Is this down to the fact that a Pix doesn't do a gratuitous ARP on boot up?
(Or does it) I know that if you replace a router with a pix of the same IP
address, that this causes problems, which can normally be rectified by
rebooting the other end device. Of course you've not always got that luxury,
Larry,
According to Ken Kaminski at Lexington office, you are vulnerable to Vlan
hopping.
--
RFC 1149 Compliant.
Get in my head:
http://sar.dynu.com
""Larry Letterman"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> we have been pruning or clearing Vlan 1 from our data vlans
I've had experience with it. The new one released in Dec. is fine now.
It's also running the same rev. Call Manager as the regualer 7800 series
servers and it's a great price.
--
RFC 1149 Compliant.
Get in my head:
http://sar.dynu.com
""Paul Forbes"" wrote in message
[EMAIL PROTECTED]">news:
Hi all,
I am running into some issues in the Lab 7 ( Redistribution ) of
Ipexpert's lab notes :
Can somebody help me with the following items?
1. Item 2 : I couldn't get the following things properly : R2 should
have the summarized entry in its routing table if either R5 or R6 fails.
2. I
> described. The information you received from Cisco pertains to ISL
> trunks,
> which require a 100mb interface.
This was a good discussion. When I took my switching course, three
years ago, they were quite adamant that trunking could not be done on a
10 mb interface. Of course, that was be
Ole-
Thanks for the useful programs :)
MikeS
www.packetattack.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=39294&t=39226
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misco
> Real life is:
>
>
>
> You need over 5 years experience, Certifications and a 4 year
> B.S.
> degree computer related.
>
>
No- this is not accurate. I do pretty well without the 4 year degree in
Computer Science or EE(original path)
There are *some* companies that use the 4 year as a fil
Hi John,
Cable companies often configure their provisioning (DHCP) severs
to verify that the incoming DHCP request is from a MAC which is
known.
Couple of things to try.
* Power cycle the CM and then have the PIX attempt to do DHCP.
Do you get a DHCP OFFER?
* After you power cycle the modem,
I have read the white paper on this. Does anyone know of a good study
source on this topic other than the white paper itself?
Thanks
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=39297&t=39297
--
FAQ, list archives, and subsc
cs_plus
--
RFC 1149 Compliant.
Get in my head:
http://sar.dynu.com
wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have read the white paper on this. Does anyone know of a good study
> source on this topic other than the white paper itself?
>
> Thanks
Message Posted at:
Random characters to block url filter:apfho hfopiqwhj987489-123749 hd7634y
9y98yu*&^&^%*(%^*&^*(& 89yx9823749-8127c4
8977899^*%&^T&*(^&^%&^%*(&^*&(^*(&%^&^$C %^TYBVR%%R
http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Internetworking:Taca
cs_plus
--
RFC 1149 Compliant.
Get in my head:
ht
MTU for
Ethernet is 1500 bytes
SLIP is 576 bytes
Frame Relay ???
Token Ring ???
__
Do You Yahoo!?
Yahoo! Movies - coverage of the 74th Academy Awards.
http://movies.yahoo.com/
Message Posted at:
http://www.groupstudy.com/form/read
IMO, the best way to study TACACS+ is to download the free TACACS+ server
from Cisco, install it on Linux and play around with it. You'll learn much
more about how TACACS+ works by implementing it and trying different things
than any WP (it helps a lot if you have a router to work with as well).
I think cisco stopped the DL of the free tacacs server a while ago.
--
RFC 1149 Compliant.
Get in my head:
http://sar.dynu.com
""Kent Hundley"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> IMO, the best way to study TACACS+ is to download the free TACACS+ server
> from Cisc
Then take that same server and turn it into your dhcp/dns server and start
the creep into the enterprise :)
>>> "Kent Hundley" 03/23/02 12:53PM >>>
IMO, the best way to study TACACS+ is to download the free TACACS+ server
from Cisco, install it on Linux and play around with it. You'll lear
dude...what elce can I guy do to show you that it works heh... That's
ios right there in his example... I would hate to think he typed it in
notepad and cut and pasted...C'mon
>>> "Danny Andaluz, CCNP" 03/22/02 10:24PM >>>
no you can't. I got straight from cisco that they have to be 100
Come by my site.. I have a few different flavors of TACACS+ for downloading
along with docs and white papers. I have a link to the TACACS stuff in the
news columm.
MikeS
www.packetattack.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=39305&t=39297
Danny,
I tried to learn the basics of IS-IS last year through reading RFCs. I've
never slept so good in my life. I understand that Cisco Press has a new
book out on the subject but I haven't heard from anyone who has finished
it. There is a pretty good chapter on IS-IS in Routing TCP/IP, Vol 1
The download still works fine for me from ftp-eng.cisco.com/pub/tacacs.
(anonymous login)
ftp> get tac_plus.F4.0.4.alpha.tar.Z
local: tac_plus.F4.0.4.alpha.tar.Z remote: tac_plus.F4.0.4.alpha.tar.Z
200 PORT command successful.
150 Opening BINARY mode data connection for tac_plus.F4.0.4.alpha.tar.
Thanks, Scott. Ciscopress books are the most boring books there are, but
I'll try it.
Danny
""s vermill"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Danny,
>
> I tried to learn the basics of IS-IS last year through reading RFCs. I've
> never slept so good in my life. I un
Cool. thanks!
--
RFC 1149 Compliant.
Get in my head:
http://sar.dynu.com
""Kent Hundley"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> The download still works fine for me from ftp-eng.cisco.com/pub/tacacs.
> (anonymous login)
>
> ftp> get tac_plus.F4.0.4.alpha.tar.Z
> loc
Mangement just approved us getting ACS for Windows. Anyone have any tips or
tricks they might want to share. We have over 100 routers in our network,
so it's going to be one hell of a project.
TIA
Danny
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=39310&t=39310
-
Hello Maverick,
You mentioned that isolating managment vlan from traffic vlans helps when
there is a broadcast storm which will allow you to connect to your managment
port since the management port is in a different vlan. I
thought about this last night and need some clarification if my logic is
You mean take a long time? One script could have all 100 routers done in
minutes... if you have ciscoworks, use that.
-Patrick
>>> "Andaluz Danny" 03/23/02 02:43PM >>>
Mangement just approved us getting ACS for Windows. Anyone have any tips or
tricks they might want to share. We have over 10
We don't have Cisco Works. I know what you mean. The actual configuration
is pretty simple. It's just the number of routers. Oh well, copy paste.
""Patrick Ramsey"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> You mean take a long time? One script could have all 100 router
I setup, configured, and rolled out Secure ACS for over 80 routers and
switches in our network. The hardest part was the router and switch AAA
commands associated with Tacacs authentication. After I tweeked and tested
the AAA configs on the routers and switches in my test network, I put the
conf
I already have a template as I have tested this is a lab. I should be OK.
I did make one stupid mistake though. In the GUI, I managed to lock myself
out of administrative privileges. I called Cisco and they told me I had to
reinstall. Pretty funny, huh?
Thanks,
Danny
""Audy Bautista"" wrote
download kiwi cattools This software will alllow you to enter whatever
commands you wish in it will maintain a listing of all devices on yoru
network...then all you have to do is select the device you wish to configure
and BAM all done
http://www.kiwisyslog.com
-Patrick
>>> "Danny
I just did the same thing and it worked perfect. I took the configs of a
515 I configured some months back, and I cut and paste. No problems at all.
Thanks.
Audy
-Original Message-
From: Don Claybrook
To: Audy Bautista
Sent: 3/22/02 6:04 PM
Subject: Re: VPN Setup - Pix 515 and Pix 50
I actually have Cattools already. We use it to back up configs daily. I
don't trust it though. It has shown to be very buggy. I wouldn't want to
screw around with AAA commands. Manual is safer.
Thanks,
Danny
""Patrick Ramsey"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
I read the Ciscopress book. It's all-right, it's not great. And once
again, it's a great cure for insomnia.
""Danny Andaluz"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Thanks, Scott. Ciscopress books are the most boring books there are, but
> I'll try it.
>
> Danny
> "
Danny,
Depending on the criticality of having ACS operational (i.e. mission
critical routers, etc), make sure you have a secondary ACS server in a
seperate location. ACS does a very good job of replicating to a secondary
server, and have a good system backup process in place. Also make sure your
a
> VLAN 1 first to reach to VLAN 10 where I have my management port.
> Question
> is if VLAN 1 is already attacked with Broadcast storm then how I will
> reach
> to the managment VLAN.
Use a console cable on the nearest switch and telnet to the others. The
point is to avoid having to walk to
> I actually have Cattools already. We use it to back up configs
> daily. I
> don't trust it though. It has shown to be very buggy.
Really? I've never had a problem with it on anything important. I've
also worked with the author on a couple minor additions and he seems
like a great guy.
Komy,
The SRM card is primarily used when N:1 redundancy is required. In cases of
1:1 redundancy (using two similar cards) the SRM is not needed.
Keep in mind also that the SRM cards provide N:1 redundancy support only to
the modules connected in the same shelf (top or bottom) as the SRM is
inst
After catching heck with version 6.3 boot variable and a few other newer
commands with the 6509s @ work, I decided to upgrade my home lab from a
Sup I Cat5k with a Sup III tote'n Cat55k.
Problem:
I fired up the switch and it goes through the POST perfectly, but there
is no output on the Hyper
one of my favorite cisco gotcha's--the cable that you use to connect to the
console port on a 55XX is different from the regular rollover cable on every
other cat sup engine.
http://www.cisco.com/warp/public/473/9.html#Cat5000III
Dennis
""Phil Lorenz"" wrote in message
[EMAIL PROTECTED]">news:
console port on a 55XX supIII engine is what i meant to say.
""Wow"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> one of my favorite cisco gotcha's--the cable that you use to connect to
the
> console port on a 55XX is different from the regular rollover cable on
every
> other
The Cat 5000 supervisor needs a regular patch cable for the
console connection, not the flat satin cable or the rolled type.
Larry Letterman
Cisco Systems
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Phil Lorenz
Sent: Saturday, M
A console server network works well for this issue if
you have a large network. we use console servers extensively
at cisco for this exact issue.
Larry Letterman
Cisco Systems
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Lomker Mi
Well isn't that a fine "how-do-ya-do ???"
Console> Show Version
WS-C5505 Software, Version McpSW: 4.5(12) NmpSW: 4.5(12)
Copyright (c) 1995-2001 by Cisco Systems
NMP S/W compiled on Apr 19 2001, 17:56:40
MCP S/W compiled on Apr 19 2001, 17:54:16
System Bootstrap Version: 3.1.2
Hardware Version:
Well isn't that a fine "how-do-ya-do ???"
Console> Show Version
WS-C5505 Software, Version McpSW: 4.5(12) NmpSW: 4.5(12)
Copyright (c) 1995-2001 by Cisco Systems
NMP S/W compiled on Apr 19 2001, 17:56:40
MCP S/W compiled on Apr 19 2001, 17:54:16
System Bootstrap Version: 3.1.2
Hardware Version:
I'm having the same problem with a PIX 501 and cable modem. I'm probably
just going to take the IP received from the PC by the ISP and just put it
statically on the outside interface on the PIX. Does anyone foresee any
issues with this setup?
""bergenpeak"" wrote in message
[EMAIL PROTECTED]"
Rajesh
> 1. Item 2 : I couldn't get the following things properly : R2 should
> have the summarized entry in its routing table if either R5 or R6
> fails.
R5 and R6 are ABR for area 1, and requirements is
network on area 1 should be summarized before its enter
the area 0. Think of the comman
Hi everyone,
Just wondering how I can block whole range from 172.16.0.0 to 172.31.255.255
using one ACL??
My guess is it shoud be ,
access-list 90 permit 172.16.0.0 0.240.255.255 ?? Please comment??
Thkx
Tom
_
Get your FREE
You can set a single key in the ACS server, then have all devices configured
with a single key... this will keep you from having to enter every single
device in to the ACS settings. Most people use the same key on all devices
so it is not that much of an issue. I entered all my devices so I know
test
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=39336&t=39336
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Think you want something like this
access-list deny 172.16.0.0 0.15.255.255
That'll deny everything from 172.16.0.0 - 172.31.255.255
-Original Message-
From: IT Guy [mailto:[EMAIL PROTECTED]]
Sent: Sunday, March 24, 2002 12:25 AM
To: [EMAIL PROTECTED]
Subject: Basic ACL Q [7:39334]
Hi
Has anyone used the 1760 routers? Thoughts, comments, suggestions?
TTFN,
Bill in Anchorage
[GroupStudy.com removed an attachment of type application/x-pkcs7-signature
which had a name of smime.p7s]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=39338&t=39338
--
Thanks for the help, it worked
>From: "Ouellette, Tim"
>Reply-To: "Ouellette, Tim"
>To: [EMAIL PROTECTED]
>Subject: RE: Basic ACL Q [7:39334]
>Date: Sun, 24 Mar 2002 01:11:38 -0500
>
>Think you want something like this
>
>access-list deny 172.16.0.0 0.15.255.255
>
>That'll deny everything from
Hi guys,
I did a search on Karl solie End book Labs and here is the tough extract for
you guys to get your help and comments.
Q1.A Main frame resides on Vlan2 with three IP Addresses which coreesponds
to single MAC address. Configure Router R4(vlan2) to suppot forwarding
traffice to single M
Tom,
That looks right except change the permit to deny:
access-list 90 DENY 172.16.0.0 0.240.255.255
Don't forget that the ACL works from the top down, so
this may need to be one of the first statements for
you.
Les
--- IT Guy wrote:
> Hi everyone,
>
> Just wondering how I can block whole
In simplest ISDN configuration I should be able to ping, but unfortunetly I
can't. This week is very tough nothing seems to work I guess.
I have two routers connected through ISDN. Here is the config. I should be
able to ping, but can't ping the local and the remote interface.
Any Clue.
R
As a Brit, you're going to lecture the United States on morality? Excuse
me, but let's ask, say, the Irish or the Indians about the vaunted British
morality. You know what they say about people who live in glass houses...
And besides, let's be honest here. We both know that, if not for the US
I need to know what is the right equipment I should use , I have to order
two quantity per main site as a primary and secondary connected via dual
Giga-bit Ethernet modules for load sharing and redundancy in case one fails.
Each backbone must have a Giga-bit Ethernet switch fabrics with a minimum
55 matches
Mail list logo
