subject:"Cisco Question"

RE: Cisco Question

2009-11-20 Thread Brian Desmond

No you can use something like selfssl to generate it.

Thanks,
Brian Desmond
br...@briandesmond.com<mailto:br...@briandesmond.com>

c - 312.731.3132

From: Chyka, Robert [mailto:bch...@medaille.edu]
Sent: Friday, November 20, 2009 1:35 PM
To: NT System Admin Issues
Subject: RE: Cisco Question

Oh sweet... do we need a dedicated certificate server?  Well I will research 
instead of bothering you...


From: Don Ely [mailto:don@gmail.com]
Sent: Friday, November 20, 2009 2:32 PM
To: NT System Admin Issues
Subject: Re: Cisco Question

Roll your own internal, doesn't have to be public...
On Fri, Nov 20, 2009 at 11:29 AM, Chyka, Robert 
mailto:bch...@medaille.edu>> wrote:
Thanks for the extra pointer...  Who has cheap certs?  I haven't shopped for 
one in a few years when we redid our Exchange box.


From: Don Ely [mailto:don@gmail.com<mailto:don@gmail.com>]
Sent: Friday, November 20, 2009 2:27 PM
To: NT System Admin Issues
Subject: Re: Cisco Question

create an ACL allowing only access from their IP address to your NAT'd address. 
 Also, I'd put an SSL cert on your AD servers and use 636 instead...
On Fri, Nov 20, 2009 at 11:25 AM, Chyka, Robert 
mailto:bch...@medaille.edu>> wrote:
Hello,

We have a Library Catalog server that is hosted by the company that we 
subscribe to their databases.  It is a server dedicated to our school, but 
hosted in their data center.  They need to have LDAP access from their 
outsourced box to our internal AD Controllers for LDAP authentication for our 
users to the database server.

Our AD servers sit behind a ASA Firewall.  How would I set up the rule to allow 
port 389 to be open for the IP address of the outsourced server?

Any help is greatly appreciated.

Bob























~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Cisco Question

2009-11-20 Thread Brian Desmond

Truth be told this is actually a VERY common configuration (opening LDAPS over 
the Internet to a set of remote IPs). I've seen it in many many large orgs. 
It's not the cleanest but it works.

Thanks,
Brian Desmond
br...@briandesmond.com<mailto:br...@briandesmond.com>

c - 312.731.3132

From: Mayo, Bill [mailto:bem...@pittcountync.gov]
Sent: Friday, November 20, 2009 2:13 PM
To: NT System Admin Issues
Subject: RE: Cisco Question

I could possibly live with the SSL encryption of the traffic if it was a short 
term situation.  You could probably make an argument that the VPN connection 
isn't signficantly more secure than LDAP over SSL, but the VPN connection gives 
you an extra layer of authentication.

Is it an option to just have a secondary authentication on their box?  I know 
and understand that multiple usernames/passwords isn't desirable, but I 
personally haven't run into a situation where a 3rd party wanted to 
authenticate against our domain from their server.

I'm sure that there are folks that know more than I do, but I would offer the 
following potential security issues (that come to mind at the moment):

  *   IP addresses can be spoofed and someone could run an attack against your 
DC.  Depending your lockout policies, they could detect usernames/passwords 
and/or lockout accounts.  They could also do some kind of DOS attack.
  *   A disgrunted employee at the 3rd party could take action to capture your 
usernames/passwords (at least there is some possible remedy for that).  This 
one is a potential issue no matter how you secure the connection.
The bottom line is that you are opening a port directly to a domain controller 
over the internet.  Make sure you point out the potential issues.  If the 
powers that be decide to go-ahead, you have at least done your duty to warn 
them.


From: Chyka, Robert [mailto:bch...@medaille.edu]
Sent: Friday, November 20, 2009 2:56 PM
To: NT System Admin Issues
Subject: RE: Cisco Question
Thanks for the great points!!  So if we can't get a VPN setup, would you fight 
to kill the project or would you trust the SSL cert encryption?


From: Mayo, Bill [mailto:bem...@pittcountync.gov]
Sent: Friday, November 20, 2009 2:54 PM
To: NT System Admin Issues
Subject: RE: Cisco Question

I think opening port 389, even restricted by IP, over the internet is a 
non-starter.  That means that the logon credentials are being sent over the 
internet in the clear.  Make sure you insist on the SSL variant, although I 
would note that I personally wouldn't even be happy about that.  I would much 
prefer some kind of VPN setup directly to the box, if possible.


From: Don Ely [mailto:don@gmail.com]
Sent: Friday, November 20, 2009 2:27 PM
To: NT System Admin Issues
Subject: Re: Cisco Question
create an ACL allowing only access from their IP address to your NAT'd address. 
 Also, I'd put an SSL cert on your AD servers and use 636 instead...
On Fri, Nov 20, 2009 at 11:25 AM, Chyka, Robert 
mailto:bch...@medaille.edu>> wrote:
Hello,

We have a Library Catalog server that is hosted by the company that we 
subscribe to their databases.  It is a server dedicated to our school, but 
hosted in their data center.  They need to have LDAP access from their 
outsourced box to our internal AD Controllers for LDAP authentication for our 
users to the database server.

Our AD servers sit behind a ASA Firewall.  How would I set up the rule to allow 
port 389 to be open for the IP address of the outsourced server?

Any help is greatly appreciated.

Bob






















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: Cisco Question

2009-11-20 Thread Jon Harris

If you do go ahead with this put in extensive monitoring of the user ID that
they use to access the Directory.  If possible have all connects restricted
to a single OU as well.  I would in addition have some kind of reporting in
place to report all connections to your directory.

Jon

On Fri, Nov 20, 2009 at 3:12 PM, Mayo, Bill  wrote:

>  I could possibly live with the SSL encryption of the traffic if it was a
> short term situation.  You could probably make an argument that the VPN
> connection isn't signficantly more secure than LDAP over SSL, but the VPN
> connection gives you an extra layer of authentication.
>
> Is it an option to just have a secondary authentication on their box?  I
> know and understand that multiple usernames/passwords isn't desirable, but I
> personally haven't run into a situation where a 3rd party wanted to
> authenticate against our domain from their server.
>
> I'm sure that there are folks that know more than I do, but I would offer
> the following potential security issues (that come to mind at the moment):
>
>- IP addresses can be spoofed and someone could run an attack against
>your DC.  Depending your lockout policies, they could detect
>usernames/passwords and/or lockout accounts.  They could also do some kind
>of DOS attack.
>- A disgrunted employee at the 3rd party could take action to capture
>your usernames/passwords (at least there is some possible remedy for that).
>*This one is a potential issue no matter how you secure the connection.
>*
>
> The bottom line is that you are opening a port directly to a domain
> controller over the internet.  Make sure you point out the potential
> issues.  If the powers that be decide to go-ahead, you have at least done
> your duty to warn them.
>
>  --
>  *From:* Chyka, Robert [mailto:bch...@medaille.edu]
> *Sent:* Friday, November 20, 2009 2:56 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Cisco Question
>
>   Thanks for the great points!!  So if we can’t get a VPN setup, would you
> fight to kill the project or would you trust the SSL cert encryption?
>
>
>  --
>
> *From:* Mayo, Bill [mailto:bem...@pittcountync.gov]
> *Sent:* Friday, November 20, 2009 2:54 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Cisco Question
>
>
>
> I think opening port 389, even restricted by IP, over the internet is a
> non-starter.  That means that the logon credentials are being sent over the
> internet in the clear.  Make sure you insist on the SSL variant, although I
> would note that I personally wouldn't even be happy about that.  I would
> much prefer some kind of VPN setup directly to the box, if possible.
>
>
>  --
>
> *From:* Don Ely [mailto:don@gmail.com]
> *Sent:* Friday, November 20, 2009 2:27 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Cisco Question
>
> create an ACL allowing only access from their IP address to your NAT'd
> address.  Also, I'd put an SSL cert on your AD servers and use 636
> instead...
>
> On Fri, Nov 20, 2009 at 11:25 AM, Chyka, Robert 
> wrote:
>
> Hello,
>
>
>
> We have a Library Catalog server that is hosted by the company that we
> subscribe to their databases.  It is a server dedicated to our school, but
> hosted in their data center.  They need to have LDAP access from their
> outsourced box to our internal AD Controllers for LDAP authentication for
> our users to the database server.
>
>
>
> Our AD servers sit behind a ASA Firewall.  How would I set up the rule to
> allow port 389 to be open for the IP address of the outsourced server?
>
>
>
> Any help is greatly appreciated.
>
>
>
> Bob
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Cisco Question

2009-11-20 Thread Mayo, Bill

I could possibly live with the SSL encryption of the traffic if it was a
short term situation.  You could probably make an argument that the VPN
connection isn't signficantly more secure than LDAP over SSL, but the
VPN connection gives you an extra layer of authentication.
 
Is it an option to just have a secondary authentication on their box?  I
know and understand that multiple usernames/passwords isn't desirable,
but I personally haven't run into a situation where a 3rd party wanted
to authenticate against our domain from their server.
 
I'm sure that there are folks that know more than I do, but I would
offer the following potential security issues (that come to mind at the
moment):

*   
IP addresses can be spoofed and someone could run an attack
against your DC.  Depending your lockout policies, they could detect
usernames/passwords and/or lockout accounts.  They could also do some
kind of DOS attack.
*   
A disgrunted employee at the 3rd party could take action to
capture your usernames/passwords (at least there is some possible remedy
for that).  This one is a potential issue no matter how you secure the
connection.

The bottom line is that you are opening a port directly to a domain
controller over the internet.  Make sure you point out the potential
issues.  If the powers that be decide to go-ahead, you have at least
done your duty to warn them.



From: Chyka, Robert [mailto:bch...@medaille.edu] 
Sent: Friday, November 20, 2009 2:56 PM
To: NT System Admin Issues
Subject: RE: Cisco Question



Thanks for the great points!!  So if we can't get a VPN setup, would you
fight to kill the project or would you trust the SSL cert encryption?

 



From: Mayo, Bill [mailto:bem...@pittcountync.gov] 
Sent: Friday, November 20, 2009 2:54 PM
To: NT System Admin Issues
Subject: RE: Cisco Question

 

I think opening port 389, even restricted by IP, over the internet is a
non-starter.  That means that the logon credentials are being sent over
the internet in the clear.  Make sure you insist on the SSL variant,
although I would note that I personally wouldn't even be happy about
that.  I would much prefer some kind of VPN setup directly to the box,
if possible.

 



From: Don Ely [mailto:don@gmail.com] 
Sent: Friday, November 20, 2009 2:27 PM
To: NT System Admin Issues
Subject: Re: Cisco Question

create an ACL allowing only access from their IP address to your NAT'd
address.  Also, I'd put an SSL cert on your AD servers and use 636
instead...

On Fri, Nov 20, 2009 at 11:25 AM, Chyka, Robert 
wrote:

Hello,

 

We have a Library Catalog server that is hosted by the company that we
subscribe to their databases.  It is a server dedicated to our school,
but hosted in their data center.  They need to have LDAP access from
their outsourced box to our internal AD Controllers for LDAP
authentication for our users to the database server.

 

Our AD servers sit behind a ASA Firewall.  How would I set up the rule
to allow port 389 to be open for the IP address of the outsourced
server?  

 

Any help is greatly appreciated.

 

Bob

 

 

 

 

 

 

 

 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Cisco Question

2009-11-20 Thread Chyka, Robert

Thanks for the great points!!  So if we can't get a VPN setup, would you
fight to kill the project or would you trust the SSL cert encryption?

From: Mayo, Bill [mailto:bem...@pittcountync.gov] 
Sent: Friday, November 20, 2009 2:54 PM
To: NT System Admin Issues
Subject: RE: Cisco Question

I think opening port 389, even restricted by IP, over the internet is a
non-starter.  That means that the logon credentials are being sent over
the internet in the clear.  Make sure you insist on the SSL variant,
although I would note that I personally wouldn't even be happy about
that.  I would much prefer some kind of VPN setup directly to the box,
if possible.

From: Don Ely [mailto:don@gmail.com] 
Sent: Friday, November 20, 2009 2:27 PM
To: NT System Admin Issues
Subject: Re: Cisco Question

create an ACL allowing only access from their IP address to your NAT'd
address.  Also, I'd put an SSL cert on your AD servers and use 636
instead...

On Fri, Nov 20, 2009 at 11:25 AM, Chyka, Robert 
wrote:

Hello,

We have a Library Catalog server that is hosted by the company that we
subscribe to their databases.  It is a server dedicated to our school,
but hosted in their data center.  They need to have LDAP access from
their outsourced box to our internal AD Controllers for LDAP
authentication for our users to the database server.

Our AD servers sit behind a ASA Firewall.  How would I set up the rule
to allow port 389 to be open for the IP address of the outsourced
server?  

Any help is greatly appreciated.

Bob

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Cisco Question

2009-11-20 Thread Mayo, Bill

I think opening port 389, even restricted by IP, over the internet is a
non-starter.  That means that the logon credentials are being sent over
the internet in the clear.  Make sure you insist on the SSL variant,
although I would note that I personally wouldn't even be happy about
that.  I would much prefer some kind of VPN setup directly to the box,
if possible.



From: Don Ely [mailto:don@gmail.com] 
Sent: Friday, November 20, 2009 2:27 PM
To: NT System Admin Issues
Subject: Re: Cisco Question


create an ACL allowing only access from their IP address to your NAT'd
address.  Also, I'd put an SSL cert on your AD servers and use 636
instead...


On Fri, Nov 20, 2009 at 11:25 AM, Chyka, Robert 
wrote:


Hello,

 

We have a Library Catalog server that is hosted by the company
that we subscribe to their databases.  It is a server dedicated to our
school, but hosted in their data center.  They need to have LDAP access
from their outsourced box to our internal AD Controllers for LDAP
authentication for our users to the database server.

 

Our AD servers sit behind a ASA Firewall.  How would I set up
the rule to allow port 389 to be open for the IP address of the
outsourced server?  

 

Any help is greatly appreciated.

 

Bob

 


 






 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Cisco Question

2009-11-20 Thread Todd Lemmiksoo

GoDaddy

From: Chyka, Robert [mailto:bch...@medaille.edu] 
Sent: Friday, November 20, 2009 2:29 PM
To: NT System Admin Issues
Subject: RE: Cisco Question

Thanks for the extra pointer...  Who has cheap certs?  I haven't shopped
for one in a few years when we redid our Exchange box.

From: Don Ely [mailto:don@gmail.com] 
Sent: Friday, November 20, 2009 2:27 PM
To: NT System Admin Issues
Subject: Re: Cisco Question

create an ACL allowing only access from their IP address to your NAT'd
address.  Also, I'd put an SSL cert on your AD servers and use 636
instead...

On Fri, Nov 20, 2009 at 11:25 AM, Chyka, Robert 
wrote:

Hello,

We have a Library Catalog server that is hosted by the company that we
subscribe to their databases.  It is a server dedicated to our school,
but hosted in their data center.  They need to have LDAP access from
their outsourced box to our internal AD Controllers for LDAP
authentication for our users to the database server.

Our AD servers sit behind a ASA Firewall.  How would I set up the rule
to allow port 389 to be open for the IP address of the outsourced
server?  

Any help is greatly appreciated.

Bob

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Cisco Question

2009-11-20 Thread Chyka, Robert

Oh sweet... do we need a dedicated certificate server?  Well I will
research instead of bothering you...

From: Don Ely [mailto:don@gmail.com] 
Sent: Friday, November 20, 2009 2:32 PM
To: NT System Admin Issues
Subject: Re: Cisco Question

Roll your own internal, doesn't have to be public...

On Fri, Nov 20, 2009 at 11:29 AM, Chyka, Robert 
wrote:

Thanks for the extra pointer...  Who has cheap certs?  I haven't shopped
for one in a few years when we redid our Exchange box.

From: Don Ely [mailto:don@gmail.com] 
Sent: Friday, November 20, 2009 2:27 PM
To: NT System Admin Issues
Subject: Re: Cisco Question

create an ACL allowing only access from their IP address to your NAT'd
address.  Also, I'd put an SSL cert on your AD servers and use 636
instead...

On Fri, Nov 20, 2009 at 11:25 AM, Chyka, Robert 
wrote:

Hello,

We have a Library Catalog server that is hosted by the company that we
subscribe to their databases.  It is a server dedicated to our school,
but hosted in their data center.  They need to have LDAP access from
their outsourced box to our internal AD Controllers for LDAP
authentication for our users to the database server.

Our AD servers sit behind a ASA Firewall.  How would I set up the rule
to allow port 389 to be open for the IP address of the outsourced
server?  

Any help is greatly appreciated.

Bob

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: Cisco Question

2009-11-20 Thread Don Ely

Roll your own internal, doesn't have to be public...

On Fri, Nov 20, 2009 at 11:29 AM, Chyka, Robert  wrote:

>  Thanks for the extra pointer…  Who has cheap certs?  I haven’t shopped
> for one in a few years when we redid our Exchange box.
>
>
>  --
>
> *From:* Don Ely [mailto:don@gmail.com]
> *Sent:* Friday, November 20, 2009 2:27 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Cisco Question
>
>
>
> create an ACL allowing only access from their IP address to your NAT'd
> address.  Also, I'd put an SSL cert on your AD servers and use 636
> instead...
>
> On Fri, Nov 20, 2009 at 11:25 AM, Chyka, Robert 
> wrote:
>
> Hello,
>
>
>
> We have a Library Catalog server that is hosted by the company that we
> subscribe to their databases.  It is a server dedicated to our school, but
> hosted in their data center.  They need to have LDAP access from their
> outsourced box to our internal AD Controllers for LDAP authentication for
> our users to the database server.
>
>
>
> Our AD servers sit behind a ASA Firewall.  How would I set up the rule to
> allow port 389 to be open for the IP address of the outsourced server?
>
>
>
> Any help is greatly appreciated.
>
>
>
> Bob
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Cisco Question

2009-11-20 Thread Chyka, Robert

Thanks for the extra pointer...  Who has cheap certs?  I haven't shopped
for one in a few years when we redid our Exchange box.

From: Don Ely [mailto:don@gmail.com] 
Sent: Friday, November 20, 2009 2:27 PM
To: NT System Admin Issues
Subject: Re: Cisco Question

create an ACL allowing only access from their IP address to your NAT'd
address.  Also, I'd put an SSL cert on your AD servers and use 636
instead...

On Fri, Nov 20, 2009 at 11:25 AM, Chyka, Robert 
wrote:

Hello,

We have a Library Catalog server that is hosted by the company that we
subscribe to their databases.  It is a server dedicated to our school,
but hosted in their data center.  They need to have LDAP access from
their outsourced box to our internal AD Controllers for LDAP
authentication for our users to the database server.

Our AD servers sit behind a ASA Firewall.  How would I set up the rule
to allow port 389 to be open for the IP address of the outsourced
server?  

Any help is greatly appreciated.

Bob

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: Cisco Question

2009-11-20 Thread Don Ely

create an ACL allowing only access from their IP address to your NAT'd
address.  Also, I'd put an SSL cert on your AD servers and use 636
instead...

On Fri, Nov 20, 2009 at 11:25 AM, Chyka, Robert  wrote:

>  Hello,
>
>
>
> We have a Library Catalog server that is hosted by the company that we
> subscribe to their databases.  It is a server dedicated to our school, but
> hosted in their data center.  They need to have LDAP access from their
> outsourced box to our internal AD Controllers for LDAP authentication for
> our users to the database server.
>
>
>
> Our AD servers sit behind a ASA Firewall.  How would I set up the rule to
> allow port 389 to be open for the IP address of the outsourced server?
>
>
>
> Any help is greatly appreciated.
>
>
>
> Bob
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Cisco Question

2009-11-20 Thread Chyka, Robert

Hello,

 

We have a Library Catalog server that is hosted by the company that we
subscribe to their databases.  It is a server dedicated to our school,
but hosted in their data center.  They need to have LDAP access from
their outsourced box to our internal AD Controllers for LDAP
authentication for our users to the database server.

 

Our AD servers sit behind a ASA Firewall.  How would I set up the rule
to allow port 389 to be open for the IP address of the outsourced
server?  

 

Any help is greatly appreciated.

 

Bob


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Cisco Question

2008-05-27 Thread Dennis Rogov

Hello All 

 

I was just wondering what is a daily life like of a Cisco engineer with
CCNA credentials who works for enterprise business. I am currently
senior engineer on the Server and firewall end and would like to make a
bridge into Cisco position. I have worked with Cisco 1700 series and
2700 series routers i am able to setup and troubleshoot an interface
with no issues. Besides RIP 1 I have not done any other routing setup

 

Dr

 

 

 

 

Dennis Rogov

Senior Network Analyst 
THE Peer GROUP an informed medical communications company 

379 thornall street, 12th floor  | edison, nj 08837 usa

Direct: 732-205-8376 | fax: 732.321.0636 |Cell:732.861.2277

[EMAIL PROTECTED] 
www.peergroupinc.com  
[This e-mail and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged and/or
confidential information. No confidentiality or privilege is waived or
lost by any mistransmission. If you are not the intended recipient of
this e-mail, you are hereby notified any dissemination, distribution or
copying of this email, and any attachments thereto, is strictly
prohibited. If you receive this email in error please immediately notify
me at (732) 205-8376 and permanently delete the original copy and any
copy of any e-mail, and any printout thereof. ]

 

 


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Cisco question...

2001-08-20 Thread Mathew Shember


Sometimes the autonegotiate does not work right.

We had similar problems with some Solaris boxes.

You might also try hard coding the duplex mode


- Original Message - 
From: "Keith Nelson" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Sunday, August 19, 2001 8:24 PM
Subject: RE: Cisco question...


> Is the router connected to a Switch or a Hub?
> Are both ends set to use Auto-Negotiation for Port Speed and Duplex.
> It is possible that you are having a port speed/duplex mismatch which is
> shutting down the interface.
> 
> Just a few thoughts.
> Keith
> 
> -Original Message-
> From: mail.kenmcphail.com [mailto:[EMAIL PROTECTED]] 
> Sent: Monday, August 13, 2001 8:13 AM
> To: NT System Admin Issues
> Subject: Re: Cisco question...
> 
> Are you running any IPSEC or GRE tunnels on the device?
> - Original Message -
> From: "Goldoff, Erik" <[EMAIL PROTECTED]>
> To: "NT System Admin Issues" <[EMAIL PROTECTED]>
> Sent: Monday, August 13, 2001 10:02 AM
> Subject: RE: Cisco question...
> 
> 
> > show buffers...
> >
> >
> > Erik Goldoff
> > Systems Manager
> > The HoneyBaked Ham Company
> > 678-966-3320
> > [EMAIL PROTECTED]
> >
> >
> >
> > -Original Message-
> > From: Eric Brouwer [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, August 09, 2001 12:23 PM
> > To: NT System Admin Issues
> > Subject: Cisco question...
> >
> >
> > I guess I'll start out by asking, are there any good Cisco lists out
> there?
> >
> > If not, hopefully someone here can help.
> >
> > I have a Cisco 3620 router.  We have 3 T1 Serial WIC's installed that
> > connect our 3 regional offices.  We also have 2 ethernet interfaces
> > installed.  One is for video inferences, the other connects to our
> LAN.
> We
> > are having problems today with the LAN interface.  The regional
> offices
> > called saying they could not get e-mail.  (Our Exchange servers are
> all on
> > the local network.)  In tracing the problem back, it seems like the
> LAN
> > interface goes down.  If I look on the router, all the lines are
> green.  A
> > reboot of the router cleared up the problem.  For about an hour.  Then
> the
> > same symptoms returned.  Another reboot "fixed" it.  When the problem
> is
> > occurring, I can not ping that LAN interface, even though the
> connection
> is
> > green on both ends of the patch cable.
> >
> > Any ideas?  What can I look for?
> >
> > Eric
> > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> >
> >
> >
> > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> >
> >
> 
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> 
> 
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> 
> 


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Cisco question...

2001-08-19 Thread Puckett, Matt


Do a clear counters  and answer yes, after that issue a show controller
ethernet X command Where X is the port assignment for the Ethernet interface
having issues.). You need to be in privileged mode. There should be a
minimal if any alignment errors in this listing at the bottom. This will
tell if you are having alignment errors due to a speed and duplex issue's.
A good output should look like this at the bottom of the display after
issuing the command:

0 missed datagrams, 0 overruns
0 transmitter underruns, 0 excessive collisions
0 single collisions, 0 multiple collisions
0 dma memory errors, 0 CRC errors

0 alignment errors, 0 runts, 0 giants
0 tdr, 0 spurious initialization done interrupts
0 no enp status, 0 buffer errors, 0 overflow errors
0 tx_buff, 0 throttled, 0 enabled
Am79970 csr0 = 0x72

I put the important listings in bold and tabbed them over for plain text
email readers


Matthew Puckett MCSE, MCP+Internet, MCP 
Sprint PCS IT Service Delivery 
540-642-3734
[EMAIL PROTECTED]



-Original Message-
From: Keith Nelson [mailto:[EMAIL PROTECTED]]
Sent: Sunday, August 19, 2001 11:25 PM
To: NT System Admin Issues
Subject: RE: Cisco question...


Is the router connected to a Switch or a Hub?
Are both ends set to use Auto-Negotiation for Port Speed and Duplex.
It is possible that you are having a port speed/duplex mismatch which is
shutting down the interface.

Just a few thoughts.
Keith

-Original Message-
From: mail.kenmcphail.com [mailto:[EMAIL PROTECTED]] 
Sent: Monday, August 13, 2001 8:13 AM
To: NT System Admin Issues
Subject: Re: Cisco question...

Are you running any IPSEC or GRE tunnels on the device?
- Original Message -
From: "Goldoff, Erik" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Monday, August 13, 2001 10:02 AM
Subject: RE: Cisco question...


> show buffers...
>
>
> Erik Goldoff
> Systems Manager
> The HoneyBaked Ham Company
> 678-966-3320
> [EMAIL PROTECTED]
>
>
>
> -Original Message-
> From: Eric Brouwer [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 09, 2001 12:23 PM
> To: NT System Admin Issues
> Subject: Cisco question...
>
>
> I guess I'll start out by asking, are there any good Cisco lists out
there?
>
> If not, hopefully someone here can help.
>
> I have a Cisco 3620 router.  We have 3 T1 Serial WIC's installed that
> connect our 3 regional offices.  We also have 2 ethernet interfaces
> installed.  One is for video inferences, the other connects to our
LAN.
We
> are having problems today with the LAN interface.  The regional
offices
> called saying they could not get e-mail.  (Our Exchange servers are
all on
> the local network.)  In tracing the problem back, it seems like the
LAN
> interface goes down.  If I look on the router, all the lines are
green.  A
> reboot of the router cleared up the problem.  For about an hour.  Then
the
> same symptoms returned.  Another reboot "fixed" it.  When the problem
is
> occurring, I can not ping that LAN interface, even though the
connection
is
> green on both ends of the patch cable.
>
> Any ideas?  What can I look for?
>
> Eric
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Cisco question...

2001-08-19 Thread Keith Nelson


Is the router connected to a Switch or a Hub?
Are both ends set to use Auto-Negotiation for Port Speed and Duplex.
It is possible that you are having a port speed/duplex mismatch which is
shutting down the interface.

Just a few thoughts.
Keith

-Original Message-
From: mail.kenmcphail.com [mailto:[EMAIL PROTECTED]] 
Sent: Monday, August 13, 2001 8:13 AM
To: NT System Admin Issues
Subject: Re: Cisco question...

Are you running any IPSEC or GRE tunnels on the device?
- Original Message -
From: "Goldoff, Erik" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Monday, August 13, 2001 10:02 AM
Subject: RE: Cisco question...


> show buffers...
>
>
> Erik Goldoff
> Systems Manager
> The HoneyBaked Ham Company
> 678-966-3320
> [EMAIL PROTECTED]
>
>
>
> -Original Message-
> From: Eric Brouwer [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 09, 2001 12:23 PM
> To: NT System Admin Issues
> Subject: Cisco question...
>
>
> I guess I'll start out by asking, are there any good Cisco lists out
there?
>
> If not, hopefully someone here can help.
>
> I have a Cisco 3620 router.  We have 3 T1 Serial WIC's installed that
> connect our 3 regional offices.  We also have 2 ethernet interfaces
> installed.  One is for video inferences, the other connects to our
LAN.
We
> are having problems today with the LAN interface.  The regional
offices
> called saying they could not get e-mail.  (Our Exchange servers are
all on
> the local network.)  In tracing the problem back, it seems like the
LAN
> interface goes down.  If I look on the router, all the lines are
green.  A
> reboot of the router cleared up the problem.  For about an hour.  Then
the
> same symptoms returned.  Another reboot "fixed" it.  When the problem
is
> occurring, I can not ping that LAN interface, even though the
connection
is
> green on both ends of the patch cable.
>
> Any ideas?  What can I look for?
>
> Eric
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Re: Cisco question...

2001-08-13 Thread mail.kenmcphail.com


Are you running any IPSEC or GRE tunnels on the device?
- Original Message -
From: "Goldoff, Erik" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Monday, August 13, 2001 10:02 AM
Subject: RE: Cisco question...


> show buffers...
>
>
> Erik Goldoff
> Systems Manager
> The HoneyBaked Ham Company
> 678-966-3320
> [EMAIL PROTECTED]
>
>
>
> -Original Message-
> From: Eric Brouwer [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 09, 2001 12:23 PM
> To: NT System Admin Issues
> Subject: Cisco question...
>
>
> I guess I'll start out by asking, are there any good Cisco lists out
there?
>
> If not, hopefully someone here can help.
>
> I have a Cisco 3620 router.  We have 3 T1 Serial WIC's installed that
> connect our 3 regional offices.  We also have 2 ethernet interfaces
> installed.  One is for video inferences, the other connects to our LAN.
We
> are having problems today with the LAN interface.  The regional offices
> called saying they could not get e-mail.  (Our Exchange servers are all on
> the local network.)  In tracing the problem back, it seems like the LAN
> interface goes down.  If I look on the router, all the lines are green.  A
> reboot of the router cleared up the problem.  For about an hour.  Then the
> same symptoms returned.  Another reboot "fixed" it.  When the problem is
> occurring, I can not ping that LAN interface, even though the connection
is
> green on both ends of the patch cable.
>
> Any ideas?  What can I look for?
>
> Eric
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Cisco question...

2001-08-13 Thread Goldoff, Erik


show buffers...
 

Erik Goldoff 
Systems Manager 
The HoneyBaked Ham Company 
678-966-3320 
[EMAIL PROTECTED] 

 

-Original Message-
From: Eric Brouwer [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 09, 2001 12:23 PM
To: NT System Admin Issues
Subject: Cisco question...


I guess I'll start out by asking, are there any good Cisco lists out there?
 
If not, hopefully someone here can help.
 
I have a Cisco 3620 router.  We have 3 T1 Serial WIC's installed that
connect our 3 regional offices.  We also have 2 ethernet interfaces
installed.  One is for video inferences, the other connects to our LAN.  We
are having problems today with the LAN interface.  The regional offices
called saying they could not get e-mail.  (Our Exchange servers are all on
the local network.)  In tracing the problem back, it seems like the LAN
interface goes down.  If I look on the router, all the lines are green.  A
reboot of the router cleared up the problem.  For about an hour.  Then the
same symptoms returned.  Another reboot "fixed" it.  When the problem is
occurring, I can not ping that LAN interface, even though the connection is
green on both ends of the patch cable.
 
Any ideas?  What can I look for?

Eric
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Cisco Question

RE: Cisco Question

Re: Cisco Question

RE: Cisco Question

RE: Cisco Question

RE: Cisco Question

RE: Cisco Question

RE: Cisco Question

Re: Cisco Question

RE: Cisco Question

Re: Cisco Question

Cisco Question

Cisco Question

Re: Cisco question...

RE: Cisco question...

RE: Cisco question...

Re: Cisco question...

RE: Cisco question...

18 matches

Site Navigation

Mail list logo

Footer information