RE: {Spam?} question on acl [7:75258]
Well, we have two right answers (you can do it with a wildcard mask of 0.0.0.254) and two wrong answers (it's not possible). I'll break the tie and say you can do it ;-) Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Robert Perez [mailto:[EMAIL PROTECTED] Sent: Thursday, September 11, 2003 1:10 PM To: [EMAIL PROTECTED] Subject: RE: {Spam?} question on acl [7:75258] You would have to do each host individually as: access-list 110 deny tcp host 192.168.2.2 host 192.168.1.254 eq 23 You cannot choose only even addresses with any kind of command. Atleast not that I am aware of. -Original Message- From: Yong Wee [mailto:[EMAIL PROTECTED] Sent: Thursday, September 11, 2003 11:34 AM To: [EMAIL PROTECTED] Subject: {Spam?} question on acl [7:75258] Hi, How do you write an ext acl to block telnet access from even addresses in subnet 192.168.2.0/24 (i.e, .2, .4, .6 etc) to server 192.168.1.254? thks, yongwee **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=75282&t=75258 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: {Spam?} question on acl [7:75258]
Robert, Yes.. You absolutley CAN... See previous reply... Robert Perez wrote: > > You would have to do each host individually as: > > access-list 110 deny tcp host 192.168.2.2 host 192.168.1.254 eq > 23 > > You cannot choose only even addresses with any kind of command. > Atleast not > that I am aware of. > > -Original Message- > From: Yong Wee [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 11, 2003 11:34 AM > To: [EMAIL PROTECTED] > Subject: {Spam?} question on acl [7:75258] > > > Hi, >How do you write an ext acl to block telnet access from even > addresses in > subnet 192.168.2.0/24 (i.e, .2, .4, .6 etc) to server > 192.168.1.254? > > thks, > yongwee > **Please support GroupStudy by purchasing from the GroupStudy > Store: > http://shop.groupstudy.com FAQ, list archives, and subscription > info: > http://www.groupstudy.com/list/cisco.html > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=75283&t=75258 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: question on acl [7:75257]
Er, yes you can. Two people have already replied on how. Use a WILDCARD mask of 0.0.0.254. Simple, easy, effective. I'd hate to have to type in 128 permit statements. Probably end up writing a Perl one-liner, but the easier way is to use the proper WILDCARD mask. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Andrew Larkins [mailto:[EMAIL PROTECTED] Sent: Thursday, September 11, 2003 12:50 PM To: [EMAIL PROTECTED] Subject: RE: question on acl [7:75257] As multiple single entries - you can not summarize these... A better way is to have all the specific users that must be denied to be in a summarizable subnet -Original Message- From: Yong Wee [mailto:[EMAIL PROTECTED] Sent: 11 September 2003 17:30 To: [EMAIL PROTECTED] Subject: question on acl [7:75257] Hi, How do you write an ext acl to block telnet access from even addresses in subnet 192.168.2.0/24 (i.e, .2, .4, .6 etc) to server 192.168.1.254? rgds, yongwee **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=75280&t=75257 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: {Spam?} question on acl [7:75258]
You would have to do each host individually as: access-list 110 deny tcp host 192.168.2.2 host 192.168.1.254 eq 23 You cannot choose only even addresses with any kind of command. Atleast not that I am aware of. -Original Message- From: Yong Wee [mailto:[EMAIL PROTECTED] Sent: Thursday, September 11, 2003 11:34 AM To: [EMAIL PROTECTED] Subject: {Spam?} question on acl [7:75258] Hi, How do you write an ext acl to block telnet access from even addresses in subnet 192.168.2.0/24 (i.e, .2, .4, .6 etc) to server 192.168.1.254? thks, yongwee **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=75270&t=75258 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: question on acl [7:75257]
As multiple single entries - you can not summarize these... A better way is to have all the specific users that must be denied to be in a summarizable subnet -Original Message- From: Yong Wee [mailto:[EMAIL PROTECTED] Sent: 11 September 2003 17:30 To: [EMAIL PROTECTED] Subject: question on acl [7:75257] Hi, How do you write an ext acl to block telnet access from even addresses in subnet 192.168.2.0/24 (i.e, .2, .4, .6 etc) to server 192.168.1.254? rgds, yongwee **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=75268&t=75257 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: L2TP v3 Question [7:75255]
I just had mine working. Cola#show run Building configuration... Current configuration : 2615 bytes ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption no service single-slot-reload-enable ! hostname Cola ! redundancy no keepalive-enable mode hsa enable secret 5 $1$4gPI$wcQKNzXJpTT3ibtsj.nLY0 ! ip subnet-zero ip cef distributed ip host jazz 192.168.100.53 mpls ldp logging neighbor-changes no mpls traffic-eng auto-bw timers frequency 0 l2tp-class mc_l2tp_contr hello 30 password 0 secret cookie size 8 ! pseudowire-class mc_l2tp_path encapsulation l2tpv3 protocol l2tpv3 mc_l2tp_contr ip local interface Loopback3 ip pmtu ip dfbit set ip tos reflect ! ! ! ! interface Loopback0 ip address 30.30.30.1 255.255.255.255 no ip directed-broadcast ! interface Loopback3 ip address 192.168.100.43 255.255.255.255 no ip directed-broadcast ! interface Loopback4 ip address 50.0.0.1 255.255.255.255 no ip directed-broadcast ! interface FastEthernet3/0/0 no ip address no ip directed-broadcast shutdown ! interface Ethernet3/1/0 ip address 200.100.100.1 255.255.255.0 no ip directed-broadcast ! interface Ethernet3/1/1 no ip address no ip directed-broadcast shutdown ! interface Ethernet3/1/2 no ip address no ip directed-broadcast shutdown ! interface Ethernet3/1/3 no ip address no ip directed-broadcast shutdown ! interface Ethernet3/1/4 no ip address no ip directed-broadcast shutdown ! interface Ethernet3/1/5 no ip address no ip directed-broadcast shutdown ! interface Ethernet3/1/6 no ip address no ip directed-broadcast shutdown ! interface Ethernet3/1/7 no ip address no ip directed-broadcast shutdown ! interface FastEthernet9/0/0 no ip address no ip directed-broadcast full-duplex ! interface FastEthernet9/0/0.1 encapsulation dot1Q 101 ip address 13.0.1.1 255.255.255.252 no ip directed-broadcast ! interface FastEthernet9/0/1 no ip address no ip directed-broadcast full-duplex ! interface FastEthernet9/0/1.1 encapsulation dot1Q 101 no ip directed-broadcast no cdp enable xconnect 192.168.100.53 101 pw-class mc_l2tp_path ! interface FastEthernet9/1/0 ip address 10.1.1.1 255.255.255.0 no ip directed-broadcast media-type MII full-duplex ! router bgp 10 no synchronization bgp log-neighbor-changes network 50.0.0.0 redistribute connected neighbor 20.20.20.1 remote-as 10 neighbor 20.20.20.1 update-source Loopback0 no auto-summary ! ip classless ip route 10.2.2.0 255.255.255.0 10.1.1.2 ip route 20.20.20.1 255.255.255.255 13.0.1.2 ip route 192.168.100.53 255.255.255.255 10.1.1.2 ! ! ! ! alias exec ff show ip int brief ! line con 0 line aux 0 line vty 0 4 password cisco login ! end router2# Building configuration... Current configuration : 3888 bytes ! version 12.0 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption no service single-slot-reload-enable ! hostname blabla2 ! redundancy no keepalive-enable mode hsa enable secret 5 $1$j7en$FoJXnn8QFW18jod4ncYzi. ! ip subnet-zero ip cef distributed ip host cola 192.168.100.43 no mpls ldp logging neighbor-changes no mpls traffic-eng auto-bw timers frequency 0 l2tp-class mc_l2tp_contr hello 30 password 0 secret cookie size 8 ! pseudowire-class mc_l2tp_path encapsulation l2tpv3 protocol l2tpv3 mc_l2tp_contr ip local interface Loopback3 ip pmtu ip dfbit set ip tos reflect ! ! ! ! interface Loopback0 ip address 20.20.20.1 255.255.255.255 no ip directed-broadcast ! interface Loopback3 ip address 192.168.100.53 255.255.255.255 no ip directed-broadcast ! ! interface FastEthernet5/1/0 ip address 10.2.2.2 255.255.255.0 no ip directed-broadcast no ip route-cache distributed full-duplex ! interface FastEthernet8/1/0 no ip address no ip directed-broadcast no ip route-cache no ip mroute-cache full-duplex ! interface FastEthernet8/1/0.1 encapsulation dot1Q 101 ip address 13.0.1.2 255.255.255.252 no ip directed-broadcast no ip route-cache no ip mroute-cache ! interface FastEthernet8/1/1 no ip address no ip directed-broadcast no ip route-cache no ip mroute-cache full-duplex ! interface FastEthernet8/1/1.1 encapsulation dot1Q 101 no ip directed-broadcast no ip route-cache no ip mroute-cache no cdp enable xconnect 192.168.100.43 101 pw-class mc_l2tp_path ! ! ip classless ip route 10.1.1.0 255.255.255.0 10.2.2.1 ip route 192.168.100.43 255.255.255.255 10.2.2.1 ! line con 0 line aux 0 line vty 0 4 password cisco login ! end Cisco has a messed up way of implementing the L2TPv3 tunnels like this. Basically you looped two FE ports together. Pick 1 port for your layer 3 routing and the other port to cross connect your layer two tunnels. The vlan ID for the two FE ports must match. The tunnels reference the loopback of the endpoint router. Hope this helps. -Doan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=75266&t=75255
Re: question on acl [7:75257]
Yongwee, ! ! Deny even numbers but permit everything else ! access-list 101 deny tcp 192.168.2.0 0.0.0.254 host 192.168.1.254 eq telnet access-list 101 permit any any ! implicit deny all here ! ! or perhaps more efficiently ! ! ! Permit odd numbers only ! access-list 101 permit tcp 192.168.2.1 0.0.0.254 host 192.168.1.254 eq telnet ! implicit deny all here ! These answers are based on the fact that an even number in binary will have a least significant digit of 0 in the octet while an odd number will have a 1. Thus the 0.0.0.254 mask isolates the least significant digit for a match against either a 1 or a zero. FWIW, Bob ""Yong Wee"" wrote in message news:[EMAIL PROTECTED] > Hi, >How do you write an ext acl to block telnet access from even addresses in > subnet 192.168.2.0/24 (i.e, .2, .4, .6 etc) to server 192.168.1.254? > > rgds, > yongwee > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=75262&t=75257 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: question on acl [7:75258]
Here is an example of a named ACL to Block Specific even HOST sources to destination port 23 to the address you specified. You can use: ip access-list extended BLOCK_TELNET_EVEN deny tcp 192.168.2.0 0.0.0.254 host 192.168.1.254 eq telnet permit ip any any Just practice and play with the BITS in the MASK.. You can achieve this type of scenario in 1 statment.. -Sal Yong Wee wrote: > > Hi, >How do you write an ext acl to block telnet access from even > addresses in > subnet 192.168.2.0/24 (i.e, .2, .4, .6 etc) to server > 192.168.1.254? > > thks, > yongwee > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=75260&t=75258 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
question on acl [7:75257]
Hi, How do you write an ext acl to block telnet access from even addresses in subnet 192.168.2.0/24 (i.e, .2, .4, .6 etc) to server 192.168.1.254? rgds, yongwee Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=75257&t=75257 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
question on acl [7:75258]
Hi, How do you write an ext acl to block telnet access from even addresses in subnet 192.168.2.0/24 (i.e, .2, .4, .6 etc) to server 192.168.1.254? thks, yongwee Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=75258&t=75258 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
L2TP v3 Question [7:75255]
Trying to do a lab that connects two ethernet lans together via L2TP v3. Cisco has diddly for config examples. Does anyone have any that work? Here is what I have so far. (shown below) Topology: pc1--lan1---fa0/0-router1-fa5/0--tunnel-fa5/0-router2-fa0/0---lan2-- pc2 Configs: * router1 * ip cef int lo0 ip addr 192.168.254.2 255.255.255.0 l2tp-class l2tp-defaults retransmit initial retries 30 cookie size 8 pseudowire-class ether-pw encapsulation l2tpv3 protocol none ip local interface Loopback0 interface FastEthernet 0/0 xconnect 192.168.1.2 123 encapsulation l2tpv3 manual pw-class ether-pw l2tp id 222 111 l2tp cookie local 4 54321 l2tp cookie remote 4 12345 l2tp hello l2tp-defaults * router2 * ip cef int lo0 ip addr 192.168.254.3 255.255.255.0 l2tp-class l2tp-defaults retransmit initial retries 30 cookie size 8 pseudowire-class ether-pw encapsulation l2tpv3 protocol none ip local interface Loopback0 interface Ethernet 2/0 xconnect 192.168.1.1 123 encapsulation l2tpv3 manual pw-class ether-pw l2tp id 111 222 l2tp cookie local 4 12345 l2tp cookie remote 4 54321 l2tp hello l2tp-defaults Thanks, Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=75255&t=75255 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Basic IP CEF question (again) [7:75161]
Broadcast means everybody receives it. Curious wrote: > > Hi Zsombor, what do you mean?? Why the router has the broadcast > IP in > "receive" mode? > I would like to know more about this ;) > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=75253&t=75161 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: question? [7:75237]
Yes I do and how can I contribute to your good cause?:) Thank you Ollie AT&T Common Backbone 866-397-7309 Opt 1 -Original Message- From: Accsystest [mailto:[EMAIL PROTECTED] Sent: Thursday, September 11, 2003 6:33 AM To: [EMAIL PROTECTED] Subject: question? [7:75237] got your email address from the web: do you answer cisco related questions by any chance: know any one who is willing to? - Yahoo! Search - Looking for more? Try the new Yahoo! Search **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=75246&t=75237 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
question? [7:75237]
got your email address from the web: do you answer cisco related questions by any chance: know any one who is willing to? - Yahoo! Search - Looking for more? Try the new Yahoo! Search Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=75237&t=75237 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Basic IP CEF question (again) [7:75161]
Hi Zsombor, what do you mean?? Why the router has the broadcast IP in "receive" mode? I would like to know more about this ;) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=75224&t=75161 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Basic IP CEF question (again) [7:75161]
Well, the accurate answer is that those are the packets that the router wants to receive (as opposed to switch), but I didn't think that this would be a lot of help. :) You do recognize the common theme across "own IP address" and "broadcast of local net", don't you? Thanks, Zsombor > My comments: > > Hello Zsombor, I can see IP addresses that doesn't belong to > the router, for example: > Router#sh ip cef | include 10.224.0.51 > 10.224.0.51/32 receive > > But the IP address of the router in the subnet is: > > 10.224.0.49 > > The subnet is: > > 10.224.0.48/30 > > So the IP address 10.224.0.51 is the broadcast address of the > router in the network, but not the IP owned by the router. > What do you think?? > Thx a lot. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=75190&t=75161 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Basic IP CEF question (again) [7:75161]
The history: Author: Zsombor Papp (---.dsl.snfc21.pacbell.net) Date: 09-08-03 14:47 It means that's the router's own IP address. Thanks, Zsombor Curious wrote: > > Hello dear friends, > I would like to know the meaning of the keyword "receive" that I > can see when I execute a "show ip cef" command: > > For example: > > show ip cef > Prefix Next Hop Interface > > > 10.64.15.224/32 receive > > What means that the "next-hop" is "receive". > > More details: > > ROUTER#sh ip route 10.64.15.224 > Routing entry for 10.64.15.224/28 > Known via "connected", distance 0, metric 0 (connected, via > interface) > Redistributing via ospf 10 > Advertised by ospf 10 subnets > Routing Descriptor Blocks: > * directly connected, via FastEthernet4/1/0.30 > Route metric is 0, traffic share count is 1 > > Any comments?? Bye and Thx > > My comments: Hello Zsombor, I can see IP addresses that doesn't belong to the router, for example: Router#sh ip cef | include 10.224.0.51 10.224.0.51/32 receive But the IP address of the router in the subnet is: 10.224.0.49 The subnet is: 10.224.0.48/30 So the IP address 10.224.0.51 is the broadcast address of the router in the network, but not the IP owned by the router. What do you think?? Thx a lot. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=75161&t=75161 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Basic CEF question. [7:74962]
It means that's the router's own IP address. Thanks, Zsombor Curious wrote: > > Hello dear friends, > I would like to know the meaning of the keyword "receive" that I > can see when I execute a "show ip cef" command: > > For example: > > show ip cef >Prefix Next Hop Interface > > >10.64.15.224/32 receive > >What means that the "next-hop" is "receive". > >More details: > >ROUTER#sh ip route 10.64.15.224 > Routing entry for 10.64.15.224/28 > Known via "connected", distance 0, metric 0 (connected, via > interface) > Redistributing via ospf 10 > Advertised by ospf 10 subnets > Routing Descriptor Blocks: > * directly connected, via FastEthernet4/1/0.30 > Route metric is 0, traffic share count is 1 > > Any comments?? Bye and Thx > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74969&t=74962 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Basic CEF question. [7:74962]
Hello dear friends, I would like to know the meaning of the keyword "receive" that I can see when I execute a "show ip cef" command: For example: show ip cef Prefix Next Hop Interface 10.64.15.224/32 receive What means that the "next-hop" is "receive". More details: ROUTER#sh ip route 10.64.15.224 Routing entry for 10.64.15.224/28 Known via "connected", distance 0, metric 0 (connected, via interface) Redistributing via ospf 10 Advertised by ospf 10 subnets Routing Descriptor Blocks: * directly connected, via FastEthernet4/1/0.30 Route metric is 0, traffic share count is 1 Any comments?? Bye and Thx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74962&t=74962 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Question regarding dialer-watch [7:74900]
Hi group... Found the problem My virtual link had got the cost of the bri interface, which I had sett to 65535.. This did so that the virtual link never came up... Thanks for all the advices -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of SEC Groupstudy Sent: 3. september 2003 10:49 To: Security Group Study; 'Jens Petter Eikeland' Subject: RE: Question regarding dialer-watch Hi, You need to do some relavent debugs on the router. may I suggest you try: debug isdn events, debug isdn error, debug ppp events etc. you may like to try a debug ip packet on the dialer interface - but be careful. My guess is that you'll see a "encapsulation failed" type message. Post your configs Adam > -- > From: Jens Petter Eikeland[SMTP:[EMAIL PROTECTED] > Reply To: Jens Petter Eikeland > Sent: Tuesday, September 02, 2003 5:08 PM > To: Security Group Study; Groupstudy > Subject: Question regarding dialer-watch > > I have put up a solution with isdn backup to a primary Frame-Relay link. > This is set up with Tacacs callback solution. > The link seems to function fine. Then I try to put on dialer-watch on the > client side of this link. > When I shall test this by bringing sown the primary, everything looks > fine. > The backup is coming up, the routes ar prefered over isdn. > > But when I try to send any trafic I form of pings or telnet nothing > happens > Even when the link are up my packet wont go over the link. > I have also a friend that is having the same problem, and then I guess > There will be other that has experienced this.. > > Please help, I have only days before my lab attempt > > Jens P Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74900&t=74900 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Question regarding dialer-watch [7:74667]
Jens, Assuming this is legacy DDR, do you have a static layer 3 to layer 2 resolution (dialer map) for the IP of the remote end? Post your config if you're still having trouble. HTH, Brian McGahan, CCIE #8593 [EMAIL PROTECTED] Internetwork Expert, Inc. http://www.InternetworkExpert.com Toll Free: 877-334-8987 Direct: 708-362-1418 (Outside the US and Canada) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jens Petter Eikeland Sent: Tuesday, September 02, 2003 11:16 AM To: [EMAIL PROTECTED] Subject: Question regarding dialer-watch [7:74667] I have put up a solution with isdn backup to a primary Frame-Relay link. This is set up with Tacacs callback solution. The link seems to function fine. Then I try to put on dialer-watch on the client side of this link. When I shall test this by bringing sown the primary, everything looks fine. The backup is coming up, the routes ar prefered over isdn. But when I try to send any trafic I form of pings or telnet nothing happens Even when the link are up my packet wont go over the link. I have also a friend that is having the same problem, and then I guess There will be other that has experienced this.. Please help, I have only days before my lab attempt Jens P **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74760&t=74667 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Question regarding dialer-watch [7:74667]
Jens, Assuming this is legacy DDR, do you have a static layer 3 to layer 2 resolution (dialer map) for the IP of the remote end? Post your config if you're still having trouble. HTH, Brian McGahan, CCIE #8593 [EMAIL PROTECTED] Internetwork Expert, Inc. http://www.InternetworkExpert.com Toll Free: 877-334-8987 Direct: 708-362-1418 (Outside the US and Canada) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jens Petter Eikeland Sent: Tuesday, September 02, 2003 11:16 AM To: [EMAIL PROTECTED] Subject: Question regarding dialer-watch [7:74667] I have put up a solution with isdn backup to a primary Frame-Relay link. This is set up with Tacacs callback solution. The link seems to function fine. Then I try to put on dialer-watch on the client side of this link. When I shall test this by bringing sown the primary, everything looks fine. The backup is coming up, the routes ar prefered over isdn. But when I try to send any trafic I form of pings or telnet nothing happens Even when the link are up my packet wont go over the link. I have also a friend that is having the same problem, and then I guess There will be other that has experienced this.. Please help, I have only days before my lab attempt Jens P **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74701&t=74667 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Question regarding dialer-watch [7:74667]
Jens, Assuming this is legacy DDR, do you have a static layer 3 to layer 2 resolution (dialer map) for the IP of the remote end? Post your config if you're still having trouble. HTH, Brian McGahan, CCIE #8593 [EMAIL PROTECTED] Internetwork Expert, Inc. http://www.InternetworkExpert.com Toll Free: 877-334-8987 Direct: 708-362-1418 (Outside the US and Canada) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jens Petter Eikeland Sent: Tuesday, September 02, 2003 11:16 AM To: [EMAIL PROTECTED] Subject: Question regarding dialer-watch [7:74667] I have put up a solution with isdn backup to a primary Frame-Relay link. This is set up with Tacacs callback solution. The link seems to function fine. Then I try to put on dialer-watch on the client side of this link. When I shall test this by bringing sown the primary, everything looks fine. The backup is coming up, the routes ar prefered over isdn. But when I try to send any trafic I form of pings or telnet nothing happens Even when the link are up my packet wont go over the link. I have also a friend that is having the same problem, and then I guess There will be other that has experienced this.. Please help, I have only days before my lab attempt Jens P **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html [GroupStudy removed an attachment of type application/ms-tnef which had a name of winmail.dat] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74700&t=74667 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
isdn question [7:74677]
what happen if ISDN received the setup but not responded to connect ? IS the problem pointing to layer 1 , 2 or 3 ? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74677&t=74677 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Question regarding dialer-watch [7:74667]
What are you trying to accomplish? A configuration using specific protocols for some lab, or are you just trying to get some connectivity up and running? Why don't you just use backup interface? Ah, it looks like you are doing this for a lab, and not a real-life reason. O.K., is your IPsec connection up after the ISDN kicks in? Since it's for a lab, it really can't hurt security wise to send the configs for both sides, so send them. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Jens Petter Eikeland [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 02, 2003 12:16 PM To: [EMAIL PROTECTED] Subject: Question regarding dialer-watch [7:74667] I have put up a solution with isdn backup to a primary Frame-Relay link. This is set up with Tacacs callback solution. The link seems to function fine. Then I try to put on dialer-watch on the client side of this link. When I shall test this by bringing sown the primary, everything looks fine. The backup is coming up, the routes ar prefered over isdn. But when I try to send any trafic I form of pings or telnet nothing happens Even when the link are up my packet wont go over the link. I have also a friend that is having the same problem, and then I guess There will be other that has experienced this.. Please help, I have only days before my lab attempt Jens P **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74675&t=74667 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Interesting Question [7:74652]
Bani This is my understanding...Just with any rule..you allow certain things and you don't allow some. Reserve some things and you don't reserve some...What I'm trying to say is the matter of logical and efficient,convinient, simple or orderly if you will...when the InterNIC was given the task of IP addressing they had to have some IP addresses be reserved Not used for anything else) but for specific functions internetwork.Such as multicasting for example, 224.0.0.9, 224.0.0.10...224.0.0.5 224.0.0.6 ..in routing protocol(IGRP,OSPF etc.) Or Loopback testing 127.0.0.0.. better still 255.255.255.255 for broadcasting... I don't think there is any mathematical implication but order. Just look at this order and logic below.. Class A = 1-126 ( 0,127 reserved) Class B = 128-191 Class C = 192- 223 Class D = 224-239 (Multicast) If you find one please let me.. Thank you Ollie AT&T Common Backbone 866-397-7309 Opt 1 -Original Message- From: Bharani [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 02, 2003 8:14 AM To: [EMAIL PROTECTED] Subject: Interesting Question [7:74652] Dear Readers Does any one know the Mathematical reason for making 127.X.X.X as a Loop Back address, if so please let me know Thanks in advance Bani **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74670&t=74652 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Question regarding dialer-watch [7:74667]
I have put up a solution with isdn backup to a primary Frame-Relay link. This is set up with Tacacs callback solution. The link seems to function fine. Then I try to put on dialer-watch on the client side of this link. When I shall test this by bringing sown the primary, everything looks fine. The backup is coming up, the routes ar prefered over isdn. But when I try to send any trafic I form of pings or telnet nothing happens Even when the link are up my packet wont go over the link. I have also a friend that is having the same problem, and then I guess There will be other that has experienced this.. Please help, I have only days before my lab attempt Jens P Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74667&t=74667 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Interesting Question [7:74652]
Sorry, but that sounds too much like the joker on the Yahoo group, which I had to quit because it was so full of mis-information. There was this guy who was adamant that packets coming into the router were effected by the outgoing access-list. "Very few people understand ACLs correctly" or something similar he said. "Try it yourself, you will see!" I don't know how many people's time he wasted on that fiasco. There is no "mathematical" reason. Yes, 127 is 0x7f, and 0111, and the answer to everything is 42 (101010). It looks neat, but it has no significance. Why was 45.0.0.0 assigned to InterOp, of all people? Why does InterOp even need a Class A address, let alone any public addresses whatsoever? Why do some Hospitals insist on using the 45/8 network internally because there is only a potential for conflict once a year (or so they think)? And is the moon made of cheese? So what say you, "friends" on the Cisco list? Am I just clueless and there is a "mathematical" reason? I mean, I know about 20 programming languages, including several assembly languages for various processors, and I can't think of a valid reason or any benefit for choosing 127 as the loopback address. It's not like a compare and branch instruction is going to be any faster if the number is 2130706433 (127.0.0.1 as a 32-bit number) or not. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Bharani [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 02, 2003 10:54 AM To: Reimer, Fred Subject: Re: Interesting Question [7:74652] Dear Friend There is a mathematical reson for this and very few people know abt it , please try to speak to your friends to find out Bani - Original Message - From: "Reimer, Fred" To: "Bharani" ; Sent: Tuesday, September 02, 2003 8:16 PM Subject: RE: Interesting Question [7:74652] > There is none. Other than the fact that it is the last Class A address. > > Fred Reimer - CCNA > > > Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 > Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 > > > NOTICE; This email contains confidential or proprietary information which > may be legally privileged. It is intended only for the named recipient(s). > If an addressing or transmission error has misdirected the email, please > notify the author by replying to this message. If you are not the named > recipient, you are not authorized to use, disclose, distribute, copy, print > or rely on this email, and should immediately delete it from your computer. > > > -Original Message----- > From: Bharani [mailto:[EMAIL PROTECTED] > Sent: Tuesday, September 02, 2003 9:14 AM > To: [EMAIL PROTECTED] > Subject: Interesting Question [7:74652] > > Dear Readers > > Does any one know the Mathematical reason for making > 127.X.X.X as a Loop Back address, if so please let me know > > Thanks in advance > Bani > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74663&t=74652 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Interesting Question [7:74652]
There is none. Other than the fact that it is the last Class A address. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Bharani [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 02, 2003 9:14 AM To: [EMAIL PROTECTED] Subject: Interesting Question [7:74652] Dear Readers Does any one know the Mathematical reason for making 127.X.X.X as a Loop Back address, if so please let me know Thanks in advance Bani **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74661&t=74652 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Interesting Question [7:74652]
I don't know why a Class A address was chosen...personnally, I would have chosen a Class C address...less wasteful. However, I might be missing the point here, tho... ""Bharani"" wrote in message news:[EMAIL PROTECTED] > Dear Readers > > Does any one know the Mathematical reason for making > 127.X.X.X as a Loop Back address, if so please let me know > > Thanks in advance > Bani > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74659&t=74652 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Interesting Question [7:74652]
Dear Readers Does any one know the Mathematical reason for making 127.X.X.X as a Loop Back address, if so please let me know Thanks in advance Bani Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74652&t=74652 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: PPP Question [7:74568]
This should work. You can be overriding the hostname and the password by using the interface commands: ppp chap hostname ... ppp chap password ... also one more thing that you can be aware: in an outgoing call, if you do not want to send an OUTGOING CHALLENGE you can be using the "callin" option like: ppp authen chap callin To: Sent: Sunday, August 31, 2003 5:02 AM Subject: PPP Question [7:74568] > Hiyah guys, > > I have a question on PPP CHAP. From the various sources, we just need to > declare the remote router's username and have the same password, apply CHAP > on the PPP serial interfaces and the link will be up. > > In my case, it doesn't work. It became a flapping link. I am using a 2500 > and 2600 router to run PPP. Instead, I have to configure this: > > Router1 > Username Router2 password abc > Username Router1 password abc > > Router2 > Username Router1 password abc > Username Router2 password abc > > Applying CHAP now will have the link up. > > > Any comments on this matter would be appreciated. Thanks. > > > Kenneth > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74572&t=74568 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PPP Question [7:74568]
The way chap works is one router has to "challenge" the other for Shared secret. If you look at it this way then you see the solutions If you do not want one router to challenge the other you can delete the Ppp authe chap or you can use ppp authe chap callin where you can say: "I will challenge the other just fo incoming calls and if he calls me I will not challenge him.." this way you need his username Bu you do not need your router's username in his database Try it! -Original Message- From: Kenneth [mailto:[EMAIL PROTECTED] Sent: Sunday, August 31, 2003 5:02 AM To: [EMAIL PROTECTED] Subject: PPP Question [7:74568] Hiyah guys, I have a question on PPP CHAP. From the various sources, we just need to declare the remote router's username and have the same password, apply CHAP on the PPP serial interfaces and the link will be up. In my case, it doesn't work. It became a flapping link. I am using a 2500 and 2600 router to run PPP. Instead, I have to configure this: Router1 Username Router2 password abc Username Router1 password abc Router2 Username Router1 password abc Username Router2 password abc Applying CHAP now will have the link up. Any comments on this matter would be appreciated. Thanks. Kenneth **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74571&t=74568 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
PPP Question [7:74568]
Hiyah guys, I have a question on PPP CHAP. From the various sources, we just need to declare the remote router's username and have the same password, apply CHAP on the PPP serial interfaces and the link will be up. In my case, it doesn't work. It became a flapping link. I am using a 2500 and 2600 router to run PPP. Instead, I have to configure this: Router1 Username Router2 password abc Username Router1 password abc Router2 Username Router1 password abc Username Router2 password abc Applying CHAP now will have the link up. Any comments on this matter would be appreciated. Thanks. Kenneth Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74568&t=74568 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Cisco BCRAN question ?? HELP !!! [7:74413]
I have some questions on a BCRAN 2.0 and didn't sure what are the answers. What happen if there is no signal / LED for DTR on a modem ? What is service common for AH and ESP ? What is status Delete on Frame Relay Mean ? What is Dial Fast Idle command spec. in DDR ? LCP repond for neighbor of which function ? What happen if AAA is enable but authentication not set ? What is termination at local loop BRI call ? what is caht scrip function ? how you do a Load sharing in NAT ( 2 actions ) Please help if you know the answer for those questions. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74413&t=74413 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: access list question [7:74370]
I think it's the ICMP type/code. Thanks, Zsombor dave petit wrote: > > I have an access list (101) on my router that is tied to a > cable modem > network. > The access list contains the following icmp deny statment. It > seems to > workok. > The question is; what the heck does (3/13) mean in the log > line?? > > Thanks!! > > from access-list 101: > access-list 101 deny icmp any any redirect log > > > > from the log: > list 101 denied icmp 10.132.224.1 -> 68.33.134.253 (3/13), 1 > packet > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.505 / Virus Database: 302 - Release Date: 7/30/2003 > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74381&t=74370 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
access list question [7:74370]
I have an access list (101) on my router that is tied to a cable modem network. The access list contains the following icmp deny statment. It seems to workok. The question is; what the heck does (3/13) mean in the log line?? Thanks!! from access-list 101: access-list 101 deny icmp any any redirect log from the log: list 101 denied icmp 10.132.224.1 -> 68.33.134.253 (3/13), 1 packet --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.505 / Virus Database: 302 - Release Date: 7/30/2003 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74370&t=74370 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Dumb Question [7:74315]
At 6:36 PM + 8/25/03, Robert Edmonds wrote: >To add to Chuck's comment: If you're familiar with Cisco, your sanity is >also the difference. The way Nortel configures their routers is >dramatically different and can leave you very frustrated if you're not used >to them. Do they still use Site Mangler...er, I mean Manager? In all >honesty, it's probably a lot easier, but if you're a CLI officianado, a GUI >can really screw with your mind. > >Robert Site Mangler is pretty much dead except in shops that are used to it. It was a practical market requirement to be Cisco CLI-like, although you obviously can't have every command alike when the underlying structure is different. Now, I may have a bias because I know the internals and the developers, but BCC (not Technician Interface) is actually rather elegant. Inside Bay RS, the command language is strictly object and MIB oriented, where many Cisco commands are more ad hoc. Unfortunately, Nortel has gotten rid of almost all of its IP experts, and has no central routing R&D group. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74357&t=74315 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Dumb Question [7:74315]
Difference between Cisco and Nortel - main diff is cli and menu driven? Not necessarily. If you are talking about the old Wellfleet/Bay Nortel routers, then they certainly have a CLI. You just need to know the MIB very well, and you should be able to configure it with the CLI. I know it used to freak the Wellfleet engineers out when I would configure OSPF with the CLI by using SNMP set commands. They'd say, how can you DO that! You are supposed to use Site Mangler. You could say that the main difference is the underlying architecture. However, Cisco has several different kinds of architecture in their product line. I suppose the biggest difference is that Cisco attempts to make all of their hardware look the same, by having IOS on all platforms. Nortel has many different types of interfaces. For example, their BayRS and Passport (8600) line has completely different interface types. On the other hand, Cisco has several different types of interfaces also: IOS, CatOS, VxWorks (old wireless), VPN Concentrators, etc. Another historical difference is that Wellfleet always believed in SMP, or multiple CPUs in a router working together. Their BN routers had/have a CPU per slot, all working together. Cisco had always fundamentally believed that one CPU is "good enough." I don't know the details, but once upon a time a Wellfleet engineer told me that the head Cisco router architect either quit or threatened to quit because of this difference, and he was concerned that Cisco was going to be left behind because there was no way that once CPU could outperform the multiple CPU architecture of Wellfleet BNs. Of course, that didn't happen, and it could have been made-up marketing hype. And now I believe Cisco has multiple CPU's in some of their higher-end equipment, but I'm not familiar with their whole product line. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Aspiring Cisco Gurl [mailto:[EMAIL PROTECTED] Sent: Sunday, August 24, 2003 11:12 PM To: [EMAIL PROTECTED] Subject: RE: Dumb Question [7:74315] Here is another dumb question... what is the difference between Extreme network equipment and cisco equipment? I know that Cisco and Nortel... main diff is cli and menu driven. **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74353&t=74315 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Dumb Question [7:74315]
To add to Chuck's comment: If you're familiar with Cisco, your sanity is also the difference. The way Nortel configures their routers is dramatically different and can leave you very frustrated if you're not used to them. Do they still use Site Mangler...er, I mean Manager? In all honesty, it's probably a lot easier, but if you're a CLI officianado, a GUI can really screw with your mind. Robert """Chuck Whose Road is Ever Shorter""" wrote in message news:[EMAIL PROTECTED] > ""Aspiring Cisco Gurl"" wrote in message > news:[EMAIL PROTECTED] > > Here is another dumb question... what is the difference between Extreme > > network equipment and cisco equipment? > > depending on the model, a few thousand bucks ;-> > > > > > I know that Cisco and Nortel... main diff is cli and menu driven. > > **Please support GroupStudy by purchasing from the GroupStudy Store: > > http://shop.groupstudy.com > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74346&t=74315 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Dumb Question [7:74315]
Thomas Larus wrote: > > The big difference, for me anyway, is that it is a lot easier > to find > answers to technical questions about the equipment on Cisco's > website. > Cisco's website is voluminous and easy to search. I agree that Cisco's website is voluminous. It's full of well-written, helpful material, most of it accurate. The search engine never works very well for me, though. I use Google. :-) Try searching at Cisco's site on SAFE, for example. Isn't it a bit ridiculous that it comes up with articles that mention fail-safe? (By the way, Google is so cool that you can get it to convert to hex for you. Try typing in "100 in hexadecimal" in Google, for example. Isn't that great what it does?) As far as other differences between Cisco and Nortel There's a good reason I never did marketing, so this won't be stated very well, but Cisco strives to offer end-to-end solutions. Not only do they have products that fit into every niche of a mutli-faceted enterprise or service provider's network, but they also have software tools to optimize the services offered at every layer of a multi-layered network. They have tools for the edge, for the core, for campus networks, home networks, huge service provider networks, etc. Other vendors focus on just one aspect of networking and don't offer end-to-end solutions. One downside with Cisco equipment is that it is designed to support gazillions of features. Features are more important to Cisco than ease of use. Not only can their equipment (espeically PIXes) be a pain in the butt to configure, but it can be almost impossible to even figure out which version of software to use since there are hundreds. It's important to work with a Cisco partner when figuring out which software to use and when buying equipment. Cisco makes it pretty much impossible for the ordinary person to do this... Cisco's Technical Assistance Center (TAC) is excellent. I've heard a few complaints over the years, but I think some people just got unlucky. Most of the time when you call TAC you get a very experienced, knowlegable engineer. Many of them are CCIEs. Priscilla > > Perhaps you can get good info with some sort of Extreme login > or from > Extreme's technical support folks, but when you are a visiting > contractor on > site you don't necessarily want to ask the customer for their > vendor support > login or support contract number just to be able to ask a minor > question. > (Understatement). You want to be able to find answers to most > questions on > your own. > > Others will say that Extreme switches are fast and well-priced. > That may be > so, but I am a researcher (and writer) at heart, and Cisco's > website is the > best technical support website I have ever seen. > > Tom Larus, CCIE #10,014 > > ""Aspiring Cisco Gurl"" wrote in message > news:[EMAIL PROTECTED] > > Here is another dumb question... what is the difference > between Extreme > > network equipment and cisco equipment? > > > > I know that Cisco and Nortel... main diff is cli and menu > driven. > > **Please support GroupStudy by purchasing from the GroupStudy > Store: > > http://shop.groupstudy.com > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74339&t=74315 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Dumb Question [7:74315]
The big difference, for me anyway, is that it is a lot easier to find answers to technical questions about the equipment on Cisco's website. Cisco's website is voluminous and easy to search. Perhaps you can get good info with some sort of Extreme login or from Extreme's technical support folks, but when you are a visiting contractor on site you don't necessarily want to ask the customer for their vendor support login or support contract number just to be able to ask a minor question. (Understatement). You want to be able to find answers to most questions on your own. Others will say that Extreme switches are fast and well-priced. That may be so, but I am a researcher (and writer) at heart, and Cisco's website is the best technical support website I have ever seen. Tom Larus, CCIE #10,014 ""Aspiring Cisco Gurl"" wrote in message news:[EMAIL PROTECTED] > Here is another dumb question... what is the difference between Extreme > network equipment and cisco equipment? > > I know that Cisco and Nortel... main diff is cli and menu driven. > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74337&t=74315 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Dumb Question [7:74315]
""Aspiring Cisco Gurl"" wrote in message news:[EMAIL PROTECTED] > Here is another dumb question... what is the difference between Extreme > network equipment and cisco equipment? depending on the model, a few thousand bucks ;-> > > I know that Cisco and Nortel... main diff is cli and menu driven. > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74324&t=74315 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Dumb Question [7:74315]
Here is another dumb question... what is the difference between Extreme network equipment and cisco equipment? I know that Cisco and Nortel... main diff is cli and menu driven. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74318&t=74315 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Dumb Question [7:74315]
What is the main difference between Cisco Routers and Nortel/Bay Networks Routers? Commands, etc? I've never had much experience with Nortel and have a need and just trying to find information. Thanks, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74315&t=74315 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
OT Post Question About Books [7:74309]
This Sunday has been quiet on the list. In fact most days are quiet on this list these days. This brings to mind a question I have had for a while. If anyone has anything on this I would appreciate hearing from you. The question is, in this down book market how many copies do the books published by publishers such as Cisco Press and O'Reilly actually sell? I searched the web some, but these numbers never seem to be published anywhere. In particular I am curious as to how many copies a how to configure Cisco routers book sells as opposed to some of the more obscure topics O'Reilly publishes books on. Do any of the esteemed authors on the list care to share their numbers with me or point me to the source for such figures? Any information would be appreciated, even if it is a more than this number but less than this other number sort of range. If this is too personal of a question, I understand. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74309&t=74309 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Flash & MEM upgrade for 2500 series question? [7:74298]
I have several 2500 series routers I am using for a practice lab. I want to upgrade them to 16flash/16mem to support the later IOS versions if possible. Does anyone know what the required ROM version is: and how to what ROM version I now have. Also how does one go about getting the required ROM?? Thanks! --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.505 / Virus Database: 302 - Release Date: 7/30/2003 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74298&t=74298 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PIX and Router Setup Question [7:74141]
"Because I am using a private range, I need to address a packet from a private IP address and to internet / from internet to a private ip address. Which would not work. Because 1700 would not do nat" You are correct. I will setup access lists and the IP Inspect on the router. Should I just disable NAT, or would the NAT with the no random keyword be better? As it is now, I have NAT on both, with the web server and email server setup with a static statement using the same address for the inside and outside addresses (so it translates the inside address to the inside address going out), then put a route statement on the router telling it to send anything for the internal network address to the PIX. It works, but I feel it is clumsy and possibly dangerous. Thank you all for the help so far! This forum is great!! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74253&t=74141 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PIX and Router Setup Question [7:74141]
We do not have any more live IP address to use, I would need two more, one on the inside of the router and one on the outside of the pix. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74252&t=74141 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PIM Mode question [7:73108]
Steve, I'm working on multicast design a new DoD network. At this level we are a pretty big network with OC192 pipes. At this level I rather not use any dense mode type of implementation with my multicast design if possible. Got too many other protocols to deal with already. I'm currently at Cisco in San Jose for testing and I think I remember something about a new Auto-RP that was suppose to get away from using the dense mode for the control plane ie. RP discovery and advertisement. I'll ask the lead multicast person here about it and will let you know. Depending on how much load your LAN is taking I wouldn't worry about dense mode. Usually it's the WAN link that are expensive and you would want to optimize bandwidth, but with LAN it's cheap so there is usually not a big concern there for chatty protocols. -Doan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74204&t=73108 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
CIT Exam Question [7:74195]
I will be taking the CIT exam this week and would like to know what is considered passing. When taking the Transcender exams my average score was around 85%; if anyone has any information it would be greatly appreciated! Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74195&t=74195 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PIX and Router Setup Question [7:74141]
What's your reason for having the subnet between the 1700 & PIX private ? Maybe I'm missing something here, but the PIX is a firewall & should be firewalling, not the router. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 19 August 2003 12:52 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: PIX and Router Setup Question [7:74141] Tell me if I am wrong: (off my hat) Nat on pix only would cause me to use the 1700 as router/ routed subnet between pix>1700. Because I am using a private range, I need to address a packet from a private IP address and to internet / from internet to a private ip address. Wich would not work. Because 1700 would not do nat.(Joel). When it does NAT, the segment between 1700 and pix would be private (10.165.251.240/28 for example not the most used 192.168.x.x) Tell the pix to do NAT with the NAT norandomseq keyword. So tcp sockets would not be randomized. On the 1700 filter until layer 4, make a nice and hefty access-list that denies it all exept initiated inside. Really do use dmz for mail filtering and web front-end! If you do punch holes in the pix to inside, please buy linksys or netgear... ;-) Make a plan for ids/syslog and time sync, use it and update it! Make a plan for intrusions/reactions, use it and update it! See SAFE website. http://www.cisco.com/en/US/netsol/ns110/ns170/ns171/ns128/networking_solutio ns_package.html Martijn -Oorspronkelijk bericht- Van: Joel Satterley [mailto:[EMAIL PROTECTED] Verzonden: dinsdag 19 augustus 2003 11:25 Aan: [EMAIL PROTECTED] Onderwerp: RE: PIX and Router Setup Question [7:74141] You'd be better off just using NAT on the PIX, it's what it was made for. Then just secure the 1721 as a perimeter router. NAT'ing twice could cause problems. -Original Message- From: Michael Barnhart [mailto:[EMAIL PROTECTED] Sent: 19 August 2003 04:06 To: [EMAIL PROTECTED] Subject: PIX and Router Setup Question [7:74141] Network is as such: Internet - 1721 - 515 PIX - Network We do not have many live IP addresses, so we want to use one on the 1721 Outside. Between the 1721 and the PIX we want to use a private network, say 192.168.1.x /24. On the inside PIX we will use the IP of the internal network (also a private address). The problem comes in how to setup the PIX to work properly. The 1721 is using NAT, and I would assume I need NAT on the PIX as well. At this point things get confusing! We are hosting a website on the internal network, as well as an email server. I want to see them from the Internet. Question is, do I need to double NAT, or is there some way to have the PIX just pass the internal network to the Router? Thanks! Michael Barnhart **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html === This message has been checked for all known viruses by the Sirocom Virus Scanning Service === === This message has been checked for all known viruses by the Sirocom Virus Scanning Service WWW.SIROCOM.COM === **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html === This message has been checked for all known viruses by the Sirocom Virus Scanning Service === === This message has been checked for all known viruses by the Sirocom Virus Scanning Service WWW.SIROCOM.COM === Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74179&t=74141 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PIX and Router Setup Question [7:74141]
Tell me if I am wrong: (off my hat) Nat on pix only would cause me to use the 1700 as router/ routed subnet between pix>1700. Because I am using a private range, I need to address a packet from a private IP address and to internet / from internet to a private ip address. Wich would not work. Because 1700 would not do nat.(Joel). When it does NAT, the segment between 1700 and pix would be private (10.165.251.240/28 for example not the most used 192.168.x.x) Tell the pix to do NAT with the NAT norandomseq keyword. So tcp sockets would not be randomized. On the 1700 filter until layer 4, make a nice and hefty access-list that denies it all exept initiated inside. Really do use dmz for mail filtering and web front-end! If you do punch holes in the pix to inside, please buy linksys or netgear... ;-) Make a plan for ids/syslog and time sync, use it and update it! Make a plan for intrusions/reactions, use it and update it! See SAFE website. http://www.cisco.com/en/US/netsol/ns110/ns170/ns171/ns128/networking_solutio ns_package.html Martijn -Oorspronkelijk bericht- Van: Joel Satterley [mailto:[EMAIL PROTECTED] Verzonden: dinsdag 19 augustus 2003 11:25 Aan: [EMAIL PROTECTED] Onderwerp: RE: PIX and Router Setup Question [7:74141] You'd be better off just using NAT on the PIX, it's what it was made for. Then just secure the 1721 as a perimeter router. NAT'ing twice could cause problems. -Original Message- From: Michael Barnhart [mailto:[EMAIL PROTECTED] Sent: 19 August 2003 04:06 To: [EMAIL PROTECTED] Subject: PIX and Router Setup Question [7:74141] Network is as such: Internet - 1721 - 515 PIX - Network We do not have many live IP addresses, so we want to use one on the 1721 Outside. Between the 1721 and the PIX we want to use a private network, say 192.168.1.x /24. On the inside PIX we will use the IP of the internal network (also a private address). The problem comes in how to setup the PIX to work properly. The 1721 is using NAT, and I would assume I need NAT on the PIX as well. At this point things get confusing! We are hosting a website on the internal network, as well as an email server. I want to see them from the Internet. Question is, do I need to double NAT, or is there some way to have the PIX just pass the internal network to the Router? Thanks! Michael Barnhart **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html === This message has been checked for all known viruses by the Sirocom Virus Scanning Service === === This message has been checked for all known viruses by the Sirocom Virus Scanning Service WWW.SIROCOM.COM === **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74167&t=74141 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: PIX and Router Setup Question [7:74141]
I would let the Firewall handle the NATing. If you just want the router to perform NAT, you need to use NAT 0 on the PIX. The border router should only do basic filtering and routing. > > From: "Michael Barnhart" > Date: 2003/08/18 Mon PM 11:06:03 EDT > To: [EMAIL PROTECTED] > Subject: PIX and Router Setup Question [7:74141] > > Greg Owens 202-398-2552 [GroupStudy removed an attachment with a content-type header it could not parse.] [Content-Type: null; name="replyAll"] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74170&t=74141 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PIX and Router Setup Question [7:74141]
You'd be better off just using NAT on the PIX, it's what it was made for. Then just secure the 1721 as a perimeter router. NAT'ing twice could cause problems. -Original Message- From: Michael Barnhart [mailto:[EMAIL PROTECTED] Sent: 19 August 2003 04:06 To: [EMAIL PROTECTED] Subject: PIX and Router Setup Question [7:74141] Network is as such: Internet - 1721 - 515 PIX - Network We do not have many live IP addresses, so we want to use one on the 1721 Outside. Between the 1721 and the PIX we want to use a private network, say 192.168.1.x /24. On the inside PIX we will use the IP of the internal network (also a private address). The problem comes in how to setup the PIX to work properly. The 1721 is using NAT, and I would assume I need NAT on the PIX as well. At this point things get confusing! We are hosting a website on the internal network, as well as an email server. I want to see them from the Internet. Question is, do I need to double NAT, or is there some way to have the PIX just pass the internal network to the Router? Thanks! Michael Barnhart **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html === This message has been checked for all known viruses by the Sirocom Virus Scanning Service === === This message has been checked for all known viruses by the Sirocom Virus Scanning Service WWW.SIROCOM.COM === Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74158&t=74141 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PIX and Router Setup Question [7:74141]
Just disable the nat function on PIX for inside network using the nat 0 command...the traffic will reach the router with private source IP where u can nat... Chirag Arora -Original Message- From: Michael Barnhart [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 8:36 AM To: [EMAIL PROTECTED] Subject: PIX and Router Setup Question [7:74141] Network is as such: Internet - 1721 - 515 PIX - Network We do not have many live IP addresses, so we want to use one on the 1721 Outside. Between the 1721 and the PIX we want to use a private network, say 192.168.1.x /24. On the inside PIX we will use the IP of the internal network (also a private address). The problem comes in how to setup the PIX to work properly. The 1721 is using NAT, and I would assume I need NAT on the PIX as well. At this point things get confusing! We are hosting a website on the internal network, as well as an email server. I want to see them from the Internet. Question is, do I need to double NAT, or is there some way to have the PIX just pass the internal network to the Router? Thanks! Michael Barnhart **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Disclaimer Information contained in this E-MAIL being proprietary to Wipro Limited is 'privileged' and 'confidential' and intended for use only by the individual or entity to which it is addressed. You are notified that any use, copying or dissemination of the information contained in the E-MAIL in any manner whatsoever is strictly prohibited. *** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74155&t=74141 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PIX and Router Setup Question [7:74141]
Hi! If there is not another reason, which you didn't mention, the easiest method to solve your problem, if you do not configure NAT on PIX. In this case internal adresses will be seen by the router, so you have to configure the router to NAT the web and e-mail servers in statioc way, and to know about the network in the PIX inside interface. By, HT! -Original Message- From: Michael Barnhart [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 5:06 AM To: [EMAIL PROTECTED] Subject: PIX and Router Setup Question [7:74141] Network is as such: Internet - 1721 - 515 PIX - Network We do not have many live IP addresses, so we want to use one on the 1721 Outside. Between the 1721 and the PIX we want to use a private network, say 192.168.1.x /24. On the inside PIX we will use the IP of the internal network (also a private address). The problem comes in how to setup the PIX to work properly. The 1721 is using NAT, and I would assume I need NAT on the PIX as well. At this point things get confusing! We are hosting a website on the internal network, as well as an email server. I want to see them from the Internet. Question is, do I need to double NAT, or is there some way to have the PIX just pass the internal network to the Router? Thanks! Michael Barnhart **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74156&t=74141 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PIX xlate question [7:74012]
I think the config is too complex for what it (seems) needs to do. If you used PDM, you also can start over from scratch, think you rules over hard, draw a map with all the interfaces and subnets. What is the propose of these rules (nat 2 / glob 2 ) together? is there some mail/www server sitting on those /32 ip's? global (outside) 2 213.213.128.50 nat (inside) 2 157.157.144.49 255.255.255.255 0 0 nat (inside) 2 10.100.0.0 255.255.0.0 0 0 >From my point of view is what you are doing in nat 0 / nat 1 glob 1 / nat 2 glob 2 doable with nat 0 / nat1 glob 1. Take a hard look at access-list 100. Martijn -Oorspronkelijk bericht- Van: Skarphedinsson Arni V. [mailto:[EMAIL PROTECTED] Verzonden: maandag 18 augustus 2003 15:52 Aan: [EMAIL PROTECTED] Onderwerp: RE: PIX xlate question [7:74012] Here are the Global and NAT statements global (outside) 1 213.213.128.100-213.213.128.200 global (outside) 2 213.213.128.50 global (dmz) 1 192.168.17.150 nat (inside) 0 access-list 100 nat (inside) 2 157.157.144.49 255.255.255.255 0 0 nat (inside) 2 10.100.0.0 255.255.0.0 0 0 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 nat (dmz) 1 0.0.0.0 0.0.0.0 0 0 **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74150&t=74012 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
PIX and Router Setup Question [7:74141]
Network is as such: Internet - 1721 - 515 PIX - Network We do not have many live IP addresses, so we want to use one on the 1721 Outside. Between the 1721 and the PIX we want to use a private network, say 192.168.1.x /24. On the inside PIX we will use the IP of the internal network (also a private address). The problem comes in how to setup the PIX to work properly. The 1721 is using NAT, and I would assume I need NAT on the PIX as well. At this point things get confusing! We are hosting a website on the internal network, as well as an email server. I want to see them from the Internet. Question is, do I need to double NAT, or is there some way to have the PIX just pass the internal network to the Router? Thanks! Michael Barnhart Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74141&t=74141 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PIX xlate question [7:74012]
Here are the Global and NAT statements global (outside) 1 213.213.128.100-213.213.128.200 global (outside) 2 213.213.128.50 global (dmz) 1 192.168.17.150 nat (inside) 0 access-list 100 nat (inside) 2 157.157.144.49 255.255.255.255 0 0 nat (inside) 2 10.100.0.0 255.255.0.0 0 0 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 nat (dmz) 1 0.0.0.0 0.0.0.0 0 0 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74107&t=74012 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: PIX xlate question [7:74012]
Your pool may consist of addresses from the local addresses, and the xlates are occuring on a catch as catch basis, which acconts for the weird results of your show command.. Assuming your local addresses are 213.x.x.x, your pool of addresses to which these locals are to be translated is also 213.x.x.xyou apparently have a case of unintional identity NAT here ""Skarphedinsson Arni V."" wrote in message news:[EMAIL PROTECTED] > why would I see the folowing when I do sh xlate on the pix, i.e. > one global address is beeing translated to the next in line global address ? > > and sugestions would be welcome > > > Global 213.213.128.143 Local 213.213.128.142 > Global 213.213.128.142 Local 213.213.128.141 > Global 213.213.128.137 Local 213.213.128.136 > Global 213.213.128.136 Local 213.213.128.135 > Global 213.213.128.139 Local 213.213.128.138 > Global 213.213.128.138 Local 213.213.128.137 > Global 213.213.128.133 Local 217.3.103.62 > Global 213.213.128.132 Local 213.213.128.131 > Global 213.213.128.135 Local 213.213.128.134 > Global 213.213.128.134 Local 213.213.128.133 > Global 213.213.128.129 Local 213.213.128.128 > Global 213.213.128.128 Local 213.213.128.127 > Global 213.213.128.131 Local 213.213.128.130 > Global 213.213.128.130 Local 213.213.128.129 > Global 213.213.128.189 Local 213.213.128.188 > Global 213.213.128.188 Local 213.213.128.187 > Global 213.213.128.191 Local 200.65.74.239 > Global 213.213.128.190 Local 213.213.128.189 > Global 213.213.128.185 Local 213.213.128.184 > Global 213.213.128.184 Local 213.213.128.183 > Global 213.213.128.187 Local 213.213.128.186 > Global 213.213.128.186 Local 213.213.128.185 > Global 213.213.128.181 Local 213.213.128.180 > Global 213.213.128.180 Local 213.213.128.179 > Global 213.213.128.183 Local 213.213.128.182 > Global 213.213.128.182 Local 213.213.128.181 > Global 213.213.128.177 Local 213.213.128.176 > Global 213.213.128.176 Local 213.213.128.175 > Global 213.213.128.179 Local 213.213.128.178 > Global 213.213.128.178 Local 213.213.128.177 > Global 213.213.128.173 Local 213.213.138.210 > Global 213.213.128.172 Local 10.200.20.124 > Global 213.213.128.175 Local 213.213.128.174 > Global 213.213.128.174 Local 213.213.128.173 > Global 213.213.128.169 Local 213.213.128.168 > Global 213.213.128.168 Local 213.213.128.167 > Global 213.213.128.171 Local 213.213.128.170 > Global 213.213.128.170 Local 213.213.128.169 > Global 213.213.128.165 Local 213.213.128.164 > Global 213.213.128.164 Local 213.213.128.163 > Global 213.213.128.167 Local 213.213.128.166 > Global 213.213.128.166 Local 213.213.128.165 > Global 213.213.128.161 Local 213.213.128.160 > Global 213.213.128.160 Local 213.213.128.159 > Global 213.213.128.163 Local 213.213.128.162 > Global 213.213.128.162 Local 213.213.128.161 > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74029&t=74012 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PIX xlate question [7:74012]
Oops. Didn't look at the output closely enough. Can you send the NAT statements? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Edward Sohn Sent: Friday, August 15, 2003 7:36 AM To: [EMAIL PROTECTED] Subject: RE: PIX xlate question [7:74012] you're doing one-for-one NATing. i'll bet your argument states a range of global IP addresses to translate to the local subnet... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pat Donlon Sent: Friday, August 15, 2003 6:24 AM To: [EMAIL PROTECTED] Subject: Re: PIX xlate question [7:74012] Skarphedinsson Arni V. wrote: > why would I see the following when I do sh xlate on the pix, i.e. one > global address is beeing translated to the next in line global address ? > > and sugestions would be welcome > > > Global 213.213.128.143 Local 213.213.128.142 > Global 213.213.128.142 Local 213.213.128.141 > Global 213.213.128.137 Local 213.213.128.136 > Global 213.213.128.136 Local 213.213.128.135 > Global 213.213.128.139 Local 213.213.128.138 > Global 213.213.128.138 Local 213.213.128.137 > Global 213.213.128.133 Local 217.3.103.62 > Global 213.213.128.132 Local 213.213.128.131 > Global 213.213.128.135 Local 213.213.128.134 > Global 213.213.128.134 Local 213.213.128.133 > Global 213.213.128.129 Local 213.213.128.128 > Global 213.213.128.128 Local 213.213.128.127 > Global 213.213.128.131 Local 213.213.128.130 > Global 213.213.128.130 Local 213.213.128.129 > Global 213.213.128.189 Local 213.213.128.188 > Global 213.213.128.188 Local 213.213.128.187 > Global 213.213.128.191 Local 200.65.74.239 > Global 213.213.128.190 Local 213.213.128.189 > Global 213.213.128.185 Local 213.213.128.184 > Global 213.213.128.184 Local 213.213.128.183 > Global 213.213.128.187 Local 213.213.128.186 > Global 213.213.128.186 Local 213.213.128.185 > Global 213.213.128.181 Local 213.213.128.180 > Global 213.213.128.180 Local 213.213.128.179 > Global 213.213.128.183 Local 213.213.128.182 > Global 213.213.128.182 Local 213.213.128.181 > Global 213.213.128.177 Local 213.213.128.176 > Global 213.213.128.176 Local 213.213.128.175 > Global 213.213.128.179 Local 213.213.128.178 > Global 213.213.128.178 Local 213.213.128.177 > Global 213.213.128.173 Local 213.213.138.210 > Global 213.213.128.172 Local 10.200.20.124 > Global 213.213.128.175 Local 213.213.128.174 > Global 213.213.128.174 Local 213.213.128.173 > Global 213.213.128.169 Local 213.213.128.168 > Global 213.213.128.168 Local 213.213.128.167 > Global 213.213.128.171 Local 213.213.128.170 > Global 213.213.128.170 Local 213.213.128.169 > Global 213.213.128.165 Local 213.213.128.164 > Global 213.213.128.164 Local 213.213.128.163 > Global 213.213.128.167 Local 213.213.128.166 > Global 213.213.128.166 Local 213.213.128.165 > Global 213.213.128.161 Local 213.213.128.160 > Global 213.213.128.160 Local 213.213.128.159 > Global 213.213.128.163 Local 213.213.128.162 > Global 213.213.128.162 Local 213.213.128.161 > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > I haven't seen this before, how are you handling IP when they pass through the PIX? Can you post the config for NAT/pat/static? and or post a show xlate detail Cheers Pat **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74021&t=74012 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PIX xlate question [7:74012]
you're doing one-for-one NATing. i'll bet your argument states a range of global IP addresses to translate to the local subnet... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pat Donlon Sent: Friday, August 15, 2003 6:24 AM To: [EMAIL PROTECTED] Subject: Re: PIX xlate question [7:74012] Skarphedinsson Arni V. wrote: > why would I see the following when I do sh xlate on the pix, i.e. one > global address is beeing translated to the next in line global address ? > > and sugestions would be welcome > > > Global 213.213.128.143 Local 213.213.128.142 > Global 213.213.128.142 Local 213.213.128.141 > Global 213.213.128.137 Local 213.213.128.136 > Global 213.213.128.136 Local 213.213.128.135 > Global 213.213.128.139 Local 213.213.128.138 > Global 213.213.128.138 Local 213.213.128.137 > Global 213.213.128.133 Local 217.3.103.62 > Global 213.213.128.132 Local 213.213.128.131 > Global 213.213.128.135 Local 213.213.128.134 > Global 213.213.128.134 Local 213.213.128.133 > Global 213.213.128.129 Local 213.213.128.128 > Global 213.213.128.128 Local 213.213.128.127 > Global 213.213.128.131 Local 213.213.128.130 > Global 213.213.128.130 Local 213.213.128.129 > Global 213.213.128.189 Local 213.213.128.188 > Global 213.213.128.188 Local 213.213.128.187 > Global 213.213.128.191 Local 200.65.74.239 > Global 213.213.128.190 Local 213.213.128.189 > Global 213.213.128.185 Local 213.213.128.184 > Global 213.213.128.184 Local 213.213.128.183 > Global 213.213.128.187 Local 213.213.128.186 > Global 213.213.128.186 Local 213.213.128.185 > Global 213.213.128.181 Local 213.213.128.180 > Global 213.213.128.180 Local 213.213.128.179 > Global 213.213.128.183 Local 213.213.128.182 > Global 213.213.128.182 Local 213.213.128.181 > Global 213.213.128.177 Local 213.213.128.176 > Global 213.213.128.176 Local 213.213.128.175 > Global 213.213.128.179 Local 213.213.128.178 > Global 213.213.128.178 Local 213.213.128.177 > Global 213.213.128.173 Local 213.213.138.210 > Global 213.213.128.172 Local 10.200.20.124 > Global 213.213.128.175 Local 213.213.128.174 > Global 213.213.128.174 Local 213.213.128.173 > Global 213.213.128.169 Local 213.213.128.168 > Global 213.213.128.168 Local 213.213.128.167 > Global 213.213.128.171 Local 213.213.128.170 > Global 213.213.128.170 Local 213.213.128.169 > Global 213.213.128.165 Local 213.213.128.164 > Global 213.213.128.164 Local 213.213.128.163 > Global 213.213.128.167 Local 213.213.128.166 > Global 213.213.128.166 Local 213.213.128.165 > Global 213.213.128.161 Local 213.213.128.160 > Global 213.213.128.160 Local 213.213.128.159 > Global 213.213.128.163 Local 213.213.128.162 > Global 213.213.128.162 Local 213.213.128.161 > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > I haven't seen this before, how are you handling IP when they pass through the PIX? Can you post the config for NAT/pat/static? and or post a show xlate detail Cheers Pat **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74020&t=74012 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: PIX xlate question [7:74012]
Skarphedinsson Arni V. wrote: > why would I see the following when I do sh xlate on the pix, i.e. > one global address is beeing translated to the next in line global address ? > > and sugestions would be welcome > > > Global 213.213.128.143 Local 213.213.128.142 > Global 213.213.128.142 Local 213.213.128.141 > Global 213.213.128.137 Local 213.213.128.136 > Global 213.213.128.136 Local 213.213.128.135 > Global 213.213.128.139 Local 213.213.128.138 > Global 213.213.128.138 Local 213.213.128.137 > Global 213.213.128.133 Local 217.3.103.62 > Global 213.213.128.132 Local 213.213.128.131 > Global 213.213.128.135 Local 213.213.128.134 > Global 213.213.128.134 Local 213.213.128.133 > Global 213.213.128.129 Local 213.213.128.128 > Global 213.213.128.128 Local 213.213.128.127 > Global 213.213.128.131 Local 213.213.128.130 > Global 213.213.128.130 Local 213.213.128.129 > Global 213.213.128.189 Local 213.213.128.188 > Global 213.213.128.188 Local 213.213.128.187 > Global 213.213.128.191 Local 200.65.74.239 > Global 213.213.128.190 Local 213.213.128.189 > Global 213.213.128.185 Local 213.213.128.184 > Global 213.213.128.184 Local 213.213.128.183 > Global 213.213.128.187 Local 213.213.128.186 > Global 213.213.128.186 Local 213.213.128.185 > Global 213.213.128.181 Local 213.213.128.180 > Global 213.213.128.180 Local 213.213.128.179 > Global 213.213.128.183 Local 213.213.128.182 > Global 213.213.128.182 Local 213.213.128.181 > Global 213.213.128.177 Local 213.213.128.176 > Global 213.213.128.176 Local 213.213.128.175 > Global 213.213.128.179 Local 213.213.128.178 > Global 213.213.128.178 Local 213.213.128.177 > Global 213.213.128.173 Local 213.213.138.210 > Global 213.213.128.172 Local 10.200.20.124 > Global 213.213.128.175 Local 213.213.128.174 > Global 213.213.128.174 Local 213.213.128.173 > Global 213.213.128.169 Local 213.213.128.168 > Global 213.213.128.168 Local 213.213.128.167 > Global 213.213.128.171 Local 213.213.128.170 > Global 213.213.128.170 Local 213.213.128.169 > Global 213.213.128.165 Local 213.213.128.164 > Global 213.213.128.164 Local 213.213.128.163 > Global 213.213.128.167 Local 213.213.128.166 > Global 213.213.128.166 Local 213.213.128.165 > Global 213.213.128.161 Local 213.213.128.160 > Global 213.213.128.160 Local 213.213.128.159 > Global 213.213.128.163 Local 213.213.128.162 > Global 213.213.128.162 Local 213.213.128.161 > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > I haven't seen this before, how are you handling IP when they pass through the PIX? Can you post the config for NAT/pat/static? and or post a show xlate detail Cheers Pat Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74016&t=74012 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PIX xlate question [7:74012]
PLS give, just to be sure, Global and NAT statements. Martijn -Oorspronkelijk bericht- Van: Skarphedinsson Arni V. [mailto:[EMAIL PROTECTED] Verzonden: vrijdag 15 augustus 2003 12:34 Aan: [EMAIL PROTECTED] Onderwerp: PIX xlate question [7:74012] why would I see the folowing when I do sh xlate on the pix, i.e. one global address is beeing translated to the next in line global address ? and sugestions would be welcome Global 213.213.128.143 Local 213.213.128.142 Global 213.213.128.142 Local 213.213.128.141 Global 213.213.128.137 Local 213.213.128.136 Global 213.213.128.136 Local 213.213.128.135 Global 213.213.128.139 Local 213.213.128.138 Global 213.213.128.138 Local 213.213.128.137 Global 213.213.128.133 Local 217.3.103.62 Global 213.213.128.132 Local 213.213.128.131 Global 213.213.128.135 Local 213.213.128.134 Global 213.213.128.134 Local 213.213.128.133 Global 213.213.128.129 Local 213.213.128.128 Global 213.213.128.128 Local 213.213.128.127 Global 213.213.128.131 Local 213.213.128.130 Global 213.213.128.130 Local 213.213.128.129 Global 213.213.128.189 Local 213.213.128.188 Global 213.213.128.188 Local 213.213.128.187 Global 213.213.128.191 Local 200.65.74.239 Global 213.213.128.190 Local 213.213.128.189 Global 213.213.128.185 Local 213.213.128.184 Global 213.213.128.184 Local 213.213.128.183 Global 213.213.128.187 Local 213.213.128.186 Global 213.213.128.186 Local 213.213.128.185 Global 213.213.128.181 Local 213.213.128.180 Global 213.213.128.180 Local 213.213.128.179 Global 213.213.128.183 Local 213.213.128.182 Global 213.213.128.182 Local 213.213.128.181 Global 213.213.128.177 Local 213.213.128.176 Global 213.213.128.176 Local 213.213.128.175 Global 213.213.128.179 Local 213.213.128.178 Global 213.213.128.178 Local 213.213.128.177 Global 213.213.128.173 Local 213.213.138.210 Global 213.213.128.172 Local 10.200.20.124 Global 213.213.128.175 Local 213.213.128.174 Global 213.213.128.174 Local 213.213.128.173 Global 213.213.128.169 Local 213.213.128.168 Global 213.213.128.168 Local 213.213.128.167 Global 213.213.128.171 Local 213.213.128.170 Global 213.213.128.170 Local 213.213.128.169 Global 213.213.128.165 Local 213.213.128.164 Global 213.213.128.164 Local 213.213.128.163 Global 213.213.128.167 Local 213.213.128.166 Global 213.213.128.166 Local 213.213.128.165 Global 213.213.128.161 Local 213.213.128.160 Global 213.213.128.160 Local 213.213.128.159 Global 213.213.128.163 Local 213.213.128.162 Global 213.213.128.162 Local 213.213.128.161 **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74014&t=74012 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
PIX xlate question [7:74012]
why would I see the folowing when I do sh xlate on the pix, i.e. one global address is beeing translated to the next in line global address ? and sugestions would be welcome Global 213.213.128.143 Local 213.213.128.142 Global 213.213.128.142 Local 213.213.128.141 Global 213.213.128.137 Local 213.213.128.136 Global 213.213.128.136 Local 213.213.128.135 Global 213.213.128.139 Local 213.213.128.138 Global 213.213.128.138 Local 213.213.128.137 Global 213.213.128.133 Local 217.3.103.62 Global 213.213.128.132 Local 213.213.128.131 Global 213.213.128.135 Local 213.213.128.134 Global 213.213.128.134 Local 213.213.128.133 Global 213.213.128.129 Local 213.213.128.128 Global 213.213.128.128 Local 213.213.128.127 Global 213.213.128.131 Local 213.213.128.130 Global 213.213.128.130 Local 213.213.128.129 Global 213.213.128.189 Local 213.213.128.188 Global 213.213.128.188 Local 213.213.128.187 Global 213.213.128.191 Local 200.65.74.239 Global 213.213.128.190 Local 213.213.128.189 Global 213.213.128.185 Local 213.213.128.184 Global 213.213.128.184 Local 213.213.128.183 Global 213.213.128.187 Local 213.213.128.186 Global 213.213.128.186 Local 213.213.128.185 Global 213.213.128.181 Local 213.213.128.180 Global 213.213.128.180 Local 213.213.128.179 Global 213.213.128.183 Local 213.213.128.182 Global 213.213.128.182 Local 213.213.128.181 Global 213.213.128.177 Local 213.213.128.176 Global 213.213.128.176 Local 213.213.128.175 Global 213.213.128.179 Local 213.213.128.178 Global 213.213.128.178 Local 213.213.128.177 Global 213.213.128.173 Local 213.213.138.210 Global 213.213.128.172 Local 10.200.20.124 Global 213.213.128.175 Local 213.213.128.174 Global 213.213.128.174 Local 213.213.128.173 Global 213.213.128.169 Local 213.213.128.168 Global 213.213.128.168 Local 213.213.128.167 Global 213.213.128.171 Local 213.213.128.170 Global 213.213.128.170 Local 213.213.128.169 Global 213.213.128.165 Local 213.213.128.164 Global 213.213.128.164 Local 213.213.128.163 Global 213.213.128.167 Local 213.213.128.166 Global 213.213.128.166 Local 213.213.128.165 Global 213.213.128.161 Local 213.213.128.160 Global 213.213.128.160 Local 213.213.128.159 Global 213.213.128.163 Local 213.213.128.162 Global 213.213.128.162 Local 213.213.128.161 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74012&t=74012 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
question [7:73543]
How much different is the new requirement for the CCNP. Has the Switching test changed much? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73543&t=73543 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: a token ring question [7:73908]
wj chou wrote: > > Hi, > Can token ring carry multicast traffic? Yes. > And what's the ip > address to mac address mapping if it does? > Thanks! That is a loaded question, seeped in history. Although IEEE 802.5 does have the same group/individual bit as Ethernet (the first bit transmitted) and theoretically should support a simple method of multicast addressing and translation from a L3 multicast to L2 multicast address, alas, it does not. Legacy problems never really disappear. Token Ring was implemented by IBM and others, mostly based on IBM's Token Ring Architectural Reference Manual, and not based entirely on IEEE specifications. One problem was that those early Token Ring implementations didn't support true multicast addresses. Instead, they supported functional addresses, of which there are only 31. Although this problem was recognized years ago, it still haunts us. RFC 1469 specifies how to support IP multicast on Token Ring by using the functional address C0-00-00-04-00-00 (in non-canonical format). All IP multicast addresses are mapped to this address, (as are a few other addresses). And that's how it is usually done, despite the fact that Token Ring chipsets could support a better method these days. Priscilla Oppenheimer > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73926&t=73908 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: a token ring question [7:73908]
thanks a lot for the reply. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73936&t=73908 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
a token ring question [7:73908]
Hi, Can token ring carry multicast traffic? And what's the ip address to mac address mapping if it does? Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73908&t=73908 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: a token ring question [7:73908]
According to cco cat 3900/5000 can switch multicast on TR. http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr mc_r/mult/1rfmult2.htm#1078651 ip multicast use-functional To enable the mapping of IP multicast addresses to the Token Ring functional address 0xc000.0004., use the ip multicast use-functional command in interface configuration mode. To disable the function, use the no form of this command. ip multicast use-functional no ip multicast use-functional Syntax Description This command has no arguments or keywords. Defaults IP multicast address are mapped to the MAC-layer address 0x... Usage Guidelines This command is accepted only on a Token Ring interface. Neighboring devices on the Token Ring on which this feature is used should also use the same functional address for IP multicast traffic. Because there are a limited number of Token Ring functional addresses, other protocols may be assigned to the Token Ring functional address 0xc000.0004.. Therefore, not every frame sent to the functional address is necessarily an IP multicast frame. Examples The following example configures any IP multicast packets going out Token Ring interface 0 to be mapped to MAC address 0xc000.0004.: interface token 0 ip address 1.1.1.1 255.255.255.0 ip pim dense-mode ip multicast use-functional Martijn -Oorspronkelijk bericht- Van: wj chou [mailto:[EMAIL PROTECTED] Verzonden: dinsdag 12 augustus 2003 7:55 Aan: [EMAIL PROTECTED] Onderwerp: a token ring question [7:73908] Hi, Can token ring carry multicast traffic? And what's the ip address to mac address mapping if it does? Thanks! **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73909&t=73908 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PIM Mode question [7:73108]
Thanks for the info Doan Is this info from experience of large multicast deployment? What also I was trying to get at is the question of whether with the enhancement of auto-rp listener is the need for sparse-dense totally negated? This would be regardless of the overhead issues of using auto-rp in the first place, for instance in a LAN environment where the overhead is bearable. Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73973&t=73108 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PIM Mode question [7:73108]
Teflon is correct. If you configure your network to use Auto-RP, then all of your interfaces will have to use PIM Sparse-Dense Mode. Besides the fact that Auto-RP uses dense mode for it's control data, if any router looses connectivity to the RP, then it would fall back to flood-and-prune. To me Auto-RP and BSR is too much overhead for the advantage gain. I would configure several RP and use Anycast/MSDP with that. Next I would configure static RP on all of my routers. The advantages providing that your RP address doesn't change is, it makes RP-to-group mapping a much more simpler process to understand and implement. The convergence time will be so much faster because your convergence will be only as fast as your unicast route convergence. The average convergence time with Auto_RP is around 30ish seconds. BSR is a bit faster, but then again only 1 BSR can advertise RP out at a time and the rest are stand-by BSR. Imagine if you have a 500+ network that gets the RP information from only 1 BSR router. OR if you're using Auto-RP, imagine the flood-and-prune process. To me if you have to configure multicast on every router, I don't think adding an extra line for static RP is too much more to do. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73685&t=73108 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
ISDN SNMP Question [7:73250]
Hi all, I want to monito a cisco 2600 isdn to determine when it is up. Is there a MIB I can watch that changes when the ISDN comes up and then changes back to the original value when it goes down? Thx. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73250&t=73250 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIM Mode question [7:73108]
Steve Telford wrote: > > Regarding PIM Sparse, Dense and Sparse-Dense modes, does anyone > know why the > often stated design preference for sparse-dense exists? I think that the logic is that with sparese-dense, the m-cast network could continue to function even if the RP were to die. It's just a fallback mechanism. > > I realise the Auto-RP requirement which is for Dense mode, > would mean an > otherwise sparse mode network needs to support dense. Is this > the main > driver for sparse-dense or is there some other technical reason? > > I see with software updates Auto-RP can now be supported under > sparse mode > only configured interfaces: > > ip pim autorp listener > > which causes the two auto-rp groups 224.0.1.39 and 224.0.1.40 > to be dense > mode flooded. > > Is there any other requirement for dense mode if the auto-rp > issue is taken > away? Anyone got any comments? > > cheers, > > teflon > > [GroupStudy removed an attachment of type image/gif] > > [GroupStudy removed an attachment of type Image/jpeg] > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73115&t=73108 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIM Mode question [7:73108]
Regarding PIM Sparse, Dense and Sparse-Dense modes, does anyone know why the often stated design preference for sparse-dense exists? I realise the Auto-RP requirement which is for Dense mode, would mean an otherwise sparse mode network needs to support dense. Is this the main driver for sparse-dense or is there some other technical reason? I see with software updates Auto-RP can now be supported under sparse mode only configured interfaces: ip pim autorp listener which causes the two auto-rp groups 224.0.1.39 and 224.0.1.40 to be dense mode flooded. Is there any other requirement for dense mode if the auto-rp issue is taken away? Anyone got any comments? cheers, teflon [GroupStudy removed an attachment of type image/gif] [GroupStudy removed an attachment of type Image/jpeg] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73108&t=73108 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: EIGRP Question [7:73068]
The answer is b. The command ip bandwidth-percent command tells eigrp how much percentage of the configured bandwidth it may use, the default being 50%. The bandwidth command is also used to set the routing protocol metric. This can be set to a particular value depending on what policies are in place. c is wrong because the ip bandwidth-percent command uses or works in conjunction with the bandwidth statement. View it like a tree structure bandwidth command | |_ _ _ip bandwidth-percent command e.g example config interface Serial 2/1 bandwidth 2048 ip bandwidth-percent eigrp 300 60 This tells/allows eigrp process 300 to use 1228.8Kbps (60% of 2048Kbps) on Serial 2/1 regards, gab Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73075&t=73068 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: EIGRP Question [7:73068]
I believe the correct answer is B. "NBMA operation" is generally referring to running EIGRP on Frame Relay, where a hub site can have multiple spoke sites connecting to the same interface. In such situations you may need to modify how much bandwidth EIGRP can use for routing protocol packets. I believe answer C is incorrect, because it talks about modifying the interface bandwidth value. That's not what the bandwidth-percent command does, but modifying the interface bandwidth may be one, not necessarily recommended, way of specifying how much bandwidth EIGRP is allowed. The IOS docs say: "EIGRP will use up to 50 percent of the bandwidth of a link, as defined by the bandwidth interface configuration command. This command may be used if some other fraction of the bandwidth is desired. Note that values greater than 100 percent may be configured. The configuration option may be useful if the bandwidth is set artificially low for other reasons." So I think answer C is trying to trick you by throwing the 50% in there, assuming that you know something is 50% but not really understanding what they are talking about. Bandwidth-percent modifies the percentage of total bandwidth that can be used by EIGRP, the default IS 50%. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Ramesh Ram [mailto:[EMAIL PROTECTED] Sent: Saturday, July 26, 2003 1:16 PM To: [EMAIL PROTECTED] Subject: EIGRP Question [7:73068] You are configuring EIGRP for NBMA operation. What is the purpose of the IP bandwidth-percent EIGRP' command? a. It adjusts the percentage of bandwidth that EIGRP packets can use on all of the router's interfaces. b. It adjusts the percentage of bandwidth that EIGRP packets can use on an individual router interface. c. It overwrites the bandwidth setting on an interface to ensure that EIGRP packets receive 50% of the available bandwidth on the router's interface. d. It limits the % of bandwidth that EIGRP packets can use. The percentage cannot exceed 50% of the configured bandwidth on all of the router's interfaces. I am confused between answers b & c. Could someone clarify ? Ramesh Ram, CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73072&t=73068 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: EIGRP Question [7:73068]
c. is incorrect because 1.) it doesn't overwirte the bandwidth setting, and 2.) the percentage may be lower or higher than 50. b. is the correct answer. Thanks, Zsombor Ramesh Ram wrote: > > You are configuring EIGRP for NBMA operation. What is the > purpose of the IP bandwidth-percent EIGRP command? > > a. It adjusts the percentage of bandwidth that EIGRP packets > can use >on all of the routers interfaces. > b. It adjusts the percentage of bandwidth that EIGRP packets > can >use on an individual router interface. > c. It overwrites the bandwidth setting on an interface to > ensure that >EIGRP packets receive 50% of the available bandwidth on the >routers interface. > d. It limits the % of bandwidth that EIGRP packets can use. The >percentage cannot exceed 50% of the configured bandwidth on > all of >the routers interfaces. > > I am confused between answers b & c. Could someone clarify ? > > Ramesh Ram, CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73071&t=73068 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
EIGRP Question [7:73068]
You are configuring EIGRP for NBMA operation. What is the purpose of the IP bandwidth-percent EIGRP command? a. It adjusts the percentage of bandwidth that EIGRP packets can use on all of the routers interfaces. b. It adjusts the percentage of bandwidth that EIGRP packets can use on an individual router interface. c. It overwrites the bandwidth setting on an interface to ensure that EIGRP packets receive 50% of the available bandwidth on the routers interface. d. It limits the % of bandwidth that EIGRP packets can use. The percentage cannot exceed 50% of the configured bandwidth on all of the routers interfaces. I am confused between answers b & c. Could someone clarify ? Ramesh Ram, CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73068&t=73068 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MPLS Question [7:72885]
Any feedback on the current extent of MPLS content or Mobile IP on the R&S lab..My Lab date is on sep. 30, and MPLS is pretty foreign to me. Any feedback appreciated.. Thanks, Brett Spunt Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72885&t=72885 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: basic PRI question. [7:72691]
Yes, you can do that you are need to setup up DDR then setup backup interface on leased line interface to that DDR and then setup the interface PRI become member that DDR so the interface of the DDR will be stand by, not the interface of the PRI install the route through PRI with higher AD wisnu ""Stuart Pittwood"" wrote in message news:[EMAIL PROTECTED] > I know this is basic & the answer is probably yes but I'll ask anyway > > We have a 1Mb leased line betweem two sites, if we also had 8 channels of a > PRi at both sites, in the event that the leased line was unavailble could > the available PRI channels multilink and dial into the remote site to give > at least some connectivity if yes, could these channels also be used for > remote access when they are not needed as a backup to the leased line. > > Any input appreciated. > > Thanks > > Stu P Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72725&t=72691 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: basic PRI question. [7:72691]
I think so. You would need to setup DDR for the PRI. Install the PRI route with a higher AD than the leased line route so that it is only used when the leased line is unavailable. Also, set up thresholds for the PRI channels. -Nakul ""Stuart Pittwood"" wrote in message news:[EMAIL PROTECTED] > I know this is basic & the answer is probably yes but I'll ask anyway > > We have a 1Mb leased line betweem two sites, if we also had 8 channels of a > PRi at both sites, in the event that the leased line was unavailble could > the available PRI channels multilink and dial into the remote site to give > at least some connectivity if yes, could these channels also be used for > remote access when they are not needed as a backup to the leased line. > > Any input appreciated. > > Thanks > > Stu P Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72699&t=72691 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
basic PRI question. [7:72691]
I know this is basic & the answer is probably yes but I'll ask anyway We have a 1Mb leased line betweem two sites, if we also had 8 channels of a PRi at both sites, in the event that the leased line was unavailble could the available PRI channels multilink and dial into the remote site to give at least some connectivity if yes, could these channels also be used for remote access when they are not needed as a backup to the leased line. Any input appreciated. Thanks Stu P Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72691&t=72691 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question in ABR [7:72624]
May as well just use IS-IS... Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED] Sent: Saturday, July 19, 2003 8:33 PM To: [EMAIL PROTECTED] Subject: Re: Question in ABR [7:72624] At 5:17 PM + 7/19/03, Rajesh Kumar wrote: >Hello all, > >If a router has its interfaces in Area 1 and Area 2 and no Area 0, is it > >still considered to be an ABR OR strictly, one of the interfaces has to > >be in Area 0 to be an ABR? In the present implementation, at least one interface must be in area 0.0.0.0. There is a proposal in the OSPF Working Group to allow "inter-area ABRs," but I don't think this is yet commercially available -- it hasn't yet gotten to RFC. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72657&t=72624 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question in ABR [7:72624]
At 5:17 PM + 7/19/03, Rajesh Kumar wrote: >Hello all, > >If a router has its interfaces in Area 1 and Area 2 and no Area 0, is it > >still considered to be an ABR OR strictly, one of the interfaces has to > >be in Area 0 to be an ABR? In the present implementation, at least one interface must be in area 0.0.0.0. There is a proposal in the OSPF Working Group to allow "inter-area ABRs," but I don't think this is yet commercially available -- it hasn't yet gotten to RFC. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72638&t=72624 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question in ABR [7:72624]
At 9:05 PM + 7/19/03, bergenpeak wrote: >RFC2328 defines this router to be an ABR. However, there are some >issues with this approach. RFC 3509 defines an alternative behavior >for ABRs. In summary, when the router connects to multiple areas >but not to area 0, the router should not operate as an ABR but >instead should operate as if it was internal to all connected areas. Thanks. I missed the RFC approval. > >Rajesh Kumar wrote: >> >> Hello all, >> >> If a router has its interfaces in Area 1 and Area 2 and no Area 0, is it >> >> still considered to be an ABR OR strictly, one of the interfaces has to >> >> be in Area 0 to be an ABR? >> >> Thanks, > > Rajesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72639&t=72624 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question in ABR [7:72624]
This is from RFC2328: Backbone routers A router that has an interface to the backbone area. This includes all routers that interface to more than one area (i.e., area border routers). However, backbone routers do not have to be area border routers. It is not very explicit, I'll give you that. Apparently it confused the authores of RFC3509 as well. :) I wasn't aware of RFC3509. I doubt that R3 on Page 2 of this RFC would ineed "identify itself as an ABR" if it was running IOS. It is an interesting read nonetheless. Thanks, Zsombor bergenpeak wrote: > > RFC2328 defines this router to be an ABR. However, there are > some > issues with this approach. RFC 3509 defines an alternative > behavior > for ABRs. In summary, when the router connects to multiple > areas > but not to area 0, the router should not operate as an ABR but > instead should operate as if it was internal to all connected > areas. > > Rajesh Kumar wrote: > > > > Hello all, > > > > If a router has its interfaces in Area 1 and Area 2 and no > Area 0, is it > > > > still considered to be an ABR OR strictly, one of the > interfaces has to > > > > be in Area 0 to be an ABR? > > > > Thanks, > > Rajesh > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72630&t=72624 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question in ABR [7:72624]
RFC2328 defines this router to be an ABR. However, there are some issues with this approach. RFC 3509 defines an alternative behavior for ABRs. In summary, when the router connects to multiple areas but not to area 0, the router should not operate as an ABR but instead should operate as if it was internal to all connected areas. Rajesh Kumar wrote: > > Hello all, > > If a router has its interfaces in Area 1 and Area 2 and no Area 0, is it > > still considered to be an ABR OR strictly, one of the interfaces has to > > be in Area 0 to be an ABR? > > Thanks, > Rajesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72629&t=72624 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Question in ABR [7:72624]
Hello all, If a router has its interfaces in Area 1 and Area 2 and no Area 0, is it still considered to be an ABR OR strictly, one of the interfaces has to be in Area 0 to be an ABR? Thanks, Rajesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72624&t=72624 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fiber Question [7:72544]
if you are an EE, or desire that level of intimacy with the physical layer, AND you have LOTS of spare cash, you can always join IEEE and buy all their docs on the subject. ;-> ""Zsombor Papp"" wrote in message news:[EMAIL PROTECTED] > At 03:55 AM 7/18/2003 +, "Chuck Whose Road is Ever Shorter" wrote: > >""Zsombor Papp"" wrote in message > >news:[EMAIL PROTECTED] > > > At 01:20 AM 7/18/2003 +, Bill wrote: > > > >Just learning basics of fiber communication. > > > > > > Btw, optical communication is indeed an interesting topic. Does anyone > >have > > > a recommendation for a good book on this? I would be very interested in a > > > book (let alone web site) that explains the fundamental principles > > > (modulation, dispersion, spectral width, etc) in a great detail, but > > > without making my brain explode with thousands of formulas. (Yeah, I > know, > > > it's not an easy request.) > > > > > > For example, why exactly do we need that conditioning cable when > >connecting > > > a MM cable to a SM interface? > > > > > >not that CCO necessarily provides intimate technical details, but if you > >read the footnotes you can infer that it has to do with laser strength and > >signal saturation. > > That's probably just one part of the problem. That same footnote goes on to > say that "mode-conditioning patch cord is required for link distances > *greater* than 984 feet". Surely the signal doesn't get stronger as the > distance increases? > > See also this page: > > http://www.l-com.com/content/ResourceCenter/Tips/pages/fiber_06.htm > > which talks about Differential Mode Delay (DMD) and hints about the > importance of positioning the SM core against the MM core. This DMD sounds > like modal dispersion, but if it really is modal dispersion, then why is > the SM interface affected more by this than the MM interface? > > Btw, as for the laser strength and saturation, I am also wondering why that > doesn't present a problem with SM cables. Because the small core doesn't > carry as much energy as the large core of the MM cable? Or maybe it is a > problem even for SM, they just assume that you wouldn't use SM cable for a > distance measured in "10s of meters"? > > Thanks, > > Zsombor > > > >http://www.cisco.com/en/US/products/hw/modules/ps872/products_data_sheet091 86a008014cb5e.html > >watch the wrap. > > > >probably the same reason why the minimum length of a fiber patch ( > >multimode ) is 3 meters / 10 foot > > > > > > > > > > Thanks, > > > > > > Zsombor > > > > > > > I am not sure about which fiber > > > >cable I saw but it was orange and basically connected two 3550's > >together. > > > > > > > >The fiber had two connectors on each side. One was blue and the other > was > > > >red. > > > > > > > >How is it normally connected? I guess the switch ports are receive and > > > >transmit. So, does that mean if you connect red on the left port on one > > > >switch, you would connect the red on the other side of the cable to the > > > >right port of the switch? > > > > > > > >Thx > > > >bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72581&t=72544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fiber Question [7:72544]
Zsombor Papp wrote: > For example, why exactly do we need that conditioning cable when connecting > a MM cable to a SM interface? Because some MM cable has a small flaw exactly in the center of the fiber (depending on the fabrication process, I believe). The MM interface isn't bothered by it because it completely fills the entire fiber, but the SM interface doesn't; it would run slam-bang into the flaw. What the conditioning cable does is slightly offset the SM laser from the center of the MM fiber, avoiding the flaw. That's also why you don't always need it; if your MM fiber is made differently, it may not have that flaw. At least, that's how I always understood it. Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72562&t=72544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fiber Question [7:72544]
At 03:56 AM 7/18/2003 +, annlee wrote: >Here is some help >http://www.americanfibertek.com/FAQ.htm#fiber "singlemode fiber is half the cost of multimode fiber" ??? > and >http://www.americanfibertek.com/products/PDFCatalog/History.pdf >All the fiber I saw followed the convention orange=MM, yellow=SM. MM fiber >is not capable of handling SM input, With conditioning cable patches it can. > but SM fiber can handle MM input. Is this a fact? No restrictions, no gotcha's, it just works? > IIRC, >the reason was power on the laser emission as well as frequencies used, etc. >There is also some info in SONET, 3e, by Goralski >--it's on amazon.com. I have the 2e, and I learned a ton from it, including >the introductory material about how networking developed as it did. It's good for an introduction, I just wish it would continue to elaborate on the optical aspect, instead of getting into the boring details of SONET. He chose the title well though, I have to give him that... :) >In our lab, we weren't often blessed with red and blue connectors; more >often it was dual black connectors, in which case we ran fingers down the >fiber to get the 180-degree twist (rx--tx and tx--rx): it really is a manual >crossover. I usually check the inscription on the cable. On the cables we use, only one half has an inscription (on both ends). > The finger roll only works in a lab, though. Dolphins lose their >grip on the transoceanic fibers... They must be using color codes... :) Thanks, Zsombor >Annlee > >""Zsombor Papp"" wrote in message >news:[EMAIL PROTECTED] > > At 01:20 AM 7/18/2003 +, Bill wrote: > > >Just learning basics of fiber communication. > > > > Btw, optical communication is indeed an interesting topic. Does anyone >have > > a recommendation for a good book on this? I would be very interested in a > > book (let alone web site) that explains the fundamental principles > > (modulation, dispersion, spectral width, etc) in a great detail, but > > without making my brain explode with thousands of formulas. (Yeah, I know, > > it's not an easy request.) > > > > For example, why exactly do we need that conditioning cable when >connecting > > a MM cable to a SM interface? > > > > Thanks, > > > > Zsombor > > > > > I am not sure about which fiber > > >cable I saw but it was orange and basically connected two 3550's >together. > > > > > >The fiber had two connectors on each side. One was blue and the other was > > >red. > > > > > >How is it normally connected? I guess the switch ports are receive and > > >transmit. So, does that mean if you connect red on the left port on one > > >switch, you would connect the red on the other side of the cable to the > > >right port of the switch? > > > > > >Thx > > >bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72558&t=72544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fiber Question [7:72544]
At 03:55 AM 7/18/2003 +, "Chuck Whose Road is Ever Shorter" wrote: >""Zsombor Papp"" wrote in message >news:[EMAIL PROTECTED] > > At 01:20 AM 7/18/2003 +, Bill wrote: > > >Just learning basics of fiber communication. > > > > Btw, optical communication is indeed an interesting topic. Does anyone >have > > a recommendation for a good book on this? I would be very interested in a > > book (let alone web site) that explains the fundamental principles > > (modulation, dispersion, spectral width, etc) in a great detail, but > > without making my brain explode with thousands of formulas. (Yeah, I know, > > it's not an easy request.) > > > > For example, why exactly do we need that conditioning cable when >connecting > > a MM cable to a SM interface? > > >not that CCO necessarily provides intimate technical details, but if you >read the footnotes you can infer that it has to do with laser strength and >signal saturation. That's probably just one part of the problem. That same footnote goes on to say that "mode-conditioning patch cord is required for link distances *greater* than 984 feet". Surely the signal doesn't get stronger as the distance increases? See also this page: http://www.l-com.com/content/ResourceCenter/Tips/pages/fiber_06.htm which talks about Differential Mode Delay (DMD) and hints about the importance of positioning the SM core against the MM core. This DMD sounds like modal dispersion, but if it really is modal dispersion, then why is the SM interface affected more by this than the MM interface? Btw, as for the laser strength and saturation, I am also wondering why that doesn't present a problem with SM cables. Because the small core doesn't carry as much energy as the large core of the MM cable? Or maybe it is a problem even for SM, they just assume that you wouldn't use SM cable for a distance measured in "10s of meters"? Thanks, Zsombor >http://www.cisco.com/en/US/products/hw/modules/ps872/products_data_sheet09186a008014cb5e.html >watch the wrap. > >probably the same reason why the minimum length of a fiber patch ( >multimode ) is 3 meters / 10 foot > > > > > > Thanks, > > > > Zsombor > > > > > I am not sure about which fiber > > >cable I saw but it was orange and basically connected two 3550's >together. > > > > > >The fiber had two connectors on each side. One was blue and the other was > > >red. > > > > > >How is it normally connected? I guess the switch ports are receive and > > >transmit. So, does that mean if you connect red on the left port on one > > >switch, you would connect the red on the other side of the cable to the > > >right port of the switch? > > > > > >Thx > > >bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72559&t=72544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fiber Question [7:72544]
Here is some help http://www.americanfibertek.com/FAQ.htm#fiber and http://www.americanfibertek.com/products/PDFCatalog/History.pdf All the fiber I saw followed the convention orange=MM, yellow=SM. MM fiber is not capable of handling SM input, but SM fiber can handle MM input. IIRC, the reason was power on the laser emission as well as frequencies used, etc. There is also some info in SONET, 3e, by Goralski --it's on amazon.com. I have the 2e, and I learned a ton from it, including the introductory material about how networking developed as it did. In our lab, we weren't often blessed with red and blue connectors; more often it was dual black connectors, in which case we ran fingers down the fiber to get the 180-degree twist (rx--tx and tx--rx): it really is a manual crossover. The finger roll only works in a lab, though. Dolphins lose their grip on the transoceanic fibers... Annlee ""Zsombor Papp"" wrote in message news:[EMAIL PROTECTED] > At 01:20 AM 7/18/2003 +, Bill wrote: > >Just learning basics of fiber communication. > > Btw, optical communication is indeed an interesting topic. Does anyone have > a recommendation for a good book on this? I would be very interested in a > book (let alone web site) that explains the fundamental principles > (modulation, dispersion, spectral width, etc) in a great detail, but > without making my brain explode with thousands of formulas. (Yeah, I know, > it's not an easy request.) > > For example, why exactly do we need that conditioning cable when connecting > a MM cable to a SM interface? > > Thanks, > > Zsombor > > > I am not sure about which fiber > >cable I saw but it was orange and basically connected two 3550's together. > > > >The fiber had two connectors on each side. One was blue and the other was > >red. > > > >How is it normally connected? I guess the switch ports are receive and > >transmit. So, does that mean if you connect red on the left port on one > >switch, you would connect the red on the other side of the cable to the > >right port of the switch? > > > >Thx > >bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72555&t=72544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fiber Question [7:72544]
""Zsombor Papp"" wrote in message news:[EMAIL PROTECTED] > At 01:20 AM 7/18/2003 +, Bill wrote: > >Just learning basics of fiber communication. > > Btw, optical communication is indeed an interesting topic. Does anyone have > a recommendation for a good book on this? I would be very interested in a > book (let alone web site) that explains the fundamental principles > (modulation, dispersion, spectral width, etc) in a great detail, but > without making my brain explode with thousands of formulas. (Yeah, I know, > it's not an easy request.) > > For example, why exactly do we need that conditioning cable when connecting > a MM cable to a SM interface? not that CCO necessarily provides intimate technical details, but if you read the footnotes you can infer that it has to do with laser strength and signal saturation. http://www.cisco.com/en/US/products/hw/modules/ps872/products_data_sheet09186a008014cb5e.html watch the wrap. probably the same reason why the minimum length of a fiber patch ( multimode ) is 3 meters / 10 foot > > Thanks, > > Zsombor > > > I am not sure about which fiber > >cable I saw but it was orange and basically connected two 3550's together. > > > >The fiber had two connectors on each side. One was blue and the other was > >red. > > > >How is it normally connected? I guess the switch ports are receive and > >transmit. So, does that mean if you connect red on the left port on one > >switch, you would connect the red on the other side of the cable to the > >right port of the switch? > > > >Thx > >bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72554&t=72544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fiber Question [7:72544]
At 01:20 AM 7/18/2003 +, Bill wrote: >Just learning basics of fiber communication. Btw, optical communication is indeed an interesting topic. Does anyone have a recommendation for a good book on this? I would be very interested in a book (let alone web site) that explains the fundamental principles (modulation, dispersion, spectral width, etc) in a great detail, but without making my brain explode with thousands of formulas. (Yeah, I know, it's not an easy request.) For example, why exactly do we need that conditioning cable when connecting a MM cable to a SM interface? Thanks, Zsombor > I am not sure about which fiber >cable I saw but it was orange and basically connected two 3550's together. > >The fiber had two connectors on each side. One was blue and the other was >red. > >How is it normally connected? I guess the switch ports are receive and >transmit. So, does that mean if you connect red on the left port on one >switch, you would connect the red on the other side of the cable to the >right port of the switch? > >Thx >bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72551&t=72544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: a default route question.. [7:72211]
Yes. Thanks. I was mistakenly thought that there is a way your could redistribute the default route to eigrp neighbors without using the redistribute static command. Wasted half an hour playing around with all the options until...nothing. A search on CCO shows this link which stated:"EIGRP propagates a route to network 0.0.0.0, but the static route must be redistributed into EIGRP" http://www.cisco.com/en/US/partner/tech/tk365/tk554/technologies_tech_note09186a0080094374.shtml -luan >From: Zsombor Papp >To: "Luan Nguyen" >CC: [EMAIL PROTECTED] >Subject: RE: a default route question.. [7:72211] >Date: Thu, 17 Jul 2003 15:40:13 -0700 > >Command depends on routing protocol. You are probably in EIGRP. >'default-information originate' is used with OSPF and ISIS. As we found out >recently, newer versions of IOS allow this command under RIP as well, >although I have to wonder what that does as RIP advertises the default >route without it anyway (after redistribution, of course). > >Thanks, > >Zsombor > >At 09:16 PM 7/17/2003 +, Luan Nguyen wrote: >>Hello, >> >>(config-router)#default-information ? >> allowed Allow default information >> in Accept default routing information >> out Output default routing information >> >>There is no such thing is default-info originate. >>All the above are default with cisco I believe, I still don't understand >>what Daniel said about ip default-network >>How do create an ip default-network to equal to ip route 0.0.0.0 0.0.0.0 >>1.1.1.1 ? >>The way I am doing now is just redistribute static and maybe filter to >>only 0.0.0.0 with route-map >> >>Thanks. >> >>Regards, >> >> >> >> >>-Original Message- >>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >>Sent: Thursday, July 17, 2003 12:58 PM >>To: [EMAIL PROTECTED] >>Subject: RE: a default route question.. [7:72211] >> >> >>Daniel Cotts wrote: >> > >> > Not an issue of errata but of reading a little further. >> > If there is a default static 0.0.0.0 0.0.0.0 192.168.1.2 >> > and RIP on the router then: >> > that router will use the static as its gateway of last resort and RIP >> > will advertise that route to its neighbors. >> > For IGRP and EIGRP see Doyle p 756 >> > "Default routing is somewhat different for IGRP and EIGRP. >> > These protocols >> > do not understand the address 0.0.0.0. Rather, they advertise >> > an actual >> > address as an external route" >> > Use the ip default-network command to create that route. >> > ip default-network 10.0.1.0 (or whatever - plus in EIGRP one >> > can add a mask) >> > The router on which that is configured will advertise that >> > route to its >> > neighbors. >> >>Will IGRP and EIGRP do this automatically or do they need >>default-information originate, I wonder? >> >>It's probably not worth testing on my routers because they are so old >>they won't take a recent IOS version. >> >>When I get back to my work lab I could test it, but that won't be until >>September. (The academic life has some advantages. :-) >> >>Priscilla >> > See also "EIGRP Network Design Solutions" page 219-223 >> > (It appears the book is out of print. There are a few available on >> > Amazon.) So - the sentence in Doyle p 753 "After a default route is >> > identified in the >> > routing table, RIP, IGRP, and EIGRP will automatically >> > advertise it." - is >> > true as long as we understand that "default route" means >> > different things >> > for RIP vs EIGRP. No redistribution commands are used. >> > >> > Now - the original point of this thread was 'has the treatment of >> > default routes - particularly by RIP - changed in newer versions of >> > IOS?' Some weeks >> > ago I did some testing and did not find any change (used 11.1 >> > through 12.2). >> > However, I seem to remember some discussion by Chuck and others >> > in the past >> > on this subject. I haven't searched the archives - so am open >> > to anyone >> > proving otherwise. >> > >> > > -Original Message- >> > > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] >> > >> > > But, alas, this didn't work on IGRP or EIGRP. >> > > >> > > So if anyone has a good errata for Doyle, Volume I, is this >> > in it? _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72550&t=72211 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fiber Question [7:72544]
At 01:20 AM 7/18/2003 +, Bill wrote: >Just learning basics of fiber communication. I am not sure about which fiber >cable I saw but it was orange FWIW, the MM cables we use are usually orange and the SM cables yellow. Not sure if this is a general rule though... :))) > and basically connected two 3550's together. Unfortunatly the type of the cable depends on the GBIC, not the box itself. In fact as we saw here recently, the GBIC type and the cable type doesn't even need to match. >The fiber had two connectors on each side. I guess that's a pretty standard solution... although it is possible to transmit and receive on the same fiber, isn't it? Never seen one of those though. > One was blue and the other was red. This is unfortunately not the case with every fiber cable, although it could come handy sometimes. >How is it normally connected? I guess the switch ports are receive and >transmit. Yes. > So, does that mean if you connect red on the left port on one >switch, you would connect the red on the other side of the cable to the >right port of the switch? Probably. Unless the cable manufacturer wants to intentionally screw you and assigns the colors randomly... :) Thanks, Zsombor >Thx >bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72548&t=72544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fiber Question [7:72544]
""Bill"" wrote in message news:[EMAIL PROTECTED] > Just learning basics of fiber communication. I am not sure about which fiber > cable I saw but it was orange and basically connected two 3550's together. > > The fiber had two connectors on each side. One was blue and the other was > red. > > How is it normally connected? I guess the switch ports are receive and > transmit. So, does that mean if you connect red on the left port on one > switch, you would connect the red on the other side of the cable to the > right port of the switch? yeah - in effect you have to "cross over" i.e the TX on device 1 connects to the RX on device 2 and visa versa. this can be done at the patch panel or at the gbic. > > Thx > bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72549&t=72544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]