RE: {Spam?} question on acl [7:75258]

[Reimer, Fred]

Well, we have two right answers (you can do it with a wildcard mask of
0.0.0.254) and two wrong answers (it's not possible).  I'll break the tie
and say you can do it ;-)

Fred Reimer - CCNA


Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050


NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.


-Original Message-
From: Robert Perez [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 11, 2003 1:10 PM
To: [EMAIL PROTECTED]
Subject: RE: {Spam?} question on acl [7:75258]

You would have to do each host individually as:

access-list 110 deny tcp host 192.168.2.2 host 192.168.1.254 eq 23

You cannot choose only even addresses with any kind of command. Atleast not
that I am aware of.

-Original Message-
From: Yong Wee [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 11, 2003 11:34 AM
To: [EMAIL PROTECTED]
Subject: {Spam?} question on acl [7:75258]


Hi,
   How do you write an ext acl to block telnet access from even addresses in
subnet 192.168.2.0/24 (i.e, .2, .4, .6 etc) to server 192.168.1.254?

thks,
yongwee
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=75282&t=75258
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: {Spam?} question on acl [7:75258]

[Salvatore De Luca]

Robert, 

  Yes.. You absolutley CAN... See previous reply...


Robert Perez wrote:
> 
> You would have to do each host individually as:
> 
> access-list 110 deny tcp host 192.168.2.2 host 192.168.1.254 eq
> 23
> 
> You cannot choose only even addresses with any kind of command.
> Atleast not
> that I am aware of.
> 
> -Original Message-
> From: Yong Wee [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, September 11, 2003 11:34 AM
> To: [EMAIL PROTECTED]
> Subject: {Spam?} question on acl [7:75258]
> 
> 
> Hi,
>How do you write an ext acl to block telnet access from even
> addresses in
> subnet 192.168.2.0/24 (i.e, .2, .4, .6 etc) to server
> 192.168.1.254?
> 
> thks,
> yongwee
> **Please support GroupStudy by purchasing from the GroupStudy
> Store:
> http://shop.groupstudy.com FAQ, list archives, and subscription
> info:
> http://www.groupstudy.com/list/cisco.html
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=75283&t=75258
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: question on acl [7:75257]

[Reimer, Fred]

Er, yes you can.  Two people have already replied on how.  Use a WILDCARD
mask of 0.0.0.254.  Simple, easy, effective.  I'd hate to have to type in
128 permit statements.  Probably end up writing a Perl one-liner, but the
easier way is to use the proper WILDCARD mask.

Fred Reimer - CCNA


Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050


NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.


-Original Message-
From: Andrew Larkins [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 11, 2003 12:50 PM
To: [EMAIL PROTECTED]
Subject: RE: question on acl [7:75257]

As multiple single entries - you can not summarize these...

A better way is to have all the specific users that must be denied to be in
a summarizable subnet

-Original Message-
From: Yong Wee [mailto:[EMAIL PROTECTED] 
Sent: 11 September 2003 17:30
To: [EMAIL PROTECTED]
Subject: question on acl [7:75257]


Hi,
   How do you write an ext acl to block telnet access from even addresses in
subnet 192.168.2.0/24 (i.e, .2, .4, .6 etc) to server 192.168.1.254?

rgds,
yongwee
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=75280&t=75257
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: {Spam?} question on acl [7:75258]

[Robert Perez]

You would have to do each host individually as:

access-list 110 deny tcp host 192.168.2.2 host 192.168.1.254 eq 23

You cannot choose only even addresses with any kind of command. Atleast not
that I am aware of.

-Original Message-
From: Yong Wee [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 11, 2003 11:34 AM
To: [EMAIL PROTECTED]
Subject: {Spam?} question on acl [7:75258]


Hi,
   How do you write an ext acl to block telnet access from even addresses in
subnet 192.168.2.0/24 (i.e, .2, .4, .6 etc) to server 192.168.1.254?

thks,
yongwee
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=75270&t=75258
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: question on acl [7:75257]

[Andrew Larkins]

As multiple single entries - you can not summarize these...

A better way is to have all the specific users that must be denied to be in
a summarizable subnet

-Original Message-
From: Yong Wee [mailto:[EMAIL PROTECTED] 
Sent: 11 September 2003 17:30
To: [EMAIL PROTECTED]
Subject: question on acl [7:75257]


Hi,
   How do you write an ext acl to block telnet access from even addresses in
subnet 192.168.2.0/24 (i.e, .2, .4, .6 etc) to server 192.168.1.254?

rgds,
yongwee
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=75268&t=75257
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: L2TP v3 Question [7:75255]

[Doan Nguyen]

I just had mine working.

Cola#show run
Building configuration...

Current configuration : 2615 bytes
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service single-slot-reload-enable
!
hostname Cola
!
redundancy
 no keepalive-enable
 mode hsa
enable secret 5 $1$4gPI$wcQKNzXJpTT3ibtsj.nLY0
!
ip subnet-zero
ip cef distributed
ip host jazz 192.168.100.53
mpls ldp logging neighbor-changes
no mpls traffic-eng auto-bw timers frequency 0
l2tp-class mc_l2tp_contr
 hello 30
 password 0 secret
 cookie size 8
!
pseudowire-class mc_l2tp_path
 encapsulation l2tpv3
 protocol l2tpv3 mc_l2tp_contr
 ip local interface Loopback3
 ip pmtu
 ip dfbit set
 ip tos reflect
!
!
!
!
interface Loopback0
 ip address 30.30.30.1 255.255.255.255
 no ip directed-broadcast
!
interface Loopback3
 ip address 192.168.100.43 255.255.255.255
 no ip directed-broadcast
!
interface Loopback4
 ip address 50.0.0.1 255.255.255.255
 no ip directed-broadcast
!
interface FastEthernet3/0/0
 no ip address
 no ip directed-broadcast
 shutdown
!
interface Ethernet3/1/0
 ip address 200.100.100.1 255.255.255.0
 no ip directed-broadcast
!
interface Ethernet3/1/1
 no ip address
 no ip directed-broadcast
 shutdown
!
interface Ethernet3/1/2
 no ip address
 no ip directed-broadcast
 shutdown
!
interface Ethernet3/1/3
 no ip address
 no ip directed-broadcast
 shutdown
!
interface Ethernet3/1/4
 no ip address
 no ip directed-broadcast
 shutdown
!
interface Ethernet3/1/5
 no ip address
 no ip directed-broadcast
 shutdown
!
interface Ethernet3/1/6
 no ip address
 no ip directed-broadcast
 shutdown
!
interface Ethernet3/1/7
 no ip address
 no ip directed-broadcast
 shutdown
!
interface FastEthernet9/0/0
 no ip address
 no ip directed-broadcast
 full-duplex
!
interface FastEthernet9/0/0.1
 encapsulation dot1Q 101
 ip address 13.0.1.1 255.255.255.252
 no ip directed-broadcast
!
interface FastEthernet9/0/1
 no ip address
 no ip directed-broadcast
 full-duplex
!
interface FastEthernet9/0/1.1
 encapsulation dot1Q 101
 no ip directed-broadcast
 no cdp enable
 xconnect 192.168.100.53 101 pw-class mc_l2tp_path
!
interface FastEthernet9/1/0
 ip address 10.1.1.1 255.255.255.0
 no ip directed-broadcast
 media-type MII
 full-duplex
!
router bgp 10
 no synchronization
 bgp log-neighbor-changes
 network 50.0.0.0
 redistribute connected
 neighbor 20.20.20.1 remote-as 10
 neighbor 20.20.20.1 update-source Loopback0
 no auto-summary
!
ip classless
ip route 10.2.2.0 255.255.255.0 10.1.1.2
ip route 20.20.20.1 255.255.255.255 13.0.1.2
ip route 192.168.100.53 255.255.255.255 10.1.1.2
!
!
!
!
alias exec ff show ip int brief
!
line con 0
line aux 0
line vty 0 4
 password cisco
 login
!
end

router2#

Building configuration...

Current configuration : 3888 bytes
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service single-slot-reload-enable
!
hostname blabla2
!
redundancy
 no keepalive-enable
 mode hsa
enable secret 5 $1$j7en$FoJXnn8QFW18jod4ncYzi.
!
ip subnet-zero
ip cef distributed
ip host cola 192.168.100.43
no mpls ldp logging neighbor-changes
no mpls traffic-eng auto-bw timers frequency 0
l2tp-class mc_l2tp_contr
 hello 30
 password 0 secret
 cookie size 8
!
pseudowire-class mc_l2tp_path
 encapsulation l2tpv3
 protocol l2tpv3 mc_l2tp_contr
 ip local interface Loopback3
 ip pmtu
 ip dfbit set
 ip tos reflect
!
!
!
!
interface Loopback0
 ip address 20.20.20.1 255.255.255.255
 no ip directed-broadcast
!
interface Loopback3
 ip address 192.168.100.53 255.255.255.255
 no ip directed-broadcast
!
!
interface FastEthernet5/1/0
 ip address 10.2.2.2 255.255.255.0
 no ip directed-broadcast
 no ip route-cache distributed
 full-duplex
!
interface FastEthernet8/1/0
 no ip address
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
 full-duplex
!
interface FastEthernet8/1/0.1
 encapsulation dot1Q 101
 ip address 13.0.1.2 255.255.255.252
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet8/1/1
 no ip address
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
 full-duplex
!
interface FastEthernet8/1/1.1
 encapsulation dot1Q 101
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
 no cdp enable
 xconnect 192.168.100.43 101 pw-class mc_l2tp_path
!

!
ip classless
ip route 10.1.1.0 255.255.255.0 10.2.2.1
ip route 192.168.100.43 255.255.255.255 10.2.2.1
!
line con 0
line aux 0
line vty 0 4
 password cisco
 login
!
end

Cisco has a messed up way of implementing the L2TPv3 tunnels like this. 
Basically you looped two FE ports together.  Pick 1 port for your layer 3
routing and the other port to cross connect your layer two tunnels.  The
vlan ID for the two FE ports must match.  The tunnels reference the loopback
of the endpoint router.  Hope this helps.

-Doan







Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=75266&t=75255

Re: question on acl [7:75257]

[Bob by The Bay]

Yongwee,
!
!  Deny even numbers but permit everything else
!
access-list 101 deny tcp 192.168.2.0 0.0.0.254 host 192.168.1.254 eq telnet
access-list 101 permit any any
! implicit deny all here
!
!
or perhaps more efficiently
!
!
!  Permit odd numbers only
!
access-list 101 permit tcp 192.168.2.1 0.0.0.254 host 192.168.1.254 eq
telnet
! implicit deny all here
!
These answers are based on the fact that an even number in binary will have
a least significant digit of 0 in the octet while an odd number will have a
1.  Thus the 0.0.0.254 mask isolates the least significant digit for a match
against either a 1 or a zero.

FWIW,
Bob

""Yong Wee""  wrote in message
news:[EMAIL PROTECTED]
> Hi,
>How do you write an ext acl to block telnet access from even addresses
in
> subnet 192.168.2.0/24 (i.e, .2, .4, .6 etc) to server 192.168.1.254?
>
> rgds,
> yongwee
> **Please support GroupStudy by purchasing from the GroupStudy Store:
> http://shop.groupstudy.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=75262&t=75257
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: question on acl [7:75258]

[Salvatore De Luca]

Here is an example of a named ACL to Block Specific even HOST sources to
destination port 23 to the address you specified. You can use:

  ip access-list extended BLOCK_TELNET_EVEN 
deny tcp 192.168.2.0 0.0.0.254 host 192.168.1.254 eq telnet
permit ip any any 

  
 Just practice and play with the BITS in the MASK.. You can achieve this
type of scenario in 1 statment..

-Sal

Yong Wee wrote:
> 
> Hi,
>How do you write an ext acl to block telnet access from even
> addresses in
> subnet 192.168.2.0/24 (i.e, .2, .4, .6 etc) to server
> 192.168.1.254?
> 
> thks,
> yongwee
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=75260&t=75258
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

question on acl [7:75257]

[Yong Wee]

Hi,
   How do you write an ext acl to block telnet access from even addresses in
subnet 192.168.2.0/24 (i.e, .2, .4, .6 etc) to server 192.168.1.254?

rgds,
yongwee




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=75257&t=75257
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

question on acl [7:75258]

[Yong Wee]

Hi,
   How do you write an ext acl to block telnet access from even addresses in
subnet 192.168.2.0/24 (i.e, .2, .4, .6 etc) to server 192.168.1.254?

thks,
yongwee




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=75258&t=75258
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

L2TP v3 Question [7:75255]

[Hayes, Christopher]

Trying to do a lab that connects two ethernet lans together via L2TP v3.

Cisco has diddly for config examples. Does anyone have any that work?

Here is what I have so far. (shown below)

Topology:

pc1--lan1---fa0/0-router1-fa5/0--tunnel-fa5/0-router2-fa0/0---lan2--
pc2

Configs:

*
router1
*
ip cef

int lo0
 ip addr 192.168.254.2 255.255.255.0

l2tp-class l2tp-defaults
 retransmit initial retries 30
 cookie size 8

pseudowire-class ether-pw
 encapsulation l2tpv3
 protocol none
 ip local interface Loopback0

interface FastEthernet 0/0
 xconnect 192.168.1.2 123 encapsulation l2tpv3 manual pw-class ether-pw
l2tp id 222 111  l2tp cookie local 4 54321  l2tp cookie remote 4 12345  l2tp
hello l2tp-defaults

*
router2
*
ip cef

int lo0
 ip addr 192.168.254.3 255.255.255.0

l2tp-class l2tp-defaults
 retransmit initial retries 30
 cookie size 8

pseudowire-class ether-pw
 encapsulation l2tpv3
 protocol none
 ip local interface Loopback0

interface Ethernet 2/0
 xconnect 192.168.1.1 123 encapsulation l2tpv3 manual pw-class ether-pw
l2tp id 111 222  l2tp cookie local 4 12345  l2tp cookie remote 4 54321  l2tp
hello l2tp-defaults


Thanks,

Chris




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=75255&t=75255
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Basic IP CEF question (again) [7:75161]

[Zsombor Papp]

Broadcast means everybody receives it.

 Curious wrote:
> 
> Hi Zsombor, what do you mean?? Why the router has the broadcast
> IP in
> "receive" mode?
> I would like to know more about this ;)
> 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=75253&t=75161
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: question? [7:75237]

[Chibwe, Oliver J, NEO]

Yes I do and how can I contribute to your good cause?:)

Thank you

Ollie
AT&T Common Backbone
866-397-7309 Opt 1


-Original Message-
From: Accsystest [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 11, 2003 6:33 AM
To: [EMAIL PROTECTED]
Subject: question? [7:75237]


got your email address from the web: do you answer cisco related questions
by any chance: know any one who is willing to?
 



-
Yahoo! Search
- Looking for more? Try the new Yahoo! Search
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=75246&t=75237
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

question? [7:75237]

[Accsystest]

got your email address from the web: do you answer cisco related questions
by any chance: know any one who is willing to?
 



-
Yahoo! Search
- Looking for more? Try the new Yahoo! Search




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=75237&t=75237
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Basic IP CEF question (again) [7:75161]

[Curious]

Hi Zsombor, what do you mean?? Why the router has the broadcast IP in 
"receive" mode?
I would like to know more about this ;)



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=75224&t=75161
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Basic IP CEF question (again) [7:75161]

[Zsombor Papp]

Well, the accurate answer is that those are the packets that the router
wants to receive (as opposed to switch), but I didn't think that this would
be a lot of help. :)

You do recognize the common theme across "own IP address" and "broadcast of
local net", don't you?

Thanks,

Zsombor

> My comments:
> 
> Hello Zsombor, I can see IP addresses that doesn't belong to
> the router, for example:
> Router#sh ip cef | include 10.224.0.51
> 10.224.0.51/32  receive
> 
> But the IP address of the router in the subnet is:
> 
>  10.224.0.49
> 
> The subnet is:
> 
>  10.224.0.48/30
> 
> So the IP address 10.224.0.51 is the broadcast address of the 
> router in the network, but not the IP owned by the router.
> What do you think??
> Thx a lot.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=75190&t=75161
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Basic IP CEF question (again) [7:75161]

[Curious]

The history:

Author: Zsombor Papp (---.dsl.snfc21.pacbell.net)
Date:   09-08-03 14:47

It means that's the router's own IP address. 

Thanks, 

Zsombor 

Curious wrote: 
> 
> Hello dear friends, 
> I would like to know the meaning of the keyword "receive" that I 
> can see when I execute a "show ip cef" command: 
> 
> For example: 
> 
> show ip cef 
> Prefix Next Hop Interface 
>  
>  
> 10.64.15.224/32 receive 
> 
> What means that the "next-hop" is "receive". 
> 
> More details: 
> 
> ROUTER#sh ip route 10.64.15.224 
> Routing entry for 10.64.15.224/28 
> Known via "connected", distance 0, metric 0 (connected, via 
> interface) 
> Redistributing via ospf 10 
> Advertised by ospf 10 subnets 
> Routing Descriptor Blocks: 
> * directly connected, via FastEthernet4/1/0.30 
> Route metric is 0, traffic share count is 1 
> 
> Any comments?? Bye and Thx 
> 
> 

My comments:

Hello Zsombor, I can see IP addresses that doesn't belong to the router, for
example:
Router#sh ip cef | include 10.224.0.51
10.224.0.51/32  receive

But the IP address of the router in the subnet is:

 10.224.0.49

The subnet is:

 10.224.0.48/30

So the IP address 10.224.0.51 is the broadcast address of the 
router in the network, but not the IP owned by the router.
What do you think??
Thx a lot.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=75161&t=75161
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Basic CEF question. [7:74962]

[Zsombor Papp]

It means that's the router's own IP address.

Thanks,

Zsombor

Curious wrote:
> 
> Hello dear friends,
> I would like to know the meaning of the keyword "receive" that I
> can see when I execute a "show ip cef" command:
> 
>   For example:
> 
>  show ip cef
>Prefix  Next Hop Interface
>
>
>10.64.15.224/32 receive
> 
>What means that the "next-hop" is "receive".
> 
>More details:
> 
>ROUTER#sh ip route 10.64.15.224
> Routing entry for 10.64.15.224/28
>   Known via "connected", distance 0, metric 0 (connected, via
> interface)
>   Redistributing via ospf 10
>   Advertised by ospf 10 subnets
>   Routing Descriptor Blocks:
>   * directly connected, via FastEthernet4/1/0.30
>   Route metric is 0, traffic share count is 1
> 
>  Any comments?? Bye and Thx
> 
> 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74969&t=74962
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Basic CEF question. [7:74962]

[Curious]

Hello dear friends,
I would like to know the meaning of the keyword "receive" that I
can see when I execute a "show ip cef" command:

  For example:

 show ip cef
   Prefix  Next Hop Interface
   
   
   10.64.15.224/32 receive

   What means that the "next-hop" is "receive".

   More details:

   ROUTER#sh ip route 10.64.15.224
Routing entry for 10.64.15.224/28
  Known via "connected", distance 0, metric 0 (connected, via interface)
  Redistributing via ospf 10
  Advertised by ospf 10 subnets
  Routing Descriptor Blocks:
  * directly connected, via FastEthernet4/1/0.30
  Route metric is 0, traffic share count is 1

 Any comments?? Bye and Thx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74962&t=74962
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Question regarding dialer-watch [7:74900]

[Jens Petter Eikeland]

Hi group...

Found the problem

My virtual link had got the cost of the bri interface, which I had sett to
65535..

This did so that the virtual link never came up...

Thanks for all the advices

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of SEC
Groupstudy
Sent: 3. september 2003 10:49
To: Security Group Study; 'Jens Petter Eikeland'
Subject: RE: Question regarding dialer-watch

Hi,

You need to do some relavent debugs on the router.
may I suggest you try: debug isdn events, debug isdn error,
debug ppp events etc. you may like to try a debug ip packet on the dialer
interface - but be careful.

My guess is that you'll see a "encapsulation failed" type message. Post your
configs

Adam

> --
> From: Jens Petter Eikeland[SMTP:[EMAIL PROTECTED]
> Reply To: Jens Petter Eikeland
> Sent: Tuesday, September 02, 2003 5:08 PM
> To:   Security Group Study; Groupstudy
> Subject:  Question regarding dialer-watch
>
> I have put up a solution with isdn backup to a primary Frame-Relay link.
> This is set up with Tacacs callback solution.
> The link seems to function fine. Then I try to put on dialer-watch on the
> client side of this link.
> When I shall test this by bringing sown the primary, everything looks
> fine.
> The backup is coming up, the routes ar prefered over isdn.
>
> But when I try to send any trafic I form of pings or telnet nothing
> happens
> Even when the link are up my packet wont go over the link.
> I have also a friend that is having the same problem, and then I guess
> There will be other that has experienced this..
>
> Please help, I have only days before my lab attempt
>
> Jens P




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74900&t=74900
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Question regarding dialer-watch [7:74667]

[Brian McGahan]

Jens,

Assuming this is legacy DDR, do you have a static layer 3 to
layer 2 resolution (dialer map) for the IP of the remote end?  Post your
config if you're still having trouble.

HTH,

Brian McGahan, CCIE #8593
[EMAIL PROTECTED] 

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-334-8987
Direct: 708-362-1418 (Outside the US and Canada)


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Jens Petter Eikeland
Sent: Tuesday, September 02, 2003 11:16 AM
To: [EMAIL PROTECTED]
Subject: Question regarding dialer-watch [7:74667]

I have put up a solution with isdn backup to a primary Frame-Relay link.
This is set up with Tacacs callback solution.
The link seems to function fine. Then I try to put on dialer-watch on
the
client side of this link.
When I shall test this by bringing sown the primary, everything looks
fine.
The backup is coming up, the routes ar prefered over isdn.

But when I try to send any trafic I form of pings or telnet nothing
happens
Even when the link are up my packet wont go over the link.
I have also a friend that is having the same problem, and then I guess
There will be other that has experienced this..

Please help, I have only days before my lab attempt

Jens P
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74760&t=74667
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Question regarding dialer-watch [7:74667]

[Brian McGahan]

Jens,

Assuming this is legacy DDR, do you have a static layer 3 to
layer 2 resolution (dialer map) for the IP of the remote end?  Post your
config if you're still having trouble.

HTH,

Brian McGahan, CCIE #8593
[EMAIL PROTECTED] 

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-334-8987
Direct: 708-362-1418 (Outside the US and Canada)


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Jens Petter Eikeland
Sent: Tuesday, September 02, 2003 11:16 AM
To: [EMAIL PROTECTED]
Subject: Question regarding dialer-watch [7:74667]

I have put up a solution with isdn backup to a primary Frame-Relay link.
This is set up with Tacacs callback solution.
The link seems to function fine. Then I try to put on dialer-watch on
the
client side of this link.
When I shall test this by bringing sown the primary, everything looks
fine.
The backup is coming up, the routes ar prefered over isdn.

But when I try to send any trafic I form of pings or telnet nothing
happens
Even when the link are up my packet wont go over the link.
I have also a friend that is having the same problem, and then I guess
There will be other that has experienced this..

Please help, I have only days before my lab attempt

Jens P
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74701&t=74667
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Question regarding dialer-watch [7:74667]

[Brian McGahan]

Jens,

Assuming this is legacy DDR, do you have a static layer 3 to layer 2
resolution (dialer map) for the IP of the remote end?  Post your config if
you're still having trouble.

HTH,

Brian McGahan, CCIE #8593
[EMAIL PROTECTED]

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-334-8987
Direct: 708-362-1418 (Outside the US and Canada)


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jens
Petter Eikeland
Sent: Tuesday, September 02, 2003 11:16 AM
To: [EMAIL PROTECTED]
Subject: Question regarding dialer-watch [7:74667]

I have put up a solution with isdn backup to a primary Frame-Relay link.
This is set up with Tacacs callback solution.
The link seems to function fine. Then I try to put on dialer-watch on the
client side of this link.
When I shall test this by bringing sown the primary, everything looks fine.
The backup is coming up, the routes ar prefered over isdn.

But when I try to send any trafic I form of pings or telnet nothing happens
Even when the link are up my packet wont go over the link.
I have also a friend that is having the same problem, and then I guess
There will be other that has experienced this..

Please help, I have only days before my lab attempt

Jens P
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html

[GroupStudy removed an attachment of type application/ms-tnef which had a
name of winmail.dat]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74700&t=74667
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

isdn question [7:74677]

[Rocky nguyen]

what happen if ISDN received the setup but not responded to connect ? IS the
problem pointing to layer 1 , 2 or 3 ?

Thanks


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74677&t=74677
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Question regarding dialer-watch [7:74667]

[Reimer, Fred]

What are you trying to accomplish?  A configuration using specific protocols
for some lab, or are you just trying to get some connectivity up and
running?  Why don't you just use backup interface?  Ah, it looks like you
are doing this for a lab, and not a real-life reason.  O.K., is your IPsec
connection up after the ISDN kicks in?  Since it's for a lab, it really
can't hurt security wise to send the configs for both sides, so send them.

Fred Reimer - CCNA


Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050


NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.


-Original Message-
From: Jens Petter Eikeland [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, September 02, 2003 12:16 PM
To: [EMAIL PROTECTED]
Subject: Question regarding dialer-watch [7:74667]

I have put up a solution with isdn backup to a primary Frame-Relay link.
This is set up with Tacacs callback solution.
The link seems to function fine. Then I try to put on dialer-watch on the
client side of this link.
When I shall test this by bringing sown the primary, everything looks fine.
The backup is coming up, the routes ar prefered over isdn.

But when I try to send any trafic I form of pings or telnet nothing happens
Even when the link are up my packet wont go over the link.
I have also a friend that is having the same problem, and then I guess
There will be other that has experienced this..

Please help, I have only days before my lab attempt

Jens P
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74675&t=74667
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Interesting Question [7:74652]

[Chibwe, Oliver J, NEO]

Bani

This is my understanding...Just with any rule..you allow certain things
and you don't allow some. Reserve some things and you don't reserve
some...What I'm trying to say is the matter of logical and
efficient,convinient, simple or orderly if you will...when the InterNIC
was given the task of IP addressing they had to have some IP addresses
be reserved Not used for anything else) but for specific functions
internetwork.Such as multicasting for example, 224.0.0.9,
224.0.0.10...224.0.0.5 224.0.0.6 ..in routing protocol(IGRP,OSPF etc.)
Or Loopback testing 127.0.0.0.. better still 255.255.255.255 for
broadcasting... I don't think there is any mathematical implication but
order. Just look at this order and logic below..

Class A = 1-126 ( 0,127 reserved)
Class B = 128-191
Class C = 192- 223
Class D = 224-239 (Multicast) 

If you find one please let me..


Thank you

Ollie
AT&T Common Backbone
866-397-7309 Opt 1


-Original Message-
From: Bharani [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 02, 2003 8:14 AM
To: [EMAIL PROTECTED]
Subject: Interesting Question [7:74652]


Dear Readers

  Does any one know the Mathematical reason for making
127.X.X.X as a Loop Back address, if so please let me know

Thanks in advance
Bani
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74670&t=74652
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Question regarding dialer-watch [7:74667]

[Jens Petter Eikeland]

I have put up a solution with isdn backup to a primary Frame-Relay link.
This is set up with Tacacs callback solution.
The link seems to function fine. Then I try to put on dialer-watch on the
client side of this link.
When I shall test this by bringing sown the primary, everything looks fine.
The backup is coming up, the routes ar prefered over isdn.

But when I try to send any trafic I form of pings or telnet nothing happens
Even when the link are up my packet wont go over the link.
I have also a friend that is having the same problem, and then I guess
There will be other that has experienced this..

Please help, I have only days before my lab attempt

Jens P




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74667&t=74667
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Interesting Question [7:74652]

[Reimer, Fred]

Sorry, but that sounds too much like the joker on the Yahoo group, which I
had to quit because it was so full of mis-information.  There was this guy
who was adamant that packets coming into the router were effected by the
outgoing access-list.  "Very few people understand ACLs correctly" or
something similar he said.  "Try it yourself, you will see!"  I don't know
how many people's time he wasted on that fiasco.

There is no "mathematical" reason.  Yes, 127 is 0x7f, and 0111, and the
answer to everything is 42 (101010).  It looks neat, but it has no
significance.  Why was 45.0.0.0 assigned to InterOp, of all people?  Why
does InterOp even need a Class A address, let alone any public addresses
whatsoever?  Why do some Hospitals insist on using the 45/8 network
internally because there is only a potential for conflict once a year (or so
they think)?  And is the moon made of cheese?

So what say you, "friends" on the Cisco list?  Am I just clueless and there
is a "mathematical" reason?  I mean, I know about 20 programming languages,
including several assembly languages for various processors, and I can't
think of a valid reason or any benefit for choosing 127 as the loopback
address.  It's not like a compare and branch instruction is going to be any
faster if the number is 2130706433 (127.0.0.1 as a 32-bit number) or not.

Fred Reimer - CCNA


Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050


NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.


-Original Message-
From: Bharani [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, September 02, 2003 10:54 AM
To: Reimer, Fred
Subject: Re: Interesting Question [7:74652]

Dear Friend
   There is a mathematical reson for this and very few people know abt it ,
please try to speak to your friends to find out
Bani

- Original Message - 
From: "Reimer, Fred" 
To: "Bharani" ; 
Sent: Tuesday, September 02, 2003 8:16 PM
Subject: RE: Interesting Question [7:74652]


> There is none.  Other than the fact that it is the last Class A address.
>
> Fred Reimer - CCNA
>
>
> Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
> Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050
>
>
> NOTICE; This email contains confidential or proprietary information which
> may be legally privileged. It is intended only for the named recipient(s).
> If an addressing or transmission error has misdirected the email, please
> notify the author by replying to this message. If you are not the named
> recipient, you are not authorized to use, disclose, distribute, copy,
print
> or rely on this email, and should immediately delete it from your
computer.
>
>
> -Original Message-----
> From: Bharani [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, September 02, 2003 9:14 AM
> To: [EMAIL PROTECTED]
> Subject: Interesting Question [7:74652]
>
> Dear Readers
>
>   Does any one know the Mathematical reason for making
> 127.X.X.X as a Loop Back address, if so please let me know
>
> Thanks in advance
> Bani
> **Please support GroupStudy by purchasing from the GroupStudy Store:
> http://shop.groupstudy.com
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74663&t=74652
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Interesting Question [7:74652]

[Reimer, Fred]

There is none.  Other than the fact that it is the last Class A address.

Fred Reimer - CCNA


Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050


NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.


-Original Message-
From: Bharani [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, September 02, 2003 9:14 AM
To: [EMAIL PROTECTED]
Subject: Interesting Question [7:74652]

Dear Readers

  Does any one know the Mathematical reason for making
127.X.X.X as a Loop Back address, if so please let me know

Thanks in advance
Bani
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74661&t=74652
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: Interesting Question [7:74652]

[Charles Cthulhu Riley]

I don't know why a Class A address was chosen...personnally, I would have
chosen a Class C address...less wasteful.  However, I might be missing the
point here, tho...
""Bharani""  wrote in message
news:[EMAIL PROTECTED]
> Dear Readers
>
>   Does any one know the Mathematical reason for making
> 127.X.X.X as a Loop Back address, if so please let me know
>
> Thanks in advance
> Bani
> **Please support GroupStudy by purchasing from the GroupStudy Store:
> http://shop.groupstudy.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74659&t=74652
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Interesting Question [7:74652]

[Bharani]

Dear Readers

  Does any one know the Mathematical reason for making
127.X.X.X as a Loop Back address, if so please let me know

Thanks in advance
Bani




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74652&t=74652
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: PPP Question [7:74568]

[Devrim Yener KUCUK]

This should work.

You can be overriding the hostname and the password by using the interface
commands:
ppp chap hostname ...
ppp chap password ...


also one more thing that you can be aware:
in an outgoing call, if you do not want to send an OUTGOING CHALLENGE you
can be using the "callin" option
like:
ppp authen chap callin 
To: 
Sent: Sunday, August 31, 2003 5:02 AM
Subject: PPP Question [7:74568]


> Hiyah guys,
>
> I have a question on PPP CHAP. From the various sources, we just need to
> declare the remote router's username and have the same password, apply
CHAP
> on the PPP serial interfaces and the link will be up.
>
> In my case, it doesn't work. It became a flapping link. I am using a 2500
> and 2600 router to run PPP. Instead, I have to configure this:
>
> Router1
> Username Router2 password abc
> Username Router1 password abc
>
> Router2
> Username Router1 password abc
> Username Router2 password abc
>
> Applying CHAP now will have the link up.
>
>
> Any comments on this matter would be appreciated. Thanks.
>
>
> Kenneth
> **Please support GroupStudy by purchasing from the GroupStudy Store:
> http://shop.groupstudy.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74572&t=74568
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: PPP Question [7:74568]

[קורן לב]

The way chap works is one router has to "challenge" the other for 
Shared secret. If you look at it this way then you see the solutions 
If you do not want one router to challenge the other you can delete the
Ppp authe chap or you can use ppp authe chap callin where you can say:
"I will challenge the other just fo incoming calls and if he calls me
I will not challenge him.." this way you need his username
Bu you do not need your router's username in his database
Try it!


-Original Message-
From: Kenneth [mailto:[EMAIL PROTECTED] 
Sent: Sunday, August 31, 2003 5:02 AM
To: [EMAIL PROTECTED]
Subject: PPP Question [7:74568]

Hiyah guys,

I have a question on PPP CHAP. From the various sources, we just need to
declare the remote router's username and have the same password, apply CHAP
on the PPP serial interfaces and the link will be up.

In my case, it doesn't work. It became a flapping link. I am using a 2500
and 2600 router to run PPP. Instead, I have to configure this:

Router1
Username Router2 password abc
Username Router1 password abc

Router2
Username Router1 password abc
Username Router2 password abc

Applying CHAP now will have the link up.


Any comments on this matter would be appreciated. Thanks.


Kenneth
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74571&t=74568
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

PPP Question [7:74568]

[Kenneth]

Hiyah guys,

I have a question on PPP CHAP. From the various sources, we just need to
declare the remote router's username and have the same password, apply CHAP
on the PPP serial interfaces and the link will be up.

In my case, it doesn't work. It became a flapping link. I am using a 2500
and 2600 router to run PPP. Instead, I have to configure this:

Router1
Username Router2 password abc
Username Router1 password abc

Router2
Username Router1 password abc
Username Router2 password abc

Applying CHAP now will have the link up.


Any comments on this matter would be appreciated. Thanks.


Kenneth



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74568&t=74568
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Cisco BCRAN question ?? HELP !!! [7:74413]

[thienan nguyen]

I have some questions on a BCRAN 2.0 and didn't sure what are the answers. 

What happen if there is no signal / LED for DTR on a modem ?

What is service common for AH and ESP ?

What is status Delete on Frame Relay Mean ?

What is Dial Fast Idle command spec. in DDR ?

LCP repond for neighbor of which function ?

What happen if AAA is enable but authentication not set ?

What is termination at local loop BRI call ?

what is caht scrip function ?

how you do a Load sharing in NAT ( 2 actions )
Please help if you know the answer for those questions. Thanks


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74413&t=74413
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: access list question [7:74370]

[Zsombor Papp]

I think it's the ICMP type/code. 

Thanks,

Zsombor

dave petit wrote:
> 
> I have an access list (101) on my router that is tied to a
> cable modem
> network.
> The access list contains the following icmp deny statment. It
> seems to
> workok.
> The question is; what the heck does (3/13) mean in the log
> line??
> 
> Thanks!!
> 
> from access-list 101:
> access-list 101 deny   icmp any any redirect log
> 
> 
> 
> from the log:
> list 101 denied icmp 10.132.224.1 -> 68.33.134.253 (3/13), 1
> packet
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.505 / Virus Database: 302 - Release Date: 7/30/2003
> 
> 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74381&t=74370
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

access list question [7:74370]

[dave petit]

I have an access list (101) on my router that is tied to a cable modem
network.
The access list contains the following icmp deny statment. It seems to
workok.
The question is; what the heck does (3/13) mean in the log line??

Thanks!!

from access-list 101:
access-list 101 deny   icmp any any redirect log



from the log:
list 101 denied icmp 10.132.224.1 -> 68.33.134.253 (3/13), 1 packet
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.505 / Virus Database: 302 - Release Date: 7/30/2003




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74370&t=74370
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: Dumb Question [7:74315]

[Howard C. Berkowitz]

At 6:36 PM + 8/25/03, Robert Edmonds wrote:
>To add to Chuck's comment: If you're familiar with Cisco, your sanity is
>also the difference.  The way Nortel configures their routers is
>dramatically different and can leave you very frustrated if you're not used
>to them.  Do they still use Site Mangler...er, I mean Manager?  In all
>honesty, it's probably a lot easier, but if you're a CLI officianado, a GUI
>can really screw with your mind.
>
>Robert

Site Mangler is pretty much dead except in shops that are used to it. 
It was a practical market requirement to be Cisco CLI-like, although 
you obviously can't have every command alike when the underlying 
structure is different.

Now, I may have a bias because I know the internals and the 
developers, but BCC (not Technician Interface) is actually rather 
elegant.  Inside Bay RS, the command language is strictly object and 
MIB oriented, where many Cisco commands are more ad hoc.

Unfortunately, Nortel has gotten rid of almost all of its IP experts, 
and has no central routing R&D group.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74357&t=74315
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Dumb Question [7:74315]

[Reimer, Fred]

Difference between Cisco and Nortel - main diff is cli and menu driven?  Not
necessarily.  If you are talking about the old Wellfleet/Bay Nortel routers,
then they certainly have a CLI.  You just need to know the MIB very well,
and you should be able to configure it with the CLI.  I know it used to
freak the Wellfleet engineers out when I would configure OSPF with the CLI
by using SNMP set commands.  They'd say, how can you DO that!  You are
supposed to use Site Mangler.

You could say that the main difference is the underlying architecture.
However, Cisco has several different kinds of architecture in their product
line.  I suppose the biggest difference is that Cisco attempts to make all
of their hardware look the same, by having IOS on all platforms.  Nortel has
many different types of interfaces.  For example, their BayRS and Passport
(8600) line has completely different interface types.  On the other hand,
Cisco has several different types of interfaces also: IOS, CatOS, VxWorks
(old wireless), VPN Concentrators, etc.

Another historical difference is that Wellfleet always believed in SMP, or
multiple CPUs in a router working together.  Their BN routers had/have a CPU
per slot, all working together.  Cisco had always fundamentally believed
that one CPU is "good enough."  I don't know the details, but once upon a
time a Wellfleet engineer told me that the head Cisco router architect
either quit or threatened to quit because of this difference, and he was
concerned that Cisco was going to be left behind because there was no way
that once CPU could outperform the multiple CPU architecture of Wellfleet
BNs.  Of course, that didn't happen, and it could have been made-up
marketing hype.  And now I believe Cisco has multiple CPU's in some of their
higher-end equipment, but I'm not familiar with their whole product line.


Fred Reimer - CCNA

Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050

NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.


-Original Message-
From: Aspiring Cisco Gurl [mailto:[EMAIL PROTECTED] 
Sent: Sunday, August 24, 2003 11:12 PM
To: [EMAIL PROTECTED]
Subject: RE: Dumb Question [7:74315]

Here is another dumb question... what is the difference between Extreme
network equipment and cisco equipment?

I know that Cisco and Nortel... main diff is cli and menu driven.
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74353&t=74315
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: Dumb Question [7:74315]

[Robert Edmonds]

To add to Chuck's comment: If you're familiar with Cisco, your sanity is
also the difference.  The way Nortel configures their routers is
dramatically different and can leave you very frustrated if you're not used
to them.  Do they still use Site Mangler...er, I mean Manager?  In all
honesty, it's probably a lot easier, but if you're a CLI officianado, a GUI
can really screw with your mind.

Robert

"""Chuck Whose Road is Ever Shorter"""  wrote in
message news:[EMAIL PROTECTED]
> ""Aspiring Cisco Gurl""  wrote in message
> news:[EMAIL PROTECTED]
> > Here is another dumb question... what is the difference between Extreme
> > network equipment and cisco equipment?
>
> depending on the model, a few thousand bucks ;->
>
> >
> > I know that Cisco and Nortel... main diff is cli and menu driven.
> > **Please support GroupStudy by purchasing from the GroupStudy Store:
> > http://shop.groupstudy.com
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> **Please support GroupStudy by purchasing from the GroupStudy Store:
> http://shop.groupstudy.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74346&t=74315
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: Dumb Question [7:74315]

[Priscilla Oppenheimer]

Thomas Larus wrote:
> 
> The big difference, for me anyway, is that it is a lot easier
> to find
> answers to technical questions about the equipment on Cisco's
> website.
> Cisco's website is voluminous and easy to search.

I agree that Cisco's website is voluminous. It's full of well-written,
helpful material, most of it accurate. The search engine never works very
well for me, though. I use Google. :-) Try searching at Cisco's site on
SAFE, for example. Isn't it a bit ridiculous that it comes up with articles
that mention fail-safe?

(By the way, Google is so cool that you can get it to convert to hex for
you. Try typing in "100 in hexadecimal" in Google, for example. Isn't that
great what it does?)

As far as other differences between Cisco and Nortel There's a good
reason I never did marketing, so this won't be stated very well, but Cisco
strives to offer end-to-end solutions. Not only do they have products that
fit into every niche of a mutli-faceted enterprise or service provider's
network, but they also have software tools to optimize the services offered
at every layer of a multi-layered network. They have tools for the edge, for
the core, for campus networks, home networks, huge service provider
networks, etc. Other vendors focus on just one aspect of networking and
don't offer end-to-end solutions.

One downside with Cisco equipment is that it is designed to support
gazillions of features. Features are more important to Cisco than ease of
use. Not only can their equipment (espeically PIXes) be a pain in the butt
to configure, but it can be almost impossible to even figure out which
version of software to use since there are hundreds. It's important to work
with a Cisco partner when figuring out which software to use and when buying
equipment. Cisco makes it pretty much impossible for the ordinary person to
do this...

Cisco's Technical Assistance Center (TAC) is excellent. I've heard a few
complaints over the years, but I think some people just got unlucky. Most of
the time when you call TAC you get a very experienced, knowlegable engineer.
Many of them are CCIEs.

Priscilla

> 
> Perhaps you can get good info with some sort of Extreme login
> or from
> Extreme's technical support folks, but when you are a visiting
> contractor on
> site you don't necessarily want to ask the customer for their
> vendor support
> login or support contract number just to be able to ask a minor
> question.
> (Understatement).  You want to be able to find answers to most
> questions on
> your own.
> 
> Others will say that Extreme switches are fast and well-priced.
> That may be
> so, but I am a researcher (and writer) at heart, and Cisco's
> website is the
> best technical support website I have ever seen.
> 
> Tom Larus, CCIE #10,014
> 
> ""Aspiring Cisco Gurl""  wrote in message
> news:[EMAIL PROTECTED]
> > Here is another dumb question... what is the difference
> between Extreme
> > network equipment and cisco equipment?
> >
> > I know that Cisco and Nortel... main diff is cli and menu
> driven.
> > **Please support GroupStudy by purchasing from the GroupStudy
> Store:
> > http://shop.groupstudy.com
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74339&t=74315
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: Dumb Question [7:74315]

[Thomas Larus]

The big difference, for me anyway, is that it is a lot easier to find
answers to technical questions about the equipment on Cisco's website.
Cisco's website is voluminous and easy to search.

Perhaps you can get good info with some sort of Extreme login or from
Extreme's technical support folks, but when you are a visiting contractor on
site you don't necessarily want to ask the customer for their vendor support
login or support contract number just to be able to ask a minor question.
(Understatement).  You want to be able to find answers to most questions on
your own.

Others will say that Extreme switches are fast and well-priced. That may be
so, but I am a researcher (and writer) at heart, and Cisco's website is the
best technical support website I have ever seen.

Tom Larus, CCIE #10,014

""Aspiring Cisco Gurl""  wrote in message
news:[EMAIL PROTECTED]
> Here is another dumb question... what is the difference between Extreme
> network equipment and cisco equipment?
>
> I know that Cisco and Nortel... main diff is cli and menu driven.
> **Please support GroupStudy by purchasing from the GroupStudy Store:
> http://shop.groupstudy.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74337&t=74315
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: Dumb Question [7:74315]

""Aspiring Cisco Gurl""  wrote in message
news:[EMAIL PROTECTED]
> Here is another dumb question... what is the difference between Extreme
> network equipment and cisco equipment?

depending on the model, a few thousand bucks ;->

>
> I know that Cisco and Nortel... main diff is cli and menu driven.
> **Please support GroupStudy by purchasing from the GroupStudy Store:
> http://shop.groupstudy.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74324&t=74315
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Dumb Question [7:74315]

[Aspiring Cisco Gurl]

Here is another dumb question... what is the difference between Extreme
network equipment and cisco equipment?

I know that Cisco and Nortel... main diff is cli and menu driven.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74318&t=74315
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Dumb Question [7:74315]

[Todd Powell]

What is the main difference between Cisco Routers and Nortel/Bay
Networks Routers? Commands, etc? I've never had much experience with
Nortel and have a need and just trying to find information.
 
Thanks,




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74315&t=74315
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

OT Post Question About Books [7:74309]

[Ken Chipps]

This Sunday has been quiet on the list. In fact most days are quiet on this
list these days. This brings to mind a question I have had for a while. If
anyone has anything on this I would appreciate hearing from you. The
question is, in this down book market how many copies do the books published
by publishers such as Cisco Press and O'Reilly actually sell? I searched the
web some, but these numbers never seem to be published anywhere. In
particular I am curious as to how many copies a how to configure Cisco
routers book sells as opposed to some of the more obscure topics O'Reilly
publishes books on. Do any of the esteemed authors on the list care to share
their numbers with me or point me to the source for such figures? Any
information would be appreciated, even if it is a more than this number but
less than this other number sort of range. If this is too personal of a
question, I understand.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74309&t=74309
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Flash & MEM upgrade for 2500 series question? [7:74298]

[dave petit]

I have several 2500 series routers I am using for a practice lab.

I want to upgrade them to 16flash/16mem to support the later IOS versions if
possible.

Does anyone know what the required ROM version is: and how to what ROM
version I now have.

Also how does one go about getting the required ROM??

Thanks!
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.505 / Virus Database: 302 - Release Date: 7/30/2003




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74298&t=74298
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: PIX and Router Setup Question [7:74141]

[Michael Barnhart]

"Because I am using a private range, I need to address a packet from a
private IP address and to internet / from internet to a private ip address. 
Which would not work. Because 1700 would not do nat"

You are correct.  I will setup access lists and the IP Inspect on the router.

Should I just disable NAT, or would the NAT with the no random keyword be
better?  As it is now, I have NAT on both, with the web server and email
server setup with a static statement using the same address for the inside
and outside addresses (so it translates the inside address to the inside
address going out), then put a route statement on the router telling it to
send anything for the internal network address to the PIX.  It works, but I
feel it is clumsy and possibly dangerous.

Thank you all for the help so far!  This forum is great!!


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74253&t=74141
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: PIX and Router Setup Question [7:74141]

[Michael Barnhart]

We do not have any more live IP address to use, I would need two more, one
on the inside of the router and one on the outside of the pix.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74252&t=74141
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: PIM Mode question [7:73108]

[Doan Nguyen]

Steve,

I'm working on multicast design a new DoD network.  At this level we are a
pretty big network with OC192 pipes.  At this level I rather not use any
dense mode type of implementation with my multicast design if possible.  Got
too many other protocols to deal with already.  I'm currently at Cisco in
San Jose for testing and I think I remember something about a new Auto-RP
that was suppose to get away from using the dense mode for the control plane
ie. RP discovery and advertisement.  I'll ask the lead multicast person here
about it and will let you know.

Depending on how much load your LAN is taking I wouldn't worry about dense
mode.  Usually it's the WAN link that are expensive and you would want to
optimize bandwidth, but with LAN it's cheap so there is usually not a big
concern there for chatty protocols.

-Doan



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74204&t=73108
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

CIT Exam Question [7:74195]

[Dave Neipert]

I will be taking the CIT exam this week and would like to know what is
considered passing.  When taking the Transcender exams my average score was
around 85%; if anyone has any information it would be greatly appreciated!

Thanks!


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74195&t=74195
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: PIX and Router Setup Question [7:74141]

[Joel Satterley]

What's your reason for having the subnet between the 1700 & PIX private ?
Maybe I'm missing something here, but the PIX is a firewall & should be
firewalling, not the router.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: 19 August 2003 12:52
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: PIX and Router Setup Question [7:74141]

Tell me if I am wrong: (off my hat)

Nat on pix only would cause me to use the 1700 as router/ routed subnet
between pix>1700.
Because I am using a private range, I need to address a packet from a
private IP address and to internet / from internet to a private ip address.
Wich would not work. Because 1700 would not do nat.(Joel).

When it does NAT, the segment between 1700 and pix would be private 
(10.165.251.240/28 for example not the most used 192.168.x.x)

Tell the pix to do NAT with the NAT norandomseq keyword. So tcp sockets
would not be randomized.

On the 1700 filter until layer 4, make a nice and hefty access-list that
denies it all exept initiated inside.

Really do use dmz for mail filtering and web front-end!

If you do punch holes in the pix to inside, please buy linksys or
netgear...  ;-)

Make a plan for ids/syslog and time sync, use it and update it!
Make a plan for intrusions/reactions, use it and update it!

See SAFE website.
http://www.cisco.com/en/US/netsol/ns110/ns170/ns171/ns128/networking_solutio
ns_package.html 


Martijn 

-Oorspronkelijk bericht-
Van: Joel Satterley [mailto:[EMAIL PROTECTED]
Verzonden: dinsdag 19 augustus 2003 11:25
Aan: [EMAIL PROTECTED]
Onderwerp: RE: PIX and Router Setup Question [7:74141]


You'd be better off just using NAT on the PIX, it's what it was made for.
Then just secure the 1721 as a perimeter router.  NAT'ing twice could cause
problems.

-Original Message-
From: Michael Barnhart [mailto:[EMAIL PROTECTED] 
Sent: 19 August 2003 04:06
To: [EMAIL PROTECTED]
Subject: PIX and Router Setup Question [7:74141]

Network is as such:

Internet - 1721 - 515 PIX - Network

We do not have many live IP addresses, so we want to use one on the 1721
Outside.  Between the 1721 and the PIX we want to use a private network, say
192.168.1.x /24.  On the inside PIX we will use the IP of the internal
network (also a private address).

The problem comes in how to setup the PIX to work properly.  The 1721 is
using NAT, and I would assume I need NAT on the PIX as well.  At this point
things get confusing!

We are hosting a website on the internal network, as well as an email
server.  I want to see them from the Internet.

Question is, do I need to double NAT, or is there some way to have the PIX
just pass the internal network to the Router?

Thanks!

Michael Barnhart
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html

===
  This message has been checked for all known viruses by the 
Sirocom Virus Scanning Service   
===

===
   This message has been checked for all known viruses by the
 Sirocom Virus Scanning Service

  WWW.SIROCOM.COM  
===
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html

===
  This message has been checked for all known viruses by the 
Sirocom Virus Scanning Service   
===

===
   This message has been checked for all known viruses by the
 Sirocom Virus Scanning Service

  WWW.SIROCOM.COM  
===




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74179&t=74141
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: PIX and Router Setup Question [7:74141]

[[EMAIL PROTECTED]]

Tell me if I am wrong: (off my hat)

Nat on pix only would cause me to use the 1700 as router/ routed subnet
between pix>1700.
Because I am using a private range, I need to address a packet from a
private IP address and to internet / from internet to a private ip address.
Wich would not work. Because 1700 would not do nat.(Joel).

When it does NAT, the segment between 1700 and pix would be private 
(10.165.251.240/28 for example not the most used 192.168.x.x)

Tell the pix to do NAT with the NAT norandomseq keyword. So tcp sockets
would not be randomized.

On the 1700 filter until layer 4, make a nice and hefty access-list that
denies it all exept initiated inside.

Really do use dmz for mail filtering and web front-end!

If you do punch holes in the pix to inside, please buy linksys or
netgear...  ;-)

Make a plan for ids/syslog and time sync, use it and update it!
Make a plan for intrusions/reactions, use it and update it!

See SAFE website.
http://www.cisco.com/en/US/netsol/ns110/ns170/ns171/ns128/networking_solutio
ns_package.html 


Martijn 

-Oorspronkelijk bericht-
Van: Joel Satterley [mailto:[EMAIL PROTECTED]
Verzonden: dinsdag 19 augustus 2003 11:25
Aan: [EMAIL PROTECTED]
Onderwerp: RE: PIX and Router Setup Question [7:74141]


You'd be better off just using NAT on the PIX, it's what it was made for.
Then just secure the 1721 as a perimeter router.  NAT'ing twice could cause
problems.

-Original Message-
From: Michael Barnhart [mailto:[EMAIL PROTECTED] 
Sent: 19 August 2003 04:06
To: [EMAIL PROTECTED]
Subject: PIX and Router Setup Question [7:74141]

Network is as such:

Internet - 1721 - 515 PIX - Network

We do not have many live IP addresses, so we want to use one on the 1721
Outside.  Between the 1721 and the PIX we want to use a private network, say
192.168.1.x /24.  On the inside PIX we will use the IP of the internal
network (also a private address).

The problem comes in how to setup the PIX to work properly.  The 1721 is
using NAT, and I would assume I need NAT on the PIX as well.  At this point
things get confusing!

We are hosting a website on the internal network, as well as an email
server.  I want to see them from the Internet.

Question is, do I need to double NAT, or is there some way to have the PIX
just pass the internal network to the Router?

Thanks!

Michael Barnhart
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html

===
  This message has been checked for all known viruses by the 
Sirocom Virus Scanning Service   
===

===
   This message has been checked for all known viruses by the
 Sirocom Virus Scanning Service

  WWW.SIROCOM.COM  
===
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74167&t=74141
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: PIX and Router Setup Question [7:74141]

[Greg Owens]

I would let the Firewall handle the NATing.  If you just want the router to
perform NAT, you need to use NAT 0 on the PIX.  The border router should
only do basic filtering and routing.
> 
> From: "Michael Barnhart" 
> Date: 2003/08/18 Mon PM 11:06:03 EDT
> To: [EMAIL PROTECTED]
> Subject: PIX and Router Setup Question [7:74141]
> 
> 

Greg Owens
202-398-2552

[GroupStudy removed an attachment with a content-type header it could not
parse.]
[Content-Type: null; name="replyAll"]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74170&t=74141
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: PIX and Router Setup Question [7:74141]

[Joel Satterley]

You'd be better off just using NAT on the PIX, it's what it was made for.
Then just secure the 1721 as a perimeter router.  NAT'ing twice could cause
problems.

-Original Message-
From: Michael Barnhart [mailto:[EMAIL PROTECTED] 
Sent: 19 August 2003 04:06
To: [EMAIL PROTECTED]
Subject: PIX and Router Setup Question [7:74141]

Network is as such:

Internet - 1721 - 515 PIX - Network

We do not have many live IP addresses, so we want to use one on the 1721
Outside.  Between the 1721 and the PIX we want to use a private network, say
192.168.1.x /24.  On the inside PIX we will use the IP of the internal
network (also a private address).

The problem comes in how to setup the PIX to work properly.  The 1721 is
using NAT, and I would assume I need NAT on the PIX as well.  At this point
things get confusing!

We are hosting a website on the internal network, as well as an email
server.  I want to see them from the Internet.

Question is, do I need to double NAT, or is there some way to have the PIX
just pass the internal network to the Router?

Thanks!

Michael Barnhart
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html

===
  This message has been checked for all known viruses by the 
Sirocom Virus Scanning Service   
===

===
   This message has been checked for all known viruses by the
 Sirocom Virus Scanning Service

  WWW.SIROCOM.COM  
===




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74158&t=74141
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: PIX and Router Setup Question [7:74141]

[Chirag Arora]

Just disable the nat function on PIX for inside network using the nat 0
command...the traffic will reach the router with private source IP where u
can nat...

Chirag Arora





-Original Message-
From: Michael Barnhart [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 19, 2003 8:36 AM
To: [EMAIL PROTECTED]
Subject: PIX and Router Setup Question [7:74141]


Network is as such:

Internet - 1721 - 515 PIX - Network

We do not have many live IP addresses, so we want to use one on the 1721
Outside.  Between the 1721 and the PIX we want to use a private network, say
192.168.1.x /24.  On the inside PIX we will use the IP of the internal
network (also a private address).

The problem comes in how to setup the PIX to work properly.  The 1721 is
using NAT, and I would assume I need NAT on the PIX as well.  At this point
things get confusing!

We are hosting a website on the internal network, as well as an email
server.  I want to see them from the Internet.

Question is, do I need to double NAT, or is there some way to have the PIX
just pass the internal network to the Router?

Thanks!

Michael Barnhart
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html

**Disclaimer

Information contained in this E-MAIL being proprietary to Wipro Limited is 
'privileged' and 'confidential' and intended for use only by the individual
 or entity to which it is addressed. You are notified that any use, copying 
or dissemination of the information contained in the E-MAIL in any manner 
whatsoever is strictly prohibited.

***




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74155&t=74141
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: PIX and Router Setup Question [7:74141]

[HORVATH TAMAS]

Hi!

If there is not another reason, which you didn't mention, the easiest method
to solve your problem, if you do not configure NAT on PIX. In this case
internal adresses will be seen by the router, so you have to configure the
router to NAT the web and e-mail servers in statioc way, and to know about
the network in the PIX inside interface.

By, HT!




-Original Message-
From: Michael Barnhart [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 19, 2003 5:06 AM
To: [EMAIL PROTECTED]
Subject: PIX and Router Setup Question [7:74141]


Network is as such:

Internet - 1721 - 515 PIX - Network

We do not have many live IP addresses, so we want to use one on the 1721
Outside.  Between the 1721 and the PIX we want to use a private network, say
192.168.1.x /24.  On the inside PIX we will use the IP of the internal
network (also a private address).

The problem comes in how to setup the PIX to work properly.  The 1721 is
using NAT, and I would assume I need NAT on the PIX as well.  At this point
things get confusing!

We are hosting a website on the internal network, as well as an email
server.  I want to see them from the Internet.

Question is, do I need to double NAT, or is there some way to have the PIX
just pass the internal network to the Router?

Thanks!

Michael Barnhart
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74156&t=74141
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: PIX xlate question [7:74012]

[[EMAIL PROTECTED]]

I think the config is too complex for what it (seems) needs to do. 

If you used PDM, you also can start over from scratch, think you rules over
hard, draw a map with all the interfaces and subnets.

What is the propose of these rules (nat 2 / glob 2 ) together? is there some
mail/www server sitting on those /32 ip's?

global (outside) 2 213.213.128.50
nat (inside) 2 157.157.144.49 255.255.255.255 0 0
nat (inside) 2 10.100.0.0 255.255.0.0 0 0

>From my point of view is what you are doing in nat 0 / nat 1 glob 1 / nat 2
glob 2 doable with nat 0 / nat1 glob 1. 
Take a hard look at access-list 100.

Martijn 


-Oorspronkelijk bericht-
Van: Skarphedinsson Arni V. [mailto:[EMAIL PROTECTED]
Verzonden: maandag 18 augustus 2003 15:52
Aan: [EMAIL PROTECTED]
Onderwerp: RE: PIX xlate question [7:74012]


Here are the Global and NAT statements

global (outside) 1 213.213.128.100-213.213.128.200
global (outside) 2 213.213.128.50
global (dmz) 1 192.168.17.150
nat (inside) 0 access-list 100
nat (inside) 2 157.157.144.49 255.255.255.255 0 0
nat (inside) 2 10.100.0.0 255.255.0.0 0 0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (dmz) 1 0.0.0.0 0.0.0.0 0 0
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74150&t=74012
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

PIX and Router Setup Question [7:74141]

[Michael Barnhart]

Network is as such:

Internet - 1721 - 515 PIX - Network

We do not have many live IP addresses, so we want to use one on the 1721
Outside.  Between the 1721 and the PIX we want to use a private network, say
192.168.1.x /24.  On the inside PIX we will use the IP of the internal
network (also a private address).

The problem comes in how to setup the PIX to work properly.  The 1721 is
using NAT, and I would assume I need NAT on the PIX as well.  At this point
things get confusing!

We are hosting a website on the internal network, as well as an email
server.  I want to see them from the Internet.

Question is, do I need to double NAT, or is there some way to have the PIX
just pass the internal network to the Router?

Thanks!

Michael Barnhart


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74141&t=74141
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: PIX xlate question [7:74012]

[Skarphedinsson Arni V.]

Here are the Global and NAT statements

global (outside) 1 213.213.128.100-213.213.128.200
global (outside) 2 213.213.128.50
global (dmz) 1 192.168.17.150
nat (inside) 0 access-list 100
nat (inside) 2 157.157.144.49 255.255.255.255 0 0
nat (inside) 2 10.100.0.0 255.255.0.0 0 0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (dmz) 1 0.0.0.0 0.0.0.0 0 0


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74107&t=74012
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: PIX xlate question [7:74012]

[Charles Cthulhu Riley]

Your pool may consist of addresses from the local addresses, and the xlates
are occuring on a catch as catch basis, which acconts for the weird results
of your show command..

Assuming your local addresses are 213.x.x.x, your pool of addresses to which
these locals are to be translated is also 213.x.x.xyou apparently have a
case of unintional identity NAT here

""Skarphedinsson Arni V.""  wrote in message
news:[EMAIL PROTECTED]
> why would I see the folowing when I do sh xlate on the pix, i.e.
> one global address is beeing translated to the next in line global address
?
>
> and sugestions would be welcome
>
>
> Global 213.213.128.143 Local 213.213.128.142
> Global 213.213.128.142 Local 213.213.128.141
> Global 213.213.128.137 Local 213.213.128.136
> Global 213.213.128.136 Local 213.213.128.135
> Global 213.213.128.139 Local 213.213.128.138
> Global 213.213.128.138 Local 213.213.128.137
> Global 213.213.128.133 Local 217.3.103.62
> Global 213.213.128.132 Local 213.213.128.131
> Global 213.213.128.135 Local 213.213.128.134
> Global 213.213.128.134 Local 213.213.128.133
> Global 213.213.128.129 Local 213.213.128.128
> Global 213.213.128.128 Local 213.213.128.127
> Global 213.213.128.131 Local 213.213.128.130
> Global 213.213.128.130 Local 213.213.128.129
> Global 213.213.128.189 Local 213.213.128.188
> Global 213.213.128.188 Local 213.213.128.187
> Global 213.213.128.191 Local 200.65.74.239
> Global 213.213.128.190 Local 213.213.128.189
> Global 213.213.128.185 Local 213.213.128.184
> Global 213.213.128.184 Local 213.213.128.183
> Global 213.213.128.187 Local 213.213.128.186
> Global 213.213.128.186 Local 213.213.128.185
> Global 213.213.128.181 Local 213.213.128.180
> Global 213.213.128.180 Local 213.213.128.179
> Global 213.213.128.183 Local 213.213.128.182
> Global 213.213.128.182 Local 213.213.128.181
> Global 213.213.128.177 Local 213.213.128.176
> Global 213.213.128.176 Local 213.213.128.175
> Global 213.213.128.179 Local 213.213.128.178
> Global 213.213.128.178 Local 213.213.128.177
> Global 213.213.128.173 Local 213.213.138.210
> Global 213.213.128.172 Local 10.200.20.124
> Global 213.213.128.175 Local 213.213.128.174
> Global 213.213.128.174 Local 213.213.128.173
> Global 213.213.128.169 Local 213.213.128.168
> Global 213.213.128.168 Local 213.213.128.167
> Global 213.213.128.171 Local 213.213.128.170
> Global 213.213.128.170 Local 213.213.128.169
> Global 213.213.128.165 Local 213.213.128.164
> Global 213.213.128.164 Local 213.213.128.163
> Global 213.213.128.167 Local 213.213.128.166
> Global 213.213.128.166 Local 213.213.128.165
> Global 213.213.128.161 Local 213.213.128.160
> Global 213.213.128.160 Local 213.213.128.159
> Global 213.213.128.163 Local 213.213.128.162
> Global 213.213.128.162 Local 213.213.128.161
> **Please support GroupStudy by purchasing from the GroupStudy Store:
> http://shop.groupstudy.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74029&t=74012
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: PIX xlate question [7:74012]

[Edward Sohn]

Oops.  Didn't look at the output closely enough.  Can you send the NAT
statements?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Edward Sohn
Sent: Friday, August 15, 2003 7:36 AM
To: [EMAIL PROTECTED]
Subject: RE: PIX xlate question [7:74012]


you're doing one-for-one NATing.  i'll bet your argument states a range
of global IP addresses to translate to the local subnet...

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Pat Donlon
Sent: Friday, August 15, 2003 6:24 AM
To: [EMAIL PROTECTED]
Subject: Re: PIX xlate question [7:74012]


Skarphedinsson Arni V. wrote:
> why would I see the following when I do sh xlate on the pix, i.e. one 
> global address is beeing translated to the next in line global address
?
> 
> and sugestions would be welcome
> 
> 
> Global 213.213.128.143 Local 213.213.128.142
> Global 213.213.128.142 Local 213.213.128.141
> Global 213.213.128.137 Local 213.213.128.136
> Global 213.213.128.136 Local 213.213.128.135
> Global 213.213.128.139 Local 213.213.128.138
> Global 213.213.128.138 Local 213.213.128.137
> Global 213.213.128.133 Local 217.3.103.62
> Global 213.213.128.132 Local 213.213.128.131
> Global 213.213.128.135 Local 213.213.128.134
> Global 213.213.128.134 Local 213.213.128.133
> Global 213.213.128.129 Local 213.213.128.128
> Global 213.213.128.128 Local 213.213.128.127
> Global 213.213.128.131 Local 213.213.128.130
> Global 213.213.128.130 Local 213.213.128.129
> Global 213.213.128.189 Local 213.213.128.188
> Global 213.213.128.188 Local 213.213.128.187
> Global 213.213.128.191 Local 200.65.74.239
> Global 213.213.128.190 Local 213.213.128.189
> Global 213.213.128.185 Local 213.213.128.184
> Global 213.213.128.184 Local 213.213.128.183
> Global 213.213.128.187 Local 213.213.128.186
> Global 213.213.128.186 Local 213.213.128.185
> Global 213.213.128.181 Local 213.213.128.180
> Global 213.213.128.180 Local 213.213.128.179
> Global 213.213.128.183 Local 213.213.128.182
> Global 213.213.128.182 Local 213.213.128.181
> Global 213.213.128.177 Local 213.213.128.176
> Global 213.213.128.176 Local 213.213.128.175
> Global 213.213.128.179 Local 213.213.128.178
> Global 213.213.128.178 Local 213.213.128.177
> Global 213.213.128.173 Local 213.213.138.210
> Global 213.213.128.172 Local 10.200.20.124
> Global 213.213.128.175 Local 213.213.128.174
> Global 213.213.128.174 Local 213.213.128.173
> Global 213.213.128.169 Local 213.213.128.168
> Global 213.213.128.168 Local 213.213.128.167
> Global 213.213.128.171 Local 213.213.128.170
> Global 213.213.128.170 Local 213.213.128.169
> Global 213.213.128.165 Local 213.213.128.164
> Global 213.213.128.164 Local 213.213.128.163
> Global 213.213.128.167 Local 213.213.128.166
> Global 213.213.128.166 Local 213.213.128.165
> Global 213.213.128.161 Local 213.213.128.160
> Global 213.213.128.160 Local 213.213.128.159
> Global 213.213.128.163 Local 213.213.128.162
> Global 213.213.128.162 Local 213.213.128.161
> **Please support GroupStudy by purchasing from the GroupStudy Store: 
> http://shop.groupstudy.com FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> 

I haven't seen this before, how are you handling IP when they pass 
through the PIX? Can you post the config for NAT/pat/static? and or post

a show xlate detail


Cheers

Pat
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74021&t=74012
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: PIX xlate question [7:74012]

[Edward Sohn]

you're doing one-for-one NATing.  i'll bet your argument states a range
of global IP addresses to translate to the local subnet...

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Pat Donlon
Sent: Friday, August 15, 2003 6:24 AM
To: [EMAIL PROTECTED]
Subject: Re: PIX xlate question [7:74012]


Skarphedinsson Arni V. wrote:
> why would I see the following when I do sh xlate on the pix, i.e. one
> global address is beeing translated to the next in line global address
?
> 
> and sugestions would be welcome
> 
> 
> Global 213.213.128.143 Local 213.213.128.142
> Global 213.213.128.142 Local 213.213.128.141
> Global 213.213.128.137 Local 213.213.128.136
> Global 213.213.128.136 Local 213.213.128.135
> Global 213.213.128.139 Local 213.213.128.138
> Global 213.213.128.138 Local 213.213.128.137
> Global 213.213.128.133 Local 217.3.103.62
> Global 213.213.128.132 Local 213.213.128.131
> Global 213.213.128.135 Local 213.213.128.134
> Global 213.213.128.134 Local 213.213.128.133
> Global 213.213.128.129 Local 213.213.128.128
> Global 213.213.128.128 Local 213.213.128.127
> Global 213.213.128.131 Local 213.213.128.130
> Global 213.213.128.130 Local 213.213.128.129
> Global 213.213.128.189 Local 213.213.128.188
> Global 213.213.128.188 Local 213.213.128.187
> Global 213.213.128.191 Local 200.65.74.239
> Global 213.213.128.190 Local 213.213.128.189
> Global 213.213.128.185 Local 213.213.128.184
> Global 213.213.128.184 Local 213.213.128.183
> Global 213.213.128.187 Local 213.213.128.186
> Global 213.213.128.186 Local 213.213.128.185
> Global 213.213.128.181 Local 213.213.128.180
> Global 213.213.128.180 Local 213.213.128.179
> Global 213.213.128.183 Local 213.213.128.182
> Global 213.213.128.182 Local 213.213.128.181
> Global 213.213.128.177 Local 213.213.128.176
> Global 213.213.128.176 Local 213.213.128.175
> Global 213.213.128.179 Local 213.213.128.178
> Global 213.213.128.178 Local 213.213.128.177
> Global 213.213.128.173 Local 213.213.138.210
> Global 213.213.128.172 Local 10.200.20.124
> Global 213.213.128.175 Local 213.213.128.174
> Global 213.213.128.174 Local 213.213.128.173
> Global 213.213.128.169 Local 213.213.128.168
> Global 213.213.128.168 Local 213.213.128.167
> Global 213.213.128.171 Local 213.213.128.170
> Global 213.213.128.170 Local 213.213.128.169
> Global 213.213.128.165 Local 213.213.128.164
> Global 213.213.128.164 Local 213.213.128.163
> Global 213.213.128.167 Local 213.213.128.166
> Global 213.213.128.166 Local 213.213.128.165
> Global 213.213.128.161 Local 213.213.128.160
> Global 213.213.128.160 Local 213.213.128.159
> Global 213.213.128.163 Local 213.213.128.162
> Global 213.213.128.162 Local 213.213.128.161
> **Please support GroupStudy by purchasing from the GroupStudy Store:
> http://shop.groupstudy.com FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> 

I haven't seen this before, how are you handling IP when they pass 
through the PIX? Can you post the config for NAT/pat/static? and or post

a show xlate detail


Cheers

Pat
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74020&t=74012
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: PIX xlate question [7:74012]

[Pat Donlon]

Skarphedinsson Arni V. wrote:
> why would I see the following when I do sh xlate on the pix, i.e.
> one global address is beeing translated to the next in line global address
?
> 
> and sugestions would be welcome 
> 
> 
> Global 213.213.128.143 Local 213.213.128.142
> Global 213.213.128.142 Local 213.213.128.141
> Global 213.213.128.137 Local 213.213.128.136
> Global 213.213.128.136 Local 213.213.128.135
> Global 213.213.128.139 Local 213.213.128.138
> Global 213.213.128.138 Local 213.213.128.137
> Global 213.213.128.133 Local 217.3.103.62
> Global 213.213.128.132 Local 213.213.128.131
> Global 213.213.128.135 Local 213.213.128.134
> Global 213.213.128.134 Local 213.213.128.133
> Global 213.213.128.129 Local 213.213.128.128
> Global 213.213.128.128 Local 213.213.128.127
> Global 213.213.128.131 Local 213.213.128.130
> Global 213.213.128.130 Local 213.213.128.129
> Global 213.213.128.189 Local 213.213.128.188
> Global 213.213.128.188 Local 213.213.128.187
> Global 213.213.128.191 Local 200.65.74.239
> Global 213.213.128.190 Local 213.213.128.189
> Global 213.213.128.185 Local 213.213.128.184
> Global 213.213.128.184 Local 213.213.128.183
> Global 213.213.128.187 Local 213.213.128.186
> Global 213.213.128.186 Local 213.213.128.185
> Global 213.213.128.181 Local 213.213.128.180
> Global 213.213.128.180 Local 213.213.128.179
> Global 213.213.128.183 Local 213.213.128.182
> Global 213.213.128.182 Local 213.213.128.181
> Global 213.213.128.177 Local 213.213.128.176
> Global 213.213.128.176 Local 213.213.128.175
> Global 213.213.128.179 Local 213.213.128.178
> Global 213.213.128.178 Local 213.213.128.177
> Global 213.213.128.173 Local 213.213.138.210
> Global 213.213.128.172 Local 10.200.20.124
> Global 213.213.128.175 Local 213.213.128.174
> Global 213.213.128.174 Local 213.213.128.173
> Global 213.213.128.169 Local 213.213.128.168
> Global 213.213.128.168 Local 213.213.128.167
> Global 213.213.128.171 Local 213.213.128.170
> Global 213.213.128.170 Local 213.213.128.169
> Global 213.213.128.165 Local 213.213.128.164
> Global 213.213.128.164 Local 213.213.128.163
> Global 213.213.128.167 Local 213.213.128.166
> Global 213.213.128.166 Local 213.213.128.165
> Global 213.213.128.161 Local 213.213.128.160
> Global 213.213.128.160 Local 213.213.128.159
> Global 213.213.128.163 Local 213.213.128.162
> Global 213.213.128.162 Local 213.213.128.161
> **Please support GroupStudy by purchasing from the GroupStudy Store:
> http://shop.groupstudy.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> 

I haven't seen this before, how are you handling IP when they pass 
through the PIX? Can you post the config for NAT/pat/static? and or post 
a show xlate detail


Cheers

Pat




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74016&t=74012
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: PIX xlate question [7:74012]

[[EMAIL PROTECTED]]

PLS give, just to be sure, Global and NAT statements. 

Martijn


-Oorspronkelijk bericht-
Van: Skarphedinsson Arni V. [mailto:[EMAIL PROTECTED]
Verzonden: vrijdag 15 augustus 2003 12:34
Aan: [EMAIL PROTECTED]
Onderwerp: PIX xlate question [7:74012]


why would I see the folowing when I do sh xlate on the pix, i.e.
one global address is beeing translated to the next in line global address ?

and sugestions would be welcome 


Global 213.213.128.143 Local 213.213.128.142
Global 213.213.128.142 Local 213.213.128.141
Global 213.213.128.137 Local 213.213.128.136
Global 213.213.128.136 Local 213.213.128.135
Global 213.213.128.139 Local 213.213.128.138
Global 213.213.128.138 Local 213.213.128.137
Global 213.213.128.133 Local 217.3.103.62
Global 213.213.128.132 Local 213.213.128.131
Global 213.213.128.135 Local 213.213.128.134
Global 213.213.128.134 Local 213.213.128.133
Global 213.213.128.129 Local 213.213.128.128
Global 213.213.128.128 Local 213.213.128.127
Global 213.213.128.131 Local 213.213.128.130
Global 213.213.128.130 Local 213.213.128.129
Global 213.213.128.189 Local 213.213.128.188
Global 213.213.128.188 Local 213.213.128.187
Global 213.213.128.191 Local 200.65.74.239
Global 213.213.128.190 Local 213.213.128.189
Global 213.213.128.185 Local 213.213.128.184
Global 213.213.128.184 Local 213.213.128.183
Global 213.213.128.187 Local 213.213.128.186
Global 213.213.128.186 Local 213.213.128.185
Global 213.213.128.181 Local 213.213.128.180
Global 213.213.128.180 Local 213.213.128.179
Global 213.213.128.183 Local 213.213.128.182
Global 213.213.128.182 Local 213.213.128.181
Global 213.213.128.177 Local 213.213.128.176
Global 213.213.128.176 Local 213.213.128.175
Global 213.213.128.179 Local 213.213.128.178
Global 213.213.128.178 Local 213.213.128.177
Global 213.213.128.173 Local 213.213.138.210
Global 213.213.128.172 Local 10.200.20.124
Global 213.213.128.175 Local 213.213.128.174
Global 213.213.128.174 Local 213.213.128.173
Global 213.213.128.169 Local 213.213.128.168
Global 213.213.128.168 Local 213.213.128.167
Global 213.213.128.171 Local 213.213.128.170
Global 213.213.128.170 Local 213.213.128.169
Global 213.213.128.165 Local 213.213.128.164
Global 213.213.128.164 Local 213.213.128.163
Global 213.213.128.167 Local 213.213.128.166
Global 213.213.128.166 Local 213.213.128.165
Global 213.213.128.161 Local 213.213.128.160
Global 213.213.128.160 Local 213.213.128.159
Global 213.213.128.163 Local 213.213.128.162
Global 213.213.128.162 Local 213.213.128.161
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74014&t=74012
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

PIX xlate question [7:74012]

[Skarphedinsson Arni V.]

why would I see the folowing when I do sh xlate on the pix, i.e.
one global address is beeing translated to the next in line global address ?

and sugestions would be welcome 


Global 213.213.128.143 Local 213.213.128.142
Global 213.213.128.142 Local 213.213.128.141
Global 213.213.128.137 Local 213.213.128.136
Global 213.213.128.136 Local 213.213.128.135
Global 213.213.128.139 Local 213.213.128.138
Global 213.213.128.138 Local 213.213.128.137
Global 213.213.128.133 Local 217.3.103.62
Global 213.213.128.132 Local 213.213.128.131
Global 213.213.128.135 Local 213.213.128.134
Global 213.213.128.134 Local 213.213.128.133
Global 213.213.128.129 Local 213.213.128.128
Global 213.213.128.128 Local 213.213.128.127
Global 213.213.128.131 Local 213.213.128.130
Global 213.213.128.130 Local 213.213.128.129
Global 213.213.128.189 Local 213.213.128.188
Global 213.213.128.188 Local 213.213.128.187
Global 213.213.128.191 Local 200.65.74.239
Global 213.213.128.190 Local 213.213.128.189
Global 213.213.128.185 Local 213.213.128.184
Global 213.213.128.184 Local 213.213.128.183
Global 213.213.128.187 Local 213.213.128.186
Global 213.213.128.186 Local 213.213.128.185
Global 213.213.128.181 Local 213.213.128.180
Global 213.213.128.180 Local 213.213.128.179
Global 213.213.128.183 Local 213.213.128.182
Global 213.213.128.182 Local 213.213.128.181
Global 213.213.128.177 Local 213.213.128.176
Global 213.213.128.176 Local 213.213.128.175
Global 213.213.128.179 Local 213.213.128.178
Global 213.213.128.178 Local 213.213.128.177
Global 213.213.128.173 Local 213.213.138.210
Global 213.213.128.172 Local 10.200.20.124
Global 213.213.128.175 Local 213.213.128.174
Global 213.213.128.174 Local 213.213.128.173
Global 213.213.128.169 Local 213.213.128.168
Global 213.213.128.168 Local 213.213.128.167
Global 213.213.128.171 Local 213.213.128.170
Global 213.213.128.170 Local 213.213.128.169
Global 213.213.128.165 Local 213.213.128.164
Global 213.213.128.164 Local 213.213.128.163
Global 213.213.128.167 Local 213.213.128.166
Global 213.213.128.166 Local 213.213.128.165
Global 213.213.128.161 Local 213.213.128.160
Global 213.213.128.160 Local 213.213.128.159
Global 213.213.128.163 Local 213.213.128.162
Global 213.213.128.162 Local 213.213.128.161


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74012&t=74012
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

question [7:73543]

[Seth Collins]

How much different is the new requirement for the CCNP.  Has the Switching
test changed much?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73543&t=73543
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: a token ring question [7:73908]

[Priscilla Oppenheimer]

wj chou wrote:
> 
> Hi, 
> Can token ring carry multicast traffic?

Yes.

> And what's the ip
> address to mac address mapping if it does?
> Thanks! 

That is a loaded question, seeped in history. Although IEEE 802.5 does have
the same group/individual bit as Ethernet (the first bit transmitted) and
theoretically should support a simple method of multicast addressing and
translation from a L3 multicast to L2 multicast address, alas, it does not.

Legacy problems never really disappear. Token Ring was implemented by IBM
and others, mostly based on IBM's Token Ring Architectural Reference Manual,
and not based entirely on IEEE specifications. One problem was that those
early Token Ring implementations didn't support true multicast addresses.
Instead, they supported functional addresses, of which there are only 31.
Although this problem was recognized years ago, it still haunts us.

RFC 1469 specifies how to support IP multicast on Token Ring by using the
functional address C0-00-00-04-00-00 (in non-canonical format). All IP
multicast addresses are mapped to this address, (as are a few other
addresses). And that's how it is usually done, despite the fact that Token
Ring chipsets could support a better method these days.

Priscilla Oppenheimer


> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73926&t=73908
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: a token ring question [7:73908]

[wj chou]

thanks a lot for the reply. 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73936&t=73908
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

a token ring question [7:73908]

[wj chou]

Hi, 
Can token ring carry multicast traffic? And what's the ip address to mac
address mapping if it does?
Thanks! 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73908&t=73908
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: a token ring question [7:73908]

[[EMAIL PROTECTED]]

According to cco cat 3900/5000 can switch multicast on TR.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr
mc_r/mult/1rfmult2.htm#1078651

ip multicast use-functional
To enable the mapping of IP multicast addresses to the Token Ring functional
address 0xc000.0004., use the ip multicast use-functional command in
interface configuration mode. To disable the function, use the no form of
this command. 

ip multicast use-functional
no ip multicast use-functional
Syntax Description 

This command has no arguments or keywords. 

Defaults 

IP multicast address are mapped to the MAC-layer address 0x... 

Usage Guidelines 
This command is accepted only on a Token Ring interface. 
Neighboring devices on the Token Ring on which this feature is used should
also use the same functional address for IP multicast traffic. 
Because there are a limited number of Token Ring functional addresses, other
protocols may be assigned to the Token Ring functional address
0xc000.0004.. Therefore, not every frame sent to the functional address
is necessarily an IP multicast frame. 

Examples 
The following example configures any IP multicast packets going out Token
Ring interface 0 to be mapped to MAC address 0xc000.0004.: 

interface token 0 
 ip address 1.1.1.1 255.255.255.0 
 ip pim dense-mode 
 ip multicast use-functional 

Martijn 


-Oorspronkelijk bericht-
Van: wj chou [mailto:[EMAIL PROTECTED]
Verzonden: dinsdag 12 augustus 2003 7:55
Aan: [EMAIL PROTECTED]
Onderwerp: a token ring question [7:73908]


Hi, 
Can token ring carry multicast traffic? And what's the ip address to mac
address mapping if it does?
Thanks! 
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73909&t=73908
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: PIM Mode question [7:73108]

[steve telford]

Thanks for the info Doan

Is this info from experience of large multicast deployment?

What also I was trying to get at is the question of whether with the
enhancement of auto-rp listener is the need for sparse-dense totally negated?

This would be regardless of the overhead issues of using auto-rp in the
first place, for instance in a LAN environment where the overhead is bearable.

Steve


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73973&t=73108
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: PIM Mode question [7:73108]

[Doan Nguyen]

Teflon is correct.  If you configure your network to use Auto-RP, then all
of your interfaces will have to use PIM Sparse-Dense Mode.  Besides the fact
that Auto-RP uses dense mode for it's control data, if any router looses
connectivity to the RP, then it would fall back to flood-and-prune.  To me
Auto-RP and BSR is too much overhead for the advantage gain.  I would
configure several RP and use Anycast/MSDP with that.  Next I would configure
static RP on all of my routers.

The advantages providing that your RP address doesn't change is,

it makes RP-to-group mapping a much more simpler process to understand and
implement.  The convergence time will be so much faster because your
convergence will be only as fast as your unicast route convergence.

The average convergence time with Auto_RP is around 30ish seconds.  BSR is a
bit faster, but then again only 1 BSR can advertise RP out at a time and the
rest are stand-by BSR.  Imagine if you have a 500+ network that gets the RP
information from only 1 BSR router.  OR if you're using Auto-RP, imagine the
flood-and-prune process.

To me if you have to configure multicast on every router, I don't think
adding an extra line for static RP is too much more to do.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73685&t=73108
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

ISDN SNMP Question [7:73250]

[Robert Perez]

Hi all,

I want to monito a cisco 2600 isdn to determine when it is up.  Is there a
MIB I can watch that changes when the ISDN comes up and then changes back to
the original value when it goes down?  Thx.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73250&t=73250
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIM Mode question [7:73108]

[s vermill]

Steve Telford wrote:
> 
> Regarding PIM Sparse, Dense and Sparse-Dense modes, does anyone
> know why the
> often stated design preference for sparse-dense exists?

I think that the logic is that with sparese-dense, the m-cast network could
continue to function even if the RP were to die.  It's just a fallback
mechanism.

> 
> I realise the Auto-RP requirement which is for Dense mode,
> would mean an
> otherwise sparse mode network needs to support dense. Is this
> the main
> driver for sparse-dense or is there some other technical reason?
> 
> I see with software updates Auto-RP can now be supported under
> sparse mode
> only configured interfaces:
> 
> ip pim autorp listener
> 
> which causes the two auto-rp groups 224.0.1.39 and 224.0.1.40
> to be dense
> mode flooded.
> 
> Is there any other requirement for dense mode if the auto-rp
> issue is taken
> away? Anyone got any comments?
> 
> cheers,
> 
> teflon
> 
> [GroupStudy removed an attachment of type image/gif]
> 
> [GroupStudy removed an attachment of type Image/jpeg]
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73115&t=73108
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIM Mode question [7:73108]

[Steve Telford]

Regarding PIM Sparse, Dense and Sparse-Dense modes, does anyone know why the
often stated design preference for sparse-dense exists?

I realise the Auto-RP requirement which is for Dense mode, would mean an
otherwise sparse mode network needs to support dense. Is this the main
driver for sparse-dense or is there some other technical reason?

I see with software updates Auto-RP can now be supported under sparse mode
only configured interfaces:

ip pim autorp listener

which causes the two auto-rp groups 224.0.1.39 and 224.0.1.40 to be dense
mode flooded.

Is there any other requirement for dense mode if the auto-rp issue is taken
away? Anyone got any comments?

cheers,

teflon

[GroupStudy removed an attachment of type image/gif]

[GroupStudy removed an attachment of type Image/jpeg]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73108&t=73108
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: EIGRP Question [7:73068]

[gab S.E jones]

The answer is b.

The command ip bandwidth-percent command tells eigrp how much percentage of
the configured bandwidth it may use, the default being 50%. The bandwidth
command is also used to set the routing protocol metric.

This can be set to a particular value depending on what policies are in
place.

c is wrong because the ip bandwidth-percent command uses or works in
conjunction with the bandwidth statement. View it like a tree structure

bandwidth command
|
|_ _ _ip bandwidth-percent command

e.g example config

interface Serial 2/1
bandwidth 2048
ip bandwidth-percent eigrp 300 60

This tells/allows eigrp process 300 to use 1228.8Kbps (60% of 2048Kbps) on
Serial 2/1

regards,
gab



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73075&t=73068
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: EIGRP Question [7:73068]

[Reimer, Fred]

I believe the correct answer is B.  "NBMA operation" is generally referring
to running EIGRP on Frame Relay, where a hub site can have multiple spoke
sites connecting to the same interface.  In such situations you may need to
modify how much bandwidth EIGRP can use for routing protocol packets.

I believe answer C is incorrect, because it talks about modifying the
interface bandwidth value.  That's not what the bandwidth-percent command
does, but modifying the interface bandwidth may be one, not necessarily
recommended, way of specifying how much bandwidth EIGRP is allowed.  The IOS
docs say:

"EIGRP will use up to 50 percent of the bandwidth of a link, as defined by
the bandwidth interface configuration command. This command may be used if
some other fraction of the bandwidth is desired. Note that values greater
than 100 percent may be configured. The configuration option may be useful
if the bandwidth is set artificially low for other reasons."

So I think answer C is trying to trick you by throwing the 50% in there,
assuming that you know something is 50% but not really understanding what
they are talking about.  Bandwidth-percent modifies the percentage of total
bandwidth that can be used by EIGRP, the default IS 50%.

Fred Reimer - CCNA


Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050


NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.


-Original Message-
From: Ramesh Ram [mailto:[EMAIL PROTECTED] 
Sent: Saturday, July 26, 2003 1:16 PM
To: [EMAIL PROTECTED]
Subject: EIGRP Question [7:73068]

You are configuring EIGRP for NBMA operation. What is the purpose of the IP
bandwidth-percent EIGRP' command?

a. It adjusts the percentage of bandwidth that EIGRP packets can use 
   on all of the router's interfaces.
b. It adjusts the percentage of bandwidth that EIGRP packets can  
   use on an individual router interface. 
c. It overwrites the bandwidth setting on an interface to ensure that 
   EIGRP packets receive 50% of the available bandwidth on the 
   router's interface.
d. It limits the % of bandwidth that EIGRP packets can use. The 
   percentage cannot exceed 50% of the configured bandwidth on all of
   the router's interfaces.

I am confused between answers b & c. Could someone clarify ?

Ramesh Ram, CCNA




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73072&t=73068
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: EIGRP Question [7:73068]

[Zsombor Papp]

c. is incorrect because 1.) it doesn't overwirte the bandwidth setting, and
2.) the percentage may be lower or higher than 50.

b. is the correct answer.

Thanks,

Zsombor

Ramesh Ram wrote:
> 
> You are configuring EIGRP for NBMA operation. What is the
> purpose of the ‘IP bandwidth-percent EIGRP’ command?
> 
> a. It adjusts the percentage of bandwidth that EIGRP packets
> can use
>on all of the router’s interfaces.
> b. It adjusts the percentage of bandwidth that EIGRP packets
> can
>use on an individual router interface. 
> c. It overwrites the bandwidth setting on an interface to
> ensure that
>EIGRP packets receive 50% of the available bandwidth on the 
>router’s interface.
> d. It limits the % of bandwidth that EIGRP packets can use. The 
>percentage cannot exceed 50% of the configured bandwidth on
> all of
>the router’s interfaces.
> 
> I am confused between answers b & c. Could someone clarify ?
> 
> Ramesh Ram, CCNA


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73071&t=73068
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

EIGRP Question [7:73068]

[Ramesh Ram]

You are configuring EIGRP for NBMA operation. What is the purpose of the IP
bandwidth-percent EIGRP’ command?

a. It adjusts the percentage of bandwidth that EIGRP packets can use 
   on all of the router’s interfaces.
b. It adjusts the percentage of bandwidth that EIGRP packets can  
   use on an individual router interface. 
c. It overwrites the bandwidth setting on an interface to ensure that 
   EIGRP packets receive 50% of the available bandwidth on the 
   router’s interface.
d. It limits the % of bandwidth that EIGRP packets can use. The 
   percentage cannot exceed 50% of the configured bandwidth on all of
   the router’s interfaces.

I am confused between answers b & c. Could someone clarify ?

Ramesh Ram, CCNA


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73068&t=73068
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

MPLS Question [7:72885]

[Brett Spunt]

Any feedback on the current extent of MPLS content or Mobile IP on the
R&S lab..My Lab date is on sep. 30, and MPLS is pretty foreign to
me.
 
Any feedback appreciated..
 
Thanks,
 
Brett Spunt




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72885&t=72885
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: basic PRI question. [7:72691]

[wisnu]

Yes, you can do that
you are need to setup up DDR
then setup backup interface on leased line interface to that DDR
and then setup the interface PRI become member that DDR
so the interface of the DDR will be stand by, not the interface of the PRI
install the route through PRI with higher AD


wisnu

""Stuart Pittwood""  wrote in message
news:[EMAIL PROTECTED]
> I know this is basic & the answer is probably yes but I'll ask anyway
>
> We have a 1Mb leased line betweem two sites, if we also had 8 channels of
a
> PRi at both sites, in the event that the leased line was unavailble could
> the available PRI channels multilink and dial into the remote site to give
> at least some connectivity if yes, could these channels also be used for
> remote access when they are not needed as a backup to the leased line.
>
> Any input appreciated.
>
> Thanks
>
> Stu P




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72725&t=72691
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: basic PRI question. [7:72691]

[Nakul Malik]

I think so.
You would need to setup DDR for the PRI.
Install the PRI route with a higher AD than the leased line route so that it
is only used when the leased line is unavailable.
Also, set up thresholds for the PRI channels.
-Nakul


""Stuart Pittwood""  wrote in message
news:[EMAIL PROTECTED]
> I know this is basic & the answer is probably yes but I'll ask anyway
>
> We have a 1Mb leased line betweem two sites, if we also had 8 channels of
a
> PRi at both sites, in the event that the leased line was unavailble could
> the available PRI channels multilink and dial into the remote site to give
> at least some connectivity if yes, could these channels also be used for
> remote access when they are not needed as a backup to the leased line.
>
> Any input appreciated.
>
> Thanks
>
> Stu P




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72699&t=72691
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

basic PRI question. [7:72691]

[Stuart Pittwood]

I know this is basic & the answer is probably yes but I'll ask anyway

We have a 1Mb leased line betweem two sites, if we also had 8 channels of a
PRi at both sites, in the event that the leased line was unavailble could
the available PRI channels multilink and dial into the remote site to give
at least some connectivity if yes, could these channels also be used for
remote access when they are not needed as a backup to the leased line.

Any input appreciated.

Thanks

Stu P




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72691&t=72691
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Question in ABR [7:72624]

[Reimer, Fred]

May as well just use IS-IS...

Fred Reimer - CCNA


Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050


NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.


-Original Message-
From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED] 
Sent: Saturday, July 19, 2003 8:33 PM
To: [EMAIL PROTECTED]
Subject: Re: Question in ABR [7:72624]

At 5:17 PM + 7/19/03, Rajesh Kumar wrote:
>Hello all,
>
>If a router has its interfaces in Area 1 and Area 2 and no Area 0, is it
>
>still considered to be an ABR  OR strictly, one of the interfaces has to
>
>be in Area 0 to be an ABR?

In the present implementation, at least one interface must be in area 
0.0.0.0.  There is a proposal in the OSPF Working Group to allow 
"inter-area ABRs," but I don't think this is yet commercially 
available -- it hasn't yet gotten to RFC.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72657&t=72624
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Question in ABR [7:72624]

[Howard C. Berkowitz]

At 5:17 PM + 7/19/03, Rajesh Kumar wrote:
>Hello all,
>
>If a router has its interfaces in Area 1 and Area 2 and no Area 0, is it
>
>still considered to be an ABR  OR strictly, one of the interfaces has to
>
>be in Area 0 to be an ABR?

In the present implementation, at least one interface must be in area 
0.0.0.0.  There is a proposal in the OSPF Working Group to allow 
"inter-area ABRs," but I don't think this is yet commercially 
available -- it hasn't yet gotten to RFC.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72638&t=72624
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Question in ABR [7:72624]

[Howard C. Berkowitz]

At 9:05 PM + 7/19/03, bergenpeak wrote:
>RFC2328 defines this router to be an ABR.  However, there are some
>issues with this approach.  RFC 3509 defines an alternative behavior
>for ABRs.  In summary, when the router connects to multiple areas
>but not to area 0, the router should not operate as an ABR but
>instead should operate as if it was internal to all connected areas.


Thanks. I missed the RFC approval.

>
>Rajesh Kumar wrote:
>>
>>  Hello all,
>>
>>  If a router has its interfaces in Area 1 and Area 2 and no Area 0, is it
>>
>>  still considered to be an ABR  OR strictly, one of the interfaces has to
>>
>>  be in Area 0 to be an ABR?
>>
>>  Thanks,
>  > Rajesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72639&t=72624
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Question in ABR [7:72624]

[Zsombor Papp]

This is from RFC2328:

Backbone routers
A router that has an interface to the backbone area.  This
includes all routers that interface to more than one area
(i.e., area border routers).  However, backbone routers do
not have to be area border routers.

It is not very explicit, I'll give you that. Apparently it confused the
authores of RFC3509 as well. :)

I wasn't aware of RFC3509. I doubt that R3 on Page 2 of this RFC would ineed
"identify itself as an ABR" if it was running IOS. It is an interesting read
nonetheless.

Thanks,

Zsombor

bergenpeak wrote:
> 
> RFC2328 defines this router to be an ABR.  However, there are
> some
> issues with this approach.  RFC 3509 defines an alternative
> behavior
> for ABRs.  In summary, when the router connects to multiple
> areas
> but not to area 0, the router should not operate as an ABR but 
> instead should operate as if it was internal to all connected
> areas.
> 
> Rajesh Kumar wrote:
> > 
> > Hello all,
> > 
> > If a router has its interfaces in Area 1 and Area 2 and no
> Area 0, is it
> > 
> > still considered to be an ABR  OR strictly, one of the
> interfaces has to
> > 
> > be in Area 0 to be an ABR?
> > 
> > Thanks,
> > Rajesh
> 
> 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72630&t=72624
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Question in ABR [7:72624]

[bergenpeak]

RFC2328 defines this router to be an ABR.  However, there are some
issues with this approach.  RFC 3509 defines an alternative behavior
for ABRs.  In summary, when the router connects to multiple areas
but not to area 0, the router should not operate as an ABR but 
instead should operate as if it was internal to all connected areas.

Rajesh Kumar wrote:
> 
> Hello all,
> 
> If a router has its interfaces in Area 1 and Area 2 and no Area 0, is it
> 
> still considered to be an ABR  OR strictly, one of the interfaces has to
> 
> be in Area 0 to be an ABR?
> 
> Thanks,
> Rajesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72629&t=72624
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Question in ABR [7:72624]

[Rajesh Kumar]

Hello all,

If a router has its interfaces in Area 1 and Area 2 and no Area 0, is it

still considered to be an ABR  OR strictly, one of the interfaces has to

be in Area 0 to be an ABR?

Thanks,
Rajesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72624&t=72624
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Fiber Question [7:72544]

if you are an EE, or desire that level of intimacy with the physical layer,
AND you have LOTS of spare cash, you can always join IEEE and buy all their
docs on the subject. ;->


""Zsombor Papp""  wrote in message
news:[EMAIL PROTECTED]
> At 03:55 AM 7/18/2003 +, "Chuck Whose Road is Ever Shorter" wrote:
> >""Zsombor Papp""  wrote in message
> >news:[EMAIL PROTECTED]
> > > At 01:20 AM 7/18/2003 +, Bill wrote:
> > > >Just learning basics of fiber communication.
> > >
> > > Btw, optical communication is indeed an interesting topic. Does anyone
> >have
> > > a recommendation for a good book on this? I would be very interested
in a
> > > book (let alone web site) that explains the fundamental principles
> > > (modulation, dispersion, spectral width, etc) in a great detail, but
> > > without making my brain explode with thousands of formulas. (Yeah, I
> know,
> > > it's not an easy request.)
> > >
> > > For example, why exactly do we need that conditioning cable when
> >connecting
> > > a MM cable to a SM interface?
> >
> >
> >not that CCO necessarily provides intimate technical details, but if you
> >read the footnotes you can infer that it has to do with laser strength
and
> >signal saturation.
>
> That's probably just one part of the problem. That same footnote goes on
to
> say that "mode-conditioning patch cord is required for link distances
> *greater* than 984 feet". Surely the signal doesn't get stronger as the
> distance increases?
>
> See also this page:
>
> http://www.l-com.com/content/ResourceCenter/Tips/pages/fiber_06.htm
>
> which talks about Differential Mode Delay (DMD) and hints about the
> importance of positioning the SM core against the MM core. This DMD sounds
> like modal dispersion, but if it really is modal dispersion, then why is
> the SM interface affected more by this than the MM interface?
>
> Btw, as for the laser strength and saturation, I am also wondering why
that
> doesn't present a problem with SM cables. Because the small core doesn't
> carry as much energy as the large core of the MM cable? Or maybe it is a
> problem even for SM, they just assume that you wouldn't use SM cable for a
> distance measured in "10s of meters"?
>
> Thanks,
>
> Zsombor
>
>
>
>http://www.cisco.com/en/US/products/hw/modules/ps872/products_data_sheet091
86a008014cb5e.html
> >watch the wrap.
> >
> >probably the same reason why the minimum length of a fiber patch (
> >multimode ) is 3 meters / 10 foot
> >
> >
> > >
> > > Thanks,
> > >
> > > Zsombor
> > >
> > > >  I am not sure about which fiber
> > > >cable I saw but it was orange and basically connected two 3550's
> >together.
> > > >
> > > >The fiber had two connectors on each side. One was blue and the other
> was
> > > >red.
> > > >
> > > >How is it normally connected? I guess the switch ports are receive
and
> > > >transmit. So, does that mean if you connect red on the left port on
one
> > > >switch, you would connect the red on the other side of the cable to
the
> > > >right port of the switch?
> > > >
> > > >Thx
> > > >bill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72581&t=72544
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Fiber Question [7:72544]

[M.C. van den Bovenkamp]

Zsombor Papp wrote:

> For example, why exactly do we need that conditioning cable when
connecting
> a MM cable to a SM interface?

Because some MM cable has a small flaw exactly in the center of the 
fiber (depending on the fabrication process, I believe). The MM 
interface isn't bothered by it because it completely fills the entire 
fiber, but the SM interface doesn't; it would run slam-bang into the flaw.

What the conditioning cable does is slightly offset the SM laser from 
the center of the MM fiber, avoiding the flaw.

That's also why you don't always need it; if your MM fiber is made 
differently, it may not have that flaw.

At least, that's how I always understood it.

Regards,

Marco.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72562&t=72544
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Fiber Question [7:72544]

[Zsombor Papp]

At 03:56 AM 7/18/2003 +, annlee wrote:
>Here is some help
>http://www.americanfibertek.com/FAQ.htm#fiber

"singlemode fiber is half the cost of multimode fiber" ???

>  and
>http://www.americanfibertek.com/products/PDFCatalog/History.pdf
>All the fiber I saw followed the convention orange=MM, yellow=SM. MM fiber
>is not capable of handling SM input,

With conditioning cable patches it can.

>  but SM fiber can handle MM input.

Is this a fact? No restrictions, no gotcha's, it just works?

>  IIRC,
>the reason was power on the laser emission as well as frequencies used, etc.
>There is also some info in SONET, 3e, by Goralski
>--it's on amazon.com. I have the 2e, and I learned a ton from it, including
>the introductory material about how networking developed as it did.

It's good for an introduction, I just wish it would continue to elaborate 
on the optical aspect, instead of getting into the boring details of SONET. 
He chose the title well though, I have to give him that... :)


>In our lab, we weren't often blessed with red and blue connectors; more
>often it was dual black connectors, in which case we ran fingers down the
>fiber to get the 180-degree twist (rx--tx and tx--rx): it really is a manual
>crossover.

I usually check the inscription on the cable. On the cables we use, only 
one half has an inscription (on both ends).

>  The finger roll only works in a lab, though. Dolphins lose their
>grip on the transoceanic fibers...

They must be using color codes... :)

Thanks,

Zsombor


>Annlee
>
>""Zsombor Papp""  wrote in message
>news:[EMAIL PROTECTED]
> > At 01:20 AM 7/18/2003 +, Bill wrote:
> > >Just learning basics of fiber communication.
> >
> > Btw, optical communication is indeed an interesting topic. Does anyone
>have
> > a recommendation for a good book on this? I would be very interested in a
> > book (let alone web site) that explains the fundamental principles
> > (modulation, dispersion, spectral width, etc) in a great detail, but
> > without making my brain explode with thousands of formulas. (Yeah, I
know,
> > it's not an easy request.)
> >
> > For example, why exactly do we need that conditioning cable when
>connecting
> > a MM cable to a SM interface?
> >
> > Thanks,
> >
> > Zsombor
> >
> > >  I am not sure about which fiber
> > >cable I saw but it was orange and basically connected two 3550's
>together.
> > >
> > >The fiber had two connectors on each side. One was blue and the other
was
> > >red.
> > >
> > >How is it normally connected? I guess the switch ports are receive and
> > >transmit. So, does that mean if you connect red on the left port on one
> > >switch, you would connect the red on the other side of the cable to the
> > >right port of the switch?
> > >
> > >Thx
> > >bill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72558&t=72544
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Fiber Question [7:72544]

[Zsombor Papp]

At 03:55 AM 7/18/2003 +, "Chuck Whose Road is Ever Shorter" wrote:
>""Zsombor Papp""  wrote in message
>news:[EMAIL PROTECTED]
> > At 01:20 AM 7/18/2003 +, Bill wrote:
> > >Just learning basics of fiber communication.
> >
> > Btw, optical communication is indeed an interesting topic. Does anyone
>have
> > a recommendation for a good book on this? I would be very interested in a
> > book (let alone web site) that explains the fundamental principles
> > (modulation, dispersion, spectral width, etc) in a great detail, but
> > without making my brain explode with thousands of formulas. (Yeah, I
know,
> > it's not an easy request.)
> >
> > For example, why exactly do we need that conditioning cable when
>connecting
> > a MM cable to a SM interface?
>
>
>not that CCO necessarily provides intimate technical details, but if you
>read the footnotes you can infer that it has to do with laser strength and
>signal saturation.

That's probably just one part of the problem. That same footnote goes on to 
say that "mode-conditioning patch cord is required for link distances 
*greater* than 984 feet". Surely the signal doesn't get stronger as the 
distance increases?

See also this page:

http://www.l-com.com/content/ResourceCenter/Tips/pages/fiber_06.htm

which talks about Differential Mode Delay (DMD) and hints about the 
importance of positioning the SM core against the MM core. This DMD sounds 
like modal dispersion, but if it really is modal dispersion, then why is 
the SM interface affected more by this than the MM interface?

Btw, as for the laser strength and saturation, I am also wondering why that 
doesn't present a problem with SM cables. Because the small core doesn't 
carry as much energy as the large core of the MM cable? Or maybe it is a 
problem even for SM, they just assume that you wouldn't use SM cable for a 
distance measured in "10s of meters"?

Thanks,

Zsombor


>http://www.cisco.com/en/US/products/hw/modules/ps872/products_data_sheet09186a008014cb5e.html
>watch the wrap.
>
>probably the same reason why the minimum length of a fiber patch (
>multimode ) is 3 meters / 10 foot
>
>
> >
> > Thanks,
> >
> > Zsombor
> >
> > >  I am not sure about which fiber
> > >cable I saw but it was orange and basically connected two 3550's
>together.
> > >
> > >The fiber had two connectors on each side. One was blue and the other
was
> > >red.
> > >
> > >How is it normally connected? I guess the switch ports are receive and
> > >transmit. So, does that mean if you connect red on the left port on one
> > >switch, you would connect the red on the other side of the cable to the
> > >right port of the switch?
> > >
> > >Thx
> > >bill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72559&t=72544
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Fiber Question [7:72544]

[annlee]

Here is some help
http://www.americanfibertek.com/FAQ.htm#fiber and
http://www.americanfibertek.com/products/PDFCatalog/History.pdf
All the fiber I saw followed the convention orange=MM, yellow=SM. MM fiber
is not capable of handling SM input, but SM fiber can handle MM input. IIRC,
the reason was power on the laser emission as well as frequencies used, etc.
There is also some info in SONET, 3e, by Goralski
--it's on amazon.com. I have the 2e, and I learned a ton from it, including
the introductory material about how networking developed as it did.

In our lab, we weren't often blessed with red and blue connectors; more
often it was dual black connectors, in which case we ran fingers down the
fiber to get the 180-degree twist (rx--tx and tx--rx): it really is a manual
crossover. The finger roll only works in a lab, though. Dolphins lose their
grip on the transoceanic fibers...

Annlee

""Zsombor Papp""  wrote in message
news:[EMAIL PROTECTED]
> At 01:20 AM 7/18/2003 +, Bill wrote:
> >Just learning basics of fiber communication.
>
> Btw, optical communication is indeed an interesting topic. Does anyone
have
> a recommendation for a good book on this? I would be very interested in a
> book (let alone web site) that explains the fundamental principles
> (modulation, dispersion, spectral width, etc) in a great detail, but
> without making my brain explode with thousands of formulas. (Yeah, I know,
> it's not an easy request.)
>
> For example, why exactly do we need that conditioning cable when
connecting
> a MM cable to a SM interface?
>
> Thanks,
>
> Zsombor
>
> >  I am not sure about which fiber
> >cable I saw but it was orange and basically connected two 3550's
together.
> >
> >The fiber had two connectors on each side. One was blue and the other was
> >red.
> >
> >How is it normally connected? I guess the switch ports are receive and
> >transmit. So, does that mean if you connect red on the left port on one
> >switch, you would connect the red on the other side of the cable to the
> >right port of the switch?
> >
> >Thx
> >bill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72555&t=72544
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Fiber Question [7:72544]

""Zsombor Papp""  wrote in message
news:[EMAIL PROTECTED]
> At 01:20 AM 7/18/2003 +, Bill wrote:
> >Just learning basics of fiber communication.
>
> Btw, optical communication is indeed an interesting topic. Does anyone
have
> a recommendation for a good book on this? I would be very interested in a
> book (let alone web site) that explains the fundamental principles
> (modulation, dispersion, spectral width, etc) in a great detail, but
> without making my brain explode with thousands of formulas. (Yeah, I know,
> it's not an easy request.)
>
> For example, why exactly do we need that conditioning cable when
connecting
> a MM cable to a SM interface?


not that CCO necessarily provides intimate technical details, but if you
read the footnotes you can infer that it has to do with laser strength and
signal saturation.

http://www.cisco.com/en/US/products/hw/modules/ps872/products_data_sheet09186a008014cb5e.html
watch the wrap.

probably the same reason why the minimum length of a fiber patch (
multimode ) is 3 meters / 10 foot


>
> Thanks,
>
> Zsombor
>
> >  I am not sure about which fiber
> >cable I saw but it was orange and basically connected two 3550's
together.
> >
> >The fiber had two connectors on each side. One was blue and the other was
> >red.
> >
> >How is it normally connected? I guess the switch ports are receive and
> >transmit. So, does that mean if you connect red on the left port on one
> >switch, you would connect the red on the other side of the cable to the
> >right port of the switch?
> >
> >Thx
> >bill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72554&t=72544
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Fiber Question [7:72544]

[Zsombor Papp]

At 01:20 AM 7/18/2003 +, Bill wrote:
>Just learning basics of fiber communication.

Btw, optical communication is indeed an interesting topic. Does anyone have 
a recommendation for a good book on this? I would be very interested in a 
book (let alone web site) that explains the fundamental principles 
(modulation, dispersion, spectral width, etc) in a great detail, but 
without making my brain explode with thousands of formulas. (Yeah, I know, 
it's not an easy request.)

For example, why exactly do we need that conditioning cable when connecting 
a MM cable to a SM interface?

Thanks,

Zsombor

>  I am not sure about which fiber
>cable I saw but it was orange and basically connected two 3550's together.
>
>The fiber had two connectors on each side. One was blue and the other was
>red.
>
>How is it normally connected? I guess the switch ports are receive and
>transmit. So, does that mean if you connect red on the left port on one
>switch, you would connect the red on the other side of the cable to the
>right port of the switch?
>
>Thx
>bill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72551&t=72544
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: a default route question.. [7:72211]

[Luan Nguyen]

Yes.
Thanks.  I was mistakenly thought that there is a way your could 
redistribute the default route to eigrp neighbors without using the 
redistribute static command.  Wasted half an hour playing around with all 
the options until...nothing.  A search on CCO shows this link which 
stated:"EIGRP propagates a route to network 0.0.0.0, but the static route 
must be redistributed into EIGRP"
http://www.cisco.com/en/US/partner/tech/tk365/tk554/technologies_tech_note09186a0080094374.shtml

-luan


>From: Zsombor Papp 
>To: "Luan Nguyen" 
>CC: [EMAIL PROTECTED]
>Subject: RE: a default route question.. [7:72211]
>Date: Thu, 17 Jul 2003 15:40:13 -0700
>
>Command depends on routing protocol. You are probably in EIGRP. 
>'default-information originate' is used with OSPF and ISIS. As we found out 
>recently, newer versions of IOS allow this command under RIP as well, 
>although I have to wonder what that does as RIP advertises the default 
>route without it anyway (after redistribution, of course).
>
>Thanks,
>
>Zsombor
>
>At 09:16 PM 7/17/2003 +, Luan Nguyen wrote:
>>Hello,
>>
>>(config-router)#default-information ?
>>   allowed  Allow default information
>>   in   Accept default routing information
>>   out  Output default routing information
>>
>>There is no such thing is default-info originate.
>>All the above are default with cisco I believe, I still don't understand
>>what Daniel said about ip default-network
>>How do create an ip default-network to equal to ip route 0.0.0.0 0.0.0.0
>>1.1.1.1 ?
>>The way I am doing now is just redistribute static and maybe filter to
>>only 0.0.0.0 with route-map
>>
>>Thanks.
>>
>>Regards,
>>
>>
>>
>>
>>-Original Message-
>>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>>Sent: Thursday, July 17, 2003 12:58 PM
>>To: [EMAIL PROTECTED]
>>Subject: RE: a default route question.. [7:72211]
>>
>>
>>Daniel Cotts wrote:
>> >
>> > Not an issue of errata but of reading a little further.
>> > If there is a default static 0.0.0.0 0.0.0.0 192.168.1.2
>> > and RIP on the router then:
>> > that router will use the static as its gateway of last resort and RIP
>> > will advertise that route to its neighbors.
>> > For IGRP and EIGRP see Doyle p 756
>> > "Default routing is somewhat different for IGRP and EIGRP.
>> > These protocols
>> > do not understand the address 0.0.0.0. Rather, they advertise
>> > an actual
>> > address as an external route"
>> > Use the ip default-network command to create that route.
>> > ip default-network 10.0.1.0 (or whatever - plus in EIGRP one
>> > can add a mask)
>> > The router on which that is configured will advertise that
>> > route to its
>> > neighbors.
>>
>>Will IGRP and EIGRP do this automatically or do they need
>>default-information originate, I wonder?
>>
>>It's probably not worth testing on my routers because they are so old
>>they won't take a recent IOS version.
>>
>>When I get back to my work lab I could test it, but that won't be until
>>September. (The academic life has some advantages. :-)
>>
>>Priscilla
>> > See also "EIGRP Network Design Solutions" page 219-223
>> > (It appears the book is out of print. There are a few available on
>> > Amazon.) So - the sentence in Doyle p 753 "After a default route is
>> > identified in the
>> > routing table, RIP, IGRP, and EIGRP will automatically
>> > advertise it." - is
>> > true as long as we understand that "default route" means
>> > different things
>> > for RIP vs EIGRP. No redistribution commands are used.
>> >
>> > Now - the original point of this thread was 'has the treatment of
>> > default routes - particularly by RIP - changed in newer versions of
>> > IOS?' Some weeks
>> > ago I did some testing and did not find any change (used 11.1
>> > through 12.2).
>> > However, I seem to remember some discussion by Chuck and others
>> > in the past
>> > on this subject. I haven't searched the archives - so am open
>> > to anyone
>> > proving otherwise.
>> >
>> > > -Original Message-
>> > > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]
>> >
>> > > But, alas, this didn't work on IGRP or EIGRP.
>> > >
>> > > So if anyone has a good errata for Doyle, Volume I, is this
>> > in it?
_
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72550&t=72211
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Fiber Question [7:72544]

[Zsombor Papp]

At 01:20 AM 7/18/2003 +, Bill wrote:
>Just learning basics of fiber communication. I am not sure about which fiber
>cable I saw but it was orange

FWIW, the MM cables we use are usually orange and the SM cables yellow. Not 
sure if this is a general rule though... :)))

>  and basically connected two 3550's together.

Unfortunatly the type of the cable depends on the GBIC, not the box itself. 
In fact as we saw here recently, the GBIC type and the cable type doesn't 
even need to match.

>The fiber had two connectors on each side.

I guess that's a pretty standard solution... although it is possible to 
transmit and receive on the same fiber, isn't it? Never seen one of those 
though.

>  One was blue and the other was red.

This is unfortunately not the case with every fiber cable, although it 
could come handy sometimes.

>How is it normally connected? I guess the switch ports are receive and
>transmit.

Yes.

>  So, does that mean if you connect red on the left port on one
>switch, you would connect the red on the other side of the cable to the
>right port of the switch?

Probably. Unless the cable manufacturer wants to intentionally screw you 
and assigns the colors randomly... :)

Thanks,

Zsombor


>Thx
>bill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72548&t=72544
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Fiber Question [7:72544]

""Bill""  wrote in message
news:[EMAIL PROTECTED]
> Just learning basics of fiber communication. I am not sure about which
fiber
> cable I saw but it was orange and basically connected two 3550's together.
>
> The fiber had two connectors on each side. One was blue and the other was
> red.
>
> How is it normally connected? I guess the switch ports are receive and
> transmit. So, does that mean if you connect red on the left port on one
> switch, you would connect the red on the other side of the cable to the
> right port of the switch?

yeah - in effect you have to "cross over" i.e the TX  on device 1 connects
to the RX on device 2 and visa versa. this can be done at the patch panel or
at the gbic.


>
> Thx
> bill




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72549&t=72544
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]