottom And also, is this the right metod to pit in privilege level 3 and 5 on the vty lines to access exec mode. If I did not put in these commands I did not get in to exec. Are there some other method I am missing r2# 01:51:31: %SYS-5-CONFIG_I: Configured from console by consolewr t Building configuration... Current configuration : 4576 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname r2 ! aaa new-model aaa authentication login no_tacacs none aaa authentication login tac_auth group tacacs+ aaa authentication login loc_auth local aaa authorization exec no_tacacs none aaa authorization exec loc_autho local aaa authorization commands 3 no_tacacs none aaa authorization commands 3 lo_autho local aaa authorization commands 5 no_tacacs none aaa authorization commands 5 lo_autho local aaa authorization commands 15 no_tacacs none aaa authorization commands 15 lo_autho local aaa accounting exec ac_tacacs start-stop group tacacs+ aaa accounting commands 3 ac_tacacs start-stop group tacacs+ aaa accounting commands 15 ac_tacacs start-stop group tacacs+ ! username user2 password 0 hello username user5 password 0 hello memory-size iomem 10 ip subnet-zero ! ! ! ! call rsvp-sync ! ! ! ! ! ! ! ! interface Loopback0 ip address 22.22.22.22 255.255.255.0 ! interface Loopback1 ip address 122.122.122.122 255.255.255.0 ! interface FastEthernet0/0 ip address 150.50.22.2 255.255.255.0 duplex auto speed auto ! interface Serial0/0 no ip address encapsulation frame-relay ! interface Serial0/0.21 point-to-point ip address 150.50.12.2 255.255.255.0 ip ospf message-digest-key 1 md5 hello ip ospf network point-to-point frame-relay interface-dlci 121 ! interface Serial0/0.24 point-to-point ip address 150.50.24.2 255.255.255.0 ip ospf message-digest-key 1 md5 hello ip ospf network point-to-point frame-relay interface-dlci 124 ! interface Serial0/0.26 point-to-point ip address 150.50.26.2 255.255.255.0 ip ospf message-digest-key 1 md5 hello ip ospf network point-to-point frame-relay interface-dlci 126 ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1 no ip address shutdown ! router ospf 100 router-id 22.22.22.22 log-adjacency-changes area 1 authentication message-digest area 1 virtual-link 11.11.11.11 authentication message-digest area 1 virtual-link 11.11.11.11 message-digest-key 1 md5 hello area 2 authentication message-digest redistribute static subnets tag 1000 network 22.22.22.0 0.0.0.255 area 1 network 150.50.12.0 0.0.0.255 area 1 network 150.50.24.0 0.0.0.255 area 1 network 150.50.26.0 0.0.0.255 area 2 distribute-list 10 in ! router bgp
SV: AAA/privilege problem [7:73611]
So will this do the job?, Or will I have to put the privilege level 15 in under console 0 username user2 privilege 3 password 0 hello username user5 privilege 5 password 0 hello username admin privilege 15 password cisco privilege configure level 5 snmp-server community * ro privilege configure level 5 snmp-server community * rw privilege configure level 5 snmp-server enable traps * privilege exec level 2 configure terminal privilege exec level 15 disable privilege exec level 5 show snmp session brief privilege exec level 5 show snmp user line con 0 authorization commands 3 no_tacacs authorization commands 15 no_tacacs authorization exec no_tacacs login authentication no_tacacs line aux 0 line vty 0 4 authorization commands 3 lo_autho authorization commands 5 lo_autho authorization commands 15 lo_autho authorization exec loc_autho accounting commands 3 ac_tacacs accounting commands 15 ac_tacacs accounting exec ac_tacacs -Opprinnelig melding- Fra: ccie study [mailto:[EMAIL PROTECTED] Sendt: 6. august 2003 16:56 Til: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Emne: Re: AAA/privilege problem 1 privilege exec level 2 enable Is why console doesn't allow you to enable mode. When you login to your console in your config, you login into privilege level 1 shell. Since enable command is in 2, you dont have access to it. Even if you add aaa authorization commands 2 console none To your console line, you will not be able to access. 2 you're missing privilege in your user commands. username user2 privilege 2 password cisco. That should fix 2nd issue. From: Jens Petter Eikeland Reply-To: Jens Petter Eikeland To: , Subject: AAA/privilege problem Date: Wed, 6 Aug 2003 11:23:23 +0200 I have played with som aaa. The aaa works fine when telneting in to r2 *1, but when I try to go in directly from the terminal werver on to r2 and I type the enable command, I have locked my self out. Why is that. Which command is it that is locking me out from exec mode from the console *1 It seems taht user2 and user5 have the same privilege when logging inn. What have I done wrong?... See att the bottom And also, is this the right metod to pit in privilege level 3 and 5 on the vty lines to access exec mode. If I did not put in these commands I did not get in to exec. Are there some other method I am missing r2# 01:51:31: %SYS-5-CONFIG_I: Configured from console by consolewr t Building configuration... Current configuration : 4576 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname r2 ! aaa new-model aaa authentication login no_tacacs none aaa authentication login tac_auth group tacacs+ aaa authentication login loc_auth local aaa authorization exec no_tacacs none aaa authorization exec loc_autho local aaa authorization commands 3 no_tacacs none aaa authorization commands 3 lo_autho local aaa authorization commands 5 no_tacacs none aaa authorization commands 5 lo_autho local aaa authorization commands 15 no_tacacs none aaa authorization commands 15 lo_autho local aaa accounting exec ac_tacacs start-stop group tacacs+ aaa accounting commands 3 ac_tacacs start-stop group tacacs+ aaa accounting commands 15 ac_tacacs start-stop group tacacs+ ! username user2 password 0 hello username user5 password 0 hello memory-size iomem 10 ip subnet-zero ! ! ! ! call rsvp-sync ! ! ! ! ! ! ! ! interface Loopback0 ip address 22.22.22.22 255.255.255.0 ! interface Loopback1 ip address 122.122.122.122 255.255.255.0 ! interface FastEthernet0/0 ip address 150.50.22.2 255.255.255.0 duplex auto speed auto ! interface Serial0/0 no ip address encapsulation frame-relay ! interface Serial0/0.21 point-to-point ip address 150.50.12.2 255.255.255.0 ip ospf message-digest-key 1 md5 hello ip ospf network point-to-point frame-relay interface-dlci 121 ! interface Serial0/0.24 point-to-point ip address 150.50.24.2 255.255.255.0 ip ospf message-digest-key 1 md5 hello ip ospf network point-to-point frame-relay interface-dlci 124 ! interface Serial0/0.26 point-to-point ip address 150.50.26.2 255.255.255.0 ip ospf message-digest-key 1 md5 hello ip ospf network point-to-point frame-relay interface-dlci 126 ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1 no ip address shutdown ! router ospf 100 router-id 22.22.22.22 log-adjacency-changes area 1 authentication message-digest area 1 virtual-link 11.11.11.11 authentication message-digest area 1 virtual-link 11.11.11.11 message-digest-key 1 md5 hello area 2 authentication message-digest redistribute static subnets tag 1000 network 22.22.22.0 0.0.0.255 area 1 network 150.50.12.0 0.0.0.255 area 1 network 150.50.24.0 0.0.0.255 area 1 network 150.50.26.0 0.0.0.255 area 2 distribute-list 10 in ! router bgp 4799 no synchronization bgp log-neighbor-changes network 122.122.122.0 mask 255.255.255.0 aggregate-address 202.202.0.0 255.255.0.0 as-set redistribute ospf 100 route-map
IP Multicast Problem in relation to Reuters Xtra3000 apps [7:73465]
Can anyone shed some light on this problem? We are doing remote WAN multicast under a PIM Auto-RP environment. The remote Xtra3000 client will stop updating the News within 3 mins from launch. However, the price update will not stop no matter how long it runs. Looks like multicast is working because the price update is. But how come the News update will stop within 3 mins? Show ip mroute count revealed that the forwarding counter is growing, and the (* , G) and (S , G) states all looked fine, OILs were not disappearing when the News update stopped. Is it a bandwidth issue? We have a 192K bandwidth limit set on the WAN link. Does anyone have similar experience or know some special behaviour of Reuters Xtra3000 client? Many thanks in advance. This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect those of J.P. Morgan Chase Co., its subsidiaries and affiliates. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73465t=73465 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
mutlihoming problem with grapgh [7:73233]
Hi all i have the following setup so I am please if any body can help me for configuration or if it possible to implement or not and how. We have this customer and we need to apply load sharing with automatic failover (take in consideration the customer have firewall) . so did any body know how I can implement it with BGP u can see also GLBP for help | |-RouterA-- ISPA |---Internet |--Firewall|Saudi Telecom | |-RouterB---ISPB-|---Internet Best regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73233t=73233 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP + ARP Problem [7:73098]
There is a known issue in some switches (6500's running hybrid mode) where the CEF adjacencies are not populated correctly. We've seen issues with pings and ARP between MSFC's. Possibly the 2950's have a similar issue... Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Henrique Issamu Terada [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 12:28 PM To: [EMAIL PROTECTED] Subject: RES: HSRP + ARP Problem [7:73098] maybe something in the switch . . . are both routers active , noone in standby ? _ Henrique Issamu Terada, CCIE # 7460 IT Support - Open Network CPM S.A. - Tecnologia criando valor Tel.: 55 11 4196-0710 Fax: 55 11 4196-0900 [EMAIL PROTECTED] www.cpm.com.br -- --- Esta mensagem pode conter informagco confidencial e/ou privilegiada. Se vocj nco for o destinatario ou a pessoa autorizada a receber esta mensagem, nco pode usar, copiar ou divulgar as informagues nela contidas ou tomar qualquer agco baseada nessas informagues. Se vocj recebeu esta mensagem por engano, por favor avise imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua cooperagco. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Mensagem original- De: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED] Enviada em: segunda-feira, 28 de julho de 2003 10:58 Para: [EMAIL PROTECTED] Assunto: RE: HSRP + ARP Problem [7:73098] Try Where they also give you an alternative to use the burned HW in-address instead of a virtual HW address. http://www.cisco.com/warp/public/473/62.pdf Martijn Jansen -Oorspronkelijk bericht- Van: Tim Champion [mailto:[EMAIL PROTECTED] Verzonden: maandag 28 juli 2003 13:35 Aan: [EMAIL PROTECTED] Onderwerp: HSRP + ARP Problem [7:73098] Bit of a strange one this. We have 2 7206 routers running HSRP that are support by our telecoms provider. The fast ethernet interface of each is connected into our 2950 along with a firewall. From the switch, or firewall, I can ping either of the 'real' ip addresses but not the virtual address. I have used debug arp and seen the arp request go out for the virtual address (the telco has done the same and see's the request come in) but there is no reply. If we configure a static arp entry it all works fine. Anyone ever experienced anything like this??? Many thanks Tim Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.504 / Virus Database: 302 - Release Date: 24/07/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.504 / Virus Database: 302 - Release Date: 24/07/2003 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73172t=73098 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
HSRP + ARP Problem [7:73098]
Bit of a strange one this. We have 2 7206 routers running HSRP that are support by our telecoms provider. The fast ethernet interface of each is connected into our 2950 along with a firewall. From the switch, or firewall, I can ping either of the 'real' ip addresses but not the virtual address. I have used debug arp and seen the arp request go out for the virtual address (the telco has done the same and see's the request come in) but there is no reply. If we configure a static arp entry it all works fine. Anyone ever experienced anything like this??? Many thanks Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73098t=73098 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP + ARP Problem [7:73098]
Try Where they also give you an alternative to use the burned HW in-address instead of a virtual HW address. http://www.cisco.com/warp/public/473/62.pdf Martijn Jansen -Oorspronkelijk bericht- Van: Tim Champion [mailto:[EMAIL PROTECTED] Verzonden: maandag 28 juli 2003 13:35 Aan: [EMAIL PROTECTED] Onderwerp: HSRP + ARP Problem [7:73098] Bit of a strange one this. We have 2 7206 routers running HSRP that are support by our telecoms provider. The fast ethernet interface of each is connected into our 2950 along with a firewall. From the switch, or firewall, I can ping either of the 'real' ip addresses but not the virtual address. I have used debug arp and seen the arp request go out for the virtual address (the telco has done the same and see's the request come in) but there is no reply. If we configure a static arp entry it all works fine. Anyone ever experienced anything like this??? Many thanks Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73101t=73098 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP + ARP Problem [7:73098]
Could you debug HSRP for us? Thought DEBUG STANDBY should do it. Cisco 7200/7500 with PA-2FEISL HSRP gets stuck in init state on PA-2FEISL module in 7200/7500. CSCdr01156 (registered customers only) software upgrade; see bug for revision details Reset the interface using the shutdown and no shutdown commands SB: Ethernet0 state Virgin - Listen SB: Starting up hot standby process SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip 192.168.72.29 SB: Ethernet0 state Listen - Speak SB:Ethernet0 Hello out 192.168.72.20 Speak pri 100 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello out 192.168.72.20 Speak pri 100 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello out 192.168.72.20 Speak pri 100 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip 192.168.72.29 SB: Ethernet0 state Speak - Standby SB:Ethernet0 Hello out 192.168.72.20 Standby pri 100 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello out 192.168.72.20 Standby pri 100 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello out 192.168.72.20 Standby pri 100 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello in 192.168.72.21 Active pri 90 hel 3 hol 10 ip 192.168.72.29 SB: Ethernet0 Coup out 192.168.72.20 Standby pri 100 hel 3 hol 10 ip 192.168.72.29 SB: Ethernet0 state Standby - Active SB:Ethernet0 Hello out 192.168.72.20 Active pri 100 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello in 192.168.72.21 Speak pri 90 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello out 192.168.72.20 Active pri 100 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello in 192.168.72.21 Speak pri 90 hel 3 hol 10 ip 192.168.72.29 SB:Ethernet0 Hello out 192.168.72.20 Active pri 100 hel 3 hol 10 ip 192.168.72.29 Martijn Jansen -Oorspronkelijk bericht- Van: Tim Champion [mailto:[EMAIL PROTECTED] Verzonden: maandag 28 juli 2003 13:35 Aan: [EMAIL PROTECTED] Onderwerp: HSRP + ARP Problem [7:73098] Bit of a strange one this. We have 2 7206 routers running HSRP that are support by our telecoms provider. The fast ethernet interface of each is connected into our 2950 along with a firewall. From the switch, or firewall, I can ping either of the 'real' ip addresses but not the virtual address. I have used debug arp and seen the arp request go out for the virtual address (the telco has done the same and see's the request come in) but there is no reply. If we configure a static arp entry it all works fine. Anyone ever experienced anything like this??? Many thanks Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73100t=73098 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
SRC and DST NAT problem [7:72783]
Problem description: Problem when NATing both source and destination addresses based on an route-map Diagram: _ | R1| | | - | | Fa0/0.1 Fa0/0.2 | | | | __ 1.1.1.0/24 LAN | |2.2.2.0/24 LAN | | | | - - | | || - - PC1:1.1.1.10PC2:2.2.2.10 Actual PhysicalActual Physical ip addressip address Setup description: Cisco 2600 router connected to a Cisco 2950 switch using Fa0/0 port. We have created subinterface on F0/0. The subinterface F0/0.1 connects to 1.1.1.0/24 LAN. The subinterface F0/0.2 connects to 2.2.2.0/24 LAN. The router routes traffic between these subnets.Int f0/0.1 is the nat inside interface.Int f0/0.2 is the nat outside interface. Requirement: 1) When telnet traffic(identified by a route-map) from 1.1.1.0/24 LAN needs to flow to the 2.2.2.0/24 LAN (which actually appears as 11.11.10.0/24 LAN to the 1.1.1.0 network) , the source address should be NATed as 1.1.1.0/24 172.16.1.0/24 and the destination should be NATed as 11.11.10.0/242.2.2.0/24. 2) When certain other type of traffic from 1.1.1.0/24 LAN needs to flow to the 2.2.2.0/24 LAN , the source address and destination address should not be NATed. Problem: Requirement no.2 is working fine. For Requirement no.1 : The source IP address of the Inside-to-outside packets is being NATed. But not the destination address. Below is the expected sequence. i.e. 1)PC1 sends a telnet packet to PC2. src ip: 1.1.1.10 ,dst ip:11.11.2.10 2)R1 nats the source ip properly. ie. src ip :1.1.1.10 172.16.1.10 . I also want R1 to NAT the destination ip address . i.e i want dst ip:11.11.2.102.2.2.10. The packet should then hit PC2. Similar reverse translation is need on the reverse path for the return packet. Below is the sh runn for R1 R1#sh run ! interface FastEthernet0/0.1 encapsulation dot1Q 4 ip address 1.1.1.1 255.255.255.0 ip nat inside ! interface FastEthernet0/0.2 encapsulation dot1Q 5 ip address 2.2.2.1 255.255.255.0 ip nat outside ! ip nat pool IN2OUTNATPOOL 172.16.1.1 172.16.1.254 prefix-length 24 type match-host ip nat pool OUT2INNATPOOL 10.10.0.1 10.10.0.254 prefix-length 16 type match-host ip nat inside source route-map IN2OUT pool IN2OUTNATPOOL ip nat outside source route-map OUT2IN pool OUT2INNATPOOL ip classless ip route 11.11.2.0 255.255.255.0 FastEthernet0/0.2 ip route 172.16.1.0 255.255.255.0 FastEthernet0/0.1 ! access-list 188 permit tcp any any eq telnet access-list 188 permit tcp any eq telnet any access-list 188 deny ip any any ! route-map IN2OUT permit 10 match ip address 188 ! route-map OUT2IN permit 10 match ip address 188 ! Thanks and Regards Simon K. Carvalho RMC Support Engineer (Senior Member) Network Solutions Ltd. , Bangalore Email: :[EMAIL PROTECTED] Web : www.netsol.co.in Phone : +91 80 5535228 ext 433 Mobile : +91 9845349843 Tomorrow's Networks.Today. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72783t=72783 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX translation problem [7:72567]
Sorry to give one of those annoying answers. I saw this a couple of weeks ago while configuring a Pix. I looked at the config and I had typo'd. Unfortunately I can't remember what I'd done wrong at the time. Can you post the config and it may jog my memory. Regards, Bikespace Greg Owens wrote in message news:[EMAIL PROTECTED] have anybody seen this message. 07-15-2003 13:55:38 Local4.Error 192.168.1.1 Jul 15 2003 09:53:35: %PIX-3-202001: Out of address translation slots! I told the customer to change the translation time-out Greg Owens 202-398-2552 [GroupStudy removed an attachment with a content-type header it could not parse.] [Content-Type: null; name=replyAll] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72670t=72567 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
need input on a frame relay t1 problem [7:72621]
I've got a frame line thats almost 100% errors, mostly framing. Local Hardware is a 1604 w/ t1 wic (for testing purposes only. will be a 3640.) Remote hardware for the 6 pvc's are 1604's w/ t1 wics on fractional frame lines. Remotes have existing pvcs back to the 3640 on the production network. PVCs come up but line protocol bounces continuously. telco has reported that they can get to their network termination but not to my csu. I've triple checked the extension from the NIU to the WIC and it looks good. Its about 75 feet of shielded t1 cable. Tried both clock source line and clock source internal. on clock source line I lose the pvcs (deleted). Telco verified lmi type cisco (they had it at auto but changed to cisco). I tried ANSI on my side and got no LMI rcvs. W/ type set to cisco LMI enq/rcv is incrementing but drifting all over the place. Interface resets increment each time I lose line protocol. Carrier resets are incrementing slowly as well. Im still suspecting telco issues but any input would be greatly appreciated. interface Serial0 no ip address encapsulation frame-relay fair-queue 64 32 0 service-module t1 clock source internal service-module t1 timeslots all frame-relay lmi-type cisco local-test#sho int s0 Serial0 is up, line protocol is up Hardware is QUICC Serial (with FT1 CSU/DSU WIC) MTU 1500 bytes, BW 1536 Kbit, DLY 2 usec, rely 189/255, load 1/255 Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec) LMI enq sent 18, LMI stat recvd 11, LMI upd recvd 0, DTE LMI up LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 LMI DLCI 1023 LMI type is CISCO frame relay DTE Broadcast queue 0/64, broadcasts sent/dropped 76/0, interface broadcasts 66 Last input 00:00:08, output 00:00:00, output hang never Last clearing of show interface counters 00:03:06 Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/32 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 1 packets/sec 19 packets input, 1466 bytes, 0 no buffer Received 11 broadcasts, 0 runts, 0 giants, 0 throttles 1154 input errors, 89 CRC, 737 frame, 0 overrun, 0 ignored, 328 abort 99 packets output, 8280 bytes, 0 underruns 0 output errors, 0 collisions, 3 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up local-test# local-test# local-test# local-test# local-test#sho frame lmi LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO Invalid Unnumbered info 0Invalid Prot Disc 0 Invalid dummy Call Ref 0Invalid Msg Type 0 Invalid Status Message 0Invalid Lock Shift 0 Invalid Information ID 0Invalid Report IE Len 0 Invalid Report Request 0Invalid Keep IE Len 0 Num Status Enq. Sent 19Num Status msgs Rcvd 12 Num Update Status Rcvd 0Num Status Timeouts 8 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72621t=72621 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: need input on a frame relay t1 problem [7:72621]
Wilmes, Rusty wrote: I've got a frame line thats almost 100% errors, mostly framing. Local Hardware is a 1604 w/ t1 wic (for testing purposes only. will be a 3640.) Remote hardware for the 6 pvc's are 1604's w/ t1 wics on fractional frame lines. Remotes have existing pvcs back to the 3640 on the production network. PVCs come up but line protocol bounces continuously. telco has reported that they can get to their network termination but not to my csu. I've triple checked the extension from the NIU to the WIC and it looks good. Its about 75 feet of shielded t1 cable. Tried both clock source line and clock source internal. on clock source line I lose the pvcs (deleted). Telco verified lmi type cisco (they had it at auto but changed to cisco). I tried ANSI on my side and got no LMI rcvs. W/ type set to cisco LMI enq/rcv is incrementing but drifting all over the place. Interface resets increment each time I lose line protocol. Carrier resets are incrementing slowly as well. Im still suspecting telco issues but any input would be greatly appreciated. interface Serial0 no ip address encapsulation frame-relay fair-queue 64 32 0 service-module t1 clock source internal service-module t1 timeslots all frame-relay lmi-type cisco local-test#sho int s0 Serial0 is up, line protocol is up Hardware is QUICC Serial (with FT1 CSU/DSU WIC) MTU 1500 bytes, BW 1536 Kbit, DLY 2 usec, rely 189/255, load 1/255 Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec) LMI enq sent 18, LMI stat recvd 11, LMI upd recvd 0, DTE LMI up LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 LMI DLCI 1023 LMI type is CISCO frame relay DTE Broadcast queue 0/64, broadcasts sent/dropped 76/0, interface broadcasts 66 Last input 00:00:08, output 00:00:00, output hang never Last clearing of show interface counters 00:03:06 Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/32 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 1 packets/sec 19 packets input, 1466 bytes, 0 no buffer Received 11 broadcasts, 0 runts, 0 giants, 0 throttles 1154 input errors, 89 CRC, 737 frame, 0 overrun, 0 ignored, 328 abort 99 packets output, 8280 bytes, 0 underruns 0 output errors, 0 collisions, 3 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up local-test# local-test# local-test# local-test# local-test#sho frame lmi LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO Invalid Unnumbered info 0Invalid Prot Disc 0 Invalid dummy Call Ref 0Invalid Msg Type 0 Invalid Status Message 0Invalid Lock Shift 0 Invalid Information ID 0Invalid Report IE Len 0 Invalid Report Request 0Invalid Keep IE Len 0 Num Status Enq. Sent 19Num Status msgs Rcvd 12 Num Update Status Rcvd 0Num Status Timeouts 8 Without actually being there, it sounds like a clocking problem to me. 0. I'm surprised that you are using internal clocking. Getting clock from the telco is usually much more reliable than your DSU. Are they supposed to be providing clock? 1. Have you run any loopback tests on the interface? If the problem continues with the interface looped, it is likely to be a router or WIC-1T problem. 2. Do you have any spare hardware for swapping? - swap the 75 foot cable - swap the WIC-1T - try direct serial-serial connection to another test router 3. Take a look at some debug output, such as debug serial interface and debug frame-relay HTH Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72625t=72621 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: need input on a frame relay t1 problem [7:72621]
Thanks to all. We've isolated it to the house cabling extension. If i jack the router directly to the niu the line comes up and runs error free. Crud, I hate it when its not verizons fault :) Thanks again, Rusty -Original Message- From: Wilmes, Rusty Sent: Saturday, July 19, 2003 8:39 AM To: [EMAIL PROTECTED] Subject: need input on a frame relay t1 problem [7:72621] I've got a frame line thats almost 100% errors, mostly framing. Local Hardware is a 1604 w/ t1 wic (for testing purposes only. will be a 3640.) Remote hardware for the 6 pvc's are 1604's w/ t1 wics on fractional frame lines. Remotes have existing pvcs back to the 3640 on the production network. PVCs come up but line protocol bounces continuously. telco has reported that they can get to their network termination but not to my csu. I've triple checked the extension from the NIU to the WIC and it looks good. Its about 75 feet of shielded t1 cable. Tried both clock source line and clock source internal. on clock source line I lose the pvcs (deleted). Telco verified lmi type cisco (they had it at auto but changed to cisco). I tried ANSI on my side and got no LMI rcvs. W/ type set to cisco LMI enq/rcv is incrementing but drifting all over the place. Interface resets increment each time I lose line protocol. Carrier resets are incrementing slowly as well. Im still suspecting telco issues but any input would be greatly appreciated. interface Serial0 no ip address encapsulation frame-relay fair-queue 64 32 0 service-module t1 clock source internal service-module t1 timeslots all frame-relay lmi-type cisco local-test#sho int s0 Serial0 is up, line protocol is up Hardware is QUICC Serial (with FT1 CSU/DSU WIC) MTU 1500 bytes, BW 1536 Kbit, DLY 2 usec, rely 189/255, load 1/255 Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec) LMI enq sent 18, LMI stat recvd 11, LMI upd recvd 0, DTE LMI up LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 LMI DLCI 1023 LMI type is CISCO frame relay DTE Broadcast queue 0/64, broadcasts sent/dropped 76/0, interface broadcasts 66 Last input 00:00:08, output 00:00:00, output hang never Last clearing of show interface counters 00:03:06 Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/32 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 1 packets/sec 19 packets input, 1466 bytes, 0 no buffer Received 11 broadcasts, 0 runts, 0 giants, 0 throttles 1154 input errors, 89 CRC, 737 frame, 0 overrun, 0 ignored, 328 abort 99 packets output, 8280 bytes, 0 underruns 0 output errors, 0 collisions, 3 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up local-test# local-test# local-test# local-test# local-test#sho frame lmi LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO Invalid Unnumbered info 0Invalid Prot Disc 0 Invalid dummy Call Ref 0Invalid Msg Type 0 Invalid Status Message 0Invalid Lock Shift 0 Invalid Information ID 0Invalid Report IE Len 0 Invalid Report Request 0Invalid Keep IE Len 0 Num Status Enq. Sent 19Num Status msgs Rcvd 12 Num Update Status Rcvd 0Num Status Timeouts 8 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72627t=72621 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX translation problem [7:72567]
have anybody seen this message. 07-15-2003 13:55:38Local4.Error192.168.1.1 Jul 15 2003 09:53:35: %PIX-3-202001: Out of address translation slots! I told the customer to change the translation time-out Greg Owens 202-398-2552 [GroupStudy removed an attachment with a content-type header it could not parse.] [Content-Type: null; name=replyAll] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72567t=72567 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: STP problem [7:70797]
We had a similar situation. Only in this case, the user was taking down internet access. Seems whoever configured the machine put the default gateway in as the users address. At the time we were running two protocols, decnet and tcp/ip. Decnet was the first one to be used. The only time there was a problem was when the user would try to access the internet. After a week of troubleshooting, we started looking at all of the PCs that had been installed recently. It was pure luck that we found it. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 4:35 PM To: [EMAIL PROTECTED] Subject: Re: STP problem [7:70797] Access points can be configured to do bridging and I wouldn't be surprised to discover that they don't do STP, especially low-end ones from the local KMart. A lot of low-end switches don't do STP either. So, the access point would have to be inserted into the network just right so that it caused a loop, but that's certainly possible. In that case all the looping broadcast traffic, not to mention looping unknown unicast traffic, could bring a network to its knees. I'm surprised so many people doubted his decription of the problem!? Anyway, finding it will be hard, though there's good advice from Tom and others. I think I would revert to an old-fasioned communications channel. Announce over the loud speaker that if you just connected a wireless access point, disconnect it now and report to the office! :-) Priscilla Tom Martin wrote: Chris, STP should be enough to avoid these types of problems. In order to cause a bridging loop the station would have to have both interfaces in the same VLAN and forward all L2 traffic except for BPDUs. Even if this were the case the wireless network (10-Mbps?) shouldn't be enough to bring the LAN to its knees (100-Mbps?). If you have STP enabled on all of your switches, I'm doubt that a single station is bringing the network down. Once you find the offending switch that you need to reboot, you can issue console commands to determine the root bridge and any blocked ports. Make sure that things are normal. You do have your root bridge set manually, don't you? :) To find out which port is causing the loop, take a look at the interface counters. You should see an unreal amount of traffic on the offending port (and the uplink to the core switch). When STP has been enabled I have only come across layer-2 loops twice. Once when a few HP switches had gone bad, and another time when a customer had configured channeling on one side but not the other (3500 series, no channel negotiation). In both cases I found that the problem was made worse with increasing traffic levels, and the problem also revolved around the same set of switches. The channeling problem was a bit more difficult to narrow down though, since it disabled MLS on the core switch and every segment appeared to have problems!!! I hope that helps, - Tom Christopher Dumais wrote: Hi all, We are having an STP problem where we think a user with an integrated wireless and LAN NIC is creating a bridge loop and bringing down the entire network. The problem occurs then goes away after 20 or so minutes unless we can narrow down which closet it is coming from and reboot the switch. All of our management tools die during the outage. Does anyone have any ideas on how we might prevent this from happening or track down the offender? We have 6509's in our Core and a mix of 3548's and 3550-SMI. Any thoughts are appreciated. Thanks! Chris Dumais, CCNP, CNA Sr. Network Administrator NSS Customer and Desktop Services Team Maine Medical Center (207)871-6940 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72467t=70797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: STP problem [7:70797]
Heh, you should have been at Networkers 2003 in LA. Cisco's wireless network was... Unstable to say the least. I'd estimate that the network was available only 50% of the time. First someone hacked into the DHCP server and brought that down. They someone set their IP address the same as the default route. Then people setup peer-to-peer networks with the same ESSID as the Cisco AP's. It was almost comical! Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: DeVoe, Charles (PKI) [mailto:[EMAIL PROTECTED] Sent: Thursday, July 17, 2003 8:39 AM To: [EMAIL PROTECTED] Subject: RE: STP problem [7:70797] We had a similar situation. Only in this case, the user was taking down internet access. Seems whoever configured the machine put the default gateway in as the users address. At the time we were running two protocols, decnet and tcp/ip. Decnet was the first one to be used. The only time there was a problem was when the user would try to access the internet. After a week of troubleshooting, we started looking at all of the PCs that had been installed recently. It was pure luck that we found it. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 4:35 PM To: [EMAIL PROTECTED] Subject: Re: STP problem [7:70797] Access points can be configured to do bridging and I wouldn't be surprised to discover that they don't do STP, especially low-end ones from the local KMart. A lot of low-end switches don't do STP either. So, the access point would have to be inserted into the network just right so that it caused a loop, but that's certainly possible. In that case all the looping broadcast traffic, not to mention looping unknown unicast traffic, could bring a network to its knees. I'm surprised so many people doubted his decription of the problem!? Anyway, finding it will be hard, though there's good advice from Tom and others. I think I would revert to an old-fasioned communications channel. Announce over the loud speaker that if you just connected a wireless access point, disconnect it now and report to the office! :-) Priscilla Tom Martin wrote: Chris, STP should be enough to avoid these types of problems. In order to cause a bridging loop the station would have to have both interfaces in the same VLAN and forward all L2 traffic except for BPDUs. Even if this were the case the wireless network (10-Mbps?) shouldn't be enough to bring the LAN to its knees (100-Mbps?). If you have STP enabled on all of your switches, I'm doubt that a single station is bringing the network down. Once you find the offending switch that you need to reboot, you can issue console commands to determine the root bridge and any blocked ports. Make sure that things are normal. You do have your root bridge set manually, don't you? :) To find out which port is causing the loop, take a look at the interface counters. You should see an unreal amount of traffic on the offending port (and the uplink to the core switch). When STP has been enabled I have only come across layer-2 loops twice. Once when a few HP switches had gone bad, and another time when a customer had configured channeling on one side but not the other (3500 series, no channel negotiation). In both cases I found that the problem was made worse with increasing traffic levels, and the problem also revolved around the same set of switches. The channeling problem was a bit more difficult to narrow down though, since it disabled MLS on the core switch and every segment appeared to have problems!!! I hope that helps, - Tom Christopher Dumais wrote: Hi all, We are having an STP problem where we think a user with an integrated wireless and LAN NIC is creating a bridge loop and bringing down the entire network. The problem occurs then goes away after 20 or so minutes unless we can narrow down which closet it is coming from and reboot the switch. All of our management tools die during the outage. Does anyone have any ideas on how we might prevent this from happening or track down the offender? We have 6509's in our Core and a mix of 3548's and 3550-SMI. Any thoughts are appreciated. Thanks! Chris Dumais, CCNP, CNA Sr. Network Administrator NSS Customer and Desktop Services Team Maine Medical Center (207)871-6940 [EMAIL PROTECTED] Message Posted
SPAN problem [7:72507]
Hi all, Quick question, I have enabled SPAN to mirror from one port to another. However, when doing so the transmitting port appears detached form the network. i.e.. I cannot ping from the PC attached to that port and nothing on the network can ping it too. When I remove the port from the session I get connectivity again. Could anyone give me any ideas on why this is occurring please. I used the 'monitor session' command and left it blank at the end implying 'both' rather than explicitly specifying 'TX or 'RX. None of the ports are involved in trunking, they are in the same VLAN and they are on the same physical switch, and even on the same blade (4006). Any help would be greatly appreciated. Kind regards Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72507t=72507 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SPAN problem [7:72507]
Paul wrote: Hi all, Quick question, I have enabled SPAN to mirror from one port to another. However, when doing so the transmitting port appears detached form the network. i.e.. I cannot ping from the PC attached to that port and nothing on the network can ping it too. When I remove the port from the session I get connectivity again. Could anyone give me any ideas on why this is occurring please. If I understand what you're saying, that's normal. SPAN sends traffic to and from one or more source ports to a destination port. A protocol analyzer resides at the destination port. The source ports are the monitored ports whose traffic you want to analyze. I'm not sure what you mean by transmitting port. Cisco doesn't use that term becauses it's too unclear which port it refers to. Now that we have the terminology straight :-), it's normal for traffic to be disrupted to and from the destination port where the analyzer resides. Per the config guide for the 4000, Once an interface becomes an active destination interface, incoming traffic is disabled. You cannot configure a SPAN destination interface to receive ingress traffic. The interface does not forward any traffic except that required for the SPAN session. It is not normal for the traffic to be disrupted for the source port. If that's what you're saying, then you better tell us more about the config and the output from show monitor session. I'm guessing that's not what you meant though... Priscilla I used the 'monitor session' command and left it blank at the end implying 'both' rather than explicitly specifying 'TX or 'RX. None of the ports are involved in trunking, they are in the same VLAN and they are on the same physical switch, and even on the same blade (4006). Any help would be greatly appreciated. Kind regards Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72518t=72507 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
console port problem [7:72298]
i have a problem with my console port of 2500 router as well as 1900 switch the speed settings are ok can you help me Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com Buy The Best In BOOKS at http://www.bestsellers.indiatimes.com Bid for Air Tickets @ Re.1 on Air Sahara Flights. Just log on to http://airsahara.indiatimes.com and Bid Now ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72298t=72298 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: console port problem [7:72298]
i cannot use my console port to access one of my 2524 router as well as 1900 switch , they don't respond but i can telnet to them. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72316t=72298 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: console port problem [7:72298]
whats the problem?? -Original Message- From: star.7 [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 9:59 AM To: [EMAIL PROTECTED] Subject: console port problem [7:72298] i have a problem with my console port of 2500 router as well as 1900 switch the speed settings are ok can you help me Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com Buy The Best In BOOKS at http://www.bestsellers.indiatimes.com Bid for Air Tickets @ Re.1 on Air Sahara Flights. Just log on to http://airsahara.indiatimes.com and Bid Now ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72313t=72298 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: console port problem [7:72298]
Can you describe the problem? Reza star.7 wrote in message news:[EMAIL PROTECTED] i have a problem with my console port of 2500 router as well as 1900 switch the speed settings are ok can you help me Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com Buy The Best In BOOKS at http://www.bestsellers.indiatimes.com Bid for Air Tickets @ Re.1 on Air Sahara Flights. Just log on to http://airsahara.indiatimes.com and Bid Now ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72312t=72298 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: console port problem [7:72298]
Perhaps a copy of the running config would help -Original Message- From: star star7 [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 11:48 AM To: [EMAIL PROTECTED] Subject: Re: console port problem [7:72298] i cannot use my console port to access one of my 2524 router as well as 1900 switch , they don't respond but i can telnet to them. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72329t=72298 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: console port problem [7:72298]
At least your console line. Cut out any password through, it's not cryptographically robust. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: DeVoe, Charles (PKI) [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 1:29 PM To: [EMAIL PROTECTED] Subject: RE: console port problem [7:72298] Perhaps a copy of the running config would help -Original Message- From: star star7 [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 11:48 AM To: [EMAIL PROTECTED] Subject: Re: console port problem [7:72298] i cannot use my console port to access one of my 2524 router as well as 1900 switch , they don't respond but i can telnet to them. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72340t=72298 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
problem with 7206 router. [7:72177]
Hi everyone, I bought a 7206 router and it booted up as follow before booting by the Flash Card contains IOS. I think the internal flash device is missing or corrupted. Anyone have any sugestion how I can fix this? Here is the boot up output: System Bootstrap, Version 11.1(5) [mkamson 5], RELEASE SOFTWARE (fc1) Copyright (c) 1994 by cisco Systems, Inc. C7200 processor with 65536 Kbytes of main memory monlib does not contain a valid magic number boot: cannot open bootflash: an alternate boot helper program is not specified (monitor variable BOOTLDR is not set) and unable to determine first file in bootflash loadprog: error - on file open boot: cannot load cisco2-C7200 And it will booted with the image installed in the Flash Card... Any sugestion is much apreciated. Xy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72177t=72177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
problem about OSPF on environment NBMA [7:72181]
Dear all, I would like ask how to config cost in OSPF: 1. with enviroment NBMA (example Frame) and topology Hub-Spoke then Cost from Hub Router to all Spoke the same (becase the samer1 physical interface ). How to config cost different for each session Hub-Spoke ? 2. if Network type is: Point-to-Multipoint (RFC-2328) then we can use command : a. IP OSPF cost or b. Neighbor cost That in 2 command which commad decision the cost if to command haved config on Hub router ? 3. if network type is : Point-to-Multipoint (non broadcast) ready to order?: Frame-relay map ip between Spokes? (in case I-ARP has enable auto ? ) Thanks regard __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72181t=72181 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: problem with 7206 router. [7:72177]
Default solution is to boot up the image on the flash card, format bootflash, and copy a new bootloader image onto it, but you might need just remove a few files from bootflash: so that the bootloader is the first file. What does 'show bootflash:' show? Thanks, Zsombor At 08:23 AM 7/12/2003 +, Xy Hien Le wrote: Hi everyone, I bought a 7206 router and it booted up as follow before booting by the Flash Card contains IOS. I think the internal flash device is missing or corrupted. Anyone have any sugestion how I can fix this? Here is the boot up output: System Bootstrap, Version 11.1(5) [mkamson 5], RELEASE SOFTWARE (fc1) Copyright (c) 1994 by cisco Systems, Inc. C7200 processor with 65536 Kbytes of main memory monlib does not contain a valid magic number boot: cannot open bootflash: an alternate boot helper program is not specified (monitor variable BOOTLDR is not set) and unable to determine first file in bootflash loadprog: error - on file open boot: cannot load cisco2-C7200 And it will booted with the image installed in the Flash Card... Any sugestion is much apreciated. Xy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72186t=72177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: problem with 7206 router. [7:72177]
hmm wonder if the config specifies a tftp boot of the image specified in that error? Tried removingthe config? Brian The path to a desireable destination is often more difficult than the path to stay where you are. On Sat, 12 Jul 2003, Zsombor Papp wrote: Default solution is to boot up the image on the flash card, format bootflash, and copy a new bootloader image onto it, but you might need just remove a few files from bootflash: so that the bootloader is the first file. What does 'show bootflash:' show? Thanks, Zsombor At 08:23 AM 7/12/2003 +, Xy Hien Le wrote: Hi everyone, I bought a 7206 router and it booted up as follow before booting by the Flash Card contains IOS. I think the internal flash device is missing or corrupted. Anyone have any sugestion how I can fix this? Here is the boot up output: System Bootstrap, Version 11.1(5) [mkamson 5], RELEASE SOFTWARE (fc1) Copyright (c) 1994 by cisco Systems, Inc. C7200 processor with 65536 Kbytes of main memory monlib does not contain a valid magic number boot: cannot open bootflash: an alternate boot helper program is not specified (monitor variable BOOTLDR is not set) and unable to determine first file in bootflash loadprog: error - on file open boot: cannot load cisco2-C7200 And it will booted with the image installed in the Flash Card... Any sugestion is much apreciated. Xy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72190t=72177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
tftp problem via checkpoint firewalls [7:71971]
Hi, I have a problem trying to tftp router configs through a cluster-pair of checkpoint-nokia firewalls. I can Telnet from the inside to the router outside the firewall but get a firewall error message when attempt to tftp the config back through the firewall. This all worked fine on Checkpoint firewall-1 running on NT, but doesn't work using Nokia boxes. external side: tftp client (router) connected to external lan external lan is vlan-X across two Cisco Cat switches two firewalls with a connection to this external lan (fw1 on sw1 and fw2 on sw2) internal side: tftp server (unix) connected to internal lan internal lan is vlan-Y across same two Cisco Cat switches same two firewalls with a connection to this internal lan (fw1 on sw1 and fw2 on sw2) inter-firewall: a direct x-over cable between the firewall synch interfaces Tftp Client router attempts to tftp its configuration to the TFTP Host The Tftp Client Router sees the Tftp Host as an external address with the Checkpoint Firewalls translating this external address to the real internal address. This fails with the firewall logging the message Connection contains real ip of NATed address Checkpoint Knowledge Base Article SK14613 below seems to describe, but not quite as we have each firewall connected to a different switch for resilience. https://support.checkpoint.com/public/idsearch.jsp?id=sk14613QueryText=%28% 28real%2C+ip%29%29resultStart=1 Have raised a fault with Checkpoint but not holding my breath. Any thoughts? regards, Alan ** This e-mail is for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mail messages are not necessarily secure. Ulster Bank Group/The Royal Bank of Scotland and each of its Group companies does not accept responsibility for changes made to this message after it was sent. ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71971t=71971 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IOS AUTH-PROXY problem [7:72005]
Hi, Just run away from 12.1.5T(9). We had some problem with it and discussed in this group with Dmitry and Fabrice. Even if you do not enable http server on the router auth-proxy will be invoked . Regards, Vilmos -Original Message- From: d tran [mailto:[EMAIL PROTECTED] Sent: 06 July 2003 18:19 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: IOS AUTH-PROXY problem All, Below is the configuration I have with AUTH-PROXY. I don't understand why the configuration works with IOS version 12.2.15(T) but doesn't work with IOS version 12.1.5T(9). With version 12.1.5T(9), I am not getting a authentication failed. Instead I am getting bad request. Any ideas? C2610#sh run Building configuration... Current configuration : 4248 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname C2610 ! logging buffered 8192 notifications logging rate-limit 1 no logging console aaa new-model aaa authentication login default group tacacs+ local aaa authentication login NONE none aaa authentication login TACACS group tacacs+ local enable aaa authentication login LOCAL local enable aaa authorization auth-proxy default group tacacs+ enable secret 5 $1$Bj2H$ad4Dn5rkgKvwPZzJDKAgZ1 ! memory-size iomem 10 ip subnet-zero no ip source-route ! ! no ip finger ip tcp intercept list 100 ip tcp intercept connection-timeout 3600 ip tcp intercept watch-timeout 5 ip tcp intercept max-incomplete low 300 ip tcp intercept max-incomplete high 1000 ip tcp intercept one-minute low 100 ip tcp intercept one-minute high 500 ip domain-name micronetsolution.com ip host tac 2065 10.10.10.10 ip name-server 172.17.1.2 ip name-server 129.174.1.8 ip dhcp excluded-address 10.100.0.71 ip dhcp excluded-address 10.100.0.72 ip dhcp excluded-address 10.100.0.254 ip dhcp ping packets 5 ! ip dhcp pool DHCP network 10.100.0.0 255.255.255.0 netbios-name-server 172.17.1.2 129.174.1.8 dns-server 172.17.1.2 129.174.1.8 default-router 10.100.0.254 domain-name micronetsolution.com lease 3 ! ip inspect audit-trail ip inspect dns-timeout 15 ip inspect name CBAC tcp timeout 3600 ip inspect name CBAC udp timeout 3600 ip auth-proxy auth-proxy-banner ip auth-proxy auth-proxy-audit ip auth-proxy auth-cache-time 1 ip auth-proxy name AUTH-PROXY http ip audit info action alarm drop reset ip audit attack action alarm drop reset ip audit notify log ip audit po max-events 100 ip audit name ATTACK attack action alarm drop reset ip audit name INFO info action alarm ! ! call rsvp-sync cns event-service server ! ! ! ! ! ! ! ! interface Loopback0 ip address 10.10.10.10 255.255.255.255 ! interface Ethernet0/0 ip address 172.18.1.1 255.255.0.0 ip nat outside half-duplex ! interface FastEthernet1/0 ip address 10.100.0.254 255.255.255.0 ip nat inside ip auth-proxy AUTH-PROXY speed 100 full-duplex ! ip kerberos source-interface any ip nat pool natpool 172.18.1.1 172.18.1.1 netmask 255.255.0.0 ip nat inside source list 130 interface Ethernet0/0 overload ip nat inside source static 10.100.0.71 172.18.0.71 ip classless ip route 0.0.0.0 0.0.0.0 172.18.1.254 ip http server ip http authentication aaa ! ! ip access-list extended NAMEDACL permit tcp any any permit udp any any permit ip any any ip access-list extended in2out permit udp 10.100.0.0 0.0.0.255 any eq domain reflect traffic permit tcp 10.100.0.0 0.0.0.255 any eq www reflect traffic permit tcp 10.100.0.0 0.0.0.255 any eq telnet reflect traffic deny ip any any ip access-list extended out2in permit icmp any any evaluate traffic deny ip any any logging trap notifications logging facility local5 logging source-interface Ethernet0/0 logging 172.17.1.2 access-list 100 permit tcp any host 10.100.0.71 eq www access-list 100 permit tcp any host 10.100.0.71 eq 443 access-list 100 permit tcp any host 10.100.0.71 eq 22 access-list 100 permit tcp any host 10.100.0.71 eq telnet access-list 100 permit tcp any host 10.100.0.71 eq ftp access-list 100 permit tcp any host 10.100.0.71 eq ftp-data access-list 110 permit tcp 10.100.0.0 0.0.0.255 host 10.100.0.254 eq telnet access-list 110 dynamic lock-and-key permit ip 10.100.0.0 0.0.0.255 any access-list 110 deny ip any any access-list 120 permit udp 10.100.0.0 0.0.0.255 any eq domain access-list 120 permit tcp 10.100.0.0 0.0.0.255 host 10.100.0.254 eq www access-list 120 deny ip any any access-list 130 permit ip 10.100.0.0 0.0.0.255 any access-list 140 permit ip host 172.18.1.2 host 172.18.1.1 access-list 140 permit icmp any 10.100.0.0 0.0.0.255 access-list 140 permit icmp any host 172.18.0.71 access-list 140 deny ip any any ! tacacs-server host 172.18.1.2 tacacs-server attempts 2 ! dial-peer cor custom ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous login authentication NONE transport input none line aux 0 login authentication NONE transport input all line vty 0 4 login authentication LOCAL ! ntp clock-period 17208324 end
Re: Problem [7:71890]
Hi, first you need to enable ip routing to make it work. Then your default route should look like this: ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx where is xxx.xxx.xxx.xxx is the other router interface. Note: after the destination network follows a subnet mask (not a wildcard mask). Make sure you have a route in your other back to this router (Entires in the routing table are oneway only). Try show ip route to verify. With kind regards Jens Neelsen --- Projet AIM wrote: Hi again I am pretty much thanksfull for your explanantion I have tried what you have suggested and still it doesn't work The thing is I am convainced that I am missing something but can't find out what Thanx again and any help is appreciated Elias From: Jans van Deventer Reply-To: Jans van Deventer To: [EMAIL PROTECTED] Subject: Re: Problem [7:71890] Date: Fri, 4 Jul 2003 14:25:41 GMT Hi What you did when you typed no ip routing was to effectively change your router into an IP host. You must enable ip routing with ip routing and then add your static route. Test again and come back for help if it doensn't work. One advantage of disabling IP routing and effectively turning your router into a host is because you can then use all the nice debug functionalities like debug ip packet, as though your router was a host. Regards, Jans Projet AIM wrote: Hi all I have a cisco 3600 and I am facing an unknown problem maybe it is stupuid but realy i don't know I have a pretty much common configuration 2 valid IP addresses on both interfaces. one of them are my network the other interface is linked to another router interface when I trie to ping the outside from the router's consol I have a response but when I try to ping from a machine in my network and don't have any reply. I used static route as in ip route 0.0.0.0 255.255.255.255 xxx.xxx.xxx.xxx where is xxx.xxx.xxx.xxx is the other router interface I disabled ip routing no ip routing Can Anyone please help me if a missed anything THANX a lot Elias _ Trouvez l'bme soeur sur MSN Rencontres ! http://g.msn.fr/FR1000/9551 _ Dicouvrez les nouvelles imotictnes animies de http://g.msn.fr/FR1001/866 MSN Messenger nouvelle formule [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71942t=71890 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IOS AUTH-PROXY problem [7:71952]
All, Below is the configuration I have with AUTH-PROXY. I don't understand why the configuration works with IOS version 12.2.15(T) but doesn't work with IOS version 12.1.5T(9). With version 12.1.5T(9), I am not getting a authentication failed. Instead I am getting bad request. Any ideas? C2610#sh run Building configuration... Current configuration : 4248 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname C2610 ! logging buffered 8192 notifications logging rate-limit 1 no logging console aaa new-model aaa authentication login default group tacacs+ local aaa authentication login NONE none aaa authentication login TACACS group tacacs+ local enable aaa authentication login LOCAL local enable aaa authorization auth-proxy default group tacacs+ enable secret 5 $1$Bj2H$ad4Dn5rkgKvwPZzJDKAgZ1 ! memory-size iomem 10 ip subnet-zero no ip source-route ! ! no ip finger ip tcp intercept list 100 ip tcp intercept connection-timeout 3600 ip tcp intercept watch-timeout 5 ip tcp intercept max-incomplete low 300 ip tcp intercept max-incomplete high 1000 ip tcp intercept one-minute low 100 ip tcp intercept one-minute high 500 ip domain-name micronetsolution.com ip host tac 2065 10.10.10.10 ip name-server 172.17.1.2 ip name-server 129.174.1.8 ip dhcp excluded-address 10.100.0.71 ip dhcp excluded-address 10.100.0.72 ip dhcp excluded-address 10.100.0.254 ip dhcp ping packets 5 ! ip dhcp pool DHCP network 10.100.0.0 255.255.255.0 netbios-name-server 172.17.1.2 129.174.1.8 dns-server 172.17.1.2 129.174.1.8 default-router 10.100.0.254 domain-name micronetsolution.com lease 3 ! ip inspect audit-trail ip inspect dns-timeout 15 ip inspect name CBAC tcp timeout 3600 ip inspect name CBAC udp timeout 3600 ip auth-proxy auth-proxy-banner ip auth-proxy auth-proxy-audit ip auth-proxy auth-cache-time 1 ip auth-proxy name AUTH-PROXY http ip audit info action alarm drop reset ip audit attack action alarm drop reset ip audit notify log ip audit po max-events 100 ip audit name ATTACK attack action alarm drop reset ip audit name INFO info action alarm ! ! call rsvp-sync cns event-service server ! ! ! ! ! ! ! ! interface Loopback0 ip address 10.10.10.10 255.255.255.255 ! interface Ethernet0/0 ip address 172.18.1.1 255.255.0.0 ip nat outside half-duplex ! interface FastEthernet1/0 ip address 10.100.0.254 255.255.255.0 ip nat inside ip auth-proxy AUTH-PROXY speed 100 full-duplex ! ip kerberos source-interface any ip nat pool natpool 172.18.1.1 172.18.1.1 netmask 255.255.0.0 ip nat inside source list 130 interface Ethernet0/0 overload ip nat inside source static 10.100.0.71 172.18.0.71 ip classless ip route 0.0.0.0 0.0.0.0 172.18.1.254 ip http server ip http authentication aaa ! ! ip access-list extended NAMEDACL permit tcp any any permit udp any any permit ip any any ip access-list extended in2out permit udp 10.100.0.0 0.0.0.255 any eq domain reflect traffic permit tcp 10.100.0.0 0.0.0.255 any eq www reflect traffic permit tcp 10.100.0.0 0.0.0.255 any eq telnet reflect traffic deny ip any any ip access-list extended out2in permit icmp any any evaluate traffic deny ip any any logging trap notifications logging facility local5 logging source-interface Ethernet0/0 logging 172.17.1.2 access-list 100 permit tcp any host 10.100.0.71 eq www access-list 100 permit tcp any host 10.100.0.71 eq 443 access-list 100 permit tcp any host 10.100.0.71 eq 22 access-list 100 permit tcp any host 10.100.0.71 eq telnet access-list 100 permit tcp any host 10.100.0.71 eq ftp access-list 100 permit tcp any host 10.100.0.71 eq ftp-data access-list 110 permit tcp 10.100.0.0 0.0.0.255 host 10.100.0.254 eq telnet access-list 110 dynamic lock-and-key permit ip 10.100.0.0 0.0.0.255 any access-list 110 deny ip any any access-list 120 permit udp 10.100.0.0 0.0.0.255 any eq domain access-list 120 permit tcp 10.100.0.0 0.0.0.255 host 10.100.0.254 eq www access-list 120 deny ip any any access-list 130 permit ip 10.100.0.0 0.0.0.255 any access-list 140 permit ip host 172.18.1.2 host 172.18.1.1 access-list 140 permit icmp any 10.100.0.0 0.0.0.255 access-list 140 permit icmp any host 172.18.0.71 access-list 140 deny ip any any ! tacacs-server host 172.18.1.2 tacacs-server attempts 2 ! dial-peer cor custom ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous login authentication NONE transport input none line aux 0 login authentication NONE transport input all line vty 0 4 login authentication LOCAL ! ntp clock-period 17208324 end C2610# - Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71952t=71952 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL
Re: IOS AUTH-PROXY problem [7:71956]
It could just be that in version of 12.2.15(T) it is finally fully implemented. 12.1.5T(9) is just an earlier version. I ran into this last night while working on blocking Nimda and Code Red. The feature required to do the blocking was released in 12.1E (not exactly sure which version, I can't find my notes). I couldn't find the feature anywhere in the documentation for 12.1, but as soon as I looked in 12.2, it was there. Hope that helps. Cheers, Joe - Original Message - From: d tran To: ; Sent: Sunday, July 06, 2003 10:18 AM Subject: IOS AUTH-PROXY problem All, Below is the configuration I have with AUTH-PROXY. I don't understand why the configuration works with IOS version 12.2.15(T) but doesn't work with IOS version 12.1.5T(9). With version 12.1.5T(9), I am not getting a authentication failed. Instead I am getting bad request. Any ideas? C2610#sh run Building configuration... Current configuration : 4248 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname C2610 ! logging buffered 8192 notifications logging rate-limit 1 no logging console aaa new-model aaa authentication login default group tacacs+ local aaa authentication login NONE none aaa authentication login TACACS group tacacs+ local enable aaa authentication login LOCAL local enable aaa authorization auth-proxy default group tacacs+ enable secret 5 $1$Bj2H$ad4Dn5rkgKvwPZzJDKAgZ1 ! memory-size iomem 10 ip subnet-zero no ip source-route ! ! no ip finger ip tcp intercept list 100 ip tcp intercept connection-timeout 3600 ip tcp intercept watch-timeout 5 ip tcp intercept max-incomplete low 300 ip tcp intercept max-incomplete high 1000 ip tcp intercept one-minute low 100 ip tcp intercept one-minute high 500 ip domain-name micronetsolution.com ip host tac 2065 10.10.10.10 ip name-server 172.17.1.2 ip name-server 129.174.1.8 ip dhcp excluded-address 10.100.0.71 ip dhcp excluded-address 10.100.0.72 ip dhcp excluded-address 10.100.0.254 ip dhcp ping packets 5 ! ip dhcp pool DHCP network 10.100.0.0 255.255.255.0 netbios-name-server 172.17.1.2 129.174.1.8 dns-server 172.17.1.2 129.174.1.8 default-router 10.100.0.254 domain-name micronetsolution.com lease 3 ! ip inspect audit-trail ip inspect dns-timeout 15 ip inspect name CBAC tcp timeout 3600 ip inspect name CBAC udp timeout 3600 ip auth-proxy auth-proxy-banner ip auth-proxy auth-proxy-audit ip auth-proxy auth-cache-time 1 ip auth-proxy name AUTH-PROXY http ip audit info action alarm drop reset ip audit attack action alarm drop reset ip audit notify log ip audit po max-events 100 ip audit name ATTACK attack action alarm drop reset ip audit name INFO info action alarm ! ! call rsvp-sync cns event-service server ! ! ! ! ! ! ! ! interface Loopback0 ip address 10.10.10.10 255.255.255.255 ! interface Ethernet0/0 ip address 172.18.1.1 255.255.0.0 ip nat outside half-duplex ! interface FastEthernet1/0 ip address 10.100.0.254 255.255.255.0 ip nat inside ip auth-proxy AUTH-PROXY speed 100 full-duplex ! ip kerberos source-interface any ip nat pool natpool 172.18.1.1 172.18.1.1 netmask 255.255.0.0 ip nat inside source list 130 interface Ethernet0/0 overload ip nat inside source static 10.100.0.71 172.18.0.71 ip classless ip route 0.0.0.0 0.0.0.0 172.18.1.254 ip http server ip http authentication aaa ! ! ip access-list extended NAMEDACL permit tcp any any permit udp any any permit ip any any ip access-list extended in2out permit udp 10.100.0.0 0.0.0.255 any eq domain reflect traffic permit tcp 10.100.0.0 0.0.0.255 any eq www reflect traffic permit tcp 10.100.0.0 0.0.0.255 any eq telnet reflect traffic deny ip any any ip access-list extended out2in permit icmp any any evaluate traffic deny ip any any logging trap notifications logging facility local5 logging source-interface Ethernet0/0 logging 172.17.1.2 access-list 100 permit tcp any host 10.100.0.71 eq www access-list 100 permit tcp any host 10.100.0.71 eq 443 access-list 100 permit tcp any host 10.100.0.71 eq 22 access-list 100 permit tcp any host 10.100.0.71 eq telnet access-list 100 permit tcp any host 10.100.0.71 eq ftp access-list 100 permit tcp any host 10.100.0.71 eq ftp-data access-list 110 permit tcp 10.100.0.0 0.0.0.255 host 10.100.0.254 eq telnet access-list 110 dynamic lock-and-key permit ip 10.100.0.0 0.0.0.255 any access-list 110 deny ip any any access-list 120 permit udp 10.100.0.0 0.0.0.255 any eq domain access-list 120 permit tcp 10.100.0.0 0.0.0.255 host 10.100.0.254 eq www access-list 120 deny ip any any access-list 130 permit ip 10.100.0.0 0.0.0.255 any access-list 140 permit ip host 172.18.1.2 host 172.18.1.1 access-list 140 permit icmp any 10.100.0.0 0.0.0.255 access-list 140 permit icmp any host 172.18.0.71 access-list 140
Problem [7:71890]
Hi all I have a cisco 3600 and I am facing an unknown problem maybe it is stupuid but realy i don't know I have a pretty much common configuration 2 valid IP addresses on both interfaces. one of them are my network the other interface is linked to another router interface when I trie to ping the outside from the router's consol I have a response but when I try to ping from a machine in my network and don't have any reply. I used static route as in ip route 0.0.0.0 255.255.255.255 xxx.xxx.xxx.xxx where is xxx.xxx.xxx.xxx is the other router interface I disabled ip routing no ip routing Can Anyone please help me if a missed anything THANX a lot Elias _ Trouvez l'bme soeur sur MSN Rencontres ! http://g.msn.fr/FR1000/9551 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71890t=71890 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem [7:71890]
Hi What you did when you typed no ip routing was to effectively change your router into an IP host. You must enable ip routing with ip routing and then add your static route. Test again and come back for help if it doensn't work. One advantage of disabling IP routing and effectively turning your router into a host is because you can then use all the nice debug functionalities like debug ip packet, as though your router was a host. Regards, Jans Projet AIM wrote: Hi all I have a cisco 3600 and I am facing an unknown problem maybe it is stupuid but realy i don't know I have a pretty much common configuration 2 valid IP addresses on both interfaces. one of them are my network the other interface is linked to another router interface when I trie to ping the outside from the router's consol I have a response but when I try to ping from a machine in my network and don't have any reply. I used static route as in ip route 0.0.0.0 255.255.255.255 xxx.xxx.xxx.xxx where is xxx.xxx.xxx.xxx is the other router interface I disabled ip routing no ip routing Can Anyone please help me if a missed anything THANX a lot Elias _ Trouvez l'bme soeur sur MSN Rencontres ! http://g.msn.fr/FR1000/9551 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71891t=71890 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem [7:71890]
Hi again I am pretty much thanksfull for your explanantion I have tried what you have suggested and still it doesn't work The thing is I am convainced that I am missing something but can't find out what Thanx again and any help is appreciated Elias From: Jans van Deventer Reply-To: Jans van Deventer To: [EMAIL PROTECTED] Subject: Re: Problem [7:71890] Date: Fri, 4 Jul 2003 14:25:41 GMT Hi What you did when you typed no ip routing was to effectively change your router into an IP host. You must enable ip routing with ip routing and then add your static route. Test again and come back for help if it doensn't work. One advantage of disabling IP routing and effectively turning your router into a host is because you can then use all the nice debug functionalities like debug ip packet, as though your router was a host. Regards, Jans Projet AIM wrote: Hi all I have a cisco 3600 and I am facing an unknown problem maybe it is stupuid but realy i don't know I have a pretty much common configuration 2 valid IP addresses on both interfaces. one of them are my network the other interface is linked to another router interface when I trie to ping the outside from the router's consol I have a response but when I try to ping from a machine in my network and don't have any reply. I used static route as in ip route 0.0.0.0 255.255.255.255 xxx.xxx.xxx.xxx where is xxx.xxx.xxx.xxx is the other router interface I disabled ip routing no ip routing Can Anyone please help me if a missed anything THANX a lot Elias _ Trouvez l'bme soeur sur MSN Rencontres ! http://g.msn.fr/FR1000/9551 _ Dicouvrez les nouvelles imotictnes animies de http://g.msn.fr/FR1001/866 MSN Messenger nouvelle formule Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71893t=71890 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem [7:71890]
Probably the outside world doesn't know about your network that's behind the 3600. The ping reply needs to come back somehow. Thanks, Zsombor At 04:32 PM 7/4/2003 +, Projet AIM wrote: Hi again I am pretty much thanksfull for your explanantion I have tried what you have suggested and still it doesn't work The thing is I am convainced that I am missing something but can't find out what Thanx again and any help is appreciated Elias From: Jans van Deventer Reply-To: Jans van Deventer To: [EMAIL PROTECTED] Subject: Re: Problem [7:71890] Date: Fri, 4 Jul 2003 14:25:41 GMT Hi What you did when you typed no ip routing was to effectively change your router into an IP host. You must enable ip routing with ip routing and then add your static route. Test again and come back for help if it doensn't work. One advantage of disabling IP routing and effectively turning your router into a host is because you can then use all the nice debug functionalities like debug ip packet, as though your router was a host. Regards, Jans Projet AIM wrote: Hi all I have a cisco 3600 and I am facing an unknown problem maybe it is stupuid but realy i don't know I have a pretty much common configuration 2 valid IP addresses on both interfaces. one of them are my network the other interface is linked to another router interface when I trie to ping the outside from the router's consol I have a response but when I try to ping from a machine in my network and don't have any reply. I used static route as in ip route 0.0.0.0 255.255.255.255 xxx.xxx.xxx.xxx where is xxx.xxx.xxx.xxx is the other router interface I disabled ip routing no ip routing Can Anyone please help me if a missed anything THANX a lot Elias _ Trouvez l'bme soeur sur MSN Rencontres ! http://g.msn.fr/FR1000/9551 _ Dicouvrez les nouvelles imotictnes animies de http://g.msn.fr/FR1001/866 MSN Messenger nouvelle formule Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71897t=71890 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem [7:71890]
Probably the outside world doesn't know about your network that's behind the 3600. The ping reply needs to come back somehow. And/or the host behind the 3600 doesn't know that the 3600 is the gateway. Thanks, Zsombor At 04:32 PM 7/4/2003 +, Projet AIM wrote: Hi again I am pretty much thanksfull for your explanantion I have tried what you have suggested and still it doesn't work The thing is I am convainced that I am missing something but can't find out what Thanx again and any help is appreciated Elias From: Jans van Deventer Reply-To: Jans van Deventer To: [EMAIL PROTECTED] Subject: Re: Problem [7:71890] Date: Fri, 4 Jul 2003 14:25:41 GMT Hi What you did when you typed no ip routing was to effectively change your router into an IP host. You must enable ip routing with ip routing and then add your static route. Test again and come back for help if it doensn't work. One advantage of disabling IP routing and effectively turning your router into a host is because you can then use all the nice debug functionalities like debug ip packet, as though your router was a host. Regards, Jans Projet AIM wrote: Hi all I have a cisco 3600 and I am facing an unknown problem maybe it is stupuid but realy i don't know I have a pretty much common configuration 2 valid IP addresses on both interfaces. one of them are my network the other interface is linked to another router interface when I trie to ping the outside from the router's consol I have a response but when I try to ping from a machine in my network and don't have any reply. I used static route as in ip route 0.0.0.0 255.255.255.255 xxx.xxx.xxx.xxx where is xxx.xxx.xxx.xxx is the other router interface I disabled ip routing no ip routing Can Anyone please help me if a missed anything THANX a lot Elias _ Trouvez l'bme soeur sur MSN Rencontres ! http://g.msn.fr/FR1000/9551 _ Dicouvrez les nouvelles imotictnes animies de http://g.msn.fr/FR1001/866 MSN Messenger nouvelle formule Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71899t=71890 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ????DHCP Problem???? [7:71667]
It also depends on how your ISP is assigning IP addresses My Cable provider only assigned IP's to registered MAC addresses. In this case you can either register you E1 mac address with them, or you can spoof a registered mac address. Below is a snipet of one of my routers spoofing a MAC address, and configured to received its IP address via DHCP. interface Ethernet0 mac-address 0030.ab14.537a ip address dhcp client-id Ethernet0 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71776t=71667 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ????DHCP Problem???? [7:71667]
UPDATE!!! I was able to get an IP on my 806 off my linksys, thru DHCP after I removed the ip verify unicast reverse-path command , but still unable to get one from my ISP thru my cable modem, even though I can get one on my linksys and direct to my PC off the same modem, kinda weird, maybe Cisco uses a different port # for DHCP requests and my ISP may not recognize it or be blocking it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71674t=71667 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ????DHCP Problem???? [7:71667]
Try interface ethernet 1 ip address negotiated I've seen some configuration like this before and believe it is when the other side is running a DHCP server. Kind regards, Janó Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71732t=71667 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IMA problem between Cisco 3600 and Nortel Passport [7:71632]
Hi, I am having a stability trouble with an IMA configured over a Cisco 3600 router. The IMA is connected to a Nortel Passport 7480. The IMA has 2 links, and continuously one of the links fails. Here is the IMA configuration: interface ATM1/0 no ip address no ip mroute-cache no atm oversubscribe no atm ilmi-keepalive ima-group 0 scrambling-payload impedance 120-ohm ! interface ATM1/1 no ip address no ip mroute-cache no atm oversubscribe no atm ilmi-keepalive ima-group 0 scrambling-payload impedance 120-ohm ! interface ATM1/IMA0 no ip address no atm ilmi-keepalive ! interface ATM1/IMA0.1 point-to-point ip address 10.7.128.154 255.255.255.252 pvc 3/223 ubr 3840 encapsulation aal5snap ! ! interface ATM1/IMA0.2 point-to-point ip address 10.16.0.82 255.255.255.252 pvc 3/224 As can be seen, the passport detects many remote links failures: CRITICAL SET 70111213 03-06-29 17:35:45 EM/PPMAL010 LP/1 IMA/1 LK/2 CRITICAL SET 70111213 03-06-29 17:35:45 EM/PPMAL010 LP/1 IMA/1 LK/1 CLEARED CLR 70111213 03-06-29 17:35:55 EM/PPMAL010 LP/1 IMA/1 LK/2 CLEARED CLR 70111213 03-06-29 17:35:55 EM/PPMAL010 LP/1 IMA/1 LK/1 MAJORSET 09990012 03-06-29 18:07:40 EM/PPMAL010 LP/1 IMA/1 LK/2 CLEARED CLR 09990012 03-06-29 18:10:19 EM/PPMAL010 LP/1 IMA/1 LK/2 MAJORSET 09990012 03-06-29 18:10:48 EM/PPMAL010 LP/1 IMA/1 LK/1 CRITICAL SET 70111213 03-06-29 18:17:42 EM/PPMAL010 LP/1 IMA/1 LK/1 CLEARED CLR 09990012 03-06-29 18:17:42 EM/PPMAL010 LP/1 IMA/1 LK/1 CLEARED CLR 70111213 03-06-29 18:17:52 EM/PPMAL010 LP/1 IMA/1 LK/1 I want to know if somebody have experience configuring IMA in similar surroundings and can help me. Regards, Raúl. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71632t=71632 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IMA problem between Cisco 3600 and Nortel Pass [7:71632]
What does the troubleshooting NTP (I forget the exact name number, but if you have a PP, you probably know it) say about error 7011 1213 and 0999 0012? I notice the former is a critical while the latter is a major; also, the times on the errors sometime overlap. You may have to read down into the verbiage to get a description. It's highly likely they both result from a single root cause, and looking at the detailed description on both error messages may yield what the PP thinks is the problem. That should then lead you to what needs to change (and that might be on either switch). Sorry I can't help more than that, but I don't have PP handy anymore. Annlee Raul Arango wrote: Hi, I am having a stability trouble with an IMA configured over a Cisco 3600 router. The IMA is connected to a Nortel Passport 7480. The IMA has 2 links, and continuously one of the links fails. Here is the IMA configuration: interface ATM1/0 no ip address no ip mroute-cache no atm oversubscribe no atm ilmi-keepalive ima-group 0 scrambling-payload impedance 120-ohm ! interface ATM1/1 no ip address no ip mroute-cache no atm oversubscribe no atm ilmi-keepalive ima-group 0 scrambling-payload impedance 120-ohm ! interface ATM1/IMA0 no ip address no atm ilmi-keepalive ! interface ATM1/IMA0.1 point-to-point ip address 10.7.128.154 255.255.255.252 pvc 3/223 ubr 3840 encapsulation aal5snap ! ! interface ATM1/IMA0.2 point-to-point ip address 10.16.0.82 255.255.255.252 pvc 3/224 As can be seen, the passport detects many remote links failures: CRITICAL SET 70111213 03-06-29 17:35:45 EM/PPMAL010 LP/1 IMA/1 LK/2 CRITICAL SET 70111213 03-06-29 17:35:45 EM/PPMAL010 LP/1 IMA/1 LK/1 CLEARED CLR 70111213 03-06-29 17:35:55 EM/PPMAL010 LP/1 IMA/1 LK/2 CLEARED CLR 70111213 03-06-29 17:35:55 EM/PPMAL010 LP/1 IMA/1 LK/1 MAJORSET 09990012 03-06-29 18:07:40 EM/PPMAL010 LP/1 IMA/1 LK/2 CLEARED CLR 09990012 03-06-29 18:10:19 EM/PPMAL010 LP/1 IMA/1 LK/2 MAJORSET 09990012 03-06-29 18:10:48 EM/PPMAL010 LP/1 IMA/1 LK/1 CRITICAL SET 70111213 03-06-29 18:17:42 EM/PPMAL010 LP/1 IMA/1 LK/1 CLEARED CLR 09990012 03-06-29 18:17:42 EM/PPMAL010 LP/1 IMA/1 LK/1 CLEARED CLR 70111213 03-06-29 18:17:52 EM/PPMAL010 LP/1 IMA/1 LK/1 I want to know if somebody have experience configuring IMA in similar surroundings and can help me. Regards, Raúl. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71654t=71632 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
????DHCP Problem???? [7:71667]
Hi, I have started a home lab and have a Cisco 806 router with IOS 12.2 IP F/W Plus installed on it. I am trying to set up the 806 to be my gateway between my home network and my cable modem. I have set up nat and have that working properly, and I have tried RIP v2 running between the 806 and Linksys, which works ok, my problem is that I can't pull a DHCP IP address from my ISP from my e1 int to save my life, I can get an ip on my linksys off the cable modem and direct into my PC just fine but when I try it on my 806 no matter what I try it just wont take an IP off my cable modem, I know it has to be something in my config, because my modem works fine everywhere else, if you guys could take a look at my config and help me out I would appreciate it - THANKS!!! 806#sh ru Building configuration... Current configuration : 1726 bytes ! version 12.2 no parser cache no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname 806 ! logging console informational ! clock timezone PST -8 clock summer-time PDT recurring ip subnet-zero no ip source-route no ip domain lookup ip name-server x.x.x.x ip name-server x.x.x.x ip dhcp excluded-address 10.10.10.1 ip dhcp excluded-address 10.10.10.2 ip dhcp ping packets 1 ip dhcp ping timeout 100 ! ip dhcp pool CLIENT import all network 10.10.10.0 255.255.255.0 default-router 10.10.10.1 ! ip dhcp pool client ! no ip bootp server ip cef ! ! ! interface Ethernet0 ip address 10.10.10.3 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip accounting access-violations ip nat inside no cdp enable hold-queue 32 in hold-queue 100 out ! interface Ethernet1 description Internet ip address dhcp ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip accounting access-violations ip nat outside no cdp enable ! ip nat log translations syslog ip nat inside source list 1 interface Ethernet0 overload no ip classless ip route 0.0.0.0 0.0.0.0 192.168.1.1 no ip http server ! ! access-list 1 permit any access-list 102 permit ip 10.10.10.0 0.0.0.255 any dialer-list 1 protocol ip permit dialer-list 1 protocol ipx permit no cdp run ! line con 0 exec-timeout 120 0 logging synchronous stopbits 1 line vty 0 4 exec-timeout 0 0 exec prompt timestamp length 0 ! scheduler max-task-time 5000 scheduler interval 500 end Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71667t=71667 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ????DHCP Problem???? [7:71667]
UPDATE!!! I was able to get an IP on my 806 off my linksys, thru DHCP after I removed the ip verify unicast reverse-path command , but still unable to get one from my ISP thru my cable modem, even though I can get one on my linksys and direct to my PC off the same modem, kinda weird, maybe Cisco uses a different port # for DHCP requests and my ISP may not recognize it or be blocking it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71673t=71667 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Boot problem with new 6513 [7:71390]
I assume you have OS somewhere on this box. If the OS is on bootflash, from the ROMMON prompt try boot bootflash:filename You should be able to verify a files existance by doing a dir bootflash: Dave Ron wrote: I have a new 6513 Catalyst switch and am getting the following when I boot the device: Autoboot: failed, BOOT string is empty rommon 1 Can someone lead me in the right direction on what to do to get the boot string set up properly? -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 Government can do something for the people only in proportion as it can do something to the people. -- Thomas Jefferson Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71438t=71390 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Switch cluster managment problem. [7:71336]
Hi all, We have a 3550-12T which is connected to 3 2950G-48-EI's via the GBIC ports. When I access the cluster managment software on the 3550 is shows the 2950s as unknown devices, if I access the CMS on one of the 2950s it shows me the correct switch (but only the one) and I'm able to manage it. Is there anyway I can get the CMS on the 3550 to pick up the model of the switches it's connected to correctly. Thanks Stu P Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71336t=71336 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Boot problem with new 6513 [7:71390]
I have a new 6513 Catalyst switch and am getting the following when I boot the device: Autoboot: failed, BOOT string is empty rommon 1 Can someone lead me in the right direction on what to do to get the boot string set up properly? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71390t=71390 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Boot problem with new 6513 [7:71390]
Is there a slot card in the sup ? If so , try to boot from slot0: Larry Letterman Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ron Sent: Wednesday, June 25, 2003 3:55 PM To: [EMAIL PROTECTED] Subject: Boot problem with new 6513 [7:71390] I have a new 6513 Catalyst switch and am getting the following when I boot the device: Autoboot: failed, BOOT string is empty rommon 1 Can someone lead me in the right direction on what to do to get the boot string set up properly? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71392t=71390 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Boot problem with new 6513 [7:71390]
Ronnie Ron wrote in message news:[EMAIL PROTECTED] I have a new 6513 Catalyst switch and am getting the following when I boot the device: Autoboot: failed, BOOT string is empty rommon 1 Can someone lead me in the right direction on what to do to get the boot string set up properly? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71400t=71390 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RES: Problem w/ 802.1q trunking [7:70901]
The native Vlan on the 5500 is Vlan 13. Hemingway: The config I posted was from a 4500M router with a NP-6e module installed. Like I said before I have don't have a problem with 2 of the 3 vlans on the trunk link, but it's Vlan 13 that's the problem. I'm not able to ping from and to anywhere on that Vlan. jvd: I think starting with the release of 12.2 you are able to trunk on 10Mb links on routers 2600 and above. Try it... Hemingway wrote: - jvd wrote in message news:[EMAIL PROTECTED] Hi, 802.1q is supported by Cisco on FastEthernet and GigabitEthernet, and not on Ethernet. Check out: moving to a new computer, and can't locate the beginning of this thread. sorry if this was covered previously. the 2610 and 11 will support dot1q trunking on the built in 10baseT ethernet ports. I believe this startrd with one of the earlier 12.1 IOS images. I also have done dot1q trunking of NM ethernet modules, both on the 36xx and 26xx platforms, again with an appropriate IOS image. If it was router ports of which you were speaking. Can't say as to whether or not there are 10baseT switch ports that support dot1q, although I believe you can do it on 35xx switches where the fastethernet port is forced to a 10megabit speed. http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca801.html#xtocid18 ISL is supported by Cisco on Ethernet, FastEthernet and GigabitEthernet. Hope this helps. Regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71255t=70901 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RES: Problem w/ 802.1q trunking [7:70901]
This is very interesting. The URL that I posted earlier: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_config uration_guide_chapter09186a00800ca801.html#xtocid18 is for IOS 12.2 Mainline. From the original message posted you can see that it is really ethernet ports the guy is trying to configure. And Hemingway is saying that he has configured 802.1q on router ethernet ports before with IOS 12.1. Any comments on this? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71089t=70901 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RES: Problem w/ 802.1q trunking [7:70901]
Hi, 802.1q is supported by Cisco on FastEthernet and GigabitEthernet, and not on Ethernet. Check out: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca801.html#xtocid18 ISL is supported by Cisco on Ethernet, FastEthernet and GigabitEthernet. Hope this helps. Regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71064t=70901 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]